auth_required decorator

5 files changed, 45 insertions, 29 deletions

diff --git a/api/game/random.py b/api/game/random.py
index ffba520..096d5be 100644
--- a/api/game/random.py
+++ b/api/game/random.py
@@ -13,8 +13,6 @@ random_game = Blueprint('random', __name__)
 
 @random_game.route('/random')
 def index():
-    data = request.get_json()
-
     token = request.cookies.get("token") or ""
     if not token:
         print("a temporary user should be set up here")
diff --git a/api/hierarchy.py b/api/hierarchy.py
new file mode 100644
index 0000000..6c1f0af
--- /dev/null
+++ b/api/hierarchy.py
@@ -0,0 +1,26 @@
+from flask import request
+from auth.login_token import token_login
+from db import cursor
+
+ranks = ["none", "user", "moderator", "admin", "bot"]
+
+def auth_required(level):
+    def decorator(func):
+        def wrapper():
+            token = request.cookies.get("token") or ""
+            if not token: return "", 403
+
+            user_id = token_login(token)
+            if not user_id: return "", 403
+
+            user_rank_text = cursor.execute("select type from users where user_id = ?", [user_id]).fetchone()[0]
+
+            required_rank = ranks.index(level)
+            user_rank = ranks.index(user_rank_text)
+            if required_rank > user_rank: return "", 403
+
+            return func(user_id)
+        wrapper.__name__ = func.__name__
+        return wrapper
+    return decorator
+
diff --git a/api/test.py b/api/test.py
new file mode 100644
index 0000000..ba62f00
--- /dev/null
+++ b/api/test.py
@@ -0,0 +1,12 @@
+from flask import Blueprint
+from hierarchy import auth_required
+
+test = Blueprint('test_endpoint', __name__)
+
+@test.route('/test')
+@auth_required("user")
+def index():
+    return "Hello World!"
+
+dynamic_route = ["/", test]
+
diff --git a/api/user/preferences.py b/api/user/preferences.py
index 057bf41..9791bfe 100644
--- a/api/user/preferences.py
+++ b/api/user/preferences.py
@@ -1,7 +1,7 @@
 from flask import Blueprint, request
 from db import cursor, connection
-from auth.login_token import token_login
 from ruleset import resolve_ruleset
+from hierarchy import auth_required
 import json
 
 def format_preferences(prefs):
@@ -18,30 +18,16 @@ def format_preferences(prefs):
 preferences = Blueprint('preferences', __name__)
 
 @preferences.route('/preferences', methods = ["GET"])
-def get_preferences():
-    data = request.get_json()
-
-    token = request.cookies.get("token") or ""
-
-    if not token: return "", 401
-    login = token_login(token) or ""
-
-    if not login: return "", 403
-
+@auth_required("user")
+def get_preferences(login):
     user_prefs = cursor.execute("select preferences from users where user_id = ?", [login]).fetchone()
     return { "preferences": format_preferences(json.loads(user_prefs[0])) }, 200
 
 @preferences.route('/preferences', methods = ["POST"])
-def index():
+@auth_required("user")
+def index(login):
     data = request.get_json()
-
     new_preferences = data.get("newPreferences") or ""
-    token = request.cookies.get("token") or ""
-
-    if not token: return "", 401
-    login = token_login(token) or ""
-
-    if not login: return "", 403
 
     formatted_json = format_preferences(new_preferences)
 
diff --git a/api/user/status.py b/api/user/status.py
index e2895d5..030a4ef 100644
--- a/api/user/status.py
+++ b/api/user/status.py
@@ -1,21 +1,15 @@
 from flask import Blueprint, request
 from db import cursor, connection
-from auth.login_token import token_login
+from hierarchy import auth_required
 import json
 
 status = Blueprint('user_status', __name__)
 
 @status.route('/status', methods = ['POST'])
+@auth_required("user")
 def index():
     data = request.get_json()
-
     status = data.get("status") or ""
-    token = request.cookies.get("token") or ""
-
-    if not token: return "", 401
-    login = token_login(token) or ""
-
-    if not login: return "", 403
     if not status: return "", 400
 
     cursor.execute("update users set status = ? where user_id = ?", [status[0:200], login])