aboutsummaryrefslogtreecommitdiff
path: root/api
diff options
context:
space:
mode:
Diffstat (limited to 'api')
-rw-r--r--api/hierarchy.py52
-rw-r--r--api/social/create_relation.py22
-rw-r--r--api/social/destroy_relation.py7
-rw-r--r--api/social/friend_accept.py4
4 files changed, 52 insertions, 33 deletions
diff --git a/api/hierarchy.py b/api/hierarchy.py
index f75613c..20dcc45 100644
--- a/api/hierarchy.py
+++ b/api/hierarchy.py
@@ -1,29 +1,65 @@
from flask import request
from auth.login_token import token_login
+from user.info import valid_user_id
from db import cursor
ranks = ["none", "user", "moderator", "admin", "bot"]
+# This decorator doesn't check for hierarchy constraints, but does
+# make sure that token_id or explicit_id are valid user_id's
+def util_two_person(func):
+ def wrapper():
+ token_id = None
+ explicit_id = None
+
+ token = request.cookies.get("token") or ""
+ if token: token_id = token_login(token)
+
+ data = request.get_json()
+ if data: explicit_id = data.get("id")
+
+ if explicit_id and not valid_user_id(explicit_id): explicit_id = None
+
+ return func(token_id, explicit_id)
+
+ wrapper.__name__ = func.__name__
+ return wrapper
+
+
+# no authentication, just runs endpoint() if both token_id and
+# explicit_id are present from @util_two_person.
+def two_person(func):
+ @util_two_person
+ def wrapper(token_id, explicit_id):
+ if not token_id or \
+ not explicit_id:
+ return "", 400
+
+ return func(token_id, explicit_id)
+
+ wrapper.__name__ = func.__name__
+ return wrapper
+
+
# @auth_required function decorator (use after @flask.Blueprint.route() decorator)
+# This decorator only runs endpoint() if token_id from
+# @util_two_person is not None and passes hierarchy constraints
def auth_required(level):
def decorator(func):
- def wrapper():
- token = request.cookies.get("token") or ""
- if not token: return "", 403
-
- user_id = token_login(token)
- if not user_id: return "", 403
+ @util_two_person
+ def wrapper(token_id, explicit_id):
+ if not token_id: return "", 400
user_rank_text = cursor.execute(
- "select type from users where user_id = ?", [user_id]
+ "select type from users where user_id = ?", [token_id]
).fetchone()[0]
required_rank = ranks.index(level)
user_rank = ranks.index(user_rank_text)
if required_rank > user_rank: return "", 403
- return func(user_id)
+ return func(token_id)
wrapper.__name__ = func.__name__
return wrapper
diff --git a/api/social/create_relation.py b/api/social/create_relation.py
index af81b69..5367ac5 100644
--- a/api/social/create_relation.py
+++ b/api/social/create_relation.py
@@ -1,28 +1,10 @@
from flask import Blueprint, request
from db import cursor, connection
-from hierarchy import auth_required
+from hierarchy import auth_required, two_person
from socket_io import io
import time
-# @two_person_endpoint decorator
-# defines (user_1_id, user_2_id) in endpoint handler function arguments
-def two_person_endpoint(func):
- @auth_required("user")
- def wrapper(user_1_id):
- data = request.get_json()
- user_2_id = data.get("id") or ""
-
- if not user_1_id or \
- not user_2_id:
- return "", 403
-
- return func(user_1_id, user_2_id)
-
- wrapper.__name__ = func.__name__
- return wrapper
-
-
def create_relation(user_1_id, user_2_id, relation_type):
remove_relation(user_1_id, user_2_id)
remove_relation(user_2_id, user_1_id)
@@ -44,7 +26,7 @@ def remove_relation(user_1_id, user_2_id):
def create_relation_route(relation_type):
- @two_person_endpoint
+ @two_person
def route(user_1_id, user_2_id):
create_relation(user_1_id, user_2_id, relation_type)
diff --git a/api/social/destroy_relation.py b/api/social/destroy_relation.py
index ab72c48..2aa793b 100644
--- a/api/social/destroy_relation.py
+++ b/api/social/destroy_relation.py
@@ -1,15 +1,16 @@
from flask import Blueprint, request
from db import cursor
-from social.create_relation import remove_relation, two_person_endpoint
+from social.create_relation import remove_relation
from user.info import get_relation_to
from socket_io import io
+from hierarchy import two_person
import time
remove = Blueprint('remove', __name__)
@remove.route('/remove', methods=['POST'])
-@two_person_endpoint
+@two_person
def index(user_1_id, user_2_id):
relation = get_relation_to(user_1_id, user_2_id)
if relation == "none": return "", 403
@@ -27,7 +28,7 @@ unblock = Blueprint('unblock', __name__)
@unblock.route('/unblock', methods=['POST'])
-@two_person_endpoint
+@two_person
def index(user_1_id, user_2_id):
if get_relation_to(user_1_id, user_2_id) != "blocked": return "", 403
diff --git a/api/social/friend_accept.py b/api/social/friend_accept.py
index 4eb4837..b434272 100644
--- a/api/social/friend_accept.py
+++ b/api/social/friend_accept.py
@@ -1,14 +1,14 @@
from flask import Blueprint, request
from db import cursor, connection
-from social.create_relation import two_person_endpoint
from socket_io import io
+from hierarchy import two_person
import time
accept = Blueprint('accept', __name__)
@accept.route("/accept", methods=['POST'])
-@two_person_endpoint
+@two_person
def route(user_1_id, user_2_id):
cursor.execute(
"update social set type = \"friendship\" where user_1_id = ? and user_2_id = ?",