]> git.lizzy.rs Git - cheatdb.git/blob - app/blueprints/api/tokens.py
projects / cheatdb.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Replace "Content DB" with "ContentDB"
[cheatdb.git] / app / blueprints / api / tokens.py
1 # ContentDB
2 # Copyright (C) 2018  rubenwardy
3 #
4 # This program is free software: you can redistribute it and/or modify
5 # it under the terms of the GNU General Public License as published by
6 # the Free Software Foundation, either version 3 of the License, or
7 # (at your option) any later version.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU General Public License
15 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
16
17
18 from flask import render_template, redirect, request, session, url_for, abort
19 from flask_user import login_required, current_user
20 from . import bp
21 from app.models import db, User, APIToken, Package, Permission
22 from app.utils import randomString
23 from app.querybuilder import QueryBuilder
24
25 from flask_wtf import FlaskForm
26 from wtforms import *
27 from wtforms.validators import *
28 from wtforms.ext.sqlalchemy.fields import QuerySelectField
29
30 class CreateAPIToken(FlaskForm):
31         name         = StringField("Name", [InputRequired(), Length(1, 30)])
32         package      = QuerySelectField("Limit to package", allow_blank=True, \
33                         get_pk=lambda a: a.id, get_label=lambda a: a.title)
34         submit       = SubmitField("Save")
35
36
37 @bp.route("/user/tokens/")
38 @login_required
39 def list_tokens_redirect():
40         return redirect(url_for("api.list_tokens", username=current_user.username))
41
42
43 @bp.route("/users/<username>/tokens/")
44 @login_required
45 def list_tokens(username):
46         user = User.query.filter_by(username=username).first()
47         if user is None:
48                 abort(404)
49
50         if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
51                 abort(403)
52
53         return render_template("api/list_tokens.html", user=user)
54
55
56 @bp.route("/users/<username>/tokens/new/", methods=["GET", "POST"])
57 @bp.route("/users/<username>/tokens/<int:id>/edit/", methods=["GET", "POST"])
58 @login_required
59 def create_edit_token(username, id=None):
60         user = User.query.filter_by(username=username).first()
61         if user is None:
62                 abort(404)
63
64         if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
65                 abort(403)
66
67         is_new = id is None
68
69         token = None
70         access_token = None
71         if not is_new:
72                 token = APIToken.query.get(id)
73                 if token is None:
74                         abort(404)
75                 elif token.owner != user:
76                         abort(403)
77
78                 access_token = session.pop("token_" + str(token.id), None)
79
80         form = CreateAPIToken(formdata=request.form, obj=token)
81         form.package.query_factory = lambda: Package.query.filter_by(author=user).all()
82
83         if request.method == "POST" and form.validate():
84                 if is_new:
85                         token = APIToken()
86                         token.owner = user
87                         token.access_token = randomString(32)
88
89                 form.populate_obj(token)
90                 db.session.add(token)
91                 db.session.commit() # save
92
93                 if is_new:
94                         # Store token so it can be shown in the edit page
95                         session["token_" + str(token.id)] = token.access_token
96
97                 return redirect(url_for("api.create_edit_token", username=username, id=token.id))
98
99         return render_template("api/create_edit_token.html", user=user, form=form, token=token, access_token=access_token)
100
101
102 @bp.route("/users/<username>/tokens/<int:id>/reset/", methods=["POST"])
103 @login_required
104 def reset_token(username, id):
105         user = User.query.filter_by(username=username).first()
106         if user is None:
107                 abort(404)
108
109         if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
110                 abort(403)
111
112         token = APIToken.query.get(id)
113         if token is None:
114                 abort(404)
115         elif token.owner != user:
116                 abort(403)
117
118         token.access_token = randomString(32)
119
120         db.session.commit() # save
121
122         # Store token so it can be shown in the edit page
123         session["token_" + str(token.id)] = token.access_token
124
125         return redirect(url_for("api.create_edit_token", username=username, id=token.id))
126
127
128 @bp.route("/users/<username>/tokens/<int:id>/delete/", methods=["POST"])
129 @login_required
130 def delete_token(username, id):
131         user = User.query.filter_by(username=username).first()
132         if user is None:
133                 abort(404)
134
135         if not user.checkPerm(current_user, Permission.CREATE_TOKEN):
136                 abort(403)
137
138         is_new = id is None
139
140         token = APIToken.query.get(id)
141         if token is None:
142                 abort(404)
143         elif token.owner != user:
144                 abort(403)
145
146         db.session.delete(token)
147         db.session.commit()
148
149         return redirect(url_for("api.list_tokens", username=username))
Cheat database for Dragonfire clientsmods, and texture packs.