X-Git-Url: https://git.lizzy.rs/?a=blobdiff_plain;f=app%2Futils.py;h=bb24920b8c9ca83e856ba65687151645fc1ee4c5;hb=c1b4256d440d0c858dedb4971f96c78677538b1d;hp=dc657367260c362d96d090bd067513f0d0ba18f0;hpb=794bc8a018421e6d6ef8802f3c35fba9df7b7d17;p=cheatdb.git diff --git a/app/utils.py b/app/utils.py index dc65736..bb24920 100644 --- a/app/utils.py +++ b/app/utils.py @@ -18,9 +18,23 @@ from flask import request, flash, abort, redirect from flask_user import * from flask_login import login_user, logout_user -from app.models import * -from app import app -import random, string, os +from .models import * +from . import app +import random, string, os, imghdr +from urllib.parse import urljoin + +def abs_url_for(path, **kwargs): + scheme = "https" if app.config["BASE_URL"][:5] == "https" else "http" + return url_for(path, _external=True, _scheme=scheme, **kwargs) + +def abs_url(path): + return urljoin(app.config["BASE_URL"], path) + +def get_int_or_abort(v, default=None): + try: + return int(v or default) + except ValueError: + abort(400) def getExtension(filename): return filename.rsplit(".", 1)[1].lower() if "." in filename else None @@ -28,6 +42,10 @@ def getExtension(filename): def isFilenameAllowed(filename, exts): return getExtension(filename) in exts +ALLOWED_IMAGES = set(["jpeg", "png"]) +def isAllowedImage(data): + return imghdr.what(None, data) in ALLOWED_IMAGES + def shouldReturnJson(): return "application/json" in request.accept_mimetypes and \ not "text/html" in request.accept_mimetypes @@ -36,19 +54,38 @@ def randomString(n): return ''.join(random.choice(string.ascii_lowercase + \ string.ascii_uppercase + string.digits) for _ in range(n)) -def doFileUpload(file, allowedExtensions, fileTypeName): +def doFileUpload(file, fileType, fileTypeDesc): if not file or file is None or file.filename == "": - flash("No selected file", "error") - return None + flash("No selected file", "danger") + return None, None + + assert os.path.isdir(app.config["UPLOAD_DIR"]), "UPLOAD_DIR must exist" + + allowedExtensions = [] + isImage = False + if fileType == "image": + allowedExtensions = ["jpg", "jpeg", "png"] + isImage = True + elif fileType == "zip": + allowedExtensions = ["zip"] + else: + raise Exception("Invalid fileType") ext = getExtension(file.filename) if ext is None or not ext in allowedExtensions: - flash("Please upload load " + fileTypeName, "error") - return None + flash("Please upload " + fileTypeDesc, "danger") + return None, None + + if isImage and not isAllowedImage(file.stream.read()): + flash("Uploaded image isn't actually an image", "danger") + return None, None + + file.stream.seek(0) filename = randomString(10) + "." + ext - file.save(os.path.join("app/public/uploads", filename)) - return "/uploads/" + filename + filepath = os.path.join(app.config["UPLOAD_DIR"], filename) + file.save(filepath) + return "/uploads/" + filename, filepath def make_flask_user_password(plaintext_str): # http://passlib.readthedocs.io/en/stable/modular_crypt_format.html @@ -68,9 +105,12 @@ def make_flask_user_password(plaintext_str): import bcrypt plaintext = plaintext_str.encode("UTF-8") password = bcrypt.hashpw(plaintext, bcrypt.gensalt()) - return password.decode("UTF-8") + if isinstance(password, str): + return password + else: + return password.decode("UTF-8") -def _do_login_user(user, remember_me=False): +def loginUser(user): def _call_or_get(v): if callable(v): return v() @@ -82,7 +122,7 @@ def _do_login_user(user, remember_me=False): return False if user.rank == UserRank.BANNED: - flash("You have been banned.", "error") + flash("You have been banned.", "danger") return False user.active = True @@ -93,32 +133,17 @@ def _do_login_user(user, remember_me=False): # Check if user account has been disabled if not _call_or_get(user.is_active): - flash("Your account has not been enabled.", "error") - return False - - # Check if user has a confirmed email address - user_manager = current_app.user_manager - if user_manager.enable_email and user_manager.enable_confirm_email \ - and not current_app.user_manager.enable_login_without_confirm_email \ - and not user.has_confirmed_email(): - url = url_for("user.resend_confirm_email") - flash("Your email address has not yet been confirmed", "error") + flash("Your account has not been enabled.", "danger") return False # Use Flask-Login to sign in user - login_user(user, remember=remember_me) + login_user(user, remember=True) signals.user_logged_in.send(current_app._get_current_object(), user=user) flash("You have signed in successfully.", "success") return True -def loginUser(user): - user_mixin = None - if user_manager.enable_username: - user_mixin = user_manager.find_user_by_username(user.username) - - return _do_login_user(user_mixin, True) def rank_required(rank): def decorator(f): @@ -170,3 +195,13 @@ def clearNotifications(url): if current_user.is_authenticated: Notification.query.filter_by(user=current_user, url=url).delete() db.session.commit() + + +YESES = ["yes", "true", "1", "on"] + +def isYes(val): + return val and val.lower() in YESES + + +def isNo(val): + return val and not isYes(val)