Beispiel #1
0
class IpUsernameVerification(Resource):

    get_parser = RequestParser()
    get_parser.add_argument("username", type=str)
    get_parser.add_argument("uuid", type=str)

    def get(self):
        args = self.get_parser.parse_args()

        result = check_authenticated_ip(request.remote_addr, username=args.get("username"), uuid=args.get("uuid"))

        return {'verified': result is not None}

    put_parser = RequestParser()
    put_parser.add_argument("username", type=str, required=True)
    put_parser.add_argument("ip", type=str, required=True)
    put_parser.add_argument("uuid", type=str, required=True)

    @require_api_key(required_access_tokens=[add_api_username_verification_token])
    def put(self):
        args = self.put_parser.parse_args()

        add_authenticated_ip(args.get("username"), args.get("uuid"), args.get("ip"))

        return {'success': True}


rest_api.add_resource(IpUsernameVerification, '/auth/ip_username_verification')
register_api_access_token(add_api_username_verification_token,
                          """Authenticates a username with an ip address. This would enable the user to register from that IP.""", permission="api.auth.add_ip_username_verification")
Beispiel #2
0
        validate_args = self.validate_get(args)
        if validate_args:
            return validate_args

        uuid = args.get("uuid")
        mcname = args.get("name")

        if uuid:
            try:
                player = MinecraftPlayer.find_or_create_player(uuid)
            except NoSuchUserException, e:
                return {'error': [{"message": e.message}]}
            except ConnectionError:
                return {'error': [{"message": "failed to contact mojang"}]}
            return {'uuid': player.uuid, 'name': player.mcname}

        if mcname:
            try:
                uuid, mcname = uuid_utils.lookup_uuid_name(mcname)
            except NoSuchUserException, e:
                return {'error': [{"message": e.message}]}
            except ConnectionError:
                return {'error': [{"message": "failed to contact mojang"}]}
            player = MinecraftPlayer.find_or_create_player(uuid, mcname)
            return {'uuid': player.uuid, 'name': player.mcname}


rest_api.add_resource(UUIDApi, '/uuid')

register_api_access_token('uuid.get', permission='api.uuid.get')
Beispiel #3
0
    def validate_post(self, args):
        if args.get("note") and len(args.get("note")) > 1000:
            return {'error': [{"message": "the note must be below 1000 characters long"}]}

        if args.get("server") and Server.verify_fid(args.get("server")):
            return {'error': [{"message": "the server field must be a valid fid"}]}

    @require_api_key(required_access_tokens=['anathema.notes.post'])
    def post(self):
        args = self.post_parser.parse_args()
        validate_args = self.validate_post(args)
        if validate_args:
            return validate_args

        issuer = request.api_user
        note = args.get("note")
        source = args.get("server")
        uuid = args.get("uuid")

        player = MinecraftPlayer.find_or_create_player(uuid)

        note = Note(issuer=issuer, issuer_old=issuer.name, target=player, username=player.mcname, note=note, server=source).save()
        return {'note': construct_local_note_data(note)}


rest_api.add_resource(Notes, '/anathema/notes')

register_api_access_token('anathema.notes.get', permission='api.anathema.notes.get')
register_api_access_token('anathema.notes.post', permission='api.anathema.notes.post')

Beispiel #4
0
from flask_restful import Resource
from mongoengine import Q

from blueprints.api import register_api_access_token
from models.user_model import User
from blueprints.base import rest_api


class GroupList(Resource):

    #@require_api_key(['auth.groups.list.get'])
    def get(self):
        users = User.objects(Q(role_groups__exists=True) & Q(role_groups__not__size=0)).scalar('name', 'role_groups')

        user_groups = dict()
        for name, groups in users:
            user_groups[name] = dict(groups=map(lambda group: group.name, groups))

        return {'users': user_groups}

rest_api.add_resource(GroupList, '/auth/group/list')
register_api_access_token('auth.group.list.get')
Beispiel #5
0
    @require_api_key(required_access_tokens=['anathema.alts.post'])
    def post(self):
        args = self.post_parser.parse_args()
        uuid = args.get("uuid")
        player = MinecraftPlayer.find_or_create_player(uuid)

        if not verify_ip_address(args["ip"].decode("ascii")):
            return {'error': [{"message": "ip is not valid"}]}
        ip = args["ip"]

        player_ips = PlayerIpsModel.objects(player=player).first()
        if not player_ips:
            player_ips = PlayerIpsModel(player=player, ips=[ip])
            player_ips.save()
        player_ips.update_last_login_and_add_entry(ip)

        ip_players = IpPlayersModel.objects(ip=ip).first()
        if not ip_players:
            ip_players = IpPlayersModel(ip=ip, players=[player])
            ip_players.save()
        ip_players.update_last_login_and_add_entry(player)

        return {"success": True}


rest_api.add_resource(Alts, '/anathema/alts')

register_api_access_token('anathema.alts.get', permission="api.anathema.alts.get")
register_api_access_token('anathema.alts.post', permission="api.anathema.alts.post")
Beispiel #6
0
        validate_args = self.validate_get(args)
        if validate_args:
            return validate_args

        uuid = args.get("uuid")
        mcname = args.get("name")

        if uuid:
            try:
                player = MinecraftPlayer.find_or_create_player(uuid)
            except NoSuchUserException, e:
                return {'error': [{"message": e.message}]}
            except ConnectionError:
                return {'error': [{"message": "failed to contact mojang"}]}
            return {'uuid': player.uuid, 'name': player.mcname}

        if mcname:
            try:
                uuid, mcname = uuid_utils.lookup_uuid_name(mcname)
            except NoSuchUserException, e:
                return {'error': [{"message": e.message}]}
            except ConnectionError:
                return {'error': [{"message": "failed to contact mojang"}]}
            player = MinecraftPlayer.find_or_create_player(uuid, mcname)
            return {'uuid': player.uuid, 'name': player.mcname}


rest_api.add_resource(UUIDApi, '/uuid')

register_api_access_token('uuid.get', permission='api.uuid.get')
Beispiel #7
0
add_api_username_verification_token = 'api.auth.add_ip_username_verification'


class MeResource(Resource):
    @require_api_key(asuser_must_be_registered=False,
                     allow_user_permission=True)
    def get(self):
        user = getattr(request, 'api_user', None)
        username = getattr(request, 'api_user_name', None)
        player = getattr(request, 'api_player', None)

        if player is not None:
            player_info = {'uuid': player.uuid, 'mcname': player.mcname}
        else:
            player_info = None

        if user is not None:
            user_info = {'name': user.name}
        else:
            user_info = None

        return {
            'api_user_method': getattr(request, 'api_user_method'),
            'name_provided': username,
            'user': user_info,
            'player': player_info
        }


rest_api.add_resource(MeResource, '/auth/me')
Beispiel #8
0
        if not args.get("group"):  # need group verification logic!
            return {'error': [{"message": "invalid group"}]}

    @require_api_key(required_access_tokens=['modreq.elevate'])
    def post(self, modreq_id):
        args = self.post_parser.parse_args()
        validate_args = self.validate_post(args)
        if validate_args:
            return validate_args, 400

        elevate_group = args.get("group")

        modreq = ModReqModel.objects(uid=modreq_id).first()

        modreq.elevate_group = elevate_group
        modreq.save()

        return {'modreq': construct_modreq_data(modreq)}


rest_api.add_resource(ModReq, '/modreq')
rest_api.add_resource(ModReqClaim, '/modreq/<int:modreq_id>/claim')
rest_api.add_resource(ModReqDone, '/modreq/<int:modreq_id>/done')
rest_api.add_resource(ModReqElevate, '/modreq/<int:modreq_id>/elevate')

register_api_access_token("modreq.get", permission="api.modreq.get")
register_api_access_token("modreq.add", permission="api.modreq.add")
register_api_access_token("modreq.claim", permission="api.modreq.claim")
register_api_access_token("modreq.done", permission="api.modreq.done")
register_api_access_token("modreq.elevate", permission="api.modreq.elevate")
Beispiel #9
0
    @require_api_key(required_access_tokens=['anathema.notes.post'])
    def post(self):
        args = self.post_parser.parse_args()
        validate_args = self.validate_post(args)
        if validate_args:
            return validate_args

        issuer = request.api_user
        note = args.get("note")
        source = args.get("server")
        uuid = args.get("uuid")

        player = MinecraftPlayer.find_or_create_player(uuid)

        note = Note(issuer=issuer,
                    issuer_old=issuer.name,
                    target=player,
                    username=player.mcname,
                    note=note,
                    server=source).save()
        return {'note': construct_local_note_data(note)}


rest_api.add_resource(Notes, '/anathema/notes')

register_api_access_token('anathema.notes.get',
                          permission='api.anathema.notes.get')
register_api_access_token('anathema.notes.post',
                          permission='api.anathema.notes.post')
Beispiel #10
0
        if not args.get("group"):  # need group verification logic!
            return {'error': [{"message": "invalid group"}]}

    @require_api_key(required_access_tokens=['modreq.elevate'])
    def post(self, modreq_id):
        args = self.post_parser.parse_args()
        validate_args = self.validate_post(args)
        if validate_args:
            return validate_args, 400

        elevate_group = args.get("group")

        modreq = ModReqModel.objects(uid=modreq_id).first()

        modreq.elevate_group = elevate_group
        modreq.save()

        return {'modreq': construct_modreq_data(modreq)}


rest_api.add_resource(ModReq, '/modreq')
rest_api.add_resource(ModReqClaim, '/modreq/<int:modreq_id>/claim')
rest_api.add_resource(ModReqDone, '/modreq/<int:modreq_id>/done')
rest_api.add_resource(ModReqElevate, '/modreq/<int:modreq_id>/elevate')

register_api_access_token("modreq.get", permission="api.modreq.get")
register_api_access_token("modreq.add", permission="api.modreq.add")
register_api_access_token("modreq.claim", permission="api.modreq.claim")
register_api_access_token("modreq.done", permission="api.modreq.done")
register_api_access_token("modreq.elevate", permission="api.modreq.elevate")
Beispiel #11
0
        watch = args.get("watch").lower() == "true"

        ban = Ban.objects(uid=uid).first()
        if ban is None:
            abort(404)

        user = request.api_user._get_current_object()

        if user in ban.watching:
            if not watch:
                ban.watching.remove(user)
        else:
            if watch:
                ban.watching.append(user)
        ban.save()

        return {
            'uid': uid,
            'watching': user in ban.watching
        }


rest_api.add_resource(Bans, '/anathema/bans')
rest_api.add_resource(WatchBan, '/anathema/ban/<int:uid>/watch')

register_api_access_token('anathema.bans.get')
register_api_access_token('anathema.bans.post', permission="api.anathema.bans.post")
register_api_access_token('anathema.bans.delete', permission="api.anathema.bans.delete")

register_api_access_token('anathema.bans.watch', permission=permissions.ban_watch)
Beispiel #12
0
    def get(self):
        args = self.get_parser.parse_args()

        result = check_authenticated_ip(request.remote_addr,
                                        username=args.get("username"),
                                        uuid=args.get("uuid"))

        return {'verified': result is not None}

    put_parser = RequestParser()
    put_parser.add_argument("username", type=str, required=True)
    put_parser.add_argument("ip", type=str, required=True)
    put_parser.add_argument("uuid", type=str, required=True)

    @require_api_key(
        required_access_tokens=[add_api_username_verification_token])
    def put(self):
        args = self.put_parser.parse_args()

        add_authenticated_ip(args.get("username"), args.get("uuid"),
                             args.get("ip"))

        return {'success': True}


rest_api.add_resource(IpUsernameVerification, '/auth/ip_username_verification')
register_api_access_token(
    add_api_username_verification_token,
    """Authenticates a username with an ip address. This would enable the user to register from that IP.""",
    permission="api.auth.add_ip_username_verification")
Beispiel #13
0
from .. import require_api_key
from blueprints.base import rest_api
from flask_restful import Resource
from blueprints.api import register_api_access_token


class ApiTest(Resource):

    @require_api_key(required_access_tokens=['api.test'])
    def get(self):
        return {'success': True}

    @require_api_key(required_access_tokens=['api.test'])
    def post(self):
        return {'success': True}

rest_api.add_resource(ApiTest, '/test')
register_api_access_token('api.test',
                          """Provides access to the method /test. As indicated by the name, doesn't do anything at all.""")
Beispiel #14
0
    def post(self):
        args = self.post_parser.parse_args()
        uuid = args.get("uuid")
        player = MinecraftPlayer.find_or_create_player(uuid)

        if not verify_ip_address(args["ip"].decode("ascii")):
            return {'error': [{"message": "ip is not valid"}]}
        ip = args["ip"]

        player_ips = PlayerIpsModel.objects(player=player).first()
        if not player_ips:
            player_ips = PlayerIpsModel(player=player, ips=[ip])
            player_ips.save()
        player_ips.update_last_login_and_add_entry(ip)

        ip_players = IpPlayersModel.objects(ip=ip).first()
        if not ip_players:
            ip_players = IpPlayersModel(ip=ip, players=[player])
            ip_players.save()
        ip_players.update_last_login_and_add_entry(player)

        return {"success": True}


rest_api.add_resource(Alts, '/anathema/alts')

register_api_access_token('anathema.alts.get',
                          permission="api.anathema.alts.get")
register_api_access_token('anathema.alts.post',
                          permission="api.anathema.alts.post")
Beispiel #15
0
from .. import require_api_key
from blueprints.base import rest_api
from flask_restful import Resource
from blueprints.api import register_api_access_token


class ApiTest(Resource):
    @require_api_key(required_access_tokens=['api.test'])
    def get(self):
        return {'success': True}

    @require_api_key(required_access_tokens=['api.test'])
    def post(self):
        return {'success': True}


rest_api.add_resource(ApiTest, '/test')
register_api_access_token(
    'api.test',
    """Provides access to the method /test. As indicated by the name, doesn't do anything at all."""
)
Beispiel #16
0
    @require_api_key(asuser_must_be_registered=False,
                     allow_user_permission=True)
    def get(self):
        user = getattr(request, 'api_user', None)
        username = getattr(request, 'api_user_name', None)
        player = getattr(request, 'api_player', None)

        if player is not None:
            player_info = {
                'uuid': player.uuid,
                'mcname': player.mcname
            }
        else:
            player_info = None

        if user is not None:
            user_info = {
                'name': user.name
            }
        else:
            user_info = None

        return {'api_user_method': getattr(request, 'api_user_method'),
                'name_provided': username,
                'user': user_info,
                'player': player_info}


rest_api.add_resource(MeResource, '/auth/me')
Beispiel #17
0
from flask_restful import Resource
from mongoengine import Q

from blueprints.api import register_api_access_token
from models.user_model import User
from blueprints.base import rest_api


class GroupList(Resource):

    #@require_api_key(['auth.groups.list.get'])
    def get(self):
        users = User.objects(
            Q(role_groups__exists=True) & Q(role_groups__not__size=0)).scalar(
                'name', 'role_groups')

        user_groups = dict()
        for name, groups in users:
            user_groups[name] = dict(
                groups=map(lambda group: group.name, groups))

        return {'users': user_groups}


rest_api.add_resource(GroupList, '/auth/group/list')
register_api_access_token('auth.group.list.get')