def func(id=None):
createLocalSession()
if 'csrf' not in session:
token = os.urandom(16)
session['csrf'] = ''.join('%02x' % ord(c) for c in token)
if method == 'POST' and \
('csrf' not in request.form or request.form['csrf'] != session['csrf']):
abort(403)
if 'userId' in session and session['userId']:
session.user = User.one(id=int(session['userId']))
else:
session.user = None
if (authed or admin) and session.user == None:
return _redirect('/')
elif admin and not session.user.admin:
abort(403)
params = request.form if method == 'POST' else request.args
kwargs = {}
for i, arg in enumerate(args):
if i == 0 and arg == 'id' and not rpc:
continue
if arg in params:
kwargs[arg] = params[arg]
else:
assert not rpc # RPC requires all arguments.
try:
if hasId and id != None:
ret = ofunc(int(id), **kwargs)
else:
ret = ofunc(**kwargs)
except RedirectException, r:
return _redirect(r.url)
def login_required_response(error=DEFAULT_LOGIN_ERROR, redirect='users.login'):
if not g.logged_in:
flash(error)
return _redirect(url_for(redirect))
if g.user.is_banned():
flash("You can't use this feature while banned.", 'error')
return _redirect('/banned')
return None
def decorated_function(*args, **kwargs):
response = login_required_response()
if response:
return response
if g.user.is_muted():
flash("You can't use this feature while muted.")
return _redirect(url_for(self.redirect))
if not g.user.email_confirmed:
flash("Please confirm your email before using this feature.")
return _redirect(url_for(self.redirect))
return f(*args, **kwargs)
def func(id=None):
if 'csrf' not in session:
token = os.urandom(16)
session['csrf'] = ''.join('%02x' % ord(c) for c in token)
if not CSRFable and method == 'POST' and \
('csrf' not in request.form or request.form['csrf'] != session['csrf']):
abort(403)
params = request.form if method == 'POST' else request.args
kwargs = {}
for i, arg in enumerate(args):
if i == 0 and arg == 'id' and not rpc:
continue
if arg in params:
kwargs[arg] = params[arg]
elif arg in request.files:
kwargs[arg] = request.files[arg]
else:
assert not rpc # RPC requires all arguments.
try:
if hasId and id != None:
ret = ofunc(int(id), **kwargs)
else:
ret = ofunc(**kwargs)
except RedirectException, r:
return _redirect(r.url)
def redirect(location,
code=302,
Response=None,
success=None,
warning=None,
error=None):
session['SUCCESS'] = success
session['WARNING'] = warning
session['ERROR'] = error
return _redirect(location, code=code, Response=Response)
def decorated_function(*args, **kwargs):
response = login_required_response()
if response:
return response
if not g.user.has_admin_access():
if self.redirect:
flash("You don't have permission to use this feature.")
return _redirect(url_for(self.redirect))
return render_template('403.html'), 403
return f(*args, **kwargs)
def func(id=None):
createLocalSession()
try:
tpl = stpl
if 'csrf' not in session:
token = os.urandom(16)
session['csrf'] = ''.join('%02x' % ord(c) for c in token)
if not CSRFable and method == 'POST' and \
('csrf' not in request.form or request.form['csrf'] != session['csrf']):
abort(403)
if 'userId' in session and session['userId']:
session.user = User.one(id=int(session['userId']))
else:
session.user = None
if admin and (session.user == None or not session.user.admin):
return abort(404)
elif authed and session.user == None:
return _redirect(handler.auth.get_index.url(error=0))
params = request.form if method == 'POST' else request.args
kwargs = {}
for i, arg in enumerate(args):
if i == 0 and arg == 'id' and not rpc:
continue
if arg in params:
kwargs[arg] = params[arg]
elif arg in request.files:
kwargs[arg] = request.files[arg]
else:
assert not rpc # RPC requires all arguments.
try:
if hasId and id != None:
ret = ofunc(int(id), **kwargs)
else:
ret = ofunc(**kwargs)
except RedirectException, r:
return _redirect(r.url)
except TemplateException, t:
tpl = t.tpl
ret = t.args
def wrapped(*args, **kwargs):
if not is_active(feature):
url = redirect_to
if redirect:
url = url_for(redirect)
if url:
log.debug(u'Feature {feature} is off, redirecting to {url}'.format(feature=feature, url=url))
return _redirect(url, code=302)
else:
log.debug(u'Feature {feature} is off, aborting request'.format(feature=feature))
abort(404)
return func(*args, **kwargs)
def wrapped(*args, **kwargs):
if not is_active(feature):
url = redirect_to
if redirect:
url = url_for(redirect)
if url:
log.debug(u'Feature {feature} is off, redirecting to {url}'.format(feature=feature, url=url))
return _redirect(url, code=302)
else:
log.debug(u'Feature {feature} is off, aborting request'.format(feature=feature))
abort(404)
return func(*args, **kwargs)
def func(id=None):
tpl = stpl
params = request.form if method == 'POST' else request.args
if rpc:
params = loads(params['args'])
kwargs = {}
for i, arg in enumerate(args):
if i == 0 and arg == 'id' and not rpc:
continue
if arg in params:
kwargs[arg] = params[arg]
elif arg in request.files:
kwargs[arg] = request.files[arg]
else:
print args, params
assert not rpc # RPC requires all arguments.
try:
if hasId and id != None:
ret = ofunc(int(id), **kwargs)
else:
ret = ofunc(**kwargs)
except RedirectException, r:
return _redirect(r.url)
def redirect(*args, **kwargs):
__redirect = _redirect(*args, **kwargs)
__redirect.autocorrect_location_header = False
return __redirect
def redirect(location: str, code: int = 302) -> Response:
"""flask's redirect but always passes the Response class"""
return _redirect(location, code, Response)
def wm_INTERNAL_redir (self, path):
self.wm_debug_log ("--- redirect received ---")
self.wm_debug_log ("checking hostname")
hostname = get_url_hostname (_request.base_url)
self.wm_debug_log ("target hostname is {}".format (hostname))
found_app = False
for appid in self.wm_enableds.keys ():
if hostname in self.wm_config["apps"][appid]["hostnames"]:
found_app = True
app = self.wm_enableds[appid]
self.wm_debug_log ("hostname {0} matches app {1}".format (hostname, app))
break
if not found_app:
self.wm_debug_log ("hostname {} doesn't match any app!".format (hostname))
ret = self.wm_config["not_found_response"]
return ret
base_path = self.wm_config["apps"][appid]["base_path"]
old_abspath = getcwd ()
self.wm_debug_log ("changing cwd to {}".format (base_path))
chdir (base_path)
self.wm_debug_log ("cwd is now {}".format (getcwd ()))
old_path = relpath (old_abspath)
if app["first_request"]:
app["first_request"] = False
for before_first_request_func in app["app"].before_first_request_funcs:
before_first_request_func ()
# TODO add blueprint support
for blueprint, before_request_func_list in app["app"].before_request_funcs.items ():
for before_request_func in before_request_func_list:
before_request_func ()
self.wm_debug_log ("done calling before functions")
# print (print_object (app.url_map))
# set the module's request object to the actual request object
# so the route function can access the actual request information
app["module"].request = _request
self.wm_debug_log ("bound to actual request")
# bind the app's url map to the actual request
urls = app["app"].url_map.bind_to_environ (_request)
self.wm_debug_log ("bound to real environment")
# get the endpoint and arguments for the actual request
self.wm_debug_log ("matching")
error = False
try:
endpoint, args = urls.match ()
except NotFound:
print_exc ()
error = True
ret = "Not Found", 404
endpoint, args = None, None
except MethodNotAllowed:
print_exc ()
error = True
ret = "Method Not Allowed", 405
endpoint, args = None, None
except RequestRedirect as redir:
print_exc ()
error = True
ret = _redirect (redir.new_url)
endpoint, args = None, None
except:
print_exc ()
error = True
endpoint, args = None, None
if error:
self.wm_debug_log ("error return value is {}".format (ret))
self.wm_debug_log ("matched")
print ("### ENDPOINT: {0}, ARGS: {1}".format (endpoint, args))
if not error:
for function_name, view_function in app["app"].view_functions.items ():
if function_name == endpoint:
self.wm_debug_log ("calling {}".format (function_name))
try:
ret = _make_response (view_function (**args))
except HTTPException as exc:
print_exc ()
self.wm_debug_log (
"error when calling view function -- code: {0}, desc: {1}, name: {2}, response: {3} ###".format (
exc.code, exc.description, exc.name, exc.response)
)
ret = exc.get_response (environ = _request)
# WARNING: any other non-abort () exceptions will be raised
# and will call the Flask debugger without calling the below code!
else:
self.wm_debug_log ("not calling view function {}".format (function_name))
# TODO also add blueprint support
for blueprint, after_request_func_list in app["app"].after_request_funcs.items ():
for after_request_func in after_request_func_list:
self.wm_debug_log ("Response before calling {0}: {1}".format (after_request_func.__name__, ret))
after_request_ret = after_request_func (_make_response (ret))
self.wm_debug_log ("Response after calling {0}: {1}".format (after_request_func.__name__, after_request_ret))
ret = after_request_ret
self.wm_debug_log ("changing dir back to {}".format (old_path))
chdir (old_path)
self.wm_debug_log ("--- redirect completed, returning ---")
return ret
def redirect(url):
return _redirect(DONAME + url)
