class IpUsernameVerification(Resource): get_parser = RequestParser() get_parser.add_argument("username", type=str) get_parser.add_argument("uuid", type=str) def get(self): args = self.get_parser.parse_args() result = check_authenticated_ip(request.remote_addr, username=args.get("username"), uuid=args.get("uuid")) return {'verified': result is not None} put_parser = RequestParser() put_parser.add_argument("username", type=str, required=True) put_parser.add_argument("ip", type=str, required=True) put_parser.add_argument("uuid", type=str, required=True) @require_api_key(required_access_tokens=[add_api_username_verification_token]) def put(self): args = self.put_parser.parse_args() add_authenticated_ip(args.get("username"), args.get("uuid"), args.get("ip")) return {'success': True} rest_api.add_resource(IpUsernameVerification, '/auth/ip_username_verification') register_api_access_token(add_api_username_verification_token, """Authenticates a username with an ip address. This would enable the user to register from that IP.""", permission="api.auth.add_ip_username_verification")
validate_args = self.validate_get(args) if validate_args: return validate_args uuid = args.get("uuid") mcname = args.get("name") if uuid: try: player = MinecraftPlayer.find_or_create_player(uuid) except NoSuchUserException, e: return {'error': [{"message": e.message}]} except ConnectionError: return {'error': [{"message": "failed to contact mojang"}]} return {'uuid': player.uuid, 'name': player.mcname} if mcname: try: uuid, mcname = uuid_utils.lookup_uuid_name(mcname) except NoSuchUserException, e: return {'error': [{"message": e.message}]} except ConnectionError: return {'error': [{"message": "failed to contact mojang"}]} player = MinecraftPlayer.find_or_create_player(uuid, mcname) return {'uuid': player.uuid, 'name': player.mcname} rest_api.add_resource(UUIDApi, '/uuid') register_api_access_token('uuid.get', permission='api.uuid.get')
def validate_post(self, args): if args.get("note") and len(args.get("note")) > 1000: return {'error': [{"message": "the note must be below 1000 characters long"}]} if args.get("server") and Server.verify_fid(args.get("server")): return {'error': [{"message": "the server field must be a valid fid"}]} @require_api_key(required_access_tokens=['anathema.notes.post']) def post(self): args = self.post_parser.parse_args() validate_args = self.validate_post(args) if validate_args: return validate_args issuer = request.api_user note = args.get("note") source = args.get("server") uuid = args.get("uuid") player = MinecraftPlayer.find_or_create_player(uuid) note = Note(issuer=issuer, issuer_old=issuer.name, target=player, username=player.mcname, note=note, server=source).save() return {'note': construct_local_note_data(note)} rest_api.add_resource(Notes, '/anathema/notes') register_api_access_token('anathema.notes.get', permission='api.anathema.notes.get') register_api_access_token('anathema.notes.post', permission='api.anathema.notes.post')
from flask_restful import Resource from mongoengine import Q from blueprints.api import register_api_access_token from models.user_model import User from blueprints.base import rest_api class GroupList(Resource): #@require_api_key(['auth.groups.list.get']) def get(self): users = User.objects(Q(role_groups__exists=True) & Q(role_groups__not__size=0)).scalar('name', 'role_groups') user_groups = dict() for name, groups in users: user_groups[name] = dict(groups=map(lambda group: group.name, groups)) return {'users': user_groups} rest_api.add_resource(GroupList, '/auth/group/list') register_api_access_token('auth.group.list.get')
@require_api_key(required_access_tokens=['anathema.alts.post']) def post(self): args = self.post_parser.parse_args() uuid = args.get("uuid") player = MinecraftPlayer.find_or_create_player(uuid) if not verify_ip_address(args["ip"].decode("ascii")): return {'error': [{"message": "ip is not valid"}]} ip = args["ip"] player_ips = PlayerIpsModel.objects(player=player).first() if not player_ips: player_ips = PlayerIpsModel(player=player, ips=[ip]) player_ips.save() player_ips.update_last_login_and_add_entry(ip) ip_players = IpPlayersModel.objects(ip=ip).first() if not ip_players: ip_players = IpPlayersModel(ip=ip, players=[player]) ip_players.save() ip_players.update_last_login_and_add_entry(player) return {"success": True} rest_api.add_resource(Alts, '/anathema/alts') register_api_access_token('anathema.alts.get', permission="api.anathema.alts.get") register_api_access_token('anathema.alts.post', permission="api.anathema.alts.post")
add_api_username_verification_token = 'api.auth.add_ip_username_verification' class MeResource(Resource): @require_api_key(asuser_must_be_registered=False, allow_user_permission=True) def get(self): user = getattr(request, 'api_user', None) username = getattr(request, 'api_user_name', None) player = getattr(request, 'api_player', None) if player is not None: player_info = {'uuid': player.uuid, 'mcname': player.mcname} else: player_info = None if user is not None: user_info = {'name': user.name} else: user_info = None return { 'api_user_method': getattr(request, 'api_user_method'), 'name_provided': username, 'user': user_info, 'player': player_info } rest_api.add_resource(MeResource, '/auth/me')
if not args.get("group"): # need group verification logic! return {'error': [{"message": "invalid group"}]} @require_api_key(required_access_tokens=['modreq.elevate']) def post(self, modreq_id): args = self.post_parser.parse_args() validate_args = self.validate_post(args) if validate_args: return validate_args, 400 elevate_group = args.get("group") modreq = ModReqModel.objects(uid=modreq_id).first() modreq.elevate_group = elevate_group modreq.save() return {'modreq': construct_modreq_data(modreq)} rest_api.add_resource(ModReq, '/modreq') rest_api.add_resource(ModReqClaim, '/modreq/<int:modreq_id>/claim') rest_api.add_resource(ModReqDone, '/modreq/<int:modreq_id>/done') rest_api.add_resource(ModReqElevate, '/modreq/<int:modreq_id>/elevate') register_api_access_token("modreq.get", permission="api.modreq.get") register_api_access_token("modreq.add", permission="api.modreq.add") register_api_access_token("modreq.claim", permission="api.modreq.claim") register_api_access_token("modreq.done", permission="api.modreq.done") register_api_access_token("modreq.elevate", permission="api.modreq.elevate")
@require_api_key(required_access_tokens=['anathema.notes.post']) def post(self): args = self.post_parser.parse_args() validate_args = self.validate_post(args) if validate_args: return validate_args issuer = request.api_user note = args.get("note") source = args.get("server") uuid = args.get("uuid") player = MinecraftPlayer.find_or_create_player(uuid) note = Note(issuer=issuer, issuer_old=issuer.name, target=player, username=player.mcname, note=note, server=source).save() return {'note': construct_local_note_data(note)} rest_api.add_resource(Notes, '/anathema/notes') register_api_access_token('anathema.notes.get', permission='api.anathema.notes.get') register_api_access_token('anathema.notes.post', permission='api.anathema.notes.post')
watch = args.get("watch").lower() == "true" ban = Ban.objects(uid=uid).first() if ban is None: abort(404) user = request.api_user._get_current_object() if user in ban.watching: if not watch: ban.watching.remove(user) else: if watch: ban.watching.append(user) ban.save() return { 'uid': uid, 'watching': user in ban.watching } rest_api.add_resource(Bans, '/anathema/bans') rest_api.add_resource(WatchBan, '/anathema/ban/<int:uid>/watch') register_api_access_token('anathema.bans.get') register_api_access_token('anathema.bans.post', permission="api.anathema.bans.post") register_api_access_token('anathema.bans.delete', permission="api.anathema.bans.delete") register_api_access_token('anathema.bans.watch', permission=permissions.ban_watch)
def get(self): args = self.get_parser.parse_args() result = check_authenticated_ip(request.remote_addr, username=args.get("username"), uuid=args.get("uuid")) return {'verified': result is not None} put_parser = RequestParser() put_parser.add_argument("username", type=str, required=True) put_parser.add_argument("ip", type=str, required=True) put_parser.add_argument("uuid", type=str, required=True) @require_api_key( required_access_tokens=[add_api_username_verification_token]) def put(self): args = self.put_parser.parse_args() add_authenticated_ip(args.get("username"), args.get("uuid"), args.get("ip")) return {'success': True} rest_api.add_resource(IpUsernameVerification, '/auth/ip_username_verification') register_api_access_token( add_api_username_verification_token, """Authenticates a username with an ip address. This would enable the user to register from that IP.""", permission="api.auth.add_ip_username_verification")
from .. import require_api_key from blueprints.base import rest_api from flask_restful import Resource from blueprints.api import register_api_access_token class ApiTest(Resource): @require_api_key(required_access_tokens=['api.test']) def get(self): return {'success': True} @require_api_key(required_access_tokens=['api.test']) def post(self): return {'success': True} rest_api.add_resource(ApiTest, '/test') register_api_access_token('api.test', """Provides access to the method /test. As indicated by the name, doesn't do anything at all.""")
def post(self): args = self.post_parser.parse_args() uuid = args.get("uuid") player = MinecraftPlayer.find_or_create_player(uuid) if not verify_ip_address(args["ip"].decode("ascii")): return {'error': [{"message": "ip is not valid"}]} ip = args["ip"] player_ips = PlayerIpsModel.objects(player=player).first() if not player_ips: player_ips = PlayerIpsModel(player=player, ips=[ip]) player_ips.save() player_ips.update_last_login_and_add_entry(ip) ip_players = IpPlayersModel.objects(ip=ip).first() if not ip_players: ip_players = IpPlayersModel(ip=ip, players=[player]) ip_players.save() ip_players.update_last_login_and_add_entry(player) return {"success": True} rest_api.add_resource(Alts, '/anathema/alts') register_api_access_token('anathema.alts.get', permission="api.anathema.alts.get") register_api_access_token('anathema.alts.post', permission="api.anathema.alts.post")
from .. import require_api_key from blueprints.base import rest_api from flask_restful import Resource from blueprints.api import register_api_access_token class ApiTest(Resource): @require_api_key(required_access_tokens=['api.test']) def get(self): return {'success': True} @require_api_key(required_access_tokens=['api.test']) def post(self): return {'success': True} rest_api.add_resource(ApiTest, '/test') register_api_access_token( 'api.test', """Provides access to the method /test. As indicated by the name, doesn't do anything at all.""" )
@require_api_key(asuser_must_be_registered=False, allow_user_permission=True) def get(self): user = getattr(request, 'api_user', None) username = getattr(request, 'api_user_name', None) player = getattr(request, 'api_player', None) if player is not None: player_info = { 'uuid': player.uuid, 'mcname': player.mcname } else: player_info = None if user is not None: user_info = { 'name': user.name } else: user_info = None return {'api_user_method': getattr(request, 'api_user_method'), 'name_provided': username, 'user': user_info, 'player': player_info} rest_api.add_resource(MeResource, '/auth/me')
from flask_restful import Resource from mongoengine import Q from blueprints.api import register_api_access_token from models.user_model import User from blueprints.base import rest_api class GroupList(Resource): #@require_api_key(['auth.groups.list.get']) def get(self): users = User.objects( Q(role_groups__exists=True) & Q(role_groups__not__size=0)).scalar( 'name', 'role_groups') user_groups = dict() for name, groups in users: user_groups[name] = dict( groups=map(lambda group: group.name, groups)) return {'users': user_groups} rest_api.add_resource(GroupList, '/auth/group/list') register_api_access_token('auth.group.list.get')