class IpUsernameVerification(Resource):
get_parser = RequestParser()
get_parser.add_argument("username", type=str)
get_parser.add_argument("uuid", type=str)
def get(self):
args = self.get_parser.parse_args()
result = check_authenticated_ip(request.remote_addr, username=args.get("username"), uuid=args.get("uuid"))
return {'verified': result is not None}
put_parser = RequestParser()
put_parser.add_argument("username", type=str, required=True)
put_parser.add_argument("ip", type=str, required=True)
put_parser.add_argument("uuid", type=str, required=True)
@require_api_key(required_access_tokens=[add_api_username_verification_token])
def put(self):
args = self.put_parser.parse_args()
add_authenticated_ip(args.get("username"), args.get("uuid"), args.get("ip"))
return {'success': True}
rest_api.add_resource(IpUsernameVerification, '/auth/ip_username_verification')
register_api_access_token(add_api_username_verification_token,
"""Authenticates a username with an ip address. This would enable the user to register from that IP.""", permission="api.auth.add_ip_username_verification")
validate_args = self.validate_get(args)
if validate_args:
return validate_args
uuid = args.get("uuid")
mcname = args.get("name")
if uuid:
try:
player = MinecraftPlayer.find_or_create_player(uuid)
except NoSuchUserException, e:
return {'error': [{"message": e.message}]}
except ConnectionError:
return {'error': [{"message": "failed to contact mojang"}]}
return {'uuid': player.uuid, 'name': player.mcname}
if mcname:
try:
uuid, mcname = uuid_utils.lookup_uuid_name(mcname)
except NoSuchUserException, e:
return {'error': [{"message": e.message}]}
except ConnectionError:
return {'error': [{"message": "failed to contact mojang"}]}
player = MinecraftPlayer.find_or_create_player(uuid, mcname)
return {'uuid': player.uuid, 'name': player.mcname}
rest_api.add_resource(UUIDApi, '/uuid')
register_api_access_token('uuid.get', permission='api.uuid.get')
def validate_post(self, args):
if args.get("note") and len(args.get("note")) > 1000:
return {'error': [{"message": "the note must be below 1000 characters long"}]}
if args.get("server") and Server.verify_fid(args.get("server")):
return {'error': [{"message": "the server field must be a valid fid"}]}
@require_api_key(required_access_tokens=['anathema.notes.post'])
def post(self):
args = self.post_parser.parse_args()
validate_args = self.validate_post(args)
if validate_args:
return validate_args
issuer = request.api_user
note = args.get("note")
source = args.get("server")
uuid = args.get("uuid")
player = MinecraftPlayer.find_or_create_player(uuid)
note = Note(issuer=issuer, issuer_old=issuer.name, target=player, username=player.mcname, note=note, server=source).save()
return {'note': construct_local_note_data(note)}
rest_api.add_resource(Notes, '/anathema/notes')
register_api_access_token('anathema.notes.get', permission='api.anathema.notes.get')
register_api_access_token('anathema.notes.post', permission='api.anathema.notes.post')
from flask_restful import Resource
from mongoengine import Q
from blueprints.api import register_api_access_token
from models.user_model import User
from blueprints.base import rest_api
class GroupList(Resource):
#@require_api_key(['auth.groups.list.get'])
def get(self):
users = User.objects(Q(role_groups__exists=True) & Q(role_groups__not__size=0)).scalar('name', 'role_groups')
user_groups = dict()
for name, groups in users:
user_groups[name] = dict(groups=map(lambda group: group.name, groups))
return {'users': user_groups}
rest_api.add_resource(GroupList, '/auth/group/list')
register_api_access_token('auth.group.list.get')
@require_api_key(required_access_tokens=['anathema.alts.post'])
def post(self):
args = self.post_parser.parse_args()
uuid = args.get("uuid")
player = MinecraftPlayer.find_or_create_player(uuid)
if not verify_ip_address(args["ip"].decode("ascii")):
return {'error': [{"message": "ip is not valid"}]}
ip = args["ip"]
player_ips = PlayerIpsModel.objects(player=player).first()
if not player_ips:
player_ips = PlayerIpsModel(player=player, ips=[ip])
player_ips.save()
player_ips.update_last_login_and_add_entry(ip)
ip_players = IpPlayersModel.objects(ip=ip).first()
if not ip_players:
ip_players = IpPlayersModel(ip=ip, players=[player])
ip_players.save()
ip_players.update_last_login_and_add_entry(player)
return {"success": True}
rest_api.add_resource(Alts, '/anathema/alts')
register_api_access_token('anathema.alts.get', permission="api.anathema.alts.get")
register_api_access_token('anathema.alts.post', permission="api.anathema.alts.post")
validate_args = self.validate_get(args)
if validate_args:
return validate_args
uuid = args.get("uuid")
mcname = args.get("name")
if uuid:
try:
player = MinecraftPlayer.find_or_create_player(uuid)
except NoSuchUserException, e:
return {'error': [{"message": e.message}]}
except ConnectionError:
return {'error': [{"message": "failed to contact mojang"}]}
return {'uuid': player.uuid, 'name': player.mcname}
if mcname:
try:
uuid, mcname = uuid_utils.lookup_uuid_name(mcname)
except NoSuchUserException, e:
return {'error': [{"message": e.message}]}
except ConnectionError:
return {'error': [{"message": "failed to contact mojang"}]}
player = MinecraftPlayer.find_or_create_player(uuid, mcname)
return {'uuid': player.uuid, 'name': player.mcname}
rest_api.add_resource(UUIDApi, '/uuid')
register_api_access_token('uuid.get', permission='api.uuid.get')
add_api_username_verification_token = 'api.auth.add_ip_username_verification'
class MeResource(Resource):
@require_api_key(asuser_must_be_registered=False,
allow_user_permission=True)
def get(self):
user = getattr(request, 'api_user', None)
username = getattr(request, 'api_user_name', None)
player = getattr(request, 'api_player', None)
if player is not None:
player_info = {'uuid': player.uuid, 'mcname': player.mcname}
else:
player_info = None
if user is not None:
user_info = {'name': user.name}
else:
user_info = None
return {
'api_user_method': getattr(request, 'api_user_method'),
'name_provided': username,
'user': user_info,
'player': player_info
}
rest_api.add_resource(MeResource, '/auth/me')
if not args.get("group"): # need group verification logic!
return {'error': [{"message": "invalid group"}]}
@require_api_key(required_access_tokens=['modreq.elevate'])
def post(self, modreq_id):
args = self.post_parser.parse_args()
validate_args = self.validate_post(args)
if validate_args:
return validate_args, 400
elevate_group = args.get("group")
modreq = ModReqModel.objects(uid=modreq_id).first()
modreq.elevate_group = elevate_group
modreq.save()
return {'modreq': construct_modreq_data(modreq)}
rest_api.add_resource(ModReq, '/modreq')
rest_api.add_resource(ModReqClaim, '/modreq/<int:modreq_id>/claim')
rest_api.add_resource(ModReqDone, '/modreq/<int:modreq_id>/done')
rest_api.add_resource(ModReqElevate, '/modreq/<int:modreq_id>/elevate')
register_api_access_token("modreq.get", permission="api.modreq.get")
register_api_access_token("modreq.add", permission="api.modreq.add")
register_api_access_token("modreq.claim", permission="api.modreq.claim")
register_api_access_token("modreq.done", permission="api.modreq.done")
register_api_access_token("modreq.elevate", permission="api.modreq.elevate")
@require_api_key(required_access_tokens=['anathema.notes.post'])
def post(self):
args = self.post_parser.parse_args()
validate_args = self.validate_post(args)
if validate_args:
return validate_args
issuer = request.api_user
note = args.get("note")
source = args.get("server")
uuid = args.get("uuid")
player = MinecraftPlayer.find_or_create_player(uuid)
note = Note(issuer=issuer,
issuer_old=issuer.name,
target=player,
username=player.mcname,
note=note,
server=source).save()
return {'note': construct_local_note_data(note)}
rest_api.add_resource(Notes, '/anathema/notes')
register_api_access_token('anathema.notes.get',
permission='api.anathema.notes.get')
register_api_access_token('anathema.notes.post',
permission='api.anathema.notes.post')
if not args.get("group"): # need group verification logic!
return {'error': [{"message": "invalid group"}]}
@require_api_key(required_access_tokens=['modreq.elevate'])
def post(self, modreq_id):
args = self.post_parser.parse_args()
validate_args = self.validate_post(args)
if validate_args:
return validate_args, 400
elevate_group = args.get("group")
modreq = ModReqModel.objects(uid=modreq_id).first()
modreq.elevate_group = elevate_group
modreq.save()
return {'modreq': construct_modreq_data(modreq)}
rest_api.add_resource(ModReq, '/modreq')
rest_api.add_resource(ModReqClaim, '/modreq/<int:modreq_id>/claim')
rest_api.add_resource(ModReqDone, '/modreq/<int:modreq_id>/done')
rest_api.add_resource(ModReqElevate, '/modreq/<int:modreq_id>/elevate')
register_api_access_token("modreq.get", permission="api.modreq.get")
register_api_access_token("modreq.add", permission="api.modreq.add")
register_api_access_token("modreq.claim", permission="api.modreq.claim")
register_api_access_token("modreq.done", permission="api.modreq.done")
register_api_access_token("modreq.elevate", permission="api.modreq.elevate")
watch = args.get("watch").lower() == "true"
ban = Ban.objects(uid=uid).first()
if ban is None:
abort(404)
user = request.api_user._get_current_object()
if user in ban.watching:
if not watch:
ban.watching.remove(user)
else:
if watch:
ban.watching.append(user)
ban.save()
return {
'uid': uid,
'watching': user in ban.watching
}
rest_api.add_resource(Bans, '/anathema/bans')
rest_api.add_resource(WatchBan, '/anathema/ban/<int:uid>/watch')
register_api_access_token('anathema.bans.get')
register_api_access_token('anathema.bans.post', permission="api.anathema.bans.post")
register_api_access_token('anathema.bans.delete', permission="api.anathema.bans.delete")
register_api_access_token('anathema.bans.watch', permission=permissions.ban_watch)
def get(self):
args = self.get_parser.parse_args()
result = check_authenticated_ip(request.remote_addr,
username=args.get("username"),
uuid=args.get("uuid"))
return {'verified': result is not None}
put_parser = RequestParser()
put_parser.add_argument("username", type=str, required=True)
put_parser.add_argument("ip", type=str, required=True)
put_parser.add_argument("uuid", type=str, required=True)
@require_api_key(
required_access_tokens=[add_api_username_verification_token])
def put(self):
args = self.put_parser.parse_args()
add_authenticated_ip(args.get("username"), args.get("uuid"),
args.get("ip"))
return {'success': True}
rest_api.add_resource(IpUsernameVerification, '/auth/ip_username_verification')
register_api_access_token(
add_api_username_verification_token,
"""Authenticates a username with an ip address. This would enable the user to register from that IP.""",
permission="api.auth.add_ip_username_verification")
from .. import require_api_key
from blueprints.base import rest_api
from flask_restful import Resource
from blueprints.api import register_api_access_token
class ApiTest(Resource):
@require_api_key(required_access_tokens=['api.test'])
def get(self):
return {'success': True}
@require_api_key(required_access_tokens=['api.test'])
def post(self):
return {'success': True}
rest_api.add_resource(ApiTest, '/test')
register_api_access_token('api.test',
"""Provides access to the method /test. As indicated by the name, doesn't do anything at all.""")
def post(self):
args = self.post_parser.parse_args()
uuid = args.get("uuid")
player = MinecraftPlayer.find_or_create_player(uuid)
if not verify_ip_address(args["ip"].decode("ascii")):
return {'error': [{"message": "ip is not valid"}]}
ip = args["ip"]
player_ips = PlayerIpsModel.objects(player=player).first()
if not player_ips:
player_ips = PlayerIpsModel(player=player, ips=[ip])
player_ips.save()
player_ips.update_last_login_and_add_entry(ip)
ip_players = IpPlayersModel.objects(ip=ip).first()
if not ip_players:
ip_players = IpPlayersModel(ip=ip, players=[player])
ip_players.save()
ip_players.update_last_login_and_add_entry(player)
return {"success": True}
rest_api.add_resource(Alts, '/anathema/alts')
register_api_access_token('anathema.alts.get',
permission="api.anathema.alts.get")
register_api_access_token('anathema.alts.post',
permission="api.anathema.alts.post")
from .. import require_api_key
from blueprints.base import rest_api
from flask_restful import Resource
from blueprints.api import register_api_access_token
class ApiTest(Resource):
@require_api_key(required_access_tokens=['api.test'])
def get(self):
return {'success': True}
@require_api_key(required_access_tokens=['api.test'])
def post(self):
return {'success': True}
rest_api.add_resource(ApiTest, '/test')
register_api_access_token(
'api.test',
"""Provides access to the method /test. As indicated by the name, doesn't do anything at all."""
)
@require_api_key(asuser_must_be_registered=False,
allow_user_permission=True)
def get(self):
user = getattr(request, 'api_user', None)
username = getattr(request, 'api_user_name', None)
player = getattr(request, 'api_player', None)
if player is not None:
player_info = {
'uuid': player.uuid,
'mcname': player.mcname
}
else:
player_info = None
if user is not None:
user_info = {
'name': user.name
}
else:
user_info = None
return {'api_user_method': getattr(request, 'api_user_method'),
'name_provided': username,
'user': user_info,
'player': player_info}
rest_api.add_resource(MeResource, '/auth/me')
from flask_restful import Resource
from mongoengine import Q
from blueprints.api import register_api_access_token
from models.user_model import User
from blueprints.base import rest_api
class GroupList(Resource):
#@require_api_key(['auth.groups.list.get'])
def get(self):
users = User.objects(
Q(role_groups__exists=True) & Q(role_groups__not__size=0)).scalar(
'name', 'role_groups')
user_groups = dict()
for name, groups in users:
user_groups[name] = dict(
groups=map(lambda group: group.name, groups))
return {'users': user_groups}
rest_api.add_resource(GroupList, '/auth/group/list')
register_api_access_token('auth.group.list.get')
