def prepare(self): self.id = str(uuid4()) self.joined = False try: self.session_id = self.cookies["session"].value self.chat_id = int(self.path_args[0]) self.user_id = int(redis.get("session:%s" % self.session_id)) except (KeyError, TypeError, ValueError): self.send_error(400) return self.db = sm() try: self.chat_user, self.user, self.chat = self.get_chat_user() except NoResultFound: self.send_error(404) return # Remember the user number so typing notifications can refer to it # without reopening the database session. self.user_number = self.chat_user.number self.user.last_online = datetime.now() self.user.last_ip = self.request.headers["X-Forwarded-For"] if self.user.group == "banned": self.send_error(403) return try: authorize_joining(redis, self.db, self) except (UnauthorizedException, BannedException, TooManyPeopleException): self.send_error(403) return
def decorated_function(url, fmt=None, *args, **kwargs): # Helper for doing some special URL stuff with PM chats. # Normally we just query for a Chat object with the url. However, PM chat # URLs take the form "pm/<username>", so we have to look up the username, # find the User it belongs to, and use our URL and theirs to create a # special URL. if url == "pm": abort(404) elif url.startswith("pm/"): username = url[3:] if username == "": abort(404) # You can't PM yourself. if g.user is None or username.lower() == g.user.username.lower(): abort(404) try: pm_user = g.db.query(User).filter( func.lower(User.username) == username.lower() ).one() except NoResultFound: abort(404) # Fix case if necessary. if pm_user.username != username: if request.method != "GET": abort(404) return redirect(url_for(request.endpoint, url="pm/" + pm_user.username, fmt=fmt)) # Generate URL from our user ID and their user ID. # Sort so they're always in the same order. pm_url = "pm/" + ("/".join(sorted([str(g.user.id), str(pm_user.id)]))) try: chat = g.db.query(PMChat).filter( PMChat.url == pm_url, ).one() except NoResultFound: # Only create a new PMChat on the main chat page. if request.endpoint != "rp_chat": abort(404) chat = PMChat(url=pm_url) g.db.add(chat) g.db.flush() # Create ChatUser for the other user. pm_chat_user = ChatUser.from_user(pm_user, chat_id=chat.id, number=1) g.db.add(pm_chat_user) g.db.flush() return f(chat, pm_user, url, fmt, *args, **kwargs) # Force lower case. if url != url.lower(): if request.method != "GET": abort(404) return redirect(url_for(request.endpoint, url=url.lower(), fmt=fmt)) try: chat = g.db.query(AnyChat).filter(AnyChat.url == url).one() except NoResultFound: abort(404) g.chat = chat g.chat_id = chat.id try: authorize_joining(g.redis, g.db, g) except BannedException: if request.endpoint != "rp_chat" or chat.url == "theoubliette": abort(403) if request.method != "GET": abort(404) return redirect(url_for(request.endpoint, url="theoubliette", fmt=fmt)) except UnauthorizedException: abort(403) except TooManyPeopleException: if request.endpoint == "rp_chat": abort(403) return f(chat, None, url, fmt, *args, **kwargs)