def delete_msg(self: "Shimon", data: Dict, redirect: bool) -> HttpResponse:
pwd = data.get("pwd", "")
if pwd and self.msg_policy == 1:
if not self.security.correct_pwd(pwd):
return error_401()
index = data.get("index")
if isinstance(index, str):
try:
index = int(index)
except ValueError:
return error_400("Index is not a valid integer")
elif not isinstance(index, int):
return error_400("Index is not a valid integer")
if index < 0:
return error_400("Index is out of bounds")
hist_id = history_id(self, data.get("id", ""))
if hist_id < 0:
return error_400()
msgs = self.cache["history"][hist_id]["msgs"]
if index >= len(msgs):
return error_400("Index is not a valid integer")
msgs.pop(index)
self.redraw = True
return error_200("Message deleted")
def entry(self, shimon: "Shimon", enable: bool, _: bool) -> HttpResponse:
if Path(self.path).is_file():
shimon.cache.mapper[self.name] = enable
return error_200()
shimon.cache.mapper[self.name] = False
return error_400("Missing required file(s)")
def allfor(self: "Shimon", user: str, redirect: bool) -> HttpResponse:
raw = api_allfor(self, user)
if raw == False:
return error_400()
return error_200(raw)
def send_msg(self: "Shimon", sending: Dict, redirect: bool) -> HttpResponse:
msg = sending.get("msg")
uname = sending.get("uname")
if not msg or not uname or msg.isspace():
return error_400()
index = history_id(self, uname)
if index < 0:
return error_400()
self.cache["history"][index]["msgs"].append({"sending": True, "msg": msg})
self.redraw = True
return error_200()
def entry(self, shimon: "Shimon", data: str,
redirect: bool) -> HttpResponse:
num = int(data)
if self.min_allowed <= num <= self.max_allowed:
shimon.cache.mapper[self.cachename] = num
return error_202()
return error_400()
def change_pwd(self: "Shimon", pwds: Dict, redirect: bool) -> HttpResponse:
old = pwds.get("old", "")
new = pwds.get("new", "")
if not old or not new:
return error_400()
success = self.security.update_pwd(old, new)
if not success:
return error_401("Password could not be updated", redirect)
return error_202()
def theme(self: "Shimon", name: str, redirect: bool) -> HttpResponse:
themes = Path("SHIMON/templates/themes/")
dirty = (themes / name).resolve()
# dont allow reverse file traversal
if str(dirty).startswith(str(Path.cwd() / themes)):
if Path(f"{dirty}.css").is_file():
self.cache.mapper["theme"] = dirty.parts[-1]
return error_202()
return error_400()
def lock(self: "Shimon", pwd: str, redirect: bool) -> HttpResponse:
# dont kill session unless user will be directed to login
if not redirect:
return error_400()
returned_error = self.storage.lock(pwd)
if returned_error:
return returned_error
# clean up object states
self.cache.wipe()
self.session.kill()
res = make_response(
render(self, "pages/login.jinja", error="Cache has been locked"))
res.set_cookie("uname", "", expires=0)
res.set_cookie("session", "", expires=0)
return res, 200
def make_dec(self: ApiBase, *args: Any, **kwargs: Any) -> HttpResponse:
if type(args[1]) is str and args[1].isdigit():
return func(self, *args, **kwargs)
else:
return error_400()
def make_required(self: "ApiBase", requested_type: Type, func: HttpCall,
*args: Any, **kwargs: Any) -> HttpResponse:
if type(args[1]) is not requested_type:
return error_400()
return func(self, *args, **kwargs)