def wrap(*args, **kwargs):
# If allow_user_permission is True, make sure the user has the appropriate permissions.
if allow_user_permission and _check_user_permission(required_access_tokens, current_user):
return func(*args, **kwargs)
# Check and obtain API key from DB
try:
key = ApiKey.objects(key=request.headers['ApiKey']).first()
except KeyError:
return {'error': [{'message': "no/invalid ApiKey header provided", 'identifier': "apikey_not_provided"}]}, 403
if key is None:
return {'error': [{'message': "no/invalid ApiKey header provided", 'identifier': "apikey_not_provided"}]}, 403
for access in required_access_tokens:
if access not in key.access:
return {'error': [{'message': "api key doesn't have access to '%s'" % access, 'identifier': "permission#%s" % access}]}, 403
# Check for the AsUser header, apply stuff to context
if 'AsUser' in request.headers or 'AsPlayer' in request.headers:
if 'api.as_user' not in key.access:
return {'error': [{'message': "api key doesn't have access to 'api.as_user', required for using the AsUser and AsPlayer headers", 'identifier': "permission#api.as_user"}]}, 403
if 'AsUser' in request.headers:
username = request.headers['AsUser']
# Obtain user from db
user = User.get_user_by_name(username)
if user is None and asuser_must_be_registered:
return {'error': [{'message': "the user specified in the AsUser header wasn't found", 'identifier': "asuser_not_found"}]}, 403
request.api_user_method = 'as_user'
request.api_user = user
request.api_user_name = username
elif 'AsPlayer' in request.headers:
uuid = request.headers['AsPlayer']
player = MinecraftPlayer.find_player(uuid)
if player is None:
return {'error': [{'message': "player uuid specified in AsPlayer header is not registered in database (has not logged in?)", 'identifier': "player_uuid_not_found"}]}, 403
user = User.get_user_by_uuid(player)
if user is None and asuser_must_be_registered:
return {'error': [{'message': "the uuid specified in the AsPlayer field is not owned by a website user", 'identifier': "asuser_not_found"}]}, 403
request.api_user_method = 'as_player'
request.api_user = user
request.api_user_name = user.name if user is not None else None
request.api_player = player
else:
request.api_user_method = 'key_owner'
request.api_user = key.owner
request.api_user_name = key.owner.name
return func(*args, **kwargs)
def post(self):
args = self.post_parser.parse_args()
validate_args = self.validate_post(args)
if validate_args:
return validate_args
issuer = request.api_user
note = args.get("note")
source = args.get("server")
uuid = args.get("uuid")
player = MinecraftPlayer.find_or_create_player(uuid)
note = Note(issuer=issuer, issuer_old=issuer.name, target=player, username=player.mcname, note=note, server=source).save()
return {'note': construct_local_note_data(note)}
def get(self):
args = self.get_parser.parse_args()
validate_args = self.validate_get(args)
if validate_args:
return validate_args
uuid = args.get("uuid")
mcname = args.get("name")
if uuid:
try:
player = MinecraftPlayer.find_or_create_player(uuid)
except NoSuchUserException, e:
return {'error': [{"message": e.message}]}
except ConnectionError:
return {'error': [{"message": "failed to contact mojang"}]}
def get(self):
args = self.get_parser.parse_args()
validate_args = self.validate_get(args)
if validate_args:
return validate_args
uuid = args.get("uuid")
mcname = args.get("name")
if uuid:
try:
player = MinecraftPlayer.find_or_create_player(uuid)
except NoSuchUserException, e:
return {'error': [{"message": e.message}]}
except ConnectionError:
return {'error': [{"message": "failed to contact mojang"}]}
def post(self):
args = self.post_parser.parse_args()
validate_args = self.validate_post(args)
if validate_args:
return validate_args
issuer = request.api_user
note = args.get("note")
source = args.get("server")
uuid = args.get("uuid")
player = MinecraftPlayer.find_or_create_player(uuid)
note = Note(issuer=issuer,
issuer_old=issuer.name,
target=player,
username=player.mcname,
note=note,
server=source).save()
return {'note': construct_local_note_data(note)}
def post(self):
args = self.post_parser.parse_args()
validate_args = self.validate_post(args)
if validate_args:
return validate_args
issuer = request.api_user
reason = args.get("reason")
source = args.get("server")
uuid = args.get("uuid")
player = MinecraftPlayer.find_or_create_player(uuid)
if len(Ban.objects(target=player, active=True)) > 0:
return {'error': [{'message': "the user is already banned", 'identifier': "anathema.bans.add:user_already_exists"}]}
ban = Ban(issuer=issuer, issuer_old=issuer.name, target=player, username=player.mcname, reason=reason,
server=source, watching=[issuer]).save()
return {'ban': construct_local_ban_data(ban)}
def post(self):
args = self.post_parser.parse_args()
uuid = args.get("uuid")
player = MinecraftPlayer.find_or_create_player(uuid)
if not verify_ip_address(args["ip"].decode("ascii")):
return {'error': [{"message": "ip is not valid"}]}
ip = args["ip"]
player_ips = PlayerIpsModel.objects(player=player).first()
if not player_ips:
player_ips = PlayerIpsModel(player=player, ips=[ip])
player_ips.save()
player_ips.update_last_login_and_add_entry(ip)
ip_players = IpPlayersModel.objects(ip=ip).first()
if not ip_players:
ip_players = IpPlayersModel(ip=ip, players=[player])
ip_players.save()
ip_players.update_last_login_and_add_entry(player)
return {"success": True}
def post(self):
args = self.post_parser.parse_args()
uuid = args.get("uuid")
player = MinecraftPlayer.find_or_create_player(uuid)
if not verify_ip_address(args["ip"].decode("ascii")):
return {'error': [{"message": "ip is not valid"}]}
ip = args["ip"]
player_ips = PlayerIpsModel.objects(player=player).first()
if not player_ips:
player_ips = PlayerIpsModel(player=player, ips=[ip])
player_ips.save()
player_ips.update_last_login_and_add_entry(ip)
ip_players = IpPlayersModel.objects(ip=ip).first()
if not ip_players:
ip_players = IpPlayersModel(ip=ip, players=[player])
ip_players.save()
ip_players.update_last_login_and_add_entry(player)
return {"success": True}
def register_pool(username):
if current_user.is_authenticated():
flash("You are already logged in. Log out to register another account.", category="alert")
return redirect(url_for('static_pages.landing_page'))
if User.objects(name=username).first() is not None:
flash("This user is already registered.", category="alert")
return redirect(url_for('auth.login'))
#Is verified
auth_check = check_authenticated_ip(request.remote_addr, username=username)
if auth_check:
form = RegistrationForm(request.form)
if request.method == "GET":
return render_template('register_3.html', username=username, form=form, title="Step 3 - Register")
elif request.method == "POST":
if form.validate():
uuid = auth_check.uuid.hex
player = MinecraftPlayer.find_or_create_player(uuid, auth_check.username)
user = User(
name=username,
hash=bcrypt.hashpw(form.password.data, bcrypt.gensalt()),
mail=form.mail.data,
minecraft_player=player)
user.save()
flash("Registration complete!", category="success")
return redirect(url_for('auth.login'))
return render_template('register_3.html', username=username, form=form, title="Step 3 - Register")
#Is not verified
else:
if request.method == "GET":
return render_template('register_2.html', username=username, title="Waiting... - Step 2 - Register")
else:
abort(405)
validate_args = self.validate_get(args)
if validate_args:
return validate_args
uuid = args.get("uuid")
mcname = args.get("name")
if uuid:
try:
player = MinecraftPlayer.find_or_create_player(uuid)
except NoSuchUserException, e:
return {'error': [{"message": e.message}]}
except ConnectionError:
return {'error': [{"message": "failed to contact mojang"}]}
return {'uuid': player.uuid, 'name': player.mcname}
if mcname:
try:
uuid, mcname = uuid_utils.lookup_uuid_name(mcname)
except NoSuchUserException, e:
return {'error': [{"message": e.message}]}
except ConnectionError:
return {'error': [{"message": "failed to contact mojang"}]}
player = MinecraftPlayer.find_or_create_player(uuid, mcname)
return {'uuid': player.uuid, 'name': player.mcname}
rest_api.add_resource(UUIDApi, '/uuid')
register_api_access_token('uuid.get', permission='api.uuid.get')
validate_args = self.validate_get(args)
if validate_args:
return validate_args
uuid = args.get("uuid")
mcname = args.get("name")
if uuid:
try:
player = MinecraftPlayer.find_or_create_player(uuid)
except NoSuchUserException, e:
return {'error': [{"message": e.message}]}
except ConnectionError:
return {'error': [{"message": "failed to contact mojang"}]}
return {'uuid': player.uuid, 'name': player.mcname}
if mcname:
try:
uuid, mcname = uuid_utils.lookup_uuid_name(mcname)
except NoSuchUserException, e:
return {'error': [{"message": e.message}]}
except ConnectionError:
return {'error': [{"message": "failed to contact mojang"}]}
player = MinecraftPlayer.find_or_create_player(uuid, mcname)
return {'uuid': player.uuid, 'name': player.mcname}
rest_api.add_resource(UUIDApi, '/uuid')
register_api_access_token('uuid.get', permission='api.uuid.get')
def wrap(*args, **kwargs):
# If allow_user_permission is True, make sure the user has the appropriate permissions.
if allow_user_permission and _check_user_permission(
required_access_tokens, current_user):
return func(*args, **kwargs)
# Check and obtain API key from DB
try:
key = ApiKey.objects(key=request.headers['ApiKey']).first()
except KeyError:
return {
'error': [{
'message': "no/invalid ApiKey header provided",
'identifier': "apikey_not_provided"
}]
}, 403
if key is None:
return {
'error': [{
'message': "no/invalid ApiKey header provided",
'identifier': "apikey_not_provided"
}]
}, 403
for access in required_access_tokens:
if access not in key.access:
return {
'error': [{
'message':
"api key doesn't have access to '%s'" % access,
'identifier':
"permission#%s" % access
}]
}, 403
# Check for the AsUser header, apply stuff to context
if 'AsUser' in request.headers or 'AsPlayer' in request.headers:
if 'api.as_user' not in key.access:
return {
'error': [{
'message':
"api key doesn't have access to 'api.as_user', required for using the AsUser and AsPlayer headers",
'identifier': "permission#api.as_user"
}]
}, 403
if 'AsUser' in request.headers:
username = request.headers['AsUser']
# Obtain user from db
user = User.get_user_by_name(username)
if user is None and asuser_must_be_registered:
return {
'error': [{
'message':
"the user specified in the AsUser header wasn't found",
'identifier': "asuser_not_found"
}]
}, 403
request.api_user_method = 'as_user'
request.api_user = user
request.api_user_name = username
elif 'AsPlayer' in request.headers:
uuid = request.headers['AsPlayer']
player = MinecraftPlayer.find_player(uuid)
if player is None:
return {
'error': [{
'message':
"player uuid specified in AsPlayer header is not registered in database (has not logged in?)",
'identifier': "player_uuid_not_found"
}]
}, 403
user = User.get_user_by_uuid(player)
if user is None and asuser_must_be_registered:
return {
'error': [{
'message':
"the uuid specified in the AsPlayer field is not owned by a website user",
'identifier': "asuser_not_found"
}]
}, 403
request.api_user_method = 'as_player'
request.api_user = user
request.api_user_name = user.name if user is not None else None
request.api_player = player
else:
request.api_user_method = 'key_owner'
request.api_user = key.owner
request.api_user_name = key.owner.name
return func(*args, **kwargs)
