def ban_unauthenticated_user():
guild_id = request.form.get("guild_id", None)
user_id = request.form.get("user_id", None)
reason = request.form.get("reason", None)
if guild_id in list_disabled_guilds():
return ('', 423)
if reason is not None:
reason = reason.strip()
if reason == "":
reason = None
if not guild_id or not user_id:
abort(400)
if not check_user_permission(guild_id, 2):
abort(401)
db_user = db.session.query(UnauthenticatedUsers).filter(
UnauthenticatedUsers.guild_id == guild_id,
UnauthenticatedUsers.id == user_id).order_by(
UnauthenticatedUsers.id.desc()).first()
if db_user is None:
abort(404)
db_ban = db.session.query(UnauthenticatedBans).filter(
UnauthenticatedBans.guild_id == guild_id,
UnauthenticatedBans.ip_address == db_user.ip_address).first()
if db_ban is not None:
if db_ban.lifter_id is None:
abort(409)
db.session.delete(db_ban)
db_ban = UnauthenticatedBans(guild_id, db_user.ip_address,
db_user.username, db_user.discriminator,
reason, session["user_id"])
db.session.add(db_ban)
return ('', 204)
def bot_ban():
if request.headers.get("Authorization", "") != config.get(
"app-secret", ""):
return jsonify(error="Authorization header does not match."), 403
incoming = request.get_json()
guild_id = incoming.get("guild_id", None)
placer_id = incoming.get("placer_id", None)
username = incoming.get("username", None)
discriminator = incoming.get("discriminator", None)
if not guild_id or not placer_id or not username:
return jsonify(error="Missing required parameters."), 400
if discriminator:
dbuser = db.session.query(UnauthenticatedUsers) \
.filter(UnauthenticatedUsers.guild_id == str(guild_id)) \
.filter(UnauthenticatedUsers.username.ilike("%" + username + "%")) \
.filter(UnauthenticatedUsers.discriminator == discriminator) \
.order_by(UnauthenticatedUsers.id.desc()).first()
else:
dbuser = db.session.query(UnauthenticatedUsers) \
.filter(UnauthenticatedUsers.guild_id == str(guild_id)) \
.filter(UnauthenticatedUsers.username.ilike("%" + username + "%")) \
.order_by(UnauthenticatedUsers.id.desc()).first()
if not dbuser:
return jsonify(error="Guest user cannot be found."), 404
dbban = db.session.query(UnauthenticatedBans) \
.filter(UnauthenticatedBans.guild_id == str(guild_id)) \
.filter(UnauthenticatedBans.last_username == dbuser.username) \
.filter(UnauthenticatedBans.last_discriminator == dbuser.discriminator).first()
if dbban is not None:
if dbban.lifter_id is None:
return jsonify(
error="Guest user, **{}#{}**, has already been banned.".format(
dbban.last_username, dbban.last_discriminator)), 409
db.session.delete(dbban)
dbban = UnauthenticatedBans(str(guild_id), dbuser.ip_address,
dbuser.username, dbuser.discriminator, "",
int(placer_id))
db.session.add(dbban)
db.session.commit()
return jsonify(
success=
"Guest user, **{}#{}**, has successfully been added to the ban list!".
format(dbban.last_username, dbban.last_discriminator))