2017-08-25 10:50:11 +02:00
|
|
|
from flask import g, redirect, jsonify, make_response, abort, request
|
2017-08-12 01:04:22 +02:00
|
|
|
from functools import wraps
|
2017-07-31 04:51:11 +02:00
|
|
|
|
2017-08-12 01:04:22 +02:00
|
|
|
def require_auth(fun):
|
|
|
|
|
@wraps(fun)
|
2017-07-31 04:51:11 +02:00
|
|
|
def wrapper(*args, **kwargs):
|
|
|
|
|
if not g.viewer:
|
2017-08-12 01:04:22 +02:00
|
|
|
return redirect('/')
|
|
|
|
|
return fun(*args, **kwargs)
|
|
|
|
|
return wrapper
|
2017-07-31 04:51:11 +02:00
|
|
|
|
2017-08-12 01:04:22 +02:00
|
|
|
def require_auth_api(fun):
|
|
|
|
|
@wraps(fun)
|
|
|
|
|
def wrapper(*args, **kwargs):
|
|
|
|
|
if not g.viewer:
|
|
|
|
|
return make_response((jsonify(status='error', error='not logged in'), 403))
|
|
|
|
|
return fun(*args, **kwargs)
|
2017-07-31 04:51:11 +02:00
|
|
|
return wrapper
|
|
|
|
|
|
|
|
|
|
|
2017-08-25 10:50:11 +02:00
|
|
|
def csrf(fun):
|
|
|
|
|
@wraps(fun)
|
|
|
|
|
def wrapper(*args, **kwargs):
|
|
|
|
|
if request.form.get('csrf-token') != g.viewer.csrf_token:
|
|
|
|
|
return abort(403)
|
|
|
|
|
return fun(*args, **kwargs)
|
|
|
|
|
return wrapper
|
