2017-09-16 12:22:17 +02:00
|
|
|
from app import app, db
|
2017-09-20 23:02:36 +02:00
|
|
|
from libforget.auth import require_auth_api, get_viewer
|
2019-03-15 17:18:43 +01:00
|
|
|
from flask import jsonify, redirect, make_response, request, Response
|
2017-09-16 12:22:17 +02:00
|
|
|
from model import Account
|
2017-09-20 23:02:36 +02:00
|
|
|
import libforget.settings
|
|
|
|
import libforget.json
|
2019-03-15 18:29:55 +01:00
|
|
|
import random
|
2017-09-16 12:22:17 +02:00
|
|
|
|
2017-10-15 20:38:39 +02:00
|
|
|
@app.route('/api/health_check')
|
|
|
|
def health_check():
|
|
|
|
try:
|
|
|
|
db.session.execute('SELECT 1')
|
|
|
|
return 'ok'
|
|
|
|
except Exception:
|
|
|
|
return ('bad', 500)
|
|
|
|
|
2017-09-16 12:22:17 +02:00
|
|
|
|
|
|
|
@app.route('/api/settings', methods=('PUT',))
|
|
|
|
@require_auth_api
|
|
|
|
def api_settings_put():
|
|
|
|
viewer = get_viewer()
|
|
|
|
data = request.json
|
|
|
|
updated = dict()
|
2017-09-20 23:02:36 +02:00
|
|
|
for key in libforget.settings.attrs:
|
2017-09-16 12:22:17 +02:00
|
|
|
if key in data:
|
2018-01-03 17:58:13 +01:00
|
|
|
if (
|
|
|
|
isinstance(getattr(viewer, key), bool) and
|
|
|
|
isinstance(data[key], str)):
|
|
|
|
data[key] = data[key] == 'true'
|
2017-09-16 12:22:17 +02:00
|
|
|
setattr(viewer, key, data[key])
|
|
|
|
updated[key] = data[key]
|
|
|
|
db.session.commit()
|
|
|
|
return jsonify(status='success', updated=updated)
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/viewer')
|
|
|
|
@require_auth_api
|
|
|
|
def api_viewer():
|
|
|
|
viewer = get_viewer()
|
2017-09-20 23:02:36 +02:00
|
|
|
resp = make_response(libforget.json.account(viewer))
|
2017-09-16 12:22:17 +02:00
|
|
|
resp.headers.set('content-type', 'application/json')
|
|
|
|
return resp
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/reason', methods={'DELETE'})
|
|
|
|
@require_auth_api
|
|
|
|
def delete_reason():
|
|
|
|
get_viewer().reason = None
|
|
|
|
db.session.commit()
|
|
|
|
return jsonify(status='success')
|
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/badge/users')
|
|
|
|
def users_badge():
|
|
|
|
count = (
|
|
|
|
Account.query.filter(Account.policy_enabled)
|
|
|
|
.filter(~Account.dormant)
|
|
|
|
.count()
|
|
|
|
)
|
|
|
|
return redirect(
|
|
|
|
"https://img.shields.io/badge/active%20users-{}-blue.svg"
|
|
|
|
.format(count))
|
2019-03-15 17:18:43 +01:00
|
|
|
|
|
|
|
|
|
|
|
@app.route('/api/known_instances', methods=('GET', 'DELETE'))
|
|
|
|
def known_instances():
|
|
|
|
if request.method == 'GET':
|
|
|
|
known = request.cookies.get('forget_known_instances', '')
|
|
|
|
if not known:
|
2019-03-15 21:21:56 +01:00
|
|
|
return Response('[]', 404, mimetype='application/json')
|
2019-03-15 17:18:43 +01:00
|
|
|
|
2019-03-15 18:29:55 +01:00
|
|
|
# pad to avoid oracle attacks
|
|
|
|
for _ in range(random.randint(0, 1000)):
|
|
|
|
known += random.choice((' ', '\t', '\n'))
|
|
|
|
|
2019-03-15 17:18:43 +01:00
|
|
|
return Response(known, mimetype='application/json')
|
|
|
|
|
|
|
|
elif request.method == 'DELETE':
|
|
|
|
resp = Response('', 204)
|
|
|
|
resp.set_cookie('forget_known_instances', '', max_age=0)
|
|
|
|
return resp
|