forget-cancellare-vecchi-toot/libforget/auth.py

from flask import g, redirect, jsonify, make_response, abort, request
from functools import wraps


def require_auth(fun):
    @wraps(fun)
    def wrapper(*args, **kwargs):
        if not g.viewer:
            return redirect('/')
        return fun(*args, **kwargs)
    return wrapper


def require_auth_api(fun):
    @wraps(fun)
    def wrapper(*args, **kwargs):
        if not g.viewer:
            return make_response((
                jsonify(status='error', error='not logged in'),
                403))
        return fun(*args, **kwargs)
    return wrapper


def csrf(fun):
    @wraps(fun)
    def wrapper(*args, **kwargs):
        if request.form.get('csrf-token') != g.viewer.csrf_token:
            return abort(403)
        return fun(*args, **kwargs)
    return wrapper


def set_session_cookie(session, response, secure=True):
    response.set_cookie(
        'forget_sid', session.id,
        max_age=60*60*48,
        httponly=True,
        secure=secure)


def get_viewer_session():
    from model import Session
    sid = request.cookies.get('forget_sid', None)
    if sid:
        return Session.query.get(sid)


def get_viewer():
    session = get_viewer_session()
    if session:
        return session.account
add csrf tokens 🔒🔒🔒🔒‼ 2017-08-25 10:50:11 +02:00			`from flask import g, redirect, jsonify, make_response, abort, request`
edit settings dynamically 2017-08-12 01:04:22 +02:00			`from functools import wraps`
add a settings page that doesn't do much yet. polish? 2017-07-31 04:51:11 +02:00
flakes8 2017-08-29 14:46:32 +02:00
edit settings dynamically 2017-08-12 01:04:22 +02:00			`def require_auth(fun):`
			`@wraps(fun)`
add a settings page that doesn't do much yet. polish? 2017-07-31 04:51:11 +02:00			`def wrapper(args, *kwargs):`
			`if not g.viewer:`
edit settings dynamically 2017-08-12 01:04:22 +02:00			`return redirect('/')`
			`return fun(args, *kwargs)`
			`return wrapper`
add a settings page that doesn't do much yet. polish? 2017-07-31 04:51:11 +02:00
flakes8 2017-08-29 14:46:32 +02:00
edit settings dynamically 2017-08-12 01:04:22 +02:00			`def require_auth_api(fun):`
			`@wraps(fun)`
			`def wrapper(args, *kwargs):`
			`if not g.viewer:`
flakes8 2017-08-29 14:46:32 +02:00			`return make_response((`
			`jsonify(status='error', error='not logged in'),`
			`403))`
edit settings dynamically 2017-08-12 01:04:22 +02:00			`return fun(args, *kwargs)`
add a settings page that doesn't do much yet. polish? 2017-07-31 04:51:11 +02:00			`return wrapper`


add csrf tokens 🔒🔒🔒🔒‼ 2017-08-25 10:50:11 +02:00			`def csrf(fun):`
			`@wraps(fun)`
			`def wrapper(args, *kwargs):`
			`if request.form.get('csrf-token') != g.viewer.csrf_token:`
			`return abort(403)`
			`return fun(args, *kwargs)`
			`return wrapper`
consolidate lib.session and lib.auth into lib.auth 2017-09-04 20:24:42 +02:00

			`def set_session_cookie(session, response, secure=True):`
			`response.set_cookie(`
			`'forget_sid', session.id,`
			`max_age=606048,`
			`httponly=True,`
			`secure=secure)`


			`def get_viewer_session():`
			`from model import Session`
			`sid = request.cookies.get('forget_sid', None)`
			`if sid:`
			`return Session.query.get(sid)`


			`def get_viewer():`
			`session = get_viewer_session()`
			`if session:`
			`return session.account`