from flask import g, redirect, jsonify, make_response, abort, request from functools import wraps def require_auth(fun): @wraps(fun) def wrapper(*args, **kwargs): if not g.viewer: return redirect('/') return fun(*args, **kwargs) return wrapper def require_auth_api(fun): @wraps(fun) def wrapper(*args, **kwargs): if not g.viewer: return make_response(( jsonify(status='error', error='not logged in'), 403)) return fun(*args, **kwargs) return wrapper def csrf(fun): @wraps(fun) def wrapper(*args, **kwargs): if request.form.get('csrf-token') != g.viewer.csrf_token: return abort(403) return fun(*args, **kwargs) return wrapper def set_session_cookie(session, response, secure=True): response.set_cookie( 'forget_sid', session.id, max_age=60*60*48, httponly=True, secure=secure) def get_viewer_session(): from model import Session sid = request.cookies.get('forget_sid', None) if sid: return Session.query.get(sid) def get_viewer(): session = get_viewer_session() if session: return session.account