forget-cancellare-vecchi-toot/libforget/auth.py

53 lines
1.2 KiB
Python

from flask import g, redirect, jsonify, make_response, abort, request
from functools import wraps
def require_auth(fun):
@wraps(fun)
def wrapper(*args, **kwargs):
if not g.viewer:
return redirect('/')
return fun(*args, **kwargs)
return wrapper
def require_auth_api(fun):
@wraps(fun)
def wrapper(*args, **kwargs):
if not g.viewer:
return make_response((
jsonify(status='error', error='not logged in'),
403))
return fun(*args, **kwargs)
return wrapper
def csrf(fun):
@wraps(fun)
def wrapper(*args, **kwargs):
if request.form.get('csrf-token') != g.viewer.csrf_token:
return abort(403)
return fun(*args, **kwargs)
return wrapper
def set_session_cookie(session, response, secure=True):
response.set_cookie(
'forget_sid', session.id,
max_age=60*60*48,
httponly=True,
secure=secure)
def get_viewer_session():
from model import Session
sid = request.cookies.get('forget_sid', None)
if sid:
return Session.query.get(sid)
def get_viewer():
session = get_viewer_session()
if session:
return session.account