skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

under attack

Browse source
This commit is contained in:
Aevann1 2022-01-09 17:15:02 +02:00
parent 93ce52b766
commit 1bea9edf79
32 changed files with 106 additions and 185 deletions
Download patch file Download diff file Expand all files Collapse all files

26
files/helpers/wrappers.py
View file

@ -23,8 +23,13 @@ def get_logged_in_user():
v = g.db.query(User).filter_by(id=lo_user).one_or_none()
if not v or nonce < v.login_nonce: return None
v.client = None
if request.method != "GET":
submitted_key = request.values.get("formkey")
if not submitted_key: abort(401)
elif not v.validate_formkey(submitted_key): abort(401)
return v
def check_ban_evade(v):
@ -110,21 +115,4 @@ def admin_level_required(x):
wrapper.__name__ = f.__name__
return wrapper
return wrapper_maker
def validate_formkey(f):
def wrapper(*args, v, **kwargs):
if not request.headers.get("Authorization"):
submitted_key = request.values.get("formkey", None)
if not submitted_key: abort(401)
elif not v.validate_formkey(submitted_key): abort(401)
return f(*args, v=v, **kwargs)
wrapper.__name__ = f.__name__
return wrapper
return wrapper_maker