fdfd

2021-08-03 19:43:30 +02:00 · 2021-08-03 19:43:30 +02:00 · a576b3cd04
commit a576b3cd04
parent f86ca388e8
5 changed files with 16 additions and 60 deletions
--- a/drama/classes/clients.py
+++ b/drama/classes/clients.py
@ -7,29 +7,22 @@ from .submission import Submission
 from .comment import Comment
 from drama.__main__ import Base

-
 class OauthApp(Base, Stndrd):

 	__tablename__ = "oauth_apps"

 	id = Column(Integer, primary_key=True)
 	client_id = Column(String(64))
-	client_secret = Column(String(128))
 	app_name = Column(String(50))
 	redirect_uri = Column(String(4096))
-	author_id = Column(Integer, ForeignKey("users.id"))
-	is_banned = Column(Boolean, default=False)
 	description = Column(String(256))
-
 	author = relationship("User")

-	def __repr__(self):
-		return f"<OauthApp(id={self.id})>"
+	def __repr__(self): return f"<OauthApp(id={self.id})>"

 	@property
-	def permalink(self):
+	def permalink(self): return f"/admin/app/{self.id}"

-		return f"/admin/app/{self.id}"

 	def idlist(self, page=1, **kwargs):

@ -51,41 +44,12 @@ class OauthApp(Base, Stndrd):

 		return [x[0] for x in posts.all()]

-
-
-
 class ClientAuth(Base, Stndrd):

 	__tablename__ = "client_auths"

 	id = Column(Integer, primary_key=True)
 	oauth_client = Column(Integer, ForeignKey("oauth_apps.id"))
-	oauth_code = Column(String(128))
-	user_id = Column(Integer, ForeignKey("users.id"))
-	scope_identity = Column(Boolean, default=False)
-	scope_create = Column(Boolean, default=False)
-	scope_read = Column(Boolean, default=False)
-	scope_update = Column(Boolean, default=False)
-	scope_delete = Column(Boolean, default=False)
-	scope_vote = Column(Boolean, default=False)
 	access_token = Column(String(128))
-	refresh_token = Column(String(128))
-	access_token_expire_utc = Column(Integer)
-
 	user = relationship("User", lazy="joined")
-	application = relationship("OauthApp", lazy="joined")
-
-	@property
-	def scopelist(self):
-
-		output = ""
-		output += "identity," if self.scope_identity else ""
-		output += "create," if self.scope_create else ""
-		output += "read," if self.scope_read else ""
-		output += "update," if self.scope_update else ""
-		output += "delete," if self.scope_delete else ""
-		output += "vote," if self.scope_vote else ""
-
-		output = output.rstrip(',')
-
-		return output
+	application = relationship("OauthApp", lazy="joined")
--- a/drama/routes/oauth.py
+++ b/drama/routes/oauth.py
@ -11,7 +11,6 @@ def authorize_prompt(v):
 	client_id = request.args.get("client_id")
 	application = g.db.query(OauthApp).filter_by(client_id=client_id).first()
 	if not application: return {"oauth_error": "Invalid `client_id`"}, 401
-	if application.is_banned: return {"oauth_error": f"Application `{application.app_name}` is suspended."}, 403
 	return render_template("oauth.html", v=v, application=application)


@ -23,7 +22,6 @@ def authorize(v):
 	client_id = request.form.get("client_id")
 	application = g.db.query(OauthApp).filter_by(client_id=client_id).first()
 	if not application: return {"oauth_error": "Invalid `client_id`"}, 401
-	if application.is_banned: return {"oauth_error": f"Application `{application.app_name}` is suspended."}, 403
 	access_token = secrets.token_urlsafe(128)[:128]
 	new_auth = ClientAuth(
 		oauth_client = application.id,
@ -97,8 +95,6 @@ def admin_app_approve(v, aid):
 	app = g.db.query(OauthApp).filter_by(id=aid).first()

 	app.client_id = secrets.token_urlsafe(64)[:64]
-	app.client_secret = secrets.token_urlsafe(128)[:128]
-
 	g.db.add(app)

 	access_token = secrets.token_urlsafe(128)[:128]
@ -122,15 +118,14 @@ def admin_app_revoke(v, aid):

 	app = g.db.query(OauthApp).filter_by(id=aid).first()

-	app.client_id = None
-	app.client_secret = None
+	for auth in g.db.query(ClientAuth).filter_by(oauth_client=app.id).all(): g.db.delete(auth)

-	g.db.add(app)
+	g.db.flush()
+	send_notification(1046, app.author, f"Your application `{app.app_name}` has been revoked.")

-	u = get_account(app.author_id, v=v)
-	send_notification(1046, u, f"Your application `{app.app_name}` has been revoked.")
+	g.db.delete(app)

-	return {"message": f"{app.app_name} revoked"}
+	return {"message": f"App revoked"}


@app.post("/admin/app/reject/<aid>")
@ -140,16 +135,14 @@ def admin_app_reject(v, aid):

 	app = g.db.query(OauthApp).filter_by(id=aid).first()

-	for auth in g.db.query(ClientAuth).filter_by(oauth_client=app.id).all():
-		g.db.delete(auth)
+	for auth in g.db.query(ClientAuth).filter_by(oauth_client=app.id).all(): g.db.delete(auth)

 	g.db.flush()
-	u = get_account(app.author_id, v=v)
-	send_notification(1046, u, f"Your application `{app.app_name}` has been rejected.")
+	send_notification(1046, app.author, f"Your application `{app.app_name}` has been rejected.")

 	g.db.delete(app)

-	return {"message": f"{app.app_name} rejected"}
+	return {"message": f"App rejected"}


@app.get("/admin/app/<aid>")
--- a/drama/templates/admin/app.html
+++ b/drama/templates/admin/app.html
@ -32,7 +32,7 @@
 	</div>
 	<div class="footer">
 		<div class="d-flex">
-			{% if not app.client_secret%}
+			{% if not app.client_id%}

 			<a href="javascript:void(0)" class="btn btn-primary ml-auto" onclick="post_toast('/admin/app/approve/{{app.id}}')">Approve</a>
 			<a href="javascript:void(0)" class="btn btn-secondary mr-0" onclick="post_toast('/admin/app/reject/{{app.id}}')">Reject</a> 
--- a/drama/templates/admin/apps.html
+++ b/drama/templates/admin/apps.html
@ -23,7 +23,7 @@
 			<label for="edit-{{app.id}}-name" class="mb-0 w-lg-25">App Name</label>
 			<input id="edit-{{app.id}}-name" class="form-control" type="text" name="name" value="{{app.app_name}}" readonly=readonly>

-			{% if app.client_secret %}
+			{% if app.client_id %}
 			<label for="edit-{{app.id}}-client-id" class="mb-0 w-lg-25">Client ID</label>
 			<input id="edit-{{app.id}}-client-id" class="form-control" type="text" name="name" value="{{app.client_id}}" readonly="readonly">
 			{% endif %}
@ -37,7 +37,7 @@
 	</div>
 	<div class="footer">
 		<div class="d-flex">
-			{% if not app.client_secret %}
+			{% if not app.client_id %}

 			<a href="javascript:void(0)" class="btn btn-primary ml-auto" onclick="post_toast('/admin/app/approve/{{app.id}}')">Approve</a>
 			<a href="javascript:void(0)" class="btn btn-secondary mr-0" onclick="post_toast('/admin/app/reject/{{app.id}}')">Reject</a> 
--- a/drama/templates/settings_apps.html
+++ b/drama/templates/settings_apps.html
@ -17,7 +17,7 @@

 <h2 class="h5">Your API Applications</h2>

-{% for app in v.applications if app.client_secret %}
+{% for app in v.applications if app.client_id %}

 <form id="edit-app-{{app.id}}" action="/edit_app/{{app.id}}" method="post">
 	<div class="settings-section rounded">
@ -50,7 +50,7 @@

 <h2 class="h5">API Applications Awaiting Approval</h2>

-{% for app in v.applications if not app.client_secret %}
+{% for app in v.applications if not app.client_id %}

 <form id="edit-app-{{app.id}}" action="/edit_app/{{app.id}}" method="post">
 	<div class="settings-section rounded">
@ -92,7 +92,6 @@
 						<div class="body w-lg-100">
 				<input type="hidden" name="formkey" value="{{v.formkey}}">
 				<label class="mb-0 w-lg-25">Permissions</label>
-				<input class="form-control" type="text" name="name" value="{{auth.scopelist}}" readonly="readonly">
 				<label class="mb-0 w-lg-25">Description</label>
 				<textarea class="form-control" name="description" maxlength="256" readonly="readonly">{{auth.application.description}}</textarea>
 			</div>