From 17d39ceb91866f80d7c06e710acac35f0104ccde Mon Sep 17 00:00:00 2001 From: Thomas Rubini <74205383+ThomasRubini@users.noreply.github.com> Date: Mon, 27 Mar 2023 16:57:41 +0200 Subject: [PATCH] add decorator to restrict admin endpoints --- truthinquiry/routes/routes_admin.py | 7 +++++++ truthinquiry/routes/routes_api_admin.py | 5 +++++ truthinquiry/utils.py | 20 ++++++++++++++++++++ 3 files changed, 32 insertions(+) create mode 100644 truthinquiry/utils.py diff --git a/truthinquiry/routes/routes_admin.py b/truthinquiry/routes/routes_admin.py index 4a03368..4572278 100644 --- a/truthinquiry/routes/routes_admin.py +++ b/truthinquiry/routes/routes_admin.py @@ -3,18 +3,22 @@ from sqlalchemy import select, or_ from truthinquiry.ext.database.models import * from truthinquiry.ext.database.fsa import db +from truthinquiry.utils import require_admin + routes_admin = flask.Blueprint("admin", __name__) DEFAULT_LANG = "FR" @routes_admin.route("/") +@require_admin(ui=True) def index(): npcs_objs = db.session.query(Npc).all() npcs_dicts = [{"id": npc_obj.NPC_ID, "name": npc_obj.NAME_LOCALE.get_text(DEFAULT_LANG).TEXT} for npc_obj in npcs_objs] return flask.render_template("admin/index.html", npcs=npcs_dicts) @routes_admin.route("/npc/") +@require_admin(ui=True) def npc(npc_id): if npc_id == "new": return flask.render_template("admin/npc.html", npc={}) @@ -36,6 +40,7 @@ def npc(npc_id): return flask.render_template("admin/npc.html", npc=npc_dict) @routes_admin.route("/questions") +@require_admin(ui=True) def questions(): lang = DEFAULT_LANG @@ -62,6 +67,7 @@ def questions(): return flask.render_template("admin/questions.html", questions=data, langs=["FR", "EN"]) @routes_admin.route("/places") +@require_admin(ui=True) def places(): lang = DEFAULT_LANG @@ -70,6 +76,7 @@ def places(): return flask.render_template("admin/places.html", places=places_dicts) @routes_admin.route("/traits") +@require_admin(ui=True) def traits(): lang = DEFAULT_LANG diff --git a/truthinquiry/routes/routes_api_admin.py b/truthinquiry/routes/routes_api_admin.py index 3b88cef..1caccbe 100644 --- a/truthinquiry/routes/routes_api_admin.py +++ b/truthinquiry/routes/routes_api_admin.py @@ -3,11 +3,13 @@ from sqlalchemy import select, delete, or_ from truthinquiry.ext.database.models import * from truthinquiry.ext.database.fsa import db +from truthinquiry.utils import require_admin routes_api_admin = flask.Blueprint("api_admin", __name__) @routes_api_admin.route("/setQuestions", methods=["GET", "POST"]) +@require_admin(api=True) def set_questions(): if not flask.request.json: return {"error": 1, "msg": "no json set"} @@ -44,6 +46,7 @@ def set_questions(): return {"error": 0} @routes_api_admin.route("/setTraits", methods=["GET", "POST"]) +@require_admin(api=True) def set_traits(): input_lang = flask.request.json["lang"] input_traits = flask.request.json["traits"] @@ -86,6 +89,7 @@ def set_traits(): return {"error": 0} @routes_api_admin.route("/setPlaces", methods=["GET", "POST"]) +@require_admin(api=True) def set_places(): input_lang = flask.request.json["lang"] input_places = flask.request.json["places"] @@ -124,6 +128,7 @@ def set_places(): return {"error": 0} @routes_api_admin.route("/setNpc", methods=["GET", "POST"]) +@require_admin(api=True) def set_npc(): input_lang = flask.request.json["lang"] input_npc = flask.request.json["npc"] diff --git a/truthinquiry/utils.py b/truthinquiry/utils.py new file mode 100644 index 0000000..9359137 --- /dev/null +++ b/truthinquiry/utils.py @@ -0,0 +1,20 @@ +from functools import wraps + +import flask + +def require_admin(*args, **kwargs): + def decorator(route): + @wraps(route) + def decorated_function(*route_args, **route_kwargs): + + if flask.session.get("admin"): + return route(*route_args, **route_kwargs) + elif kwargs.get("api"): + return {"error": 1, "msg": "Invalid authentication"} + elif kwargs.get("ui"): + return flask.redirect("/admin/auth") + else: + raise ValueError("Can't determine request type") + + return decorated_function + return decorator