newthuhole/hole_thu_backend
4
6
Fork 2
Code Issues 7 Pull Requests Projects Releases Wiki Activity

15分钟自命名临时用户

Browse Source
This commit is contained in:
hole-thu
2020-09-08 11:22:47 +08:00
parent 2373addd62
commit d6ffd43c5e
2 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
hole.py
View File

@@ -7,7 +7,7 @@ from mastodon import Mastodon
import re, random, string, datetime, hashlib
from models import db, User, Post, Comment, Attention, TagRecord, Syslog
from utils import require_token, map_post, map_comment, map_syslog, check_attention, hash_name, look, get_num
from utils import require_token, map_post, map_comment, map_syslog, check_attention, hash_name, look, get_num, tmp_token
app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///hole.db'
@@ -139,6 +139,7 @@ def do_post():
content = request.form.get('text')
content = content.strip() if content else None
content = '[tmp]\n' + content if u.name[:4] == 'tmp_' else content
post_type = request.form.get('type')
cw = request.form.get('cw')
cw = cw.strip() if cw else None
@@ -212,6 +213,7 @@ def do_comment():
content = request.form.get('text')
content = content.strip() if content else None
content = '[tmp]\n' + content if u.name[:4] == 'tmp_' else content
if not content or len(content) > 4096: abort(422)
c = Comment(
@@ -230,6 +232,7 @@ def do_comment():
@limiter.limit("200 / hour; 1 / second")
def attention():
u = require_token()
if u.name[:4] == 'tmp_': abort(403)
s = request.form.get('switch')
if s not in ['0', '1']: abort(422)
@@ -322,6 +325,7 @@ def system_log():
return {
'start_time': app.config['START_TIME'],
'salt': look(app.config['SALT']),
'tmp_token': tmp_token(),
'data' : list(map(map_syslog, ss))
}

14
utils.py
View File

@@ -1,15 +1,25 @@
import hashlib
import hashlib, time
from flask import request, abort, current_app
from models import User, Attention, Syslog
def get_config(key):
return current_app.config.get(key)
def tmp_token():
return hash_name(str(int(time.time() / 900)) + User.query.get(1).token)[5:21]
def require_token():
token = request.args.get('user_token')
if not token: abort(401)
if len(token.split('_')) == 2 and get_config('ENABLE_TMP'):
tt, suf = token.split('_')
if tt != tmp_token(): abort(401)
return User(name='tmp_'+suf)
u = User.query.filter_by(token=token).first()
if not u or Syslog.query.filter_by(log_type='BANNED', name_hash=hash_name(u.name)).first(): abort(403)
if not u or Syslog.query.filter_by(log_type='BANNED', name_hash=hash_name(u.name)).first(): abort(401)
return u
def hash_name(name):