From d6ffd43c5e9a28127051d8a922e3f506bea00ec0 Mon Sep 17 00:00:00 2001
From: hole-thu <hole_thu@riseup.net>
Date: Tue, 8 Sep 2020 11:22:47 +0800
Subject: [PATCH] =?UTF-8?q?15=E5=88=86=E9=92=9F=E8=87=AA=E5=91=BD=E5=90=8D?=
 =?UTF-8?q?=E4=B8=B4=E6=97=B6=E7=94=A8=E6=88=B7?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 hole.py  |  8 ++++++--
 utils.py | 14 ++++++++++++--
 2 files changed, 18 insertions(+), 4 deletions(-)

diff --git a/hole.py b/hole.py
index b47f678..d707f0e 100644
--- a/hole.py
+++ b/hole.py
@@ -7,7 +7,7 @@ from mastodon import Mastodon
 import re, random, string, datetime, hashlib
 
 from models import db, User, Post, Comment, Attention, TagRecord, Syslog
-from utils import require_token, map_post, map_comment, map_syslog, check_attention, hash_name, look, get_num
+from utils import require_token, map_post, map_comment, map_syslog, check_attention, hash_name, look, get_num, tmp_token
 
 app = Flask(__name__)
 app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///hole.db'
@@ -139,6 +139,7 @@ def do_post():
 
     content = request.form.get('text')
     content =  content.strip() if content else None
+    content = '[tmp]\n' + content if u.name[:4] == 'tmp_' else content
     post_type = request.form.get('type')
     cw = request.form.get('cw')
     cw =  cw.strip() if cw else None
@@ -212,6 +213,7 @@ def do_comment():
 
     content = request.form.get('text')
     content =  content.strip() if content else None
+    content = '[tmp]\n' + content if u.name[:4] == 'tmp_' else content
     if not content or len(content) > 4096: abort(422)
 
     c = Comment(
@@ -230,7 +232,8 @@ def do_comment():
 @limiter.limit("200 / hour; 1 / second")
 def attention():
     u = require_token()
-    
+    if u.name[:4] == 'tmp_': abort(403)
+
     s = request.form.get('switch')
     if s not in ['0', '1']: abort(422)
 
@@ -322,6 +325,7 @@ def system_log():
     return {
             'start_time': app.config['START_TIME'],
             'salt': look(app.config['SALT']),
+            'tmp_token': tmp_token(),
             'data' : list(map(map_syslog, ss))
         }
 
diff --git a/utils.py b/utils.py
index 86bdb8b..7b642de 100644
--- a/utils.py
+++ b/utils.py
@@ -1,15 +1,25 @@
-import hashlib
+import hashlib, time
 from flask import request, abort, current_app
 from models import User, Attention, Syslog
 
 def get_config(key):
     return current_app.config.get(key)
 
+def tmp_token():
+    return hash_name(str(int(time.time() / 900)) + User.query.get(1).token)[5:21]
+
 def require_token():
     token = request.args.get('user_token')
     if not token: abort(401)
+
+    if len(token.split('_')) == 2 and get_config('ENABLE_TMP'):
+        tt, suf = token.split('_')
+        if tt != tmp_token(): abort(401)
+        return User(name='tmp_'+suf)
+
+
     u = User.query.filter_by(token=token).first()
-    if not u or Syslog.query.filter_by(log_type='BANNED', name_hash=hash_name(u.name)).first(): abort(403)
+    if not u or Syslog.query.filter_by(log_type='BANNED', name_hash=hash_name(u.name)).first(): abort(401)
     return u
 
 def hash_name(name):