user2
/
hole_thu_backend
forked from newthuhole/hole_thu_backend
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

15分钟自命名临时用户

master
hole-thu 5 years ago
parent
2373addd62
commit
d6ffd43c5e
2 changed files with 18 additions and 4 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 8
      hole.py
  2. 14
      utils.py

8
hole.py
Unescape View File

@ -7,7 +7,7 @@ from mastodon import Mastodon
import re, random, string, datetime, hashlib import re, random, string, datetime, hashlib
from models import db, User, Post, Comment, Attention, TagRecord, Syslog from models import db, User, Post, Comment, Attention, TagRecord, Syslog
from utils import require_token, map_post, map_comment, map_syslog, check_attention, hash_name, look, get_num from utils import require_token, map_post, map_comment, map_syslog, check_attention, hash_name, look, get_num, tmp_token
app = Flask(__name__) app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///hole.db' app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///hole.db'
@ -139,6 +139,7 @@ def do_post():
content = request.form.get('text') content = request.form.get('text')
content = content.strip() if content else None content = content.strip() if content else None
content = '[tmp]\n' + content if u.name[:4] == 'tmp_' else content
post_type = request.form.get('type') post_type = request.form.get('type')
cw = request.form.get('cw') cw = request.form.get('cw')
cw = cw.strip() if cw else None cw = cw.strip() if cw else None
@ -212,6 +213,7 @@ def do_comment():
content = request.form.get('text') content = request.form.get('text')
content = content.strip() if content else None content = content.strip() if content else None
content = '[tmp]\n' + content if u.name[:4] == 'tmp_' else content
if not content or len(content) > 4096: abort(422) if not content or len(content) > 4096: abort(422)
c = Comment( c = Comment(
@ -230,7 +232,8 @@ def do_comment():
@limiter.limit("200 / hour; 1 / second") @limiter.limit("200 / hour; 1 / second")
def attention(): def attention():
u = require_token() u = require_token()
if u.name[:4] == 'tmp_': abort(403)
s = request.form.get('switch') s = request.form.get('switch')
if s not in ['0', '1']: abort(422) if s not in ['0', '1']: abort(422)
@ -322,6 +325,7 @@ def system_log():
return { return {
'start_time': app.config['START_TIME'], 'start_time': app.config['START_TIME'],
'salt': look(app.config['SALT']), 'salt': look(app.config['SALT']),
'tmp_token': tmp_token(),
'data' : list(map(map_syslog, ss)) 'data' : list(map(map_syslog, ss))
} }

14
utils.py
Unescape View File

@ -1,15 +1,25 @@
import hashlib import hashlib, time
from flask import request, abort, current_app from flask import request, abort, current_app
from models import User, Attention, Syslog from models import User, Attention, Syslog
def get_config(key): def get_config(key):
return current_app.config.get(key) return current_app.config.get(key)
def tmp_token():
return hash_name(str(int(time.time() / 900)) + User.query.get(1).token)[5:21]
def require_token(): def require_token():
token = request.args.get('user_token') token = request.args.get('user_token')
if not token: abort(401) if not token: abort(401)
if len(token.split('_')) == 2 and get_config('ENABLE_TMP'):
tt, suf = token.split('_')
if tt != tmp_token(): abort(401)
return User(name='tmp_'+suf)
u = User.query.filter_by(token=token).first() u = User.query.filter_by(token=token).first()
if not u or Syslog.query.filter_by(log_type='BANNED', name_hash=hash_name(u.name)).first(): abort(403) if not u or Syslog.query.filter_by(log_type='BANNED', name_hash=hash_name(u.name)).first(): abort(401)
return u return u
def hash_name(name): def hash_name(name):

Write Preview
Loading…
Cancel
Save