user2/hole_thu_backend
1
0
Fork 0
forked from newthuhole/hole_thu_backend
Code Issues Pull Requests Projects Releases Wiki Activity

15分钟自命名临时用户

Browse Source
This commit is contained in:
hole-thu
2020-09-08 11:22:47 +08:00
parent 2373addd62
commit d6ffd43c5e
2 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
hole.py
View File

@@ -7,7 +7,7 @@ from mastodon import Mastodon
import re, random, string, datetime, hashlib import re, random, string, datetime, hashlib
from models import db, User, Post, Comment, Attention, TagRecord, Syslog from models import db, User, Post, Comment, Attention, TagRecord, Syslog
from utils import require_token, map_post, map_comment, map_syslog, check_attention, hash_name, look, get_num from utils import require_token, map_post, map_comment, map_syslog, check_attention, hash_name, look, get_num, tmp_token
app = Flask(__name__) app = Flask(__name__)
app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///hole.db' app.config['SQLALCHEMY_DATABASE_URI'] = 'sqlite:///hole.db'
@@ -139,6 +139,7 @@ def do_post():
content = request.form.get('text') content = request.form.get('text')
content = content.strip() if content else None content = content.strip() if content else None
content = '[tmp]\n' + content if u.name[:4] == 'tmp_' else content
post_type = request.form.get('type') post_type = request.form.get('type')
cw = request.form.get('cw') cw = request.form.get('cw')
cw = cw.strip() if cw else None cw = cw.strip() if cw else None
@@ -212,6 +213,7 @@ def do_comment():
content = request.form.get('text') content = request.form.get('text')
content = content.strip() if content else None content = content.strip() if content else None
content = '[tmp]\n' + content if u.name[:4] == 'tmp_' else content
if not content or len(content) > 4096: abort(422) if not content or len(content) > 4096: abort(422)
c = Comment( c = Comment(
@@ -230,7 +232,8 @@ def do_comment():
@limiter.limit("200 / hour; 1 / second") @limiter.limit("200 / hour; 1 / second")
def attention(): def attention():
u = require_token() u = require_token()
if u.name[:4] == 'tmp_': abort(403)
s = request.form.get('switch') s = request.form.get('switch')
if s not in ['0', '1']: abort(422) if s not in ['0', '1']: abort(422)
@@ -322,6 +325,7 @@ def system_log():
return { return {
'start_time': app.config['START_TIME'], 'start_time': app.config['START_TIME'],
'salt': look(app.config['SALT']), 'salt': look(app.config['SALT']),
'tmp_token': tmp_token(),
'data' : list(map(map_syslog, ss)) 'data' : list(map(map_syslog, ss))
} }

14
utils.py
View File

@@ -1,15 +1,25 @@
import hashlib import hashlib, time
from flask import request, abort, current_app from flask import request, abort, current_app
from models import User, Attention, Syslog from models import User, Attention, Syslog
def get_config(key): def get_config(key):
return current_app.config.get(key) return current_app.config.get(key)
def tmp_token():
return hash_name(str(int(time.time() / 900)) + User.query.get(1).token)[5:21]
def require_token(): def require_token():
token = request.args.get('user_token') token = request.args.get('user_token')
if not token: abort(401) if not token: abort(401)
if len(token.split('_')) == 2 and get_config('ENABLE_TMP'):
tt, suf = token.split('_')
if tt != tmp_token(): abort(401)
return User(name='tmp_'+suf)
u = User.query.filter_by(token=token).first() u = User.query.filter_by(token=token).first()
if not u or Syslog.query.filter_by(log_type='BANNED', name_hash=hash_name(u.name)).first(): abort(403) if not u or Syslog.query.filter_by(log_type='BANNED', name_hash=hash_name(u.name)).first(): abort(401)
return u return u
def hash_name(name): def hash_name(name):