stranck-dev #10

Merged
drew merged 14 commits from stranck-dev into drew-dev 2024-01-13 16:02:42 +00:00
2 changed files with 23 additions and 2 deletions
Showing only changes of commit 8b07fa55b7 - Show all commits

View File

@ -12,17 +12,37 @@ import json
bp = Blueprint("admin", url_prefix="/manage/admin") bp = Blueprint("admin", url_prefix="/manage/admin")
def credentialsCheck (request, order:Order): def credentialsCheck(request, order:Order):
if not order: if not order:
raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!") raise exceptions.Forbidden("You have been logged out. Please access the link in your E-Mail to login again!")
if EXTRA_PRINTS:
print(f"Checking admin credentials of {order.code} with secret {order.secret}")
if not order.isAdmin() : raise exceptions.Forbidden("Birichino :)") if not order.isAdmin() : raise exceptions.Forbidden("Birichino :)")
@bp.get('/cache/clear') @bp.get('/cache/clear')
async def clearCache(request, order:Order): async def clearCache(request, order:Order):
credentialsCheck(request, order) credentialsCheck(request, order)
await request.app.ctx.om.fill_cache() await request.app.ctx.om.fill_cache()
return redirect(f'/manage/admin') return redirect(f'/manage/admin')
@bp.get('/loginas/<code>')
async def loginAs(request, code, order:Order):
credentialsCheck(request, order)
dOrder = await getOrderByCode(request, code, throwException=True)
if(dOrder.isAdmin()):
raise exceptions.Forbidden("You can't login as another admin!")
if EXTRA_PRINTS:
print(f"Swapping login: {order.secret} {order.code} -> {dOrder.secret} {code}")
r = redirect(f'/manage/welcome')
r.cookies['foxo_code_ORG'] = order.code
r.cookies['foxo_secret_ORG'] = order.secret
r.cookies['foxo_code'] = code
r.cookies['foxo_secret'] = dOrder.secret
return r
@bp.get('/room/unconfirm/<code>') @bp.get('/room/unconfirm/<code>')
async def unconfirmRoom(request, code, order:Order): async def unconfirmRoom(request, code, order:Order):
credentialsCheck(request, order) credentialsCheck(request, order)

3
ext.py
View File

@ -15,7 +15,8 @@ class Order:
self.time = time() self.time = time()
self.data = data self.data = data
self.status = {'n': 'pending', 'p': 'paid', 'e': 'expired', 'c': 'canceled'}[self.data['status']] self.status = {'n': 'pending', 'p': 'paid', 'e': 'expired', 'c': 'canceled'}[self.data['status']]
self.secret = data['secret']
if not len(self.data['positions']): if not len(self.data['positions']):
self.status = 'canceled' self.status = 'canceled'