zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-05-15 08:57:17 +02:00
Code Issues Projects Releases Packages Wiki Activity

allow api use via current_site, better check for current_site

Browse source
This commit is contained in:
Kyle Drake 2024-02-16 10:50:36 -06:00
parent b89ffc2bad
commit 59dbc1b2e1
5 changed files with 23 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

2
app/api.rb
View file

@ -183,6 +183,8 @@ post '/api/:name' do
end end
def require_api_credentials def require_api_credentials
return true if current_site
if !request.env['HTTP_AUTHORIZATION'].nil? if !request.env['HTTP_AUTHORIZATION'].nil?
init_api_credentials init_api_credentials
api_error(403, 'email_not_validated', 'you need to validate your email address before using the API') if email_not_validated? api_error(403, 'email_not_validated', 'you need to validate your email address before using the API') if email_not_validated?

9
app/create.rb
View file

@ -64,15 +64,6 @@ end
post '/create' do post '/create' do
content_type :json content_type :json
if banned?(true)
signout
session[:banned] = true if !session[:banned]
flash[:error] = 'There was an error, please <a href="/contact">contact support</a> to log in.'
redirect '/'
end
dashboard_if_signed_in dashboard_if_signed_in
@site = Site.new( @site = Site.new(

32
app_helpers.rb
View file

@ -16,8 +16,6 @@ end
def require_login def require_login
redirect '/' unless signed_in? && current_site redirect '/' unless signed_in? && current_site
enforce_ban if banned?
signout if deleted?
end end
def signed_in? def signed_in?
@ -27,30 +25,18 @@ end
def current_site def current_site
return nil if session[:id].nil? return nil if session[:id].nil?
@_site ||= Site[id: session[:id]] @_site ||= Site[id: session[:id]]
@_parent_site ||= @_site.parent
if @_site.is_banned || @_site.is_deleted || (@_parent_site && (@_parent_site.is_banned || @_parent_site.is_deleted))
signout
redirect '/'
end
@_site
end end
def parent_site def parent_site
return nil if current_site.nil? @_parent_site || current_site
current_site.parent? ? current_site : current_site.parent
end
def deleted?
return true if current_site && current_site.is_deleted
false
end
def banned?(ip_check=false)
#return true if session[:banned]
return true if current_site && (current_site.is_banned || parent_site.is_banned)
return true if ip_check && Site.banned_ip?(request.ip)
false
end
def enforce_ban
signout
session[:banned] = true
redirect '/'
end end
def meta_robots(newtag=nil) def meta_robots(newtag=nil)

4
models/site.rb
View file

@ -524,10 +524,6 @@ class Site < Sequel::Model
true true
end end
def is_banned?
is_banned
end
def unban! def unban!
undelete! undelete!
self.is_banned = false self.is_banned = false

12
tests/api_tests.rb
View file

@ -308,6 +308,18 @@ describe 'api' do
_(site_file_exists?('test.jpg')).must_equal true _(site_file_exists?('test.jpg')).must_equal true
end end
it 'succeeds with valid user session' do
create_site
post '/api/upload',
{'test.jpg' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg'),
'csrf_token' => 'abcd'},
{'rack.session' => { 'id' => @site.id, '_csrf_token' => 'abcd' }}
_(res[:result]).must_equal 'success'
_(last_response.status).must_equal 200
_(site_file_exists?('test.jpg')).must_equal true
end
it 'fails with bad api key' do it 'fails with bad api key' do
create_site create_site
@site.generate_api_key! @site.generate_api_key!