Organization and better creating and posting message support for unauth users

2025-06-16 19:35:24 +02:00 · 2017-02-09 21:10:44 -08:00
parent 24e69f9fea
commit 030d492af1
17 changed files with 359 additions and 54 deletions
--- a/titanembeds/init.py
+++ b/titanembeds/init.py
--- a/titanembeds/app.py
+++ b/titanembeds/app.py
@ -0,0 +1,38 @@
+from config import config
+from database import db
+from flask import Flask, render_template, request, session, url_for, redirect
+import blueprints.api
+import os
+
+
+os.chdir(config['app-location'])
+app = Flask(__name__)
+app.config['SQLALCHEMY_DATABASE_URI'] = config['database-uri']
+app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False  # Suppress the warning/no need this on for now.
+app.secret_key = config['app-secret']
+
+db.init_app(app)
+
+app.register_blueprint(blueprints.api.api, url_prefix="/api", template_folder="/templates")
+
+@app.route("/set_username/<guildid>/<channelid>", methods=["GET"])
+def get_set_username(guildid, channelid):
+    return render_template("set_username.html")
+
+@app.route("/set_username/<guildid>/<channelid>", methods=["POST"])
+def post_set_username(guildid, channelid):
+    session['username'] = request.form.get('username')
+    return redirect(url_for("embed_get", guildid=guildid, channelid=channelid))
+
+@app.route("/")
+def hello():
+    return "This page is not blank"
+
+@app.route("/embed/<guildid>/<channelid>")
+def embed_get(guildid, channelid):
+    if 'username' not in session:
+        return redirect(url_for("get_set_username", guildid=guildid, channelid=channelid))
+    return render_template("embed.html")
+
+if __name__ == "__main__":
+    app.run(host="0.0.0.0",port=3000,debug=True)
--- a/titanembeds/blueprints/init.py
+++ b/titanembeds/blueprints/init.py
--- a/titanembeds/blueprints/api/init.py
+++ b/titanembeds/blueprints/api/init.py
@ -0,0 +1 @@
+from api import api
--- a/titanembeds/blueprints/api/api.py
+++ b/titanembeds/blueprints/api/api.py
@ -0,0 +1,140 @@
+from titanembeds.database import db, Guilds, UnauthenticatedUsers, UnauthenticatedBans
+from titanembeds.decorators import valid_session_required
+from flask import Blueprint, jsonify, session, request
+from sqlalchemy import and_
+import random
+import requests
+import json
+from config import config
+
+api = Blueprint("api", __name__)
+
+_DISCORD_API_BASE = "https://discordapp.com/api/v6"
+
+def user_unauthenticated():
+    return session['unauthenticated']
+
+def checkUserRevoke(guild_id, user_key=None):
+    revoked = True #guilty until proven not revoked
+    if user_unauthenticated():
+        dbUser = UnauthenticatedUsers.query.filter(and_(UnauthenticatedUsers.guild_id == guild_id, UnauthenticatedUsers.user_key == user_key)).first()
+        revoked = dbUser.isRevoked()
+    else:
+        pass # Todo: handle authenticated user revocation status
+    return revoked
+
+def checkUserBanned(guild_id, ip_address=None):
+    banned = True
+    if user_unauthenticated():
+        dbUser = UnauthenticatedBans.query.filter(and_(UnauthenticatedBans.guild_id == guild_id, UnauthenticatedBans.ip_address == ip_address)).all()
+        print dbUser
+        if not dbUser:
+            banned = False
+        else:
+            for usr in dbUser:
+                if usr.lifter_id is not None:
+                    banned = False
+    else:
+        pass #todo: handle authenticated user banned status
+    return banned
+
+def get_client_ipaddr():
+    if hasattr(request.headers, "X-Real-IP"): # pythonanywhere specific
+        return request.headers['X-Real-IP']
+    else: # general
+        return request.remote_addr
+
+def update_user_status(guild_id, username, user_key=None):
+    if user_unauthenticated():
+        ip_address = get_client_ipaddr()
+        status = {
+            'ip_address': ip_address,
+            'username': username,
+            'user_key': user_key,
+            'guild_id': guild_id,
+            'banned': checkUserBanned(guild_id, ip_address),
+            'revoked': checkUserRevoke(guild_id, user_key),
+        }
+        if status['banned'] or status['revoked']:
+            return status
+        dbUser = UnauthenticatedUsers.query.filter(and_(UnauthenticatedUsers.guild_id == guild_id, UnauthenticatedUsers.user_key == user_key)).first()
+        dbUser.bumpTimestamp()
+        if dbUser.username != username or dbUser.ip_address != ip_address:
+            dbUser.username = username
+            dbUser.ip_address = ip_address
+            db.session.commit()
+    else:
+        pass #authenticated user todo
+    return status
+
+def get_channel_messages(channel_id, after_snowflake=None):
+    _endpoint = _DISCORD_API_BASE + "/channels/{channel_id}/messages".format(channel_id=channel_id)
+    payload = {}
+    if after_snowflake is not None:
+        payload = {'after': after_snowflake}
+    headers = {'Authorization': 'Bot ' + config['bot-token']}
+    r = requests.get(_endpoint, params=payload, headers=headers)
+    return json.loads(r.content)
+
+def post_create_message(channel_id, content):
+    _endpoint = _DISCORD_API_BASE + "/channels/{channel_id}/messages".format(channel_id=channel_id)
+    payload = {'content': session['username'] + ": " + content}
+    headers = {'Authorization': 'Bot ' + config['bot-token'], 'Content-Type': 'application/json'}
+    r = requests.post(_endpoint, headers=headers, data=json.dumps(payload))
+    return json.loads(r.content)
+
+@valid_session_required(api=True)
+@api.route("/fetch", methods=["GET"])
+def fetch():
+    channel_id = request.args.get('channel_id')
+    after_snowflake = request.args.get('after', None, type=int)
+    if user_unauthenticated():
+        key = session['user_keys'][channel_id]
+    else:
+        key = None
+    status = update_user_status(channel_id, session['username'], key)
+    print status['revoked']
+    if status['banned'] or status['revoked']:
+        messages = {}
+    else:
+        messages = get_channel_messages(channel_id, after_snowflake)
+    return jsonify(messages=messages, status=status)
+
+@valid_session_required(api=True)
+@api.route("/post", methods=["POST"])
+def post():
+    channel_id = request.form.get('channel_id')
+    content = request.form.get('content')
+    if user_unauthenticated():
+        key = session['user_keys'][channel_id]
+    else:
+        key = None
+    status = update_user_status(channel_id, session['username'], key)
+    if status['banned'] or status['revoked']:
+        return jsonify(status=status)
+    message = post_create_message(channel_id, content)
+    return jsonify(message=message, status=status)
+
+@api.route("/create_unauthenticated_user", methods=["POST"])
+def create_unauthenticated_user():
+    session['unauthenticated'] = True
+    username = request.form['username']
+    guild_id = request.form['guild_id']
+    ip_address = get_client_ipaddr()
+    if not checkUserBanned(guild_id, ip_address):
+        session['username'] = username
+        if 'user_id' not in session:
+            session['user_id'] = random.randint(0,9999)
+        user = UnauthenticatedUsers(guild_id, username, session['user_id'], ip_address)
+        db.session.add(user)
+        db.session.commit()
+        key = user.user_key
+        if 'user_keys' not in session:
+            session['user_keys'] = {guild_id: key}
+        else:
+            session['user_keys'][guild_id] = key
+        status = update_user_status(guild_id, username, key)
+        return jsonify(status=status)
+    else:
+        status = {'banned': True}
+        return jsonify(status=status)
--- a/titanembeds/blueprints/embed/embed.py
+++ b/titanembeds/blueprints/embed/embed.py
--- a/titanembeds/database/init.py
+++ b/titanembeds/database/init.py
@ -0,0 +1,6 @@
+from flask_sqlalchemy import SQLAlchemy
+db = SQLAlchemy()
+
+from guilds import Guilds
+from unauthenticated_users import UnauthenticatedUsers
+from unauthenticated_bans import UnauthenticatedBans
--- a/titanembeds/database/authenticated_users.py
+++ b/titanembeds/database/authenticated_users.py
@ -0,0 +1,19 @@
+from titanembeds.database import db
+import datetime
+
+class AuthenticatedUsers(db.Model):
+    __tablename__ = "authenticated_users"
+    id = db.Column(db.Integer, primary_key=True)    # Auto increment id
+    guild_id = db.Column(db.String(255))            # Guild pretaining to the authenticated user
+    client_id = db.Column(db.String(255))           # Client ID of the authenticated user
+    last_timestamp = db.Column(db.TIMESTAMP)        # The timestamp of when the user has last sent the heartbeat
+
+    def __init__(self, guild_id, client_id):
+        self.guild_id = guild_id
+        self.client_id = client_id
+        self.last_timestamp = datetime.datetime.now
+
+    def bumpTimestamp(self):
+        self.last_timestamp = datetime.datetime.now
+        db.session.commit()
+        return self.last_timestamp
--- a/titanembeds/database/guilds.py
+++ b/titanembeds/database/guilds.py
@ -0,0 +1,19 @@
+from titanembeds.database import db
+
+class Guilds(db.Model):
+    __tablename__ = "guilds"
+    id = db.Column(db.Integer, primary_key=True)    # Auto incremented id
+    guild_id = db.Column(db.String(255))            # Discord guild id
+    unauth_users = db.Column(db.Boolean())          # If allowed unauth users
+
+    def __init__(self, guild_id):
+        self.guild_id = guild_id
+        self.unauth_users = true # defaults to true
+
+    def __repr__(self):
+        return '<Guilds {0} {1}>'.format(self.id, self.guild_id)
+
+    def set_unauthUsersBool(self, value):
+        self.unauth_users = value
+        db.session.commit()
+        return self.unauth_users
--- a/titanembeds/database/unauthenticated_bans.py
+++ b/titanembeds/database/unauthenticated_bans.py
@ -0,0 +1,32 @@
+from titanembeds.database import db
+import datetime
+
+class UnauthenticatedBans(db.Model):
+    __tablename__ = "unauthenticated_bans"
+    id = db.Column(db.Integer, primary_key=True)    # Auto increment id
+    guild_id = db.Column(db.String(255))            # Guild pretaining to the unauthenticated user
+    ip_address = db.Column(db.String(255))          # The IP Address of the user
+    last_username = db.Column(db.String(255))       # The username when they got banned
+    last_discriminator = db.Column(db.Integer)      # The discrim when they got banned
+    timestamp = db.Column(db.TIMESTAMP)             # The timestamp of when the user got banned
+    reason = db.Column(db.Text())                   # The reason of the ban set by the guild moderators
+    lifter_id = db.Column(db.String(255))           # Discord Client ID of the user who lifted the ban
+    placer_id = db.Column(db.String(255))           # The id of who placed the ban
+
+    def __init__(self, guild_id, ip_address, last_username, last_discriminator, reason, placer_id):
+        self.guild_id = guild_id
+        self.ip_address = ip_address
+        self.last_username = last_username
+        self.last_discriminator = last_discriminator
+        self.timestamp = datetime.datetime.now
+        self.reason = reason
+        self.lifter_id = null
+        self.placer_id = placer_id
+
+    def liftBan(self, lifter_id):
+        self.lifter_id = lifter_id
+        db.session.commit()
+        return self.lifter_id
+
+    def __repr__(self):
+        return '<UnauthenticatedBans {0} {1} {2} {3} {4} {5}'.format(self.id, self.guild_id, self.ip_address, self.last_username, self.last_discriminator, self.timestamp)
--- a/titanembeds/database/unauthenticated_users.py
+++ b/titanembeds/database/unauthenticated_users.py
@ -0,0 +1,45 @@
+from titanembeds.database import db
+import datetime
+import random
+import string
+
+class UnauthenticatedUsers(db.Model):
+    __tablename__ = "unauthenticated_users"
+    id = db.Column(db.Integer, primary_key=True)    # Auto increment id
+    guild_id = db.Column(db.String(255))            # Guild pretaining to the unauthenticated user
+    username = db.Column(db.String(255))            # The username of the user
+    discriminator = db.Column(db.Integer)           # The discriminator to distinguish unauth users with each other
+    user_key = db.Column(db.Text())                 # The secret key used to identify the user holder
+    ip_address = db.Column(db.String(255))          # The IP Address of the user
+    last_timestamp = db.Column(db.TIMESTAMP)        # The timestamp of when the user has last sent the heartbeat
+    revoked = db.Column(db.Boolean())               # If the user's key has been revoked and a new one is required to be generated
+
+    def __init__(self, guild_id, username, discriminator, ip_address):
+        self.guild_id = guild_id
+        self.username = username
+        self.discriminator = discriminator
+        self.user_key = "".join(random.choice(string.ascii_letters) for _ in range(0, 32))
+        self.ip_address = ip_address
+        self.last_timestamp = datetime.datetime.now
+        self.revoked = False
+
+    def __repr__(self):
+        return '<UnauthenticatedUsers {0} {1} {2} {3} {4} {5} {6} {7}>'.format(self.id, self.guild_id, self.username, self.discriminator, self.user_key, self.ip_address, self.last_timestamp, self.revoked)
+
+    def isRevoked(self):
+        return self.revoked
+
+    def changeUsername(self, username):
+        self.username = username
+        db.session.commit()
+        return self.username
+
+    def revokeUser(self):
+        self.revoked = True
+        db.session.commit()
+        return self.revoked
+
+    def bumpTimestamp(self):
+        self.last_timestamp = datetime.datetime.now
+        db.session.commit()
+        return self.last_timestamp
--- a/titanembeds/decorators.py
+++ b/titanembeds/decorators.py
@ -0,0 +1,17 @@
+from functools import wraps
+from flask import url_for, redirect, session, jsonify
+
+def valid_session_required(api=False):
+    def decorator(f):
+        @wraps(f)
+        def decorated_function(*args, **kwargs):
+            if 'unauthenticated' not in session or 'user_id' not in session or 'username' not in session:
+                session.clear()
+                if api:
+                    return jsonify(error=True, message="Unauthenticated session"), 403
+                redirect(url_for('index'))
+            if session['unauthenticated'] and 'user_keys' not in session:
+                session['user_keys'] = {}
+            return f(*args, **kwargs)
+        return decorated_function
+    return decorator
--- a/titanembeds/templates/embed.html
+++ b/titanembeds/templates/embed.html
@ -0,0 +1,78 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+    <script>
+        function escapeHTML(unsafe) {
+            return unsafe
+                 .replace(/&/g, "&amp;")
+                 .replace(/</g, "&lt;")
+                 .replace(/>/g, "&gt;")
+                 .replace(/"/g, "&quot;")
+                 .replace(/'/g, "&#039;");
+         }
+      var lastSnowflake = undefined
+      function updateMessages(channelid, aftersnowflake=null) {
+        setTimeout(function() {
+            $.ajax({
+                url: "/api/Get_Channel_Messages",
+                data: {
+                    channel_id: channelid,
+                    after: aftersnowflake
+                },
+                dataType: "json",
+                success: function(data, status){
+                    data = data['j']
+                    for (i = data.length-1; i >= 0; i--) {
+                        item = data[i]
+                        $("#messagesview").append("<p>"+item['id'] + " " + item['timestamp'] + " " + item['author']['username'] + " " + escapeHTML(item['content']) + "</p>")
+                        lastSnowflake = item['id']
+                         
+                        if($("#messagesview").scrollTop() + $("#messagesview").innerHeight() >= $("#messagesview")[0].scrollHeight - 160) {
+                            $('#messagesview').scrollTop($('#messagesview').prop("scrollHeight"));
+                        }
+                    } 
+                },
+                complete: function() {
+                    updateMessages("140252024666062848", lastSnowflake)
+                }
+            });
+        }, 5000);
+      }
+      updateMessages("140252024666062848")
+    </script>
+  </head>
+  <body>
+    <div style="height: 95vh; overflow-y: auto;" id="messagesview"></div>
+
+    <div style="height: 5vh;">
+      <input type="text" id="messagebox" style="height:100%; width:100%; font-size:15px;">
+    </div>
+    
+    <script>
+        var channelid = "140252024666062848"
+        $('#messagebox').bind("enterKey",function(e){
+           var content = $('#messagebox').val();
+           $('#messagebox').val('')
+           $.ajax({
+                url: "/api/Create_Message",
+                method: "post",
+                data: {
+                    channel_id: channelid,
+                    content: content
+                },
+                dataType: "json"
+           })
+        });
+        $('#messagebox').keyup(function(e){
+            if(e.keyCode == 13)
+            {
+                var content = $('#messagebox').val();
+                if (/\S/.test(content)) {
+                    $(this).trigger("enterKey");
+                }
+            }
+        });
+    </script>
+  </body>
+</html>
--- a/titanembeds/templates/set_username.html
+++ b/titanembeds/templates/set_username.html
@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+    <head>
+        <script src="https://cdnjs.cloudflare.com/ajax/libs/jquery/3.1.1/jquery.min.js"></script>
+    </head>
+    <body>
+        <form method="post">
+            <h1>Set username:<h1>
+            <input type="text" name="username" id="username" required>
+        </form>
+        <script>
+            $("input").keypress(function(event) {
+                var content = $('#username').val();
+                if (event.which == 13 && /\S/.test(content)) {
+                    event.preventDefault();
+                    $("form").submit();
+                }
+            });
+        </script>
+    <body>
+</html>