mirror of
https://github.com/TitanEmbeds/Titan.git
synced 2024-12-25 06:27:03 +01:00
Fix cookie localhost and everyone permission calculation
This commit is contained in:
parent
a3b9e0ff33
commit
70b54a299b
@ -38,7 +38,8 @@ app.config['RATELIMIT_STORAGE_URL'] = config["redis-uri"]
|
||||
app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=3)
|
||||
app.config['REDIS_URL'] = config["redis-uri"]
|
||||
app.config['MAX_CONTENT_LENGTH'] = 4 * 1024 * 1024 # Limit upload size to 4mb
|
||||
app.config['SESSION_COOKIE_SAMESITE'] = "None"
|
||||
if not config.get("disable-samesite-cookie-flag", False):
|
||||
app.config['SESSION_COOKIE_SAMESITE'] = "None"
|
||||
app.secret_key = config['app-secret']
|
||||
|
||||
#sentry.init_app(app)
|
||||
|
@ -118,7 +118,10 @@ def noscript():
|
||||
def cookietest1():
|
||||
js = "window._3rd_party_test_step1_loaded();"
|
||||
response = make_response(js, 200, {'Content-Type': 'application/javascript'})
|
||||
if not config.get("disable-samesite-cookie-flag", False):
|
||||
response.set_cookie('third_party_c_t', "works", max_age=30, samesite='None')
|
||||
else:
|
||||
response.set_cookie('third_party_c_t', "works", max_age=30)
|
||||
return response
|
||||
|
||||
@embed.route("/cookietest2")
|
||||
@ -130,5 +133,8 @@ def cookietest2():
|
||||
js = js + "false"
|
||||
js = js + ");"
|
||||
response = make_response(js, 200, {'Content-Type': 'application/javascript'})
|
||||
if not config.get("disable-samesite-cookie-flag", False):
|
||||
response.set_cookie('third_party_c_t', "", expires=0, samesite='None')
|
||||
else:
|
||||
response.set_cookie('third_party_c_t', "", expires=0)
|
||||
return response
|
||||
|
@ -259,8 +259,8 @@ def get_channel_permission(channel, guild_id, guild_owner, guild_roles, member_r
|
||||
# @everyone
|
||||
for role in guild_roles:
|
||||
if role["id"] == guild_id:
|
||||
channel_perm |= role["permissions"]
|
||||
continue
|
||||
channel_perm = role["permissions"]
|
||||
break
|
||||
|
||||
# User Guild Roles
|
||||
for m_role in member_roles:
|
||||
@ -278,11 +278,24 @@ def get_channel_permission(channel, guild_id, guild_owner, guild_roles, member_r
|
||||
result["embed_links"] = True
|
||||
return result
|
||||
|
||||
# Apply @everyone allow/deny first since it's special
|
||||
try:
|
||||
maybe_everyone = channel["permission_overwrites"][0]
|
||||
if maybe_everyone["id"] == guild_id:
|
||||
allows = maybe_everyone["allow"]
|
||||
denies = maybe_everyone["deny"]
|
||||
channel_perm = (channel_perm & ~denies) | allows
|
||||
remaining_overwrites = channel["permission_overwrites"][1:]
|
||||
else:
|
||||
remaining_overwrites = channel["permission_overwrites"]
|
||||
except IndexError:
|
||||
remaining_overwrites = channel["permission_overwrites"]
|
||||
|
||||
denies = 0
|
||||
allows = 0
|
||||
|
||||
# channel specific
|
||||
for overwrite in channel["permission_overwrites"]:
|
||||
for overwrite in remaining_overwrites:
|
||||
if overwrite["type"] == "role" and overwrite["id"] in member_roles:
|
||||
denies |= overwrite["deny"]
|
||||
allows |= overwrite["allow"]
|
||||
@ -290,7 +303,7 @@ def get_channel_permission(channel, guild_id, guild_owner, guild_roles, member_r
|
||||
channel_perm = (channel_perm & ~denies) | allows
|
||||
|
||||
# member specific
|
||||
for overwrite in channel["permission_overwrites"]:
|
||||
for overwrite in remaining_overwrites:
|
||||
if overwrite["type"] == "member" and overwrite["id"] == str(session.get("user_id")):
|
||||
channel_perm = (channel_perm & ~overwrite['deny']) | overwrite['allow']
|
||||
break
|
||||
|
Loading…
Reference in New Issue
Block a user