blob: 7ce79d79bca6129f68da9615a928f055d0592478 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
from flask import request, abort
from auth.models import Token
from functools import wraps
def check_token(f):
@wraps(f)
def inner(*args, **kwargs):
userid = request.url.split("/")[-1]
headers = request.headers
if not headers.get("Authorization"):
abort(403)
auth = request.headers.get("Authorization")
token = Token.query.filter_by(string=auth).first()
if not token:
abort(403)
if userid.isdigit():
if int(userid) != token.user.userId and not token.user.is_admin:
abort(403)
return f(*args, **kwargs)
return inner
def admin_required(f):
@wraps(f)
def inner(*args, **kwargs):
header = request.headers
auth = request.headers.get("Authorization")
token = Token.query.filter_by(string=auth).first()
if not token.user.is_admin:
abort(403)
return f(*args, **kwargs)
return inner
|