コミット
2a67bee82c
|
@ -23,7 +23,12 @@ CAPTCHA_SIGNER = current_app.captcha_signer
|
|||
STATIC_DIRECTORY = current_app.root_path / 'static'
|
||||
|
||||
@current_app.route('/')
|
||||
@with_user_from(request, fallback_to_token=True, ignore_allowedness=True)
|
||||
@with_user_from(
|
||||
request,
|
||||
fallback_to_token=True,
|
||||
ignore_allowedness=True,
|
||||
redundant_token_redirect=True,
|
||||
)
|
||||
async def home(timestamp, user_or_token):
|
||||
match user_or_token:
|
||||
case str() | None as token:
|
||||
|
|
|
@ -8,7 +8,7 @@ import string
|
|||
from functools import wraps
|
||||
from urllib.parse import quote, unquote
|
||||
|
||||
from quart import current_app, request, make_response, render_template, request, url_for, Markup
|
||||
from quart import current_app, request, make_response, render_template, redirect, url_for, Markup
|
||||
from werkzeug.exceptions import BadRequest, Unauthorized, Forbidden
|
||||
from werkzeug.security import check_password_hash
|
||||
|
||||
|
@ -87,7 +87,12 @@ def generate_and_add_user(
|
|||
USERS_UPDATE_BUFFER.add(token)
|
||||
return user
|
||||
|
||||
def with_user_from(context, fallback_to_token=False, ignore_allowedness=False):
|
||||
def with_user_from(
|
||||
context,
|
||||
fallback_to_token=False,
|
||||
ignore_allowedness=False,
|
||||
redundant_token_redirect=False,
|
||||
):
|
||||
def with_user_from_context(f):
|
||||
@wraps(f)
|
||||
async def wrapper(*args, **kwargs):
|
||||
|
@ -129,6 +134,18 @@ def with_user_from(context, fallback_to_token=False, ignore_allowedness=False):
|
|||
f"terminal when they started anonstream."
|
||||
))
|
||||
|
||||
# If token from the client's cookie is same as the token in the URL
|
||||
# query string, the client supports cookies. If we want, we can
|
||||
# redirect the client to this same URL path but with the token
|
||||
# parameter removed, since we'll pick up their token from their
|
||||
# cookie anyway.
|
||||
if (
|
||||
redundant_token_redirect
|
||||
and token_from_context is not None
|
||||
and token_from_args == token_from_cookie
|
||||
):
|
||||
return redirect(context.path, 303)
|
||||
|
||||
# Create response
|
||||
user = USERS_BY_TOKEN.get(token)
|
||||
if CONFIG['ACCESS_CAPTCHA'] and not broadcaster:
|
||||
|
|
読み込み中…
新しいイシューから参照