コミット
6ef3a77465
|
@ -2,6 +2,8 @@
|
||||||
# SPDX-License-Identifier: AGPL-3.0-or-later
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
||||||
|
|
||||||
import hashlib
|
import hashlib
|
||||||
|
import re
|
||||||
|
import string
|
||||||
import time
|
import time
|
||||||
from functools import wraps
|
from functools import wraps
|
||||||
|
|
||||||
|
@ -19,6 +21,15 @@ USERS_BY_TOKEN = current_app.users_by_token
|
||||||
USERS = current_app.users
|
USERS = current_app.users
|
||||||
USERS_UPDATE_BUFFER = current_app.users_update_buffer
|
USERS_UPDATE_BUFFER = current_app.users_update_buffer
|
||||||
|
|
||||||
|
TOKEN_ALPHABET = (
|
||||||
|
string.digits
|
||||||
|
+ string.ascii_lowercase
|
||||||
|
+ string.ascii_uppercase
|
||||||
|
+ string.punctuation
|
||||||
|
+ ' '
|
||||||
|
)
|
||||||
|
RE_TOKEN = re.compile(r'[%s]{1,256}' % re.escape(TOKEN_ALPHABET))
|
||||||
|
|
||||||
def check_auth(context):
|
def check_auth(context):
|
||||||
auth = context.authorization
|
auth = context.authorization
|
||||||
return (
|
return (
|
||||||
|
@ -69,6 +80,10 @@ def with_user_from(context):
|
||||||
or generate_token()
|
or generate_token()
|
||||||
)
|
)
|
||||||
|
|
||||||
|
# Reject invalid tokens
|
||||||
|
if not RE_TOKEN.fullmatch(token):
|
||||||
|
raise abort(400)
|
||||||
|
|
||||||
# Update / create user
|
# Update / create user
|
||||||
user = USERS_BY_TOKEN.get(token)
|
user = USERS_BY_TOKEN.get(token)
|
||||||
if user is not None:
|
if user is not None:
|
||||||
|
|
読み込み中…
新しいイシューから参照