peterstockings/WeightTracker
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor codebase

Browse Source
This commit is contained in:
Peter Stockings
2026-02-24 21:23:14 +11:00
parent f3abb4781b
commit 56168a182b
11 changed files with 191 additions and 127 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/auth.py
View File

@@ -1,5 +1,5 @@
from functools import wraps
from flask import session, redirect, url_for, request
from flask import session, redirect, url_for, request, jsonify
from app.db import query_one
@@ -19,3 +19,19 @@ def get_current_user():
if user_id is None:
return None
return query_one("SELECT * FROM users WHERE id = %s", (user_id,))
def privacy_guard(f):
"""Decorator for API endpoints that take a user_id parameter.
If the requested user is private and is not the current session user,
returns an empty JSON response instead of the actual data.
"""
@wraps(f)
def decorated_function(user_id, *args, **kwargs):
if user_id != session.get("user_id"):
target = query_one("SELECT is_private FROM users WHERE id = %s", (user_id,))
if target and target["is_private"]:
return jsonify({})
return f(user_id, *args, **kwargs)
return decorated_function