Add option to make http functions private (Require authentication, currently just redirects to login page; Should look into cookie + JWT + api key)
This commit is contained in:
Peter Stockings
20
app.py
20
app.py
@@ -106,7 +106,7 @@ def dashboard_http_functions():
|
||||
@ app.route("/dashboard/http_functions/add_form", methods=["GET"])
|
||||
@login_required
|
||||
def get_http_function_add_form():
|
||||
return render_template("dashboard/http_functions/new.html", name=DEFAULT_FUNCTION_NAME, script=DEFAULT_SCRIPT, environment_info=DEFAULT_ENVIRONMENT)
|
||||
return render_template("dashboard/http_functions/new.html", name=DEFAULT_FUNCTION_NAME, script=DEFAULT_SCRIPT, environment_info=DEFAULT_ENVIRONMENT, is_public=False)
|
||||
|
||||
@ app.route("/dashboard/http_functions/create", methods=["POST"])
|
||||
@login_required
|
||||
@@ -116,8 +116,9 @@ def create_http_function():
|
||||
name = request.json.get('name')
|
||||
script_content = request.json.get('script_content')
|
||||
environment_info = json.dumps(eval(request.json.get('environment_info')))
|
||||
is_public = request.json.get('is_public')
|
||||
|
||||
db.create_new_http_function(user_id, name, script_content, environment_info)
|
||||
db.create_new_http_function(user_id, name, script_content, environment_info, is_public)
|
||||
|
||||
http_functions = db.get_http_functions_for_user(user_id)
|
||||
http_functions = create_http_functions_view_model(http_functions)
|
||||
@@ -136,7 +137,8 @@ def get_http_function_edit_form():
|
||||
return jsonify({'error': 'Function not found'}), 404
|
||||
script = http_function['script_content']
|
||||
environment_info = json.dumps(http_function['environment_info'], indent=2)
|
||||
return render_template("dashboard/http_functions/edit.html", user_id=user_id, name=name, script=script, environment_info=environment_info)
|
||||
is_public = http_function['is_public']
|
||||
return render_template("dashboard/http_functions/edit.html", user_id=user_id, name=name, script=script, environment_info=environment_info, is_public=is_public)
|
||||
|
||||
@ app.route("/dashboard/http_functions/edit", methods=["POST"])
|
||||
@login_required
|
||||
@@ -146,8 +148,9 @@ def edit_http_function():
|
||||
name = request.json.get('name')
|
||||
script_content = request.json.get('script_content')
|
||||
environment_info = json.dumps(eval(request.json.get('environment_info')))
|
||||
is_public = request.json.get('is_public')
|
||||
|
||||
db.edit_http_function(user_id, name, script_content, environment_info)
|
||||
db.edit_http_function(user_id, name, script_content, environment_info, is_public)
|
||||
return { "status": "success", "message": f'{name} updated' }
|
||||
except Exception as e:
|
||||
print(e)
|
||||
@@ -227,6 +230,15 @@ def execute_http_function(user_id, function):
|
||||
|
||||
code = http_function['script_content']
|
||||
environment = http_function['environment_info']
|
||||
is_public = http_function['is_public']
|
||||
|
||||
# Check if the function is public, if not check if the user is authenticated and owns the function
|
||||
if not is_public:
|
||||
if not current_user.is_authenticated:
|
||||
return login_manager.unauthorized()
|
||||
|
||||
if int(current_user.id) != user_id:
|
||||
return jsonify({'error': 'Function belongs to another user', 'current_user_id': current_user.id, 'user_id': user_id}), 404
|
||||
|
||||
request_data = {
|
||||
'method': request.method,
|
||||
|
||||
Reference in New Issue
Block a user