Ensure you can only view/edit http functions created by the currently logged in user
This commit is contained in:
Peter Stockings
44
app.py
44
app.py
@@ -7,7 +7,7 @@ from flask_htmx import HTMX
|
||||
import requests
|
||||
from db import DataBase
|
||||
from services import create_http_function_view_model, create_http_functions_view_model
|
||||
from flask_login import LoginManager, UserMixin, login_required, login_user
|
||||
from flask_login import LoginManager, UserMixin, current_user, login_required, login_user
|
||||
from werkzeug.security import check_password_hash, generate_password_hash
|
||||
|
||||
login_manager = LoginManager()
|
||||
@@ -77,9 +77,10 @@ def map_isolator_response_to_flask_response(response):
|
||||
def home():
|
||||
return render_template("home.html", name='Try me', script=DEFAULT_SCRIPT, environment_info=DEFAULT_ENVIRONMENT)
|
||||
|
||||
@ app.route("/client/<function>", methods=["GET"])
|
||||
def client(function):
|
||||
http_function = db.get_http_function(function)
|
||||
@ app.route("/client/<int:user_id>/<function>", methods=["GET"])
|
||||
@login_required
|
||||
def client(user_id, function):
|
||||
http_function = db.get_http_function(user_id, function)
|
||||
if not http_function:
|
||||
return jsonify({'error': 'Function not found'}), 404
|
||||
|
||||
@@ -89,14 +90,16 @@ def client(function):
|
||||
@ app.route("/dashboard", methods=["GET"])
|
||||
@login_required
|
||||
def dashboard():
|
||||
http_functions = db.get_http_functions()
|
||||
user_id = current_user.id
|
||||
http_functions = db.get_http_functions_for_user(user_id)
|
||||
http_functions = create_http_functions_view_model(http_functions)
|
||||
return render_template("dashboard.html", http_functions=http_functions)
|
||||
|
||||
@ app.route("/dashboard/http_functions", methods=["GET"])
|
||||
@login_required
|
||||
def dashboard_http_functions():
|
||||
http_functions = db.get_http_functions()
|
||||
user_id = current_user.id
|
||||
http_functions = db.get_http_functions_for_user(user_id)
|
||||
http_functions = create_http_functions_view_model(http_functions)
|
||||
return render_template("dashboard/http_functions.html", http_functions=http_functions)
|
||||
|
||||
@@ -109,13 +112,14 @@ def get_http_function_add_form():
|
||||
@login_required
|
||||
def create_http_function():
|
||||
try:
|
||||
user_id = current_user.id
|
||||
name = request.json.get('name')
|
||||
script_content = request.json.get('script_content')
|
||||
environment_info = json.dumps(eval(request.json.get('environment_info')))
|
||||
|
||||
db.create_new_http_function(name, script_content, environment_info)
|
||||
db.create_new_http_function(user_id, name, script_content, environment_info)
|
||||
|
||||
http_functions = db.get_http_functions()
|
||||
http_functions = db.get_http_functions_for_user(user_id)
|
||||
http_functions = create_http_functions_view_model(http_functions)
|
||||
return render_template("dashboard/http_functions.html", http_functions=http_functions)
|
||||
except Exception as e:
|
||||
@@ -125,23 +129,25 @@ def create_http_function():
|
||||
@ app.route("/dashboard/http_functions/edit_form", methods=["GET"])
|
||||
@login_required
|
||||
def get_http_function_edit_form():
|
||||
user_id = current_user.id
|
||||
name = request.args.get('name')
|
||||
http_function = db.get_http_function(name)
|
||||
http_function = db.get_http_function(user_id, name)
|
||||
if not http_function:
|
||||
return jsonify({'error': 'Function not found'}), 404
|
||||
script = http_function['script_content']
|
||||
environment_info = json.dumps(http_function['environment_info'], indent=2)
|
||||
return render_template("dashboard/http_functions/edit.html", name=name, script=script, environment_info=environment_info)
|
||||
return render_template("dashboard/http_functions/edit.html", user_id=user_id, name=name, script=script, environment_info=environment_info)
|
||||
|
||||
@ app.route("/dashboard/http_functions/edit", methods=["POST"])
|
||||
@login_required
|
||||
def edit_http_function():
|
||||
try:
|
||||
user_id = current_user.id
|
||||
name = request.json.get('name')
|
||||
script_content = request.json.get('script_content')
|
||||
environment_info = json.dumps(eval(request.json.get('environment_info')))
|
||||
|
||||
db.edit_http_function(name, script_content, environment_info)
|
||||
db.edit_http_function(user_id, name, script_content, environment_info)
|
||||
return { "status": "success", "message": f'{name} updated' }
|
||||
except Exception as e:
|
||||
print(e)
|
||||
@@ -154,7 +160,8 @@ def delete_http_function():
|
||||
name = request.args.get('name')
|
||||
db.delete_http_function(name)
|
||||
|
||||
http_functions = db.get_http_functions()
|
||||
user_id = current_user.id
|
||||
http_functions = db.get_http_functions_for_user(user_id)
|
||||
http_functions = create_http_functions_view_model(http_functions)
|
||||
return render_template("dashboard/http_functions.html", http_functions=http_functions)
|
||||
except Exception as e:
|
||||
@@ -163,14 +170,15 @@ def delete_http_function():
|
||||
@ app.route("/dashboard/http_functions/logs", methods=["GET"])
|
||||
@login_required
|
||||
def get_http_function_logs():
|
||||
user_id = current_user.id
|
||||
name = request.args.get('name')
|
||||
http_function = db.get_http_function(name)
|
||||
http_function = db.get_http_function(user_id, name)
|
||||
if not http_function:
|
||||
return jsonify({'error': 'Function not found'}), 404
|
||||
|
||||
http_function_id = http_function['id']
|
||||
http_function_invocations = db.get_http_function_invocations(http_function_id)
|
||||
return render_template("dashboard/http_functions/logs.html", name=name, http_function_invocations=http_function_invocations)
|
||||
return render_template("dashboard/http_functions/logs.html", user_id=user_id, name=name, http_function_invocations=http_function_invocations)
|
||||
|
||||
|
||||
@ app.route("/dashboard/timer_functions", methods=["GET"])
|
||||
@@ -210,10 +218,10 @@ def execute_code():
|
||||
except Exception as e:
|
||||
return jsonify({'error': str(e)}), 500
|
||||
|
||||
@app.route('/f/<function>', methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS', 'HEAD'])
|
||||
def execute_http_function(function):
|
||||
@app.route('/f/<int:user_id>/<function>', methods=['GET', 'POST', 'PUT', 'DELETE', 'PATCH', 'OPTIONS', 'HEAD'])
|
||||
def execute_http_function(user_id, function):
|
||||
try:
|
||||
http_function = db.get_http_function(function)
|
||||
http_function = db.get_http_function(user_id, function)
|
||||
if not http_function:
|
||||
return jsonify({'error': 'Function not found'}), 404
|
||||
|
||||
@@ -247,7 +255,7 @@ def execute_http_function(function):
|
||||
response = requests.post(API_URL, json={'code': code, 'request': request_data, 'environment': environment})
|
||||
response_data = response.json()
|
||||
|
||||
db.update_http_function_environment_info_and_invoked_count(function, response_data['environment'])
|
||||
db.update_http_function_environment_info_and_invoked_count(user_id, function, response_data['environment'])
|
||||
db.add_http_function_invocation(http_function['id'], response_data['status'], request_data, response_data['result'], response_data['logs'])
|
||||
|
||||
# Map the Node.js response to Flask response
|
||||
|
||||
Reference in New Issue
Block a user