Merge pull request 'fix!: remove /api/post' (#6) from TestingPlant/burgercat:remove-api-post into main

Reviewed-on: https://codeberg.org/burger-software/burgercat/pulls/6
2023-07-12 14:41:48 +00:00 · 2023-07-12 14:41:48 +00:00 · 70aedb393d
parent d0cacd49ca a041e6a21f
commit 70aedb393d
2 changed files with 3 additions and 55 deletions
--- a/54
+++ b/54
@ -394,58 +394,6 @@ def apilogin():
            "error": "https://http.cat/images/400.jpg"
        }, 400

-@app.route("/api/post", methods=("GET", "POST"))
-def apipost():
-    usersession = request.cookies.get("session_DO_NOT_SHARE")
-    if usersession:
-        if request.method == "POST":
-
-            data = request.get_json()
-            title = data["id"]
-
-            if title == "":
-                return {
-                    "error": "no title"
-                }, 403
-
-            if "file" not in request.files:
-                return {
-                    "error": "no file"
-                }, 403
-
-            file = request.files["file"]
-            if file.filename == "":
-                return {
-                    "error": "no file"
-                }, 403
-
-            if not allowed_file(file.filename):
-                return {
-                    "error": "invalid file format"
-                }, 403
-            
-            filename = secure_filename(file.filename)
-            finalfilename = secrets.token_hex(64) + filename
-
-            file.save(os.path.join(UPLOAD_FOLDER, finalfilename))
-            imgurl = "/cdn/" + finalfilename
-
-            userCookie = get_session(usersession)
-            user = get_user(userCookie["id"])
-
-            if not user["banned"] == "0":
-                return {
-                    "error": "banned"
-                }, 403
-
-            conn = get_db_connection()
-            conn.execute("INSERT INTO posts (textstr, imageurl, creator, created) VALUES (?, ?, ?, ?)",
-                         (title, imgurl, userCookie["id"], str(time.time())))
-            conn.commit()
-            conn.close()
-
-            return "success", 200
-
@app.route("/apidocs", methods=("GET", "POST"))
 def apidocs():
    usersession = request.cookies.get("session_DO_NOT_SHARE")
@ -750,4 +698,4 @@ if __name__ == "__main__":
        sock.bind(('', int(PORT)))
        serve(app, sockets=[sock])

-    print("[INFO] Server stopped")
+    print("[INFO] Server stopped")
--- a/templates/apidocs.html
+++ b/templates/apidocs.html
@ -35,7 +35,7 @@
    for API things that require authentication, you will need to set the <code>session_DO_NOT_SHARE</code> cookie. the key might expire after 180 days.<br><br>
    
    GET <code>/api/frontpage</code> - returns frontpage<br><br>
-    POST <code>/api/post</code> - post ctas - authentication required<br>
+    POST <code>/post</code> - post ctas - authentication required<br>
    <code>title</code>, being the title of the post and <code>file</code>, being an image file.<br>
    Supported file extensions: "png", "apng", "jpg", "jpeg", "gif", "svg", "webp"<br><br>
    POST <code>/api/comment</code> - comment on posts - authentication required<br>
@ -50,4 +50,4 @@
    </div>
 </body>

-</html>
+</html>