Merge pull request 'fix!: remove /api/post' (#6) from TestingPlant/burgercat:remove-api-post into main

Reviewed-on: https://codeberg.org/burger-software/burgercat/pulls/6
This commit is contained in:
maaa 2023-07-12 14:41:48 +00:00
commit 70aedb393d
2 changed files with 3 additions and 55 deletions

52
main
View File

@ -394,58 +394,6 @@ def apilogin():
"error": "https://http.cat/images/400.jpg" "error": "https://http.cat/images/400.jpg"
}, 400 }, 400
@app.route("/api/post", methods=("GET", "POST"))
def apipost():
usersession = request.cookies.get("session_DO_NOT_SHARE")
if usersession:
if request.method == "POST":
data = request.get_json()
title = data["id"]
if title == "":
return {
"error": "no title"
}, 403
if "file" not in request.files:
return {
"error": "no file"
}, 403
file = request.files["file"]
if file.filename == "":
return {
"error": "no file"
}, 403
if not allowed_file(file.filename):
return {
"error": "invalid file format"
}, 403
filename = secure_filename(file.filename)
finalfilename = secrets.token_hex(64) + filename
file.save(os.path.join(UPLOAD_FOLDER, finalfilename))
imgurl = "/cdn/" + finalfilename
userCookie = get_session(usersession)
user = get_user(userCookie["id"])
if not user["banned"] == "0":
return {
"error": "banned"
}, 403
conn = get_db_connection()
conn.execute("INSERT INTO posts (textstr, imageurl, creator, created) VALUES (?, ?, ?, ?)",
(title, imgurl, userCookie["id"], str(time.time())))
conn.commit()
conn.close()
return "success", 200
@app.route("/apidocs", methods=("GET", "POST")) @app.route("/apidocs", methods=("GET", "POST"))
def apidocs(): def apidocs():
usersession = request.cookies.get("session_DO_NOT_SHARE") usersession = request.cookies.get("session_DO_NOT_SHARE")

View File

@ -35,7 +35,7 @@
for API things that require authentication, you will need to set the <code>session_DO_NOT_SHARE</code> cookie. the key might expire after 180 days.<br><br> for API things that require authentication, you will need to set the <code>session_DO_NOT_SHARE</code> cookie. the key might expire after 180 days.<br><br>
GET <code>/api/frontpage</code> - returns frontpage<br><br> GET <code>/api/frontpage</code> - returns frontpage<br><br>
POST <code>/api/post</code> - post ctas - authentication required<br> POST <code>/post</code> - post ctas - authentication required<br>
<code>title</code>, being the title of the post and <code>file</code>, being an image file.<br> <code>title</code>, being the title of the post and <code>file</code>, being an image file.<br>
Supported file extensions: "png", "apng", "jpg", "jpeg", "gif", "svg", "webp"<br><br> Supported file extensions: "png", "apng", "jpg", "jpeg", "gif", "svg", "webp"<br><br>
POST <code>/api/comment</code> - comment on posts - authentication required<br> POST <code>/api/comment</code> - comment on posts - authentication required<br>