Update validation.py

This commit is contained in:
Dita Aji Pratama 2024-08-26 19:19:33 +07:00
parent 2e44c2b0b1
commit 9ca7ba6872

View File

@ -9,11 +9,18 @@ class validation():
def __init__(self):
pass
def account(self, APIADDR, allowed_roles):
def account(self, APIADDR, allowed_roles, jwt=None):
response = {}
loggorilla.prcss(APIADDR, "Define parameters")
loggorilla.prcss(APIADDR, "Get jwt")
if jwt is None:
loggorilla.fyinf(APIADDR, "jwt params is empty: Use beaker session")
for_api = False
beaker_session = request.environ.get('beaker.session')
jwt = beaker_session["token"] if "token" in beaker_session else None
else:
loggorilla.fyinf(APIADDR, "jwt params is available: Use jwt from params")
for_api = True
loggorilla.prcss(APIADDR, "Define parameters")
if jwt is None:
loggorilla.fyinf(APIADDR, "Guest")
r_session = {}
@ -23,33 +30,40 @@ class validation():
"phone" :None,
"roles" :[0]
}
session_not_found = False
else:
loggorilla.fyinf(APIADDR, "With JWT")
loggorilla.prcss(APIADDR, "Get JWT payload data")
payload = tokenguard.decode(jwt, globalvar.ssh['key']['public'])
loggorilla.prcss(APIADDR, "Get dependency data")
loggorilla.prcss(APIADDR, "Connect DB")
db_main = mariadb.connect(**database.db_main)
cursor = db_main.cursor(dictionary=True)
loggorilla.prcss(APIADDR, "Get dependency data: Session")
loggorilla.prcss(APIADDR, "Get dependency data")
cursor.execute(f"SELECT * FROM auth_session WHERE id = %s ; ", (payload["session"]["id"],) )
r_session = cursor.fetchone()
loggorilla.prcss(APIADDR, "Get dependency data: Profile")
if r_session is None:
session_not_found = True
r_session = {}
r_profile = {
"username" :None,
"email" :None,
"phone" :None,
"roles" :[0]
}
else:
session_not_found = False
cursor.execute(f"SELECT COUNT(*) AS `count`, auth_profile.* FROM auth_profile_verification LEFT JOIN auth_profile ON auth_profile.id = auth_profile_verification.auth_profile WHERE auth_profile.token = %s AND auth_profile_verification.type = 'email' AND auth_profile_verification.verified = 1 ; ", (r_session['token'],) )
r_profile = cursor.fetchone()
loggorilla.prcss(APIADDR, "Get dependency data: Roles: execute")
cursor.execute(f"SELECT auth_roles FROM auth_profile_roles WHERE auth_profile = %s ; ", (r_profile['id'],) )
loggorilla.prcss(APIADDR, "Get dependency data: Roles: fetchall")
r_roles = cursor.fetchall()
loggorilla.fyinf(APIADDR, f"r_roles: {r_roles}")
loggorilla.prcss(APIADDR, "Get dependency data: Roles: variable replace")
r_profile['roles'] = [item['auth_roles'] for item in r_roles]
loggorilla.prcss(APIADDR, "Get dependency data: Close DB")
loggorilla.prcss(APIADDR, "Close DB")
cursor.close()
db_main.close()
@ -60,11 +74,29 @@ class validation():
loggorilla.accss(APIADDR, f"Profile Username : {r_profile['username' ] if 'username' in r_profile else None}" )
loggorilla.accss(APIADDR, f"Profile Email : {r_profile['email' ] if 'email' in r_profile else None}" )
loggorilla.accss(APIADDR, f"Profile Phone : {r_profile['phone' ] if 'phone' in r_profile else None}" )
loggorilla.accss(APIADDR, f"Profile Roles : {r_profile['roles' ] if 'roles' in r_profile else None}" )
loggorilla.prcss(APIADDR, "Validation")
if 0 not in r_profile['roles'] and datetime.datetime.now() > r_session['end']:
loggorilla.accss(APIADDR, "Expired. Your session removed." )
loggorilla.prcss(APIADDR, "Deleting")
if session_not_found:
loggorilla.accss(APIADDR, "Session not found" )
loggorilla.prcss(APIADDR, "Giving response")
response["status" ] = "failed"
response["desc" ] = "Your session not found."
response["data" ] = {
"valid" :{
"status" : 0,
"desc" : "removed"
},
"session" : r_session,
"profile" : r_profile
}
if for_api is True:
abort(401, "Session not found")
else:
redirect('/logout?msg=removed')
elif 0 not in r_profile['roles'] and datetime.datetime.now() > r_session['end']:
loggorilla.accss(APIADDR, "Session expired" )
loggorilla.prcss(APIADDR, "Deleting session")
self.cursor.execute("DELETE FROM auth_session WHERE id = %s ; ", (r_session['id'],) )
loggorilla.prcss(APIADDR, "Giving response")
response["status" ] = "failed"
@ -77,6 +109,9 @@ class validation():
"session" : r_session,
"profile" : r_profile
}
if for_api is True:
abort(401, "Session expired")
else:
redirect('/logout?msg=expired')
elif 0 not in r_profile['roles'] and r_profile["count"] == 0:
loggorilla.accss(APIADDR, "No active account for this" )