From 9951ed3faef8b6baa4affecabd4c617217343e7d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lera=20Elvo=C3=A9?= Date: Wed, 3 Dec 2025 08:08:05 +0300 Subject: [PATCH] add a @redirect_to_own decorator in users app --- app/routes/users.py | 49 +++++++++++++++++++++++++-------------------- 1 file changed, 27 insertions(+), 22 deletions(-) diff --git a/app/routes/users.py b/app/routes/users.py index 0daa70e..2290b67 100644 --- a/app/routes/users.py +++ b/app/routes/users.py @@ -68,6 +68,7 @@ def create_session(user_id): "expires_at": int(time.time()) + 31 * 24 * 60 * 60, }) + def extend_session(user_id): session_obj = Sessions.find({'key': session['pyrom_session_key']}) if not session_obj: @@ -121,6 +122,19 @@ def redirect_if_logged_in(*args, **kwargs): return decorator +def redirect_to_own(view_func): + @wraps(view_func) + def wrapper(username, *args, **kwargs): + user = get_active_user() + if username.lower() != user.username: + view_args = dict(request.view_args) + view_args.pop('username', None) + new_args = {**view_args, 'username': user.username} + return redirect(url_for(request.endpoint, **new_args)) + return view_func(username, *args, **kwargs) + return wrapper + + def login_required(view_func): @wraps(view_func) def wrapper(*args, **kwargs): @@ -302,16 +316,14 @@ def page(username): @bp.get("//settings") @login_required +@redirect_to_own def settings(username): - target_user = Users.find({'username': username.lower()}) - if target_user.id != get_active_user().id: - return redirect('.settings', username = get_active_user().username) - return render_template('users/settings.html') @bp.post('//settings') @login_required +@redirect_to_own def settings_form(username): # we silently ignore the passed username # and grab the correct user from the session @@ -367,6 +379,7 @@ def settings_form(username): @bp.post('//set_avatar') @login_required +@redirect_to_own def set_avatar(username): user = get_active_user() if user.is_guest(): @@ -410,6 +423,7 @@ def set_avatar(username): @bp.post('//change_password') @login_required +@redirect_to_own def change_password(username): user = get_active_user() password = request.form.get('new_password') @@ -432,6 +446,7 @@ def change_password(username): @bp.post('//clear_avatar') @login_required +@redirect_to_own def clear_avatar(username): user = get_active_user() if user.is_default_avatar(): @@ -524,11 +539,9 @@ def guest_user(user_id): @bp.get("//inbox") @login_required +@redirect_to_own def inbox(username): user = get_active_user() - if username.lower() != user.username: - return redirect(url_for(".inbox", username = user.username)) - new_posts = [] subscription = Subscriptions.find({"user_id": user.id}) all_subscriptions = None @@ -666,6 +679,7 @@ def reset_link_login_form(key): @bp.get('//invite-links/') @login_required +@redirect_to_own def invite_links(username): target_user = Users.find({ 'username': username.lower() @@ -673,9 +687,6 @@ def invite_links(username): if not target_user or not target_user.can_invite(): return redirect(url_for('.page', username=username)) - if target_user.username != get_active_user().username: - return redirect(url_for('.invite_links', username=target_user.username)) - invites = InviteKeys.findall({ 'created_by': target_user.id }) @@ -685,6 +696,7 @@ def invite_links(username): @bp.post('//invite-links/create') @login_required +@redirect_to_own def create_invite_link(username): target_user = Users.find({ 'username': username.lower() @@ -692,9 +704,6 @@ def create_invite_link(username): if not target_user or not target_user.can_invite(): return redirect(url_for('.page', username=username.lower())) - if target_user.username != get_active_user().username: - return redirect(url_for('.invite_links', username=target_user.username)) - invite = InviteKeys.create({ 'created_by': target_user.id, 'key': secrets.token_urlsafe(20), @@ -705,6 +714,7 @@ def create_invite_link(username): @bp.post('//invite-links/revoke') @login_required +@redirect_to_own def revoke_invite_link(username): target_user = Users.find({ 'username': username.lower() @@ -712,9 +722,6 @@ def revoke_invite_link(username): if not target_user or not target_user.can_invite(): return redirect(url_for('.page', username=username.lower())) - if target_user.username != get_active_user().username: - return redirect(url_for('.invite_links', username=target_user.username)) - invite = InviteKeys.find({ 'key': request.form.get('key'), }) @@ -732,10 +739,9 @@ def revoke_invite_link(username): @bp.get('//bookmarks') @login_required +@redirect_to_own def bookmarks(username): - target_user = Users.find({'username': username.lower()}) - if not target_user or target_user.username != get_active_user().username: - return redirect(url_for('.bookmarks', username=get_active_user().username)) + target_user = get_active_user() collections = target_user.get_bookmark_collections() @@ -744,10 +750,9 @@ def bookmarks(username): @bp.get('//bookmarks/collections') @login_required +@redirect_to_own def bookmark_collections(username): - target_user = Users.find({'username': username.lower()}) - if not target_user or target_user.username != get_active_user().username: - return redirect(url_for('.bookmark_collections', username=get_active_user().username)) + target_user = get_active_user() collections = target_user.get_bookmark_collections() return render_template('users/bookmark_collections.html', collections=collections)