yagich/pyrom
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: yagich:fc55aaf87aede650cf9a63759519bad2ad898fca
Branches Tags
yagich:main
...
compare: yagich:main
Branches Tags
yagich:main

2 Commits
fc55aaf87a ... main

Author SHA1 Message Date
Lera Elvoé
40219f2b54 clean stale sessions 2025-12-20 20:11:44 +03:00
Lera Elvoé
4a45b62521 prevent admin from deleting their account 2025-12-20 19:05:01 +03:00
2 changed files with 30 additions and 2 deletions
Expand all files Collapse all files

14
app/__init__.py
View File

@@ -1,6 +1,6 @@
from flask import Flask, session, request, render_template from flask import Flask, session, request, render_template
from dotenv import load_dotenv from dotenv import load_dotenv
from .models import Avatars, Users, PostHistory, Posts, MOTD, BadgeUploads from .models import Avatars, Users, PostHistory, Posts, MOTD, BadgeUploads, Sessions
from .auth import digest from .auth import digest
from .routes.users import is_logged_in, get_active_user, get_prefers_theme from .routes.users import is_logged_in, get_active_user, get_prefers_theme
from .constants import ( from .constants import (
@@ -138,6 +138,16 @@ def bind_default_badges(path):
'uploaded_at': int(os.path.getmtime(real_path)), 'uploaded_at': int(os.path.getmtime(real_path)),
}) })
def clear_stale_sessions():
from .db import db
with db.transaction():
now = int(time.time())
stale_sessions = Sessions.findall([
('expires_at', '<', now)
])
for sess in stale_sessions:
sess.delete()
cache = Cache() cache = Cache()
@@ -226,6 +236,8 @@ def create_app():
create_admin() create_admin()
create_deleted_user() create_deleted_user()
clear_stale_sessions()
reparse_babycode() reparse_babycode()
bind_default_badges(app.config['BADGES_PATH']) bind_default_badges(app.config['BADGES_PATH'])

18
app/routes/users.py
View File

@@ -74,7 +74,17 @@ def validate_and_create_badge(input_image, filename):
return False return False
def is_logged_in(): def is_logged_in():
return "pyrom_session_key" in session if "pyrom_session_key" not in session:
return False
sess = Sessions.find({"key": session["pyrom_session_key"]})
if not sess:
return False
if sess.expires_at < int(time.time()):
session.clear()
sess.delete()
flash('Your session expired.;Please log in again.', InfoboxKind.INFO)
return False
return True
def get_active_user(): def get_active_user():
@@ -83,6 +93,8 @@ def get_active_user():
sess = Sessions.find({"key": session["pyrom_session_key"]}) sess = Sessions.find({"key": session["pyrom_session_key"]})
if not sess: if not sess:
return None return None
if sess.expires_at < int(time.time()):
return None
return Users.find({"id": sess.user_id}) return Users.find({"id": sess.user_id})
@@ -884,6 +896,10 @@ def delete_page_confirm(username):
flash('Incorrect password.', InfoboxKind.ERROR) flash('Incorrect password.', InfoboxKind.ERROR)
return redirect(url_for('.delete_page', username=username)) return redirect(url_for('.delete_page', username=username))
if target_user.is_admin():
flash('You cannot delete the admin account.', InfoboxKind.ERROR)
return redirect(url_for('.delete_page', username=username))
anonymize_user(target_user.id) anonymize_user(target_user.id)
sessions = Sessions.findall({'user_id': int(target_user.id)}) sessions = Sessions.findall({'user_id': int(target_user.id)})
for session_obj in sessions: for session_obj in sessions: