From d94ea04c1b208d85c3e6ebf4d80ffdc67533bcdd Mon Sep 17 00:00:00 2001 From: iamBadgers Date: Sun, 3 May 2026 00:50:33 -0700 Subject: [PATCH] Add user auth to table mods --- src/auth.py | 7 +++++++ src/game_table_model.py | 5 +++-- src/main.py | 4 +++- src/tables.py | 42 +++++++++++++++++++++++++++++++---------- src/user_model.py | 10 +++++++++- 5 files changed, 54 insertions(+), 14 deletions(-) diff --git a/src/auth.py b/src/auth.py index cade34e..977a6a5 100644 --- a/src/auth.py +++ b/src/auth.py @@ -6,6 +6,7 @@ from random import randint auth = Blueprint("auth_api", __name__) + @auth.route("/login", methods=["POST"]) def login(): username = request.get_json()["username"] @@ -19,6 +20,7 @@ def login(): return jsonify({"username": "NONE", "authenticated": False}), 400 + @auth.route("/logout", methods=["POST"]) @login_required def logout(): @@ -26,6 +28,7 @@ def logout(): return jsonify({"username": "NONE", "authenticated": False}), 200 return "Log Out Failed", 400 + @auth.route("/user") def get_current_user(): if current_user.is_authenticated: @@ -34,6 +37,7 @@ def get_current_user(): return jsonify({"username": "NONE", "authenticated": False}) return "Unauthd", 403 + @auth.route("/user", methods=["POST"]) def create_user(): username = request.get_json()["username"] @@ -46,6 +50,7 @@ def create_user(): db.session.commit() return jsonify(user.to_dict()) + @auth.route("/user/", methods=["POST"]) @login_required def update_user(user_id): @@ -55,11 +60,13 @@ def update_user(user_id): db.session.commit() return jsonify(user.to_dict()), 200 + @auth.route("/user/", methods=["DELETE"]) @login_required def delete_user(): return + @auth.route("/user/") @login_required def get_user(): diff --git a/src/game_table_model.py b/src/game_table_model.py index 8ac33b0..69f79f5 100644 --- a/src/game_table_model.py +++ b/src/game_table_model.py @@ -11,7 +11,8 @@ class GameTable(db.Model): active = db.Column(db.Boolean) version = db.Column(db.Integer) docker_id = db.Column(db.Integer) - user_id = db.Column(db.Integer) + owning_user_id = db.Column(db.Integer) + def __repr__(self): return f"" @@ -23,5 +24,5 @@ class GameTable(db.Model): "table_link": self.game_table_link, "active": self.active, "version": self.version, - "user_id": self.user_id + "user_id": self.owning_user_id, } diff --git a/src/main.py b/src/main.py index 5dfac48..de2a9e7 100644 --- a/src/main.py +++ b/src/main.py @@ -6,6 +6,7 @@ from flask_login import LoginManager db = SQLAlchemy() + def create_app(): app = Flask(__name__) @@ -24,9 +25,10 @@ def create_app(): db.close() from user_model import User + @login_manager.user_loader def load_user(user_id: string) -> User: - return User.query.get(int (user_id)) + return User.query.get(int(user_id)) import tables import auth diff --git a/src/tables.py b/src/tables.py index d01093e..2694d63 100644 --- a/src/tables.py +++ b/src/tables.py @@ -13,7 +13,7 @@ tables = Blueprint("tables_api", __name__) @tables.route("/tables", methods=["POST"]) @login_required def create_table(): - + user = current_user allTables = GameTable.query.all() allIds = set([table.game_table_id for table in allTables] or [0]) fullRange = set(range(0, max(allIds) + 2)) @@ -26,6 +26,7 @@ def create_table(): version=request.get_json()["version"], active=False, docker_id=None, + owning_user_id=user.id ) potato.session.add(table) potato.session.commit() @@ -40,23 +41,34 @@ def get_table(table_id): @tables.route("/tables/", methods=["POST"]) +@login_required def update_table(table_id): + user = current_user table = GameTable.query.get_or_404(table_id) - table.game_table_name = request.get_json()["table_name"] - table.game_table_link = request.get_json()["table_link"] - table.version = request.get_json()["version"] - potato.session.commit() + + if table.owning_user_id == user.id or user.is_admin: + table.game_table_name = request.get_json()["table_name"] + table.game_table_link = request.get_json()["table_link"] + table.version = request.get_json()["version"] + potato.session.commit() + return jsonify(table.to_dict()), 200 + + return "Not auth'd to mod table.", 403 @tables.route("tables/", methods=["DELETE"]) -@ +@login_required def delete_table(table_id): + user = current_user table = GameTable.query.get_or_404(table_id) - container_managment.delete_file_package(table) - potato.session.delete(table) - potato.session.commit() - return jsonify({}), 200 + if table.owning_user_id == user.id or user.is_admin: + container_managment.delete_file_package(table) + potato.session.delete(table) + potato.session.commit() + return jsonify({}), 200 + + return "Not auth'd to mod table.", 403 @tables.route("/tables/active") def list_active_tables(): @@ -77,11 +89,16 @@ def list_inactive_tables(): @tables.route("/tables/:start", methods=["POST"]) +@login_required def activate_table(table_id): + user = current_user hard = bool(request.get_json()["hard"]) keys = TableKey.query.filter_by(game_table_id=None).all() table = GameTable.query.get_or_404(table_id) + if not table.owning_user_id == user.id and not user.is_admin: + return "Not auth'd to mod table.", 403 + if table.active: return "Table already active", 400 @@ -101,10 +118,15 @@ def activate_table(table_id): @tables.route("/tables/:stop", methods=["POST"]) +@login_required def deactivate_table(table_id): + user = current_user table = GameTable.query.get_or_404(table_id) key = TableKey.query.filter_by(game_table_id=table_id).first() + if not table.owning_user_id == user.id and not user.is_admin: + return "Not auth'd to mod table.", 403 + if not table.active: return "Table not active", 400 diff --git a/src/user_model.py b/src/user_model.py index 5e5ede5..3a8fe76 100644 --- a/src/user_model.py +++ b/src/user_model.py @@ -4,9 +4,11 @@ from main import db from werkzeug.security import generate_password_hash, check_password_hash from flask_login import UserMixin + def create_new_session(user: User) -> Session: return + class User(UserMixin, db.Model): __tablename__ = "users" @@ -24,7 +26,13 @@ class User(UserMixin, db.Model): return check_password_hash(self.password_hash, password) def to_dict(self): - return {"id": self.id, "username": self.user_name, "authenticated": self.is_authenticated} + return { + "id": self.id, + "username": self.user_name, + "authenticated": self.is_authenticated, + "is_admin": self.is_admin + } + class Session(db.Model):