From 9c028e697f7716298cc89e113c6959ba04cecd77 Mon Sep 17 00:00:00 2001 From: VVX7 Date: Wed, 2 Oct 2019 18:20:11 -0400 Subject: [PATCH] chg: [authentication] require authorization on hidden endpoints. --- server.py | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/server.py b/server.py index 836a020..573e8d3 100755 --- a/server.py +++ b/server.py @@ -400,6 +400,7 @@ def trendings(): ''' INDEX ''' @app.route("/_logs") +@login_required def logs(): if request.accept_mimetypes.accept_json or request.method == 'POST': key = 'Attribute' @@ -418,6 +419,7 @@ def logs(): return Response(stream_with_context(event_stream_log()), mimetype="text/event-stream") @app.route("/_maps") +@login_required def maps(): if request.accept_mimetypes.accept_json or request.method == 'POST': key = 'Map' @@ -427,6 +429,7 @@ def maps(): return Response(event_stream_maps(), mimetype="text/event-stream") @app.route("/_get_log_head") +@login_required def getLogHead(): return json.dumps(LogItem('').get_head_row()) @@ -460,6 +463,7 @@ def event_stream_maps(): ''' GEO ''' @app.route("/_getTopCoord") +@login_required def getTopCoord(): try: date = datetime.datetime.fromtimestamp(float(request.args.get('date'))) @@ -469,6 +473,7 @@ def getTopCoord(): return jsonify(data) @app.route("/_getHitMap") +@login_required def getHitMap(): try: date = datetime.datetime.fromtimestamp(float(request.args.get('date'))) @@ -478,6 +483,7 @@ def getHitMap(): return jsonify(data) @app.route("/_getCoordsByRadius") +@login_required def getCoordsByRadius(): try: dateStart = datetime.datetime.fromtimestamp(float(request.args.get('dateStart'))) @@ -494,14 +500,17 @@ def getCoordsByRadius(): ''' CONTRIB ''' @app.route("/_getLastContributors") +@login_required def getLastContributors(): return jsonify(contributor_helper.getLastContributorsFromRedis()) @app.route("/_eventStreamLastContributor") +@login_required def getLastContributor(): return Response(eventStreamLastContributor(), mimetype="text/event-stream") @app.route("/_eventStreamAwards") +@login_required def getLastStreamAwards(): return Response(eventStreamAwards(), mimetype="text/event-stream") @@ -539,6 +548,7 @@ def eventStreamAwards(): subscriber_lastAwards.unsubscribe() @app.route("/_getTopContributor") +@login_required def getTopContributor(suppliedDate=None, maxNum=100): if suppliedDate is None: try: @@ -552,6 +562,7 @@ def getTopContributor(suppliedDate=None, maxNum=100): return jsonify(data) @app.route("/_getFameContributor") +@login_required def getFameContributor(): try: date = datetime.datetime.fromtimestamp(float(request.args.get('date'))) @@ -562,6 +573,7 @@ def getFameContributor(): return getTopContributor(suppliedDate=date, maxNum=10) @app.route("/_getFameQualContributor") +@login_required def getFameQualContributor(): try: date = datetime.datetime.fromtimestamp(float(request.args.get('date'))) @@ -572,10 +584,12 @@ def getFameQualContributor(): return getTopContributor(suppliedDate=date, maxNum=10) @app.route("/_getTop5Overtime") +@login_required def getTop5Overtime(): return jsonify(contributor_helper.getTop5OvertimeFromRedis()) @app.route("/_getOrgOvertime") +@login_required def getOrgOvertime(): try: org = request.args.get('org') @@ -584,6 +598,7 @@ def getOrgOvertime(): return jsonify(contributor_helper.getOrgOvertime(org)) @app.route("/_getCategPerContrib") +@login_required def getCategPerContrib(): try: date = datetime.datetime.fromtimestamp(float(request.args.get('date'))) @@ -593,6 +608,7 @@ def getCategPerContrib(): return jsonify(contributor_helper.getCategPerContribFromRedis(date)) @app.route("/_getLatestAwards") +@login_required def getLatestAwards(): try: date = datetime.datetime.fromtimestamp(float(request.args.get('date'))) @@ -602,10 +618,12 @@ def getLatestAwards(): return jsonify(contributor_helper.getLastAwardsFromRedis()) @app.route("/_getAllOrg") +@login_required def getAllOrg(): return jsonify(contributor_helper.getAllOrgFromRedis()) @app.route("/_getOrgRank") +@login_required def getOrgRank(): try: org = request.args.get('org') @@ -614,6 +632,7 @@ def getOrgRank(): return jsonify(contributor_helper.getCurrentOrgRankFromRedis(org)) @app.route("/_getContributionOrgStatus") +@login_required def getContributionOrgStatus(): try: org = request.args.get('org') @@ -622,6 +641,7 @@ def getContributionOrgStatus(): return jsonify(contributor_helper.getCurrentContributionStatus(org)) @app.route("/_getHonorBadges") +@login_required def getHonorBadges(): try: org = request.args.get('org') @@ -630,6 +650,7 @@ def getHonorBadges(): return jsonify(contributor_helper.getOrgHonorBadges(org)) @app.route("/_getTrophies") +@login_required def getTrophies(): try: org = request.args.get('org') @@ -639,6 +660,7 @@ def getTrophies(): @app.route("/_getAllOrgsTrophyRanking") @app.route("/_getAllOrgsTrophyRanking/") +@login_required def getAllOrgsTrophyRanking(categ=None): return jsonify(contributor_helper.getAllOrgsTrophyRanking(categ)) @@ -646,6 +668,7 @@ def getAllOrgsTrophyRanking(categ=None): ''' USERS ''' @app.route("/_getUserLogins") +@login_required def getUserLogins(): try: date = datetime.datetime.fromtimestamp(float(request.args.get('date'))) @@ -657,10 +680,12 @@ def getUserLogins(): return jsonify(data) @app.route("/_getAllLoggedOrg") +@login_required def getAllLoggedOrg(): return jsonify(users_helper.getAllOrg()) @app.route("/_getTopOrglogin") +@login_required def getTopOrglogin(): try: date = datetime.datetime.fromtimestamp(float(request.args.get('date'))) @@ -671,6 +696,7 @@ def getTopOrglogin(): return jsonify(data) @app.route("/_getLoginVSCOntribution") +@login_required def getLoginVSCOntribution(): try: date = datetime.datetime.fromtimestamp(float(request.args.get('date'))) @@ -681,6 +707,7 @@ def getLoginVSCOntribution(): return jsonify(data) @app.route("/_getUserLoginsAndContribOvertime") +@login_required def getUserLoginsAndContribOvertime(): try: date = datetime.datetime.fromtimestamp(float(request.args.get('date'))) @@ -693,6 +720,7 @@ def getUserLoginsAndContribOvertime(): ''' TRENDINGS ''' @app.route("/_getTrendingEvents") +@login_required def getTrendingEvents(): try: dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS'))) @@ -706,6 +734,7 @@ def getTrendingEvents(): return jsonify(data) @app.route("/_getTrendingCategs") +@login_required def getTrendingCategs(): try: dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS'))) @@ -719,6 +748,7 @@ def getTrendingCategs(): return jsonify(data) @app.route("/_getTrendingTags") +@login_required def getTrendingTags(): try: dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS'))) @@ -732,6 +762,7 @@ def getTrendingTags(): return jsonify(data) @app.route("/_getTrendingSightings") +@login_required def getTrendingSightings(): try: dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS'))) @@ -744,6 +775,7 @@ def getTrendingSightings(): return jsonify(data) @app.route("/_getTrendingDisc") +@login_required def getTrendingDisc(): try: dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS'))) @@ -757,6 +789,7 @@ def getTrendingDisc(): return jsonify(data) @app.route("/_getTypeaheadData") +@login_required def getTypeaheadData(): try: dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS'))) @@ -769,6 +802,7 @@ def getTypeaheadData(): return jsonify(data) @app.route("/_getGenericTrendingOvertime") +@login_required def getGenericTrendingOvertime(): try: dateS = datetime.datetime.fromtimestamp(float(request.args.get('dateS')))