mirror of
https://gitlab.com/SIGBUS/nyaa.git
synced 2024-12-23 00:39:59 +00:00
API: default to trusted, properly pass CSRF to UploadForm
This commit is contained in:
parent
a305df5a8f
commit
0e57378359
|
@ -87,11 +87,13 @@ def api_upload(upload_request, user):
|
||||||
|
|
||||||
form_info_as_dict = []
|
form_info_as_dict = []
|
||||||
for k, v in form_info.items():
|
for k, v in form_info.items():
|
||||||
if k in ['is_anonymous', 'is_hidden', 'is_remake', 'is_complete']:
|
if k in ['is_anonymous', 'is_hidden', 'is_remake', 'is_complete', 'is_trusted']:
|
||||||
if v:
|
if v:
|
||||||
form_info_as_dict.append((k, v))
|
form_info_as_dict.append((k, v))
|
||||||
else:
|
else:
|
||||||
form_info_as_dict.append((k, v))
|
form_info_as_dict.append((k, v))
|
||||||
|
# Hack for while v1 is still being used: default trusted to true
|
||||||
|
form_info_as_dict.setdefault('is_trusted', True)
|
||||||
form_info = ImmutableMultiDict(form_info_as_dict)
|
form_info = ImmutableMultiDict(form_info_as_dict)
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
return flask.make_response(flask.jsonify(
|
return flask.make_response(flask.jsonify(
|
||||||
|
@ -104,7 +106,7 @@ def api_upload(upload_request, user):
|
||||||
return flask.make_response(flask.jsonify(
|
return flask.make_response(flask.jsonify(
|
||||||
{'Failure': ['No torrent file was attached.']}), 400)
|
{'Failure': ['No torrent file was attached.']}), 400)
|
||||||
|
|
||||||
form = forms.UploadForm(CombinedMultiDict((torrent_file, form_info)), csrf_enabled=False)
|
form = forms.UploadForm(CombinedMultiDict((torrent_file, form_info)), meta={'csrf':False})
|
||||||
form.category.choices = _create_upload_category_choices()
|
form.category.choices = _create_upload_category_choices()
|
||||||
|
|
||||||
if upload_request.method == 'POST' and form.validate():
|
if upload_request.method == 'POST' and form.validate():
|
||||||
|
@ -134,17 +136,17 @@ UPLOAD_API_FORM_KEYMAP = {
|
||||||
'is_trusted': 'trusted'
|
'is_trusted': 'trusted'
|
||||||
}
|
}
|
||||||
UPLOAD_API_FORM_KEYMAP_REVERSE = {v: k for k, v in UPLOAD_API_FORM_KEYMAP.items()}
|
UPLOAD_API_FORM_KEYMAP_REVERSE = {v: k for k, v in UPLOAD_API_FORM_KEYMAP.items()}
|
||||||
UPLOAD_API_KEYS = [
|
UPLOAD_API_DEFAULTS = {
|
||||||
'name',
|
'name' : '',
|
||||||
'category',
|
'category': '',
|
||||||
'anonymous',
|
'anonymous': False,
|
||||||
'hidden',
|
'hidden': False,
|
||||||
'complete',
|
'complete': False,
|
||||||
'remake',
|
'remake': False,
|
||||||
'trusted',
|
'trusted': True,
|
||||||
'information',
|
'information': '',
|
||||||
'description'
|
'description': ''
|
||||||
]
|
}
|
||||||
|
|
||||||
|
|
||||||
@api_blueprint.route('/v2/upload', methods=['POST'])
|
@api_blueprint.route('/v2/upload', methods=['POST'])
|
||||||
|
@ -161,12 +163,12 @@ def v2_api_upload():
|
||||||
request_data = json.loads(request_data_field)
|
request_data = json.loads(request_data_field)
|
||||||
|
|
||||||
# Map api keys to upload form fields
|
# Map api keys to upload form fields
|
||||||
for key in UPLOAD_API_KEYS:
|
for key, default in UPLOAD_API_DEFAULTS.items():
|
||||||
mapped_key = UPLOAD_API_FORM_KEYMAP_REVERSE.get(key, key)
|
mapped_key = UPLOAD_API_FORM_KEYMAP_REVERSE.get(key, key)
|
||||||
mapped_dict[mapped_key] = request_data.get(key) or ''
|
mapped_dict[mapped_key] = request_data.get(key, default)
|
||||||
|
|
||||||
# Flask-WTF (very helpfully!!) automatically grabs the request form, so force a None formdata
|
# Flask-WTF (very helpfully!!) automatically grabs the request form, so force a None formdata
|
||||||
upload_form = forms.UploadForm(None, data=mapped_dict, csrf_enabled=False)
|
upload_form = forms.UploadForm(None, data=mapped_dict, meta={'csrf':False})
|
||||||
upload_form.category.choices = _create_upload_category_choices()
|
upload_form.category.choices = _create_upload_category_choices()
|
||||||
|
|
||||||
if upload_form.validate():
|
if upload_form.validate():
|
||||||
|
|
Loading…
Reference in a new issue