Files
Cedar-Django/closedverse_main/middleware.py
T
some weird guy ca09f3295b Login page moved to forms.py, New warning and ban system, a bunch of other shit.
- Change password page from profile settings has been moved over to forms.py
- Login page has been moved over to forms.py. There is no JavaScript right now, however it is still functional.
-Profile_tools_Form has been altered to remove a few unneeded fields that administrators don't need to mess with.
- warned_reason and warned fields are gone from User_tools_Form and will be removed from models.py at a later point.

- a new ban system has been implemented. While bans are still incomplete and lack capabilities to ban IP addresses as of right now, the groundwork is now here and those features can be added later.
- manage_bans page was added.

- A new warning system has been implemented. If a Warning is created, a notification is created automatically with it.  A warning notification replaces the "new announcement" notification type.
- Warning notifications are larger and stand out compared to normal notifications
- When posting, commenting or messaging someone, a check is performed to make sure you've seen the warning notification.
- manage_warnings page was added. This page will also show you the warning history.

- help_text was added to a bunch of fields.
2023-08-23 16:47:28 -07:00

78 lines
2.8 KiB
Python

from django.http import HttpResponseForbidden
from closedverse import settings
from django.shortcuts import redirect
from django.contrib.auth import logout
from .models import Ban
from django.utils import timezone
from re import compile
# Taken from https://python-programming.com/recipes/django-require-authentication-pages/
if settings.FORCE_LOGIN:
EXEMPT_URLS = [compile(settings.LOGIN_URL.lstrip('/'))]
if hasattr(settings, 'LOGIN_EXEMPT_URLS'):
EXEMPT_URLS += [compile(expr) for expr in settings.LOGIN_EXEMPT_URLS]
class CheckForBanMiddleware:
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
response = self.get_response(request)
return response
def process_view(self, request, view_func, view_args, view_kwargs):
# If the user is not authenticated, there's no need to check for bans
if not request.user.is_authenticated:
return None
# Get one active ban that is not expired
active_ban = Ban.objects.filter(
to=request.user,
active=True,
expiry_date__gte=timezone.now()
).first()
if active_ban:
return HttpResponseForbidden('You are banned from this site. Reason: ' + active_ban.reason)
return None
class ClosedMiddleware(object):
def __init__(self, get_response):
self.get_response = get_response
def __call__(self, request):
# Force logins if it's set
if settings.FORCE_LOGIN and not request.user.is_authenticated:
if not any(m.match(request.path_info.lstrip('/')) for m in EXEMPT_URLS):
if request.headers.get('x-requested-with') == 'XMLHttpRequest':
return HttpResponseForbidden("Login is required")
return redirect(settings.LOGIN_REDIRECT_URL)
# Fix this ; put something in settings signifying if the server supports HTTPS or not
#if not request.is_secure() and (not settings.DEBUG) and settings.CLOSEDVERSE_PROD:
# Let's try to redirect to HTTPS for non-Nintendo stuff.
"""
if not request.META.get('HTTP_USER_AGENT'):
return HttpResponseForbidden("You need a user agent.", content_type='text/plain')
if settings.CLOSEDVERSE_PROD not request.is_secure() and not 'Nintendo' in request.META['HTTP_USER_AGENT']:
return redirect('https://{0}{1}'.format(request.get_host(), request.get_full_path()))
"""
if request.user.is_authenticated:
"""
if not request.user.is_active():
if request.user.warned_reason:
ban_msg = request.user.warned_reason
else:
ban_msg = 'You are banned.'
return HttpResponseForbidden(ban_msg)
"""
# can just forbid post requests for the time being (but leav our funny logout message :3)
if not request.user.is_active() and request.method != 'GET' and request.get_full_path() != '/logout/':
return HttpResponseForbidden()
response = self.get_response(request)
if request.user.is_authenticated:
# for reverse proxy
response['X-Username'] = request.user.username
return response