velvox
/
litecord
mirror of https://gitlab.com/litecord/litecord.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

invites: add time and usage checks in use_invite

This commit is contained in:
Luna Mendes 2018-11-23 02:57:30 -03:00
parent 7332ec7165
commit 4d3c288750
1 changed files with 30 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
litecord/blueprints/invites.py
View File

@ -1,3 +1,4 @@
import datetime
import hashlib import hashlib
import os import os
@ -69,8 +70,16 @@ async def get_invite_2(invite_code: str):
return await get_invite(invite_code) return await get_invite(invite_code)
@bp.route('/invites/<invite_code>', methods=['DELETE'])
async def delete_invite(invite_code: str): async def delete_invite(invite_code: str):
"""Delete an invite."""
await app.db.fetchval("""
DELETE FROM invites
WHERE code = $1
""", invite_code)
@bp.route('/invites/<invite_code>', methods=['DELETE'])
async def _delete_invite(invite_code: str):
user_id = await token_check() user_id = await token_check()
guild_id = await app.db.fetchval(""" guild_id = await app.db.fetchval("""
@ -85,18 +94,13 @@ async def delete_invite(invite_code: str):
await guild_perm_check(user_id, guild_id, 'manage_channels') await guild_perm_check(user_id, guild_id, 'manage_channels')
inv = await app.storage.get_invite(invite_code) inv = await app.storage.get_invite(invite_code)
await delete_invite(invite_code)
await app.db.fetchval("""
DELETE FROM invites
WHERE code = $1
""", invite_code)
return jsonify(inv) return jsonify(inv)
@bp.route('/invite/<invite_code>', methods=['DELETE']) @bp.route('/invite/<invite_code>', methods=['DELETE'])
async def delete_invite_2(invite_code: str): async def _delete_invite_2(invite_code: str):
return await delete_invite(invite_code) return await _delete_invite(invite_code)
async def _get_inv(code): async def _get_inv(code):
@ -148,14 +152,27 @@ async def use_invite(invite_code):
"""Use an invite.""" """Use an invite."""
user_id = await token_check() user_id = await token_check()
guild_id = await app.db.fetchval(""" inv = await app.db.fetchrow("""
SELECT guild_id SELECT guild_id, created_at, max_age, uses, max_uses
FROM invites FROM invites
WHERE code = $1 WHERE code = $1
""", invite_code) """, invite_code)
if not guild_id: if inv is None:
raise BadRequest('Guild not Found') raise BadRequest('Invite not found')
now = datetime.datetime.utcnow()
delta_sec = (now - inv['created_at']).total_seconds()
if delta_sec > inv['max_age']:
await delete_invite(invite_code)
raise BadRequest('Invite has expired (age).')
if inv['uses'] > inv['max_uses']:
await delete_invite(invite_code)
raise BadRequest('Invite has expired (uses).')
guild_id = inv['guild_id']
joined = await app.db.fetchval(""" joined = await app.db.fetchval("""
SELECT joined_at SELECT joined_at