Permalink
Browse files

added delete function

  • Loading branch information...
Seth Dandridge
Seth Dandridge committed Mar 11, 2016
1 parent 5585e3b commit c426339be69f00212f14888cc95e18a8931641ed
Showing with 88 additions and 6 deletions.
  1. +38 −1 controllers/api.py
  2. +3 −0 mycorgi_app.py
  3. +2 −2 remove_party.py
  4. +30 −0 templates/party.html
  5. +1 −0 templates/upload_form.html
  6. +14 −3 views/party.py
View
@@ -2,7 +2,9 @@
from models import Orgy
from database import get_db_session
import re
import hmac
import mycorgi_app
import hashlib
api = Blueprint('api', __name__, subdomain='api')
YOUTUBE_REGEX = (r'(https?://)?(www\.)?'
@@ -14,6 +16,41 @@ def after(response):
response.headers.add('Access-Control-Allow-Origin', '*')
return response
@api.route('/delete')
def delete_party():
requestor_ip = request.remote_addr
delete_token = request.args.get('delete_token')
name = request.args.get('name')
if (not name) or (not delete_token) or (not requestor_ip):
return 'Invalid request'
db_session = get_db_session()
party_to_delete = db_session.query(Orgy).filter(Orgy.name == name)\
.one_or_none()
if not party_to_delete:
return 'Invalid request'
if (not party_to_delete.creator_ip) or (party_to_delete.creator_ip == '127.0.0.1/32'):
return 'Invalid request'
else:
creator_ip = party_to_delete.creator_ip.replace('/32','')
# Additional sanity check
if creator_ip != requestor_ip:
return 'Invalid request'
token_message = creator_ip + party_to_delete.name
valid_delete_token = hmac.new(mycorgi_app.mycorgi_app.config['SECRET_DELETE_KEY'], token_message, hashlib.sha1).hexdigest()
if delete_token == valid_delete_token:
db_session.delete(party_to_delete)
db_session.commit()
print 'deleted party', party_to_delete.name
return 'Party deleted! Make another one <a href="//my.corgiorgy.com">here</a>!'
else:
return 'Invalid request!'
@api.route('/check_name', methods=['POST'])
def check_name():
name = request.form.get('name')
View
@@ -4,10 +4,13 @@
from views.upload_form import upload_form
from controllers.api import api
from database import db_session
import string
import random
mycorgi_app = Flask(__name__)
mycorgi_app.config['SERVER_NAME'] = 'corgiorgy.com'
mycorgi_app.config['SECRET_DELETE_KEY'] = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for x in range(128))
mycorgi_app.register_blueprint(party)
mycorgi_app.register_blueprint(static)
View
@@ -1,7 +1,7 @@
from database import db_session
from models import Orgy
party_to_delete = 'INSERT ORGY NAME HERE'
party_to_delete = 'bricksquadmonopoly'
party = db_session.query(Orgy)\
.filter(Orgy.name.ilike(party_to_delete))\
@@ -10,4 +10,4 @@
db_session.delete(party)
db_session.commit()
print 'done deleting', orgy_to_delete
print 'done deleting', party_to_delete
View
@@ -69,6 +69,33 @@
left: 0;
}
#delete {
float: left;
padding-top: 5px;
padding-left: 10px;
font-family: verdana, sans-serif;
font-size: .75em;
font-weight: bold;
}
#delete a {
color: white;
text-decoration: none;
-webkit-background-clip: text;
-webkit-text-fill-color: transparent;
background-image: -webkit-linear-gradient(180deg,#f35626,#feab3a);
}
#delete a:link, a:visited {
color: white;
-webkit-animation: rainbow 10s infinite linear;
}
#delete a:hover, a:active {
color: white;
-webkit-animation: rainbow .25s infinite linear;
}
#follow {
float: right;
padding-top: 5px;
@@ -121,6 +148,9 @@
<div class="push"></div>
</div>
<footer>
{% if delete_url %}
<span id="delete"><a href="//api.corgiorgy.com/delete{{ delete_url }}">delete</a></span>
{% endif %}
{% if party.youtube_id %}
<img src="//static.corgiorgy.com/img/mute.svg" id="mute" onclick="toggleSound(this);">
{% endif %}<span id="follow"><a href="//my.corgiorgy.com">throw another party</a></span>
@@ -42,6 +42,7 @@
<div class="col-sm-7 header">
<h1>Throw your own gif party!!!</h1>
<h4 style="margin-top:15px;">How to make a <a href="http://corgiorgy.com" target="_blank">CorgiOrgy</a>-style website</h4>
<h5 style="margin-top:16px;"><strong><a href='http://github.com/sethdandridge/mycorgi' target='_blank'>This project is open source! Fork me on GitHub</a></strong></h5></center>
<div id="error-box" class="alert alert-danger" role="alert">
<span class="glyphicon glyphicon-exclamation-sign" aria-hidden="true"></span>
<span class="sr-only">Error:</span>
View
@@ -1,6 +1,9 @@
from flask import Blueprint, render_template
from flask import Blueprint, render_template, request
from models import Orgy
from database import get_db_session
import hmac
import hashlib
import mycorgi_app
party = Blueprint('party', __name__)
@@ -14,8 +17,16 @@ def show_party(party_subdomain):
.one_or_none()
if not party:
return 'Party not found! Make one <a href="//my.corgiorgy.com">here</a>!', 404
else:
return render_template('party.html', party=party)
if party.creator_ip:
creator_ip = party.creator_ip.replace('/32','')
if creator_ip == request.remote_addr:
token_message = creator_ip + party.name
delete_token = hmac.new(mycorgi_app.mycorgi_app.config['SECRET_DELETE_KEY'], token_message, hashlib.sha1).hexdigest()
delete_url = '?name='+party.name+'&delete_token='+delete_token
else:
delete_url = None
return render_template('party.html', party=party, delete_url=delete_url)
# If coming to an unrecgnized path on 'my' subdomain,
# that's an old party

0 comments on commit c426339

Please sign in to comment.