diff options
| author |  Joe Banks <[email protected]> | 2020-11-14 01:57:40 +0000 |
|---|---|---|
| committer | Joe Banks <[email protected]> | 2020-11-14 01:57:40 +0000 |
| commit | daae394dcb7840b4ff41a69cac9a86d7d9c32a63 (patch) | |
| tree | c9c90086d8ec67479d5fb908a0287fd52a6db98d /backend/routes/forms/submit.py | |
| parent | Do not force str form _id, it will be a str in prod (diff) | |
Add basic debug submit route to calculate some anti-spam and validate tokens
Diffstat (limited to 'backend/routes/forms/submit.py')
| -rw-r--r-- | backend/routes/forms/submit.py | 68 |
1 files changed, 68 insertions, 0 deletions
diff --git a/backend/routes/forms/submit.py b/backend/routes/forms/submit.py new file mode 100644 index 0000000..599900f --- /dev/null +++ b/backend/routes/forms/submit.py @@ -0,0 +1,68 @@ +""" +Submit a form. +""" + +import binascii +import hashlib + +import jwt + +from starlette.responses import JSONResponse + +from backend.constants import SECRET_KEY +from backend.route import Route + + +class SubmitForm(Route): + """ + Submit a form with the provided form ID. + """ + + name = "submit_form" + path = "/submit/{form_id:str}" + + async def post(self, request): + data = await request.json() + + if form := request.state.db.forms.find_one( + {"_id": request.path_params["form_id"], "features": "OPEN"} + ): + response_obj = {} + + if "DISABLE_ANTISPAM" not in form["features"]: + ip_hash_ctx = hashlib.md5() + ip_hash_ctx.update(request.client.host.encode()) + ip_hash = binascii.hexlify(ip_hash_ctx.digest()) + + response_obj["antispam"] = { + "ip": ip_hash.decode() + } + + if "REQUIRES_LOGIN" in form["features"]: + if token := data.get("token"): + data = jwt.decode(token, SECRET_KEY, algorithms=['HS256']) + response_obj["user"] = { + "user": f"{data['username']}#{data['discriminator']}", + "id": data["id"] + } + + if "COLLECT_EMAIL" in form["features"]: + if data.get("email"): + response_obj["user"]["email"] = data["email"] + else: + return JSONResponse({ + "error": "User data did not include email information" + }) + else: + return JSONResponse({ + "error": "Missing Discord user data" + }) + + return JSONResponse({ + "form": form, + "response": response_obj + }) + else: + return JSONResponse({ + "error": "Open form not found" + }) |