Update follow corpus by token method

2024-11-15 01:05:42 +00:00 · 2023-03-02 09:57:43 +01:00 · 2023-03-02 09:57:43 +01:00 · 2dc7efbc8d
commit 2dc7efbc8d
parent ed195af6a2
2 changed files with 22 additions and 15 deletions
--- a/app/corpora/routes.py
+++ b/app/corpora/routes.py
@ -66,15 +66,11 @@ def disable_corpus_is_public(corpus_id):
@bp.route('/<hashid:corpus_id>/follow/<token>')
@login_required
 def follow_corpus(corpus_id, token):
-    corpus = current_user.verify_follow_corpus_token(token)['corpus']
-    role = current_user.verify_follow_corpus_token(token)['role']
-    if not (current_user.is_authenticated and current_user.verify_follow_corpus_token(token)):
-        abort(403)
-    if not current_user.is_following_corpus(corpus) and current_user != corpus.user:
-        current_user.follow_corpus(corpus, role)
+    if current_user.follow_corpus_by_token(token):
        db.session.commit()
        flash(f'You are following {corpus.title} now', category='corpus')
        return redirect(url_for('corpora.corpus', corpus_id=corpus_id))
+    abort(403)    


@bp.route('/<hashid:corpus_id>/followers/<hashid:follower_id>/unfollow', methods=['POST'])
@ -174,12 +170,14 @@ def corpus(corpus_id):
            title='Corpus'
        )
    if current_user.is_following_corpus(corpus) or corpus.is_public:
+        cfa = CorpusFollowerAssociation.query.filter_by(corpus_id=corpus_id, follower_id=current_user.id).first_or_404()
        corpus_files = [x.to_json_serializeable() for x in corpus.files]
        owner = corpus.user.to_json_serializeable()
        return render_template(
            'corpora/public_corpus.html.j2',
            corpus=corpus,
            corpus_files=corpus_files,
+            cfa=cfa,
            owner=owner,
            title='Corpus',
        )
--- a/app/models.py
+++ b/app/models.py
@ -792,14 +792,15 @@ class User(HashidMixin, UserMixin, db.Model):
    def is_following_corpus(self, corpus):
        return corpus in self.followed_corpora
    
-    def generate_follow_corpus_token(self, corpus_id, role, expiration=7):
+    def generate_follow_corpus_token(self, corpus_hashid, role_name, expiration=7):
        now = datetime.utcnow()
        payload = {
            'exp': expiration,
            'iat': now,
            'iss': current_app.config['SERVER_NAME'],
-            'sub': corpus_id,
-            'role': role
+            'purpose': 'User.follow_corpus',
+            'role_name': role_name,
+            'sub': corpus_hashid
        }
        return jwt.encode(
            payload,
@ -807,23 +808,31 @@ class User(HashidMixin, UserMixin, db.Model):
            algorithm='HS256'
        )
    
-    def verify_follow_corpus_token(self, token):
+    def follow_corpus_by_token(self, token):
        try:
            payload = jwt.decode(
                token,
                current_app.config['SECRET_KEY'],
                algorithms=['HS256'],
                issuer=current_app.config['SERVER_NAME'],
-                options={'require': ['exp', 'iat', 'iss', 'sub']}
+                options={'require': ['exp', 'iat', 'iss', 'purpose', 'role_name', 'sub']}
            )
        except jwt.PyJWTError:
            return False
-        corpus_id = payload.get('sub')
+        if payload.get('purpose') != 'User.follow_corpus':
+            return False
+        corpus_hashid = payload.get('sub')
+        corpus_id = hashids.decode(corpus_hashid)
        corpus = Corpus.query.get_or_404(corpus_id)
-        role = CorpusFollowerRole.query.filter_by(name=payload.get('role')).first()
        if corpus is None:
            return False
-        return {'corpus': corpus, 'role': role}
+        role_name = payload.get('role_name')
+        role = CorpusFollowerRole.query.filter_by(name=role_name).first()
+        if role is None:
+            return False
+        self.follow_corpus(corpus, role)
+        db.session.add(self)
+        return True

    def to_json_serializeable(self, backrefs=False, relationships=False, filter_by_privacy_settings=False):
        json_serializeable = {