diff --git a/app/blueprints/api/endpoints.py b/app/blueprints/api/endpoints.py index 981e4aea..27f50fc4 100644 --- a/app/blueprints/api/endpoints.py +++ b/app/blueprints/api/endpoints.py @@ -16,11 +16,10 @@ import math import os -from functools import wraps from typing import List import flask_sqlalchemy -from flask import request, jsonify, current_app, Response +from flask import request, jsonify, current_app from flask_babel import gettext from sqlalchemy import and_, or_ from sqlalchemy.orm import joinedload @@ -33,7 +32,8 @@ from app.models import Tag, PackageState, PackageType, Package, db, PackageRelea MinetestRelease, APIToken, PackageScreenshot, License, ContentWarning, User, PackageReview, Thread, Collection, \ PackageAlias, Language from app.querybuilder import QueryBuilder -from app.utils import is_package_page, get_int_or_abort, url_set_query, abs_url, is_yes, get_request_date, cached +from app.utils import is_package_page, get_int_or_abort, url_set_query, abs_url, is_yes, get_request_date, cached, \ + cors_allowed from app.utils.minetest_hypertext import html_to_minetest, package_info_as_hypertext, package_reviews_as_hypertext from . import bp from .auth import is_api_authd @@ -41,17 +41,6 @@ from .support import error, api_create_vcs_release, api_create_zip_release, api_ api_order_screenshots, api_edit_package, api_set_cover_image -def cors_allowed(f): - @wraps(f) - def inner(*args, **kwargs): - res: Response = f(*args, **kwargs) - res.headers["Access-Control-Allow-Origin"] = "*" - res.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS" - res.headers["Access-Control-Allow-Headers"] = "Content-Type, Authorization" - return res - return inner - - @bp.route("/api/packages/") @cors_allowed @cached(300) diff --git a/app/blueprints/feeds/__init__.py b/app/blueprints/feeds/__init__.py index 501d602b..b1e493b7 100644 --- a/app/blueprints/feeds/__init__.py +++ b/app/blueprints/feeds/__init__.py @@ -20,7 +20,7 @@ from flask_babel import gettext from app.markdown import render_markdown from app.models import Package, PackageState, db, PackageRelease -from app.utils import is_package_page, abs_url_for, cached +from app.utils import is_package_page, abs_url_for, cached, cors_allowed bp = Blueprint("feeds", __name__) @@ -114,6 +114,7 @@ def _atomify(feed): @bp.route("/feeds/all.json") +@cors_allowed @cached(1800) def all_json(): feed = _get_all_feed(abs_url_for("feeds.all_json")) @@ -121,6 +122,7 @@ def all_json(): @bp.route("/feeds/all.atom") +@cors_allowed @cached(1800) def all_atom(): feed = _get_all_feed(abs_url_for("feeds.all_atom")) @@ -128,6 +130,7 @@ def all_atom(): @bp.route("/feeds/packages.json") +@cors_allowed @cached(1800) def packages_all_json(): feed = _get_new_packages_feed(abs_url_for("feeds.packages_all_json")) @@ -135,6 +138,7 @@ def packages_all_json(): @bp.route("/feeds/packages.atom") +@cors_allowed @cached(1800) def packages_all_atom(): feed = _get_new_packages_feed(abs_url_for("feeds.packages_all_atom")) @@ -142,6 +146,7 @@ def packages_all_atom(): @bp.route("/feeds/releases.json") +@cors_allowed @cached(1800) def releases_all_json(): feed = _get_releases_feed(PackageRelease.query, abs_url_for("feeds.releases_all_json")) @@ -149,6 +154,7 @@ def releases_all_json(): @bp.route("/feeds/releases.atom") +@cors_allowed @cached(1800) def releases_all_atom(): feed = _get_releases_feed(PackageRelease.query, abs_url_for("feeds.releases_all_atom")) @@ -156,6 +162,7 @@ def releases_all_atom(): @bp.route("/packages///releases_feed.json") +@cors_allowed @is_package_page @cached(1800) def releases_package_json(package: Package): @@ -164,6 +171,7 @@ def releases_package_json(package: Package): @bp.route("/packages///releases_feed.atom") +@cors_allowed @is_package_page @cached(1800) def releases_package_atom(package: Package): diff --git a/app/utils/flask.py b/app/utils/flask.py index 82d8dd8e..314ffc66 100644 --- a/app/utils/flask.py +++ b/app/utils/flask.py @@ -175,3 +175,14 @@ def cached(max_age: int): return inner return decorator + + +def cors_allowed(f): + @wraps(f) + def inner(*args, **kwargs): + res: Response = f(*args, **kwargs) + res.headers["Access-Control-Allow-Origin"] = "*" + res.headers["Access-Control-Allow-Methods"] = "GET, POST, PUT, DELETE, OPTIONS" + res.headers["Access-Control-Allow-Headers"] = "Content-Type, Authorization" + return res + return inner