XF/neptune
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Remove redaction stuff

Browse Source
This commit is contained in:
Mark Veidemanis
2022-08-26 07:20:30 +01:00
parent cc20c545dd
commit bdee5a2aae
5 changed files with 404 additions and 396 deletions
Download Patch File Download Diff File Expand all files Collapse all files

100
core/views/ui/drilldown.py
View File

@@ -1,7 +1,6 @@
import json
import urllib
import uuid
from copy import deepcopy
from django.conf import settings
from django.http import HttpResponse, JsonResponse
@@ -20,9 +19,10 @@ from core.lib.threshold import (
get_chans,
get_users,
)
from core.views.helpers import hash_list, hash_lookup, randomise_list
from core.views.ui.tables import DrilldownTable
# from copy import deepcopy
def parse_dates(dates):
spl = dates.split(" - ")
@@ -313,14 +313,14 @@ class DrilldownContextModal(APIView):
query_params[key] = None
# Lookup the hash values but don't disclose them to the user
if settings.HASHING:
if query_params["source"] not in settings.SAFE_SOURCES:
SAFE_PARAMS = deepcopy(query_params)
hash_lookup(request.user, SAFE_PARAMS)
else:
SAFE_PARAMS = deepcopy(query_params)
else:
SAFE_PARAMS = query_params
# if settings.HASHING:
# if query_params["source"] not in settings.SAFE_SOURCES:
# SAFE_PARAMS = deepcopy(query_params)
# hash_lookup(request.user, SAFE_PARAMS)
# else:
# SAFE_PARAMS = deepcopy(query_params)
# else:
# SAFE_PARAMS = query_params
type = None
if request.user.is_superuser:
@@ -328,12 +328,12 @@ class DrilldownContextModal(APIView):
type = query_params["type"]
if type == "znc":
query_params["channel"] = "*status"
SAFE_PARAMS["channel"] = "*status"
# SAFE_PARAMS["channel"] = "*status"
if type in ["query", "notice"]:
nicks_sensitive = [
SAFE_PARAMS["channel"],
SAFE_PARAMS["nick"],
query_params["channel"],
query_params["nick"],
] # UNSAFE
# nicks = [query_params["channel"], query_params["nick"]]
query = True
@@ -344,17 +344,17 @@ class DrilldownContextModal(APIView):
and not type == "query"
):
query_params["index"] = "main"
SAFE_PARAMS["index"] = "main"
# SAFE_PARAMS["index"] = "main"
if query_params["type"] in ["znc", "auth"]:
query = True
if not request.user.is_superuser:
query_params["index"] = "main"
SAFE_PARAMS["index"] = "main"
# SAFE_PARAMS["index"] = "main"
query_params["sorting"] = "desc"
SAFE_PARAMS["sorting"] = "desc"
# SAFE_PARAMS["sorting"] = "desc"
annotate = False
if query_params["source"] == "irc":
@@ -363,10 +363,10 @@ class DrilldownContextModal(APIView):
# Create the query with the context helper
search_query = construct_query(
query_params["index"],
SAFE_PARAMS["net"],
SAFE_PARAMS["channel"],
query_params["net"],
query_params["channel"],
query_params["source"],
SAFE_PARAMS["num"],
query_params["num"],
size,
type=type,
nicks=nicks_sensitive,
@@ -374,7 +374,7 @@ class DrilldownContextModal(APIView):
results = query_results(
request,
SAFE_PARAMS,
query_params,
annotate=annotate,
custom_query=search_query,
reverse=True,
@@ -384,15 +384,15 @@ class DrilldownContextModal(APIView):
if "message" in results:
return render(request, self.template_name, results)
if settings.HASHING: # we probably want to see the tokens
if query_params["source"] not in settings.SAFE_SOURCES:
if not request.user.has_perm("core.bypass_hashing"):
for index, item in enumerate(results["object_list"]):
if "tokens" in item:
results["object_list"][index]["msg"] = results[
"object_list"
][index].pop("tokens")
# item["msg"] = item.pop("tokens")
# if settings.HASHING: # we probably want to see the tokens
# if query_params["source"] not in settings.SAFE_SOURCES:
# if not request.user.has_perm("core.bypass_hashing"):
# for index, item in enumerate(results["object_list"]):
# if "tokens" in item:
# results["object_list"][index]["msg"] = results[
# "object_list"
# ][index].pop("tokens")
# # item["msg"] = item.pop("tokens")
# Make the time nicer
# for index, item in enumerate(results["object_list"]):
@@ -446,37 +446,35 @@ class ThresholdInfoModal(APIView):
# SAFE BLOCK #
# Lookup the hash values but don't disclose them to the user
if settings.HASHING:
SAFE_PARAMS = request.data.dict()
hash_lookup(request.user, SAFE_PARAMS)
safe_net = SAFE_PARAMS["net"]
safe_nick = SAFE_PARAMS["nick"]
safe_channel = SAFE_PARAMS["channel"]
channels = get_chans(safe_net, [safe_nick])
users = get_users(safe_net, [safe_channel])
num_users = annotate_num_users(safe_net, channels)
num_chans = annotate_num_chans(safe_net, users)
# if settings.HASHING:
# SAFE_PARAMS = request.data.dict()
# hash_lookup(request.user, SAFE_PARAMS)
channels = get_chans(net, [nick])
users = get_users(net, [nick])
num_users = annotate_num_users(net, channels)
num_chans = annotate_num_chans(net, users)
if channels:
inter_users = get_users(safe_net, channels)
inter_users = get_users(net, channels)
else:
inter_users = []
if users:
inter_chans = get_chans(safe_net, users)
inter_chans = get_chans(net, users)
else:
inter_chans = []
if settings.HASHING:
hash_list(request.user, inter_chans)
hash_list(request.user, inter_users)
# if settings.HASHING:
# hash_list(request.user, inter_chans)
# hash_list(request.user, inter_users)
hash_list(request.user, num_chans, hash_keys=True)
hash_list(request.user, num_users, hash_keys=True)
# hash_list(request.user, num_chans, hash_keys=True)
# hash_list(request.user, num_users, hash_keys=True)
hash_list(request.user, channels)
hash_list(request.user, users)
# hash_list(request.user, channels)
# hash_list(request.user, users)
if settings.RANDOMISATION:
randomise_list(request.user, num_chans)
randomise_list(request.user, num_users)
# if settings.RANDOMISATION:
# randomise_list(request.user, num_chans)
# randomise_list(request.user, num_users)
# SAFE BLOCK END #