32 lines
1,013 B
Python
32 lines
1,013 B
Python
from flask import Blueprint, Response, redirect, request
|
|
from sqlalchemy import select
|
|
|
|
from l4d2web.auth import require_admin
|
|
from l4d2web.db import session_scope
|
|
from l4d2web.models import Overlay
|
|
from l4d2web.services.security import validate_overlay_path
|
|
|
|
|
|
bp = Blueprint("overlay", __name__)
|
|
|
|
|
|
@bp.post("/admin/overlays")
|
|
@require_admin
|
|
def create_overlay() -> Response:
|
|
name = request.form.get("name", "").strip()
|
|
raw_path = request.form.get("path", "").strip()
|
|
if not name or not raw_path:
|
|
return Response("missing fields", status=400)
|
|
|
|
try:
|
|
validated_path = validate_overlay_path(raw_path)
|
|
except ValueError as exc:
|
|
return Response(str(exc), status=400)
|
|
|
|
with session_scope() as db:
|
|
existing = db.scalar(select(Overlay).where(Overlay.name == name))
|
|
if existing is not None:
|
|
return Response("overlay already exists", status=409)
|
|
db.add(Overlay(name=name, path=str(validated_path)))
|
|
|
|
return redirect("/admin/overlays")
|