initial import

2026-01-01 21:31:54 +08:00
parent 92c1261f6f
commit 6d7be5c45c
3 changed files with 11 additions and 19 deletions
--- a/app.py
+++ b/app.py
@@ -911,19 +911,8 @@ def upload_file():
    return flask.jsonify({'success': True})

@app.route("/api/delete", methods=["POST"])
-@limiter.limit("1 per day")
 def delete():
-    id = flask.request.get_json().get('id')
-    client["taiko"]["songs"].delete_one({ "id": id })
-
-    parent_dir = pathlib.Path(os.getenv("TAIKO_WEB_SONGS_DIR", "public/songs"))
-    target_dir = parent_dir / id
-    if not (target_dir.resolve().parents and parent_dir.resolve() in target_dir.resolve().parents):
-        return flask.jsonify({ "success": False, "reason": "PARENT IS NOT ALLOWED" })
-
-    shutil.rmtree(target_dir)
-
-    return "成功しました。"
+    return flask.jsonify({ "success": False, "reason": "Deletion is disabled" }), 403

 if __name__ == '__main__':
    import argparse