diff --git a/files/__main__.py b/files/__main__.py
index f21664fb5..683af649c 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -32,7 +32,7 @@ app.config["SERVER_NAME"] = environ.get("DOMAIN").strip()
app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 3153600
app.config["SESSION_COOKIE_NAME"] = "session_" + environ.get("SITE_NAME").strip().lower()
app.config["VERSION"] = "1.0.0"
-app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024
+app.config['MAX_CONTENT_LENGTH'] = 100 * 1024 * 1024
app.config["SESSION_COOKIE_SECURE"] = True
app.config["SESSION_COOKIE_SAMESITE"] = "Lax"
app.config["PERMANENT_SESSION_LIFETIME"] = 60 * 60 * 24 * 365
diff --git a/files/helpers/images.py b/files/helpers/images.py
index 4af2570f9..cda0292c6 100644
--- a/files/helpers/images.py
+++ b/files/helpers/images.py
@@ -2,9 +2,16 @@ from PIL import Image, ImageOps
from PIL.ImageSequence import Iterator
from webptools import gifwebp
import subprocess
+import os
+from flask import abort
+
+def process_image(patron, filename=None, resize=0):
+ size = os.stat(filename).st_size
+
+ if size > 16 * 1024 * 1024 or not patron and size > 8 * 1024 * 1024:
+ os.remove(filename)
+ abort(413)
-def process_image(filename=None, resize=0):
-
i = Image.open(filename)
if resize and i.width > resize:
diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py
index bbf127cc7..cb0257852 100644
--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@@ -35,10 +35,6 @@ def get_logged_in_user():
if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level):
abort(403)
- if v and v.patron:
- if request.content_length and request.content_length > 16 * 1024 * 1024: abort(413)
- elif request.content_length and request.content_length > 8 * 1024 * 1024: abort(413)
-
return v
def check_ban_evade(v):
diff --git a/files/routes/comments.py b/files/routes/comments.py
index c924cda83..f1959ade5 100644
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@@ -223,17 +223,17 @@ def api_comment(v):
if file.content_type.startswith('image/'):
oldname = f'/images/{time.time()}'.replace('.','') + '.webp'
file.save(oldname)
- image = process_image(oldname)
+ image = process_image(v.patron, oldname)
if image == "": return {"error":"Image upload failed"}
if v.admin_level > 2 and level == 1:
if parent_post.id == 37696:
filename = 'files/assets/images/rDrama/sidebar/' + str(len(listdir('files/assets/images/rDrama/sidebar'))+1) + '.webp'
copyfile(oldname, filename)
- process_image(filename, 400)
+ process_image(v.patron, filename, 400)
elif parent_post.id == 37697:
filename = 'files/assets/images/rDrama/banners/' + str(len(listdir('files/assets/images/rDrama/banners'))+1) + '.webp'
copyfile(oldname, filename)
- process_image(filename)
+ process_image(v.patron, filename)
elif parent_post.id == 37833:
try:
badge_def = loads(body)
@@ -247,7 +247,7 @@ def api_comment(v):
g.db.flush()
filename = f'files/assets/images/badges/{badge.id}.webp'
copyfile(oldname, filename)
- process_image(filename, 200)
+ process_image(v.patron, filename, 200)
requests.post(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/purge_cache', headers=CF_HEADERS, data={'files': [f"https://{request.host}/assets/images/badges/{badge.id}.webp"]}, timeout=5)
except Exception as e:
return {"error": str(e)}, 400
@@ -269,7 +269,7 @@ def api_comment(v):
filename = f'files/assets/images/emojis/{name}.webp'
copyfile(oldname, filename)
- process_image(filename, 200)
+ process_image(v.patron, filename, 200)
marsey = Marsey(name=name, author_id=user.id, tags=tags, count=0)
g.db.add(marsey)
@@ -308,14 +308,10 @@ def api_comment(v):
elif file.content_type.startswith('video/'):
file.save("video.mp4")
with open("video.mp4", 'rb') as f:
- try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
+ try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
- try: url = req['link']
- except:
- error = req['error']
- if error == 'File exceeds max duration': error += ' (60 seconds)'
- return {"error": error}, 400
- if url.endswith('.'): url += 'mp4'
+ try: url = req['files'][0]['url']
+ except: return {"error": req['description']}, 400
body += f"\n\n{url}"
else: return {"error": "Image/Video files only"}, 400
@@ -765,19 +761,15 @@ def edit_comment(cid, v):
if file.content_type.startswith('image/'):
name = f'/images/{time.time()}'.replace('.','') + '.webp'
file.save(name)
- url = process_image(name)
+ url = process_image(v.patron, name)
body += f"\n\n![]({url})"
elif file.content_type.startswith('video/'):
file.save("video.mp4")
with open("video.mp4", 'rb') as f:
- try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
+ try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
- try: url = req['link']
- except:
- error = req['error']
- if error == 'File exceeds max duration': error += ' (60 seconds)'
- return {"error": error}, 400
- if url.endswith('.'): url += 'mp4'
+ try: url = req['files'][0]['url']
+ except: return {"error": req['description']}, 400
body += f"\n\n{url}"
else: return {"error": "Image/Video files only"}, 400
diff --git a/files/routes/errors.py b/files/routes/errors.py
index a51df74f0..8a3024578 100644
--- a/files/routes/errors.py
+++ b/files/routes/errors.py
@@ -47,9 +47,9 @@ def error_405(e):
@app.errorhandler(413)
def error_413(e):
- return {"error": "Max file size is 8 MB (16 MB for paypigs)"}, 413
+ return {"error": "Max image size is 8 MB (16 MB for paypigs)"}, 413
if request.headers.get("Authorization") or request.headers.get("xhr"):
- return {"error": "Max file size is 8 MB (16 MB for paypigs)"}, 413
+ return {"error": "Max image size is 8 MB (16 MB for paypigs)"}, 413
else: return render_template('errors/413.html', err=True), 413
@app.errorhandler(429)
diff --git a/files/routes/posts.py b/files/routes/posts.py
index fc37e8721..f6f5d10fd 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -461,19 +461,15 @@ def edit_post(pid, v):
if file.content_type.startswith('image/'):
name = f'/images/{time.time()}'.replace('.','') + '.webp'
file.save(name)
- url = process_image(name)
+ url = process_image(v.patron, name)
body += f"\n\n![]({url})"
elif file.content_type.startswith('video/'):
file.save("video.mp4")
with open("video.mp4", 'rb') as f:
- try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
+ try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
- try: url = req['link']
- except:
- error = req['error']
- if error == 'File exceeds max duration': error += ' (60 seconds)'
- return {"error": error}, 400
- if url.endswith('.'): url += 'mp4'
+ try: url = req['files'][0]['url']
+ except: return {"error": req['description']}, 400
body += f"\n\n{url}"
else: return {"error": "Image/Video files only"}, 400
@@ -707,7 +703,7 @@ def thumbnail_thread(pid):
for chunk in image_req.iter_content(1024):
file.write(chunk)
- post.thumburl = process_image(name, resize=100)
+ post.thumburl = process_image(0, name, resize=100)
db.add(post)
db.commit()
@@ -1081,18 +1077,14 @@ def submit_post(v, sub=None):
if file.content_type.startswith('image/'):
name = f'/images/{time.time()}'.replace('.','') + '.webp'
file.save(name)
- body += f"\n\n![]({process_image(name)})"
+ body += f"\n\n![]({process_image(v.patron, name)})"
elif file.content_type.startswith('video/'):
file.save("video.mp4")
with open("video.mp4", 'rb') as f:
- try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
- except requests.Timeout: return error("Video upload timed out, please try again!")
- try: url = req['link']
- except:
- err = req['error']
- if err == 'File exceeds max duration': err += ' (60 seconds)'
- return error(err)
- if url.endswith('.'): url += 'mp4'
+ try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
+ except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
+ try: url = req['files'][0]['url']
+ except: return {"error": req['description']}, 400
body += f"\n\n{url}"
else:
return error("Image/Video files only.")
@@ -1186,22 +1178,18 @@ def submit_post(v, sub=None):
if file.content_type.startswith('image/'):
name = f'/images/{time.time()}'.replace('.','') + '.webp'
file.save(name)
- post.url = process_image(name)
+ post.url = process_image(v.patron, name)
name2 = name.replace('.webp', 'r.webp')
copyfile(name, name2)
- post.thumburl = process_image(name2, resize=100)
+ post.thumburl = process_image(v.patron, name2, resize=100)
elif file.content_type.startswith('video/'):
file.save("video.mp4")
with open("video.mp4", 'rb') as f:
- try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
- except requests.Timeout: return error("Video upload timed out, please try again!")
- try: url = req['link']
- except:
- err = req['error']
- if err == 'File exceeds max duration': err += ' (60 seconds)'
- return error(err)
- if url.endswith('.'): url += 'mp4'
+ try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
+ except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
+ try: url = req['files'][0]['url']
+ except: return {"error": req['description']}, 400
post.url = url
else:
return error("Image/Video files only.")
diff --git a/files/routes/settings.py b/files/routes/settings.py
index 28c7bca60..3e58161f4 100644
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@@ -214,19 +214,15 @@ def settings_profile_post(v):
if file.content_type.startswith('image/'):
name = f'/images/{time.time()}'.replace('.','') + '.webp'
file.save(name)
- url = process_image(name)
+ url = process_image(v.patron, name)
bio += f"\n\n![]({url})"
elif file.content_type.startswith('video/'):
file.save("video.mp4")
with open("video.mp4", 'rb') as f:
- try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
+ try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
- try: url = req['link']
- except:
- error = req['error']
- if error == 'File exceeds max duration': error += ' (60 seconds)'
- return {"error": error}, 400
- if url.endswith('.'): url += 'mp4'
+ try: url = req['files'][0]['url']
+ except: return {"error": req['description']}, 400
bio += f"\n\n{url}"
else:
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "Image/Video files only"}, 400
@@ -556,13 +552,13 @@ def settings_images_profile(v):
name = f'/images/{time.time()}'.replace('.','') + '.webp'
file.save(name)
- highres = process_image(name)
+ highres = process_image(v.patron, name)
if not highres: abort(400)
name2 = name.replace('.webp', 'r.webp')
copyfile(name, name2)
- imageurl = process_image(name2, resize=100)
+ imageurl = process_image(v.patron, name2, resize=100)
if not imageurl: abort(400)
@@ -592,7 +588,7 @@ def settings_images_banner(v):
name = f'/images/{time.time()}'.replace('.','') + '.webp'
file.save(name)
- bannerurl = process_image(name)
+ bannerurl = process_image(v.patron, name)
if bannerurl:
if v.bannerurl and '/images/' in v.bannerurl:
diff --git a/files/routes/static.py b/files/routes/static.py
index 25f00d418..4c212e669 100644
--- a/files/routes/static.py
+++ b/files/routes/static.py
@@ -401,19 +401,15 @@ def submit_contact(v):
if file.content_type.startswith('image/'):
name = f'/images/{time.time()}'.replace('.','') + '.webp'
file.save(name)
- url = process_image(name)
+ url = process_image(v.patron, name)
body_html += f''
elif file.content_type.startswith('video/'):
file.save("video.mp4")
with open("video.mp4", 'rb') as f:
- try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
+ try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
- try: url = req['link']
- except:
- error = req['error']
- if error == 'File exceeds max duration': error += ' (60 seconds)'
- return {"error": error}, 400
- if url.endswith('.'): url += 'mp4'
+ try: url = req['files'][0]['url']
+ except: return {"error": req['description']}, 400
body_html += f"
{url}
" else: return {"error": "Image/Video files only"}, 400 diff --git a/files/routes/subs.py b/files/routes/subs.py index 1445ae5a5..f9b179a2b 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -381,7 +381,7 @@ def sub_banner(v, sub): name = f'/images/{time.time()}'.replace('.','') + '.webp' file.save(name) - bannerurl = process_image(name) + bannerurl = process_image(v.patron, name) if bannerurl: if sub.bannerurl and '/images/' in sub.bannerurl: @@ -408,7 +408,7 @@ def sub_sidebar(v, sub): file = request.files["sidebar"] name = f'/images/{time.time()}'.replace('.','') + '.webp' file.save(name) - sidebarurl = process_image(name) + sidebarurl = process_image(v.patron, name) if sidebarurl: if sub.sidebarurl and '/images/' in sub.sidebarurl: diff --git a/files/routes/users.py b/files/routes/users.py index d3763c7dd..38f286553 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -694,19 +694,15 @@ def messagereply(v): if file.content_type.startswith('image/'): name = f'/images/{time.time()}'.replace('.','') + '.webp' file.save(name) - url = process_image(name) + url = process_image(v.patron, name) body_html += f'{url}
" else: return {"error": "Image/Video files only"}, 400