G-tix
/
rDrama
forked from rDrama/rDrama
1
0
Fork 0
Code Pull Requests Activity
21,031 Commits
1 Branch
0 Tags
2.1 GiB
Commit Graph

269 Commits (4a05910161062504f6ce14cfd360732d1c351459)

Author SHA1 Message Date
justcool393 c9ecb5d535
account linking improvements (#448) 
currently account delinking is very messy and can sometimes just not work
we do codey stuff so it's not as bad
also we create a pretty page for mops to mop up borked account links

* alts: allow proper delinking

* fix prev commit

* url fix

* fix 500

* fixes

* :pepodrool:

* flag

* :pepodrool: redux

* sdsdsdsds

* correct endpoint

* fix html page

* alts: only adjust session history if flag is set

* fix 500

* allow relinking

* fsdsds

* :pepodrool: redux

* alts: don't fail if an alt isn't history

* use postToastSwitch + some API changes

* remove unnecessary variables

* d-none

* delink accounts mod action

* fa-link-slash

* alts: add form to create alt

* remove copied and pasted template

* rounded section

* UI improvement + fix

* \n

* fix status

* admin: remove duplicate route
admin: do a permissions check on 2 pages that need it
admin: set the manual flag for manually flagged alts

* variable change

* fix 500

* alts

* add shadowban icon to alt link tool

* shadowbanned tooltip

* add user info section

* fix 500, remove unnecessary form, and add alt votes button

* trans and also link to page

* margin

* sdsdsd

* stop the count

* fix prev commit

* with ctx

* plural

* alts

* don't show shadowbanned users to those who can't see them
this is... extremely rare and won't ever be seen in production however if perms were ever rearranged in the future, this keeps permissions correct

* shadowban check in alt list

* let shadow realm enthusiasts see shadowban alts

* sdsdsds

* test

* be graceful where needed

* sdsdsdsds

* alts: don't allow adding the same account
alts: clarify wording

* rename and reorder on admin panel

* EOL

* remove frankly unnecessary check

* try with a set

* test

* Revert "try with a set"

This reverts commit 72be353fba5ffa39b37590cc5d3bf584c94ee06e.

* Revert "Revert "try with a set""

This reverts commit 81e41890a192e8b46d0463477998e905fddf56ba.

* Revert "Revert "Revert "try with a set"""

This reverts commit be51592135a3c09848f993f0154bd2ac862ae505.

* clean up test
 2022-11-14 12:32:13 -05:00
justcool393 df992db1db signups: notify me on signups 2022-11-13 22:01:02 -06:00
Snakes 8fee66c894
Reorder decorators to support f63237a9a2. 
Ultimately necessary because otherwise all bots share rate limits
with each other. The somewhat haphazard ordering of decorators bothers
me, but it's functionally required.

Approaches using request context (like reading the Authorization
header in ratelimit_user) likely produce bugs all their own.
 2022-11-13 05:18:52 -05:00
justcool393 aa272729f1 default ratelimit and default ratelimit slower 2022-11-13 00:43:47 -06:00
justcool393 80d7d5281d ratelimit_user() wrapper 2022-11-13 00:07:15 -06:00
Aevann1 0796a17422 switch from hcaptcha to turnstile 2022-11-11 20:34:06 +02:00
justcool393 26549a6e66
remove logged out routes (#433) 
* remove /logged_out/ routes

* update sitemap, remove users route, and update header

* cloudflare cookie

* only mess with the cookie whenever we desire auth

* sitemap: (small) improvements
sitemap: fix little bug i introduced
sitemap: fix login redirects for /id/ routes

* sitemap: remove duplicate entry

* contact is auth desired

* imports: don't import what we don't need and bind late to the db

* praying to god this works

* keep yourself safe

* oh i actually need to commit and push lol

* import Sub

* t

* refix cache purger
 2022-11-09 00:35:24 -05:00
justcool393 7d80483f67 alts: only change session data if new include_current_session flag is set 2022-11-01 16:58:42 -05:00
Aevann1 58912b124a display "@" before account name in failed login attempt 2022-10-28 22:25:35 +02:00
Aevann1 449c8b51cb Revert "add another ratelimit by username" 
This reverts commit 4385bafa85.
 2022-10-28 20:25:14 +02:00
Aevann1 4385bafa85 add another ratelimit by username 2022-10-28 20:22:51 +02:00
Aevann1 e1dc790165 tighten from 15/day to 10/day 2022-10-28 20:13:37 +02:00
Aevann1 e41ee21f2b remove redundant ratelimits in /login 2022-10-28 20:13:23 +02:00
Snakes 1f27b0fb2f
Rate limit failed logins. 2022-10-28 14:07:24 -04:00
Aevann1 ad358650e1 remove retarded bullshit I wasn't consulted about 2022-10-27 19:53:08 +02:00
justcool393 50482c9b0e T to t 2022-10-26 18:41:29 -05:00
justcool393 e6f735b8ca security: be slightly more generous with login ratelimits 2022-10-26 14:18:21 -05:00
justcool393 782a4494da login: create invalid file if doesn't exist 2022-10-26 14:11:30 -05:00
justcool393 03cf8038f3 security: log invalid password attempts for admins 
security: reduce login ratelimits from 1/second ->1/10 seconds
security: reduce login ratelimits from 200/hr -> 100/hr
security: reduce login ratelimits from 1000/day -> 500/day
 2022-10-26 13:31:17 -05:00
gooseman 8b98eabbb9 simultaneous hosts 2022-10-24 15:28:43 -07:00
justcool393 f4af073253 fix 17 potential 500s 2022-10-16 02:51:42 -07:00
justcool393 6138c94a10 unduplicated alt adding code 
* should probably be part of the Alt or User class at some point but this is for a diff day
 2022-10-15 11:52:10 -07:00
justcool393 39aa59a37a add g.is_api_or_xhr so we can use it where we want to give API output 
* also use v.client for strict API clients
 2022-10-15 02:11:36 -07:00
Aevann1 89a0ff4a4b remove username reservation system 2022-10-14 14:01:06 +02:00
Aevann1 30813fc719 Merge branch 'frost' of https://github.com/Aevann1/rDrama into frost 2022-10-10 11:06:32 +02:00
Aevann1 00b045c464 tweak env again 2022-10-10 11:06:27 +02:00
justcool393 f872f734ec constantify a bunch of things 
* sign up follow id is now a thing (if not specified will just msg carp instead)
* notification thread id is also a constant now
* blackjackbtz id is a constant, used for i think special PM handling
 2022-10-09 23:37:42 -07:00
Aevann1 aa8e7055fb rework env vars a bit 2022-10-08 02:43:04 +02:00
Aevann1 f5f0f7d528 give carp notifs for new users on rdrama again + make new users follow kippy on PCM 2022-10-06 00:22:57 +02:00
Aevann1 bf9a2398da add nginx to docker 2022-10-04 21:48:52 +02:00
Aevann1 3bf62c6ff0 add missing ban_reason when shadowbanning 2022-10-02 13:31:02 +02:00
justcool393 7e3f43c9ab
unperson shadowbanned users (#373) 
* unperson shadowbanned users
if a shadowbanned user copes, does anyone hear them seethe?

* unperson shadowbanned users (by id)

* don't import that

* Add include_blocks.
We don't always want to request blocks from the db when we have a user set

* block shadowbanned users from hole mod tools

* don't allow awarding shadowbanned things

* fix conflict

* gracefully use get_account when specified and also add include_blocks flag to get_account as well
 2022-09-30 14:00:58 -07:00
Aevann1 c67b4eea0a limit new users following carp to WPD 2022-09-29 16:16:35 +02:00
Aevann1 37e1f25624 make using proxies only happen in 3 circumstances again 2022-09-26 06:01:25 +02:00
Aevann1 f2af76c905 add proxies on hcaptcha requests 2022-09-26 04:40:58 +02:00
Aevann1 0c182585c1 save ragnar on WPD 2022-09-24 03:41:35 +02:00
Aevann1 ce4d2ada9e fix the @tax situation 2022-09-23 14:36:10 +02:00
Aevann1 d1bc2f3468 integrate check_ban_evade into check_for_alts 2022-09-23 14:33:58 +02:00
Aevann1 8a8a67a059 remove ban_evade logic 2022-09-22 21:40:14 +02:00
Aevann1 0c3cf0128a "That" -> "This" 2022-09-13 11:59:29 +02:00
Aevann1 cefd68755d stop the print spam 2022-09-11 03:56:47 +02:00
Aevann1 0c32d56cd6 casino + style shit 2022-09-05 01:15:37 +02:00
Aevann1 9a32337a22 add flush=true to a print statement 2022-09-02 19:43:59 +02:00
Aevann1 11afc5cff1 fix redirection on signup 2022-08-30 21:03:49 +02:00
Aevann1 26959e0751 murder deuxrama.net 2022-08-11 18:46:11 +02:00
Aevann1 e286a2e881 spam carp inbox 2022-08-04 22:44:59 +02:00
Aevann1 07be18cd1b fix 500 errors 2022-07-28 16:23:38 +02:00
Aevann1 5a2dc01990 modify new user message a little 2022-07-16 01:31:40 +02:00
Snakes dfa700ab1a Deux: patch improper logins for post-seeding accs. 
Deux's users were originally seeded from a clone of the rDrama DB.
Thereby, user IDs are paired between the sites, and this is further
the only clear means by which we can link accounts between the sites.
However, signups on either site after the seeding will not have
synchronized IDs. Newer accounts on Drama could thereby be used to
sign into the Deux account with the same user_id.

There's no clear way to solve this without going to a shared identity
provider for both. In the interim, we restrict shared login to users
from before divergence began. This is a kludge, but it works.
 2022-07-14 03:00:08 -04:00
Snakes 88108594ad Implement Deux login with rDrama challenge. 2022-07-13 20:36:04 -04:00