diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py index b443d5daf..c49c367b4 100644 --- a/files/helpers/wrappers.py +++ b/files/helpers/wrappers.py @@ -155,6 +155,7 @@ def feature_required(x): return make_response(f(*args, v=v, **kwargs)) wrapper.__name__ = f.__name__ return wrapper + return wrapper_maker def casino_required(f): def wrapper(*args, **kwargs): diff --git a/files/routes/admin.py b/files/routes/admin.py index deb4554b1..c70dbd17a 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -521,10 +521,8 @@ def under_attack(v): @app.get("/admin/badge_grant") @admin_level_required(PERMS['USER_BADGES']) +@feature_required('BADGES') def badge_grant_get(v): - if not FEATURES['BADGES']: - abort(404) - badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() return render_template("admin/badge_grant.html", v=v, badge_types=badges) @@ -532,9 +530,9 @@ def badge_grant_get(v): @app.post("/admin/badge_grant") @limiter.limit("1/second;30/minute;200/hour;1000/day") @admin_level_required(PERMS['USER_BADGES']) +@feature_required('BADGES') def badge_grant_post(v): - if not FEATURES['BADGES']: - abort(404) + badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() @@ -582,9 +580,9 @@ def badge_grant_post(v): @app.get("/admin/badge_remove") @admin_level_required(PERMS['USER_BADGES']) +@feature_required('BADGES') def badge_remove_get(v): - if not FEATURES['BADGES']: - abort(404) + badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() @@ -594,9 +592,9 @@ def badge_remove_get(v): @app.post("/admin/badge_remove") @limiter.limit("1/second;30/minute;200/hour;1000/day") @admin_level_required(PERMS['USER_BADGES']) +@feature_required('BADGES') def badge_remove_post(v): - if not FEATURES['BADGES']: - abort(404) + badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() @@ -1212,9 +1210,9 @@ def distinguish_post(post_id, v): @app.post("/sticky/") @admin_level_required(PERMS['POST_COMMENT_MODERATION']) +@feature_required('PINS') def sticky_post(post_id, v): - if not FEATURES['PINS']: - abort(403) + post = get_post(post_id) if not post.stickied: diff --git a/files/routes/awards.py b/files/routes/awards.py index 5d5a154e4..faecb388d 100644 --- a/files/routes/awards.py +++ b/files/routes/awards.py @@ -17,9 +17,9 @@ from copy import deepcopy @app.get("/shop") @app.get("/settings/shop") @auth_required +@feature_required('AWARDS') def shop(v): - if not FEATURES['AWARDS']: - abort(404) + AWARDS = deepcopy(AWARDS2) @@ -44,9 +44,9 @@ def shop(v): @app.post("/buy/") @limiter.limit("100/minute;200/hour;1000/day") @auth_required +@feature_required('BADGES') def buy(v, award): - if not FEATURES['AWARDS']: - abort(404) + if award == 'benefactor' and not request.values.get("mb"): return {"error": "You can only buy the Benefactor award with marseybux."}, 403 @@ -127,9 +127,9 @@ def buy(v, award): @limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @is_not_permabanned +@feature_required('BADGES') def award_thing(v, thing_type, id): - if not FEATURES['AWARDS']: - abort(404) + if thing_type == 'post': thing = get_post(id) else: thing = get_comment(id) diff --git a/files/routes/casino.py b/files/routes/casino.py index 7053de0f5..5208f6615 100644 --- a/files/routes/casino.py +++ b/files/routes/casino.py @@ -14,10 +14,9 @@ from files.helpers.lottery import * @app.get("/casino") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def casino(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return render_template("casino/rehab.html", v=v) return render_template("casino.html", v=v) @@ -26,10 +25,9 @@ def casino(v): @app.get("/casino/") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def casino_game_page(v, game): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return render_template("casino/rehab.html", v=v) elif game not in CASINO_GAME_KINDS: abort(404) @@ -55,10 +53,9 @@ def casino_game_page(v, game): @app.get("/casino//feed") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def casino_game_feed(v, game): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 elif game not in CASINO_GAME_KINDS: abort(404) @@ -71,10 +68,9 @@ def casino_game_feed(v, game): @app.get("/lottershe") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def lottershe(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return render_template("casino/rehab.html", v=v) participants = get_users_participating_in_lottery() @@ -84,10 +80,9 @@ def lottershe(v): @app.post("/casino/slots") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def pull_slots(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -115,10 +110,9 @@ def pull_slots(v): @app.post("/casino/twentyone/deal") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def blackjack_deal_to_player(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -136,10 +130,9 @@ def blackjack_deal_to_player(v): @app.post("/casino/twentyone/hit") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def blackjack_player_hit(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -153,10 +146,9 @@ def blackjack_player_hit(v): @app.post("/casino/twentyone/stay") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def blackjack_player_stay(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -170,10 +162,9 @@ def blackjack_player_stay(v): @app.post("/casino/twentyone/double-down") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def blackjack_player_doubled_down(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -187,10 +178,9 @@ def blackjack_player_doubled_down(v): @app.post("/casino/twentyone/buy-insurance") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def blackjack_player_bought_insurance(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -204,10 +194,9 @@ def blackjack_player_bought_insurance(v): @app.get("/casino/roulette/bets") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def roulette_get_bets(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 bets = get_roulette_bets() @@ -218,10 +207,9 @@ def roulette_get_bets(v): @app.post("/casino/roulette/place-bet") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def roulette_player_placed_bet(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: diff --git a/files/routes/comments.py b/files/routes/comments.py index c7d00d9e5..74f5d1043 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -645,9 +645,9 @@ def undelete_comment(cid, v): @app.post("/pin_comment/") @auth_required +@feature_required('PINS') def pin_comment(cid, v): - if not FEATURES['PINS']: - abort(403) + comment = get_comment(cid, v=v) if not comment.stickied: diff --git a/files/routes/hats.py b/files/routes/hats.py index 024bcc3db..4eff02150 100644 --- a/files/routes/hats.py +++ b/files/routes/hats.py @@ -8,9 +8,8 @@ from flask import g @app.get("/hats") @auth_required +@feature_required('HATS') def hats(v): - if not FEATURES['HATS']: abort(404) - owned_hat_ids = [x.hat_id for x in v.owned_hats] if request.values.get("sort") == 'author_asc': @@ -34,9 +33,8 @@ def hats(v): @app.post("/buy_hat/") @auth_required +@feature_required('HATS') def buy_hat(v, hat_id): - if not FEATURES['HATS']: abort(404) - try: hat_id = int(hat_id) except: return {"error": "Hat not found!"}, 400 @@ -85,9 +83,8 @@ def buy_hat(v, hat_id): @app.post("/equip_hat/") @auth_required +@feature_required('HATS') def equip_hat(v, hat_id): - if not FEATURES['HATS']: abort(404) - try: hat_id = int(hat_id) except: return {"error": "Hat not found!"}, 400 @@ -101,9 +98,8 @@ def equip_hat(v, hat_id): @app.post("/unequip_hat/") @auth_required +@feature_required('HATS') def unequip_hat(v, hat_id): - if not FEATURES['HATS']: abort(404) - try: hat_id = int(hat_id) except: return {"error": "Hat not found!"}, 400 diff --git a/files/routes/posts.py b/files/routes/posts.py index 778b86e25..63470bcb4 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -30,9 +30,9 @@ titleheaders = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWe @app.post("/club_post/") @auth_required +@feature_required('COUNTRY_CLUB') def club_post(pid, v): - if not FEATURES['COUNTRY_CLUB']: - abort(403) + post = get_post(pid) if post.author_id != v.id and v.admin_level < PERMS['POST_COMMENT_MODERATION']: abort(403) @@ -56,9 +56,9 @@ def club_post(pid, v): @app.post("/unclub_post/") @auth_required +@feature_required('COUNTRY_CLUB') def unclub_post(pid, v): - if not FEATURES['COUNTRY_CLUB']: - abort(403) + post = get_post(pid) if post.author_id != v.id and v.admin_level < 2: abort(403) diff --git a/files/routes/settings.py b/files/routes/settings.py index c262b53a8..28fd36426 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -547,9 +547,9 @@ def settings_images_profile(v): @limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required +@feature_required('USER_PROFILE_BANNER') def settings_images_banner(v): - if not FEATURES['USERS_PROFILE_BANNER']: - abort(403) + if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403 @@ -755,9 +755,9 @@ def settings_name_change(v): @limiter.limit("3/second;10/day") @limiter.limit("3/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required +@feature_required('USER_PROFILE_SONG') def settings_song_change_mp3(v): - if not FEATURES['USERS_PROFILE_SONG']: - abort(403) + file = request.files['file'] if file.content_type != 'audio/mpeg': @@ -787,9 +787,9 @@ def settings_song_change_mp3(v): @limiter.limit("3/second;10/day") @limiter.limit("3/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required +@feature_required('USER_PROFILE_SONG') def settings_song_change(v): - if not FEATURES['USERS_PROFILE_SONG']: - abort(403) + song=request.values.get("song").strip() @@ -892,9 +892,9 @@ def settings_title_change(v): @limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required +@feature_required('PRONOUNS') def settings_pronouns_change(v): - if not FEATURES['PRONOUNS']: - abort(403) + pronouns = request.values.get("pronouns").replace("𒐪","").strip() diff --git a/files/routes/static.py b/files/routes/static.py index 4115b21a7..3e67047d7 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -348,9 +348,9 @@ def badge_list(site): @app.get("/badges") @auth_required +@feature_required('BADGES') def badges(v): - if not FEATURES['BADGES']: - abort(404) + badges, counts = badge_list(SITE) return render_template("badges.html", v=v, badges=badges, counts=counts) diff --git a/files/routes/subs.py b/files/routes/subs.py index 1f9b80bb2..3cf32fb3f 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -653,9 +653,9 @@ def sub_stealth(v, sub): @app.post("/mod_pin/") @is_not_permabanned +@feature_required('PINS') def mod_pin(cid, v): - if not FEATURES['PINS']: - abort(403) + comment = get_comment(cid, v=v) if not comment.stickied: diff --git a/files/routes/users.py b/files/routes/users.py index 0dba6ce8f..978122ac1 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -230,9 +230,9 @@ def downvoting(v, username): @limiter.limit("1/second;5/day") @limiter.limit("1/second;5/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required +@feature_required('USERS_SUICIDE') def suicide(v, username): - if not FEATURES['USERS_SUICIDE']: - abort(403) + user = get_user(username) suicide = f"Hi there,\n\nA [concerned user](/id/{v.id}) reached out to us about you.\n\nWhen you're in the middle of something painful, it may feel like you don't have a lot of options. But whatever you're going through, you deserve help and there are people who are here for you.\n\nThere are resources available in your area that are free, confidential, and available 24/7:\n\n- Call, Text, or Chat with Canada's [Crisis Services Canada](https://www.crisisservicescanada.ca/en/)\n- Call, Email, or Visit the UK's [Samaritans](https://www.samaritans.org/)\n- Text CHAT to America's [Crisis Text Line](https://www.crisistextline.org/) at 741741.\nIf you don't see a resource in your area above, the moderators keep a comprehensive list of resources and hotlines for people organized by location. Find Someone Now\n\nIf you think you may be depressed or struggling in another way, don't ignore it or brush it aside. Take yourself and your feelings seriously, and reach out to someone.\n\nIt may not feel like it, but you have options. There are people available to listen to you, and ways to move forward.\n\nYour fellow users care about you and there are people who want to help."