diff --git a/files/routes/admin.py b/files/routes/admin.py index ff2d43eaa..00a5ef304 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -37,7 +37,7 @@ def loggedout_list(v): return render_template("admin/loggedout.html", v=v, users=users) -@app.get('/admin/move//') +@app.get('/admin/move//') @admin_level_required(PERMS['USER_MERGE']) def move_acc(v:User, new_id, old_id): if v.id != AEVANN_ID: abort(403) @@ -261,7 +261,7 @@ def remove_admin(v:User, username): return {"message": f"@{user.username} has been removed as admin!"} -@app.post("/distribute/") +@app.post("/distribute/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['POST_BETS_DISTRIBUTE']) def distribute(v:User, option_id): @@ -883,7 +883,7 @@ def admin_removed_comments(v): next_exists=next_exists ) -@app.post("/unagendaposter/") +@app.post("/unagendaposter/") @admin_level_required(PERMS['USER_AGENDAPOSTER']) def unagendaposter(user_id, v): user = get_account(user_id) @@ -910,7 +910,7 @@ def unagendaposter(user_id, v): return {"message": f"@{user.username} has been unchudded!"} -@app.post("/shadowban/") +@app.post("/shadowban/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['USER_SHADOWBAN']) def shadowban(user_id, v): @@ -940,7 +940,7 @@ def shadowban(user_id, v): return {"message": f"@{user.username} has been shadowbanned!"} -@app.post("/unshadowban/") +@app.post("/unshadowban/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['USER_SHADOWBAN']) def unshadowban(user_id, v): @@ -966,7 +966,7 @@ def unshadowban(user_id, v): return {"message": f"@{user.username} has been unshadowbanned!"} -@app.post("/admin/title_change/") +@app.post("/admin/title_change/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['USER_TITLE_CHANGE']) def admin_title_change(user_id, v): @@ -1002,7 +1002,7 @@ def admin_title_change(user_id, v): return {"message": f"@{user.username}'s flair has been changed!"} -@app.post("/ban_user/") +@app.post("/ban_user/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['USER_BAN']) def ban_user(user_id, v): @@ -1075,7 +1075,7 @@ def ban_user(user_id, v): return {"message": f"@{user.username} has been banned {duration}!"} -@app.post("/agendaposter/") +@app.post("/agendaposter/") @admin_level_required(PERMS['USER_AGENDAPOSTER']) def agendaposter(user_id, v): user = get_account(user_id) @@ -1148,7 +1148,7 @@ def agendaposter(user_id, v): return {"message": f"@{user.username} has been chudded {duration}!"} -@app.post("/unban_user/") +@app.post("/unban_user/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['USER_BAN']) def unban_user(user_id, v): @@ -1219,7 +1219,7 @@ def unmute_user(v:User, user_id): return {"message": f"@{user.username} has been unmuted!"} -@app.post("/remove_post/") +@app.post("/remove_post/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['POST_COMMENT_MODERATION']) def remove_post(post_id, v): @@ -1247,7 +1247,7 @@ def remove_post(post_id, v): return {"message": "Post removed!"} -@app.post("/approve_post/") +@app.post("/approve_post/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['POST_COMMENT_MODERATION']) def approve_post(post_id, v): @@ -1278,7 +1278,7 @@ def approve_post(post_id, v): return {"message": "Post approved!"} -@app.post("/distinguish/") +@app.post("/distinguish/") @admin_level_required(PERMS['POST_COMMENT_DISTINGUISH']) def distinguish_post(post_id, v): post = get_post(post_id) @@ -1304,7 +1304,7 @@ def distinguish_post(post_id, v): else: return {"message": "Post undistinguished!"} -@app.post("/sticky/") +@app.post("/sticky/") @feature_required('PINS') @admin_level_required(PERMS['POST_COMMENT_MODERATION']) def sticky_post(post_id, v): @@ -1345,7 +1345,7 @@ def sticky_post(post_id, v): return {"message": f"Post pinned {pin_time}!"}, code -@app.post("/unsticky/") +@app.post("/unsticky/") @admin_level_required(PERMS['POST_COMMENT_MODERATION']) def unsticky_post(post_id, v): post = get_post(post_id) @@ -1370,7 +1370,7 @@ def unsticky_post(post_id, v): cache.delete_memoized(frontlist) return {"message": "Post unpinned!"} -@app.post("/sticky_comment/") +@app.post("/sticky_comment/") @admin_level_required(PERMS['POST_COMMENT_MODERATION']) def sticky_comment(cid, v): comment = get_comment(cid, v=v) @@ -1399,7 +1399,7 @@ def sticky_comment(cid, v): return {"message": "Comment pinned!"} -@app.post("/unsticky_comment/") +@app.post("/unsticky_comment/") @admin_level_required(PERMS['POST_COMMENT_MODERATION']) def unsticky_comment(cid, v): comment = get_comment(cid, v=v) @@ -1429,7 +1429,7 @@ def unsticky_comment(cid, v): return {"message": "Comment unpinned!"} -@app.post("/remove_comment/") +@app.post("/remove_comment/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['POST_COMMENT_MODERATION']) def remove_comment(c_id, v): @@ -1449,7 +1449,7 @@ def remove_comment(c_id, v): return {"message": "Comment removed!"} -@app.post("/approve_comment/") +@app.post("/approve_comment/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['POST_COMMENT_MODERATION']) def approve_comment(c_id, v): @@ -1475,7 +1475,7 @@ def approve_comment(c_id, v): return {"message": "Comment approved!"} -@app.post("/distinguish_comment/") +@app.post("/distinguish_comment/") @admin_level_required(PERMS['POST_COMMENT_DISTINGUISH']) def admin_distinguish_comment(c_id, v): comment = get_comment(c_id, v=v) diff --git a/files/routes/awards.py b/files/routes/awards.py index 09f7586a1..322759884 100644 --- a/files/routes/awards.py +++ b/files/routes/awards.py @@ -124,7 +124,7 @@ def buy(v:User, award): return {"message": f"{award_title} award bought!"} -@app.post("/award//") +@app.post("/award//") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @is_not_permabanned @ratelimit_user() diff --git a/files/routes/comments.py b/files/routes/comments.py index ea05cb8e4..fb20161b0 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -25,12 +25,13 @@ from files.__main__ import app, cache, limiter WORDLE_COLOR_MAPPINGS = {-1: "🟥", 0: "🟨", 1: "🟩"} -@app.get("/comment/") -@app.get("/post///") -@app.get("/h//comment/") -@app.get("/h//post///") +@app.get("/comment/") +@app.get("/post///") +@app.get("/h//comment/") +@app.get("/h//post///") @auth_desired_with_logingate def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None): + comment = get_comment(cid, v=v) if not User.can_see(v, comment): abort(404) @@ -358,7 +359,7 @@ def comment(v:User): if v.client: return c.json(db=g.db) return {"comment": render_template("comments.html", v=v, comments=[c])} -@app.post("/edit_comment/") +@app.post("/edit_comment/") @limiter.limit("1/second;10/minute;100/hour;200/day") @is_not_permabanned @ratelimit_user("1/second;10/minute;100/hour;200/day") @@ -433,7 +434,7 @@ def edit_comment(cid, v): return {"body": c.body, "comment": c.realbody(v)} -@app.post("/delete/comment/") +@app.post("/delete/comment/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -455,7 +456,7 @@ def delete_comment(cid, v): g.db.add(v) return {"message": "Comment deleted!"} -@app.post("/undelete/comment/") +@app.post("/undelete/comment/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -475,7 +476,7 @@ def undelete_comment(cid, v): g.db.add(v) return {"message": "Comment undeleted!"} -@app.post("/pin_comment/") +@app.post("/pin_comment/") @feature_required('PINS') @auth_required def pin_comment(cid, v): @@ -498,7 +499,7 @@ def pin_comment(cid, v): return {"message": "Comment pinned!"} -@app.post("/unpin_comment/") +@app.post("/unpin_comment/") @auth_required def unpin_comment(cid, v): @@ -519,7 +520,7 @@ def unpin_comment(cid, v): return {"message": "Comment unpinned!"} -@app.post("/save_comment/") +@app.post("/save_comment/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -536,7 +537,7 @@ def save_comment(cid, v): return {"message": "Comment saved!"} -@app.post("/unsave_comment/") +@app.post("/unsave_comment/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -572,7 +573,7 @@ def diff_words(answer, guess): return diffs -@app.post("/wordle/") +@app.post("/wordle/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -604,7 +605,7 @@ def handle_wordle_action(cid, v): return {"response" : comment.wordle_html(v)} -@app.post("/toggle_comment_nsfw/") +@app.post("/toggle_comment_nsfw/") @auth_required def toggle_comment_nsfw(cid, v): comment = get_comment(cid) diff --git a/files/routes/hats.py b/files/routes/hats.py index 4c1b30593..c8eaf2d7c 100644 --- a/files/routes/hats.py +++ b/files/routes/hats.py @@ -26,7 +26,7 @@ def hats(v:User): num_of_hats = g.db.query(HatDef).filter(HatDef.submitter_id == None).count() return render_template("hats.html", owned_hat_ids=owned_hat_ids, hats=hats, v=v, sales=sales, num_of_hats=num_of_hats) -@app.post("/buy_hat/") +@app.post("/buy_hat/") @limiter.limit('100/minute;1000/3 days') @auth_required def buy_hat(v:User, hat_id): @@ -77,7 +77,7 @@ def buy_hat(v:User, hat_id): return {"message": f"'{hat.name}' bought!"} -@app.post("/equip_hat/") +@app.post("/equip_hat/") @auth_required def equip_hat(v:User, hat_id): try: hat_id = int(hat_id) @@ -91,7 +91,7 @@ def equip_hat(v:User, hat_id): return {"message": f"'{hat.name}' equipped!"} -@app.post("/unequip_hat/") +@app.post("/unequip_hat/") @auth_required def unequip_hat(v:User, hat_id): try: hat_id = int(hat_id) @@ -105,7 +105,7 @@ def unequip_hat(v:User, hat_id): return {"message": f"'{hat.name}' unequipped!"} -@app.get("/hat_owners/") +@app.get("/hat_owners/") @auth_required def hat_owners(v:User, hat_id): try: hat_id = int(hat_id) diff --git a/files/routes/oauth.py b/files/routes/oauth.py index 7898000e6..4f4c4fa5a 100644 --- a/files/routes/oauth.py +++ b/files/routes/oauth.py @@ -35,7 +35,7 @@ def authorize(v): return redirect(f"{application.redirect_uri}?token={access_token}") -@app.post("/rescind/") +@app.post("/rescind/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -86,7 +86,7 @@ def request_api_keys(v): return redirect('/settings/apps') -@app.post("/delete_app/") +@app.post("/delete_app/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -109,7 +109,7 @@ def delete_oauth_app(v, aid): return redirect('/apps') -@app.post("/edit_app/") +@app.post("/edit_app/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @is_not_permabanned @ratelimit_user() @@ -133,7 +133,7 @@ def edit_oauth_app(v, aid): return redirect('/settings/apps') -@app.post("/admin/app/approve/") +@app.post("/admin/app/approve/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['APPS_MODERATION']) def admin_app_approve(v, aid): @@ -169,7 +169,7 @@ def admin_app_approve(v, aid): return {"message": f"'{app.app_name}' approved!"} -@app.post("/admin/app/revoke/") +@app.post("/admin/app/revoke/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['APPS_MODERATION']) def admin_app_revoke(v, aid): @@ -194,7 +194,7 @@ def admin_app_revoke(v, aid): return {"message": f"'{app.app_name}' revoked!"} -@app.post("/admin/app/reject/") +@app.post("/admin/app/reject/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @admin_level_required(PERMS['APPS_MODERATION']) def admin_app_reject(v, aid): @@ -220,7 +220,7 @@ def admin_app_reject(v, aid): return {"message": f"'{app.app_name}' rejected!"} -@app.get("/admin/app//posts") +@app.get("/admin/app//posts") @admin_level_required(PERMS['APPS_MODERATION']) def admin_app_id_posts(v, aid): aid=aid @@ -241,7 +241,7 @@ def admin_app_id_posts(v, aid): next_exists=next_exists ) -@app.get("/admin/app//comments") +@app.get("/admin/app//comments") @admin_level_required(PERMS['APPS_MODERATION']) def admin_app_id_comments(v, aid): @@ -276,7 +276,7 @@ def admin_apps_list(v): return render_template("admin/apps.html", v=v, apps=apps) -@app.post("/reroll/") +@app.post("/reroll/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() diff --git a/files/routes/polls.py b/files/routes/polls.py index e0fa4465b..ac43d2fa3 100644 --- a/files/routes/polls.py +++ b/files/routes/polls.py @@ -5,7 +5,7 @@ from files.routes.wrappers import * from files.__main__ import app -@app.post("/vote/post/option/") +@app.post("/vote/post/option/") @is_not_permabanned def vote_option(option_id, v): try: @@ -51,7 +51,7 @@ def vote_option(option_id, v): return {"message": "Bet successful!"} -@app.get("/votes/post/option/") +@app.get("/votes/post/option/") @auth_required def option_votes(option_id, v): try: @@ -82,7 +82,7 @@ def option_votes(option_id, v): -@app.post("/vote/comment/option/") +@app.post("/vote/comment/option/") @is_not_permabanned def vote_option_comment(option_id, v): try: @@ -116,7 +116,7 @@ def vote_option_comment(option_id, v): return "", 204 -@app.get("/votes/comment/option/") +@app.get("/votes/comment/option/") @auth_required def option_votes_comment(option_id, v): try: diff --git a/files/routes/posts.py b/files/routes/posts.py index a0f6ad98a..1b853f0a9 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -33,7 +33,7 @@ from files.__main__ import app, limiter titleheaders = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"} -@app.post("/publish/") +@app.post("/publish/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -82,10 +82,10 @@ def submit_get(v:User, sub=None): return render_template("submit.html", SUBS=SUBS, v=v, sub=sub) -@app.get("/post/") -@app.get("/post//") -@app.get("/h//post/") -@app.get("/h//post//") +@app.get("/post/") +@app.get("/post//") +@app.get("/h//post/") +@app.get("/h//post//") @auth_desired_with_logingate def post_id(pid, anything=None, v=None, sub=None): post = get_post(pid, v=v) @@ -179,7 +179,7 @@ def post_id(pid, anything=None, v=None, sub=None): sort=sort, render_replies=True, offset=offset, sub=post.subr, fart=get_setting('fart_mode')) -@app.get("/viewmore///") +@app.get("/viewmore///") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_desired_with_logingate def viewmore(v, pid, sort, offset): @@ -234,7 +234,7 @@ def viewmore(v, pid, sort, offset): return render_template("comments.html", v=v, comments=comments, p=post, ids=list(ids), render_replies=True, pid=pid, sort=sort, offset=offset) -@app.get("/morecomments/") +@app.get("/morecomments/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_desired_with_logingate def morecomments(v, cid): @@ -258,7 +258,7 @@ def morecomments(v, cid): return render_template("comments.html", v=v, comments=comments, p=p, render_replies=True) -@app.post("/edit_post/") +@app.post("/edit_post/") @limiter.limit("1/second;10/minute;100/hour;200/day") @is_not_permabanned @ratelimit_user("1/second;10/minute;100/hour;200/day") @@ -833,7 +833,7 @@ def submit_post(v:User, sub=None): else: sort = v.defaultsortingcomments return render_template('submission.html', v=v, p=post, sort=sort, render_replies=True, offset=0, success=True, sub=post.subr) -@app.post("/delete_post/") +@app.post("/delete_post/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -860,7 +860,7 @@ def delete_post_pid(pid, v): return {"message": "Post deleted!"} -@app.post("/undelete_post/") +@app.post("/undelete_post/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -882,7 +882,7 @@ def undelete_post_pid(pid, v): return {"message": "Post undeleted!"} -@app.post("/mark_post_nsfw/") +@app.post("/mark_post_nsfw/") @auth_required def mark_post_nsfw(pid, v): post = get_post(pid) @@ -916,7 +916,7 @@ def mark_post_nsfw(pid, v): return {"message": "Post has been marked as +18!"} -@app.post("/unmark_post_nsfw/") +@app.post("/unmark_post_nsfw/") @auth_required def unmark_post_nsfw(pid, v): post = get_post(pid) @@ -950,7 +950,7 @@ def unmark_post_nsfw(pid, v): return {"message": "Post has been unmarked as +18!"} -@app.post("/save_post/") +@app.post("/save_post/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -966,7 +966,7 @@ def save_post(pid, v): return {"message": "Post saved!"} -@app.post("/unsave_post/") +@app.post("/unsave_post/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -981,7 +981,7 @@ def unsave_post(pid, v): return {"message": "Post unsaved!"} -@app.post("/pin/") +@app.post("/pin/") @auth_required def pin_post(post_id, v): post = get_post(post_id) @@ -994,7 +994,7 @@ def pin_post(post_id, v): else: return {"message": "Post unpinned!"} return abort(404, "Post not found!") -@app.put("/post//new") +@app.put("/post//new") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required def set_new_sort(post_id:int, v:User): @@ -1015,7 +1015,7 @@ def set_new_sort(post_id:int, v:User): return {"message": f"Changed the the default sorting of comments on this post to 'new'"} -@app.delete("/post//new") +@app.delete("/post//new") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required def unset_new_sort(post_id:int, v:User): diff --git a/files/routes/reporting.py b/files/routes/reporting.py index 4f565c363..53efcc33d 100644 --- a/files/routes/reporting.py +++ b/files/routes/reporting.py @@ -11,7 +11,7 @@ from files.routes.front import frontlist from files.routes.wrappers import * from files.__main__ import app, limiter, cache -@app.post("/report/post/") +@app.post("/report/post/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -67,7 +67,7 @@ def flag_post(pid, v): return {"message": "Post reported!"} -@app.post("/report/comment/") +@app.post("/report/comment/") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -93,7 +93,7 @@ def flag_comment(cid, v): return {"message": "Comment reported!"} -@app.post('/del_report/post//') +@app.post('/del_report/post//') @limiter.limit("4/second;100/minute;300/hour;2000/day") @admin_level_required(PERMS['FLAGS_REMOVE']) def remove_report_post(v, pid, uid): @@ -116,7 +116,7 @@ def remove_report_post(v, pid, uid): return {"message": "Report removed successfully!"} -@app.post('/del_report/comment//') +@app.post('/del_report/comment//') @limiter.limit("4/second;100/minute;300/hour;2000/day") @admin_level_required(PERMS['FLAGS_REMOVE']) def remove_report_comment(v, cid, uid): diff --git a/files/routes/static.py b/files/routes/static.py index d5e2955cd..f431cabc7 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -17,8 +17,8 @@ from files.routes.wrappers import * from files.__main__ import app, cache, limiter -@app.get("/r/drama/comments//") -@app.get("/r/Drama/comments/<id>/<title>") +@app.get("/r/drama/comments/<int:id>/<title>") +@app.get("/r/Drama/comments/<int:id>/<title>") def rdrama(id, title): id = ''.join(f'{x}/' for x in id) return redirect(f'/archives/drama/comments/{id}{title}.html') @@ -163,7 +163,7 @@ def log(v:User): return render_template("log.html", v=v, admins=admins, types=types, admin=admin, type=kind, actions=actions, next_exists=next_exists, page=page, single_user_url='admin') -@app.get("/log/<id>") +@app.get("/log/<int:id>") @auth_required def log_item(id, v): try: id = int(id) @@ -294,7 +294,7 @@ def dismiss_mobile_tip(): session["tooltip_last_dismissed"] = int(time.time()) return "", 204 -@app.get("/transfers/<id>") +@app.get("/transfers/<int:id>") @auth_required def transfers_id(id, v): diff --git a/files/routes/subs.py b/files/routes/subs.py index 8fd17a22b..e946b4723 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -9,7 +9,7 @@ from files.routes.wrappers import * from .front import frontlist from files.__main__ import app, cache, limiter -@app.post("/exile/post/<pid>") +@app.post("/exile/post/<int:pid>") @is_not_permabanned def exile_post(v:User, pid): if v.shadowbanned: abort(500) @@ -40,7 +40,7 @@ def exile_post(v:User, pid): return {"message": f"@{u.username} has been exiled from /h/{sub} successfully!"} -@app.post("/exile/comment/<cid>") +@app.post("/exile/comment/<int:cid>") @is_not_permabanned def exile_comment(v:User, cid): if v.shadowbanned: abort(500) @@ -71,7 +71,7 @@ def exile_comment(v:User, cid): return {"message": f"@{u.username} has been exiled from /h/{sub} successfully!"} -@app.post("/h/<sub>/unexile/<uid>") +@app.post("/h/<sub>/unexile/<int:uid>") @is_not_permabanned def unexile(v:User, sub, uid): u = get_account(uid) @@ -341,7 +341,7 @@ def create_sub2(v): return redirect(f'/h/{sub}') -@app.post("/kick/<pid>") +@app.post("/kick/<int:pid>") @is_not_permabanned def kick(v:User, pid): post = get_post(pid) @@ -601,7 +601,7 @@ def subs(v:User): total_users = g.db.query(User).count() return render_template('sub/subs.html', v=v, subs=subs, total_users=total_users) -@app.post("/hole_pin/<pid>") +@app.post("/hole_pin/<int:pid>") @is_not_permabanned def hole_pin(v:User, pid): p = get_post(pid) @@ -629,7 +629,7 @@ def hole_pin(v:User, pid): return {"message": f"Post pinned to /h/{p.sub} successfully!"} -@app.post("/hole_unpin/<pid>") +@app.post("/hole_unpin/<int:pid>") @is_not_permabanned def hole_unpin(v:User, pid): p = get_post(pid) @@ -688,7 +688,7 @@ def sub_stealth(v:User, sub): return {"message": f"Stealth mode has been disabled for /h/{sub} successfully!"} -@app.post("/mod_pin/<cid>") +@app.post("/mod_pin/<int:cid>") @feature_required('PINS') @is_not_permabanned def mod_pin(cid, v): @@ -716,7 +716,7 @@ def mod_pin(cid, v): return {"message": "Comment pinned!"} -@app.post("/unmod_pin/<cid>") +@app.post("/unmod_pin/<int:cid>") @is_not_permabanned def mod_unpin(cid, v): @@ -784,7 +784,7 @@ def hole_log(v:User, sub): return render_template("log.html", v=v, admins=mods, types=types, admin=mod, type=kind, actions=actions, next_exists=next_exists, page=page, sub=sub, single_user_url='mod') -@app.get("/h/<sub>/log/<id>") +@app.get("/h/<sub>/log/<int:id>") @auth_required def hole_log_item(id, v, sub): sub = get_sub_by_name(sub) diff --git a/files/routes/users.py b/files/routes/users.py index 964093590..8593d12fc 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -55,25 +55,25 @@ def upvoters_downvoters(v, username, uid, cls, vote_cls, vote_dir, template, sta return render_template(template, next_exists=next_exists, listing=listing, page=page, v=v, standalone=standalone) -@app.get("/@<username>/upvoters/<uid>/posts") +@app.get("/@<username>/upvoters/<int:uid>/posts") @auth_required def upvoters_posts(v:User, username, uid): return upvoters_downvoters(v, username, uid, Submission, Vote, 1, "userpage/voted_posts.html", None) -@app.get("/@<username>/upvoters/<uid>/comments") +@app.get("/@<username>/upvoters/<int:uid>/comments") @auth_required def upvoters_comments(v:User, username, uid): return upvoters_downvoters(v, username, uid, Comment, CommentVote, 1, "userpage/voted_comments.html", True) -@app.get("/@<username>/downvoters/<uid>/posts") +@app.get("/@<username>/downvoters/<int:uid>/posts") @auth_required def downvoters_posts(v:User, username, uid): return upvoters_downvoters(v, username, uid, Submission, Vote, -1, "userpage/voted_posts.html", None) -@app.get("/@<username>/downvoters/<uid>/comments") +@app.get("/@<username>/downvoters/<int:uid>/comments") @auth_required def downvoters_comments(v:User, username, uid): return upvoters_downvoters(v, username, uid, Comment, CommentVote, -1, "userpage/voted_comments.html", True) @@ -106,25 +106,25 @@ def upvoting_downvoting(v, username, uid, cls, vote_cls, vote_dir, template, sta return render_template(template, next_exists=next_exists, listing=listing, page=page, v=v, standalone=standalone) -@app.get("/@<username>/upvoting/<uid>/posts") +@app.get("/@<username>/upvoting/<int:uid>/posts") @auth_required def upvoting_posts(v:User, username, uid): return upvoting_downvoting(v, username, uid, Submission, Vote, 1, "userpage/voted_posts.html", None) -@app.get("/@<username>/upvoting/<uid>/comments") +@app.get("/@<username>/upvoting/<int:uid>/comments") @auth_required def upvoting_comments(v:User, username, uid): return upvoting_downvoting(v, username, uid, Comment, CommentVote, 1, "userpage/voted_comments.html", True) -@app.get("/@<username>/downvoting/<uid>/posts") +@app.get("/@<username>/downvoting/<int:uid>/posts") @auth_required def downvoting_posts(v:User, username, uid): return upvoting_downvoting(v, username, uid, Submission, Vote, -1, "userpage/voted_posts.html", None) -@app.get("/@<username>/downvoting/<uid>/comments") +@app.get("/@<username>/downvoting/<int:uid>/comments") @auth_required def downvoting_comments(v:User, username, uid): return upvoting_downvoting(v, username, uid, Comment, CommentVote, -1, "userpage/voted_comments.html", True) @@ -385,7 +385,7 @@ def leaderboard(v:User): return render_template("leaderboard.html", v=v, leaderboards=leaderboards) -@app.get("/<id>/css") +@app.get("/<int:id>/css") def get_css(id): try: id = int(id) except: abort(404) @@ -397,7 +397,7 @@ def get_css(id): resp.headers["Content-Type"] = "text/css" return resp -@app.get("/<id>/profilecss") +@app.get("/<int:id>/profilecss") def get_profilecss(id): try: id = int(id) except: abort(404) @@ -415,7 +415,7 @@ def usersong(username:str): if user.song: return redirect(f"/songs/{user.song}.mp3") else: abort(404) -@app.post("/subscribe/<post_id>") +@app.post("/subscribe/<int:post_id>") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -426,7 +426,7 @@ def subscribe(v, post_id): g.db.add(new_sub) return {"message": "Subscribed to post successfully!"} -@app.post("/unsubscribe/<post_id>") +@app.post("/unsubscribe/<int:post_id>") @limiter.limit(DEFAULT_RATELIMIT_SLOWER) @auth_required @ratelimit_user() @@ -624,7 +624,7 @@ def is_available(name:str): else: return {name: True} -@app.get("/id/<id>") +@app.get("/id/<int:id>") def user_id(id): user = get_account(id) return redirect(user.url) @@ -772,8 +772,8 @@ def u_username_wall(v:Optional[User], username:str): return render_template("userpage/wall.html", u=u, v=v, listing=comments, page=page, next_exists=next_exists, is_following=is_following, standalone=True, render_replies=True, wall=True) -@app.get("/@<username>/wall/comment/<cid>") -@app.get("/@<username>/wall/comment/<cid>.json") +@app.get("/@<username>/wall/comment/<int:cid>") +@app.get("/@<username>/wall/comment/<int:cid>.json") @auth_desired_with_logingate def u_username_wall_comment(v:User, username:str, cid): comment = get_comment(cid, v=v) @@ -987,7 +987,7 @@ def u_username_info(username, v=None): return user.json -@app.get("/<id>/info") +@app.get("/<int:id>/info") @auth_required def u_user_id_info(id, v=None): @@ -1077,9 +1077,9 @@ def remove_follow(username, v): return {"message": f"@{target.username} has been removed as a follower!"} -@app.get("/pp/<id>") -@app.get("/uid/<id>/pic") -@app.get("/uid/<id>/pic/profile") +@app.get("/pp/<int:id>") +@app.get("/uid/<int:id>/pic") +@app.get("/uid/<int:id>/pic/profile") @cache.memoize(timeout=86400) @limiter.exempt def user_profile_uid(id): @@ -1191,7 +1191,7 @@ def toggle_holes(): return redirect('/') -@app.get("/badge_owners/<bid>") +@app.get("/badge_owners/<int:bid>") @auth_required def bid_list(v:User, bid): diff --git a/files/routes/votes.py b/files/routes/votes.py index dd831b3f2..eef09c1c2 100644 --- a/files/routes/votes.py +++ b/files/routes/votes.py @@ -180,7 +180,7 @@ def vote_post_comment(target_id, new, v, cls, vote_cls): return "", 204 -@app.post("/vote/post/<post_id>/<new>") +@app.post("/vote/post/<int:post_id>/<new>") @limiter.limit("5/second;60/minute;1000/hour;2000/day") @is_not_permabanned @ratelimit_user("5/second;60/minute;1000/hour;2000/day") @@ -188,7 +188,7 @@ def vote_post_comment(target_id, new, v, cls, vote_cls): def vote_post(post_id, new, v): return vote_post_comment(post_id, new, v, Submission, Vote) -@app.post("/vote/comment/<comment_id>/<new>") +@app.post("/vote/comment/<int:comment_id>/<new>") @limiter.limit("5/second;60/minute;1000/hour;2000/day") @is_not_permabanned @ratelimit_user("5/second;60/minute;1000/hour;2000/day")