A rare case where users receive 0 lotto tickets from a treasure chest
occurs when they received 10 or 11 coins from a chest pre-conversion
to lotto tickets. Rather than change ticket_count to the ceil of
dividing coins by ticket cost, it seems less distortionary to instead
imperceptibly raise the minimum to avoid this case.
Due to presently hitting perpetual 429s after a mishap with lottery
polling on production, among past events where admins have gotten
rate-limited for doing otherwise normal admin behavior, the
flask_limiter.Limiter now has a request filter to whitelist JL2+.
Despite running on every request, I don't anticipate this undermining
the DoS prevention power of the Limiter.
It is yet unknown whether there are edge cases where running
get_logged_in_user in a different spot in the request pipeline might
e.g. subtly break the logged-in counters. This is not expected at
present, however.
Users now have a toggleable can_gamble setting which disables their
ability to use all chance-based gains on the site: viz. slots,
blackjack, the lottery, and treasure chests.
This only applies on invocation of commands that start gambling
games, so it should cause no bugs when toggled with e.g. active
blackjack games.
This was added for the benefit of users with actual problems with
gambling, be they past addiction or religious conviction. All future
gambling features are humbly requested to respect it.
Adds award to enable viewing profile visitors for non-mops and
non-patrons. This commit should encompass all frontend, backend, and
database changes necessary. Perhaps usable as a model for other
user upgrade flag awards.
The users online count recently added to wrappers.py:get_logged_in_user
uses g.timestamp for its calculations. This is primarily set in
__main__.py:before_request. However, chat has requests which do not
trigger @app.before_request. To resolve this, we now set g.timestamp
in the auth_required wrapper before calling get_logged_in_user().
I think this is safe in general; there's no particular harm to setting
the timestamp _more_ frequently.
Originally prompted by https://rdrama.net/post/18459/-/1984609 which
noticed that streamable.com/e/ links as posts would have another e/
added to them. This was in spite of logic in posts.py api_is_repost
and submit_post designed to specifically counteract this.
Proximal cause was a copypasta'd url.replace(...) chain which
caused the mistake before the streamable-specific logic had a chance
to avoid making it.
Solution: remove the streamable replacement from the chained statement
and create `helpers.normalize_url(url)` to get rid of the copypasta.
Per https://rdrama.net/post/70341/-/1976650 added more gTLDs that
are actually desired by site users.
Also, hard wrapped the `TLDS` and `allowed_tags` tuple-lists at a
100char hard ruler for my sanity.
Removes temporary changes for the Birthgay 2022 event, ending
approximately at 2022-05-23 0600Z. Changes:
- Double XP disabled.
- Lootboxes disabled.
- Three event awards given real descriptions and colors.
- Partyhats: restored to cakeday-only condition and tooltip.
- Header UI: balloons removed, text visibility outline removed,
journoid banner reverted, marseyjam as header icon.
- Birthgay banners: removed from template, moved to new storage dir.
Confetti, though remaining as a permanent award, has been temporarily
removed pending a less performance-intensive implementation and one
that doesn't require maintaining a third-party package in the codebase.
Comments of the style e.g. "@TLSM / @TLSM2" would mistakenly be
`sanitize`d to have identical links only on "@TLSM", the latter
instance having a dangling 2 on the end. It seems this is purely an
issue with text formatting; alerts.py @ NOTIF_USERS had no such
issues. The root cause appears to be partly an optimization and
partly the use of str.replace without a count limit.
The shop discount from Big Spender badges was incorrectly implemented:
intended behavior was for 2pp per badge. However, the values in
const.py were set as if a user could only have one Spender badge at
once, while user.py @ discount was implemented as if they were
additive. Since users factually do have multiple big spender badges,
the values in const were adjusted to reflect this fact.
Also, lootbox Roller badges now each offer a 1pp discount.
users.py @ discount was improved to check against the `discounts`
keys for appropriate badges, rather than a hardcoded list.
Double XP now has a constant for unixtime to start. Logic around
DXP is designed to only apply to votes made after DOUBLE_XP_ENABLED.
This prevents an exploit in the old implementation where spam voting/
unvoting a post made prior to the DXP start could farm 300 DC/hr/alt.
Also it's more maintainable and comports with the coin_delta changes
to prevent self-vote coin changes.
Re-enable lootboxes in const.py, and update their contents in
awards.py. Additionally, improve appearance in shop.
Upon purchasing a lootbox, users now receive a message informing
them of the contents thereof.
Lootbox backend now properly uses CARP_ID (and checks for the
existence thereof correctly).
Also, minor changes to how const.py whitelists awards.