2022-11-29 23:50:32 +00:00
|
|
|
import secrets
|
2023-02-26 02:01:37 +00:00
|
|
|
from os import environ
|
2022-11-29 23:50:32 +00:00
|
|
|
|
2022-12-11 23:44:34 +00:00
|
|
|
from files.helpers.config.const import *
|
2022-11-15 09:19:08 +00:00
|
|
|
from files.helpers.settings import get_setting
|
|
|
|
from files.helpers.cloudflare import CLOUDFLARE_AVAILABLE
|
|
|
|
from files.routes.wrappers import *
|
2023-02-26 01:58:41 +00:00
|
|
|
from files.__main__ import app, limiter, get_CF
|
2022-11-15 09:19:08 +00:00
|
|
|
|
|
|
|
@app.before_request
|
|
|
|
def before_request():
|
2022-12-27 01:22:39 +00:00
|
|
|
if request.host != SITE:
|
|
|
|
abort(403, "Unauthorized host provided!")
|
|
|
|
|
2022-11-15 09:19:08 +00:00
|
|
|
if SITE == 'marsey.world' and request.path != '/kofi':
|
|
|
|
abort(404)
|
|
|
|
|
2022-12-27 01:22:39 +00:00
|
|
|
if request.headers.get("CF-Worker"):
|
2023-01-27 11:57:29 +00:00
|
|
|
abort(403, "Cloudflare workers are not allowed to access this website!")
|
2022-12-27 01:22:39 +00:00
|
|
|
|
2022-11-30 01:31:28 +00:00
|
|
|
g.agent = request.headers.get("User-Agent", "")
|
2022-11-15 09:19:08 +00:00
|
|
|
if not g.agent and request.path != '/kofi':
|
2022-12-27 01:22:39 +00:00
|
|
|
abort(403, 'Please use a "User-Agent" header!')
|
2022-11-15 09:19:08 +00:00
|
|
|
|
2022-12-27 01:22:39 +00:00
|
|
|
if not get_setting('bots') and request.headers.get("Authorization"):
|
|
|
|
abort(403)
|
2022-12-05 14:25:25 +00:00
|
|
|
|
2022-12-27 01:22:39 +00:00
|
|
|
g.desires_auth = False
|
2022-11-15 09:19:08 +00:00
|
|
|
|
2022-12-27 01:22:39 +00:00
|
|
|
ua = g.agent.lower()
|
2022-11-15 09:19:08 +00:00
|
|
|
|
2022-12-05 14:25:25 +00:00
|
|
|
if '; wv) ' in ua:
|
2022-12-04 19:02:22 +00:00
|
|
|
g.browser = 'webview'
|
2022-12-05 14:25:25 +00:00
|
|
|
elif ' firefox/' in ua:
|
2022-12-04 19:02:22 +00:00
|
|
|
g.browser = 'firefox'
|
2022-12-05 14:25:25 +00:00
|
|
|
elif 'iphone' in ua or 'ipad' in ua or 'ipod' in ua or 'mac os' in ua:
|
2022-12-04 19:02:22 +00:00
|
|
|
g.browser = 'apple'
|
|
|
|
else:
|
|
|
|
g.browser = 'chromium'
|
2022-11-20 23:31:26 +00:00
|
|
|
|
2022-11-15 09:19:08 +00:00
|
|
|
g.is_tor = request.headers.get("cf-ipcountry") == "T1"
|
|
|
|
|
|
|
|
request.path = request.path.rstrip('/')
|
|
|
|
if not request.path: request.path = '/'
|
|
|
|
request.full_path = request.full_path.rstrip('?').rstrip('/')
|
|
|
|
if not request.full_path: request.full_path = '/'
|
|
|
|
|
2022-11-30 01:29:06 +00:00
|
|
|
g.db = db_session()
|
2022-11-22 23:37:55 +00:00
|
|
|
|
2022-12-30 12:14:18 +00:00
|
|
|
g.nonce = secrets.token_urlsafe(31)
|
|
|
|
|
2023-02-26 01:58:41 +00:00
|
|
|
import redis
|
2023-02-26 08:47:41 +00:00
|
|
|
host = environ.get("REDIS_URL", "redis://localhost").split('://')[1].split(':')[0]
|
2023-02-26 02:01:37 +00:00
|
|
|
r = redis.Redis(host=host, port=6379, db=0)
|
2023-02-26 01:58:41 +00:00
|
|
|
|
2022-11-15 09:19:08 +00:00
|
|
|
@app.after_request
|
band-aid fix for frozen session issue on signup (#50)
through some reason or another, people are somehow getting cookies that aren't prepended with a dot.
this is a problem because both sessions at, as best as I can tell, mix so it tries to read from a different cookie than we write to. this essentially "freezes" the session in place. users are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc.
~~this attempts to delete bad session cookies (i.e. cookies with a domain that don't start with a dot).~~
~~we don't do this on "dotless" domains (and by extension localhost) because browser support for setting cookies on FQDNs that only have one dot has tenuous support among browsers anyway).~~
~~this *may* log some people out, but... their days of being able to do stuff on the site were numbered anyway.~~
**edit: as amazing as this thought was, browsers just wipe the entire cookies completely and there's no way to specifically target dotless cookies. for an issue that affects a few users, better to just tell them to clear their cookies. if *this* doesn't work, delete service-worker.js and be done with the whole service worker crap. forever. permanently. this PR also includes some QOL improvements.**
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: https://fsdfsd.net/rDrama/rDrama/pulls/50
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-06 22:07:12 +00:00
|
|
|
def after_request(response:Response):
|
2022-11-15 09:19:08 +00:00
|
|
|
if response.status_code < 400:
|
band-aid fix for frozen session issue on signup (#50)
through some reason or another, people are somehow getting cookies that aren't prepended with a dot.
this is a problem because both sessions at, as best as I can tell, mix so it tries to read from a different cookie than we write to. this essentially "freezes" the session in place. users are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc.
~~this attempts to delete bad session cookies (i.e. cookies with a domain that don't start with a dot).~~
~~we don't do this on "dotless" domains (and by extension localhost) because browser support for setting cookies on FQDNs that only have one dot has tenuous support among browsers anyway).~~
~~this *may* log some people out, but... their days of being able to do stuff on the site were numbered anyway.~~
**edit: as amazing as this thought was, browsers just wipe the entire cookies completely and there's no way to specifically target dotless cookies. for an issue that affects a few users, better to just tell them to clear their cookies. if *this* doesn't work, delete service-worker.js and be done with the whole service worker crap. forever. permanently. this PR also includes some QOL improvements.**
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: https://fsdfsd.net/rDrama/rDrama/pulls/50
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-06 22:07:12 +00:00
|
|
|
_commit_and_close_db()
|
2023-01-01 11:36:20 +00:00
|
|
|
|
2023-02-26 01:58:41 +00:00
|
|
|
if request.method == "POST":
|
2023-02-26 10:26:26 +00:00
|
|
|
r.delete(f'LIMITER/{get_CF()}/{request.endpoint}:{request.path}/1/2/second')
|
2023-02-26 01:58:41 +00:00
|
|
|
|
2022-11-15 09:19:08 +00:00
|
|
|
return response
|
|
|
|
|
2022-11-22 23:37:55 +00:00
|
|
|
|
2022-11-15 09:19:08 +00:00
|
|
|
@app.teardown_appcontext
|
|
|
|
def teardown_request(error):
|
band-aid fix for frozen session issue on signup (#50)
through some reason or another, people are somehow getting cookies that aren't prepended with a dot.
this is a problem because both sessions at, as best as I can tell, mix so it tries to read from a different cookie than we write to. this essentially "freezes" the session in place. users are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc.
~~this attempts to delete bad session cookies (i.e. cookies with a domain that don't start with a dot).~~
~~we don't do this on "dotless" domains (and by extension localhost) because browser support for setting cookies on FQDNs that only have one dot has tenuous support among browsers anyway).~~
~~this *may* log some people out, but... their days of being able to do stuff on the site were numbered anyway.~~
**edit: as amazing as this thought was, browsers just wipe the entire cookies completely and there's no way to specifically target dotless cookies. for an issue that affects a few users, better to just tell them to clear their cookies. if *this* doesn't work, delete service-worker.js and be done with the whole service worker crap. forever. permanently. this PR also includes some QOL improvements.**
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: https://fsdfsd.net/rDrama/rDrama/pulls/50
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-06 22:07:12 +00:00
|
|
|
_rollback_and_close_db()
|
2022-11-15 09:19:08 +00:00
|
|
|
stdout.flush()
|
band-aid fix for frozen session issue on signup (#50)
through some reason or another, people are somehow getting cookies that aren't prepended with a dot.
this is a problem because both sessions at, as best as I can tell, mix so it tries to read from a different cookie than we write to. this essentially "freezes" the session in place. users are unable to login, logout, signup, toggle poor mode, toggle NSFW, etc.
~~this attempts to delete bad session cookies (i.e. cookies with a domain that don't start with a dot).~~
~~we don't do this on "dotless" domains (and by extension localhost) because browser support for setting cookies on FQDNs that only have one dot has tenuous support among browsers anyway).~~
~~this *may* log some people out, but... their days of being able to do stuff on the site were numbered anyway.~~
**edit: as amazing as this thought was, browsers just wipe the entire cookies completely and there's no way to specifically target dotless cookies. for an issue that affects a few users, better to just tell them to clear their cookies. if *this* doesn't work, delete service-worker.js and be done with the whole service worker crap. forever. permanently. this PR also includes some QOL improvements.**
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: https://fsdfsd.net/rDrama/rDrama/pulls/50
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-06 22:07:12 +00:00
|
|
|
|
|
|
|
def _commit_and_close_db() -> bool:
|
|
|
|
if not getattr(g, 'db', None): return False
|
|
|
|
g.db.commit()
|
|
|
|
g.db.close()
|
|
|
|
del g.db
|
|
|
|
return True
|
|
|
|
|
|
|
|
def _rollback_and_close_db() -> bool:
|
|
|
|
if not getattr(g, 'db', None): return False
|
|
|
|
g.db.rollback()
|
|
|
|
g.db.close()
|
|
|
|
del g.db
|
|
|
|
return True
|