2022-11-29 23:50:32 +00:00
|
|
|
import secrets
|
2023-02-26 02:01:37 +00:00
|
|
|
from os import environ
|
2022-11-29 23:50:32 +00:00
|
|
|
|
2022-12-11 23:44:34 +00:00
|
|
|
from files.helpers.config.const import *
|
2022-11-15 09:19:08 +00:00
|
|
|
from files.helpers.settings import get_setting
|
|
|
|
from files.helpers.cloudflare import CLOUDFLARE_AVAILABLE
|
|
|
|
from files.routes.wrappers import *
|
2024-02-06 01:00:40 +00:00
|
|
|
from files.__main__ import app, limiter, get_IP, redis_instance
|
|
|
|
|
|
|
|
if FEATURES['IP_LOGGING']:
|
|
|
|
from files.classes.ip_logs import *
|
2022-11-15 09:19:08 +00:00
|
|
|
|
|
|
|
@app.before_request
|
|
|
|
def before_request():
|
2023-03-11 07:31:02 +00:00
|
|
|
g.v = None
|
|
|
|
|
2023-09-29 01:26:18 +00:00
|
|
|
if request.host != SITE:
|
2022-12-27 01:22:39 +00:00
|
|
|
abort(403, "Unauthorized host provided!")
|
|
|
|
|
2023-10-06 11:38:58 +00:00
|
|
|
if SITE == 'marsey.world' and request.path not in {'/kofi','/bm'}:
|
2022-11-15 09:19:08 +00:00
|
|
|
abort(404)
|
|
|
|
|
2022-12-27 01:22:39 +00:00
|
|
|
if request.headers.get("CF-Worker"):
|
2023-01-27 11:57:29 +00:00
|
|
|
abort(403, "Cloudflare workers are not allowed to access this website!")
|
2022-12-27 01:22:39 +00:00
|
|
|
|
2023-07-14 09:20:33 +00:00
|
|
|
g.agent = request.headers.get("User-Agent", "")
|
2023-10-06 11:38:58 +00:00
|
|
|
if not g.agent and request.path not in {'/kofi', '/bm', '/refresh_chat'}:
|
2023-07-14 09:20:33 +00:00
|
|
|
abort(403, 'Please use a "User-Agent" header!')
|
|
|
|
|
2022-12-27 01:22:39 +00:00
|
|
|
if not get_setting('bots') and request.headers.get("Authorization"):
|
|
|
|
abort(403)
|
2022-12-05 14:25:25 +00:00
|
|
|
|
2022-12-27 01:22:39 +00:00
|
|
|
g.desires_auth = False
|
2022-11-15 09:19:08 +00:00
|
|
|
|
2022-12-27 01:22:39 +00:00
|
|
|
ua = g.agent.lower()
|
2022-11-15 09:19:08 +00:00
|
|
|
|
2022-12-05 14:25:25 +00:00
|
|
|
if '; wv) ' in ua:
|
2022-12-04 19:02:22 +00:00
|
|
|
g.browser = 'webview'
|
2022-12-05 14:25:25 +00:00
|
|
|
elif ' firefox/' in ua:
|
2022-12-04 19:02:22 +00:00
|
|
|
g.browser = 'firefox'
|
2023-06-29 19:05:24 +00:00
|
|
|
elif 'iphone' in ua or 'ipad' in ua or 'ipod' in ua:
|
|
|
|
g.browser = 'iphone'
|
|
|
|
elif 'mac os' in ua:
|
|
|
|
g.browser = 'mac'
|
2022-12-04 19:02:22 +00:00
|
|
|
else:
|
|
|
|
g.browser = 'chromium'
|
2022-11-20 23:31:26 +00:00
|
|
|
|
2022-11-15 09:19:08 +00:00
|
|
|
request.path = request.path.rstrip('/')
|
|
|
|
if not request.path: request.path = '/'
|
|
|
|
request.full_path = request.full_path.rstrip('?').rstrip('/')
|
|
|
|
if not request.full_path: request.full_path = '/'
|
|
|
|
|
2023-03-16 06:27:58 +00:00
|
|
|
g.db = db_session()
|
|
|
|
|
2022-12-30 12:14:18 +00:00
|
|
|
g.nonce = secrets.token_urlsafe(31)
|
|
|
|
|
2023-02-26 01:58:41 +00:00
|
|
|
|
2022-11-15 09:19:08 +00:00
|
|
|
@app.after_request
|
2023-07-30 00:42:06 +00:00
|
|
|
def after_request(response):
|
2023-04-02 16:59:21 +00:00
|
|
|
user_id = None
|
2023-04-02 06:57:47 +00:00
|
|
|
|
2022-11-15 09:19:08 +00:00
|
|
|
if response.status_code < 400:
|
2023-04-02 17:00:27 +00:00
|
|
|
if hasattr(g, 'v') and g.v:
|
|
|
|
user_id = g.v.id
|
2023-08-10 18:47:57 +00:00
|
|
|
|
2023-08-16 23:17:49 +00:00
|
|
|
if not session.get("GLOBAL") and request.method == "POST":
|
2023-08-10 18:47:57 +00:00
|
|
|
timestamp = int(time.time())
|
|
|
|
if (g.v.last_active + LOGGEDIN_ACTIVE_TIME) < timestamp:
|
|
|
|
g.v.last_active = timestamp
|
|
|
|
g.db.add(g.v)
|
|
|
|
|
2024-02-06 01:00:40 +00:00
|
|
|
if FEATURES['IP_LOGGING']:
|
|
|
|
if g.v.admin_level < PERMS['EXEMPT_FROM_IP_LOGGING'] and user_id != CARP_ID:
|
|
|
|
ip = get_IP()
|
|
|
|
existing = g.db.query(IPLog).filter_by(user_id=user_id, ip=ip).one_or_none()
|
|
|
|
if existing:
|
|
|
|
existing.last_used = time.time()
|
|
|
|
g.db.add(existing)
|
|
|
|
else:
|
|
|
|
ip_log = IPLog(
|
|
|
|
user_id=user_id,
|
|
|
|
ip=ip,
|
|
|
|
)
|
|
|
|
g.db.add(ip_log)
|
|
|
|
|
2023-03-16 06:27:58 +00:00
|
|
|
_commit_and_close_db()
|
2023-01-01 11:36:20 +00:00
|
|
|
|
2023-07-10 01:45:55 +00:00
|
|
|
if request.method == "POST":
|
2024-02-06 01:00:40 +00:00
|
|
|
redis_instance.delete(f'LIMITER/{get_IP()}/{request.endpoint}:{request.path}/1/1/second')
|
2023-04-02 06:57:47 +00:00
|
|
|
if user_id:
|
2023-06-27 20:03:14 +00:00
|
|
|
redis_instance.delete(f'LIMITER/{SITE}-{user_id}/{request.endpoint}:{request.path}/1/1/second')
|
2023-02-26 01:58:41 +00:00
|
|
|
|
2023-07-14 15:45:49 +00:00
|
|
|
cookie_name = app.config["SESSION_COOKIE_NAME"]
|
|
|
|
|
|
|
|
if SITE == 'watchpeopledie.tv' and request.path == '/':
|
|
|
|
value = request.cookies.get(cookie_name)
|
|
|
|
if value:
|
|
|
|
response.set_cookie(cookie_name, 'test', max_age=0)
|
|
|
|
response.set_cookie(cookie_name, value, max_age=1723908553, domain=f".{SITE}")
|
|
|
|
|
2023-07-14 13:30:55 +00:00
|
|
|
if SITE == 'rdrama.net':
|
2023-07-07 18:44:12 +00:00
|
|
|
if len(request.cookies.getlist(cookie_name)) > 1:
|
|
|
|
response.set_cookie(cookie_name, 'test', max_age=0, domain=f".{SITE}")
|
|
|
|
response.set_cookie(cookie_name, 'test', max_age=0)
|
|
|
|
session.clear()
|
2023-07-01 23:00:56 +00:00
|
|
|
|
2022-11-15 09:19:08 +00:00
|
|
|
return response
|
|
|
|
|
2022-11-22 23:37:55 +00:00
|
|
|
|
2022-11-15 09:19:08 +00:00
|
|
|
@app.teardown_appcontext
|
|
|
|
def teardown_request(error):
|
2023-03-16 06:27:58 +00:00
|
|
|
_rollback_and_close_db()
|
2022-11-15 09:19:08 +00:00
|
|
|
stdout.flush()
|
2023-03-16 06:27:58 +00:00
|
|
|
|
2023-07-30 00:42:06 +00:00
|
|
|
def _commit_and_close_db():
|
2023-03-16 06:27:58 +00:00
|
|
|
if not getattr(g, 'db', None): return False
|
|
|
|
g.db.commit()
|
|
|
|
g.db.close()
|
|
|
|
del g.db
|
|
|
|
return True
|
|
|
|
|
2023-07-30 00:42:06 +00:00
|
|
|
def _rollback_and_close_db():
|
2023-03-16 06:27:58 +00:00
|
|
|
if not getattr(g, 'db', None): return False
|
|
|
|
g.db.rollback()
|
|
|
|
g.db.close()
|
|
|
|
del g.db
|
|
|
|
return True
|