2022-04-06 22:54:09 +00:00
|
|
|
import time
|
2023-01-01 14:27:12 +00:00
|
|
|
import secrets
|
2022-11-15 09:19:08 +00:00
|
|
|
|
2022-11-15 01:28:43 +00:00
|
|
|
from os import environ, listdir, path
|
2022-11-15 09:19:08 +00:00
|
|
|
|
2022-12-05 14:25:25 +00:00
|
|
|
import user_agents
|
|
|
|
|
2023-05-04 22:58:49 +00:00
|
|
|
from flask import g, session, has_request_context, request
|
2022-11-15 09:19:08 +00:00
|
|
|
from jinja2 import pass_context
|
|
|
|
|
2022-11-17 21:02:08 +00:00
|
|
|
from files.classes.user import User
|
2022-09-24 06:40:26 +00:00
|
|
|
from files.helpers.assetcache import assetcache_path
|
2022-12-11 23:44:34 +00:00
|
|
|
from files.helpers.config.const import *
|
2023-01-21 04:27:30 +00:00
|
|
|
from files.helpers.regex import *
|
2023-03-11 06:13:58 +00:00
|
|
|
from files.helpers.settings import *
|
2023-03-13 05:28:22 +00:00
|
|
|
from files.helpers.cloudflare import *
|
2022-11-15 09:19:08 +00:00
|
|
|
from files.helpers.sorting_and_time import make_age_string
|
2023-01-25 02:51:48 +00:00
|
|
|
from files.routes.routehelpers import get_alt_graph, get_formkey
|
2022-11-15 09:19:08 +00:00
|
|
|
from files.__main__ import app, cache
|
|
|
|
|
2023-05-04 22:58:49 +00:00
|
|
|
from urllib.parse import parse_qs, urlencode, urlsplit
|
|
|
|
|
2022-11-15 09:19:08 +00:00
|
|
|
@app.template_filter("formkey")
|
|
|
|
def formkey(u):
|
|
|
|
return get_formkey(u)
|
2022-01-19 10:07:11 +00:00
|
|
|
|
|
|
|
@app.template_filter("post_embed")
|
|
|
|
def post_embed(id, v):
|
2022-11-15 09:19:08 +00:00
|
|
|
from flask import render_template
|
|
|
|
|
|
|
|
from files.helpers.get import get_post
|
2022-07-08 18:28:56 +00:00
|
|
|
p = get_post(id, v, graceful=True)
|
2022-01-28 19:27:16 +00:00
|
|
|
if p: return render_template("submission_listing.html", listing=[p], v=v)
|
|
|
|
return ''
|
2022-01-19 10:07:11 +00:00
|
|
|
|
2022-09-24 06:40:26 +00:00
|
|
|
@app.template_filter("asset")
|
2022-09-27 06:02:02 +00:00
|
|
|
@pass_context
|
|
|
|
def template_asset(ctx, asset_path):
|
2022-09-24 06:40:26 +00:00
|
|
|
return assetcache_path(asset_path)
|
|
|
|
|
|
|
|
|
2023-05-04 22:58:49 +00:00
|
|
|
@app.template_filter("change_page")
|
2023-05-05 06:18:29 +00:00
|
|
|
def template_change_page(new_page, url):
|
|
|
|
parsed = urlsplit(url)
|
2023-05-04 22:58:49 +00:00
|
|
|
query_dict = parse_qs(parsed.query)
|
|
|
|
query_dict["page"] = new_page
|
|
|
|
query_new = urlencode(query_dict, doseq=True)
|
|
|
|
parsed = parsed._replace(query=query_new)
|
|
|
|
return parsed.geturl()
|
|
|
|
|
2022-09-24 07:14:20 +00:00
|
|
|
@app.template_filter("asset_siteimg")
|
|
|
|
def template_asset_siteimg(asset_path):
|
|
|
|
# TODO: Add hashing for these using files.helpers.assetcache
|
2023-05-03 21:03:24 +00:00
|
|
|
return f'{SITE_FULL_IMAGES}/i/{SITE_NAME}/{asset_path}?x=3'
|
2022-09-24 07:14:20 +00:00
|
|
|
|
2022-04-06 22:54:09 +00:00
|
|
|
@app.template_filter("timestamp")
|
|
|
|
def timestamp(timestamp):
|
2022-10-15 18:11:43 +00:00
|
|
|
return make_age_string(timestamp)
|
2022-04-06 22:54:09 +00:00
|
|
|
|
2023-05-19 13:51:49 +00:00
|
|
|
@app.template_filter("selected_tab")
|
|
|
|
def selected_tab(request):
|
|
|
|
if request.path == '/':
|
|
|
|
requested_sort = request.args.get('sort')
|
2023-05-20 00:11:45 +00:00
|
|
|
if hasattr(g, 'v') and g.v and g.v.defaultsorting == 'new' and requested_sort == 'hot':
|
2023-05-19 13:51:49 +00:00
|
|
|
return 'hot'
|
|
|
|
elif requested_sort == 'new':
|
|
|
|
return 'new'
|
|
|
|
elif request.path == '/comments':
|
|
|
|
return 'comments'
|
|
|
|
elif request.path == '/leaderboard':
|
|
|
|
return 'leaderboard'
|
|
|
|
elif request.path == '/chat':
|
|
|
|
return 'chat'
|
|
|
|
elif request.path=='/shop/awards':
|
|
|
|
return 'shop'
|
|
|
|
|
|
|
|
return 'home'
|
|
|
|
|
2022-11-29 23:50:32 +00:00
|
|
|
@app.context_processor
|
|
|
|
def calc_users():
|
|
|
|
loggedin_counter = 0
|
|
|
|
loggedout_counter = 0
|
|
|
|
loggedin_chat = 0
|
|
|
|
v = getattr(g, 'v', None) if g else None
|
2022-11-30 01:12:30 +00:00
|
|
|
if has_request_context and g and g.desires_auth and not g.is_api_or_xhr:
|
2022-11-29 23:50:32 +00:00
|
|
|
loggedin = cache.get(LOGGED_IN_CACHE_KEY) or {}
|
|
|
|
loggedout = cache.get(LOGGED_OUT_CACHE_KEY) or {}
|
|
|
|
loggedin_chat = cache.get(CHAT_ONLINE_CACHE_KEY) or 0
|
|
|
|
timestamp = int(time.time())
|
|
|
|
|
2023-01-01 14:27:12 +00:00
|
|
|
if not session.get("session_id"):
|
|
|
|
session.permanent = True
|
|
|
|
session["session_id"] = secrets.token_hex(49)
|
|
|
|
|
2022-11-29 23:50:32 +00:00
|
|
|
if v:
|
|
|
|
if session["session_id"] in loggedout: del loggedout[session["session_id"]]
|
|
|
|
loggedin[v.id] = timestamp
|
|
|
|
else:
|
2022-12-05 14:25:25 +00:00
|
|
|
ua = str(user_agents.parse(g.agent))
|
|
|
|
if 'spider' not in ua.lower() and 'bot' not in ua.lower():
|
|
|
|
loggedout[session["session_id"]] = (timestamp, ua)
|
2023-01-01 11:36:20 +00:00
|
|
|
|
2022-11-29 23:50:32 +00:00
|
|
|
loggedin = {k: v for k, v in loggedin.items() if (timestamp - v) < LOGGEDIN_ACTIVE_TIME}
|
|
|
|
loggedout = {k: v for k, v in loggedout.items() if (timestamp - v[0]) < LOGGEDIN_ACTIVE_TIME}
|
|
|
|
cache.set(LOGGED_IN_CACHE_KEY, loggedin)
|
|
|
|
cache.set(LOGGED_OUT_CACHE_KEY, loggedout)
|
|
|
|
loggedin_counter = len(loggedin)
|
|
|
|
loggedout_counter = len(loggedout)
|
2023-03-11 06:13:58 +00:00
|
|
|
|
2023-05-04 18:36:08 +00:00
|
|
|
if loggedout_counter > 1000 and loggedout_counter > (loggedin_counter * 5):
|
|
|
|
if not get_setting('ddos_detected'):
|
|
|
|
toggle_setting('ddos_detected')
|
|
|
|
set_security_level('under_attack')
|
|
|
|
else:
|
|
|
|
if get_setting('ddos_detected'):
|
|
|
|
toggle_setting('ddos_detected')
|
|
|
|
set_security_level('high')
|
2023-03-11 06:13:58 +00:00
|
|
|
|
|
|
|
|
2023-01-01 11:36:20 +00:00
|
|
|
return {'loggedin_counter':loggedin_counter,
|
2023-05-05 21:46:24 +00:00
|
|
|
'loggedout_counter':loggedout_counter,
|
2022-11-29 23:50:32 +00:00
|
|
|
'loggedin_chat':loggedin_chat}
|
|
|
|
|
2022-12-30 13:54:49 +00:00
|
|
|
def current_registered_users():
|
2023-03-16 06:27:58 +00:00
|
|
|
return "{:,}".format(g.db.query(User).count())
|
2022-12-30 13:54:49 +00:00
|
|
|
|
2023-01-21 04:27:30 +00:00
|
|
|
def git_head():
|
|
|
|
# Note: doing zero sanitization. Git branch names are extremely permissive.
|
|
|
|
# However, they forbid '..', so I don't see an obvious dir traversal attack.
|
|
|
|
# Also, a malicious branch name would mean someone already owned the server
|
|
|
|
# or repo, so I think this isn't a weak link.
|
|
|
|
with open('.git/HEAD', encoding='utf_8') as head_f:
|
|
|
|
head_txt = head_f.read()
|
2023-01-23 00:54:37 +00:00
|
|
|
try:
|
2023-02-01 17:17:12 +00:00
|
|
|
head_path = git_regex.match(head_txt).group(1)
|
2023-01-23 00:54:37 +00:00
|
|
|
with open('.git/' + head_path, encoding='utf_8') as ref_f:
|
|
|
|
gitref = ref_f.read()[:7]
|
|
|
|
except:
|
|
|
|
gitref = 'Error'
|
2023-01-21 04:27:30 +00:00
|
|
|
return (gitref, head_txt)
|
|
|
|
|
2023-03-12 14:48:19 +00:00
|
|
|
def max_days():
|
|
|
|
return int((2147483647-time.time())/86400)
|
|
|
|
|
2022-01-19 10:07:11 +00:00
|
|
|
@app.context_processor
|
|
|
|
def inject_constants():
|
2022-05-30 01:43:16 +00:00
|
|
|
return {"environ":environ, "SITE":SITE, "SITE_NAME":SITE_NAME, "SITE_FULL":SITE_FULL,
|
2022-12-02 22:21:18 +00:00
|
|
|
"AUTOJANNY_ID":AUTOJANNY_ID, "MODMAIL_ID":MODMAIL_ID, "VAPID_PUBLIC_KEY":VAPID_PUBLIC_KEY,
|
2023-01-22 08:04:49 +00:00
|
|
|
"listdir":listdir, "os_path":path,
|
2023-01-01 11:36:20 +00:00
|
|
|
"PIZZASHILL_ID":PIZZASHILL_ID, "DEFAULT_COLOR":DEFAULT_COLOR,
|
2022-09-01 19:12:05 +00:00
|
|
|
"COLORS":COLORS, "time":time, "PERMS":PERMS, "FEATURES":FEATURES,
|
|
|
|
"HOLE_NAME":HOLE_NAME, "HOLE_STYLE_FLAIR":HOLE_STYLE_FLAIR, "HOLE_REQUIRED":HOLE_REQUIRED,
|
2023-02-01 19:49:39 +00:00
|
|
|
"DEFAULT_THEME":DEFAULT_THEME, "DESCRIPTION":DESCRIPTION,
|
2022-11-19 22:04:08 +00:00
|
|
|
"has_sidebar":has_sidebar, "has_logo":has_logo,
|
2023-01-23 09:58:38 +00:00
|
|
|
"FP":FP, "patron":patron, "get_setting": get_setting,
|
2022-10-05 22:53:36 +00:00
|
|
|
"SIDEBAR_THREAD":SIDEBAR_THREAD, "BANNER_THREAD":BANNER_THREAD,
|
|
|
|
"BADGE_THREAD":BADGE_THREAD, "SNAPPY_THREAD":SNAPPY_THREAD,
|
2023-02-28 19:36:14 +00:00
|
|
|
"approved_embed_hosts":approved_embed_hosts, "POST_BODY_LENGTH_LIMIT":POST_BODY_LENGTH_LIMIT,
|
2023-02-09 03:49:50 +00:00
|
|
|
"SITE_SETTINGS":get_settings(), "EMAIL":EMAIL, "max": max, "min": min, "user_can_see":User.can_see,
|
2022-12-25 03:28:57 +00:00
|
|
|
"TELEGRAM_ID":TELEGRAM_ID, "EMAIL_REGEX_PATTERN":EMAIL_REGEX_PATTERN,
|
2023-01-23 12:40:44 +00:00
|
|
|
"TRUESCORE_DONATE_MINIMUM":TRUESCORE_DONATE_MINIMUM, "PROGSTACK_ID":PROGSTACK_ID,
|
2023-03-21 15:39:26 +00:00
|
|
|
"DONATE_LINK":DONATE_LINK, "DONATE_SERVICE":DONATE_SERVICE,
|
2023-01-01 03:38:37 +00:00
|
|
|
"HOUSE_JOIN_COST":HOUSE_JOIN_COST, "HOUSE_SWITCH_COST":HOUSE_SWITCH_COST, "IMAGE_FORMATS":','.join(IMAGE_FORMATS),
|
2023-01-01 11:36:20 +00:00
|
|
|
"PAGE_SIZES":PAGE_SIZES, "THEMES":THEMES, "COMMENT_SORTS":COMMENT_SORTS, "SORTS":SORTS,
|
2023-05-14 22:16:01 +00:00
|
|
|
"TIME_FILTERS":TIME_FILTERS, "HOUSES":HOUSES, "TIER_TO_NAME":TIER_TO_NAME,
|
2023-04-25 14:34:09 +00:00
|
|
|
"DEFAULT_CONFIG_VALUE":DEFAULT_CONFIG_VALUE, "IS_LOCALHOST":IS_LOCALHOST, "BACKGROUND_CATEGORIES":BACKGROUND_CATEGORIES, "PAGE_SIZE":PAGE_SIZE, "TAGLINES":TAGLINES, "get_alt_graph":get_alt_graph, "current_registered_users":current_registered_users,
|
|
|
|
"git_head":git_head, "max_days":max_days, "EMOJI_KINDS":EMOJI_KINDS,
|
2023-03-03 04:19:52 +00:00
|
|
|
"BIO_FRIENDS_ENEMIES_LENGTH_LIMIT":BIO_FRIENDS_ENEMIES_LENGTH_LIMIT,
|
2023-03-21 16:50:22 +00:00
|
|
|
"IMMUNE_TO_AWARDS": IMMUNE_TO_AWARDS, "SITE_FULL_IMAGES": SITE_FULL_IMAGES,
|
2023-04-27 12:08:11 +00:00
|
|
|
"IS_FISTMAS":IS_FISTMAS, "IS_HOMOWEEN":IS_HOMOWEEN, "IS_DKD":IS_DKD, "IS_EVENT":IS_EVENT,
|
2023-04-28 09:07:28 +00:00
|
|
|
"CHUD_PHRASES":CHUD_PHRASES,
|
2022-10-05 22:53:36 +00:00
|
|
|
}
|