From 75e593da00f7bb9f23b5dcd39276706645ed1940 Mon Sep 17 00:00:00 2001 From: justcool393 Date: Mon, 10 Oct 2022 02:51:29 -0700 Subject: [PATCH] Revert "feature required wrapper" This reverts commit 8700bcc5ee9003efdd6fe739c116842d5786d3e2. --- files/helpers/wrappers.py | 11 ------- files/routes/admin.py | 21 ++++++++++---- files/routes/awards.py | 12 ++++++-- files/routes/casino.py | 60 +++++++++++++++++++++++---------------- files/routes/comments.py | 3 +- files/routes/hats.py | 12 +++++--- files/routes/posts.py | 8 ++++-- files/routes/settings.py | 16 ++++++++--- files/routes/static.py | 4 ++- files/routes/subs.py | 3 +- files/routes/users.py | 4 ++- 11 files changed, 97 insertions(+), 57 deletions(-) diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py index dc0005944..e58fd72cb 100644 --- a/files/helpers/wrappers.py +++ b/files/helpers/wrappers.py @@ -164,17 +164,6 @@ def admin_level_required(x): return wrapper_maker -def feature_required(x): - def wrapper_maker(f): - def wrapper(*args, **kwargs): - v = get_logged_in_user() - if not FEATURES[x]: abort(404) - return make_response(f(*args, v=v, **kwargs)) - - wrapper.__name__ = f.__name__ - return wrapper - return wrapper_maker - def casino_required(f): def wrapper(*args, **kwargs): v = get_logged_in_user() diff --git a/files/routes/admin.py b/files/routes/admin.py index 69c8daa2a..deb4554b1 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -521,8 +521,10 @@ def under_attack(v): @app.get("/admin/badge_grant") @admin_level_required(PERMS['USER_BADGES']) -@feature_required('BADGES') def badge_grant_get(v): + if not FEATURES['BADGES']: + abort(404) + badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() return render_template("admin/badge_grant.html", v=v, badge_types=badges) @@ -530,8 +532,10 @@ def badge_grant_get(v): @app.post("/admin/badge_grant") @limiter.limit("1/second;30/minute;200/hour;1000/day") @admin_level_required(PERMS['USER_BADGES']) -@feature_required('BADGES') def badge_grant_post(v): + if not FEATURES['BADGES']: + abort(404) + badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() user = get_user(request.values.get("username").strip(), graceful=True) @@ -578,17 +582,22 @@ def badge_grant_post(v): @app.get("/admin/badge_remove") @admin_level_required(PERMS['USER_BADGES']) -@feature_required('BADGES') def badge_remove_get(v): + if not FEATURES['BADGES']: + abort(404) + badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() + return render_template("admin/badge_remove.html", v=v, badge_types=badges) @app.post("/admin/badge_remove") @limiter.limit("1/second;30/minute;200/hour;1000/day") @admin_level_required(PERMS['USER_BADGES']) -@feature_required('BADGES') def badge_remove_post(v): + if not FEATURES['BADGES']: + abort(404) + badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() user = get_user(request.values.get("username").strip(), graceful=True) @@ -1203,8 +1212,10 @@ def distinguish_post(post_id, v): @app.post("/sticky/") @admin_level_required(PERMS['POST_COMMENT_MODERATION']) -@feature_required('PINS') def sticky_post(post_id, v): + if not FEATURES['PINS']: + abort(403) + post = get_post(post_id) if not post.stickied: pins = g.db.query(Submission).filter(Submission.stickied != None, Submission.is_banned == False).count() diff --git a/files/routes/awards.py b/files/routes/awards.py index bfae09e99..5d5a154e4 100644 --- a/files/routes/awards.py +++ b/files/routes/awards.py @@ -17,8 +17,10 @@ from copy import deepcopy @app.get("/shop") @app.get("/settings/shop") @auth_required -@feature_required('AWARDS') def shop(v): + if not FEATURES['AWARDS']: + abort(404) + AWARDS = deepcopy(AWARDS2) if v.house: @@ -42,8 +44,10 @@ def shop(v): @app.post("/buy/") @limiter.limit("100/minute;200/hour;1000/day") @auth_required -@feature_required('AWARDS') def buy(v, award): + if not FEATURES['AWARDS']: + abort(404) + if award == 'benefactor' and not request.values.get("mb"): return {"error": "You can only buy the Benefactor award with marseybux."}, 403 @@ -123,8 +127,10 @@ def buy(v, award): @limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @is_not_permabanned -@feature_required('AWARDS') def award_thing(v, thing_type, id): + if not FEATURES['AWARDS']: + abort(404) + if thing_type == 'post': thing = get_post(id) else: thing = get_comment(id) diff --git a/files/routes/casino.py b/files/routes/casino.py index 5208f6615..7053de0f5 100644 --- a/files/routes/casino.py +++ b/files/routes/casino.py @@ -14,9 +14,10 @@ from files.helpers.lottery import * @app.get("/casino") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def casino(v): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return render_template("casino/rehab.html", v=v) return render_template("casino.html", v=v) @@ -25,9 +26,10 @@ def casino(v): @app.get("/casino/") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def casino_game_page(v, game): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return render_template("casino/rehab.html", v=v) elif game not in CASINO_GAME_KINDS: abort(404) @@ -53,9 +55,10 @@ def casino_game_page(v, game): @app.get("/casino//feed") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def casino_game_feed(v, game): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return {"error": "You are under Rehab award effect!"}, 400 elif game not in CASINO_GAME_KINDS: abort(404) @@ -68,9 +71,10 @@ def casino_game_feed(v, game): @app.get("/lottershe") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def lottershe(v): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return render_template("casino/rehab.html", v=v) participants = get_users_participating_in_lottery() @@ -80,9 +84,10 @@ def lottershe(v): @app.post("/casino/slots") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def pull_slots(v): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -110,9 +115,10 @@ def pull_slots(v): @app.post("/casino/twentyone/deal") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def blackjack_deal_to_player(v): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -130,9 +136,10 @@ def blackjack_deal_to_player(v): @app.post("/casino/twentyone/hit") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def blackjack_player_hit(v): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -146,9 +153,10 @@ def blackjack_player_hit(v): @app.post("/casino/twentyone/stay") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def blackjack_player_stay(v): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -162,9 +170,10 @@ def blackjack_player_stay(v): @app.post("/casino/twentyone/double-down") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def blackjack_player_doubled_down(v): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -178,9 +187,10 @@ def blackjack_player_doubled_down(v): @app.post("/casino/twentyone/buy-insurance") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def blackjack_player_bought_insurance(v): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -194,9 +204,10 @@ def blackjack_player_bought_insurance(v): @app.get("/casino/roulette/bets") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def roulette_get_bets(v): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return {"error": "You are under Rehab award effect!"}, 400 bets = get_roulette_bets() @@ -207,9 +218,10 @@ def roulette_get_bets(v): @app.post("/casino/roulette/place-bet") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required -@feature_required('GAMBLING') def roulette_player_placed_bet(v): - if v.rehab: + if not FEATURES['GAMBLING']: + abort(404) + elif v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: diff --git a/files/routes/comments.py b/files/routes/comments.py index 2229208cb..c7d00d9e5 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -645,8 +645,9 @@ def undelete_comment(cid, v): @app.post("/pin_comment/") @auth_required -@feature_required('PINS') def pin_comment(cid, v): + if not FEATURES['PINS']: + abort(403) comment = get_comment(cid, v=v) if not comment.stickied: diff --git a/files/routes/hats.py b/files/routes/hats.py index 4eff02150..024bcc3db 100644 --- a/files/routes/hats.py +++ b/files/routes/hats.py @@ -8,8 +8,9 @@ from flask import g @app.get("/hats") @auth_required -@feature_required('HATS') def hats(v): + if not FEATURES['HATS']: abort(404) + owned_hat_ids = [x.hat_id for x in v.owned_hats] if request.values.get("sort") == 'author_asc': @@ -33,8 +34,9 @@ def hats(v): @app.post("/buy_hat/") @auth_required -@feature_required('HATS') def buy_hat(v, hat_id): + if not FEATURES['HATS']: abort(404) + try: hat_id = int(hat_id) except: return {"error": "Hat not found!"}, 400 @@ -83,8 +85,9 @@ def buy_hat(v, hat_id): @app.post("/equip_hat/") @auth_required -@feature_required('HATS') def equip_hat(v, hat_id): + if not FEATURES['HATS']: abort(404) + try: hat_id = int(hat_id) except: return {"error": "Hat not found!"}, 400 @@ -98,8 +101,9 @@ def equip_hat(v, hat_id): @app.post("/unequip_hat/") @auth_required -@feature_required('HATS') def unequip_hat(v, hat_id): + if not FEATURES['HATS']: abort(404) + try: hat_id = int(hat_id) except: return {"error": "Hat not found!"}, 400 diff --git a/files/routes/posts.py b/files/routes/posts.py index 4eb60f380..b276f6030 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -30,8 +30,10 @@ titleheaders = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWe @app.post("/club_post/") @auth_required -@feature_required('COUNTRY_CLUB') def club_post(pid, v): + if not FEATURES['COUNTRY_CLUB']: + abort(403) + post = get_post(pid) if post.author_id != v.id and v.admin_level < PERMS['POST_COMMENT_MODERATION']: abort(403) @@ -54,8 +56,10 @@ def club_post(pid, v): @app.post("/unclub_post/") @auth_required -@feature_required('COUNTRY_CLUB') def unclub_post(pid, v): + if not FEATURES['COUNTRY_CLUB']: + abort(403) + post = get_post(pid) if post.author_id != v.id and v.admin_level < 2: abort(403) diff --git a/files/routes/settings.py b/files/routes/settings.py index f31b27ef0..c262b53a8 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -547,8 +547,10 @@ def settings_images_profile(v): @limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required -@feature_required('USERS_PROFILE_BANNER') def settings_images_banner(v): + if not FEATURES['USERS_PROFILE_BANNER']: + abort(403) + if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403 file = request.files["banner"] @@ -753,8 +755,10 @@ def settings_name_change(v): @limiter.limit("3/second;10/day") @limiter.limit("3/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required -@feature_required('USERS_PROFILE_BANNER') def settings_song_change_mp3(v): + if not FEATURES['USERS_PROFILE_SONG']: + abort(403) + file = request.files['file'] if file.content_type != 'audio/mpeg': return render_template("settings_profile.html", v=v, error="Not a valid MP3 file") @@ -783,8 +787,10 @@ def settings_song_change_mp3(v): @limiter.limit("3/second;10/day") @limiter.limit("3/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required -@feature_required('USERS_PROFILE_BANNER') def settings_song_change(v): + if not FEATURES['USERS_PROFILE_SONG']: + abort(403) + song=request.values.get("song").strip() if song == "" and v.song: @@ -886,8 +892,10 @@ def settings_title_change(v): @limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required -@feature_required('PRONOUNS') def settings_pronouns_change(v): + if not FEATURES['PRONOUNS']: + abort(403) + pronouns = request.values.get("pronouns").replace("𒐪","").strip() if len(pronouns) > 11: diff --git a/files/routes/static.py b/files/routes/static.py index 303a4e18e..4115b21a7 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -348,8 +348,10 @@ def badge_list(site): @app.get("/badges") @auth_required -@feature_required('BADGES') def badges(v): + if not FEATURES['BADGES']: + abort(404) + badges, counts = badge_list(SITE) return render_template("badges.html", v=v, badges=badges, counts=counts) diff --git a/files/routes/subs.py b/files/routes/subs.py index 9b7da1346..1f9b80bb2 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -653,8 +653,9 @@ def sub_stealth(v, sub): @app.post("/mod_pin/") @is_not_permabanned -@feature_required('PINS') def mod_pin(cid, v): + if not FEATURES['PINS']: + abort(403) comment = get_comment(cid, v=v) if not comment.stickied: diff --git a/files/routes/users.py b/files/routes/users.py index 830cc17b8..0dba6ce8f 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -230,8 +230,10 @@ def downvoting(v, username): @limiter.limit("1/second;5/day") @limiter.limit("1/second;5/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required -@feature_required('USERS_SUICIDE') def suicide(v, username): + if not FEATURES['USERS_SUICIDE']: + abort(403) + user = get_user(username) suicide = f"Hi there,\n\nA [concerned user](/id/{v.id}) reached out to us about you.\n\nWhen you're in the middle of something painful, it may feel like you don't have a lot of options. But whatever you're going through, you deserve help and there are people who are here for you.\n\nThere are resources available in your area that are free, confidential, and available 24/7:\n\n- Call, Text, or Chat with Canada's [Crisis Services Canada](https://www.crisisservicescanada.ca/en/)\n- Call, Email, or Visit the UK's [Samaritans](https://www.samaritans.org/)\n- Text CHAT to America's [Crisis Text Line](https://www.crisistextline.org/) at 741741.\nIf you don't see a resource in your area above, the moderators keep a comprehensive list of resources and hotlines for people organized by location. Find Someone Now\n\nIf you think you may be depressed or struggling in another way, don't ignore it or brush it aside. Take yourself and your feelings seriously, and reach out to someone.\n\nIt may not feel like it, but you have options. There are people available to listen to you, and ways to move forward.\n\nYour fellow users care about you and there are people who want to help." if not v.shadowbanned: