Errorcodejihad (#323)

* formatmaxxing brained formatting

* formatmaxxing brained formatting: EPISODE 2

* Start implementing a .json interface for all logged users reddit-like

PROs:
- easier to debugmaxx applications
- good faith actors can scrap the site more easly :gigachadglow:
CONs:
- bad faith actors can scrap the site more easly :gigachadglow:
- jannitors lose a little of their power of allowlisting applications (they do it for free though)

anyways. I make this commit a separate commit so that Snakes can esclude it from the PR if he doesn't like it (cringe)

* /<username>/comments route now returns appropriate [citation needed] HTTP codes when called in JSON mode so that stupid JSON clients can crashmaxx

* More error codes (sorry I don't know how to squash)

* json endpoint. see other commit. I don't know how to squash
master
DrTransmisia 2022-07-24 17:03:19 +02:00 committed by GitHub
parent b539166bf1
commit 856f155b41
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 44 additions and 19 deletions

View File

@ -902,12 +902,16 @@ def visitors(v):
@app.get("/@<username>")
@app.get("/@<username>.json")
@app.get("/logged_out/@<username>")
@auth_desired
def u_username(username, v=None):
if not v and not request.path.startswith('/logged_out'): return redirect(f"/logged_out{request.full_path.rstrip('?')}")
if v and request.path.startswith('/logged_out'): return redirect(request.full_path.replace('/logged_out','').rstrip('?'))
if not v and not request.path.startswith('/logged_out'):
return redirect(f"/logged_out{request.full_path.rstrip('?')}")
if v and request.path.startswith('/logged_out'):
return redirect(request.full_path.replace('/logged_out','').rstrip('?'))
u = get_user(username, v=v, rendered=True)
@ -921,7 +925,9 @@ def u_username(username, v=None):
return redirect(SITE_FULL + request.full_path.replace(username, u.username)[:-1])
if u.reserved:
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"That username is reserved for: {u.reserved}"}
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": f"That username is reserved for: {u.reserved}"}, 418
return render_template("userpage_reserved.html", u=u, v=v)
if u.shadowbanned and not (v and v.admin_level >= 2) and not (v and v.id == u.id):
@ -937,17 +943,23 @@ def u_username(username, v=None):
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)):
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "That userpage is private"}
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": "That userpage is private"}, 403
return render_template("userpage_private.html", u=u, v=v)
if v and hasattr(u, 'is_blocking') and u.is_blocking:
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"You are blocking @{u.username}."}
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": f"You are blocking @{u.username}."}, 403
return render_template("userpage_blocking.html", u=u, v=v)
if v and v.admin_level < 2 and hasattr(u, 'is_blocked') and u.is_blocked:
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "This person is blocking you."}
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": "This person is blocking you."}, 403
return render_template("userpage_blocked.html", u=u, v=v)
@ -971,7 +983,9 @@ def u_username(username, v=None):
listing = get_posts(ids, v=v)
if u.unban_utc:
if request.headers.get("Authorization"): {"data": [x.json for x in listing]}
if request.headers.get("Authorization") or request.path.endswith(".json"):
return {"data": [x.json for x in listing]}
return render_template("userpage.html",
unban=u.unban_string,
u=u,
@ -985,7 +999,9 @@ def u_username(username, v=None):
if request.headers.get("Authorization"): return {"data": [x.json for x in listing]}
if request.headers.get("Authorization") or request.path.endswith(".json"):
return {"data": [x.json for x in listing]}
return render_template("userpage.html",
u=u,
v=v,
@ -998,12 +1014,16 @@ def u_username(username, v=None):
@app.get("/@<username>/comments")
@app.get("/@<username>/comments.json")
@app.get("/logged_out/@<username>/comments")
@auth_desired
def u_username_comments(username, v=None):
if not v and not request.path.startswith('/logged_out'): return redirect(f"/logged_out{request.full_path.rstrip('?')}")
if v and request.path.startswith('/logged_out'): return redirect(request.full_path.replace('/logged_out','').rstrip('?'))
if not v and not request.path.startswith('/logged_out'):
return redirect(f"/logged_out{request.full_path.rstrip('?')}")
if v and request.path.startswith('/logged_out'):
return redirect(request.full_path.replace('/logged_out','').rstrip('?'))
user = get_user(username, v=v, rendered=True)
@ -1012,27 +1032,30 @@ def u_username_comments(username, v=None):
else:
is_following = (v and user.has_follower(v))
if username != user.username: return redirect(f'/@{user.username}/comments')
if username != user.username:
return redirect(f'/@{user.username}/comments')
u = user
if u.reserved:
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"That username is reserved for: {u.reserved}"}
return render_template("userpage_reserved.html",
u=u,
v=v)
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": f"That username is reserved for: {u.reserved}"}, 418
return render_template("userpage_reserved.html", u=u, v=v)
if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)):
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "That userpage is private"}
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": "That userpage is private"}, 403
return render_template("userpage_private.html", u=u, v=v)
if v and hasattr(u, 'is_blocking') and u.is_blocking:
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"You are blocking @{u.username}."}
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": f"You are blocking @{u.username}."}, 403
return render_template("userpage_blocking.html", u=u, v=v)
if v and v.admin_level < 2 and hasattr(u, 'is_blocked') and u.is_blocked:
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "This person is blocking you."}
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": "This person is blocking you."}, 403
return render_template("userpage_blocked.html", u=u, v=v)
@ -1063,7 +1086,9 @@ def u_username_comments(username, v=None):
listing = get_comments(ids, v=v)
if request.headers.get("Authorization"): return {"data": [c.json for c in listing]}
if request.headers.get("Authorization") or request.path.endswith(".json"):
return {"data": [c.json for c in listing]}
return render_template("userpage_comments.html", u=user, v=v, listing=listing, page=page, sort=sort, t=t,next_exists=next_exists, is_following=is_following, standalone=True)