fds

files/__main__.py

@@ -8,6 +8,7 @@ from flask_limiter import Limiter
 from flask_compress import Compress
 from flask_limiter.util import get_ipaddr
 from flask_mail import Mail
+
 from sqlalchemy.ext.declarative import declarative_base
 from sqlalchemy.orm import sessionmaker, scoped_session
 from sqlalchemy import *
@@ -15,8 +16,7 @@ import gevent
 from werkzeug.middleware.proxy_fix import ProxyFix
 import redis
 
-app = Flask(__name__, template_folder='templates')
-
+app = Flask(__name__, template_folder='./templates')
 app.wsgi_app = ProxyFix(app.wsgi_app, x_for=3)
 app.url_map.strict_slashes = False
 app.jinja_env.cache = {}
@@ -24,7 +24,6 @@ app.jinja_env.auto_reload = True
 import faulthandler
 faulthandler.enable()
 
-
 app.config["SITE_NAME"]=environ.get("SITE_NAME").strip()
 app.config["COINS_NAME"]=environ.get("COINS_NAME").strip()
 app.config["GUMROAD_LINK"]=environ.get("GUMROAD_LINK", "https://marsey1.gumroad.com/l/tfcvri").strip()
@@ -36,13 +35,14 @@ app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 86400
 app.config["SESSION_COOKIE_NAME"] = "session_" + environ.get("SITE_NAME").strip().lower()
 app.config["VERSION"] = "1.0.0"
 app.config['MAX_CONTENT_LENGTH'] = 8 * 1024 * 1024
-app.config["SESSION_COOKIE_SECURE"] = True
+app.config["SESSION_COOKIE_SECURE"] = bool(int(environ.get("FORCE_HTTPS", 1)))
 app.config["SESSION_COOKIE_SAMESITE"] = "Lax"
 app.config["PERMANENT_SESSION_LIFETIME"] = 60 * 60 * 24 * 365
+app.config["SESSION_REFRESH_EACH_REQUEST"] = True
 app.config["SLOGAN"] = environ.get("SLOGAN", "").strip()
 app.config["DEFAULT_COLOR"] = environ.get("DEFAULT_COLOR", "ff0000").strip()
 app.config["DEFAULT_THEME"] = environ.get("DEFAULT_THEME", "midnight").strip()
-app.config["FORCE_HTTPS"] = True
+app.config["FORCE_HTTPS"] = int(environ.get("FORCE_HTTPS", 1)) if ("localhost" not in app.config["SERVER_NAME"] and "localhost" not in app.config["SERVER_NAME"]) else 0
 app.config["UserAgent"] = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36"
 app.config["HCAPTCHA_SITEKEY"] = environ.get("HCAPTCHA_SITEKEY","").strip()
 app.config["HCAPTCHA_SECRET"] = environ.get("HCAPTCHA_SECRET","").strip()
@@ -51,6 +51,7 @@ app.config["SPAM_SIMILAR_COUNT_THRESHOLD"] = int(environ.get("SPAM_SIMILAR_COUNT
 app.config["SPAM_URL_SIMILARITY_THRESHOLD"] = float(environ.get("SPAM_URL_SIMILARITY_THRESHOLD", 0.5))
 app.config["COMMENT_SPAM_SIMILAR_THRESHOLD"] = float(environ.get("COMMENT_SPAM_SIMILAR_THRESHOLD", 0.5))
 app.config["COMMENT_SPAM_COUNT_THRESHOLD"] = int(environ.get("COMMENT_SPAM_COUNT_THRESHOLD", 0.5))
+app.config["VIDEO_COIN_REQUIREMENT"] = int(environ.get("VIDEO_COIN_REQUIREMENT", 0))
 app.config["READ_ONLY"]=bool(int(environ.get("READ_ONLY", "0")))
 app.config["BOT_DISABLE"]=bool(int(environ.get("BOT_DISABLE", False)))
 app.config["RATELIMIT_KEY_PREFIX"] = "flask_limiting_"
@@ -60,7 +61,7 @@ app.config["RATELIMIT_DEFAULTS_EXEMPT_WHEN"]=lambda:False
 app.config["RATELIMIT_HEADERS_ENABLED"]=True
 app.config["CACHE_TYPE"] = "redis"
 app.config["CACHE_DIR"] = "cache"
-app.config["RATELIMIT_STORAGE_URL"] = environ.get("REDIS_URL", "redis://localhost")
+app.config["RATELIMIT_STORAGE_URL"] = "redis://localhost"
 app.config['MAIL_SERVER'] = 'smtp.gmail.com'
 app.config['MAIL_PORT'] = 587
 app.config['MAIL_USE_TLS'] = True
@@ -72,7 +73,7 @@ r=redis.Redis(host=environ.get("REDIS_URL", "redis://localhost"),  decode_respon
 limiter = Limiter(
 	app,
 	key_func=get_ipaddr,
-	default_limits=["3/second;30/minute;100/hour"],
+	default_limits=["3/second;30/minute;200/hour"],
 	headers_enabled=True,
 	strategy="fixed-window"
 )
@@ -98,7 +99,11 @@ def before_request():
 
 	g.timestamp = int(time.time())
 
-	if request.url.startswith("http://") and "localhost" not in app.config["SERVER_NAME"]:
+	if not request.path.startswith("/assets") and not request.path.startswith("/images") and not request.path.startswith("/hostedimages"):
+		session.permanent = True
+		if not session.get("session_id"): session["session_id"] = secrets.token_hex(16)
+
+	if app.config["FORCE_HTTPS"] and request.url.startswith("http://") and "localhost" not in app.config["SERVER_NAME"]:
 		url = request.url.replace("http://", "https://", 1)
 		return redirect(url, code=301)
 
@@ -123,11 +128,4 @@ def after_request(response):
 	return response
 
 
-@app.route("/<path:path>", subdomain="www")
-@app.route("/<path:path>", subdomain="old")
-@app.route("/", subdomain="www")
-@app.route("/", subdomain="old")
-def sub_redirect(path):
-    return redirect(request.full_path)
-
 from files.routes import *

files/helpers/wrappers.py

@@ -29,7 +29,7 @@ def get_logged_in_user():
 		return v
 
 def check_ban_evade(v):
-	if v and v.ban_evade and v.admin_level == 0 and not v.is_suspended:
+	if not v.patron and v and v.ban_evade and v.admin_level == 0 and not v.is_suspended:
 		if random.randint(0,30) < v.ban_evade: v.shadowbanned = "AutoJanny"
 		else: v.ban_evade +=1
 		g.db.add(v)

files/routes/admin.py

@@ -37,18 +37,23 @@ def grassed(v):
 def distribute(v, cid):
 	try: int(cid)
 	except: abort(400)
-	post = g.db.query(Comment).filter_by(id=cid).first().post.permalink
+	post = g.db.query(Comment).filter_by(id=cid).first().post
+
+	pool = 0
+	for option in post.bet_options: pool += option.upvotes
 	votes = g.db.query(CommentVote).filter_by(comment_id=cid)
-	autobetter = g.db.query(User).filter_by(id=AUTOBETTER_ID).first()
-	coinsperperson = int(autobetter.coins / votes.count())
-	cid = notif_comment(f"You won {coinsperperson} coins betting on [{post}]({post}) !")
+	coinsperperson = int(pool / votes.count())
+
+	cid = notif_comment(f"You won {coinsperperson} coins betting on [{post.permalink}]({post.permalink}) !")
 	for vote in votes:
 		u = vote.user
 		u.coins += coinsperperson
 		add_notif(cid, u.id)
 
-	autobetter.coins = 0
+	autobetter = g.db.query(User).filter_by(id=AUTOBETTER_ID).first()
+	autobetter.coins -= pool
 	g.db.add(autobetter)
+
 	g.db.commit()
 	return f"Each winner has received {coinsperperson} coins!"