From cb7e1a55189c0ae77a963867cbc4be77366c5389 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 23 Dec 2021 20:18:25 +0200 Subject: [PATCH] fds --- files/__main__.py | 28 +++++++++++++--------------- files/helpers/wrappers.py | 2 +- files/routes/admin.py | 15 ++++++++++----- 3 files changed, 24 insertions(+), 21 deletions(-) diff --git a/files/__main__.py b/files/__main__.py index 7e347a4b0..d546dd766 100644 --- a/files/__main__.py +++ b/files/__main__.py @@ -8,6 +8,7 @@ from flask_limiter import Limiter from flask_compress import Compress from flask_limiter.util import get_ipaddr from flask_mail import Mail + from sqlalchemy.ext.declarative import declarative_base from sqlalchemy.orm import sessionmaker, scoped_session from sqlalchemy import * @@ -15,8 +16,7 @@ import gevent from werkzeug.middleware.proxy_fix import ProxyFix import redis -app = Flask(__name__, template_folder='templates') - +app = Flask(__name__, template_folder='./templates') app.wsgi_app = ProxyFix(app.wsgi_app, x_for=3) app.url_map.strict_slashes = False app.jinja_env.cache = {} @@ -24,7 +24,6 @@ app.jinja_env.auto_reload = True import faulthandler faulthandler.enable() - app.config["SITE_NAME"]=environ.get("SITE_NAME").strip() app.config["COINS_NAME"]=environ.get("COINS_NAME").strip() app.config["GUMROAD_LINK"]=environ.get("GUMROAD_LINK", "https://marsey1.gumroad.com/l/tfcvri").strip() @@ -36,13 +35,14 @@ app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 86400 app.config["SESSION_COOKIE_NAME"] = "session_" + environ.get("SITE_NAME").strip().lower() app.config["VERSION"] = "1.0.0" app.config['MAX_CONTENT_LENGTH'] = 8 * 1024 * 1024 -app.config["SESSION_COOKIE_SECURE"] = True +app.config["SESSION_COOKIE_SECURE"] = bool(int(environ.get("FORCE_HTTPS", 1))) app.config["SESSION_COOKIE_SAMESITE"] = "Lax" app.config["PERMANENT_SESSION_LIFETIME"] = 60 * 60 * 24 * 365 +app.config["SESSION_REFRESH_EACH_REQUEST"] = True app.config["SLOGAN"] = environ.get("SLOGAN", "").strip() app.config["DEFAULT_COLOR"] = environ.get("DEFAULT_COLOR", "ff0000").strip() app.config["DEFAULT_THEME"] = environ.get("DEFAULT_THEME", "midnight").strip() -app.config["FORCE_HTTPS"] = True +app.config["FORCE_HTTPS"] = int(environ.get("FORCE_HTTPS", 1)) if ("localhost" not in app.config["SERVER_NAME"] and "localhost" not in app.config["SERVER_NAME"]) else 0 app.config["UserAgent"] = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.107 Safari/537.36" app.config["HCAPTCHA_SITEKEY"] = environ.get("HCAPTCHA_SITEKEY","").strip() app.config["HCAPTCHA_SECRET"] = environ.get("HCAPTCHA_SECRET","").strip() @@ -51,6 +51,7 @@ app.config["SPAM_SIMILAR_COUNT_THRESHOLD"] = int(environ.get("SPAM_SIMILAR_COUNT app.config["SPAM_URL_SIMILARITY_THRESHOLD"] = float(environ.get("SPAM_URL_SIMILARITY_THRESHOLD", 0.5)) app.config["COMMENT_SPAM_SIMILAR_THRESHOLD"] = float(environ.get("COMMENT_SPAM_SIMILAR_THRESHOLD", 0.5)) app.config["COMMENT_SPAM_COUNT_THRESHOLD"] = int(environ.get("COMMENT_SPAM_COUNT_THRESHOLD", 0.5)) +app.config["VIDEO_COIN_REQUIREMENT"] = int(environ.get("VIDEO_COIN_REQUIREMENT", 0)) app.config["READ_ONLY"]=bool(int(environ.get("READ_ONLY", "0"))) app.config["BOT_DISABLE"]=bool(int(environ.get("BOT_DISABLE", False))) app.config["RATELIMIT_KEY_PREFIX"] = "flask_limiting_" @@ -60,7 +61,7 @@ app.config["RATELIMIT_DEFAULTS_EXEMPT_WHEN"]=lambda:False app.config["RATELIMIT_HEADERS_ENABLED"]=True app.config["CACHE_TYPE"] = "redis" app.config["CACHE_DIR"] = "cache" -app.config["RATELIMIT_STORAGE_URL"] = environ.get("REDIS_URL", "redis://localhost") +app.config["RATELIMIT_STORAGE_URL"] = "redis://localhost" app.config['MAIL_SERVER'] = 'smtp.gmail.com' app.config['MAIL_PORT'] = 587 app.config['MAIL_USE_TLS'] = True @@ -72,7 +73,7 @@ r=redis.Redis(host=environ.get("REDIS_URL", "redis://localhost"), decode_respon limiter = Limiter( app, key_func=get_ipaddr, - default_limits=["3/second;30/minute;100/hour"], + default_limits=["3/second;30/minute;200/hour"], headers_enabled=True, strategy="fixed-window" ) @@ -98,7 +99,11 @@ def before_request(): g.timestamp = int(time.time()) - if request.url.startswith("http://") and "localhost" not in app.config["SERVER_NAME"]: + if not request.path.startswith("/assets") and not request.path.startswith("/images") and not request.path.startswith("/hostedimages"): + session.permanent = True + if not session.get("session_id"): session["session_id"] = secrets.token_hex(16) + + if app.config["FORCE_HTTPS"] and request.url.startswith("http://") and "localhost" not in app.config["SERVER_NAME"]: url = request.url.replace("http://", "https://", 1) return redirect(url, code=301) @@ -123,11 +128,4 @@ def after_request(response): return response -@app.route("/", subdomain="www") -@app.route("/", subdomain="old") -@app.route("/", subdomain="www") -@app.route("/", subdomain="old") -def sub_redirect(path): - return redirect(request.full_path) - from files.routes import * \ No newline at end of file diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py index 689c91992..42942cd70 100644 --- a/files/helpers/wrappers.py +++ b/files/helpers/wrappers.py @@ -29,7 +29,7 @@ def get_logged_in_user(): return v def check_ban_evade(v): - if v and v.ban_evade and v.admin_level == 0 and not v.is_suspended: + if not v.patron and v and v.ban_evade and v.admin_level == 0 and not v.is_suspended: if random.randint(0,30) < v.ban_evade: v.shadowbanned = "AutoJanny" else: v.ban_evade +=1 g.db.add(v) diff --git a/files/routes/admin.py b/files/routes/admin.py index 8a1970f86..b19235d31 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -37,18 +37,23 @@ def grassed(v): def distribute(v, cid): try: int(cid) except: abort(400) - post = g.db.query(Comment).filter_by(id=cid).first().post.permalink + post = g.db.query(Comment).filter_by(id=cid).first().post + + pool = 0 + for option in post.bet_options: pool += option.upvotes votes = g.db.query(CommentVote).filter_by(comment_id=cid) - autobetter = g.db.query(User).filter_by(id=AUTOBETTER_ID).first() - coinsperperson = int(autobetter.coins / votes.count()) - cid = notif_comment(f"You won {coinsperperson} coins betting on [{post}]({post}) !") + coinsperperson = int(pool / votes.count()) + + cid = notif_comment(f"You won {coinsperperson} coins betting on [{post.permalink}]({post.permalink}) !") for vote in votes: u = vote.user u.coins += coinsperperson add_notif(cid, u.id) - autobetter.coins = 0 + autobetter = g.db.query(User).filter_by(id=AUTOBETTER_ID).first() + autobetter.coins -= pool g.db.add(autobetter) + g.db.commit() return f"Each winner has received {coinsperperson} coins!"