forked from MarseyWorld/MarseyWorld
sfdsfd
parent
ec3fb00ff4
commit
edca73723a
|
@ -43,6 +43,7 @@ def send_verification_email(user, email=None):
|
||||||
@app.post("/verify_email")
|
@app.post("/verify_email")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def api_verify_email(v):
|
def api_verify_email(v):
|
||||||
|
|
||||||
send_verification_email(v)
|
send_verification_email(v)
|
||||||
|
|
|
@ -36,6 +36,7 @@ def truescore(v):
|
||||||
@app.post("/@<username>/revert_actions")
|
@app.post("/@<username>/revert_actions")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@admin_level_required(2)
|
@admin_level_required(2)
|
||||||
|
@validate_formkey
|
||||||
def revert_actions(v, username):
|
def revert_actions(v, username):
|
||||||
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
||||||
user = get_user(username)
|
user = get_user(username)
|
||||||
|
@ -61,6 +62,7 @@ def revert_actions(v, username):
|
||||||
@app.post("/@<username>/club_allow")
|
@app.post("/@<username>/club_allow")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@admin_level_required(2)
|
@admin_level_required(2)
|
||||||
|
@validate_formkey
|
||||||
def club_allow(v, username):
|
def club_allow(v, username):
|
||||||
|
|
||||||
u = get_user(username, v=v)
|
u = get_user(username, v=v)
|
||||||
|
@ -84,6 +86,7 @@ def club_allow(v, username):
|
||||||
@app.post("/@<username>/club_ban")
|
@app.post("/@<username>/club_ban")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@admin_level_required(2)
|
@admin_level_required(2)
|
||||||
|
@validate_formkey
|
||||||
def club_ban(v, username):
|
def club_ban(v, username):
|
||||||
|
|
||||||
u = get_user(username, v=v)
|
u = get_user(username, v=v)
|
||||||
|
@ -107,6 +110,7 @@ def club_ban(v, username):
|
||||||
@app.post("/@<username>/make_admin")
|
@app.post("/@<username>/make_admin")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@admin_level_required(2)
|
@admin_level_required(2)
|
||||||
|
@validate_formkey
|
||||||
def make_admin(v, username):
|
def make_admin(v, username):
|
||||||
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
||||||
user = get_user(username)
|
user = get_user(username)
|
||||||
|
@ -120,6 +124,7 @@ def make_admin(v, username):
|
||||||
@app.post("/@<username>/remove_admin")
|
@app.post("/@<username>/remove_admin")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@admin_level_required(2)
|
@admin_level_required(2)
|
||||||
|
@validate_formkey
|
||||||
def remove_admin(v, username):
|
def remove_admin(v, username):
|
||||||
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
||||||
user = get_user(username)
|
user = get_user(username)
|
||||||
|
@ -133,6 +138,7 @@ def remove_admin(v, username):
|
||||||
@app.post("/@<username>/make_meme_admin")
|
@app.post("/@<username>/make_meme_admin")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@admin_level_required(2)
|
@admin_level_required(2)
|
||||||
|
@validate_formkey
|
||||||
def make_meme_admin(v, username):
|
def make_meme_admin(v, username):
|
||||||
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
||||||
user = get_user(username)
|
user = get_user(username)
|
||||||
|
@ -146,6 +152,7 @@ def make_meme_admin(v, username):
|
||||||
@app.post("/@<username>/remove_meme_admin")
|
@app.post("/@<username>/remove_meme_admin")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@admin_level_required(2)
|
@admin_level_required(2)
|
||||||
|
@validate_formkey
|
||||||
def remove_meme_admin(v, username):
|
def remove_meme_admin(v, username):
|
||||||
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
||||||
user = get_user(username)
|
user = get_user(username)
|
||||||
|
@ -159,6 +166,7 @@ def remove_meme_admin(v, username):
|
||||||
@app.post("/admin/monthly")
|
@app.post("/admin/monthly")
|
||||||
@limiter.limit("1/day")
|
@limiter.limit("1/day")
|
||||||
@admin_level_required(2)
|
@admin_level_required(2)
|
||||||
|
@validate_formkey
|
||||||
def monthly(v):
|
def monthly(v):
|
||||||
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
|
||||||
thing = g.db.query(AwardRelationship).order_by(AwardRelationship.id.desc()).first().id
|
thing = g.db.query(AwardRelationship).order_by(AwardRelationship.id.desc()).first().id
|
||||||
|
@ -930,6 +938,7 @@ def api_distinguish_post(post_id, v):
|
||||||
|
|
||||||
@app.post("/sticky/<post_id>")
|
@app.post("/sticky/<post_id>")
|
||||||
@admin_level_required(2)
|
@admin_level_required(2)
|
||||||
|
@validate_formkey
|
||||||
def api_sticky_post(post_id, v):
|
def api_sticky_post(post_id, v):
|
||||||
|
|
||||||
post = g.db.query(Submission).filter_by(id=post_id).first()
|
post = g.db.query(Submission).filter_by(id=post_id).first()
|
||||||
|
@ -965,6 +974,7 @@ def api_sticky_post(post_id, v):
|
||||||
@app.post("/ban_comment/<c_id>")
|
@app.post("/ban_comment/<c_id>")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@admin_level_required(1)
|
@admin_level_required(1)
|
||||||
|
@validate_formkey
|
||||||
def api_ban_comment(c_id, v):
|
def api_ban_comment(c_id, v):
|
||||||
|
|
||||||
comment = g.db.query(Comment).filter_by(id=c_id).first()
|
comment = g.db.query(Comment).filter_by(id=c_id).first()
|
||||||
|
@ -989,6 +999,7 @@ def api_ban_comment(c_id, v):
|
||||||
@app.post("/unban_comment/<c_id>")
|
@app.post("/unban_comment/<c_id>")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@admin_level_required(1)
|
@admin_level_required(1)
|
||||||
|
@validate_formkey
|
||||||
def api_unban_comment(c_id, v):
|
def api_unban_comment(c_id, v):
|
||||||
|
|
||||||
comment = g.db.query(Comment).filter_by(id=c_id).first()
|
comment = g.db.query(Comment).filter_by(id=c_id).first()
|
||||||
|
@ -1013,6 +1024,7 @@ def api_unban_comment(c_id, v):
|
||||||
|
|
||||||
@app.post("/distinguish_comment/<c_id>")
|
@app.post("/distinguish_comment/<c_id>")
|
||||||
@admin_level_required(1)
|
@admin_level_required(1)
|
||||||
|
@validate_formkey
|
||||||
def admin_distinguish_comment(c_id, v):
|
def admin_distinguish_comment(c_id, v):
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -234,6 +234,7 @@ def shop(v):
|
||||||
|
|
||||||
@app.post("/buy/<award>")
|
@app.post("/buy/<award>")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def buy(v, award):
|
def buy(v, award):
|
||||||
AWARDS = {
|
AWARDS = {
|
||||||
"shit": {
|
"shit": {
|
||||||
|
@ -446,6 +447,7 @@ def buy(v, award):
|
||||||
@app.post("/post/<pid>/awards")
|
@app.post("/post/<pid>/awards")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def award_post(pid, v):
|
def award_post(pid, v):
|
||||||
|
|
||||||
if v.shadowbanned: return render_template('errors/500.html', v=v), 500
|
if v.shadowbanned: return render_template('errors/500.html', v=v), 500
|
||||||
|
@ -603,6 +605,7 @@ def award_post(pid, v):
|
||||||
@app.post("/comment/<cid>/awards")
|
@app.post("/comment/<cid>/awards")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def award_comment(cid, v):
|
def award_comment(cid, v):
|
||||||
|
|
||||||
if v.shadowbanned: return render_template('errors/500.html', v=v), 500
|
if v.shadowbanned: return render_template('errors/500.html', v=v), 500
|
||||||
|
|
|
@ -13,6 +13,7 @@ def slash_post():
|
||||||
|
|
||||||
@app.post("/clear")
|
@app.post("/clear")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def clear(v):
|
def clear(v):
|
||||||
for n in v.notifications.filter_by(read=False).all():
|
for n in v.notifications.filter_by(read=False).all():
|
||||||
n.read = True
|
n.read = True
|
||||||
|
@ -210,7 +211,8 @@ def frontlist(v=None, sort="hot", page=1, t="all", ids_only=True, filter_words='
|
||||||
posts = posts.filter(Submission.created_utc >= cutoff)
|
posts = posts.filter(Submission.created_utc >= cutoff)
|
||||||
else: cutoff = 0
|
else: cutoff = 0
|
||||||
|
|
||||||
posts = posts.filter_by(is_banned=False, stickied=None, private=False, deleted_utc = 0)
|
if sort == "new": posts = posts.filter_by(is_banned=False, private=False, deleted_utc = 0)
|
||||||
|
else: posts = posts.filter_by(is_banned=False, stickied=None, private=False, deleted_utc = 0)
|
||||||
|
|
||||||
if v and v.admin_level == 0:
|
if v and v.admin_level == 0:
|
||||||
blocking = [x[0] for x in g.db.query(
|
blocking = [x[0] for x in g.db.query(
|
||||||
|
@ -263,13 +265,14 @@ def frontlist(v=None, sort="hot", page=1, t="all", ids_only=True, filter_words='
|
||||||
|
|
||||||
posts = posts[:size]
|
posts = posts[:size]
|
||||||
|
|
||||||
pins = g.db.query(Submission).filter(Submission.stickied != None, Submission.is_banned == False)
|
if sort != "new":
|
||||||
if v and v.admin_level == 0:
|
pins = g.db.query(Submission).filter(Submission.stickied != None, Submission.is_banned == False)
|
||||||
blocking = [x[0] for x in g.db.query(UserBlock.target_id).filter_by(user_id=v.id).all()]
|
if v and v.admin_level == 0:
|
||||||
blocked = [x[0] for x in g.db.query(UserBlock.user_id).filter_by(target_id=v.id).all()]
|
blocking = [x[0] for x in g.db.query(UserBlock.target_id).filter_by(user_id=v.id).all()]
|
||||||
pins = pins.filter(Submission.author_id.notin_(blocking), Submission.author_id.notin_(blocked))
|
blocked = [x[0] for x in g.db.query(UserBlock.user_id).filter_by(target_id=v.id).all()]
|
||||||
|
pins = pins.filter(Submission.author_id.notin_(blocking), Submission.author_id.notin_(blocked))
|
||||||
|
|
||||||
if page == 1 and not gt and not lt: posts = pins.all() + posts
|
if sort != "new" and page == 1 and not gt and not lt: posts = pins.all() + posts
|
||||||
|
|
||||||
if ids_only: posts = [x.id for x in posts]
|
if ids_only: posts = [x.id for x in posts]
|
||||||
|
|
||||||
|
|
|
@ -38,6 +38,7 @@ def authorize(v):
|
||||||
@app.post("/api_keys")
|
@app.post("/api_keys")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@is_not_banned
|
@is_not_banned
|
||||||
|
@validate_formkey
|
||||||
def request_api_keys(v):
|
def request_api_keys(v):
|
||||||
|
|
||||||
new_app = OauthApp(
|
new_app = OauthApp(
|
||||||
|
@ -253,6 +254,7 @@ def admin_apps_list(v):
|
||||||
@app.post("/oauth/reroll/<aid>")
|
@app.post("/oauth/reroll/<aid>")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def reroll_oauth_tokens(aid, v):
|
def reroll_oauth_tokens(aid, v):
|
||||||
|
|
||||||
aid = aid
|
aid = aid
|
||||||
|
|
|
@ -8,6 +8,7 @@ from files.helpers.sanitize import filter_emojis_only
|
||||||
@app.post("/report/post/<pid>")
|
@app.post("/report/post/<pid>")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def api_flag_post(pid, v):
|
def api_flag_post(pid, v):
|
||||||
|
|
||||||
post = get_post(pid)
|
post = get_post(pid)
|
||||||
|
@ -38,6 +39,7 @@ def api_flag_post(pid, v):
|
||||||
@app.post("/report/comment/<cid>")
|
@app.post("/report/comment/<cid>")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def api_flag_comment(cid, v):
|
def api_flag_comment(cid, v):
|
||||||
|
|
||||||
comment = get_comment(cid)
|
comment = get_comment(cid)
|
||||||
|
|
|
@ -34,6 +34,7 @@ tiers={
|
||||||
@app.post("/settings/removebackground")
|
@app.post("/settings/removebackground")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def removebackground(v):
|
def removebackground(v):
|
||||||
v.background = None
|
v.background = None
|
||||||
g.db.add(v)
|
g.db.add(v)
|
||||||
|
@ -439,6 +440,7 @@ def settings_profile_post(v):
|
||||||
|
|
||||||
@app.post("/settings/filters")
|
@app.post("/settings/filters")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def filters(v):
|
def filters(v):
|
||||||
filters=request.values.get("filters")[:1000].strip()
|
filters=request.values.get("filters")[:1000].strip()
|
||||||
|
|
||||||
|
@ -810,6 +812,7 @@ def settings_css_get(v):
|
||||||
@app.post("/settings/css")
|
@app.post("/settings/css")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def settings_css(v):
|
def settings_css(v):
|
||||||
css = request.values.get("css").strip().replace('\\', '').strip()[:4000]
|
css = request.values.get("css").strip().replace('\\', '').strip()[:4000]
|
||||||
|
|
||||||
|
@ -826,14 +829,15 @@ def settings_css(v):
|
||||||
@auth_required
|
@auth_required
|
||||||
def settings_profilecss_get(v):
|
def settings_profilecss_get(v):
|
||||||
|
|
||||||
if v.truecoins < 1000 and not v.patron and v.admin_level == 0 : return f"You must have +1000 {COINS_NAME} or be a patron to set profile css."
|
if v.truecoins < 1000 and not v.patron and v.admin_level == 0 : return f"You must have +1000 {COINS_NAME} or be a paypig to set profile css."
|
||||||
return render_template("settings_profilecss.html", v=v)
|
return render_template("settings_profilecss.html", v=v)
|
||||||
|
|
||||||
@app.post("/settings/profilecss")
|
@app.post("/settings/profilecss")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def settings_profilecss(v):
|
def settings_profilecss(v):
|
||||||
if v.truecoins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css."
|
if v.truecoins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a paypig to set profile css."
|
||||||
profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000]
|
profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000]
|
||||||
v.profilecss = profilecss
|
v.profilecss = profilecss
|
||||||
g.db.add(v)
|
g.db.add(v)
|
||||||
|
|
|
@ -230,6 +230,7 @@ def contact(v):
|
||||||
@app.post("/contact")
|
@app.post("/contact")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def submit_contact(v):
|
def submit_contact(v):
|
||||||
message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "")
|
message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "")
|
||||||
send_admin(v.id, message)
|
send_admin(v.id, message)
|
||||||
|
|
|
@ -97,6 +97,7 @@ def downvoting(v, username):
|
||||||
@app.post("/pay_rent")
|
@app.post("/pay_rent")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def pay_rent(v):
|
def pay_rent(v):
|
||||||
if v.coins < 500: return "You must have more than 500 coins."
|
if v.coins < 500: return "You must have more than 500 coins."
|
||||||
v.coins -= 500
|
v.coins -= 500
|
||||||
|
@ -113,6 +114,7 @@ def pay_rent(v):
|
||||||
@app.post("/steal")
|
@app.post("/steal")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@is_not_banned
|
@is_not_banned
|
||||||
|
@validate_formkey
|
||||||
def steal(v):
|
def steal(v):
|
||||||
if int(time.time()) - v.created_utc < 604800:
|
if int(time.time()) - v.created_utc < 604800:
|
||||||
return "You must have an account older than 1 week in order to attempt stealing."
|
return "You must have an account older than 1 week in order to attempt stealing."
|
||||||
|
@ -167,6 +169,7 @@ def thiefs(v):
|
||||||
@app.post("/@<username>/suicide")
|
@app.post("/@<username>/suicide")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def suicide(v, username):
|
def suicide(v, username):
|
||||||
t = int(time.time())
|
t = int(time.time())
|
||||||
if v.admin_level == 0 and t - v.suicide_utc < 86400: return {"message": "You're on 1-day cooldown!"}
|
if v.admin_level == 0 and t - v.suicide_utc < 86400: return {"message": "You're on 1-day cooldown!"}
|
||||||
|
@ -312,6 +315,7 @@ def song(song):
|
||||||
@app.post("/subscribe/<post_id>")
|
@app.post("/subscribe/<post_id>")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def subscribe(v, post_id):
|
def subscribe(v, post_id):
|
||||||
new_sub = Subscription(user_id=v.id, submission_id=post_id)
|
new_sub = Subscription(user_id=v.id, submission_id=post_id)
|
||||||
g.db.add(new_sub)
|
g.db.add(new_sub)
|
||||||
|
@ -321,6 +325,7 @@ def subscribe(v, post_id):
|
||||||
@app.post("/unsubscribe/<post_id>")
|
@app.post("/unsubscribe/<post_id>")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def unsubscribe(v, post_id):
|
def unsubscribe(v, post_id):
|
||||||
sub=g.db.query(Subscription).filter_by(user_id=v.id, submission_id=post_id).first()
|
sub=g.db.query(Subscription).filter_by(user_id=v.id, submission_id=post_id).first()
|
||||||
if sub:
|
if sub:
|
||||||
|
@ -337,6 +342,7 @@ def reportbugs(v):
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@limiter.limit("10/hour")
|
@limiter.limit("10/hour")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def message2(v, username):
|
def message2(v, username):
|
||||||
|
|
||||||
user = get_user(username, v=v)
|
user = get_user(username, v=v)
|
||||||
|
@ -400,6 +406,7 @@ def message2(v, username):
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@limiter.limit("6/minute")
|
@limiter.limit("6/minute")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def messagereply(v):
|
def messagereply(v):
|
||||||
|
|
||||||
message = request.values.get("body", "").strip()[:1000].strip()
|
message = request.values.get("body", "").strip()[:1000].strip()
|
||||||
|
@ -727,6 +734,7 @@ def u_username_info(username, v=None):
|
||||||
@app.post("/follow/<username>")
|
@app.post("/follow/<username>")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def follow_user(username, v):
|
def follow_user(username, v):
|
||||||
|
|
||||||
target = get_user(username)
|
target = get_user(username)
|
||||||
|
@ -752,6 +760,7 @@ def follow_user(username, v):
|
||||||
@app.post("/unfollow/<username>")
|
@app.post("/unfollow/<username>")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def unfollow_user(username, v):
|
def unfollow_user(username, v):
|
||||||
|
|
||||||
target = get_user(username)
|
target = get_user(username)
|
||||||
|
@ -778,6 +787,7 @@ def unfollow_user(username, v):
|
||||||
@app.post("/remove_follow/<username>")
|
@app.post("/remove_follow/<username>")
|
||||||
@limiter.limit("1/second")
|
@limiter.limit("1/second")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def remove_follow(username, v):
|
def remove_follow(username, v):
|
||||||
target = get_user(username)
|
target = get_user(username)
|
||||||
|
|
||||||
|
@ -869,6 +879,7 @@ def saved_comments(v, username):
|
||||||
|
|
||||||
@app.post("/fp/<fp>")
|
@app.post("/fp/<fp>")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def fp(v, fp):
|
def fp(v, fp):
|
||||||
if v.username != fp:
|
if v.username != fp:
|
||||||
v.fp = fp
|
v.fp = fp
|
||||||
|
|
|
@ -196,6 +196,7 @@ def api_vote_comment(comment_id, new, v):
|
||||||
|
|
||||||
@app.post("/vote/poll/<comment_id>")
|
@app.post("/vote/poll/<comment_id>")
|
||||||
@auth_required
|
@auth_required
|
||||||
|
@validate_formkey
|
||||||
def api_vote_poll(comment_id, v):
|
def api_vote_poll(comment_id, v):
|
||||||
|
|
||||||
vote = request.values.get("vote")
|
vote = request.values.get("vote")
|
||||||
|
|
|
@ -102,6 +102,6 @@
|
||||||
</nav>
|
</nav>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
<script src="/assets/js/changelog.js?v=54"></script>
|
<script src="/assets/js/changelog.js?v=55"></script>
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
|
@ -749,7 +749,7 @@
|
||||||
|
|
||||||
{% if v %}
|
{% if v %}
|
||||||
<script src="/assets/js/marked.js?v=1"></script>
|
<script src="/assets/js/marked.js?v=1"></script>
|
||||||
<script src="/assets/js/comments_v.js?v=85"></script>
|
<script src="/assets/js/comments_v.js?v=86"></script>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
<script src="/assets/js/clipboard.js?v=3"></script>
|
<script src="/assets/js/clipboard.js?v=3"></script>
|
||||||
|
|
|
@ -287,7 +287,7 @@
|
||||||
<script src="/assets/js/lozad.js?v=54"></script>
|
<script src="/assets/js/lozad.js?v=54"></script>
|
||||||
|
|
||||||
{% if v %}
|
{% if v %}
|
||||||
<script src="/assets/js/default.js?v=59"></script>
|
<script src="/assets/js/default.js?v=60"></script>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
<link rel="stylesheet" href="/assets/css/lite-youtube.css?v=3">
|
<link rel="stylesheet" href="/assets/css/lite-youtube.css?v=3">
|
||||||
|
|
|
@ -213,7 +213,7 @@
|
||||||
</div>
|
</div>
|
||||||
</nav>
|
</nav>
|
||||||
|
|
||||||
<script src="/assets/js/header.js?v=54"></script>
|
<script src="/assets/js/header.js?v=56"></script>
|
||||||
|
|
||||||
<style>
|
<style>
|
||||||
.notif-count {
|
.notif-count {
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
|
|
||||||
<script src="/assets/js/settings_block.js?v=2"></script>
|
<script src="/assets/js/settings_blocks.js?v=2"></script>
|
||||||
|
|
||||||
<div class="row">
|
<div class="row">
|
||||||
|
|
||||||
|
@ -121,4 +121,8 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
|
{% if v %}
|
||||||
|
<div id="formkey" class="d-none">{{v.formkey}}</div>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
|
@ -687,4 +687,8 @@
|
||||||
{% include "emoji_modal.html" %}
|
{% include "emoji_modal.html" %}
|
||||||
{% include "gif_modal.html" %}
|
{% include "gif_modal.html" %}
|
||||||
|
|
||||||
|
{% if v %}
|
||||||
|
<div id="formkey" class="d-none">{{v.formkey}}</div>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
|
@ -805,7 +805,7 @@
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
{% if offset %}
|
{% if offset %}
|
||||||
<script src="/assets/js/viewmore.js?v=1"></script>
|
<script src="/assets/js/viewmore.js?v=2"></script>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{% elif not p.replies and p.deleted_utc == 0 %}
|
{% elif not p.replies and p.deleted_utc == 0 %}
|
||||||
|
@ -865,7 +865,7 @@
|
||||||
|
|
||||||
{% if not p.comment_count %}
|
{% if not p.comment_count %}
|
||||||
{% if v %}
|
{% if v %}
|
||||||
<script src="/assets/js/comments_v.js?v=85"></script>
|
<script src="/assets/js/comments_v.js?v=86"></script>
|
||||||
{% include "award_modal.html" %}
|
{% include "award_modal.html" %}
|
||||||
{% include "emoji_modal.html" %}
|
{% include "emoji_modal.html" %}
|
||||||
{% include "gif_modal.html" %}
|
{% include "gif_modal.html" %}
|
||||||
|
|
|
@ -35,67 +35,6 @@
|
||||||
|
|
||||||
{% if v %}
|
{% if v %}
|
||||||
<script>
|
<script>
|
||||||
const TRANSFER_TAX = {% if v.patron or u.patron %}0{% else %}0.03{% endif %};
|
|
||||||
|
|
||||||
function updateTax(mobile=false) {
|
|
||||||
let suf = mobile ? "-mobile" : "";
|
|
||||||
let amount = parseInt(document.getElementById("coins-transfer-amount" + suf).value);
|
|
||||||
if(isNaN(amount) || amount < 0) {
|
|
||||||
amount = 0;
|
|
||||||
}
|
|
||||||
document.getElementById("coins-transfer-taxed" + suf).innerText = amount - Math.ceil(amount*TRANSFER_TAX);
|
|
||||||
}
|
|
||||||
|
|
||||||
function transferCoins(mobile=false) {
|
|
||||||
let t = event.target;
|
|
||||||
t.disabled = true;
|
|
||||||
|
|
||||||
let amount = parseInt(document.getElementById("coins-transfer-amount").value);
|
|
||||||
let transferred = amount - Math.ceil(amount*TRANSFER_TAX);
|
|
||||||
|
|
||||||
post_toast_callback("/@{{u.username}}/transfer_coins",
|
|
||||||
{"amount": document.getElementById(mobile ? "coins-transfer-amount-mobile" : "coins-transfer-amount").value},
|
|
||||||
(xhr) => {
|
|
||||||
if(xhr.status == 200) {
|
|
||||||
document.getElementById("user-coins-amount").innerText = parseInt(document.getElementById("user-coins-amount").innerText) - amount;
|
|
||||||
document.getElementById("profile-coins-amount-mobile").innerText = parseInt(document.getElementById("profile-coins-amount-mobile").innerText) + transferred;
|
|
||||||
document.getElementById("profile-coins-amount").innerText = parseInt(document.getElementById("profile-coins-amount").innerText) + transferred;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
);
|
|
||||||
|
|
||||||
setTimeout(_ => t.disabled = false, 2000);
|
|
||||||
}
|
|
||||||
</script>
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
{% if u.song %}
|
|
||||||
<script>
|
|
||||||
var audio = new Audio('/songs/{{u.id}}');
|
|
||||||
audio.loop=true;
|
|
||||||
|
|
||||||
{% if not u.unmutable %}
|
|
||||||
function pause() {
|
|
||||||
audio.pause();
|
|
||||||
document.getElementById("pause1").classList.toggle("d-none");
|
|
||||||
document.getElementById("play1").classList.toggle("d-none");
|
|
||||||
document.getElementById("pause2").classList.toggle("d-none");
|
|
||||||
document.getElementById("play2").classList.toggle("d-none");
|
|
||||||
}
|
|
||||||
|
|
||||||
function play() {
|
|
||||||
audio.play();
|
|
||||||
document.getElementById("pause1").classList.toggle("d-none");
|
|
||||||
document.getElementById("play1").classList.toggle("d-none");
|
|
||||||
document.getElementById("pause2").classList.toggle("d-none");
|
|
||||||
document.getElementById("play2").classList.toggle("d-none");
|
|
||||||
}
|
|
||||||
{% endif %}
|
|
||||||
|
|
||||||
audio.play();
|
|
||||||
document.getElementById('userpage').addEventListener('click', () => {
|
|
||||||
if (audio.paused) audio.play();
|
|
||||||
}, {once : true});
|
|
||||||
</script>
|
</script>
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
|
@ -780,8 +719,18 @@
|
||||||
{% include "emoji_modal.html" %}
|
{% include "emoji_modal.html" %}
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
<script src="/assets/js/userpage.js?v=72"></script>
|
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block GIFpicker %}
|
{% block GIFpicker %}
|
||||||
|
{% if u.song %}
|
||||||
|
<div id="uid" class="d-none">{{u.id}}</div>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
{% if v}
|
||||||
|
<script src="/assets/js/userpage_v.js?v=75"></script>
|
||||||
|
<div id="tax" class="d-none">{% if v.patron or u.patron %}0{% else %}0.03{% endif %}</div>
|
||||||
|
<div id="username" class="d-none">{{u.username}}</div>
|
||||||
|
{% endif %}
|
||||||
|
|
||||||
|
<script src="/assets/js/userpage.js?v=75"></script>
|
||||||
{% endblock %}
|
{% endblock %}
|
|
@ -33,5 +33,4 @@
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
{% block pagenav %}
|
{% block pagenav %}
|
||||||
<script src="/assets/js/userpage.js?v=72"></script>
|
|
||||||
{% endblock %}
|
{% endblock %}
|
Loading…
Reference in New Issue