Commit Graph

111 Commits (36612a304599827304f3dcd2a7ad00a03af3da4b)

Author SHA1 Message Date
Aevann 5bc6597188 add 1/1 second ratelimiter for user ids to fix blackjack exploit 2023-04-02 08:52:26 +02:00
Aevann 57765f0776 revert sqlalchemy changes 2023-03-16 08:27:58 +02:00
Aevann f768d81103 keep db sessions open 2023-03-15 05:58:00 +02:00
Aevann e8e7e9670b do this https://stupidpol.site/post/18459/marseycapywalking-megathread-for-bugs-and-suggestions/3738025#context 2023-03-10 03:28:03 +02:00
Aevann 64fb4c7a92 put unapproved apps before approved apps 2023-02-28 19:13:38 +02:00
Aevann 17bb6dad48 blackjack fix exploit 2023-02-27 07:33:45 +02:00
Aevann fe0b8887bc change 1/second ratelimit to 1/2 second 2023-02-26 12:26:26 +02:00
Aevann 3a07858639 revert back from \n to \n\n for easier to read source and making linefeeds work when theres <pre> or ``` 2023-02-26 12:20:32 +02:00
Aevann 82a73392a9 fix errors 2023-02-26 10:49:09 +02:00
Aevann 8c495c914a default ratelimit doesnt apply implicitly if theres other @limiter.limit before the function, so add it explicity before all functions 2023-02-26 10:41:04 +02:00
Aevann 4c35f0b07f remove unnecessary line 2023-02-26 08:35:59 +02:00
Aevann 7aaeedea36 better ratelimiting 2023-02-26 03:42:39 +02:00
Aevann 6fcc525772 remove unnecessary body 2023-02-24 09:16:50 +02:00
Aevann 858592965f fix 500 errors 2023-02-24 08:48:30 +02:00
Aevann e37031c4dd make sure g.db.flush() is always above _push_notif_thread 2023-02-24 04:36:25 +02:00
Aevann ad63fca3e7 giev push notif for app requests 2023-02-24 03:58:52 +02:00
Aevann 88814ee208 expand blackjack 2023-02-07 05:31:49 +02:00
Aevann a40dee5bd8 improve user ratelimiting 2023-01-21 06:39:46 +02:00
Aevann 044664a25e get rid of useless tabs and spaces 2023-01-01 13:36:20 +02:00
Aevann 8ee189022b seething hatred 2022-12-30 21:01:47 +02:00
Aevann c4872ecb07 Revert "attempt to fix ratelimiting user"
This reverts commit 99597fc36c.
2022-12-30 20:43:13 +02:00
Aevann 99597fc36c attempt to fix ratelimiting user 2022-12-30 20:40:58 +02:00
Aevann 9a8c986f93 attempt to fix ratelimiting user 2022-12-30 20:33:07 +02:00
Aevann 909e3f5f29 use a cool flask feature i didnt know about 2022-12-29 12:39:10 +02:00
Aevann1 0376124eb0 clearer notifications for hole and admin actions 2022-12-13 19:11:26 +02:00
justcool393 ab41db22b7 [DO NOT MERGE] multiple sub banners (#59)
allows multiple sub banners

Snakes note: By request of Carp, especially for WPD.

Co-authored-by: justcool393 <justcool393@gmail.com>
Co-authored-by: Snakes <duolsm@outlook.com>
Reviewed-on: rDrama/rDrama#59
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-11 23:44:34 +00:00
justcool393 0ff034b01b add typing to a bunch of routes 2022-11-26 15:00:16 -06:00
justcool393 255d5b2453 security: fix mute bypass
modmail: constantify user ID
2022-11-17 16:50:06 -06:00
justcool393 ee8ad10fac fix 500 on IntegrityError 2022-11-15 15:12:36 -06:00
Aevann1 532ebd3ac8 standardize g.db behavior 2022-11-15 17:39:00 +02:00
justcool393 8f2f48d6d1
[DO NOT MERGE] import detanglation (#442)
* move Base definition to files.classes.__init__.py

* fix ImportError

* move userpage listing to users.py

* don't import the app from classes

* consts: set default values to avoid crashes
consts: warn if the secret key is the default config value

* card view: sneed (user db schema)

* cloudflare: use DEFAULT_CONFIG_VALUE

* const: set default values

* decouple media.py from __main__

* pass database to avoid imports

* import cleanup and import request not in const, but in the requests mega import

* move asset_submissions site check to __init__

* asset submissions feature flag

* flag

* g.is_tor

* don't import request where it's not needed

* i think this is fine

* mail: move to own routes and helper

* wrappers

* required wrappers move

* unfuck wrappers a bit

* move snappy quotes and marseys to stateful consts

* marsify

* :pepodrool:

* fix missing import

* import cache

* ...and settings.py

* and static.py

* static needs cache

* route

* lmao all of the jinja shit was in feeds.py amazing

* classes should only import what they need from flask

* import Response

* hdjbjdhbhjf

* ...

* dfdfdfdf

* make get a non-required import

* isort imports (mostly)

* but actually

* configs

* reload config on import

* fgfgfgfg

* config

* config

* initialize snappy and test

* cookie of doom debug

* edfjnkf

* xikscdfd

* debug config

* set session cookie domain, i think this fixes the can't login bug

* sdfbgnhvfdsghbnjfbdvvfghnn

* hrsfxgf

* dump the entire config on a request

* kyskyskyskyskyskyskyskyskys

* duifhdskfjdfd

* dfdfdfdfdfdfdfdfdfdfdfdf

* dfdfdfdf

* imoprt all of the consts beacuse fuck it

* 😭

* dfdfdfdfdfdfsdasdf

* print the entire session

* rffdfdfjkfksj

* fgbhffh

* not the secret keys

* minor bug fixes

* be helpful in the warning

* gfgfgfg

* move warning lower

* isort main imports (i hope this doesn't fuck something up)

* test

* session cookie domain redux

* dfdfdfd

* try only importing Flask

* formkeys fix

* y

* :pepodrool:

* route helper

* remove before flight

* dfdfdfdfdf

* isort classes

* isort helpers

* move check_for_alts to routehelpers and also sort imports and get rid of unused ones

* that previous commit but actkally

* readd the cache in a dozen places they were implicitly imported

* use g.is_tor instead of request.headers. bla bla bla

* upgrade streamers to their own route file

* get rid of unused imports in __main__

* fgfgf

* don't pull in the entire ORM where we don't need it

* features

* explicit imports for the get helper

* explicit imports for the get helper redux

* testing allroutes

* remove unused import

* decouple flask from classes

* syntax fix also remember these have side fx for some reason (why?)

* move side effects out of the class

* posts

* testing on devrama

* settings

* reloading

* settingssdsdsds

* streamer features

* site settings

* testing settings on devrama

* import

* fix modlog

* remove debug stuff

* revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6

* archiveorg to _archiveorg

* skhudkfkjfd

* fix cron for PCM

* fix bugs that snekky wants me to

* Fix call to realbody passing db, standardize kwarg

* test

* import check_for_alts from the right place

* cloudflare

* testing on devrama

* fix cron i think

* shadow properly

* tasks

* Remove print which will surely be annoying in prod.

* v and create new session

* use files.classes

* make errors import little and fix rare 500 in /allow_nsfw

* Revert "use files.classes"

This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6.

* pass v to media functions rather than using g

* fix

* dfdfdfdfd

* cleanup, py type checking is dumb so don't use it where it causes issues

* Fix some merge bugs, add DEFAULT_RATELIMIT to main.

* Fix imports on sqlalchemy expressions.

* `from random import random` is an error.

* Fix replies db param.

* errors: fix missing import

* fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text

* Fix signup formkey.

* fix 2 500s

* propagate db to submissions

* fix replies

* dfdfdfdf

* Fix verifiedcolor.

* is_manual

* can't use getters outside of an app context

* don't attempt to do gumroad on sites where it's not enabled

* don't attempt to do gumraod on sites's where it's unnecessary

* Revert "don't attempt to do gumroad on sites where it's not enabled"

This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3.

* fix 500

* validate media type

Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 03:19:08 -06:00
Snakes 8fee66c894
Reorder decorators to support f63237a9a2.
Ultimately necessary because otherwise all bots share rate limits
with each other. The somewhat haphazard ordering of decorators bothers
me, but it's functionally required.

Approaches using request context (like reading the Authorization
header in ratelimit_user) likely produce bugs all their own.
2022-11-13 05:18:52 -05:00
justcool393 aa272729f1 default ratelimit and default ratelimit slower 2022-11-13 00:43:47 -06:00
justcool393 80d7d5281d ratelimit_user() wrapper 2022-11-13 00:07:15 -06:00
Aevann1 f41b09cc07 small change to /admin/app 2022-10-28 22:13:58 +02:00
justcool393 aa508fc076 remove discord 2022-10-16 05:42:52 -07:00
justcool393 f4af073253 fix 17 potential 500s 2022-10-16 02:51:42 -07:00
Aevann1 356c9f1219 add "(Admin)" to messages sent to users due to admin actions (for clarity to new users) 2022-10-10 08:11:17 +02:00
justcool393 02d0e2043e rename APPS_MODERATE to APPS_MODERATION 2022-10-06 00:40:36 -07:00
justcool393 20bd38b5d3 add oauth permissions 2022-10-05 22:33:55 -07:00
justcool393 376566e723
return 404 if oauth app doesn't exist (#366)
fixes an AttributeError if the oauth app doesn't exist
2022-09-23 14:08:54 +02:00
Aevann1 e0d32c7105 dont send me a notif 2022-09-12 19:52:07 +02:00
Aevann1 fbe7089d2a more detailed success message description 2022-09-11 16:32:00 +02:00
Aevann1 0c32d56cd6 casino + style shit 2022-09-05 01:15:37 +02:00
Aevann1 84dc2b3973 don't notify me of smth I did 2022-08-25 17:56:51 +02:00
Aevann1 a8f62aecdb reserve app management to JL3 2022-08-05 20:45:43 +02:00
Aevann1 81b762fbc2 add a discord server for api users to help eachother 2022-07-18 02:46:46 +02:00
Aevann1 48cbe8a6b1 allow ppl to revoke app authorizations 2022-07-15 02:12:54 +02:00
Aevann1 2d21863e19 replace "request.host" with "SITE" 2022-07-13 20:14:37 +02:00
Aevann1 a8fe49f232 kitchen sink commit, all over the place 2022-07-08 21:03:04 +02:00