carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity
15,930 Commits
1 Branch
0 Tags
2.3 GiB
Commit Graph

1408 Commits (58c4b621635e52f55a2c287ef1ab3aff7db8add2)

Author SHA1 Message Date
float-trip 58c4b62163 Some fixes (#300) 
* Narrow emoji_regex

* Fix mirrored pat emojis

* Fix ban icon on posts/comments
 2022-06-02 19:18:10 -04:00
Snakes 2008c09136 Add 'filter' to allowed_styles. 2022-06-02 06:14:20 -04:00
Snakes 227ddbec0e Truncate notifs with too-long bodies. 
In general, we don't do a great job of length validating body_html
fields. Lots of ways to get 500 errors by providing too long of
input. Really ought to find a way to fix it in the classes/comment.py
and classes/submission.py classes. In the interim, the recent gifts
messages change is salient because the notification can 500 out
mid-way through performing coin transactions.

Recommended to find a better way of truncating or safely bubbling
the exception up. Truncating probably not best long-term solution
because it could hypothetically permit strings that would otherwise
be considered unsanitized.
 2022-06-01 00:54:05 -04:00
Snakes 49622b3268 Lottery: add admin participants listing. 2022-05-31 23:20:39 -04:00
Snakes 79e338de38 Treasure: raise minimum reward 10 -> 12. 
A rare case where users receive 0 lotto tickets from a treasure chest
occurs when they received 10 or 11 coins from a chest pre-conversion
to lotto tickets. Rather than change ticket_count to the ceil of
dividing coins by ticket cost, it seems less distortionary to instead
imperceptibly raise the minimum to avoid this case.
 2022-05-31 20:23:19 -04:00
Snakes 5d56e71cc9 Rate limiter: fix 81e2a5a for logged-out. 2022-05-30 23:50:56 -04:00
Snakes 4ba2098612 Rate limiter: whitelist admins. 
Due to presently hitting perpetual 429s after a mishap with lottery
polling on production, among past events where admins have gotten
rate-limited for doing otherwise normal admin behavior, the
flask_limiter.Limiter now has a request filter to whitelist JL2+.
Despite running on every request, I don't anticipate this undermining
the DoS prevention power of the Limiter.

It is yet unknown whether there are edge cases where running
get_logged_in_user in a different spot in the request pipeline might
e.g. subtly break the logged-in counters. This is not expected at
present, however.
 2022-05-30 23:01:18 -04:00
Snakes 81e19b1aed Add can_gamble user setting. 
Users now have a toggleable can_gamble setting which disables their
ability to use all chance-based gains on the site: viz. slots,
blackjack, the lottery, and treasure chests.

This only applies on invocation of commands that start gambling
games, so it should cause no bugs when toggled with e.g. active
blackjack games.

This was added for the benefit of users with actual problems with
gambling, be they past addiction or religious conviction. All future
gambling features are humbly requested to respect it.
 2022-05-30 05:32:45 -04:00
outruncolors 0abf890575 Make a few styling changes for mobile lottery modal (#293) 2022-05-30 01:40:55 -04:00
Snakes cf46b8b3fe Refactor e81edb711d for modularity. 2022-05-30 00:30:10 -04:00
Aevann1 e81edb711d fixed this https://rdrama.net/post/72013/-/2010109?context=8#context 2022-05-30 06:12:51 +02:00
Outrun Colors, LLC ef7da60432 Remove new schema changes from file and replace account ids for lottery system 2022-05-29 22:17:31 -05:00
Outrun Colors, LLC db13e0976c Have tickets show up in treasure chests 2022-05-29 21:59:22 -05:00
Outrun Colors, LLC b9dc28e6d1 Don't show lotteries on the sister sites 2022-05-29 20:43:16 -05:00
Outrun Colors, LLC a0cc7e1cf6 Move more stuff to proper location 2022-05-29 19:49:14 -05:00
Outrun Colors, LLC 562202b38d Reorganize route logic 2022-05-29 01:06:39 -05:00
Outrun Colors, LLC bef0b0ff6d Add participants and field updating 2022-05-29 01:01:45 -05:00
Outrun Colors, LLC 1a55a7670e Send notifications to winners and losers 2022-05-28 23:23:20 -05:00
Outrun Colors, LLC 469c39dca6 Configure admin section and purchasing a ticket full flow 2022-05-28 22:33:44 -05:00
Aevann1 709c756660 fds 2022-05-28 16:55:22 +02:00
Aevann1 cd2380fb33 fds 2022-05-28 04:20:31 +02:00
Aevann1 3f04c69cb8 fds 2022-05-28 01:50:33 +02:00
Aevann1 6b6e2e8253 sfd 2022-05-27 20:28:54 +02:00
Aevann1 db98b4e140 sfd 2022-05-27 19:19:12 +02:00
Aevann1 384afb125a fsd 2022-05-27 17:28:30 +02:00
Snakes 2bde3650d4 Awards: enable lootbox on WPD, refactor AWARDS2 logic. 2022-05-26 22:12:53 -04:00
Aevann1 758a30e166 fsd 2022-05-26 22:53:24 +02:00
Aevann1 d4f7f5497b fds 2022-05-26 22:49:36 +02:00
Aevann1 630996faee gfd 2022-05-26 22:31:08 +02:00
Aevann1 f72015382a crgd is a king 2022-05-26 22:04:39 +02:00
Aevann1 64c3b489e3 fds 2022-05-26 20:37:10 +02:00
Aevann1 2595706b49 fsd 2022-05-26 20:36:37 +02:00
Aevann1 e4893c617e fd 2022-05-26 02:54:05 +02:00
Aevann1 163267c88c Revert "Add Y'all Seein' Eye award." 
This reverts commit a0f441a67d.
 2022-05-26 02:51:42 +02:00
Snakes a0f441a67d Add Y'all Seein' Eye award. 
Adds award to enable viewing profile visitors for non-mops and
non-patrons. This commit should encompass all frontend, backend, and
database changes necessary. Perhaps usable as a model for other
user upgrade flag awards.
 2022-05-25 19:44:34 -04:00
Aevann1 50b995d3a0 fds 2022-05-25 22:16:26 +02:00
Aevann1 49c53cb2ff fds 2022-05-25 20:59:24 +02:00
Aevann1 c213451722 fdsfdsxc 2022-05-25 20:44:43 +02:00
Aevann1 386db76c10 crgd is a king 2022-05-25 20:29:22 +02:00
Aevann1 5b1477acfc certified good commit 2022-05-25 19:01:29 +02:00
Aevann1 de176280c8 e 2022-05-25 17:42:30 +02:00
Aevann1 162bf9dad7 no more g.timestamp y'all couldn't behave 2022-05-25 17:42:04 +02:00
Snakes 67796acc11 Fix chat by setting g.timestamp. 
The users online count recently added to wrappers.py:get_logged_in_user
uses g.timestamp for its calculations. This is primarily set in
__main__.py:before_request. However, chat has requests which do not
trigger @app.before_request. To resolve this, we now set g.timestamp
in the auth_required wrapper before calling get_logged_in_user().

I think this is safe in general; there's no particular harm to setting
the timestamp _more_ frequently.
 2022-05-25 06:49:02 -04:00
Snakes 1c7458e111 Sanitize: modularize normalize_url, fix streamable. 
Originally prompted by https://rdrama.net/post/18459/-/1984609 which
noticed that streamable.com/e/ links as posts would have another e/
added to them. This was in spite of logic in posts.py api_is_repost
and submit_post designed to specifically counteract this.
Proximal cause was a copypasta'd url.replace(...) chain which
caused the mistake before the streamable-specific logic had a chance
to avoid making it.

Solution: remove the streamable replacement from the chained statement
and create `helpers.normalize_url(url)` to get rid of the copypasta.
 2022-05-25 04:43:16 -04:00
Snakes 7ead30014c Upgrade bleach to 5.0.0. 2022-05-24 20:28:36 -04:00
Aevann1 826f137a5e fsd 2022-05-25 02:22:09 +02:00
Snakes 8c3b6cece1 Add 8-ball answers, like fortune & factcheck. 2022-05-24 19:08:41 -04:00
Aevann1 4f02a72d29 fd 2022-05-25 00:43:49 +02:00
Aevann1 1734137dcd sfddsa 2022-05-25 00:29:15 +02:00
Aevann1 6631777f76 fds 2022-05-24 22:45:34 +02:00