Previous behavior on submission_listing was clicking a thumbnail would
toggle an inline video player. This was retained for clicking the
thumbnail off the `.video-play` element; however, directly clicking
the `.video-play` did not have the `toggleVideo` onclick event attached
and would navigate the browser to the video file directly.
- /h/masterbaiters: 1 TS - for gayops
- /h/countryclub: 1000 TS - for anything requiring secrecy and doesnt need critical mass - have to make it a rule that u cant post gayops in /h/countryclub
- /h/chudrama: 5000 TS - for chad+stud posts
EDIT: i removed the /h/masterbaiters gate, but u can bring it back if u want
Co-authored-by: Aevann1 <randomname42029@gmail.com>
Co-authored-by: Snakes <duolsm@outlook.com>
Reviewed-on: rDrama/rDrama#41
Co-authored-by: Aevann <aevann@noreply.fsdfsd.net>
Co-committed-by: Aevann <aevann@noreply.fsdfsd.net>
also get rid of megathread logic
do the needful and do
```sql
UPDATE submissions SET new=true WHERE title LIKE 'Thread' OR title ILIKE 'megathread';
```
or whatever the proper equivalent is
Co-authored-by: justcool393 <justcool393@gmail.com>
Reviewed-on: rDrama/rDrama#34
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
the `timeout` parameter only applies to seconds per *byte* received (and time to first
byte), not the entire request
this means an attacker could theoretically send a very... slow...
stream... of... bytes... and... crash... the... worker... when... the...
timeout... is... reached...
* user: move can_see_to user class
* stub out can_see in comments and posts
* make can_see a classmethod so it's usable for loggedoutfriends
* test
* kill me now
* threelargeclassesmating
* dfdfdfdfdfdfd
* sdsdsdsd
* classmethod should be above i think
* Revert "classmethod should be above i think"
This reverts commit df1772eb9e7e71bf7b89123f6277b648de2b1af3.
* Revert "Revert "classmethod should be above i think""
This reverts commit 32883406c2e2916fc6c436611376a1817c16cb84.
* test rewritnig thing
* go home python
* what the fuck python
* fix AttributeError
* sdsdsdsdsdsd
* lazy and user and stuff
* test
* Revert "test"
This reverts commit 45af5bb3d45f3ec17126ab117d494ec978062a38.
* merge
* newline
* test
* test 2
* Revert "test"
This reverts commit 196dae677e2ee8cd29261c93dcb747087cb399b6.
* revert test
* fix merge error
* fix import error ciruclation i think
* sdsd
* add type annotations back
* deleted_utc
* isinstance
* user_can_see in jinja and remove unnecessary things
* a bunch of stuff
remove can_see from comment and post
expand can_see to messages
* antiannoyingamountsofwhitespace
* fix for chudrama
* improve prev
* move Base definition to files.classes.__init__.py
* fix ImportError
* move userpage listing to users.py
* don't import the app from classes
* consts: set default values to avoid crashes
consts: warn if the secret key is the default config value
* card view: sneed (user db schema)
* cloudflare: use DEFAULT_CONFIG_VALUE
* const: set default values
* decouple media.py from __main__
* pass database to avoid imports
* import cleanup and import request not in const, but in the requests mega import
* move asset_submissions site check to __init__
* asset submissions feature flag
* flag
* g.is_tor
* don't import request where it's not needed
* i think this is fine
* mail: move to own routes and helper
* wrappers
* required wrappers move
* unfuck wrappers a bit
* move snappy quotes and marseys to stateful consts
* marsify
* :pepodrool:
* fix missing import
* import cache
* ...and settings.py
* and static.py
* static needs cache
* route
* lmao all of the jinja shit was in feeds.py amazing
* classes should only import what they need from flask
* import Response
* hdjbjdhbhjf
* ...
* dfdfdfdf
* make get a non-required import
* isort imports (mostly)
* but actually
* configs
* reload config on import
* fgfgfgfg
* config
* config
* initialize snappy and test
* cookie of doom debug
* edfjnkf
* xikscdfd
* debug config
* set session cookie domain, i think this fixes the can't login bug
* sdfbgnhvfdsghbnjfbdvvfghnn
* hrsfxgf
* dump the entire config on a request
* kyskyskyskyskyskyskyskyskys
* duifhdskfjdfd
* dfdfdfdfdfdfdfdfdfdfdfdf
* dfdfdfdf
* imoprt all of the consts beacuse fuck it
* ðŸ˜
* dfdfdfdfdfdfsdasdf
* print the entire session
* rffdfdfjkfksj
* fgbhffh
* not the secret keys
* minor bug fixes
* be helpful in the warning
* gfgfgfg
* move warning lower
* isort main imports (i hope this doesn't fuck something up)
* test
* session cookie domain redux
* dfdfdfd
* try only importing Flask
* formkeys fix
* y
* :pepodrool:
* route helper
* remove before flight
* dfdfdfdfdf
* isort classes
* isort helpers
* move check_for_alts to routehelpers and also sort imports and get rid of unused ones
* that previous commit but actkally
* readd the cache in a dozen places they were implicitly imported
* use g.is_tor instead of request.headers. bla bla bla
* upgrade streamers to their own route file
* get rid of unused imports in __main__
* fgfgf
* don't pull in the entire ORM where we don't need it
* features
* explicit imports for the get helper
* explicit imports for the get helper redux
* testing allroutes
* remove unused import
* decouple flask from classes
* syntax fix also remember these have side fx for some reason (why?)
* move side effects out of the class
* posts
* testing on devrama
* settings
* reloading
* settingssdsdsds
* streamer features
* site settings
* testing settings on devrama
* import
* fix modlog
* remove debug stuff
* revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6
* archiveorg to _archiveorg
* skhudkfkjfd
* fix cron for PCM
* fix bugs that snekky wants me to
* Fix call to realbody passing db, standardize kwarg
* test
* import check_for_alts from the right place
* cloudflare
* testing on devrama
* fix cron i think
* shadow properly
* tasks
* Remove print which will surely be annoying in prod.
* v and create new session
* use files.classes
* make errors import little and fix rare 500 in /allow_nsfw
* Revert "use files.classes"
This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6.
* pass v to media functions rather than using g
* fix
* dfdfdfdfd
* cleanup, py type checking is dumb so don't use it where it causes issues
* Fix some merge bugs, add DEFAULT_RATELIMIT to main.
* Fix imports on sqlalchemy expressions.
* `from random import random` is an error.
* Fix replies db param.
* errors: fix missing import
* fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text
* Fix signup formkey.
* fix 2 500s
* propagate db to submissions
* fix replies
* dfdfdfdf
* Fix verifiedcolor.
* is_manual
* can't use getters outside of an app context
* don't attempt to do gumroad on sites where it's not enabled
* don't attempt to do gumraod on sites's where it's unnecessary
* Revert "don't attempt to do gumroad on sites where it's not enabled"
This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3.
* fix 500
* validate media type
Co-authored-by: TLSM <duolsm@outlook.com>
Ultimately necessary because otherwise all bots share rate limits
with each other. The somewhat haphazard ordering of decorators bothers
me, but it's functionally required.
Approaches using request context (like reading the Authorization
header in ratelimit_user) likely produce bugs all their own.
Main intention is to allow API users (bots) to benefit from the
defaults typically enforced clientside, and to generally be clearer
about what values do what.
* remove /logged_out/ routes
* update sitemap, remove users route, and update header
* cloudflare cookie
* only mess with the cookie whenever we desire auth
* sitemap: (small) improvements
sitemap: fix little bug i introduced
sitemap: fix login redirects for /id/ routes
* sitemap: remove duplicate entry
* contact is auth desired
* imports: don't import what we don't need and bind late to the db
* praying to god this works
* keep yourself safe
* oh i actually need to commit and push lol
* import Sub
* t
* refix cache purger
* get: comments and posts: use get function from get.py
* fix prev commit
* move filter to correct place
* fix error and also log so i can figure out what's wrong
* comments: add some more trace logging
* should_keep_func always acts as return True if None is passed in
* remove logging code
The rework to v.client meant that `is_bot` on Submission and Comment
would attempt to be populated with a ClientAuth object when submitted
by a bot other than Snappy or bbbb. SQLAlchemy requires an actual
boolean, not just a truthy value.
we currently spam the /is_repost api on every single character change in the URL box even though there is no way these URLs would ever be submitted to the site
introducing a frankly conservative limit to where we start actually pinging both the api and (on the backend) the database for reposts may help in some cases
the current constant was chosen by taking the length of "http://" and adding 2 to it
* make HTML body length a constant and use it
* abort before uploads and other tasks if comment level is too deep
* what a nightmare of two functions, please do better next time
* only attempt to parse HTML content types for titles
also don't try to get submission titles for .gifv, .tif, .tiff
* ratelimit to 3 per minute instead of 6 minutes
no one will ever need more than 3 requests to this endpoint per minute - justcool393
6 per minute is already kinda a lot for this endpoint, i think aggressively ratelimiting this one is fine, especially since it's a minute ratelimit
* Add new /casino route and template
* Consolidate lottery into casino and add initial template for slots
* Change /lottery route to /casino and replace icon with usd symbol and change sitewide const to reflect change
* Hook up new slots method to casino
* Enable Marseybux spending in casino slots
* Add UI for playing blackjack in casino
* First connection of blackjack UI to backend
* Add protective clause thanks to help from carpathianflorist.
* Create new Casino_Game relation and persist inside of blackjack
* Connect new slots behavior to Casino_Game table
* Create UI action management logic
* Add blackjack game status checker which adds persistence for blackjack
* Gonna handle this better, hold on
* Reorganize blackjack helper methods
* Reorganize casino.js to account for new changes
* Connect up to frontend
* Little changes ya know
* Display a message when winning in Blackjack
* Fix some issues with double down and insure
* Revert "remove owoify-py from requirements"
This reverts commit 4454648ea2.
* A little casino styling change
* Reorganize into a casino block
* Smallenize the card'
* Remove references to old game data on comments
* Add sql migration file
* Remove logic to drop old columns
* Fix two forgotten conflicts
sub.marsey_url was returning false because the submit.html template,
which then includes header.html, was passed an SQLAlchemy Row instance,
not a files.classes.sub.Sub instance. This worked alright because both
the header and the submit page only accessed the name field; however,
accessing the marsey_url property (rather than the marseyurl column
field) failed because of it.
Requested by multiple jannies. Rough timeline, as I understand it:
- Circa 7mo ago, this logic was originally added for threads with
'megathread' in the title.
- Some time later, a checkbox on submission which sets the flag
Submission.new does the same thing.
- In af680d8a94, change the check from 'megathread' to 'thread'.
There must've been some reason for the change of substring checked.
However, it routinely causes issues for the admins and confuses
users. Solution has been to retroactively update posts that currently
rely on the 'megathread' in title behavior to use the `new` flag and
to remove the logic going forward.
Yes, it has been possible for any user to edit any post on the site,
their own or otherwise. Only have to generate the POST /edit_post/
manually: an example exploit was created and tested successfully
prior to patching. However, abuse of this vulnerability would have
generated edit_post modlog entries, the lack of which on prod suggest
it was not abused that we know of -- Lord knows how.
- Search: posts by shadowed user.
- Search: shadowed users in search for users.
- Direct links to shadowed user posts display as removed.
- Other users' profile comments listings hide comments on shadowed
posts. Users can still see their own comments on shadowed posts.
Similar to ghosted comment logic.
Implemented for LGB but can likely be used for WPD and other future
sites. Similar to a reddit post flair. Provides:
- Admin panel for Category management.
- Category selection on post submission.
- 'Recategorize' post action.