Commit Graph

95 Commits (9a28e3626501c41cedb87f38ba05b8e0770bf574)

Author SHA1 Message Date
Aevann 6bf8f67d0f disable signups when ddos detected 2023-08-10 00:09:15 +03:00
Aevann ff67e30949 dont count failed requests towards ratelimit 2023-07-13 16:50:46 +03:00
Aevann 486bacf5e6 use error()instead of abort() in sanitize 2023-06-30 23:34:29 +03:00
Aevann cd942c18a2 rename the over_18 cookie key in a last ditch attempt to relieve the duplicate cookie victims of infinite +18 warnings 2023-05-16 06:45:54 +03:00
Aevann 5c31b24f5b fix prev commit 2023-04-02 08:53:23 +02:00
Aevann 5bc6597188 add 1/1 second ratelimiter for user ids to fix blackjack exploit 2023-04-02 08:52:26 +02:00
Aevann 57765f0776 revert sqlalchemy changes 2023-03-16 08:27:58 +02:00
Aevann f768d81103 keep db sessions open 2023-03-15 05:58:00 +02:00
Aevann 7f90ad45a0 fix chat 2023-03-11 11:56:32 +02:00
Aevann 17bb6dad48 blackjack fix exploit 2023-02-27 07:33:45 +02:00
Aevann fe0b8887bc change 1/second ratelimit to 1/2 second 2023-02-26 12:26:26 +02:00
Aevann 510ff42dab fix error 2023-02-26 10:50:57 +02:00
Aevann 82a73392a9 fix errors 2023-02-26 10:49:09 +02:00
Aevann 8c495c914a default ratelimit doesnt apply implicitly if theres other @limiter.limit before the function, so add it explicity before all functions 2023-02-26 10:41:04 +02:00
justcool393 ab41db22b7 [DO NOT MERGE] multiple sub banners (#59)
allows multiple sub banners

Snakes note: By request of Carp, especially for WPD.

Co-authored-by: justcool393 <justcool393@gmail.com>
Co-authored-by: Snakes <duolsm@outlook.com>
Reviewed-on: rDrama/rDrama#59
Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net>
Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-11 23:44:34 +00:00
Aevann1 ecc32382b2 Revert "https://www.youtube.com/watch?v=_904EvOUQ_M"
This reverts commit 6d0277adc8.
2022-12-02 00:37:50 +02:00
Snakes 27506b36c2
Fix unbound ORM object erroring during 500 handler.
The 500 fixed in 71738b05fc revealed that attempting to access g.v at
all during an error handler can potentially cause its own error.
In particular, html_head L111 accessing v.themecolor errored because
we roll back the database session during 500 handling. There's no good
solution other than specifically not passing v to 500 error pages.

However, in the interest of failing fast and ensuring error handlers
always complete, we instead go back to the previous behavior of not
treating users as logged in for error pages.
2022-12-01 17:24:41 -05:00
Aevann1 6d0277adc8 https://www.youtube.com/watch?v=_904EvOUQ_M 2022-12-01 19:07:14 +02:00
justcool393 fe55c2383c fix 500 on 500 2022-12-01 10:10:05 -06:00
justcool393 c05a9f335b Revert "Revert "errors: don't do anything with the user""
This reverts commit 3e2ca53f2a.
2022-12-01 10:07:59 -06:00
Aevann1 3e2ca53f2a Revert "errors: don't do anything with the user"
This reverts commit b7a24f6fa1.
2022-12-01 14:58:32 +02:00
justcool393 b7a24f6fa1 errors: don't do anything with the user
this is an evil context to have a user in do not change this
or i will find you whatever country you're from
2022-11-30 13:07:29 -06:00
justcool393 46f2b805ef config: fix _SETTINGS dict and stray signups 2022-11-30 13:03:46 -06:00
Aevann1 836d3bfd98 include v in errors if possible 2022-11-30 15:21:12 +02:00
justcool393 f2411415dd fix missing required context variables on 429 and remove flex tape 2022-11-29 19:12:43 -06:00
justcool393 1559de125c add error handler 2022-11-15 23:36:56 -06:00
justcool393 711518d942 don't redirect to /signup page if registrations are closed 2022-11-15 12:56:57 -06:00
Aevann1 532ebd3ac8 standardize g.db behavior 2022-11-15 17:39:00 +02:00
justcool393 8f2f48d6d1
[DO NOT MERGE] import detanglation (#442)
* move Base definition to files.classes.__init__.py

* fix ImportError

* move userpage listing to users.py

* don't import the app from classes

* consts: set default values to avoid crashes
consts: warn if the secret key is the default config value

* card view: sneed (user db schema)

* cloudflare: use DEFAULT_CONFIG_VALUE

* const: set default values

* decouple media.py from __main__

* pass database to avoid imports

* import cleanup and import request not in const, but in the requests mega import

* move asset_submissions site check to __init__

* asset submissions feature flag

* flag

* g.is_tor

* don't import request where it's not needed

* i think this is fine

* mail: move to own routes and helper

* wrappers

* required wrappers move

* unfuck wrappers a bit

* move snappy quotes and marseys to stateful consts

* marsify

* :pepodrool:

* fix missing import

* import cache

* ...and settings.py

* and static.py

* static needs cache

* route

* lmao all of the jinja shit was in feeds.py amazing

* classes should only import what they need from flask

* import Response

* hdjbjdhbhjf

* ...

* dfdfdfdf

* make get a non-required import

* isort imports (mostly)

* but actually

* configs

* reload config on import

* fgfgfgfg

* config

* config

* initialize snappy and test

* cookie of doom debug

* edfjnkf

* xikscdfd

* debug config

* set session cookie domain, i think this fixes the can't login bug

* sdfbgnhvfdsghbnjfbdvvfghnn

* hrsfxgf

* dump the entire config on a request

* kyskyskyskyskyskyskyskyskys

* duifhdskfjdfd

* dfdfdfdfdfdfdfdfdfdfdfdf

* dfdfdfdf

* imoprt all of the consts beacuse fuck it

* 😭

* dfdfdfdfdfdfsdasdf

* print the entire session

* rffdfdfjkfksj

* fgbhffh

* not the secret keys

* minor bug fixes

* be helpful in the warning

* gfgfgfg

* move warning lower

* isort main imports (i hope this doesn't fuck something up)

* test

* session cookie domain redux

* dfdfdfd

* try only importing Flask

* formkeys fix

* y

* :pepodrool:

* route helper

* remove before flight

* dfdfdfdfdf

* isort classes

* isort helpers

* move check_for_alts to routehelpers and also sort imports and get rid of unused ones

* that previous commit but actkally

* readd the cache in a dozen places they were implicitly imported

* use g.is_tor instead of request.headers. bla bla bla

* upgrade streamers to their own route file

* get rid of unused imports in __main__

* fgfgf

* don't pull in the entire ORM where we don't need it

* features

* explicit imports for the get helper

* explicit imports for the get helper redux

* testing allroutes

* remove unused import

* decouple flask from classes

* syntax fix also remember these have side fx for some reason (why?)

* move side effects out of the class

* posts

* testing on devrama

* settings

* reloading

* settingssdsdsds

* streamer features

* site settings

* testing settings on devrama

* import

* fix modlog

* remove debug stuff

* revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6

* archiveorg to _archiveorg

* skhudkfkjfd

* fix cron for PCM

* fix bugs that snekky wants me to

* Fix call to realbody passing db, standardize kwarg

* test

* import check_for_alts from the right place

* cloudflare

* testing on devrama

* fix cron i think

* shadow properly

* tasks

* Remove print which will surely be annoying in prod.

* v and create new session

* use files.classes

* make errors import little and fix rare 500 in /allow_nsfw

* Revert "use files.classes"

This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6.

* pass v to media functions rather than using g

* fix

* dfdfdfdfd

* cleanup, py type checking is dumb so don't use it where it causes issues

* Fix some merge bugs, add DEFAULT_RATELIMIT to main.

* Fix imports on sqlalchemy expressions.

* `from random import random` is an error.

* Fix replies db param.

* errors: fix missing import

* fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text

* Fix signup formkey.

* fix 2 500s

* propagate db to submissions

* fix replies

* dfdfdfdf

* Fix verifiedcolor.

* is_manual

* can't use getters outside of an app context

* don't attempt to do gumroad on sites where it's not enabled

* don't attempt to do gumraod on sites's where it's unnecessary

* Revert "don't attempt to do gumroad on sites where it's not enabled"

This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3.

* fix 500

* validate media type

Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 03:19:08 -06:00
justcool393 39aa59a37a add g.is_api_or_xhr so we can use it where we want to give API output
* also use v.client for strict API clients
2022-10-15 02:11:36 -07:00
justcool393 96879894af remove 417 (use 409) and reword 418 msg 2022-10-12 02:00:18 -07:00
Snakes 3482f97bfb
Remove accidentally sneeded debug code.
We were experiencing errors on prod where is_repost would not have
either g or g.db available on request teardown, which would eventually
culminate in errors.py:error_500. These haven't reoccurred for nearly
16hrs now, and the test code got caught in a 'sneed' commit. Best to
have it gone.
2022-10-12 04:32:18 -04:00
justcool393 eaf361ad91 API: set the status code on errors 2022-10-12 01:17:48 -07:00
Aevann1 9ef74dd642 sneed 2022-10-12 00:00:04 +00:00
justcool393 63215b8888 move messages to constant file and also remove special logic for PCM, instead opting to modify the constant instead 2022-10-11 08:40:19 -07:00
justcool393 3a5c90e6d3 change 409 msg 2022-10-11 08:40:19 -07:00
justcool393 39e49a508f add 409 to errors
* also move check for AUTOJANNY_ID to before has_blocked
2022-10-11 08:40:19 -07:00
justcool393 64cd11377e fix 500 werkzeug description, add note, and remove unused import 2022-10-11 08:40:19 -07:00
justcool393 665e6e4b21 handle 500 and 401 (when using API) with our handlers
* 401 had sign up and login buttons on their page, but the page was never visible, we only show this when the API is being used
2022-10-11 08:40:19 -07:00
justcool393 e364ce8043 add 417 and fix 414 2022-10-11 08:40:19 -07:00
justcool393 ac011a77b9 remove unneeded templates, use custom handler for 500, and 401 is "Unauthorized," not "Not Authorized" 2022-10-11 08:40:19 -07:00
justcool393 fd25809cac rework errors 2022-10-11 08:40:19 -07:00
Aevann1 0c8ead2e7d stop using lain.la 2022-10-06 06:31:08 +02:00
Snakes 4a54c6219a
Add trailing final newlines to source files.
Touched a ton of files to finally standardize on having trailing
final newlines, as best practice recommends and so our devs stop
accidentally fighting each other over it.

This was performed automatically with the following:
git ls-files -z '*.py' | while IFS= read -rd '' f; \
    do tail -c1 < "$f" | read -r _ || echo >> "$f"; done
git ls-files -z '*.css' | while IFS= read -rd '' f; \
    do tail -c1 < "$f" | read -r _ || echo >> "$f"; done
2022-09-29 01:43:29 -04:00
Aevann1 faf4403e26 check for duplicate images when admigger threads for banners/sidebar/badges are used 2022-09-27 03:24:20 +02:00
Aevann1 c2e4b99d39 replace '/logged_out' from redir value 2022-09-01 21:24:06 +02:00
Aevann1 2099e31b6a redirect to /login if the person has logged into the site before 2022-08-25 00:43:44 +02:00
Aevann1 e2c6321b94 increase max ping limit for comments from 3 to 5 2022-08-21 22:17:55 +02:00
Aevann1 fb2437574f change ping_limit to be 3 for comments, and 50 for posts 2022-08-21 17:05:32 +02:00
Aevann1 1568ec0162 sneed 2022-08-04 22:33:22 +02:00