carpathianflorist
/
MarseyWorld
forked from MarseyWorld/MarseyWorld
1
0
Fork 0
Code Pull Requests Activity
21,348 Commits
1 Branch
0 Tags
2.3 GiB
Commit Graph

5320 Commits (c470cb7516b590ca456174b861c3346a8a1d52e7)

Author SHA1 Message Date
Aevann1 c470cb7516 make shit award not give DC 2022-11-26 01:50:25 +02:00
Aevann1 642d19b861 move ratelimit_user after auth 2022-11-26 01:37:04 +02:00
Aevann1 bf4031c832 remove annoying excalmation sign in notifs 2022-11-26 01:18:24 +02:00
justcool393 7e403469cd polls: constantify max poll options 2022-11-25 16:12:25 -06:00
justcool393 f86d351ac4 fix saved subscribers stuff 2022-11-25 16:06:18 -06:00
Aevann1 e4b521a63f limit polls to 10 options to prevent spam 2022-11-25 23:33:38 +02:00
Aevann1 2938f930fd make me not see modmail, if its important the other jannies will tell me 2022-11-25 22:56:11 +02:00
justcool393 0356c589a4 api: don't hit calc_users if this is the API 
sometimes we render HTML where we probably... shouldn't. in most cases
this is fine, but if API clients hit it it can errenously set
 2022-11-25 14:31:07 -06:00
justcool393 23505c68b3 errors: use abort for sign up errors 2022-11-25 12:27:18 -06:00
justcool393 816389cf28 security: fix DoS on title getter 
the `timeout` parameter only applies to seconds per *byte* received (and time to first
byte), not the entire request

this means an attacker could theoretically send a very... slow...
stream... of... bytes... and... crash... the... worker... when... the...
timeout... is... reached...
 2022-11-25 07:10:05 -06:00
Snakes af7df7f62d
Ensure all entry points get sessions. 
Somewhat speculative, but the change in f62a9769fd, while fixing
certain errors where logged-out users sometimes didn't have sessions
come calc_users, also opened the possibility of certain request
sequences that wouldn't give a user a session.

In the interest of conservatism, we create a session if not exists
in both the new location in calc_users and the previous spot in
before_request.
 2022-11-22 18:37:55 -05:00
Aevann1 755cfbf335 temp fix to shitting up console 2022-11-23 00:23:04 +02:00
Aevann1 9e89166e2f restore reload icon for legacy app users 2022-11-22 23:34:33 +02:00
Aevann1 e198102383 repurpose "upvoted" to "voted" 2022-11-22 23:28:30 +02:00
Aevann1 4640abed4b remove hole nerf 2022-11-22 22:25:48 +02:00
justcool393 6acd896967 sbs: since propagation isn't optional anyway, let's propagate on a ban to get their alts 2022-11-22 09:51:44 -06:00
Aevann1 0b1f166211 remove "alts" checkbox for shadowbanning since shadowbans propagate anway via check_for_alts() 2022-11-22 17:44:16 +02:00
justcool393 b0ff8916a5
win loss stats to casino games (#475) 
* casino: add stats to casino

* casino: stats should target the right thing
casino: properly style

* pluralize properly

* refactor casino leaderboards :marseytroublemarker:

* fsfsdsd

* fsdsdsdsd

* i'm r-slurred

* -
 2022-11-22 07:11:01 -08:00
justcool393 007e41e7d0 security: validate YouTube link IDs 2022-11-22 06:13:44 -06:00
Snakes 9eab252e5b
Fix reply/mention notifications from muted users. 
Consider the case of the current /notifications filter condition:
    WHERE ... NOT ((comments.sentto = 2) AND (users.is_muted))

SELECT 1 WHERE NOT ((null = 2) AND (true)); ⇒ 0 rows
SELECT 1 WHERE NOT ((1 = 2) AND (true)); ⇒ 1 row
SELECT 1 WHERE NOT ((2 = 2) AND (true)); ⇒ 0 rows

We want the first expression, where comments.sentto = null, to evaluate
to false, not to null, so it negates to true. Behavior as written is:

SELECT 1 WHERE NOT ((null = 2) AND (true)); →
SELECT 1 WHERE NOT (null AND true); →
SELECT 1 WHERE NOT null; →
SELECT 1 WHERE null;

Which guarantees a null return set. If we check first for non-nullity:

SELECT 1 WHERE NOT ((null IS NOT null) AND (null = 2) AND (true)); ⇒ 1
SELECT 1 WHERE NOT ((1 IS NOT null) AND (1 = 2) AND (true)); ⇒ 1
SELECT 1 WHERE NOT ((2 IS NOT null) AND (2 = 2) AND (true)); ⇒ 0
 2022-11-21 23:08:31 -05:00
justcool393 272e2ee936
sneed (rename procoins to marseybux) (#472) 
* sneed (rename procoins to marseybux)

* literally unusable

Co-authored-by: TLSM <duolsm@outlook.com>
 2022-11-21 18:08:29 -05:00
Aevann1 f272989735 Revert "stop adding target="_blank" in the backend and move it to the frontend (to accomodate PWA users) - THANK YOU GEESE I LOVE YOU SO MUCH (#473)" 
This reverts commit 88f3cd519d.
 2022-11-21 19:37:38 +02:00
Aevann1 0d6b26d404 sneed 2022-11-21 19:09:04 +02:00
Aevann1 2f31fdfdd7 Revert "remove User.newtab and see if anyone complains" 
This reverts commit 787c89961f.
 2022-11-21 18:55:13 +02:00
justcool393 79b2b5cff8 cookies: set SameSite Lax to get rid of annoying console warning 2022-11-21 09:36:34 -06:00
justcool393 427d8f643d ratelimiting: use ratelimit_user everywhere 2022-11-21 09:30:27 -06:00
Aevann1 88f3cd519d
stop adding target="_blank" in the backend and move it to the frontend (to accomodate PWA users) - THANK YOU GEESE I LOVE YOU SO MUCH (#473) 
* test

* bleg

* remove User.newtab and see if anyone complains (#471)

* fddf
 2022-11-21 07:14:26 -08:00
justcool393 f52aec0477 fix betting on 0 2022-11-21 09:13:14 -06:00
justcool393 4d096a5bb6 make roulette cute and valid python syntax 2022-11-21 09:10:41 -06:00
justcool393 9f51259ee6
[DO NOT MERGE] roulette 0 and 00 bets redux (#470) 
* backend support for roulette betting on 0 and 00

* casino: roulette: add 0 and 00 frontend

* add spacer

* roulette: fix the thing

* don't payout where needful not to

* sanity check

* roulette: validate requests properly

* roulette actions from API make more sane
 2022-11-21 06:44:16 -08:00
Aevann1 787c89961f remove User.newtab and see if anyone complains 2022-11-21 16:36:17 +02:00
Aevann1 1de69518be stop forcing posts in /h/chudrama 2022-11-21 16:13:21 +02:00
justcool393 153fb4e2a2
[DO NOT MERGE] titlesssssssssss (#468) 
* titles

* testing

* self

* Revert "self"

This reverts commit d6c12d5a5ba125feb44673f55e1fdac75f151cb5.

* Revert "testing"

This reverts commit 86d800f9fd552196b31f0e0b3891d4fc072a9bc0.

* testing on devrama

* rewrite the html head

* reference error or smth idk

* tempalte debug

* template debug redux

* default2

* rename default2 -> root, page title

* fix settings2

* include the set_variables block

* root scope variables 2

* test 3

* remove unnecessary set

* add pagetitles to all settings2 pages

* add pagetitle to casino

* remove bloat

* remove duplicate site name thingy

* page titles 2

* page titles 3

* remove duplicate imports and add page titles everywhere iirc

* ok but actually this time

* remove unnecessary newlines

* fix title lol

* >

* fsdfsfsfsfsfs

* fsfs

* template configurations

* fix 500

* reduce login template bloat

* move files and add status codes where needful

* move authfroms to login

* remove 2fa bloat

* verification code

* sign up fixes

* readability

* fssfsfsfs

* move forgot password to login/

* readability

* don't emit comments

* add page titles where needful

* gsgsgs

* modals: move to respective pages

* testing on devrama

* get home garbage out of title

* remove insane amount of icon duplication

* sign up text

* add votes pagetitle

* fix blank lines

* Revert "fix blank lines"

This reverts commit b2c54339970725d00b6fc82bb458c1757909952c.

* Fix blank lines on sign_up.html.

* title: votes.html more meaningful identifier.

* titles: Lottery, Directory, Notifications

* head final in submission.html

* fix missing comma

* >

* test

* title: /comments

* fsfsfsfsf

* titles: user_cards

* head: only load video and audio meta attributes if they actually exist

* titlessssss: /admin/lottery/participants

* titlessssssss: extra quote in search.html

* titlessssss: userpage voters.

* titties: /h/<sub>/{followers,blockers,exilees[sic]}

* test banner

* Revert "test banner"

This reverts commit c3d875d03f3e60d72a60dab7d28bf108554a5826.

* make submit.html inherit from default.html

Co-authored-by: TLSM <duolsm@outlook.com>
 2022-11-21 02:52:22 -06:00
Aevann1 cb2fd8e43f increase approve hat ratelimit per minute from 30 to 120 2022-11-21 03:18:02 +02:00
Aevann1 e82d92d844 default response code is 200, dont need to specify it 2022-11-21 03:13:31 +02:00
Aevann1 0c9ed95c55 allow me and sneks to award carp and pizzashill 2022-11-21 03:12:01 +02:00
Snakes 220409c8fb
Fix 62ffe2d628: returning document, must send 200. 2022-11-20 20:11:17 -05:00
Aevann1 62ffe2d628 use postToast in betting so the js deducting coins only execute if responde code is < 300 2022-11-21 03:00:16 +02:00
Snakes 1f234ef67d
Actually call total_bet_voted in betting poll. 
Currently always truthy because it's a non-None first-class function.
 2022-11-20 19:56:28 -05:00
Snakes 44ef4bc551
search: fix tsquery when quoted unstripped space. 2022-11-20 19:31:27 -05:00
Aevann1 0c9d19c7eb add safari and firefox screenshots to /app 2022-11-21 01:31:26 +02:00
Aevann1 ccfc71290d fix 500 error 2022-11-21 01:20:57 +02:00
Aevann1 caabaf0c6f expand IS_LOCALHOST 2022-11-21 00:16:49 +02:00
Aevann1 da34a099a3 fix 500 errors 2022-11-20 21:05:32 +02:00
Aevann1 6b7b2ff59a show only permachudded users in /chuds 2022-11-20 19:37:45 +02:00
Aevann1 36a0d48fe6 sneed 2022-11-20 19:21:19 +02:00
Aevann1 d354a86cbb fix 500 errors 2022-11-20 19:00:05 +02:00
Aevann1 f62a9769fd fix annoying 500 errors 2022-11-20 18:46:15 +02:00
justcool393 a2c4bca2da polls: don't allow bets on closed polls 2022-11-20 10:11:47 -06:00
Snakes 23ff5450d6
Rename ranking constant by Capy request. 2022-11-20 06:31:16 -05:00