diff --git a/files/routes/comments.py b/files/routes/comments.py index 94e4d5427b..6f5a5d457e 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -59,10 +59,18 @@ def pusher_thread(interests, c, username): @app.get("/comment/") @app.get("/post///") +@app.get("/logged_out/comment/") +@app.get("/logged_out/post///") @app.get("/h//comment/") @app.get("/h//post///") +@app.get("/logged_out/h//comment/") +@app.get("/logged_out/h//post///") @auth_desired def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None): + + if not v and not request.path.startswith('/logged_out'): return redirect(f"/logged_out{request.full_path}") + + if v and request.path.startswith('/logged_out'): v = None try: cid = int(cid) except: abort(404) diff --git a/files/routes/front.py b/files/routes/front.py index c6993c5fd6..004615cdfe 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -157,8 +157,11 @@ def notifications(v): @app.get("/") +@app.get("/logged_out") @app.get("/h/") +@app.get("/logged_out/h/") @app.get("/s/") +@app.get("/logged_out/s/") @limiter.limit("3/second;30/minute;1000/hour;5000/day") @auth_desired def front_all(v, sub=None, subdomain=None): @@ -169,6 +172,11 @@ def front_all(v, sub=None, subdomain=None): if g.webview and not session.get("session_id"): session["session_id"] = secrets.token_hex(49) + if not v and request.path == "/" and not request.headers.get("Authorization"): + return redirect(f"/logged_out{request.full_path}") + + if v and request.path.startswith('/logged_out'): v = None + try: page = max(int(request.values.get("page", 1)), 1) except: abort(400) diff --git a/files/routes/posts.py b/files/routes/posts.py index 880882aedc..737ce13ecf 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -114,10 +114,18 @@ def submit_get(v, sub=None): @app.get("/post/") @app.get("/post//") +@app.get("/logged_out/post/") +@app.get("/logged_out/post//") @app.get("/h//post/") @app.get("/h//post//") +@app.get("/logged_out/h//post/") +@app.get("/logged_out/h//post//") @auth_desired def post_id(pid, anything=None, v=None, sub=None): + if not v and not request.path.startswith('/logged_out') and not request.headers.get("Authorization"): + return redirect(f"/logged_out{request.full_path}") + + if v and request.path.startswith('/logged_out'): v = None try: pid = int(pid) except Exception as e: pass diff --git a/files/routes/static.py b/files/routes/static.py index 4b6ca623e7..9c13944b8d 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -16,25 +16,6 @@ def rdrama(id, title): id = ''.join(f'{x}/' for x in id) return redirect(f'/archives/drama/comments/{id}{title}.html') -@app.get('/logged_out/') -@app.get('/logged_out/') -def logged_out(old = ""): - # Remove trailing question mark from request.full_path which flask adds if there are no query parameters - redirect_url = request.full_path.replace("/logged_out", "", 1) - if redirect_url.endswith("?"): - redirect_url = redirect_url[:-1] - - # Handle cases like /logged_out?asdf by adding a slash to the beginning - if not redirect_url.startswith('/'): - redirect_url = f"/{redirect_url}" - - # Prevent redirect loop caused by visiting /logged_out/logged_out/logged_out/etc... - if redirect_url.startswith('/logged_out'): - abort(400) - - return redirect(redirect_url) - - @app.get("/privacy") @auth_required def privacy(v): @@ -63,13 +44,23 @@ def marsey_list(): return str(marseys).replace("'",'"') @app.get("/terms") +@app.get("/logged_out/terms") @auth_desired def terms(v): + if not v and not request.path.startswith('/logged_out'): return redirect(f"/logged_out{request.full_path}") + + if v and request.path.startswith('/logged_out'): v = None + return render_template("terms.html", v=v) @app.get('/sidebar') +@app.get('/logged_out/sidebar') @auth_desired def sidebar(v): + if not v and not request.path.startswith('/logged_out'): return redirect(f"/logged_out{request.full_path}") + + if v and request.path.startswith('/logged_out'): v = None + return render_template('sidebar.html', v=v) diff --git a/files/routes/users.py b/files/routes/users.py index 456496ac04..5c968b6af8 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -833,10 +833,16 @@ def visitors(v): @app.get("/@") +@app.get("/logged_out/@") @auth_desired def u_username(username, v=None): + if not v and not request.path.startswith('/logged_out'): return redirect(f"/logged_out{request.full_path}") + + if v and request.path.startswith('/logged_out'): v = None + + u = get_user(username, v=v) @@ -920,9 +926,15 @@ def u_username(username, v=None): @app.get("/@/comments") +@app.get("/logged_out/@/comments") @auth_desired def u_username_comments(username, v=None): + + if not v and not request.path.startswith('/logged_out'): return redirect(f"/logged_out{request.full_path}") + + if v and request.path.startswith('/logged_out'): v = None + user = get_user(username, v=v) if username != user.username: return redirect(f'/@{user.username}/comments') @@ -1101,8 +1113,11 @@ def remove_follow(username, v): return {"message": "Follower removed!"} @app.get("/pp/") +@app.get("/logged_out/pp/") @app.get("/uid//pic") +@app.get("/logged_out/uid//pic") @app.get("/uid//pic/profile") +@app.get("/logged_out/uid//pic/profile") @limiter.exempt @auth_desired def user_profile_uid(v, id): @@ -1111,6 +1126,10 @@ def user_profile_uid(v, id): try: id = int(id, 36) except: abort(404) + if not v and not request.path.startswith('/logged_out'): return redirect(f"/logged_out{request.full_path}") + + if v and request.path.startswith('/logged_out'): v = None + x=get_account(id) return redirect(x.profile_url) diff --git a/files/templates/default.html b/files/templates/default.html index 4894587e21..c76cadc4a4 100644 --- a/files/templates/default.html +++ b/files/templates/default.html @@ -226,24 +226,30 @@ {% block Banner %} - {% if '@' not in request.path %} - {% if sub %} - /h/{{sub.name}} banner - {% elif SITE_NAME == 'rDrama' %} - {% set path = "assets/images/" + SITE_NAME + "/banners" %} - {% set image = "/" + path + "/" + listdir('files/' + path)|random() + '?v=24' %} + {% if '@' not in request.path %} + {% if v %} + {% if sub %} + /h/{{sub.name}} banner + {% elif SITE_NAME == 'rDrama' %} + {% set path = "assets/images/" + SITE_NAME + "/banners" %} + {% set image = "/" + path + "/" + listdir('files/' + path)|random() + '?v=24' %} - - {% if v and (v.shadowbanned or v.is_banned or v.agendaposter) %} - site banner - {% else %} - site banner - {% endif %} - + + {% if v and (v.shadowbanned or v.is_banned or v.agendaposter) %} + site banner + {% else %} + site banner + {% endif %} + + {% else %} + + site banner + + {% endif %} {% else %} - - site banner - + + + {% endif %} {% endif %} {% endblock %} diff --git a/files/templates/login.html b/files/templates/login.html index ad85d11687..94ff645953 100644 --- a/files/templates/login.html +++ b/files/templates/login.html @@ -91,7 +91,7 @@ {% if g.webview %}
+ href="/logged_out/terms" {% if v and v.newtab and not g.webview %}target="_blank"{% endif %}>terms of use
{% endif %}
diff --git a/files/templates/sign_up.html b/files/templates/sign_up.html index 0c8f9d06a2..3f0ca0cc6d 100644 --- a/files/templates/sign_up.html +++ b/files/templates/sign_up.html @@ -112,9 +112,9 @@