diff --git a/files/mail/__init__.py b/files/mail/__init__.py index 64388e68af..9dbadc3db8 100644 --- a/files/mail/__init__.py +++ b/files/mail/__init__.py @@ -51,7 +51,7 @@ def api_verify_email(v): @app.get("/activate") -@auth_desired +@auth_required def activate(v): email = request.values.get("email", "").strip().lower() diff --git a/files/routes/comments.py b/files/routes/comments.py index 47d5f863d5..d3bd18581a 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -25,7 +25,7 @@ beams_client = PushNotifications( @app.get("/post///") @app.get("/logged_out/comment/") @app.get("/logged_out/post///") -@auth_desired +@auth_required def post_pid_comment_cid(cid, pid=None, anything=None, v=None): if not v and not request.path.startswith('/logged_out'): return redirect(f"/logged_out{request.full_path}") diff --git a/files/routes/errors.py b/files/routes/errors.py index 7929c8af47..0526f9e899 100644 --- a/files/routes/errors.py +++ b/files/routes/errors.py @@ -55,7 +55,7 @@ def error_500(e): @app.post("/allow_nsfw") -@auth_desired +@auth_required def allow_nsfw(v): session["over_18"] = int(time.time()) + 3600 return redirect(request.values.get("redir", "/")) \ No newline at end of file diff --git a/files/routes/feeds.py b/files/routes/feeds.py index 24bf15868d..54c6f26df1 100644 --- a/files/routes/feeds.py +++ b/files/routes/feeds.py @@ -9,7 +9,7 @@ from files.helpers.wrappers import * from files.__main__ import app @app.get('/rss//') -@auth_desired +@auth_required def feeds_user(v=None, sort='hot', t='all'): page = int(request.values.get("page", 1)) diff --git a/files/routes/front.py b/files/routes/front.py index d276d2ce5a..f09bcb3135 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -7,7 +7,7 @@ defaulttimefilter = environ.get("DEFAULT_TIME_FILTER", "all").strip() SITE_NAME = environ.get("SITE_NAME", "").strip() @app.get("/post/") -@auth_desired +@auth_required def slash_post(v): return redirect("/") @@ -121,7 +121,7 @@ def notifications(v): @app.get("/") @app.get("/logged_out") -@auth_desired +@auth_required def front_all(v): if not v and request.path == "/" and not request.headers.get("Authorization"): return redirect(f"/logged_out{request.full_path}") @@ -305,7 +305,7 @@ def frontlist(v=None, sort="hot", page=1, t="all", ids_only=True, filter_words=' @app.get("/changelog") -@auth_desired +@auth_required def changelog(v): @@ -386,7 +386,7 @@ def changeloglist(v=None, sort="new", page=1 ,t="all"): @app.get("/random") -@auth_desired +@auth_required def random_post(v): x = g.db.query(Submission).filter(Submission.deleted_utc == 0, Submission.is_banned == False) @@ -449,7 +449,7 @@ def comment_idlist(page=1, v=None, nsfw=False, sort="new", t="all"): return [x[0] for x in comments] @app.get("/comments") -@auth_desired +@auth_required def all_comments(v): diff --git a/files/routes/giphy.py b/files/routes/giphy.py index 48417f57e3..031dfc39c1 100644 --- a/files/routes/giphy.py +++ b/files/routes/giphy.py @@ -10,7 +10,7 @@ GIPHY_KEY = environ.get('GIPHY_KEY').rstrip() @app.get("/giphy") @app.get("/giphy") -@auth_desired +@auth_required def giphy(v=None, path=None): searchTerm = request.values.get("searchTerm", "").strip() diff --git a/files/routes/login.py b/files/routes/login.py index 10718e2960..f805fa46c6 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -9,7 +9,7 @@ valid_password_regex = re.compile("^.{8,100}$") @app.get("/login") -@auth_desired +@auth_required def login_get(v): redir = request.values.get("redirect", "/").replace("/logged_out", "").strip() @@ -167,7 +167,7 @@ def logout(v): @app.get("/signup") -@auth_desired +@auth_required def sign_up_get(v): with open('disable_signups', 'r') as f: if f.read() == "yes": return {"error": "New account registration is currently closed. Please come back later."}, 403 @@ -212,7 +212,7 @@ def sign_up_get(v): @app.post("/signup") @limiter.limit("1/second") @limiter.limit("5/day") -@auth_desired +@auth_required def sign_up_post(v): with open('disable_signups', 'r') as f: if f.read() == "yes": return {"error": "New account registration is currently closed. Please come back later."}, 403 @@ -413,7 +413,7 @@ def get_reset(): @app.post("/reset") @limiter.limit("1/second") -@auth_desired +@auth_required def post_reset(v): if v: return redirect('/') @@ -462,7 +462,7 @@ def post_reset(v): message="Login normally to access your account.") @app.get("/lost_2fa") -@auth_desired +@auth_required def lost_2fa(v): return render_template( diff --git a/files/routes/posts.py b/files/routes/posts.py index c3dfc6cfe8..3469ae318b 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -96,7 +96,7 @@ def submit_get(v): @app.get("/post//") @app.get("/logged_out/post/") @app.get("/logged_out/post//") -@auth_desired +@auth_required def post_id(pid, anything=None, v=None): if not v or v.oldsite: template2 = '' else: template2 = 'CHRISTMAS/' @@ -242,7 +242,7 @@ def post_id(pid, anything=None, v=None): @app.post("/viewmore///") @limiter.limit("1/second") -@auth_desired +@auth_required def viewmore(v, pid, sort, offset): offset = int(offset) if v: @@ -344,7 +344,7 @@ def viewmore(v, pid, sort, offset): @app.post("/morecomments/") @limiter.limit("1/second") -@auth_desired +@auth_required def morecomments(v, cid): tcid = g.db.query(Comment.top_comment_id).filter_by(id=cid).one_or_none()[0] diff --git a/files/routes/search.py b/files/routes/search.py index 6696d93052..0faa8d1887 100644 --- a/files/routes/search.py +++ b/files/routes/search.py @@ -33,7 +33,7 @@ def searchparse(text): @app.get("/search/posts") -@auth_desired +@auth_required def searchposts(v): if not v or v.oldsite: template = '' else: template = 'CHRISTMAS/' @@ -195,7 +195,7 @@ def searchposts(v): ) @app.get("/search/comments") -@auth_desired +@auth_required def searchcomments(v): if not v or v.oldsite: template = '' @@ -279,7 +279,7 @@ def searchcomments(v): @app.get("/search/users") -@auth_desired +@auth_required def searchusers(v): if not v or v.oldsite: template = '' else: template = 'CHRISTMAS/' diff --git a/files/routes/static.py b/files/routes/static.py index a83afd8a1c..43bf725af6 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -13,22 +13,22 @@ site = environ.get("DOMAIN").strip() site_name = environ.get("SITE_NAME").strip() @app.get("/privacy") -@auth_desired +@auth_required def privacy(v): return render_template("privacy.html", v=v) @app.get("/marseys") -@auth_desired +@auth_required def emojis(v): return render_template("marseys.html", v=v, marseys=marseys.items()) @app.get("/terms") -@auth_desired +@auth_required def terms(v): return render_template("terms.html", v=v) @app.get('/sidebar') -@auth_desired +@auth_required def sidebar(v): if not path.exists(f'files/templates/sidebar_{site_name}.html'): abort(404) @@ -174,7 +174,7 @@ def patrons(v): @app.get("/admins") @app.get("/badmins") -@auth_desired +@auth_required def admins(v): if v and v.admin_level > 2: admins = g.db.query(User).filter(User.admin_level>1).order_by(User.truecoins.desc()).all() @@ -187,7 +187,7 @@ def admins(v): @app.get("/log") @app.get("/modlog") -@auth_desired +@auth_required def log(v): page = int(request.values.get("page",1)) @@ -220,7 +220,7 @@ def log(v): return render_template(f"{template}log.html", v=v, admins=admins, types=types, admin=admin, type=kind, actions=actions, next_exists=next_exists, page=page) @app.get("/log/") -@auth_desired +@auth_required def log_item(id, v): try: id = int(id) @@ -246,12 +246,12 @@ def log_item(id, v): return render_template(f"{template}log.html", v=v, actions=[action], next_exists=False, page=1, action=action, admins=admins, types=types) @app.get("/static/assets/favicon.ico") -@auth_desired +@auth_required def favicon(v): return send_file(f"./assets/images/{site_name}/icon.webp") @app.get("/api") -@auth_desired +@auth_required def api(v): if not v or v.oldsite: template = '' else: template = 'CHRISTMAS/' @@ -279,12 +279,12 @@ def submit_contact(v): return render_template(f"{template}contact.html", v=v, msg="Your message has been sent.") @app.get('/archives') -@auth_desired +@auth_required def archivesindex(v): return redirect("/archives/index.html") @app.get('/archives/') -@auth_desired +@auth_required def archives(v, path): resp = make_response(send_from_directory('/archives', path)) if request.path.endswith('.css'): resp.headers.add("Content-Type", "text/css") @@ -292,7 +292,7 @@ def archives(v, path): @app.get('/static/') @limiter.exempt -@auth_desired +@auth_required def static_service2(v, path): resp = make_response(send_from_directory('./static', path)) if request.path.endswith('.webp') or request.path.endswith('.gif') or request.path.endswith('.ttf') or request.path.endswith('.woff') or request.path.endswith('.woff2'): @@ -307,7 +307,7 @@ def static_service2(v, path): @app.get('/assets/') @app.get('/static/assets/') @limiter.exempt -@auth_desired +@auth_required def static_service(v, path): if request.path.startswith('/assets/'): return redirect(request.full_path.replace('/assets/', '/static/assets/')) @@ -326,7 +326,7 @@ def static_service(v, path): @app.get('/hostedimages/') @app.get("/static/images/") @limiter.exempt -@auth_desired +@auth_required def images(v, path): if request.path.startswith('/images/') or request.path.lower().startswith('/hostedimages/'): return redirect(request.full_path.replace('/images/', '/static/images/').replace('/hostedimages/', '/static/images/')) @@ -361,14 +361,14 @@ def settings_profile(v): v=v) @app.get("/badges") -@auth_desired +@auth_required def badges(v): if not v or v.oldsite: template = '' else: template = 'CHRISTMAS/' return render_template(f"{template}badges.html", v=v, badges=BADGES) @app.get("/blocks") -@auth_desired +@auth_required def blocks(v): @@ -384,7 +384,7 @@ def blocks(v): return render_template(f"{template}blocks.html", v=v, users=users, targets=targets) @app.get("/banned") -@auth_desired +@auth_required def banned(v): users = [x for x in g.db.query(User).filter(User.is_banned > 0, User.unban_utc == 0).all()] @@ -393,7 +393,7 @@ def banned(v): return render_template(f"{template}banned.html", v=v, users=users) @app.get("/formatting") -@auth_desired +@auth_required def formatting(v): if not v or v.oldsite: template = '' @@ -401,7 +401,7 @@ def formatting(v): return render_template(f"{template}formatting.html", v=v) @app.get("/service-worker.js") -@auth_desired +@auth_required def serviceworker(v): with open("files/assets/js/service-worker.js", "r") as f: return Response(f.read(), mimetype='application/javascript') diff --git a/files/routes/users.py b/files/routes/users.py index f89a320cc4..743c1fc626 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -32,7 +32,7 @@ if True: db.close() @app.get("/grassed") -@auth_desired +@auth_required def grassed(v): users = g.db.query(User).filter(User.ban_reason.like('grass award used by @%')).all() @@ -41,7 +41,7 @@ def grassed(v): return render_template(f"{template}grassed.html", v=v, users=users) @app.get("/agendaposters") -@auth_desired +@auth_required def agendaposters(v): users = [x for x in g.db.query(User).filter_by(agendaposter = True).order_by(User.username).all()] if not v or v.oldsite: template = '' @@ -50,7 +50,7 @@ def agendaposters(v): @app.get("/@/upvoters") -@auth_desired +@auth_required def upvoters(v, username): id = get_user(username).id @@ -71,7 +71,7 @@ def upvoters(v, username): return render_template(f"{template}voters.html", v=v, users=users, name='Up', name2=f'@{username} biggest simps') @app.get("/@/downvoters") -@auth_desired +@auth_required def downvoters(v, username): id = get_user(username).id @@ -92,7 +92,7 @@ def downvoters(v, username): return render_template(f"{template}voters.html", v=v, users=users, name='Down', name2=f'@{username} biggest haters') @app.get("/@/upvoting") -@auth_desired +@auth_required def upvoting(v, username): id = get_user(username).id @@ -113,7 +113,7 @@ def upvoting(v, username): return render_template(f"{template}voters.html", v=v, users=users, name='Up', name2=f'Who @{username} simps for') @app.get("/@/downvoting") -@auth_desired +@auth_required def downvoting(v, username): id = get_user(username).id @@ -188,7 +188,7 @@ def steal(v): @app.get("/rentoids") -@auth_desired +@auth_required def rentoids(v): users = g.db.query(User).filter(User.rent_utc > 0).all() if not v or v.oldsite: template = '' @@ -197,7 +197,7 @@ def rentoids(v): @app.get("/thiefs") -@auth_desired +@auth_required def thiefs(v): successful = g.db.query(User).filter(User.steal_utc > 0).all() failed = g.db.query(User).filter(User.fail_utc > 0).all() @@ -295,7 +295,7 @@ def transfer_bux(v, username): @app.get("/leaderboard") -@auth_desired +@auth_required def leaderboard(v): if not v or v.oldsite: template = '' else: template = 'CHRISTMAS/' @@ -347,7 +347,7 @@ def leaderboard(v): @app.get("/@/css") -@auth_desired +@auth_required def get_css(v, username): user = get_user(username) if user.css: css = user.css @@ -357,7 +357,7 @@ def get_css(v, username): return resp @app.get("/@/profilecss") -@auth_desired +@auth_required def get_profilecss(v, username): user = get_user(username) if user.profilecss: profilecss = user.profilecss @@ -367,7 +367,7 @@ def get_profilecss(v, username): return resp @app.get("/songs/") -@auth_desired +@auth_required def songs(v, id): try: id = int(id) except: return "", 400 @@ -377,7 +377,7 @@ def songs(v, id): @app.get("/song/") @app.get("/static/song/") -@auth_desired +@auth_required def song(v, song): if request.path.startswith('/song/'): return redirect(request.full_path.replace('/song/', '/static/song/')) resp = make_response(send_from_directory('/songs', song)) @@ -541,7 +541,7 @@ def mfa_qr(secret, v): @app.get("/is_available/") -@auth_desired +@auth_required def api_is_available(name, v): name=name.strip() @@ -564,7 +564,7 @@ def api_is_available(name, v): return {name: True} @app.get("/id/") -@auth_desired +@auth_required def user_id(id): try: id = int(id) except: abort(404) @@ -572,12 +572,12 @@ def user_id(id): return redirect(user.url) @app.get("/u/") -@auth_desired +@auth_required def redditor_moment_redirect(username): return redirect(f"/@{username}") @app.get("/@/followers") -@auth_desired +@auth_required def followers(username, v): u = get_user(username, v=v) ids = [x[0] for x in g.db.query(Follow.user_id).filter_by(target_id=u.id).all()] @@ -587,7 +587,7 @@ def followers(username, v): return render_template(f"{template}followers.html", v=v, u=u, users=users) @app.get("/@/following") -@auth_desired +@auth_required def following(username, v): u = get_user(username, v=v) ids = [x[0] for x in g.db.query(Follow.target_id).filter_by(user_id=u.id).all()] @@ -611,7 +611,7 @@ def visitors(v): @app.get("/@") @app.get("/logged_out/@") -@auth_desired +@auth_required def u_username(username, v=None): @@ -732,7 +732,7 @@ def u_username(username, v=None): @app.get("/@/comments") @app.get("/logged_out/@/comments") -@auth_desired +@auth_required def u_username_comments(username, v=None): @@ -838,7 +838,7 @@ def u_username_comments(username, v=None): @app.get("/@/info") -@auth_desired +@auth_required def u_username_info(username, v=None): user=get_user(username, v=v) @@ -923,7 +923,7 @@ def remove_follow(username, v): @app.get("/uid//pic") @app.get("/uid//pic/profile") -@auth_desired +@auth_required def user_profile_uid(v, id): try: id = int(id) except: @@ -933,7 +933,7 @@ def user_profile_uid(v, id): return redirect(x.profile_url) @app.get("/@/pic") -@auth_desired +@auth_required def user_profile_name(v, username): x = get_user(username) return redirect(x.profile_url) diff --git a/files/routes/votes.py b/files/routes/votes.py index c3301d74dc..6c68c299f2 100644 --- a/files/routes/votes.py +++ b/files/routes/votes.py @@ -11,7 +11,7 @@ defaultcolor = environ.get("DEFAULT_COLOR").strip() @app.get("/votes") @limiter.limit("5/second;60/minute;200/hour") -@auth_desired +@auth_required def admin_vote_info_get(v): if not v or v.oldsite: template = '' else: template = 'CHRISTMAS/'