Errorcodejihad (#323)

* formatmaxxing brained formatting * formatmaxxing brained formatting: EPISODE 2 * Start implementing a .json interface for all logged users reddit-like PROs: - easier to debugmaxx applications - good faith actors can scrap the site more easly :gigachadglow: CONs: - bad faith actors can scrap the site more easly :gigachadglow: - jannitors lose a little of their power of allowlisting applications (they do it for free though) anyways. I make this commit a separate commit so that Snakes can esclude it from the PR if he doesn't like it (cringe) * /<username>/comments route now returns appropriate [citation needed] HTTP codes when called in JSON mode so that stupid JSON clients can crashmaxx * More error codes (sorry I don't know how to squash) * json endpoint. see other commit. I don't know how to squash
2022-07-24 17:03:19 +02:00 · 2022-07-24 17:03:19 +02:00 · 856f155b41
parent b539166bf1
commit 856f155b41
1 changed files with 44 additions and 19 deletions
--- a/files/routes/users.py
+++ b/files/routes/users.py
@ -902,12 +902,16 @@ def visitors(v):


@app.get("/@<username>")
+@app.get("/@<username>.json")
@app.get("/logged_out/@<username>")
@auth_desired
 def u_username(username, v=None):

-	if not v and not request.path.startswith('/logged_out'): return redirect(f"/logged_out{request.full_path.rstrip('?')}")
-	if v and request.path.startswith('/logged_out'): return redirect(request.full_path.replace('/logged_out','').rstrip('?'))
+	if not v and not request.path.startswith('/logged_out'):
+		return redirect(f"/logged_out{request.full_path.rstrip('?')}")
+
+	if v and request.path.startswith('/logged_out'):
+		return redirect(request.full_path.replace('/logged_out','').rstrip('?'))

 	u = get_user(username, v=v, rendered=True)

@ -921,7 +925,9 @@ def u_username(username, v=None):
 		return redirect(SITE_FULL + request.full_path.replace(username, u.username)[:-1])

 	if u.reserved:
-		if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"That username is reserved for: {u.reserved}"}
+		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+			return {"error": f"That username is reserved for: {u.reserved}"}, 418
+
 		return render_template("userpage_reserved.html", u=u, v=v)

 	if u.shadowbanned and not (v and v.admin_level >= 2) and not (v and v.id == u.id):
@ -937,17 +943,23 @@ def u_username(username, v=None):

 		
 	if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)):
-		if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "That userpage is private"}
+		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+			return {"error": "That userpage is private"}, 403
+
 		return render_template("userpage_private.html", u=u, v=v)

 	
 	if v and hasattr(u, 'is_blocking') and u.is_blocking:
-		if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"You are blocking @{u.username}."}
+		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+			return {"error": f"You are blocking @{u.username}."}, 403
+
 		return render_template("userpage_blocking.html", u=u, v=v)


 	if v and v.admin_level < 2 and hasattr(u, 'is_blocked') and u.is_blocked:
-		if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "This person is blocking you."}
+		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+			return {"error": "This person is blocking you."}, 403
+
 		return render_template("userpage_blocked.html", u=u, v=v)


@ -971,7 +983,9 @@ def u_username(username, v=None):
 	listing = get_posts(ids, v=v)

 	if u.unban_utc:
-		if request.headers.get("Authorization"): {"data": [x.json for x in listing]}
+		if request.headers.get("Authorization") or request.path.endswith(".json"):
+			return {"data": [x.json for x in listing]}
+		
 		return render_template("userpage.html",
 												unban=u.unban_string,
 												u=u,
@ -985,7 +999,9 @@ def u_username(username, v=None):



-	if request.headers.get("Authorization"): return {"data": [x.json for x in listing]}
+	if request.headers.get("Authorization") or request.path.endswith(".json"):
+		return {"data": [x.json for x in listing]}
+	
 	return render_template("userpage.html",
 									u=u,
 									v=v,
@ -998,12 +1014,16 @@ def u_username(username, v=None):


@app.get("/@<username>/comments")
+@app.get("/@<username>/comments.json")
@app.get("/logged_out/@<username>/comments")
@auth_desired
 def u_username_comments(username, v=None):

-	if not v and not request.path.startswith('/logged_out'): return redirect(f"/logged_out{request.full_path.rstrip('?')}")
-	if v and request.path.startswith('/logged_out'): return redirect(request.full_path.replace('/logged_out','').rstrip('?'))
+	if not v and not request.path.startswith('/logged_out'):
+		return redirect(f"/logged_out{request.full_path.rstrip('?')}")
+
+	if v and request.path.startswith('/logged_out'):
+		return redirect(request.full_path.replace('/logged_out','').rstrip('?'))

 	user = get_user(username, v=v, rendered=True)

@ -1012,27 +1032,30 @@ def u_username_comments(username, v=None):
 	else:
 		is_following = (v and user.has_follower(v))

-	if username != user.username: return redirect(f'/@{user.username}/comments')
+	if username != user.username:
+		return redirect(f'/@{user.username}/comments')

 	u = user

 	if u.reserved:
-		if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"That username is reserved for: {u.reserved}"}
-		return render_template("userpage_reserved.html",
-												u=u,
-												v=v)
+		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+			return {"error": f"That username is reserved for: {u.reserved}"}, 418
+		return render_template("userpage_reserved.html", u=u, v=v)


 	if u.is_private and (not v or (v.id != u.id and v.admin_level < 2 and not v.eye)):
-		if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "That userpage is private"}
+		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+			return {"error": "That userpage is private"}, 403
 		return render_template("userpage_private.html", u=u, v=v)

 	if v and hasattr(u, 'is_blocking') and u.is_blocking:
-		if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": f"You are blocking @{u.username}."}
+		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+			return {"error": f"You are blocking @{u.username}."}, 403
 		return render_template("userpage_blocking.html", u=u, v=v)

 	if v and v.admin_level < 2 and hasattr(u, 'is_blocked') and u.is_blocked:
-		if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "This person is blocking you."}
+		if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
+			return {"error": "This person is blocking you."}, 403
 		return render_template("userpage_blocked.html", u=u, v=v)


@ -1063,7 +1086,9 @@ def u_username_comments(username, v=None):

 	listing = get_comments(ids, v=v)

-	if request.headers.get("Authorization"): return {"data": [c.json for c in listing]}
+	if request.headers.get("Authorization") or request.path.endswith(".json"):
+		return {"data": [c.json for c in listing]}
+	
 	return render_template("userpage_comments.html", u=user, v=v, listing=listing, page=page, sort=sort, t=t,next_exists=next_exists, is_following=is_following, standalone=True)