Main intention is to allow API users (bots) to benefit from the
defaults typically enforced clientside, and to generally be clearer
about what values do what.
* remove /logged_out/ routes
* update sitemap, remove users route, and update header
* cloudflare cookie
* only mess with the cookie whenever we desire auth
* sitemap: (small) improvements
sitemap: fix little bug i introduced
sitemap: fix login redirects for /id/ routes
* sitemap: remove duplicate entry
* contact is auth desired
* imports: don't import what we don't need and bind late to the db
* praying to god this works
* keep yourself safe
* oh i actually need to commit and push lol
* import Sub
* t
* refix cache purger
* get: comments and posts: use get function from get.py
* fix prev commit
* move filter to correct place
* fix error and also log so i can figure out what's wrong
* comments: add some more trace logging
* should_keep_func always acts as return True if None is passed in
* remove logging code
The rework to v.client meant that `is_bot` on Submission and Comment
would attempt to be populated with a ClientAuth object when submitted
by a bot other than Snappy or bbbb. SQLAlchemy requires an actual
boolean, not just a truthy value.
we currently spam the /is_repost api on every single character change in the URL box even though there is no way these URLs would ever be submitted to the site
introducing a frankly conservative limit to where we start actually pinging both the api and (on the backend) the database for reposts may help in some cases
the current constant was chosen by taking the length of "http://" and adding 2 to it
* make HTML body length a constant and use it
* abort before uploads and other tasks if comment level is too deep
* what a nightmare of two functions, please do better next time
* only attempt to parse HTML content types for titles
also don't try to get submission titles for .gifv, .tif, .tiff
* ratelimit to 3 per minute instead of 6 minutes
no one will ever need more than 3 requests to this endpoint per minute - justcool393
6 per minute is already kinda a lot for this endpoint, i think aggressively ratelimiting this one is fine, especially since it's a minute ratelimit
* Add new /casino route and template
* Consolidate lottery into casino and add initial template for slots
* Change /lottery route to /casino and replace icon with usd symbol and change sitewide const to reflect change
* Hook up new slots method to casino
* Enable Marseybux spending in casino slots
* Add UI for playing blackjack in casino
* First connection of blackjack UI to backend
* Add protective clause thanks to help from carpathianflorist.
* Create new Casino_Game relation and persist inside of blackjack
* Connect new slots behavior to Casino_Game table
* Create UI action management logic
* Add blackjack game status checker which adds persistence for blackjack
* Gonna handle this better, hold on
* Reorganize blackjack helper methods
* Reorganize casino.js to account for new changes
* Connect up to frontend
* Little changes ya know
* Display a message when winning in Blackjack
* Fix some issues with double down and insure
* Revert "remove owoify-py from requirements"
This reverts commit 4454648ea2.
* A little casino styling change
* Reorganize into a casino block
* Smallenize the card'
* Remove references to old game data on comments
* Add sql migration file
* Remove logic to drop old columns
* Fix two forgotten conflicts
sub.marsey_url was returning false because the submit.html template,
which then includes header.html, was passed an SQLAlchemy Row instance,
not a files.classes.sub.Sub instance. This worked alright because both
the header and the submit page only accessed the name field; however,
accessing the marsey_url property (rather than the marseyurl column
field) failed because of it.
Requested by multiple jannies. Rough timeline, as I understand it:
- Circa 7mo ago, this logic was originally added for threads with
'megathread' in the title.
- Some time later, a checkbox on submission which sets the flag
Submission.new does the same thing.
- In af680d8a94, change the check from 'megathread' to 'thread'.
There must've been some reason for the change of substring checked.
However, it routinely causes issues for the admins and confuses
users. Solution has been to retroactively update posts that currently
rely on the 'megathread' in title behavior to use the `new` flag and
to remove the logic going forward.
Yes, it has been possible for any user to edit any post on the site,
their own or otherwise. Only have to generate the POST /edit_post/
manually: an example exploit was created and tested successfully
prior to patching. However, abuse of this vulnerability would have
generated edit_post modlog entries, the lack of which on prod suggest
it was not abused that we know of -- Lord knows how.
- Search: posts by shadowed user.
- Search: shadowed users in search for users.
- Direct links to shadowed user posts display as removed.
- Other users' profile comments listings hide comments on shadowed
posts. Users can still see their own comments on shadowed posts.
Similar to ghosted comment logic.
Implemented for LGB but can likely be used for WPD and other future
sites. Similar to a reddit post flair. Provides:
- Admin panel for Category management.
- Category selection on post submission.
- 'Recategorize' post action.
* poll rework
* forgot to do joinedload on comments
* Fix logic errors with voting, SQL syntax.
Kitchen sink commit from review of poll-rework changes:
1. Fix seed-db.sql syntax error.
2. Fix SQL patch file duplication of *submissions* tables rather
than one set of submissions and one for comments.
3. Start makeshift SQL patch folder, since this is a large change
that contributors may wish to apply to their local instances.
4. Fix checkbox (non-`exclusive`) polls being unable to be
unchecked. For consistency with `exclusive` polls, they should.
5. Fix changing the option of an `exclusive` poll when both
exclusive and non-exclusive options are present in one comment/
post causing the non-exclusive options to become unchecked.
(which, by my reading of SQLAlchemy `Query.one_or_none()`
really could break quite badly in some cases).
* link relationships with their counterparts
* small modification to poll unchecking
Co-authored-by: TLSM <duolsm@outlook.com>
Fixes bug where admins moving a post into a hole doesn't notify
followers of the destination hole.
Also, we now have a route endpoint for reholing that is potentially
usable for e.g. an actual post_actions button to rehole, rather than
the report command UI at present.
The reddit mentions system contained much duplicated code and was
grafted onto the post thumbnail pipeline to achieve semi-regular
invocation. Instead, we now run it through the new cron system,
and the duplicate code has been refactored out.
Originally prompted by https://rdrama.net/post/18459/-/1984609 which
noticed that streamable.com/e/ links as posts would have another e/
added to them. This was in spite of logic in posts.py api_is_repost
and submit_post designed to specifically counteract this.
Proximal cause was a copypasta'd url.replace(...) chain which
caused the mistake before the streamable-specific logic had a chance
to avoid making it.
Solution: remove the streamable replacement from the chained statement
and create `helpers.normalize_url(url)` to get rid of the copypasta.
Recently, caa81452f4 relaxed the condition for Snappy pinning a post
from `body.startswith(':#marseypin:')` to the same sans trailing colon.
I believe this was intended to allow :marseypin2: to also lead to post
pinning. However, the amusing, though incorrect, side effect is that
:marseypinkcat: and :marseypinochet: can now also lead to Snappy pins.
This has been remedied by explicitly defining the two conditions we
want rather than hoping all :marseypin [sic] are about pinning.
* Switch to marsey.cat for Snappy /u/.
camas is down, replacing it with search.marsey.cat.
Note that when looking for existing Snappy comments to test against,
it appears that something else with Snappy generation is broken.
Ex: /post/66263/-/1876803 puts an entire post URL in the author field.
This commit makes no attempt to fix this. TODO for later.
* Fix Snappy body /u/ extracting author from post URL.
Following up on 1137996f0fe7:
Issue was that author was being extracted from post.url, not href.
Given that the relevant code section is specifically for /u/s in the
body text of the submission, this was a problem.