ghostarchive has been giving us 500 backs lately. They are making
an absolute mess of the log for a non-central, opportunistic feature,
and we already eat exceptions for archive.org. We merely extend that
to ghostarchive.
* backend support for roulette betting on 0 and 00
* casino: roulette: add 0 and 00 frontend
* add spacer
* roulette: fix the thing
* don't payout where needful not to
* sanity check
* roulette: validate requests properly
* roulette actions from API make more sane
* move Base definition to files.classes.__init__.py
* fix ImportError
* move userpage listing to users.py
* don't import the app from classes
* consts: set default values to avoid crashes
consts: warn if the secret key is the default config value
* card view: sneed (user db schema)
* cloudflare: use DEFAULT_CONFIG_VALUE
* const: set default values
* decouple media.py from __main__
* pass database to avoid imports
* import cleanup and import request not in const, but in the requests mega import
* move asset_submissions site check to __init__
* asset submissions feature flag
* flag
* g.is_tor
* don't import request where it's not needed
* i think this is fine
* mail: move to own routes and helper
* wrappers
* required wrappers move
* unfuck wrappers a bit
* move snappy quotes and marseys to stateful consts
* marsify
* :pepodrool:
* fix missing import
* import cache
* ...and settings.py
* and static.py
* static needs cache
* route
* lmao all of the jinja shit was in feeds.py amazing
* classes should only import what they need from flask
* import Response
* hdjbjdhbhjf
* ...
* dfdfdfdf
* make get a non-required import
* isort imports (mostly)
* but actually
* configs
* reload config on import
* fgfgfgfg
* config
* config
* initialize snappy and test
* cookie of doom debug
* edfjnkf
* xikscdfd
* debug config
* set session cookie domain, i think this fixes the can't login bug
* sdfbgnhvfdsghbnjfbdvvfghnn
* hrsfxgf
* dump the entire config on a request
* kyskyskyskyskyskyskyskyskys
* duifhdskfjdfd
* dfdfdfdfdfdfdfdfdfdfdfdf
* dfdfdfdf
* imoprt all of the consts beacuse fuck it
* ðŸ˜
* dfdfdfdfdfdfsdasdf
* print the entire session
* rffdfdfjkfksj
* fgbhffh
* not the secret keys
* minor bug fixes
* be helpful in the warning
* gfgfgfg
* move warning lower
* isort main imports (i hope this doesn't fuck something up)
* test
* session cookie domain redux
* dfdfdfd
* try only importing Flask
* formkeys fix
* y
* :pepodrool:
* route helper
* remove before flight
* dfdfdfdfdf
* isort classes
* isort helpers
* move check_for_alts to routehelpers and also sort imports and get rid of unused ones
* that previous commit but actkally
* readd the cache in a dozen places they were implicitly imported
* use g.is_tor instead of request.headers. bla bla bla
* upgrade streamers to their own route file
* get rid of unused imports in __main__
* fgfgf
* don't pull in the entire ORM where we don't need it
* features
* explicit imports for the get helper
* explicit imports for the get helper redux
* testing allroutes
* remove unused import
* decouple flask from classes
* syntax fix also remember these have side fx for some reason (why?)
* move side effects out of the class
* posts
* testing on devrama
* settings
* reloading
* settingssdsdsds
* streamer features
* site settings
* testing settings on devrama
* import
* fix modlog
* remove debug stuff
* revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6
* archiveorg to _archiveorg
* skhudkfkjfd
* fix cron for PCM
* fix bugs that snekky wants me to
* Fix call to realbody passing db, standardize kwarg
* test
* import check_for_alts from the right place
* cloudflare
* testing on devrama
* fix cron i think
* shadow properly
* tasks
* Remove print which will surely be annoying in prod.
* v and create new session
* use files.classes
* make errors import little and fix rare 500 in /allow_nsfw
* Revert "use files.classes"
This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6.
* pass v to media functions rather than using g
* fix
* dfdfdfdfd
* cleanup, py type checking is dumb so don't use it where it causes issues
* Fix some merge bugs, add DEFAULT_RATELIMIT to main.
* Fix imports on sqlalchemy expressions.
* `from random import random` is an error.
* Fix replies db param.
* errors: fix missing import
* fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text
* Fix signup formkey.
* fix 2 500s
* propagate db to submissions
* fix replies
* dfdfdfdf
* Fix verifiedcolor.
* is_manual
* can't use getters outside of an app context
* don't attempt to do gumroad on sites where it's not enabled
* don't attempt to do gumraod on sites's where it's unnecessary
* Revert "don't attempt to do gumroad on sites where it's not enabled"
This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3.
* fix 500
* validate media type
Co-authored-by: TLSM <duolsm@outlook.com>
currently account delinking is very messy and can sometimes just not work
we do codey stuff so it's not as bad
also we create a pretty page for mops to mop up borked account links
* alts: allow proper delinking
* fix prev commit
* url fix
* fix 500
* fixes
* :pepodrool:
* flag
* :pepodrool: redux
* sdsdsdsds
* correct endpoint
* fix html page
* alts: only adjust session history if flag is set
* fix 500
* allow relinking
* fsdsds
* :pepodrool: redux
* alts: don't fail if an alt isn't history
* use postToastSwitch + some API changes
* remove unnecessary variables
* d-none
* delink accounts mod action
* fa-link-slash
* alts: add form to create alt
* remove copied and pasted template
* rounded section
* UI improvement + fix
* \n
* fix status
* admin: remove duplicate route
admin: do a permissions check on 2 pages that need it
admin: set the manual flag for manually flagged alts
* variable change
* fix 500
* alts
* add shadowban icon to alt link tool
* shadowbanned tooltip
* add user info section
* fix 500, remove unnecessary form, and add alt votes button
* trans and also link to page
* margin
* sdsdsd
* stop the count
* fix prev commit
* with ctx
* plural
* alts
* don't show shadowbanned users to those who can't see them
this is... extremely rare and won't ever be seen in production however if perms were ever rearranged in the future, this keeps permissions correct
* shadowban check in alt list
* let shadow realm enthusiasts see shadowban alts
* sdsdsds
* test
* be graceful where needed
* sdsdsdsds
* alts: don't allow adding the same account
alts: clarify wording
* rename and reorder on admin panel
* EOL
* remove frankly unnecessary check
* try with a set
* test
* Revert "try with a set"
This reverts commit 72be353fba5ffa39b37590cc5d3bf584c94ee06e.
* Revert "Revert "try with a set""
This reverts commit 81e41890a192e8b46d0463477998e905fddf56ba.
* Revert "Revert "Revert "try with a set"""
This reverts commit be51592135a3c09848f993f0154bd2ac862ae505.
* clean up test
* all seeing eye: rework reddit notifs a bit
this should be more reliable and catch more of these when they're sent
* fix reddit notifs to properly use fewer queries
Frankly, this is almost entirely speculative. I don't see any viable
exploits through either of these codepaths. But automated tooling
doesn't see the implicit constraints on these values, so might as well
do more sanitization.
* remove /logged_out/ routes
* update sitemap, remove users route, and update header
* cloudflare cookie
* only mess with the cookie whenever we desire auth
* sitemap: (small) improvements
sitemap: fix little bug i introduced
sitemap: fix login redirects for /id/ routes
* sitemap: remove duplicate entry
* contact is auth desired
* imports: don't import what we don't need and bind late to the db
* praying to god this works
* keep yourself safe
* oh i actually need to commit and push lol
* import Sub
* t
* refix cache purger
Certain animated images take an exceedingly long time (~minutes) to
encode to WEBP using method=6. Such a file was obtained, and it
encoded significantly faster using method=5 and somehow turned out
smaller than the result generated with method=6. We switch now to
use method=5 so we stop getting occasional massive increases in
CPU load when multiple users upload animations at the same time.
Additionally, a timeout was added to the ImageMagick subprocess just
in case there are even more pathological files in the future. Better
to error out than have to get someone to kill the process.
removed unnecessary \W nonsense from profanity filter wherever possible, covered verb conjugations that could lead to spelling errors when filtered, added a few new rdrama-specific slurs filters, touched up a few error messages
slots: fix missing imports (x2)
slots: fix other user errors being returned to a potentially completely unrelated user
for example if Snappy was under the rehab effect and it pulled the slot, it'd abort and potentially cause other bugs down the chain, which makes no sense to a user or could leave a post in a wonky state
the old behavior was actually to let admins bypass the limit, but this was buggy when the new multi pin thing was added and wouldn't let jannies make permapins if pins were at the limit
to make the code clear though, the permission name has been changed
* get: comments and posts: use get function from get.py
* fix prev commit
* move filter to correct place
* fix error and also log so i can figure out what's wrong
* comments: add some more trace logging
* should_keep_func always acts as return True if None is passed in
* remove logging code
* start html head refactor
this is a bit of a doozy tbh and will probably take a while. the templates are very highly duplicated but not duplicated enough to be an easy little thing
oh well, so it goes.
* some easier html head ones
* add chat, html_head, sign_up_failed_ref, sign_up, submit
* CSP: put it in const.py instead of this weird thing we did before
* fix syntax error
* better call the actual macros
* fix prev commit
* import into settings2
* fix prev commit
* set CSP properly if localhost
* some title fixes i think
* login page
* fix prev commit
* hacky thing to get titles to work i think
* {{stylesheets()}}
* fix prev commit
* title stuff
* cries uncontrollably
* submission fixes i think
* fix prev commit i think
* submission fixes ekfjdhfkdjf
* submission fixes 4
* this may fix submissions idk tbh
* default template: make it a little better on post pages
* default template: some efficiency
For the past week, we noticed a gradual increase in CPU usage and
request times. Use of a sampling profiler revealed the time waas spent
in serializing/deserializing data stored in Redis. In particular, the
user counter dicts were filtered for calculation of the loggedin/out
counters, but the filtered versions were never stored.
To make concurrency safe, we still filter on every request, but at
least the resting data will eventually be appropriately filtered,
and this data is non-critical regardless.
we currently spam the /is_repost api on every single character change in the URL box even though there is no way these URLs would ever be submitted to the site
introducing a frankly conservative limit to where we start actually pinging both the api and (on the backend) the database for reposts may help in some cases
the current constant was chosen by taking the length of "http://" and adding 2 to it