master
Aevann1 2022-01-11 23:53:49 +02:00
parent 0b0bab0dae
commit 24f71966be
6 changed files with 40 additions and 37 deletions

View File

@ -55,13 +55,7 @@ def error_500(e):
@app.post("/allow_nsfw") @app.post("/allow_nsfw")
def allow_nsfw(): @auth_desired
def allow_nsfw(v):
session["over_18"] = int(time.time()) + 3600 session["over_18"] = int(time.time()) + 3600
return redirect(request.values.get("redir", "/")) return redirect(request.values.get("redir", "/"))
@app.get("/error/<error>")
def error_all_preview(error):
try: return render_template(f"errors/{error}.html", error=True)
except: abort(400)

View File

@ -4,11 +4,13 @@ from datetime import datetime
from files.helpers.jinja2 import full_link from files.helpers.jinja2 import full_link
from files.helpers.get import * from files.helpers.get import *
from yattag import Doc from yattag import Doc
from files.helpers.wrappers import *
from files.__main__ import app from files.__main__ import app
@app.get('/rss/<sort>/<t>') @app.get('/rss/<sort>/<t>')
def feeds_user(sort='hot', t='all'): @auth_desired
def feeds_user(v=None, sort='hot', t='all'):
page = int(request.values.get("page", 1)) page = int(request.values.get("page", 1))

View File

@ -7,7 +7,8 @@ defaulttimefilter = environ.get("DEFAULT_TIME_FILTER", "all").strip()
SITE_NAME = environ.get("SITE_NAME", "").strip() SITE_NAME = environ.get("SITE_NAME", "").strip()
@app.get("/post/") @app.get("/post/")
def slash_post(): @auth_desired
def slash_post(v):
return redirect("/") return redirect("/")
@app.post("/clear") @app.post("/clear")

View File

@ -1,6 +1,7 @@
from flask import * from flask import *
from os import environ from os import environ
import requests import requests
from files.helpers.wrappers import *
from files.__main__ import app from files.__main__ import app
@ -9,7 +10,8 @@ GIPHY_KEY = environ.get('GIPHY_KEY').rstrip()
@app.get("/giphy") @app.get("/giphy")
@app.get("/giphy<path>") @app.get("/giphy<path>")
def giphy(path=None): @auth_desired
def giphy(v=None, path=None):
searchTerm = request.values.get("searchTerm", "").strip() searchTerm = request.values.get("searchTerm", "").strip()
limit = int(request.values.get("limit", 48)) limit = int(request.values.get("limit", 48))

View File

@ -246,7 +246,8 @@ def log_item(id, v):
return render_template(f"{template}log.html", v=v, actions=[action], next_exists=False, page=1, action=action, admins=admins, types=types) return render_template(f"{template}log.html", v=v, actions=[action], next_exists=False, page=1, action=action, admins=admins, types=types)
@app.get("/static/assets/favicon.ico") @app.get("/static/assets/favicon.ico")
def favicon(): @auth_desired
def favicon(v):
return send_file(f"./assets/images/{site_name}/icon.webp") return send_file(f"./assets/images/{site_name}/icon.webp")
@app.get("/api") @app.get("/api")
@ -278,18 +279,21 @@ def submit_contact(v):
return render_template(f"{template}contact.html", v=v, msg="Your message has been sent.") return render_template(f"{template}contact.html", v=v, msg="Your message has been sent.")
@app.get('/archives') @app.get('/archives')
def archivesindex(): @auth_desired
def archivesindex(v):
return redirect("/archives/index.html") return redirect("/archives/index.html")
@app.get('/archives/<path:path>') @app.get('/archives/<path:path>')
def archives(path): @auth_desired
def archives(v, path):
resp = make_response(send_from_directory('/archives', path)) resp = make_response(send_from_directory('/archives', path))
if request.path.endswith('.css'): resp.headers.add("Content-Type", "text/css") if request.path.endswith('.css'): resp.headers.add("Content-Type", "text/css")
return resp return resp
@app.get('/static/<path:path>') @app.get('/static/<path:path>')
@limiter.exempt @limiter.exempt
def static_service2(path): @auth_desired
def static_service2(v, path):
resp = make_response(send_from_directory('./static', path)) resp = make_response(send_from_directory('./static', path))
if request.path.endswith('.webp') or request.path.endswith('.gif') or request.path.endswith('.ttf') or request.path.endswith('.woff') or request.path.endswith('.woff2'): if request.path.endswith('.webp') or request.path.endswith('.gif') or request.path.endswith('.ttf') or request.path.endswith('.woff') or request.path.endswith('.woff2'):
resp.headers.remove("Cache-Control") resp.headers.remove("Cache-Control")
@ -303,7 +307,8 @@ def static_service2(path):
@app.get('/assets/<path:path>') @app.get('/assets/<path:path>')
@app.get('/static/assets/<path:path>') @app.get('/static/assets/<path:path>')
@limiter.exempt @limiter.exempt
def static_service(path): @auth_desired
def static_service(v, path):
if request.path.startswith('/assets/'): return redirect(request.full_path.replace('/assets/', '/static/assets/')) if request.path.startswith('/assets/'): return redirect(request.full_path.replace('/assets/', '/static/assets/'))
resp = make_response(send_from_directory('assets', path)) resp = make_response(send_from_directory('assets', path))
@ -321,7 +326,8 @@ def static_service(path):
@app.get('/hostedimages/<path>') @app.get('/hostedimages/<path>')
@app.get("/static/images/<path>") @app.get("/static/images/<path>")
@limiter.exempt @limiter.exempt
def images(path): @auth_desired
def images(v, path):
if request.path.startswith('/images/') or request.path.lower().startswith('/hostedimages/'): if request.path.startswith('/images/') or request.path.lower().startswith('/hostedimages/'):
return redirect(request.full_path.replace('/images/', '/static/images/').replace('/hostedimages/', '/static/images/')) return redirect(request.full_path.replace('/images/', '/static/images/').replace('/hostedimages/', '/static/images/'))
resp = make_response(send_from_directory('/images', path.replace('.WEBP','.webp'))) resp = make_response(send_from_directory('/images', path.replace('.WEBP','.webp')))
@ -395,7 +401,8 @@ def formatting(v):
return render_template(f"{template}formatting.html", v=v) return render_template(f"{template}formatting.html", v=v)
@app.get("/service-worker.js") @app.get("/service-worker.js")
def serviceworker(): @auth_desired
def serviceworker(v):
with open("files/assets/js/service-worker.js", "r") as f: return Response(f.read(), mimetype='application/javascript') with open("files/assets/js/service-worker.js", "r") as f: return Response(f.read(), mimetype='application/javascript')
@app.get("/settings/security") @app.get("/settings/security")
@ -409,12 +416,3 @@ def settings_security(v):
v=v, v=v,
mfa_secret=pyotp.random_base32() if not v.mfa_secret else None mfa_secret=pyotp.random_base32() if not v.mfa_secret else None
) )
@app.post("/dismiss_mobile_tip")
@limiter.limit("1/second")
def dismiss_mobile_tip():
session["tooltip_last_dismissed"]=int(time.time())
session.modified=True
return "", 204

View File

@ -347,7 +347,8 @@ def leaderboard(v):
@app.get("/@<username>/css") @app.get("/@<username>/css")
def get_css(username): @auth_desired
def get_css(v, username):
user = get_user(username) user = get_user(username)
if user.css: css = user.css if user.css: css = user.css
else: css = "" else: css = ""
@ -356,7 +357,8 @@ def get_css(username):
return resp return resp
@app.get("/@<username>/profilecss") @app.get("/@<username>/profilecss")
def get_profilecss(username): @auth_desired
def get_profilecss(v, username):
user = get_user(username) user = get_user(username)
if user.profilecss: profilecss = user.profilecss if user.profilecss: profilecss = user.profilecss
else: profilecss = "" else: profilecss = ""
@ -365,7 +367,8 @@ def get_profilecss(username):
return resp return resp
@app.get("/songs/<id>") @app.get("/songs/<id>")
def songs(id): @auth_desired
def songs(v, id):
try: id = int(id) try: id = int(id)
except: return "", 400 except: return "", 400
user = g.db.query(User).filter_by(id=id).one_or_none() user = g.db.query(User).filter_by(id=id).one_or_none()
@ -374,7 +377,8 @@ def songs(id):
@app.get("/song/<song>") @app.get("/song/<song>")
@app.get("/static/song/<song>") @app.get("/static/song/<song>")
def song(song): @auth_desired
def song(v, song):
if request.path.startswith('/song/'): return redirect(request.full_path.replace('/song/', '/static/song/')) if request.path.startswith('/song/'): return redirect(request.full_path.replace('/song/', '/static/song/'))
resp = make_response(send_from_directory('/songs', song)) resp = make_response(send_from_directory('/songs', song))
resp.headers.remove("Cache-Control") resp.headers.remove("Cache-Control")
@ -560,6 +564,7 @@ def api_is_available(name, v):
return {name: True} return {name: True}
@app.get("/id/<id>") @app.get("/id/<id>")
@auth_desired
def user_id(id): def user_id(id):
try: id = int(id) try: id = int(id)
except: abort(404) except: abort(404)
@ -567,6 +572,7 @@ def user_id(id):
return redirect(user.url) return redirect(user.url)
@app.get("/u/<username>") @app.get("/u/<username>")
@auth_desired
def redditor_moment_redirect(username): def redditor_moment_redirect(username):
return redirect(f"/@{username}") return redirect(f"/@{username}")
@ -917,8 +923,8 @@ def remove_follow(username, v):
@app.get("/uid/<id>/pic") @app.get("/uid/<id>/pic")
@app.get("/uid/<id>/pic/profile") @app.get("/uid/<id>/pic/profile")
@limiter.exempt @auth_desired
def user_profile_uid(id): def user_profile_uid(v, id):
try: id = int(id) try: id = int(id)
except: except:
try: id = int(id, 36) try: id = int(id, 36)
@ -927,8 +933,8 @@ def user_profile_uid(id):
return redirect(x.profile_url) return redirect(x.profile_url)
@app.get("/@<username>/pic") @app.get("/@<username>/pic")
@limiter.exempt @auth_desired
def user_profile_name(username): def user_profile_name(v, username):
x = get_user(username) x = get_user(username)
return redirect(x.profile_url) return redirect(x.profile_url)