diff --git a/files/classes/comment.py b/files/classes/comment.py index 5040df5a1..90c9d5955 100644 --- a/files/classes/comment.py +++ b/files/classes/comment.py @@ -26,7 +26,6 @@ class Comment(Base): created_utc = Column(Integer, default=0) edited_utc = Column(Integer, default=0) is_banned = Column(Boolean, default=False) - removed_by = Column(Integer) bannedfor = Column(Boolean) distinguish_level = Column(Integer, default=0) deleted_utc = Column(Integer, default=0) diff --git a/files/classes/submission.py b/files/classes/submission.py index 897f5985a..9d7e35bd4 100644 --- a/files/classes/submission.py +++ b/files/classes/submission.py @@ -27,7 +27,6 @@ class Submission(Base): created_utc = Column(BigInteger, default=0) thumburl = Column(String) is_banned = Column(Boolean, default=False) - removed_by = Column(Integer) bannedfor = Column(Boolean) views = Column(Integer, default=0) deleted_utc = Column(Integer, default=0) diff --git a/files/helpers/jinja2.py b/files/helpers/jinja2.py index 2a8ee3a2a..e0318c80f 100644 --- a/files/helpers/jinja2.py +++ b/files/helpers/jinja2.py @@ -22,14 +22,6 @@ def post_embed(id, v): return render_template("submission_listing.html", listing=[p], v=v) -@app.template_filter("favorite_emojis") -def favorite_emojis(x): - str = "" - emojis = sorted(x.items(), key=lambda x: x[1], reverse=True)[:25] - for k, v in emojis: - str += f'' - return str - @app.context_processor def inject_constants(): constants = [c for c in dir(const) if not c.startswith("_")] diff --git a/files/helpers/markdown.py b/files/helpers/markdown.py index ef072ae92..ad97fa9aa 100644 --- a/files/helpers/markdown.py +++ b/files/helpers/markdown.py @@ -74,11 +74,6 @@ class CustomRenderer(HTMLRenderer): user = get_user(target, graceful=True) - try: - if g.v.admin_level == 0 and g.v.any_block_exists(user): - return f"{space}@{target}" - except BaseException: pass - if not user: return f"{space}@{target}" return f'''{space}@{user.username}'s profile picture@{user.username}''' @@ -113,13 +108,6 @@ class Renderer(HTMLRenderer): user = get_user(target, graceful=True) - - try: - if g.v.admin_level == 0 and g.v.any_block_exists(user): - return f"{space}@{target}" - except BaseException: - pass - if not user: return f"{space}@{target}" return f'{space}@{user.username}' diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 3f5d6f94f..529475fab 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -183,7 +183,7 @@ def sanitize(sanitized, noimages=False): remoji = emoji if path.isfile(f'files/assets/images/emojis/{remoji}.webp'): - new = re.sub(f'(?', new, flags=re.I) + new = re.sub(f'(?', new, flags=re.I) sanitized = sanitized.replace(old, new) @@ -193,10 +193,10 @@ def sanitize(sanitized, noimages=False): if emoji.startswith("!"): emoji = emoji[1:] if path.isfile(f'files/assets/images/emojis/{emoji}.webp'): - sanitized = re.sub(f'(?', sanitized, flags=re.I) + sanitized = re.sub(f'(?', sanitized, flags=re.I) elif path.isfile(f'files/assets/images/emojis/{emoji}.webp'): - sanitized = re.sub(f'(?', sanitized, flags=re.I) + sanitized = re.sub(f'(?', sanitized, flags=re.I) sanitized = sanitized.replace("https://www.", "https://").replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://open.spotify.com/", "https://open.spotify.com/embed/").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("https://m.wikipedia", "https://wikipedia").replace("https://m.youtube", "https://youtube") @@ -240,10 +240,10 @@ def filter_emojis_only(title): if emoji.startswith("!"): emoji = emoji[1:] if path.isfile(f'files/assets/images/emojis/{emoji}.webp'): - title = re.sub(f'(?', title, flags=re.I) + title = re.sub(f'(?', title, flags=re.I) elif path.isfile(f'files/assets/images/emojis/{emoji}.webp'): - title = re.sub(f'(?', title, flags=re.I) + title = re.sub(f'(?', title, flags=re.I) if len(title) > 1500: abort(400) else: return title \ No newline at end of file diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py index d3fa652c5..75def8dca 100644 --- a/files/helpers/wrappers.py +++ b/files/helpers/wrappers.py @@ -4,36 +4,27 @@ from files.helpers.const import * def get_logged_in_user(): + token = request.headers.get("Authorization") - if request.headers.get("Authorization"): - token = request.headers.get("Authorization") - if not token: return None - - try: - client = g.db.query(ClientAuth).filter(ClientAuth.access_token == token).first() - x = (client.user, client) if client else (None, None) - except: x = (None, None) - + if token: + client = g.db.query(ClientAuth).filter(ClientAuth.access_token == token).first() + if not client: return None + v = client.user + v.client = client + return v else: - uid = session.get("user_id") nonce = session.get("login_nonce", 0) - if not uid: x= (None, None) - try: - if g.db: v = g.db.query(User).filter_by(id=uid).first() - else: v = None - except: v = None + logged_in = session.get("logged_in") - if v and (nonce < v.login_nonce): - x= (None, None) - else: - x=(v, None) + if not uid: return None + # if not uid or not logged_in or uid != logged_in: return None + v = g.db.query(User).filter_by(id=uid).first() + if not v or nonce < v.login_nonce: return None - if x[0]: x[0].client=x[1] - - return x[0] + return v def check_ban_evade(v): if v and v.ban_evade and v.admin_level == 0 and not v.is_suspended: @@ -47,8 +38,6 @@ def auth_desired(f): v = get_logged_in_user() - if request.host == 'old.rdrama.net' and not (v and v.admin_level) and '/log' not in request.path: - return redirect(request.url.replace('https://old.','https://')) check_ban_evade(v) resp = make_response(f(*args, v=v, **kwargs)) @@ -65,14 +54,9 @@ def auth_required(f): v = get_logged_in_user() if not v: abort(401) - - if request.host == 'old.rdrama.net' and not v.admin_level: - return redirect(request.url.replace('https://old.','https://')) check_ban_evade(v) - g.v = v - resp = make_response(f(*args, v=v, **kwargs)) return resp @@ -88,14 +72,10 @@ def is_not_banned(f): if not v: abort(401) - if request.host == 'old.rdrama.net' and not v.admin_level: - return redirect(request.url.replace('https://old.','https://')) check_ban_evade(v) if v.is_suspended: return {"error": "You can't perform this action while being banned."}, 403 - g.v = v - resp = make_response(f(*args, v=v, **kwargs)) return resp @@ -115,8 +95,6 @@ def admin_level_required(x): if v.admin_level < x: abort(403) - g.v = v - response = f(*args, v=v, **kwargs) if isinstance(response, tuple): resp = make_response(response[0]) diff --git a/files/routes/admin.py b/files/routes/admin.py index 0cdb2e6cb..00c647548 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -49,28 +49,41 @@ def truescore(v): @app.post("/@/revert_actions") @limiter.limit("1/second") -@admin_level_required(2) +@admin_level_required(3) @validate_formkey def revert_actions(v, username): - if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host): - user = get_user(username) - if not user: abort(404) + user = get_user(username) + if not user: abort(404) + + cutoff = int(time.time()) - 86400 - items = g.db.query(Submission).filter_by(removed_by=user.id).all() + g.db.query(Comment).filter_by(removed_by=user.id).all() + posts = [x[0] for x in g.db.query(ModAction.target_submission_id).filter(ModAction.user_id == user.id, ModAction.created_utc > cutoff, ModAction.kind == 'ban_post').all()] + posts = g.db.query(Submission).filter(Submission.id.in_(posts)).all() - for item in items: - item.is_banned = False - item.removed_by = None - g.db.add(item) + comments = [x[0] for x in g.db.query(ModAction.target_comment_id).filter(ModAction.user_id == user.id, ModAction.created_utc > cutoff, ModAction.kind == 'ban_comment').all()] + comments = g.db.query(Comment).filter(Comment.id.in_(comments)).all() + + for item in posts + comments: + item.is_banned = False + g.db.add(item) - users = g.db.query(User).filter_by(is_banned=user.id).all() - for user in users: - user.is_banned = 0 - user.unban_utc = 0 - user.ban_evade = 0 - g.db.add(user) + users = (x[0] for x in g.db.query(ModAction.target_user_id).filter(ModAction.user_id == user.id, ModAction.created_utc > cutoff, ModAction.kind.in_(('shadowban', 'ban_user'))).all()) + users = g.db.query(User).filter(User.id.in_(users)).all() - g.db.commit() + for user in users: + user.shadowbanned = None + user.is_banned = 0 + user.unban_utc = 0 + user.ban_evade = 0 + g.db.add(user) + for u in user.alts: + u.shadowbanned = None + u.is_banned = 0 + u.unban_utc = 0 + u.ban_evade = 0 + g.db.add(u) + + g.db.commit() return {"message": "Admin actions reverted!"} @app.post("/@/club_allow") @@ -868,7 +881,6 @@ def ban_post(post_id, v): post.is_approved = 0 post.stickied = None post.is_pinned = False - post.removed_by = v.id post.ban_reason = v.username g.db.add(post) @@ -955,6 +967,9 @@ def api_distinguish_post(post_id, v): @validate_formkey def api_sticky_post(post_id, v): + pins = g.db.query(Submission.id).filter(Submission.stickied != None, Submission.is_banned == False).count() + if pins > 2: return {"error": "Can't exceed 3 pinned posts limit!"}, 403 + post = g.db.query(Submission).filter_by(id=post_id).first() if post: if post.stickied: @@ -997,7 +1012,6 @@ def api_ban_comment(c_id, v): comment.is_banned = True comment.is_approved = 0 - comment.removed_by = v.id comment.ban_reason = v.username g.db.add(comment) ma=ModAction( diff --git a/files/routes/errors.py b/files/routes/errors.py index 79676b2ec..38bd37eae 100644 --- a/files/routes/errors.py +++ b/files/routes/errors.py @@ -68,7 +68,6 @@ def error_500(e, v): @app.post("/allow_nsfw") def allow_nsfw(): - session["over_18"] = int(time.time()) + 3600 return redirect(request.values.get("redir", "/")) diff --git a/files/routes/front.py b/files/routes/front.py index 84aad6e04..b4c801206 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -123,6 +123,9 @@ def notifications(v): @auth_desired def front_all(v): + if request.host == 'old.rdrama.net' and not (v and v.admin_level): + return render_template("home.html", v=v, listing=[], next_exists=False, sort='hot', t='all', page=1) + if not v and request.path == "/" and not request.headers.get("Authorization"): return redirect(f"/logged_out{request.full_path}") if v and v.is_banned and not v.unban_utc: return render_template('errors/500.html', error=True, v=v), 500 @@ -199,10 +202,8 @@ def frontlist(v=None, sort="hot", page=1, t="all", ids_only=True, filter_words=' posts = g.db.query(Submission) - if SITE_NAME == 'Drama' and sort == "hot": - cutoff = int(time.time()) - 86400 - posts = posts.filter(Submission.created_utc >= cutoff) - elif t != 'all': + if t == 'all': cutoff = 0 + else: now = int(time.time()) if t == 'hour': cutoff = now - 3600 elif t == 'week': cutoff = now - 604800 @@ -210,7 +211,6 @@ def frontlist(v=None, sort="hot", page=1, t="all", ids_only=True, filter_words=' elif t == 'year': cutoff = now - 31536000 else: cutoff = now - 86400 posts = posts.filter(Submission.created_utc >= cutoff) - else: cutoff = 0 if sort != "hot": posts = posts.filter_by(is_banned=False, private=False, deleted_utc = 0) else: posts = posts.filter_by(is_banned=False, stickied=None, private=False, deleted_utc = 0) diff --git a/files/routes/login.py b/files/routes/login.py index 3a7bdf41a..064df0372 100644 --- a/files/routes/login.py +++ b/files/routes/login.py @@ -132,6 +132,7 @@ def login_post(): abort(400) session["user_id"] = account.id + session["logged_in"] = account.id session["session_id"] = token_hex(16) session["login_nonce"] = account.login_nonce session.permanent = True @@ -162,6 +163,7 @@ def logout(v): session.pop("user_id", None) session.pop("session_id", None) + session.pop("logged_in", None) return {"message": "Logout successful!"} @@ -350,6 +352,7 @@ def sign_up_post(v): if "rama" in request.host: send_notification(new_user.id, WELCOME_MSG) session["user_id"] = new_user.id + session["logged_in"] = new_user.id session["session_id"] = token_hex(16) g.db.commit() diff --git a/files/routes/posts.py b/files/routes/posts.py index 2d11f2e1b..2aa6ea153 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -211,8 +211,7 @@ def post_id(pid, anything=None, v=None): post.views += 1 g.db.add(post) - if isinstance(session.get('over_18', 0), dict): session["over_18"] = 0 - if post.over_18 and not (v and v.over_18) and not session.get('over_18', 0) >= int(time.time()): + if post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()): if request.headers.get("Authorization"): return {"error":"Must be 18+ to view"}, 451 else: return render_template("errors/nsfw.html", v=v) @@ -1047,12 +1046,12 @@ def submit_post(v): user = g.db.query(User).filter_by(username=username).first() if user and not v.any_block_exists(user) and user.id != v.id: notify_users.add(user.id) - for x in notify_users: send_notification(x, f"@{v.username} has mentioned you: [{title}]({new_post.permalink})") + for x in notify_users: send_notification(x, f"@{v.username} has mentioned you: https://{site}{new_post.permalink}") for follow in v.followers: user = get_account(follow.user_id) if new_post.club and not user.club_allowed: continue - send_notification(user.id, f"@{v.username} has made a new post: [{title}]({new_post.permalink})", True) + send_notification(user.id, f"@{v.username} has made a new post: [{title}](https://{site}{new_post.permalink})", True) g.db.add(new_post) g.db.flush() @@ -1146,8 +1145,10 @@ def submit_post(v): rev = new_post.url.replace('https://old.reddit.com/', '') rev = f"* [unddit.com](https://unddit.com/{rev})\n" else: rev = '' - body += f"Snapshots:\n\n{rev}* [archive.org](https://web.archive.org/{new_post.url})\n* [archive.ph](https://archive.ph/?url={quote(new_post.url)}&run=1) (click to archive)\n\n" - gevent.spawn(archiveorg, new_post.url) + newposturl = new_post.url + if newposturl.startswith('/'): newposturl = f"https://{site}{newposturl}" + body += f"Snapshots:\n\n{rev}* [archive.org](https://web.archive.org/{newposturl})\n* [archive.ph](https://archive.ph/?url={quote(newposturl)}&run=1) (click to archive)\n\n" + gevent.spawn(archiveorg, newposturl) url_regex = '([^\"]+)' for url_match in re.finditer(url_regex, new_post.body_html, flags=re.M|re.I): diff --git a/files/routes/settings.py b/files/routes/settings.py index 348fa4504..b35b047b9 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -698,7 +698,8 @@ def settings_log_out_others(v): submitted_password = request.values.get("password", "").strip() - if not v.verifyPass(submitted_password): return render_template("settings_security.html", v=v, error="Incorrect Password"), 401 + if not v.verifyPass(submitted_password): + return render_template("settings_security.html", v=v, error="Incorrect Password"), 401 v.login_nonce += 1 diff --git a/files/routes/static.py b/files/routes/static.py index aef32c5df..16cba5f80 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -289,6 +289,7 @@ def static_service(path): return resp @app.get('/images/') +@app.get('/IMAGES/') @app.get('/hostedimages/') @limiter.exempt def images(path): diff --git a/files/static/dist/main.css b/files/static/dist/main.css index 31f1f9e42..7718e55ba 100644 --- a/files/static/dist/main.css +++ b/files/static/dist/main.css @@ -2382,7 +2382,7 @@ img.emoji-md { object-fit: contain} img.emoji-lg { - max-width: 100%; + max-width: 10rem; display: inline-block; -o-object-fit: contain; object-fit: contain} diff --git a/files/templates/CHRISTMAS/authforms.html b/files/templates/CHRISTMAS/authforms.html index aea28f07b..95bd362ba 100644 --- a/files/templates/CHRISTMAS/authforms.html +++ b/files/templates/CHRISTMAS/authforms.html @@ -14,11 +14,11 @@ {% if v %} - + {% if v.agendaposter %}{% elif v.css %}{% endif %} {% else %} - + {% endif %} diff --git a/files/templates/CHRISTMAS/default.html b/files/templates/CHRISTMAS/default.html index 2fc2ed617..03b075a3c 100644 --- a/files/templates/CHRISTMAS/default.html +++ b/files/templates/CHRISTMAS/default.html @@ -186,9 +186,9 @@ {% block stylesheets %} - + - + diff --git a/files/templates/CHRISTMAS/emoji_modal.html b/files/templates/CHRISTMAS/emoji_modal.html index f764dc796..7f3be487a 100644 --- a/files/templates/CHRISTMAS/emoji_modal.html +++ b/files/templates/CHRISTMAS/emoji_modal.html @@ -50,9 +50,6 @@
- {% if session.get("favorite_emojis") %} - {{session.get("favorite_emojis") | favorite_emojis | safe}} - {% endif %}
diff --git a/files/templates/CHRISTMAS/header.html b/files/templates/CHRISTMAS/header.html index 357ba31bc..bfb55fd2a 100644 --- a/files/templates/CHRISTMAS/header.html +++ b/files/templates/CHRISTMAS/header.html @@ -224,6 +224,6 @@ } -{% if v %} +{% if v and not error %}
{{v.formkey}}
{% endif %} \ No newline at end of file diff --git a/files/templates/CHRISTMAS/home.html b/files/templates/CHRISTMAS/home.html index a722ca358..e920115d8 100644 --- a/files/templates/CHRISTMAS/home.html +++ b/files/templates/CHRISTMAS/home.html @@ -79,7 +79,7 @@ -{% if not v.fp %} +{% if v and not v.fp %} + {% endblock %} \ No newline at end of file diff --git a/files/templates/default.html b/files/templates/default.html index 3e61279fe..b9e5ad1b2 100644 --- a/files/templates/default.html +++ b/files/templates/default.html @@ -6,12 +6,12 @@ {% if v %} - + {% if v.agendaposter %}{% elif v.css %}{% endif %} {% else %} - + {% endif %} @@ -275,7 +275,7 @@