rDrama
/
rDrama
9
10
Fork 8
Code Issues Pull Requests Packages Releases Wiki Activity
rDrama/files/routes/oauth.py

297 lines
7.1 KiB
Python
Raw Normal View History

[DO NOT MERGE] import detanglation (#442) * move Base definition to files.classes.__init__.py * fix ImportError * move userpage listing to users.py * don't import the app from classes * consts: set default values to avoid crashes consts: warn if the secret key is the default config value * card view: sneed (user db schema) * cloudflare: use DEFAULT_CONFIG_VALUE * const: set default values * decouple media.py from __main__ * pass database to avoid imports * import cleanup and import request not in const, but in the requests mega import * move asset_submissions site check to __init__ * asset submissions feature flag * flag * g.is_tor * don't import request where it's not needed * i think this is fine * mail: move to own routes and helper * wrappers * required wrappers move * unfuck wrappers a bit * move snappy quotes and marseys to stateful consts * marsify * :pepodrool: * fix missing import * import cache * ...and settings.py * and static.py * static needs cache * route * lmao all of the jinja shit was in feeds.py amazing * classes should only import what they need from flask * import Response * hdjbjdhbhjf * ... * dfdfdfdf * make get a non-required import * isort imports (mostly) * but actually * configs * reload config on import * fgfgfgfg * config * config * initialize snappy and test * cookie of doom debug * edfjnkf * xikscdfd * debug config * set session cookie domain, i think this fixes the can't login bug * sdfbgnhvfdsghbnjfbdvvfghnn * hrsfxgf * dump the entire config on a request * kyskyskyskyskyskyskyskyskys * duifhdskfjdfd * dfdfdfdfdfdfdfdfdfdfdfdf * dfdfdfdf * imoprt all of the consts beacuse fuck it * 😭 * dfdfdfdfdfdfsdasdf * print the entire session * rffdfdfjkfksj * fgbhffh * not the secret keys * minor bug fixes * be helpful in the warning * gfgfgfg * move warning lower * isort main imports (i hope this doesn't fuck something up) * test * session cookie domain redux * dfdfdfd * try only importing Flask * formkeys fix * y * :pepodrool: * route helper * remove before flight * dfdfdfdfdf * isort classes * isort helpers * move check_for_alts to routehelpers and also sort imports and get rid of unused ones * that previous commit but actkally * readd the cache in a dozen places they were implicitly imported * use g.is_tor instead of request.headers. bla bla bla * upgrade streamers to their own route file * get rid of unused imports in __main__ * fgfgf * don't pull in the entire ORM where we don't need it * features * explicit imports for the get helper * explicit imports for the get helper redux * testing allroutes * remove unused import * decouple flask from classes * syntax fix also remember these have side fx for some reason (why?) * move side effects out of the class * posts * testing on devrama * settings * reloading * settingssdsdsds * streamer features * site settings * testing settings on devrama * import * fix modlog * remove debug stuff * revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6 * archiveorg to _archiveorg * skhudkfkjfd * fix cron for PCM * fix bugs that snekky wants me to * Fix call to realbody passing db, standardize kwarg * test * import check_for_alts from the right place * cloudflare * testing on devrama * fix cron i think * shadow properly * tasks * Remove print which will surely be annoying in prod. * v and create new session * use files.classes * make errors import little and fix rare 500 in /allow_nsfw * Revert "use files.classes" This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6. * pass v to media functions rather than using g * fix * dfdfdfdfd * cleanup, py type checking is dumb so don't use it where it causes issues * Fix some merge bugs, add DEFAULT_RATELIMIT to main. * Fix imports on sqlalchemy expressions. * `from random import random` is an error. * Fix replies db param. * errors: fix missing import * fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text * Fix signup formkey. * fix 2 500s * propagate db to submissions * fix replies * dfdfdfdf * Fix verifiedcolor. * is_manual * can't use getters outside of an app context * don't attempt to do gumroad on sites where it's not enabled * don't attempt to do gumraod on sites's where it's unnecessary * Revert "don't attempt to do gumroad on sites where it's not enabled" This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3. * fix 500 * validate media type Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 09:19:08 +00:00
import sqlalchemy.exc
from files.classes import *
mn
2022-05-04 23:09:46 +00:00
from files.helpers.alerts import *
[DO NOT MERGE] multiple sub banners (#59) allows multiple sub banners Snakes note: By request of Carp, especially for WPD. Co-authored-by: justcool393 <justcool393@gmail.com> Co-authored-by: Snakes <duolsm@outlook.com> Reviewed-on: https://fsdfsd.net/rDrama/rDrama/pulls/59 Co-authored-by: justcool393 <justcool393@noreply.fsdfsd.net> Co-committed-by: justcool393 <justcool393@noreply.fsdfsd.net>
2022-12-11 23:44:34 +00:00
from files.helpers.config.const import *
[DO NOT MERGE] import detanglation (#442) * move Base definition to files.classes.__init__.py * fix ImportError * move userpage listing to users.py * don't import the app from classes * consts: set default values to avoid crashes consts: warn if the secret key is the default config value * card view: sneed (user db schema) * cloudflare: use DEFAULT_CONFIG_VALUE * const: set default values * decouple media.py from __main__ * pass database to avoid imports * import cleanup and import request not in const, but in the requests mega import * move asset_submissions site check to __init__ * asset submissions feature flag * flag * g.is_tor * don't import request where it's not needed * i think this is fine * mail: move to own routes and helper * wrappers * required wrappers move * unfuck wrappers a bit * move snappy quotes and marseys to stateful consts * marsify * :pepodrool: * fix missing import * import cache * ...and settings.py * and static.py * static needs cache * route * lmao all of the jinja shit was in feeds.py amazing * classes should only import what they need from flask * import Response * hdjbjdhbhjf * ... * dfdfdfdf * make get a non-required import * isort imports (mostly) * but actually * configs * reload config on import * fgfgfgfg * config * config * initialize snappy and test * cookie of doom debug * edfjnkf * xikscdfd * debug config * set session cookie domain, i think this fixes the can't login bug * sdfbgnhvfdsghbnjfbdvvfghnn * hrsfxgf * dump the entire config on a request * kyskyskyskyskyskyskyskyskys * duifhdskfjdfd * dfdfdfdfdfdfdfdfdfdfdfdf * dfdfdfdf * imoprt all of the consts beacuse fuck it * 😭 * dfdfdfdfdfdfsdasdf * print the entire session * rffdfdfjkfksj * fgbhffh * not the secret keys * minor bug fixes * be helpful in the warning * gfgfgfg * move warning lower * isort main imports (i hope this doesn't fuck something up) * test * session cookie domain redux * dfdfdfd * try only importing Flask * formkeys fix * y * :pepodrool: * route helper * remove before flight * dfdfdfdfdf * isort classes * isort helpers * move check_for_alts to routehelpers and also sort imports and get rid of unused ones * that previous commit but actkally * readd the cache in a dozen places they were implicitly imported * use g.is_tor instead of request.headers. bla bla bla * upgrade streamers to their own route file * get rid of unused imports in __main__ * fgfgf * don't pull in the entire ORM where we don't need it * features * explicit imports for the get helper * explicit imports for the get helper redux * testing allroutes * remove unused import * decouple flask from classes * syntax fix also remember these have side fx for some reason (why?) * move side effects out of the class * posts * testing on devrama * settings * reloading * settingssdsdsds * streamer features * site settings * testing settings on devrama * import * fix modlog * remove debug stuff * revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6 * archiveorg to _archiveorg * skhudkfkjfd * fix cron for PCM * fix bugs that snekky wants me to * Fix call to realbody passing db, standardize kwarg * test * import check_for_alts from the right place * cloudflare * testing on devrama * fix cron i think * shadow properly * tasks * Remove print which will surely be annoying in prod. * v and create new session * use files.classes * make errors import little and fix rare 500 in /allow_nsfw * Revert "use files.classes" This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6. * pass v to media functions rather than using g * fix * dfdfdfdfd * cleanup, py type checking is dumb so don't use it where it causes issues * Fix some merge bugs, add DEFAULT_RATELIMIT to main. * Fix imports on sqlalchemy expressions. * `from random import random` is an error. * Fix replies db param. * errors: fix missing import * fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text * Fix signup formkey. * fix 2 500s * propagate db to submissions * fix replies * dfdfdfdf * Fix verifiedcolor. * is_manual * can't use getters outside of an app context * don't attempt to do gumroad on sites where it's not enabled * don't attempt to do gumraod on sites's where it's unnecessary * Revert "don't attempt to do gumroad on sites where it's not enabled" This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3. * fix 500 * validate media type Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 09:19:08 +00:00
from files.helpers.get import *
from files.routes.wrappers import *
mn
2022-05-04 23:09:46 +00:00
from files.__main__ import app, limiter
@app.get("/authorize")
@auth_required
add typing to a bunch of routes
2022-11-26 21:00:03 +00:00
def authorize_prompt(v:User):
mn
2022-05-04 23:09:46 +00:00
client_id = request.values.get("client_id")
application = g.db.query(OauthApp).filter_by(client_id=client_id).one_or_none()
if not application: return {"oauth_error": "Invalid `client_id`"}, 401
return render_template("oauth.html", v=v, application=application)
@app.post("/authorize")
default ratelimit and default ratelimit slower
2022-11-13 06:43:35 +00:00
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
mn
2022-05-04 23:09:46 +00:00
@auth_required
Reorder decorators to support f63237a9a2. Ultimately necessary because otherwise all bots share rate limits with each other. The somewhat haphazard ordering of decorators bothers me, but it's functionally required. Approaches using request context (like reading the Authorization header in ratelimit_user) likely produce bugs all their own.
2022-11-13 10:18:52 +00:00
@ratelimit_user()
mn
2022-05-04 23:09:46 +00:00
def authorize(v):
client_id = request.values.get("client_id")
application = g.db.query(OauthApp).filter_by(client_id=client_id).one_or_none()
if not application: return {"oauth_error": "Invalid `client_id`"}, 401
access_token = secrets.token_urlsafe(128)[:128]
try:
new_auth = ClientAuth(oauth_client = application.id, user_id = v.id, access_token=access_token)
g.db.add(new_auth)
except sqlalchemy.exc.IntegrityError:
g.db.rollback()
old_auth = g.db.query(ClientAuth).filter_by(oauth_client = application.id, user_id = v.id).one()
access_token = old_auth.access_token
return redirect(f"{application.redirect_uri}?token={access_token}")
allow ppl to revoke app authorizations
2022-07-15 00:12:54 +00:00
@app.post("/rescind/<aid>")
default ratelimit and default ratelimit slower
2022-11-13 06:43:35 +00:00
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
allow ppl to revoke app authorizations
2022-07-15 00:12:54 +00:00
@auth_required
Reorder decorators to support f63237a9a2. Ultimately necessary because otherwise all bots share rate limits with each other. The somewhat haphazard ordering of decorators bothers me, but it's functionally required. Approaches using request context (like reading the Authorization header in ratelimit_user) likely produce bugs all their own.
2022-11-13 10:18:52 +00:00
@ratelimit_user()
allow ppl to revoke app authorizations
2022-07-15 00:12:54 +00:00
def rescind(v, aid):
auth = g.db.query(ClientAuth).filter_by(oauth_client = aid, user_id = v.id).one_or_none()
if not auth: abort(400)
g.db.delete(auth)
return {"message": "Authorization revoked!"}
mn
2022-05-04 23:09:46 +00:00
@app.post("/api_keys")
default ratelimit and default ratelimit slower
2022-11-13 06:43:35 +00:00
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
mn
2022-05-04 23:09:46 +00:00
@is_not_permabanned
Reorder decorators to support f63237a9a2. Ultimately necessary because otherwise all bots share rate limits with each other. The somewhat haphazard ordering of decorators bothers me, but it's functionally required. Approaches using request context (like reading the Authorization header in ratelimit_user) likely produce bugs all their own.
2022-11-13 10:18:52 +00:00
@ratelimit_user()
mn
2022-05-04 23:09:46 +00:00
def request_api_keys(v):
new_app = OauthApp(
app_name=request.values.get('name').replace('<','').replace('>',''),
redirect_uri=request.values.get('redirect_uri'),
author_id=v.id,
description=request.values.get("description")[:256]
)
g.db.add(new_app)
body = f"@{v.username} has requested API keys for `{request.values.get('name')}`. You can approve or deny the request [here](/admin/apps)."
body_html = sanitize(body)
kitchen sink commit, all over the place
2022-07-08 19:03:04 +00:00
new_comment = Comment(author_id=AUTOJANNY_ID,
casino + style shit
2022-09-04 23:15:37 +00:00
parent_submission=None,
level=1,
body_html=body_html,
security: fix mute bypass modmail: constantify user ID
2022-11-17 22:50:06 +00:00
sentto=MODMAIL_ID,
casino + style shit
2022-09-04 23:15:37 +00:00
distinguish_level=6,
is_bot=True
)
mn
2022-05-04 23:09:46 +00:00
g.db.add(new_comment)
g.db.flush()
new_comment.top_comment_id = new_comment.id
rename APPS_MODERATE to APPS_MODERATION
2022-10-06 07:40:36 +00:00
for admin in g.db.query(User).filter(User.admin_level >= PERMS['APPS_MODERATION']).all():
mn
2022-05-04 23:09:46 +00:00
notif = Notification(comment_id=new_comment.id, user_id=admin.id)
g.db.add(notif)
return redirect('/settings/apps')
@app.post("/delete_app/<aid>")
default ratelimit and default ratelimit slower
2022-11-13 06:43:35 +00:00
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
mn
2022-05-04 23:09:46 +00:00
@auth_required
Reorder decorators to support f63237a9a2. Ultimately necessary because otherwise all bots share rate limits with each other. The somewhat haphazard ordering of decorators bothers me, but it's functionally required. Approaches using request context (like reading the Authorization header in ratelimit_user) likely produce bugs all their own.
2022-11-13 10:18:52 +00:00
@ratelimit_user()
mn
2022-05-04 23:09:46 +00:00
def delete_oauth_app(v, aid):
fix 17 potential 500s
2022-10-16 09:51:42 +00:00
try:
aid = int(aid)
except:
abort(404)
replace "g.db.query" on pkeys with the much more efficient "g.db.get"
2022-06-18 00:57:23 +00:00
app = g.db.get(OauthApp, aid)
return 404 if oauth app doesn't exist (#366) fixes an AttributeError if the oauth app doesn't exist
2022-09-23 12:08:54 +00:00
if not app: abort(404)
mn
2022-05-04 23:09:46 +00:00
if app.author_id != v.id: abort(403)
for auth in g.db.query(ClientAuth).filter_by(oauth_client=app.id).all():
g.db.delete(auth)
g.db.delete(app)
return redirect('/apps')
@app.post("/edit_app/<aid>")
default ratelimit and default ratelimit slower
2022-11-13 06:43:35 +00:00
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
mn
2022-05-04 23:09:46 +00:00
@is_not_permabanned
Reorder decorators to support f63237a9a2. Ultimately necessary because otherwise all bots share rate limits with each other. The somewhat haphazard ordering of decorators bothers me, but it's functionally required. Approaches using request context (like reading the Authorization header in ratelimit_user) likely produce bugs all their own.
2022-11-13 10:18:52 +00:00
@ratelimit_user()
mn
2022-05-04 23:09:46 +00:00
def edit_oauth_app(v, aid):
fix 17 potential 500s
2022-10-16 09:51:42 +00:00
try:
aid = int(aid)
except:
abort(404)
replace "g.db.query" on pkeys with the much more efficient "g.db.get"
2022-06-18 00:57:23 +00:00
app = g.db.get(OauthApp, aid)
return 404 if oauth app doesn't exist (#366) fixes an AttributeError if the oauth app doesn't exist
2022-09-23 12:08:54 +00:00
if not app: abort(404)
mn
2022-05-04 23:09:46 +00:00
if app.author_id != v.id: abort(403)
app.redirect_uri = request.values.get('redirect_uri')
app.app_name = request.values.get('name')
app.description = request.values.get("description")[:256]
g.db.add(app)
return redirect('/settings/apps')
@app.post("/admin/app/approve/<aid>")
default ratelimit and default ratelimit slower
2022-11-13 06:43:35 +00:00
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
rename APPS_MODERATE to APPS_MODERATION
2022-10-06 07:40:36 +00:00
@admin_level_required(PERMS['APPS_MODERATION'])
mn
2022-05-04 23:09:46 +00:00
def admin_app_approve(v, aid):
replace "g.db.query" on pkeys with the much more efficient "g.db.get"
2022-06-18 00:57:23 +00:00
app = g.db.get(OauthApp, aid)
return 404 if oauth app doesn't exist (#366) fixes an AttributeError if the oauth app doesn't exist
2022-09-23 12:08:54 +00:00
if not app: abort(404)
mn
2022-05-04 23:09:46 +00:00
user = app.author
add a discord server for api users to help eachother
2022-07-18 00:46:46 +00:00
if not app.client_id:
app.client_id = secrets.token_urlsafe(64)[:64]
g.db.add(app)
access_token = secrets.token_urlsafe(128)[:128]
new_auth = ClientAuth(
oauth_client = app.id,
user_id = user.id,
access_token=access_token
)
mn
2022-05-04 23:09:46 +00:00
add a discord server for api users to help eachother
2022-07-18 00:46:46 +00:00
g.db.add(new_auth)
mn
2022-05-04 23:09:46 +00:00
remove discord
2022-10-16 08:14:15 +00:00
send_repeatable_notification(user.id, f"@{v.username} (Admin) has approved your application `{app.app_name}`. Here's your access token: `{access_token}`\nPlease check the guide [here](/api) if you don't know what to do next!")
mn
2022-05-04 23:09:46 +00:00
add a discord server for api users to help eachother
2022-07-18 00:46:46 +00:00
ma = ModAction(
kind="approve_app",
user_id=v.id,
target_user_id=user.id,
)
g.db.add(ma)
mn
2022-05-04 23:09:46 +00:00
more detailed success message description
2022-09-11 14:32:00 +00:00
return {"message": f"'{app.app_name}' approved!"}
mn
2022-05-04 23:09:46 +00:00
@app.post("/admin/app/revoke/<aid>")
default ratelimit and default ratelimit slower
2022-11-13 06:43:35 +00:00
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
rename APPS_MODERATE to APPS_MODERATION
2022-10-06 07:40:36 +00:00
@admin_level_required(PERMS['APPS_MODERATION'])
mn
2022-05-04 23:09:46 +00:00
def admin_app_revoke(v, aid):
replace "g.db.query" on pkeys with the much more efficient "g.db.get"
2022-06-18 00:57:23 +00:00
app = g.db.get(OauthApp, aid)
mn
2022-05-04 23:09:46 +00:00
if app:
for auth in g.db.query(ClientAuth).filter_by(oauth_client=app.id).all(): g.db.delete(auth)
don't notify me of smth I did
2022-08-25 15:56:51 +00:00
if v.id != app.author.id:
add "(Admin)" to messages sent to users due to admin actions (for clarity to new users)
2022-10-10 06:11:17 +00:00
send_repeatable_notification(app.author.id, f"@{v.username} (Admin) has revoked your application `{app.app_name}`.")
mn
2022-05-04 23:09:46 +00:00
g.db.delete(app)
ma = ModAction(
kind="revoke_app",
user_id=v.id,
target_user_id=app.author.id,
)
g.db.add(ma)
more detailed success message description
2022-09-11 14:32:00 +00:00
return {"message": f"'{app.app_name}' revoked!"}
mn
2022-05-04 23:09:46 +00:00
@app.post("/admin/app/reject/<aid>")
default ratelimit and default ratelimit slower
2022-11-13 06:43:35 +00:00
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
rename APPS_MODERATE to APPS_MODERATION
2022-10-06 07:40:36 +00:00
@admin_level_required(PERMS['APPS_MODERATION'])
mn
2022-05-04 23:09:46 +00:00
def admin_app_reject(v, aid):
replace "g.db.query" on pkeys with the much more efficient "g.db.get"
2022-06-18 00:57:23 +00:00
app = g.db.get(OauthApp, aid)
mn
2022-05-04 23:09:46 +00:00
if app:
for auth in g.db.query(ClientAuth).filter_by(oauth_client=app.id).all(): g.db.delete(auth)
dont send me a notif
2022-09-12 17:52:07 +00:00
if v.id != app.author.id:
add "(Admin)" to messages sent to users due to admin actions (for clarity to new users)
2022-10-10 06:11:17 +00:00
send_repeatable_notification(app.author.id, f"@{v.username} (Admin) has rejected your application `{app.app_name}`.")
mn
2022-05-04 23:09:46 +00:00
g.db.delete(app)
ma = ModAction(
kind="reject_app",
user_id=v.id,
target_user_id=app.author.id,
)
g.db.add(ma)
more detailed success message description
2022-09-11 14:32:00 +00:00
return {"message": f"'{app.app_name}' rejected!"}
mn
2022-05-04 23:09:46 +00:00
small change to /admin/app
2022-10-28 20:13:58 +00:00
@app.get("/admin/app/<aid>/posts")
rename APPS_MODERATE to APPS_MODERATION
2022-10-06 07:40:36 +00:00
@admin_level_required(PERMS['APPS_MODERATION'])
small change to /admin/app
2022-10-28 20:13:58 +00:00
def admin_app_id_posts(v, aid):
mn
2022-05-04 23:09:46 +00:00
aid=aid
replace "g.db.query" on pkeys with the much more efficient "g.db.get"
2022-06-18 00:57:23 +00:00
oauth = g.db.get(OauthApp, aid)
return 404 if oauth app doesn't exist (#366) fixes an AttributeError if the oauth app doesn't exist
2022-09-23 12:08:54 +00:00
if not oauth: abort(404)
mn
2022-05-04 23:09:46 +00:00
[DO NOT MERGE] import detanglation (#442) * move Base definition to files.classes.__init__.py * fix ImportError * move userpage listing to users.py * don't import the app from classes * consts: set default values to avoid crashes consts: warn if the secret key is the default config value * card view: sneed (user db schema) * cloudflare: use DEFAULT_CONFIG_VALUE * const: set default values * decouple media.py from __main__ * pass database to avoid imports * import cleanup and import request not in const, but in the requests mega import * move asset_submissions site check to __init__ * asset submissions feature flag * flag * g.is_tor * don't import request where it's not needed * i think this is fine * mail: move to own routes and helper * wrappers * required wrappers move * unfuck wrappers a bit * move snappy quotes and marseys to stateful consts * marsify * :pepodrool: * fix missing import * import cache * ...and settings.py * and static.py * static needs cache * route * lmao all of the jinja shit was in feeds.py amazing * classes should only import what they need from flask * import Response * hdjbjdhbhjf * ... * dfdfdfdf * make get a non-required import * isort imports (mostly) * but actually * configs * reload config on import * fgfgfgfg * config * config * initialize snappy and test * cookie of doom debug * edfjnkf * xikscdfd * debug config * set session cookie domain, i think this fixes the can't login bug * sdfbgnhvfdsghbnjfbdvvfghnn * hrsfxgf * dump the entire config on a request * kyskyskyskyskyskyskyskyskys * duifhdskfjdfd * dfdfdfdfdfdfdfdfdfdfdfdf * dfdfdfdf * imoprt all of the consts beacuse fuck it * 😭 * dfdfdfdfdfdfsdasdf * print the entire session * rffdfdfjkfksj * fgbhffh * not the secret keys * minor bug fixes * be helpful in the warning * gfgfgfg * move warning lower * isort main imports (i hope this doesn't fuck something up) * test * session cookie domain redux * dfdfdfd * try only importing Flask * formkeys fix * y * :pepodrool: * route helper * remove before flight * dfdfdfdfdf * isort classes * isort helpers * move check_for_alts to routehelpers and also sort imports and get rid of unused ones * that previous commit but actkally * readd the cache in a dozen places they were implicitly imported * use g.is_tor instead of request.headers. bla bla bla * upgrade streamers to their own route file * get rid of unused imports in __main__ * fgfgf * don't pull in the entire ORM where we don't need it * features * explicit imports for the get helper * explicit imports for the get helper redux * testing allroutes * remove unused import * decouple flask from classes * syntax fix also remember these have side fx for some reason (why?) * move side effects out of the class * posts * testing on devrama * settings * reloading * settingssdsdsds * streamer features * site settings * testing settings on devrama * import * fix modlog * remove debug stuff * revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6 * archiveorg to _archiveorg * skhudkfkjfd * fix cron for PCM * fix bugs that snekky wants me to * Fix call to realbody passing db, standardize kwarg * test * import check_for_alts from the right place * cloudflare * testing on devrama * fix cron i think * shadow properly * tasks * Remove print which will surely be annoying in prod. * v and create new session * use files.classes * make errors import little and fix rare 500 in /allow_nsfw * Revert "use files.classes" This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6. * pass v to media functions rather than using g * fix * dfdfdfdfd * cleanup, py type checking is dumb so don't use it where it causes issues * Fix some merge bugs, add DEFAULT_RATELIMIT to main. * Fix imports on sqlalchemy expressions. * `from random import random` is an error. * Fix replies db param. * errors: fix missing import * fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text * Fix signup formkey. * fix 2 500s * propagate db to submissions * fix replies * dfdfdfdf * Fix verifiedcolor. * is_manual * can't use getters outside of an app context * don't attempt to do gumroad on sites where it's not enabled * don't attempt to do gumraod on sites's where it's unnecessary * Revert "don't attempt to do gumroad on sites where it's not enabled" This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3. * fix 500 * validate media type Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 09:19:08 +00:00
pids=oauth.idlist(g.db, page=int(request.values.get("page",1)))
mn
2022-05-04 23:09:46 +00:00
next_exists=len(pids)==101
pids=pids[:100]
posts=get_posts(pids, v=v)
return render_template("admin/app.html",
casino + style shit
2022-09-04 23:15:37 +00:00
v=v,
app=oauth,
listing=posts,
next_exists=next_exists
)
mn
2022-05-04 23:09:46 +00:00
@app.get("/admin/app/<aid>/comments")
rename APPS_MODERATE to APPS_MODERATION
2022-10-06 07:40:36 +00:00
@admin_level_required(PERMS['APPS_MODERATION'])
mn
2022-05-04 23:09:46 +00:00
def admin_app_id_comments(v, aid):
aid=aid
replace "g.db.query" on pkeys with the much more efficient "g.db.get"
2022-06-18 00:57:23 +00:00
oauth = g.db.get(OauthApp, aid)
return 404 if oauth app doesn't exist (#366) fixes an AttributeError if the oauth app doesn't exist
2022-09-23 12:08:54 +00:00
if not oauth: abort(404)
mn
2022-05-04 23:09:46 +00:00
[DO NOT MERGE] import detanglation (#442) * move Base definition to files.classes.__init__.py * fix ImportError * move userpage listing to users.py * don't import the app from classes * consts: set default values to avoid crashes consts: warn if the secret key is the default config value * card view: sneed (user db schema) * cloudflare: use DEFAULT_CONFIG_VALUE * const: set default values * decouple media.py from __main__ * pass database to avoid imports * import cleanup and import request not in const, but in the requests mega import * move asset_submissions site check to __init__ * asset submissions feature flag * flag * g.is_tor * don't import request where it's not needed * i think this is fine * mail: move to own routes and helper * wrappers * required wrappers move * unfuck wrappers a bit * move snappy quotes and marseys to stateful consts * marsify * :pepodrool: * fix missing import * import cache * ...and settings.py * and static.py * static needs cache * route * lmao all of the jinja shit was in feeds.py amazing * classes should only import what they need from flask * import Response * hdjbjdhbhjf * ... * dfdfdfdf * make get a non-required import * isort imports (mostly) * but actually * configs * reload config on import * fgfgfgfg * config * config * initialize snappy and test * cookie of doom debug * edfjnkf * xikscdfd * debug config * set session cookie domain, i think this fixes the can't login bug * sdfbgnhvfdsghbnjfbdvvfghnn * hrsfxgf * dump the entire config on a request * kyskyskyskyskyskyskyskyskys * duifhdskfjdfd * dfdfdfdfdfdfdfdfdfdfdfdf * dfdfdfdf * imoprt all of the consts beacuse fuck it * 😭 * dfdfdfdfdfdfsdasdf * print the entire session * rffdfdfjkfksj * fgbhffh * not the secret keys * minor bug fixes * be helpful in the warning * gfgfgfg * move warning lower * isort main imports (i hope this doesn't fuck something up) * test * session cookie domain redux * dfdfdfd * try only importing Flask * formkeys fix * y * :pepodrool: * route helper * remove before flight * dfdfdfdfdf * isort classes * isort helpers * move check_for_alts to routehelpers and also sort imports and get rid of unused ones * that previous commit but actkally * readd the cache in a dozen places they were implicitly imported * use g.is_tor instead of request.headers. bla bla bla * upgrade streamers to their own route file * get rid of unused imports in __main__ * fgfgf * don't pull in the entire ORM where we don't need it * features * explicit imports for the get helper * explicit imports for the get helper redux * testing allroutes * remove unused import * decouple flask from classes * syntax fix also remember these have side fx for some reason (why?) * move side effects out of the class * posts * testing on devrama * settings * reloading * settingssdsdsds * streamer features * site settings * testing settings on devrama * import * fix modlog * remove debug stuff * revert commit 67275b21ab6e2f2520819e84d10bfc1c746a15b6 * archiveorg to _archiveorg * skhudkfkjfd * fix cron for PCM * fix bugs that snekky wants me to * Fix call to realbody passing db, standardize kwarg * test * import check_for_alts from the right place * cloudflare * testing on devrama * fix cron i think * shadow properly * tasks * Remove print which will surely be annoying in prod. * v and create new session * use files.classes * make errors import little and fix rare 500 in /allow_nsfw * Revert "use files.classes" This reverts commit 98c10b876cf86ce058b7fb955cf1ec0bfb9996c6. * pass v to media functions rather than using g * fix * dfdfdfdfd * cleanup, py type checking is dumb so don't use it where it causes issues * Fix some merge bugs, add DEFAULT_RATELIMIT to main. * Fix imports on sqlalchemy expressions. * `from random import random` is an error. * Fix replies db param. * errors: fix missing import * fix rare 500: only send to GIFT_NOTIF_ID if it exists, and send them the right text * Fix signup formkey. * fix 2 500s * propagate db to submissions * fix replies * dfdfdfdf * Fix verifiedcolor. * is_manual * can't use getters outside of an app context * don't attempt to do gumroad on sites where it's not enabled * don't attempt to do gumraod on sites's where it's unnecessary * Revert "don't attempt to do gumroad on sites where it's not enabled" This reverts commit 6f8a6331878655492dfaf1907b27f8be513c14d3. * fix 500 * validate media type Co-authored-by: TLSM <duolsm@outlook.com>
2022-11-15 09:19:08 +00:00
cids=oauth.comments_idlist(g.db, page=int(request.values.get("page",1)))
mn
2022-05-04 23:09:46 +00:00
next_exists=len(cids)==101
cids=cids[:100]
comments=get_comments(cids, v=v)
return render_template("admin/app.html",
casino + style shit
2022-09-04 23:15:37 +00:00
v=v,
app=oauth,
comments=comments,
next_exists=next_exists,
standalone=True
)
mn
2022-05-04 23:09:46 +00:00
@app.get("/admin/apps")
rename APPS_MODERATE to APPS_MODERATION
2022-10-06 07:40:36 +00:00
@admin_level_required(PERMS['APPS_MODERATION'])
mn
2022-05-04 23:09:46 +00:00
def admin_apps_list(v):
apps = g.db.query(OauthApp).order_by(OauthApp.id.desc()).all()
return render_template("admin/apps.html", v=v, apps=apps)
allow ppl to revoke app authorizations
2022-07-15 00:12:54 +00:00
@app.post("/reroll/<aid>")
default ratelimit and default ratelimit slower
2022-11-13 06:43:35 +00:00
@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
mn
2022-05-04 23:09:46 +00:00
@auth_required
Reorder decorators to support f63237a9a2. Ultimately necessary because otherwise all bots share rate limits with each other. The somewhat haphazard ordering of decorators bothers me, but it's functionally required. Approaches using request context (like reading the Authorization header in ratelimit_user) likely produce bugs all their own.
2022-11-13 10:18:52 +00:00
@ratelimit_user()
mn
2022-05-04 23:09:46 +00:00
def reroll_oauth_tokens(aid, v):
aid = aid
replace "g.db.query" on pkeys with the much more efficient "g.db.get"
2022-06-18 00:57:23 +00:00
a = g.db.get(OauthApp, aid)
return 404 if oauth app doesn't exist (#366) fixes an AttributeError if the oauth app doesn't exist
2022-09-23 12:08:54 +00:00
if not a: abort(404)
mn
2022-05-04 23:09:46 +00:00
if a.author_id != v.id: abort(403)
a.client_id = secrets.token_urlsafe(64)[:64]
g.db.add(a)
more detailed success message description
2022-09-11 14:32:00 +00:00
return {"message": f"Client ID for '{a.app_name}' has been rerolled!", "id": a.client_id}