From 028563ad7d2b11bb9aa8e5c46e948c33cd291033 Mon Sep 17 00:00:00 2001
From: Aevann1 <randomname42029@gmail.com>
Date: Sat, 7 May 2022 08:04:14 +0200
Subject: [PATCH] bgd

---
 files/__main__.py         |  2 +-
 files/helpers/images.py   | 11 ++++++++--
 files/helpers/wrappers.py |  4 ----
 files/routes/comments.py  | 32 +++++++++++-----------------
 files/routes/errors.py    |  4 ++--
 files/routes/posts.py     | 44 ++++++++++++++-------------------------
 files/routes/settings.py  | 18 +++++++---------
 files/routes/static.py    | 12 ++++-------
 files/routes/subs.py      |  4 ++--
 files/routes/users.py     | 14 +++++--------
 10 files changed, 58 insertions(+), 87 deletions(-)

diff --git a/files/__main__.py b/files/__main__.py
index f21664fb5..683af649c 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -32,7 +32,7 @@ app.config["SERVER_NAME"] = environ.get("DOMAIN").strip()
 app.config['SEND_FILE_MAX_AGE_DEFAULT'] = 3153600
 app.config["SESSION_COOKIE_NAME"] = "session_" + environ.get("SITE_NAME").strip().lower()
 app.config["VERSION"] = "1.0.0"
-app.config['MAX_CONTENT_LENGTH'] = 16 * 1024 * 1024
+app.config['MAX_CONTENT_LENGTH'] = 100 * 1024 * 1024
 app.config["SESSION_COOKIE_SECURE"] = True
 app.config["SESSION_COOKIE_SAMESITE"] = "Lax"
 app.config["PERMANENT_SESSION_LIFETIME"] = 60 * 60 * 24 * 365
diff --git a/files/helpers/images.py b/files/helpers/images.py
index 4af2570f9..cda0292c6 100644
--- a/files/helpers/images.py
+++ b/files/helpers/images.py
@@ -2,9 +2,16 @@ from PIL import Image, ImageOps
 from PIL.ImageSequence import Iterator
 from webptools import gifwebp
 import subprocess
+import os
+from flask import abort
+
+def process_image(patron, filename=None, resize=0):
+	size = os.stat(filename).st_size
+
+	if size > 16 * 1024 * 1024 or not patron and size > 8 * 1024 * 1024:
+		os.remove(filename)
+		abort(413)
 
-def process_image(filename=None, resize=0):
-	
 	i = Image.open(filename)
 
 	if resize and i.width > resize:
diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py
index bbf127cc7..cb0257852 100644
--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@@ -35,10 +35,6 @@ def get_logged_in_user():
 	if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level):
 		abort(403)
 
-	if v and v.patron:
-		if request.content_length and request.content_length > 16 * 1024 * 1024: abort(413)
-	elif request.content_length and request.content_length > 8 * 1024 * 1024: abort(413)
-
 	return v
 
 def check_ban_evade(v):
diff --git a/files/routes/comments.py b/files/routes/comments.py
index c924cda83..f1959ade5 100644
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@@ -223,17 +223,17 @@ def api_comment(v):
 			if file.content_type.startswith('image/'):
 				oldname = f'/images/{time.time()}'.replace('.','') + '.webp'
 				file.save(oldname)
-				image = process_image(oldname)
+				image = process_image(v.patron, oldname)
 				if image == "": return {"error":"Image upload failed"}
 				if v.admin_level > 2 and level == 1:
 					if parent_post.id == 37696:
 						filename = 'files/assets/images/rDrama/sidebar/' + str(len(listdir('files/assets/images/rDrama/sidebar'))+1) + '.webp'
 						copyfile(oldname, filename)
-						process_image(filename, 400)
+						process_image(v.patron, filename, 400)
 					elif parent_post.id == 37697:
 						filename = 'files/assets/images/rDrama/banners/' + str(len(listdir('files/assets/images/rDrama/banners'))+1) + '.webp'
 						copyfile(oldname, filename)
-						process_image(filename)
+						process_image(v.patron, filename)
 					elif parent_post.id == 37833:
 						try:
 							badge_def = loads(body)
@@ -247,7 +247,7 @@ def api_comment(v):
 							g.db.flush()
 							filename = f'files/assets/images/badges/{badge.id}.webp'
 							copyfile(oldname, filename)
-							process_image(filename, 200)
+							process_image(v.patron, filename, 200)
 							requests.post(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/purge_cache', headers=CF_HEADERS, data={'files': [f"https://{request.host}/assets/images/badges/{badge.id}.webp"]}, timeout=5)
 						except Exception as e:
 							return {"error": str(e)}, 400
@@ -269,7 +269,7 @@ def api_comment(v):
 
 							filename = f'files/assets/images/emojis/{name}.webp'
 							copyfile(oldname, filename)
-							process_image(filename, 200)
+							process_image(v.patron, filename, 200)
 
 							marsey = Marsey(name=name, author_id=user.id, tags=tags, count=0)
 							g.db.add(marsey)
@@ -308,14 +308,10 @@ def api_comment(v):
 			elif file.content_type.startswith('video/'):
 				file.save("video.mp4")
 				with open("video.mp4", 'rb') as f:
-					try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
+					try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
 					except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
-					try: url = req['link']
-					except:
-						error = req['error']
-						if error == 'File exceeds max duration': error += ' (60 seconds)'
-						return {"error": error}, 400
-				if url.endswith('.'): url += 'mp4'
+					try: url = req['files'][0]['url']
+					except: return {"error": req['description']}, 400
 				body += f"\n\n{url}"
 			else: return {"error": "Image/Video files only"}, 400
 
@@ -765,19 +761,15 @@ def edit_comment(cid, v):
 				if file.content_type.startswith('image/'):
 					name = f'/images/{time.time()}'.replace('.','') + '.webp'
 					file.save(name)
-					url = process_image(name)
+					url = process_image(v.patron, name)
 					body += f"\n\n![]({url})"
 				elif file.content_type.startswith('video/'):
 					file.save("video.mp4")
 					with open("video.mp4", 'rb') as f:
-						try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
+						try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
 						except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
-						try: url = req['link']
-						except:
-							error = req['error']
-							if error == 'File exceeds max duration': error += ' (60 seconds)'
-							return {"error": error}, 400
-					if url.endswith('.'): url += 'mp4'
+						try: url = req['files'][0]['url']
+						except: return {"error": req['description']}, 400
 					body += f"\n\n{url}"
 				else: return {"error": "Image/Video files only"}, 400
 
diff --git a/files/routes/errors.py b/files/routes/errors.py
index a51df74f0..8a3024578 100644
--- a/files/routes/errors.py
+++ b/files/routes/errors.py
@@ -47,9 +47,9 @@ def error_405(e):
 
 @app.errorhandler(413)
 def error_413(e):
-	return {"error": "Max file size is 8 MB (16 MB for paypigs)"}, 413
+	return {"error": "Max image size is 8 MB (16 MB for paypigs)"}, 413
 	if request.headers.get("Authorization") or request.headers.get("xhr"):
-		return {"error": "Max file size is 8 MB (16 MB for paypigs)"}, 413
+		return {"error": "Max image size is 8 MB (16 MB for paypigs)"}, 413
 	else: return render_template('errors/413.html', err=True), 413
 
 @app.errorhandler(429)
diff --git a/files/routes/posts.py b/files/routes/posts.py
index fc37e8721..f6f5d10fd 100644
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@@ -461,19 +461,15 @@ def edit_post(pid, v):
 			if file.content_type.startswith('image/'):
 				name = f'/images/{time.time()}'.replace('.','') + '.webp'
 				file.save(name)
-				url = process_image(name)
+				url = process_image(v.patron, name)
 				body += f"\n\n![]({url})"
 			elif file.content_type.startswith('video/'):
 				file.save("video.mp4")
 				with open("video.mp4", 'rb') as f:
-					try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
+					try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
 					except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
-					try: url = req['link']
-					except:
-						error = req['error']
-						if error == 'File exceeds max duration': error += ' (60 seconds)'
-						return {"error": error}, 400
-				if url.endswith('.'): url += 'mp4'
+					try: url = req['files'][0]['url']
+					except: return {"error": req['description']}, 400
 				body += f"\n\n{url}"
 			else: return {"error": "Image/Video files only"}, 400
 
@@ -707,7 +703,7 @@ def thumbnail_thread(pid):
 		for chunk in image_req.iter_content(1024):
 			file.write(chunk)
 
-	post.thumburl = process_image(name, resize=100)
+	post.thumburl = process_image(0, name, resize=100)
 	db.add(post)
 	db.commit()
 
@@ -1081,18 +1077,14 @@ def submit_post(v, sub=None):
 			if file.content_type.startswith('image/'):
 				name = f'/images/{time.time()}'.replace('.','') + '.webp'
 				file.save(name)
-				body += f"\n\n![]({process_image(name)})"
+				body += f"\n\n![]({process_image(v.patron, name)})"
 			elif file.content_type.startswith('video/'):
 				file.save("video.mp4")
 				with open("video.mp4", 'rb') as f:
-					try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
-					except requests.Timeout: return error("Video upload timed out, please try again!")
-					try: url = req['link']
-					except:
-						err = req['error']
-						if err == 'File exceeds max duration': err += ' (60 seconds)'
-						return error(err)
-				if url.endswith('.'): url += 'mp4'
+					try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
+					except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
+					try: url = req['files'][0]['url']
+					except: return {"error": req['description']}, 400
 				body += f"\n\n{url}"
 			else:
 				return error("Image/Video files only.")
@@ -1186,22 +1178,18 @@ def submit_post(v, sub=None):
 		if file.content_type.startswith('image/'):
 			name = f'/images/{time.time()}'.replace('.','') + '.webp'
 			file.save(name)
-			post.url = process_image(name)
+			post.url = process_image(v.patron, name)
 
 			name2 = name.replace('.webp', 'r.webp')
 			copyfile(name, name2)
-			post.thumburl = process_image(name2, resize=100)	
+			post.thumburl = process_image(v.patron, name2, resize=100)	
 		elif file.content_type.startswith('video/'):
 			file.save("video.mp4")
 			with open("video.mp4", 'rb') as f:
-				try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
-				except requests.Timeout: return error("Video upload timed out, please try again!")
-				try: url = req['link']
-				except:
-					err = req['error']
-					if err == 'File exceeds max duration': err += ' (60 seconds)'
-					return error(err)
-			if url.endswith('.'): url += 'mp4'
+				try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
+				except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
+				try: url = req['files'][0]['url']
+				except: return {"error": req['description']}, 400
 			post.url = url
 		else:
 			return error("Image/Video files only.")
diff --git a/files/routes/settings.py b/files/routes/settings.py
index 28c7bca60..3e58161f4 100644
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@@ -214,19 +214,15 @@ def settings_profile_post(v):
 			if file.content_type.startswith('image/'):
 				name = f'/images/{time.time()}'.replace('.','') + '.webp'
 				file.save(name)
-				url = process_image(name)
+				url = process_image(v.patron, name)
 				bio += f"\n\n![]({url})"
 			elif file.content_type.startswith('video/'):
 				file.save("video.mp4")
 				with open("video.mp4", 'rb') as f:
-					try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
+					try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
 					except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
-					try: url = req['link']
-					except:
-						error = req['error']
-						if error == 'File exceeds max duration': error += ' (60 seconds)'
-						return {"error": error}, 400
-				if url.endswith('.'): url += 'mp4'
+					try: url = req['files'][0]['url']
+					except: return {"error": req['description']}, 400
 				bio += f"\n\n{url}"
 			else:
 				if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "Image/Video files only"}, 400
@@ -556,13 +552,13 @@ def settings_images_profile(v):
 
 	name = f'/images/{time.time()}'.replace('.','') + '.webp'
 	file.save(name)
-	highres = process_image(name)
+	highres = process_image(v.patron, name)
 
 	if not highres: abort(400)
 
 	name2 = name.replace('.webp', 'r.webp')
 	copyfile(name, name2)
-	imageurl = process_image(name2, resize=100)
+	imageurl = process_image(v.patron, name2, resize=100)
 
 	if not imageurl: abort(400)
 
@@ -592,7 +588,7 @@ def settings_images_banner(v):
 
 	name = f'/images/{time.time()}'.replace('.','') + '.webp'
 	file.save(name)
-	bannerurl = process_image(name)
+	bannerurl = process_image(v.patron, name)
 
 	if bannerurl:
 		if v.bannerurl and '/images/' in v.bannerurl:
diff --git a/files/routes/static.py b/files/routes/static.py
index 25f00d418..4c212e669 100644
--- a/files/routes/static.py
+++ b/files/routes/static.py
@@ -401,19 +401,15 @@ def submit_contact(v):
 		if file.content_type.startswith('image/'):
 			name = f'/images/{time.time()}'.replace('.','') + '.webp'
 			file.save(name)
-			url = process_image(name)
+			url = process_image(v.patron, name)
 			body_html += f'<img data-bs-target="#expandImageModal" data-bs-toggle="modal" onclick="expandDesktopImage(this.src)" class="img" src="{url}" loading="lazy">'
 		elif file.content_type.startswith('video/'):
 			file.save("video.mp4")
 			with open("video.mp4", 'rb') as f:
-				try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
+				try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
 				except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
-				try: url = req['link']
-				except:
-					error = req['error']
-					if error == 'File exceeds max duration': error += ' (60 seconds)'
-					return {"error": error}, 400
-			if url.endswith('.'): url += 'mp4'
+				try: url = req['files'][0]['url']
+				except: return {"error": req['description']}, 400
 			body_html += f"<p>{url}</p>"
 		else: return {"error": "Image/Video files only"}, 400
 
diff --git a/files/routes/subs.py b/files/routes/subs.py
index 1445ae5a5..f9b179a2b 100644
--- a/files/routes/subs.py
+++ b/files/routes/subs.py
@@ -381,7 +381,7 @@ def sub_banner(v, sub):
 
 	name = f'/images/{time.time()}'.replace('.','') + '.webp'
 	file.save(name)
-	bannerurl = process_image(name)
+	bannerurl = process_image(v.patron, name)
 
 	if bannerurl:
 		if sub.bannerurl and '/images/' in sub.bannerurl:
@@ -408,7 +408,7 @@ def sub_sidebar(v, sub):
 	file = request.files["sidebar"]
 	name = f'/images/{time.time()}'.replace('.','') + '.webp'
 	file.save(name)
-	sidebarurl = process_image(name)
+	sidebarurl = process_image(v.patron, name)
 
 	if sidebarurl:
 		if sub.sidebarurl and '/images/' in sub.sidebarurl:
diff --git a/files/routes/users.py b/files/routes/users.py
index d3763c7dd..38f286553 100644
--- a/files/routes/users.py
+++ b/files/routes/users.py
@@ -694,19 +694,15 @@ def messagereply(v):
 		if file.content_type.startswith('image/'):
 			name = f'/images/{time.time()}'.replace('.','') + '.webp'
 			file.save(name)
-			url = process_image(name)
+			url = process_image(v.patron, name)
 			body_html += f'<img data-bs-target="#expandImageModal" data-bs-toggle="modal" onclick="expandDesktopImage(this.src)" class="img" src="{url}" loading="lazy">'
 		elif file.content_type.startswith('video/'):
 			file.save("video.mp4")
 			with open("video.mp4", 'rb') as f:
-				try: req = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)], timeout=5).json()['data']
-				except requests.Timeout: return {"error": "Video upload timed out, please try again!"}
-				try: url = req['link']
-				except:
-					error = req['error']
-					if error == 'File exceeds max duration': error += ' (60 seconds)'
-					return {"error": error}, 400
-			if url.endswith('.'): url += 'mp4'
+				try: req = requests.request("POST", "https://pomf2.lain.la/upload.php", files={'files[]': f}, timeout=5).json()
+				except requests.exceptions.ConnectionError: return {"error": "Video upload timed out, please try again!"}
+				try: url = req['files'][0]['url']
+				except: return {"error": req['description']}, 400
 			body_html += f"<p>{url}</p>"
 		else: return {"error": "Image/Video files only"}, 400