From 0a74a98ec5f3520d7a92c6db7ef5236d904e4b83 Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Mon, 23 May 2022 00:15:29 +0200 Subject: [PATCH] big ass commit --- Dockerfile | 2 +- files/helpers/const.py | 2 ++ files/helpers/media.py | 11 +++++++++++ files/helpers/sanitize.py | 1 + files/routes/comments.py | 8 ++++++-- files/routes/errors.py | 4 ++-- files/routes/posts.py | 12 +++++++++--- files/routes/settings.py | 6 ++++-- files/routes/static.py | 14 +++++++++++++- files/routes/users.py | 4 +++- files/templates/authforms.html | 4 ++-- files/templates/chat.html | 2 +- files/templates/comments.html | 12 ++++++------ files/templates/contact.html | 4 ++-- files/templates/default.html | 4 ++-- files/templates/log.html | 4 ++-- files/templates/login.html | 2 +- files/templates/login_2fa.html | 2 +- files/templates/settings.html | 2 +- files/templates/settings2.html | 4 ++-- files/templates/settings_profile.html | 4 ++-- files/templates/sign_up.html | 2 +- files/templates/sign_up_failed_ref.html | 2 +- files/templates/submission.html | 18 +++++++++--------- files/templates/submit.html | 10 +++++----- ubuntu_setup | 1 + 26 files changed, 91 insertions(+), 50 deletions(-) diff --git a/Dockerfile b/Dockerfile index e3ccdc7be..3a5d8fd2e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -10,7 +10,7 @@ COPY requirements.txt /etc/requirements.txt RUN pip3 install -r /etc/requirements.txt -RUN mkdir /images && mkdir /songs && mkdir /videos +RUN mkdir /images && mkdir /songs && mkdir /videos && mkdir /audio EXPOSE 80/tcp diff --git a/files/helpers/const.py b/files/helpers/const.py index 9ce6daf06..084644adf 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -869,6 +869,7 @@ proxies = {"http":"http://127.0.0.1:18080","https":"http://127.0.0.1:18080"} blackjack = environ.get("BLACKJACK", "").strip() approved_embed_hosts = [ + SITE, 'rdrama.net', 'pcmemes.net', 'cringetopia.org', @@ -935,6 +936,7 @@ image_check_regex = re.compile(f'!\[\]\(((?!(https:\/\/([a-z0-9-]+\.)*({hosts})\ embed_fullmatch_regex = re.compile(f'https:\/\/([a-z0-9-]+\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*', flags=re.A) video_sub_regex = re.compile(f'(

[^<]*)(https:\/\/([a-z0-9-]+\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp4|webm|mov))', flags=re.A) +audio_sub_regex = re.compile(f'(

[^<]*)(https:\/\/([a-z0-9-]+\.)*({hosts})\/[\w:~,()\-.#&\/=?@%;+]*?\.(mp3|wav|ogg|aac))', flags=re.A) imgur_regex = re.compile('(https://i\.imgur\.com/([a-z0-9]+))\.(jpg|png|jpeg|webp)(?!<\/(code|pre|a)>)', flags=re.I|re.A) diff --git a/files/helpers/media.py b/files/helpers/media.py index bc484c49c..6e2b49170 100644 --- a/files/helpers/media.py +++ b/files/helpers/media.py @@ -8,6 +8,17 @@ import requests import time from .const import * + +def process_audio(patron, file): + name = f'/audio/{time.time()}'.replace('.','') + '.mp3' + file.save(name) + size = os.stat(name).st_size + if size > 16 * 1024 * 1024 or not patron and size > 8 * 1024 * 1024: + os.remove(name) + abort(413) + return f'{SITE_FULL}{name}' + + def process_video(file): name = f'/videos/{time.time()}'.replace('.','') file.save(name) diff --git a/files/helpers/sanitize.py b/files/helpers/sanitize.py index 323b051a1..30f4e078c 100644 --- a/files/helpers/sanitize.py +++ b/files/helpers/sanitize.py @@ -249,6 +249,7 @@ def sanitize(sanitized, alert=False, comment=False, edit=False): sanitized = sanitized.replace(i.group(0), htmlsource) sanitized = video_sub_regex.sub(r'\1', sanitized) + sanitized = audio_sub_regex.sub(r'\1', sanitized) if comment: for marsey in g.db.query(Marsey).filter(Marsey.name.in_(marseys_used)).all(): diff --git a/files/routes/comments.py b/files/routes/comments.py index fafea902b..4d0cdbc10 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -310,7 +310,9 @@ def api_comment(v): value = process_video(file) if type(value) is str: body += f"\n\n{value}" else: return value - else: return {"error": "Image/Video files only"}, 400 + elif file.content_type.startswith('audio/'): + body += f"\n\n{process_audio(v.patron, file)}" + else: return {"error": "Image/Video/Audio files only"}, 400 body = body.strip() @@ -768,7 +770,9 @@ def edit_comment(cid, v): value = process_video(file) if type(value) is str: body += f"\n\n{value}" else: return value - else: return {"error": "Image/Video files only"}, 400 + elif file.content_type.startswith('audio/'): + body += f"\n\n{process_audio(v.patron, file)}" + else: return {"error": "Image/Video/Audio files only"}, 400 body = body.strip() diff --git a/files/routes/errors.py b/files/routes/errors.py index 8a3024578..aaa18ccf1 100644 --- a/files/routes/errors.py +++ b/files/routes/errors.py @@ -47,9 +47,9 @@ def error_405(e): @app.errorhandler(413) def error_413(e): - return {"error": "Max image size is 8 MB (16 MB for paypigs)"}, 413 + return {"error": "Max image/audio size is 8 MB (16 MB for paypigs)"}, 413 if request.headers.get("Authorization") or request.headers.get("xhr"): - return {"error": "Max image size is 8 MB (16 MB for paypigs)"}, 413 + return {"error": "Max image/audio size is 8 MB (16 MB for paypigs)"}, 413 else: return render_template('errors/413.html', err=True), 413 @app.errorhandler(429) diff --git a/files/routes/posts.py b/files/routes/posts.py index 6bdf05246..163132046 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -467,7 +467,9 @@ def edit_post(pid, v): value = process_video(file) if type(value) is str: body += f"\n\n{value}" else: return value - else: return {"error": "Image/Video files only"}, 400 + elif file.content_type.startswith('audio/'): + body += f"\n\n{process_audio(v.patron, file)}" + else: return {"error": "Image/Video/Audio files only"}, 400 body = body.strip() @@ -1078,8 +1080,10 @@ def submit_post(v, sub=None): value = process_video(file) if type(value) is str: body += f"\n\n{value}" else: return error(value['error']) + elif file.content_type.startswith('audio/'): + body += f"\n\n{process_audio(v.patron, file)}" else: - return error("Image/Video files only.") + return error("Image/Video/Audio files only.") body = body.strip() @@ -1181,8 +1185,10 @@ def submit_post(v, sub=None): value = process_video(file) if type(value) is str: post.url = value else: return error(value['error']) + elif file.content_type.startswith('audio/'): + post.url = process_audio(v.patron, file) else: - return error("Image/Video files only.") + return error("Image/Video/Audio files only.") if not post.thumburl and post.url: gevent.spawn(thumbnail_thread, post.id) diff --git a/files/routes/settings.py b/files/routes/settings.py index ec5100934..3e3f57955 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -220,9 +220,11 @@ def settings_profile_post(v): value = process_video(file) if type(value) is str: bio += f"\n\n{value}" else: return value + elif file.content_type.startswith('audio/'): + bio += f"\n\n{process_audio(v.patron, file)}" else: - if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "Image/Video files only"}, 400 - return render_template("settings_profile.html", v=v, error="Image/Video files only."), 400 + if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "Image/Video/Audio files only"}, 400 + return render_template("settings_profile.html", v=v, error="Image/Video/Audio files only."), 400 bio = bio.strip() diff --git a/files/routes/static.py b/files/routes/static.py index b9ca1454a..ce1b87e82 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -407,7 +407,9 @@ def submit_contact(v): value = process_video(file) if type(value) is str: body_html += f"

{value}

" else: return value - else: return {"error": "Image/Video files only"}, 400 + elif file.content_type.startswith('audio/'): + body_html += f"

{process_audio(v.patron, file)}

" + else: return {"error": "Image/Video/Audio files only"}, 400 @@ -488,6 +490,16 @@ def videos(path): resp.headers.add("Content-Type", "video/mp4") return resp +@app.get('/audio/') +@limiter.exempt +def audio(path): + resp = make_response(send_from_directory('/audio', path.replace('.mp3','.mp3'))) + resp.headers.remove("Cache-Control") + resp.headers.add("Cache-Control", "public, max-age=3153600") + resp.headers.remove("Content-Type") + resp.headers.add("Content-Type", "audio/mpeg") + return resp + @app.get("/robots.txt") def robots_txt(): try: f = send_file("assets/robots.txt") diff --git a/files/routes/users.py b/files/routes/users.py index 3e452d76b..89299d64d 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -704,7 +704,9 @@ def messagereply(v): value = process_video(file) if type(value) is str: body_html += f"

{value}

" else: return value - else: return {"error": "Image/Video files only"}, 400 + elif file.content_type.startswith('audio/'): + body_html += f"

{process_audio(v.patron, file)}

" + else: return {"error": "Image/Video/Audio files only"}, 400 c = Comment(author_id=v.id, diff --git a/files/templates/authforms.html b/files/templates/authforms.html index e2dbce7c1..cb301b14f 100644 --- a/files/templates/authforms.html +++ b/files/templates/authforms.html @@ -15,7 +15,7 @@ {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/chat.html b/files/templates/chat.html index dfbcf0ee4..be71e8282 100644 --- a/files/templates/chat.html +++ b/files/templates/chat.html @@ -14,7 +14,7 @@ Chat - + {% if v.css %} diff --git a/files/templates/comments.html b/files/templates/comments.html index 22674dc62..bf9968422 100644 --- a/files/templates/comments.html +++ b/files/templates/comments.html @@ -313,8 +313,8 @@   Save Edit @@ -564,8 +564,8 @@   Comment @@ -603,8 +603,8 @@ {% if c.sentto == 2 %} {% endif %} diff --git a/files/templates/contact.html b/files/templates/contact.html index 339705377..c6a643011 100644 --- a/files/templates/contact.html +++ b/files/templates/contact.html @@ -35,8 +35,8 @@ diff --git a/files/templates/default.html b/files/templates/default.html index 1de83f649..a19378c69 100644 --- a/files/templates/default.html +++ b/files/templates/default.html @@ -8,7 +8,7 @@ {% if v %} - + {% if v.agendaposter %} @@ -34,7 +34,7 @@ {% endif %} {% else %} - + {% endif %} diff --git a/files/templates/log.html b/files/templates/log.html index 60d97701a..84be8516c 100644 --- a/files/templates/log.html +++ b/files/templates/log.html @@ -6,7 +6,7 @@ {% block content %} {% if v %} - + {% if v.agendaposter %} - + {% endif %} diff --git a/files/templates/login.html b/files/templates/login.html index 2dcfb98e9..2bd99d41c 100644 --- a/files/templates/login.html +++ b/files/templates/login.html @@ -18,7 +18,7 @@ {% endblock %} - + diff --git a/files/templates/login_2fa.html b/files/templates/login_2fa.html index 8759bf386..0960338a5 100644 --- a/files/templates/login_2fa.html +++ b/files/templates/login_2fa.html @@ -14,7 +14,7 @@ 2-Step Login - {{SITE_NAME}} - + diff --git a/files/templates/settings.html b/files/templates/settings.html index 89f31f395..4a2f8157d 100644 --- a/files/templates/settings.html +++ b/files/templates/settings.html @@ -34,7 +34,7 @@ - + {% if v.agendaposter %} - + {% else %} - + {% endif %} diff --git a/files/templates/settings_profile.html b/files/templates/settings_profile.html index c52aadf4a..f3e460400 100644 --- a/files/templates/settings_profile.html +++ b/files/templates/settings_profile.html @@ -592,8 +592,8 @@   

diff --git a/files/templates/sign_up.html b/files/templates/sign_up.html
index daa6f760a..c3034eb8f 100644
--- a/files/templates/sign_up.html
+++ b/files/templates/sign_up.html
@@ -31,7 +31,7 @@
 		{% if ref_user %}{{ref_user.username}} invites you to {{SITE_NAME}}{% else %}Sign up - {{SITE_NAME}}{% endif %}
 
 		
-		
+		
 		
 
 
diff --git a/files/templates/sign_up_failed_ref.html b/files/templates/sign_up_failed_ref.html
index 8634c1e48..59e18dda0 100644
--- a/files/templates/sign_up_failed_ref.html
+++ b/files/templates/sign_up_failed_ref.html
@@ -32,7 +32,7 @@
 		{% if ref_user %}{{ref_user.username}} invites you to {{SITE_NAME}}{% else %}{{SITE_NAME}}{% endif %}
 
 		
-		
+		
 		
 
 
diff --git a/files/templates/submission.html b/files/templates/submission.html
index 461614f2c..9f3510bdb 100644
--- a/files/templates/submission.html
+++ b/files/templates/submission.html
@@ -70,7 +70,7 @@
 {% endif %}
 
 {% if p.award_count("firework") %}
-    
+    
 	

 		
 	

@@ -95,20 +95,20 @@
 {% endif %}
 
 {% if p.award_count("ricardo") %}
-	
+	
 	

-		
+		
 	

 
 	{% if p.award_count("ricardo") > 1 %}
 		

-			
+			
 		

 	{% endif %}
 
 	{% if p.award_count("ricardo") > 2 %}
 		

-			
+			
 		

 	{% endif %}
 {% endif %}
@@ -823,8 +823,8 @@
 											
 
 										
 						
 										 
@@ -1021,8 +1021,8 @@
 						
 					 
 					
 				
 				Comment
diff --git a/files/templates/submit.html b/files/templates/submit.html
index 06f14f841..2ea50ab8f 100644
--- a/files/templates/submit.html
+++ b/files/templates/submit.html
@@ -26,7 +26,7 @@
 		{% block stylesheets %}
 		{% if v %}
 			
-			
+			
 			
 			{% if v.agendaposter %}
 				
-			
+			
 			
 		{% endif %}
 		{% endblock %}
@@ -109,7 +109,7 @@
 													
 													
 													Optional if you have text.
 													You can upload images or videos up to 60 seconds.
@@ -147,8 +147,8 @@
 												
 																
 														
 
 												

diff --git a/ubuntu_setup b/ubuntu_setup
index 03ccc7717..992c8807a 100644
--- a/ubuntu_setup
+++ b/ubuntu_setup
@@ -12,6 +12,7 @@ pip3 install -r requirements.txt
 mkdir /songs
 mkdir /images
 mkdir /videos
+mkdir /audio
 snap install opera-proxy
 ufw allow ssh
 ufw allow from 173.245.48.0/20