diff --git a/files/routes/errors.py b/files/routes/errors.py index 51c54c96b..7929c8af4 100644 --- a/files/routes/errors.py +++ b/files/routes/errors.py @@ -55,13 +55,7 @@ def error_500(e): @app.post("/allow_nsfw") -def allow_nsfw(): +@auth_desired +def allow_nsfw(v): session["over_18"] = int(time.time()) + 3600 - return redirect(request.values.get("redir", "/")) - - -@app.get("/error/") -def error_all_preview(error): - - try: return render_template(f"errors/{error}.html", error=True) - except: abort(400) \ No newline at end of file + return redirect(request.values.get("redir", "/")) \ No newline at end of file diff --git a/files/routes/feeds.py b/files/routes/feeds.py index fceb30a0b..24bf15868 100644 --- a/files/routes/feeds.py +++ b/files/routes/feeds.py @@ -4,11 +4,13 @@ from datetime import datetime from files.helpers.jinja2 import full_link from files.helpers.get import * from yattag import Doc +from files.helpers.wrappers import * from files.__main__ import app @app.get('/rss//') -def feeds_user(sort='hot', t='all'): +@auth_desired +def feeds_user(v=None, sort='hot', t='all'): page = int(request.values.get("page", 1)) diff --git a/files/routes/front.py b/files/routes/front.py index 5ee486429..d276d2ce5 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -7,7 +7,8 @@ defaulttimefilter = environ.get("DEFAULT_TIME_FILTER", "all").strip() SITE_NAME = environ.get("SITE_NAME", "").strip() @app.get("/post/") -def slash_post(): +@auth_desired +def slash_post(v): return redirect("/") @app.post("/clear") diff --git a/files/routes/giphy.py b/files/routes/giphy.py index cda7e8565..48417f57e 100644 --- a/files/routes/giphy.py +++ b/files/routes/giphy.py @@ -1,6 +1,7 @@ from flask import * from os import environ import requests +from files.helpers.wrappers import * from files.__main__ import app @@ -9,7 +10,8 @@ GIPHY_KEY = environ.get('GIPHY_KEY').rstrip() @app.get("/giphy") @app.get("/giphy") -def giphy(path=None): +@auth_desired +def giphy(v=None, path=None): searchTerm = request.values.get("searchTerm", "").strip() limit = int(request.values.get("limit", 48)) diff --git a/files/routes/static.py b/files/routes/static.py index 4fd48b632..a83afd8a1 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -246,7 +246,8 @@ def log_item(id, v): return render_template(f"{template}log.html", v=v, actions=[action], next_exists=False, page=1, action=action, admins=admins, types=types) @app.get("/static/assets/favicon.ico") -def favicon(): +@auth_desired +def favicon(v): return send_file(f"./assets/images/{site_name}/icon.webp") @app.get("/api") @@ -278,18 +279,21 @@ def submit_contact(v): return render_template(f"{template}contact.html", v=v, msg="Your message has been sent.") @app.get('/archives') -def archivesindex(): +@auth_desired +def archivesindex(v): return redirect("/archives/index.html") @app.get('/archives/') -def archives(path): +@auth_desired +def archives(v, path): resp = make_response(send_from_directory('/archives', path)) if request.path.endswith('.css'): resp.headers.add("Content-Type", "text/css") return resp @app.get('/static/') @limiter.exempt -def static_service2(path): +@auth_desired +def static_service2(v, path): resp = make_response(send_from_directory('./static', path)) if request.path.endswith('.webp') or request.path.endswith('.gif') or request.path.endswith('.ttf') or request.path.endswith('.woff') or request.path.endswith('.woff2'): resp.headers.remove("Cache-Control") @@ -303,7 +307,8 @@ def static_service2(path): @app.get('/assets/') @app.get('/static/assets/') @limiter.exempt -def static_service(path): +@auth_desired +def static_service(v, path): if request.path.startswith('/assets/'): return redirect(request.full_path.replace('/assets/', '/static/assets/')) resp = make_response(send_from_directory('assets', path)) @@ -321,7 +326,8 @@ def static_service(path): @app.get('/hostedimages/') @app.get("/static/images/") @limiter.exempt -def images(path): +@auth_desired +def images(v, path): if request.path.startswith('/images/') or request.path.lower().startswith('/hostedimages/'): return redirect(request.full_path.replace('/images/', '/static/images/').replace('/hostedimages/', '/static/images/')) resp = make_response(send_from_directory('/images', path.replace('.WEBP','.webp'))) @@ -395,7 +401,8 @@ def formatting(v): return render_template(f"{template}formatting.html", v=v) @app.get("/service-worker.js") -def serviceworker(): +@auth_desired +def serviceworker(v): with open("files/assets/js/service-worker.js", "r") as f: return Response(f.read(), mimetype='application/javascript') @app.get("/settings/security") @@ -408,13 +415,4 @@ def settings_security(v): return render_template(f"{template}settings_security.html", v=v, mfa_secret=pyotp.random_base32() if not v.mfa_secret else None - ) - -@app.post("/dismiss_mobile_tip") -@limiter.limit("1/second") -def dismiss_mobile_tip(): - - session["tooltip_last_dismissed"]=int(time.time()) - session.modified=True - - return "", 204 + ) \ No newline at end of file diff --git a/files/routes/users.py b/files/routes/users.py index 5a880bba1..f89a320cc 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -347,7 +347,8 @@ def leaderboard(v): @app.get("/@/css") -def get_css(username): +@auth_desired +def get_css(v, username): user = get_user(username) if user.css: css = user.css else: css = "" @@ -356,7 +357,8 @@ def get_css(username): return resp @app.get("/@/profilecss") -def get_profilecss(username): +@auth_desired +def get_profilecss(v, username): user = get_user(username) if user.profilecss: profilecss = user.profilecss else: profilecss = "" @@ -365,7 +367,8 @@ def get_profilecss(username): return resp @app.get("/songs/") -def songs(id): +@auth_desired +def songs(v, id): try: id = int(id) except: return "", 400 user = g.db.query(User).filter_by(id=id).one_or_none() @@ -374,7 +377,8 @@ def songs(id): @app.get("/song/") @app.get("/static/song/") -def song(song): +@auth_desired +def song(v, song): if request.path.startswith('/song/'): return redirect(request.full_path.replace('/song/', '/static/song/')) resp = make_response(send_from_directory('/songs', song)) resp.headers.remove("Cache-Control") @@ -560,6 +564,7 @@ def api_is_available(name, v): return {name: True} @app.get("/id/") +@auth_desired def user_id(id): try: id = int(id) except: abort(404) @@ -567,6 +572,7 @@ def user_id(id): return redirect(user.url) @app.get("/u/") +@auth_desired def redditor_moment_redirect(username): return redirect(f"/@{username}") @@ -917,8 +923,8 @@ def remove_follow(username, v): @app.get("/uid//pic") @app.get("/uid//pic/profile") -@limiter.exempt -def user_profile_uid(id): +@auth_desired +def user_profile_uid(v, id): try: id = int(id) except: try: id = int(id, 36) @@ -927,8 +933,8 @@ def user_profile_uid(id): return redirect(x.profile_url) @app.get("/@/pic") -@limiter.exempt -def user_profile_name(username): +@auth_desired +def user_profile_name(v, username): x = get_user(username) return redirect(x.profile_url)