remove logged out routes (#433)

* remove /logged_out/ routes * update sitemap, remove users route, and update header * cloudflare cookie * only mess with the cookie whenever we desire auth * sitemap: (small) improvements sitemap: fix little bug i introduced sitemap: fix login redirects for /id/ routes * sitemap: remove duplicate entry * contact is auth desired * imports: don't import what we don't need and bind late to the db * praying to god this works * keep yourself safe * oh i actually need to commit and push lol * import Sub * t * refix cache purger
2022-11-08 21:35:24 -08:00 · 2022-11-08 21:35:24 -08:00 · 26549a6e66
parent 39297b7c22
commit 26549a6e66
19 changed files with 292 additions and 340 deletions
--- a/files/main.py
+++ b/files/main.py
@ -2,6 +2,7 @@ import gevent.monkey
 gevent.monkey.patch_all()
 from os import environ, path
 import secrets
+from files.helpers.cloudflare import CLOUDFLARE_AVAILABLE
 from flask import *
 from flask_caching import Cache
 from flask_limiter import Limiter
@ -103,7 +104,6 @@ def before_request():
 	if not request.path: request.path = '/'
 	request.full_path = request.full_path.rstrip('?').rstrip('/')
 	if not request.full_path: request.full_path = '/'
-
 	if not session.get("session_id"):
 		session.permanent = True
 		session["session_id"] = secrets.token_hex(49)
@ -111,6 +111,9 @@ def before_request():
@app.after_request
 def after_request(response):
 	if response.status_code < 400:
+		if CLOUDFLARE_AVAILABLE and CLOUDFLARE_COOKIE_VALUE and getattr(g, 'desires_auth', False):
+			logged_in = bool(getattr(g, 'v', None))
+			response.set_cookie("lo", CLOUDFLARE_COOKIE_VALUE if logged_in else '', max_age=60*60*24*365 if logged_in else 1)
 		g.db.commit()
 		g.db.close()
 		del g.db
@ -118,7 +121,7 @@ def after_request(response):

@app.teardown_appcontext
 def teardown_request(error):
-	if hasattr(g, 'db') and g.db:
+	if getattr(g, 'db', None):
 		g.db.rollback()
 		g.db.close()
 		del g.db
--- a/files/assets/sitemap.xml
+++ b/files/assets/sitemap.xml
--- a/files/classes/user.py
+++ b/files/classes/user.py
@ -2,6 +2,7 @@ from sqlalchemy.orm import deferred, aliased
 from sqlalchemy.sql import func
 from secrets import token_hex
 import pyotp
+from files.classes.sub import Sub
 from files.helpers.media import *
 from files.helpers.const import *
 from files.classes.casino_game import Casino_Game
--- a/files/helpers/actions.py
+++ b/files/helpers/actions.py
@ -9,6 +9,15 @@ from urllib.parse import quote

 headers = {'User-Agent': 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'}

+SNAPPY_MARSEYS = []
+if SITE_NAME != 'PCM':
+	SNAPPY_MARSEYS = [f':#{x}:' for x in marseys_const2]
+
+SNAPPY_QUOTES = []
+if path.isfile(f'snappy_{SITE_NAME}.txt'):
+	with open(f'snappy_{SITE_NAME}.txt', "r", encoding="utf-8") as f:
+		SNAPPY_QUOTES = f.read().split("\n{[para]}\n")
+
 def archiveorg(url):
 	try: requests.get(f'https://web.archive.org/save/{url}', headers=headers, timeout=10, proxies=proxies)
 	except: pass
--- a/files/helpers/cloudflare.py
+++ b/files/helpers/cloudflare.py
@ -1,14 +1,16 @@
 import json
 from typing import List, Union, Optional
-from files.helpers.const import *
+from files.helpers.const import CF_HEADERS, CF_ZONE
 import requests

 CLOUDFLARE_API_URL = "https://api.cloudflare.com/client/v4"
 CLOUDFLARE_REQUEST_TIMEOUT_SECS = 5
 DEFAULT_CLOUDFLARE_ZONE = 'blahblahblah'

+CLOUDFLARE_AVAILABLE = CF_ZONE and CF_ZONE != DEFAULT_CLOUDFLARE_ZONE
+
 def _request_from_cloudflare(url:str, method:str, post_data_str) -> bool:
-	if CF_ZONE == DEFAULT_CLOUDFLARE_ZONE: return False
+	if not CLOUDFLARE_AVAILABLE: return False
 	try:
 		res = str(requests.request(method, f"{CLOUDFLARE_API_URL}/zones/{CF_ZONE}/{url}", headers=CF_HEADERS, data=post_data_str, timeout=CLOUDFLARE_REQUEST_TIMEOUT_SECS))
 	except:
@ -26,11 +28,11 @@ def get_security_level() -> Optional[str]:
 def set_security_level(under_attack="high") -> bool:
 	return _request_from_cloudflare("settings/security_level", "PATCH", f'{{"value":"{under_attack}"}}')

-def clear_cloudflare_cache() -> bool:
+def clear_entire_cache() -> bool:
 	return _request_from_cloudflare("purge_cache", "POST", '{"purge_everything":true}')

 def purge_files_in_cache(files:Union[List[str],str]) -> bool:
-	if CF_ZONE == DEFAULT_CLOUDFLARE_ZONE: return False
+	if not CLOUDFLARE_AVAILABLE: return False
 	if isinstance(files, str):
 		files = [files]
 	post_data = {"files": files}
--- a/files/helpers/const.py
+++ b/files/helpers/const.py
@ -2,9 +2,6 @@ from os import environ
 import re
 from copy import deepcopy
 from json import loads
-from files.__main__ import db_session
-from files.classes.sub import Sub
-from files.classes.marsey import Marsey
 from flask import request
 import tldextract
 from os import path
@ -54,6 +51,8 @@ if PUSHER_ID != "blahblahblah":
 CONTENT_SECURITY_POLICY_DEFAULT = "script-src 'self' 'unsafe-inline' ajax.cloudflare.com; connect-src 'self'; object-src 'none';"
 CONTENT_SECURITY_POLICY_HOME = f"script-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src 'self' tls-use1.fpapi.io api.fpjs.io{PUSHER_ID_CSP}; object-src 'none';"

+CLOUDFLARE_COOKIE_VALUE = "yes."
+
 if SITE == "localhost": SITE_FULL = 'http://' + SITE
 else: SITE_FULL = 'https://' + SITE

@ -1407,34 +1406,10 @@ christian_emojis = [':#marseyjesus:',':#marseyimmaculate:',':#marseymothermary:'
 	':#marseycrucified:',':#chadjesus:',':#marseyandjesus:',':#marseyjesus2:',
 	':#marseyorthodoxsmug:',':#marseypastor:',':#marseypope:',]

-db = db_session()
-marseys_const = [x[0] for x in db.query(Marsey.name).filter(Marsey.submitter_id==None, Marsey.name!='chudsey').all()]
-marseys_const2 = marseys_const + ['chudsey','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7','8','9','exclamationpoint','period','questionmark']
-
-marseys = db.query(Marsey).filter(Marsey.submitter_id==None).all()
-marsey_mappings = {}
-for marsey in marseys:
-	for tag in marsey.tags.split():
-		if tag in marsey_mappings:
-			marsey_mappings[tag].append(marsey.name)
-		else:
-			marsey_mappings[tag] = [marsey.name]
-db.close()
-
-SNAPPY_MARSEYS = []
-if SITE_NAME != 'PCM':
-	SNAPPY_MARSEYS = [f':#{x}:' for x in marseys_const2]
-
-SNAPPY_QUOTES = []
-if path.isfile(f'snappy_{SITE_NAME}.txt'):
-	with open(f'snappy_{SITE_NAME}.txt', "r", encoding="utf-8") as f:
-		SNAPPY_QUOTES = f.read().split("\n{[para]}\n")
-
 ADMIGGER_THREADS = {SIDEBAR_THREAD, BANNER_THREAD, BADGE_THREAD, SNAPPY_THREAD}

 proxies = {"http":PROXY_URL,"https":PROXY_URL}

-
 approved_embed_hosts = {
 	SITE,
 	'rdrama.net',
--- a/files/helpers/marsify.py
+++ b/files/helpers/marsify.py
@ -1,4 +1,4 @@
-from .const import marsey_mappings
+from .sanitize import marsey_mappings
 from random import choice

 def marsify(text):
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@ -5,14 +5,27 @@ from bleach.css_sanitizer import CSSSanitizer
 from bleach.linkifier import LinkifyFilter
 from functools import partial
 from .get import *
-from os import path, environ
+from os import path
 import re
 from mistletoe import markdown
-from json import loads, dump
 from random import random, choice
 import signal
-import time
-import requests
+from files.__main__ import db_session
+from files.classes.marsey import Marsey
+
+db = db_session()
+marseys_const = [x[0] for x in db.query(Marsey.name).filter(Marsey.submitter_id==None, Marsey.name!='chudsey').all()]
+marseys_const2 = marseys_const + ['chudsey','a','b','c','d','e','f','g','h','i','j','k','l','m','n','o','p','q','r','s','t','u','v','w','x','y','z','0','1','2','3','4','5','6','7','8','9','exclamationpoint','period','questionmark']
+
+marseys = db.query(Marsey).filter(Marsey.submitter_id==None).all()
+marsey_mappings = {}
+for marsey in marseys:
+	for tag in marsey.tags.split():
+		if tag in marsey_mappings:
+			marsey_mappings[tag].append(marsey.name)
+		else:
+			marsey_mappings[tag] = [marsey.name]
+db.close()

 TLDS = ( # Original gTLDs and ccTLDs
 	'ac','ad','ae','aero','af','ag','ai','al','am','an','ao','aq','ar','arpa','as','asia','at',
--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@ -3,6 +3,7 @@ from .alerts import *
 from files.helpers.const import *
 from files.helpers.get import *
 from files.__main__ import db_session, limiter
+from flask import g, request
 from random import randint
 import functools
 import user_agents
@ -32,6 +33,7 @@ def calc_users(v):
 def get_logged_in_user():
 	if hasattr(g, 'v'): return g.v
 	if not (hasattr(g, 'db') and g.db): g.db = db_session()
+	g.desires_auth = True
 	v = None
 	token = request.headers.get("Authorization","").strip()
 	if token:
@ -64,7 +66,6 @@ def get_logged_in_user():
 	if request.method.lower() != "get" and app.config['SETTINGS']['Read-only mode'] and not (v and v.admin_level >= PERMS['SITE_BYPASS_READ_ONLY_MODE']):
 		abort(403)

-
 	g.v = v

 	if v:
@ -98,21 +99,12 @@ def auth_desired_with_logingate(f):
 		v = get_logged_in_user()
 		if app.config['SETTINGS']['login_required'] and not v: abort(401)

-		#### WPD TEMP #### disable this /logged_out thing on .co
-		if SITE == 'watchpeopledie.co':
-			return make_response(f(*args, v=v, **kwargs))
-		#### END WPD TEMP ####
-
-		if not v and not request.path.startswith('/logged_out'):
-			return redirect(f"/logged_out{request.full_path}")
-
-		if v and request.path.startswith('/logged_out'):
+		if request.path.startswith('/logged_out'):
 			redir = request.full_path.replace('/logged_out','')
 			if not redir: redir = '/'
 			return redirect(redir)

 		return make_response(f(*args, v=v, **kwargs))
-
 	wrapper.__name__ = f.__name__
 	return wrapper

@ -120,9 +112,7 @@ def auth_required(f):
 	def wrapper(*args, **kwargs):
 		v = get_logged_in_user()
 		if not v: abort(401)
-
 		return make_response(f(*args, v=v, **kwargs))
-
 	wrapper.__name__ = f.__name__
 	return wrapper

--- a/files/routes/init.py
+++ b/files/routes/init.py
@ -1,3 +1,7 @@
+# import classes then...
+from files.classes.sub import Sub
+
+# import routes
 from .admin import *
 from .comments import *
 from .errors import *
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@ -478,7 +478,7 @@ def change_settings(v, setting):
@app.post("/admin/clear_cloudflare_cache")
@admin_level_required(PERMS['SITE_CACHE_PURGE_CDN'])
 def clear_cloudflare_cache(v):
-	if not cloudflare.clear_cloudflare_cache():
+	if not cloudflare.clear_entire_cache():
 		abort(400, 'Failed to clear cloudflare cache!')
 	ma = ModAction(
 		kind="clear_cloudflare_cache",
@ -1150,7 +1150,7 @@ def remove_post(post_id, v):

 	v.coins += 1
 	g.db.add(v)
-	cloudflare.purge_files_in_cache(f"https://{SITE}/logged_out")
+	cloudflare.purge_files_in_cache(f"https://{SITE}/")
 	return {"message": "Post removed!"}


--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@ -28,10 +28,6 @@ WORDLE_COLOR_MAPPINGS = {-1: "🟥", 0: "🟨", 1: "🟩"}
@app.get("/post/<pid>/<anything>/<cid>")
@app.get("/h/<sub>/comment/<cid>")
@app.get("/h/<sub>/post/<pid>/<anything>/<cid>")
-@app.get("/logged_out/comment/<cid>")
-@app.get("/logged_out/post/<pid>/<anything>/<cid>")
-@app.get("/logged_out/h/<sub>/comment/<cid>")
-@app.get("/logged_out/h/<sub>/post/<pid>/<anything>/<cid>")
@auth_desired_with_logingate
 def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
 	comment = get_comment(cid, v=v)
--- a/files/routes/front.py
+++ b/files/routes/front.py
@ -9,9 +9,6 @@ from files.helpers.awards import award_timers
@app.get("/")
@app.get("/h/<sub>")
@app.get("/s/<sub>")
-@app.get("/logged_out")
-@app.get("/logged_out/h/<sub>")
-@app.get("/logged_out/s/<sub>")
@limiter.limit("3/second;30/minute;5000/hour;10000/day")
@auth_desired_with_logingate
 def front_all(v, sub=None, subdomain=None):
@ -22,9 +19,9 @@ def front_all(v, sub=None, subdomain=None):
 	if SITE == 'watchpeopledie.co':
 		if v and not v.admin_level and not v.id <= 9: # security: don't auto login admins or bots
 			hash = generate_hash(f'{v.id}+{now.year}+{now.month}+{now.day}+{now.hour}+WPDusermigration')
-			return redirect(f'https://watchpeopledie.tv/logged_out?user={v.id}&code={hash}', 301)
+			return redirect(f'https://watchpeopledie.tv/?user={v.id}&code={hash}', 301)
 		else:
-			return redirect('https://watchpeopledie.tv/logged_out', 301)
+			return redirect('https://watchpeopledie.tv/', 301)
 	elif SITE == 'watchpeopledie.tv' and not v: # security: don't try to login people into accounts more than once
 		req_user = request.values.get('user')
 		req_code = request.values.get('code')
@ -37,8 +34,7 @@ def front_all(v, sub=None, subdomain=None):
 				else:
 					if validate_hash(f'{user.id}+{now.year}+{now.month}+{now.day}+{now.hour}+WPDusermigration', req_code):
 						on_login(user)
-						return redirect('/')
-			return redirect('/logged_out')
+			return redirect('/')
 	#### WPD TEMP #### end special front logic
 	if sub:
 		sub = sub.strip().lower()
--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -12,9 +12,8 @@ import secrets
@auth_desired
 def login_get(v):

-	redir = request.values.get("redirect", "/")
+	redir = request.values.get("redirect", "/").strip().rstrip('?')
 	if redir:
-		redir = redir.replace("/logged_out", "").strip().rstrip('?')
 		if not is_site_url(redir): redir = "/"
 		if v: return redirect(redir)

@ -149,9 +148,8 @@ def login_post():
 	g.login_failed = False
 	on_login(account)

-	redir = request.values.get("redirect")
+	redir = request.values.get("redirect", "").strip().rstrip('?')
 	if redir:
-		redir = redir.replace("/logged_out", "").strip().rstrip('?')
 		if is_site_url(redir): return redirect(redir)
 	return redirect('/')

@ -229,9 +227,8 @@ def sign_up_get(v):

 	error = request.values.get("error")

-	redir = request.values.get("redirect", "/")
+	redir = request.values.get("redirect", "/").strip().rstrip('?')
 	if redir:
-		redir = redir.replace("/logged_out", "").strip().rstrip('?')
 		if not is_site_url(redir): redir = "/"

 	return render_template("sign_up.html",
@ -388,9 +385,8 @@ def sign_up_post(v):
 	elif CARP_ID:
 		send_notification(CARP_ID, f"A new user - @{new_user.username} - has signed up!")

-	redir = request.values.get("redirect")
+	redir = request.values.get("redirect", "").strip().rstrip('?')
 	if redir:
-		redir = redir.replace("/logged_out", "").strip().rstrip('?')
 		if is_site_url(redir): return redirect(redir)
 	return redirect('/')

--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -130,10 +130,6 @@ def submit_get(v, sub=None):
@app.get("/post/<pid>/<anything>")
@app.get("/h/<sub>/post/<pid>")
@app.get("/h/<sub>/post/<pid>/<anything>")
-@app.get("/logged_out/post/<pid>")
-@app.get("/logged_out/post/<pid>/<anything>")
-@app.get("/logged_out/h/<sub>/post/<pid>")
-@app.get("/logged_out/h/<sub>/post/<pid>/<anything>")
@auth_desired_with_logingate
 def post_id(pid, anything=None, v=None, sub=None):
 	post = get_post(pid, v=v)
--- a/files/routes/static.py
+++ b/files/routes/static.py
@ -401,7 +401,6 @@ if not os.path.exists(f'files/templates/donate_{SITE_NAME}.html'):
 	copyfile(f'files/templates/donate_rDrama.html', f'files/templates/donate_{SITE_NAME}.html')

@app.get('/donate')
-@app.get('/logged_out/donate')
@auth_desired_with_logingate
 def donate(v):
 	return render_template(f'donate_{SITE_NAME}.html', v=v)
@ -507,7 +506,6 @@ if SITE == 'pcmemes.net':


 	@app.get('/live')
-	@app.get('/logged_out/live')
 	@auth_desired_with_logingate
 	def live_list(v):
 		live = cache.get('live') or []
--- a/files/routes/users.py
+++ b/files/routes/users.py
@ -666,7 +666,6 @@ def visitors(v):

@app.get("/@<username>")
@app.get("/@<username>.json")
-@app.get("/logged_out/@<username>")
@auth_desired_with_logingate
 def u_username(username, v=None):
 	u = get_user(username, v=v, include_blocks=True, include_shadowbanned=False)
@ -747,7 +746,6 @@ def u_username(username, v=None):

@app.get("/@<username>/comments")
@app.get("/@<username>/comments.json")
-@app.get("/logged_out/@<username>/comments")
@auth_desired_with_logingate
 def u_username_comments(username, v=None):
 	u = get_user(username, v=v, include_blocks=True, include_shadowbanned=False)
@ -915,9 +913,6 @@ def remove_follow(username, v):
@app.get("/pp/<id>")
@app.get("/uid/<id>/pic")
@app.get("/uid/<id>/pic/profile")
-@app.get("/logged_out/pp/<id>")
-@app.get("/logged_out/uid/<id>/pic")
-@app.get("/logged_out/uid/<id>/pic/profile")
@cache.memoize(timeout=86400)
@limiter.exempt
 def user_profile_uid(id):
--- a/files/templates/header.html
+++ b/files/templates/header.html
@ -268,7 +268,7 @@
 				</li>
 			{% else %}
 			<li class="nav-item d-flex align-items-center justify-content-center mx-1 mr-2">
-				<a class="btn btn-primary" href="/logged_out/donate">Donate</a>
+				<a class="btn btn-primary" href="/donate">Donate</a>
 			</li>
 			<li class="nav-item d-flex align-items-center justify-content-center mx-1 mr-2">
 				<a class="btn btn-primary" href="/contact">Contact us</a>
@ -336,7 +336,7 @@
 				</li>
 			{% else %}
 				<li class="nav-item d-flex align-items-center justify-content-center pb-3">
-					<a class="btn btn-primary btn-block" href="/logged_out/donate">Donate</a>
+					<a class="btn btn-primary btn-block" href="/donate">Donate</a>
 				</li>
 				<li class="nav-item d-flex align-items-center justify-content-center pb-3">
 					<a class="btn btn-primary btn-block" href="/contact">Contact us</a>
--- a/files/templates/home.html
+++ b/files/templates/home.html
@ -184,7 +184,7 @@
 	</script>
 {% endif %}

-{% if request.path in ('/','/logged_out') and time.time() > session.get('tooltip_last_dismissed',0)+60*60*24*30 and not g.webview %}
+{% if request.path == '/' and time.time() > session.get('tooltip_last_dismissed',0)+60*60*24*30 and not g.webview %}
 	<style>
 		.beg-icon {
 			color: #919191;