basic outline for LoggedOutUser

also implemented where needful
2022-11-18 05:33:28 -06:00 · 2022-11-18 05:33:28 -06:00 · 27255696c8
parent c5ad3a480f
commit 27255696c8
5 changed files with 611 additions and 457 deletions
--- a/files/classes/user.py
+++ b/files/classes/user.py
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@ -274,7 +274,7 @@ def sanitize(sanitized, golden=True, limit_pings=0, showmore=True, count_marseys
 	sanitized = reddit_regex.sub(r'\1<a href="https://old.reddit.com/\2" rel="nofollow noopener" target="_blank">/\2</a>', sanitized)
 	sanitized = sub_regex.sub(r'\1<a href="/\2">/\2</a>', sanitized)

-	v = getattr(g, 'v', None)
+	v = g.v

 	names = set(m.group(2) for m in mention_regex.finditer(sanitized))
 	if limit_pings and len(names) > limit_pings and not v.admin_level >= PERMS['POST_COMMENT_INFINITE_PINGS']: abort(406)
--- a/files/routes/allroutes.py
+++ b/files/routes/allroutes.py
@ -1,4 +1,5 @@
 import secrets
+from files.classes.user import LoggedOutUser
 from files.helpers.const import *
 from files.helpers.settings import get_setting
 from files.helpers.cloudflare import CLOUDFLARE_AVAILABLE
@ -28,6 +29,7 @@ def before_request():
 	g.webview = '; wv) ' in ua
 	g.inferior_browser = 'iphone' in ua or 'ipad' in ua or 'ipod' in ua or 'mac os' in ua or ' firefox/' in ua
 	g.is_tor = request.headers.get("cf-ipcountry") == "T1"
+	g.v = LoggedOutUser()

 	request.path = request.path.rstrip('/')
 	if not request.path: request.path = '/'
@ -41,7 +43,7 @@ def before_request():
 def after_request(response):
 	if response.status_code < 400:
 		if CLOUDFLARE_AVAILABLE and CLOUDFLARE_COOKIE_VALUE and getattr(g, 'desires_auth', False):
-			logged_in = bool(getattr(g, 'v', None))
+			logged_in = bool(g.v)
 			response.set_cookie("lo", CLOUDFLARE_COOKIE_VALUE if logged_in else '', max_age=60*60*24*365 if logged_in else 1)
 		if getattr(g, 'db', None):
 			g.db.commit()
--- a/files/routes/wrappers.py
+++ b/files/routes/wrappers.py
@ -33,7 +33,7 @@ def calc_users(v):
 	return ''

 def get_logged_in_user():
-	if hasattr(g, 'v'): return g.v
+	if g.v: return g.v
 	if not getattr(g, 'db', None): g.db = db_session()
 	g.desires_auth = True
 	v = None
@ -67,9 +67,8 @@ def get_logged_in_user():
 	if request.method.lower() != "get" and get_setting('Read-only mode') and not (v and v.admin_level >= PERMS['SITE_BYPASS_READ_ONLY_MODE']):
 		abort(403)

-	g.v = v
-
 	if v:
+		g.v = v
 		v.poor = session.get('poor')
 		# Check against last_active + ACTIVE_TIME to reduce frequency of
 		# UPDATEs in exchange for a ±ACTIVE_TIME margin of error.
@ -149,7 +148,7 @@ def feature_required(x):
 def ratelimit_user(limit:Union[str, Callable[[], str]]=DEFAULT_RATELIMIT_USER):
 	'''
 	Ratelimits based on a user. This requires at least auth_required (or stronger) to be present, 
-	otherwise logged out users will receive 500s
+	otherwise logged out users may receive errenous 429s
 	'''
 	def inner(func):
 		@functools.wraps(func)
--- a/gunicorn.conf.py
+++ b/gunicorn.conf.py
@ -15,7 +15,7 @@ def worker_abort(worker):
 		from flask import g, request
 		if g and request:
 			worker.log.warning(f"While serving {request.method} {request.url}")
-			u = getattr(g, 'v', None)
+			u = g.v
 			if u:
 				worker.log.warning(f"User: {u.username!r} id:{u.id}")
 			else: