From 288fcde83283763193e37fa1d59b7da934f5ef6b Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Sun, 19 Feb 2023 21:31:26 +0200
Subject: [PATCH] add /admin/delete_media

---
 files/helpers/config/const.py           | 20 +++++++------
 files/helpers/config/modaction_types.py |  5 ++++
 files/helpers/regex.py                  |  2 ++
 files/routes/admin.py                   | 37 +++++++++++++++++++++++++
 files/templates/admin/admin_home.html   |  3 ++
 files/templates/admin/delete_media.html | 28 +++++++++++++++++++
 6 files changed, 86 insertions(+), 9 deletions(-)
 create mode 100644 files/templates/admin/delete_media.html

diff --git a/files/helpers/config/const.py b/files/helpers/config/const.py
index 159844e3d..fe2c3104f 100644
--- a/files/helpers/config/const.py
+++ b/files/helpers/config/const.py
@@ -482,15 +482,17 @@ PERMS = { # Minimum admin_level to perform action.
 
 	'PROGSTACK': 5,
 
-	'USER_BLACKLIST': 6,
- 	'POST_EDITING': 6,
- 	'VIEW_PATRONS': 6,
- 	'BLACKJACK_NOTIFICATIONS': 6,
- 	'IGNORE_BADGE_BLACKLIST': 6,
-	'UNDO_AWARD_PINS': 6,
- 	'SEE_GHOST_VOTES': 6,
- 	'MODS_EVERY_HOLE': 6,
- 	'VIEW_DM_IMAGES': 6,
+	'DELETE_MEDIA': 6,
+
+	'USER_BLACKLIST': 7,
+ 	'POST_EDITING': 7,
+ 	'VIEW_PATRONS': 7,
+ 	'BLACKJACK_NOTIFICATIONS': 7,
+ 	'IGNORE_BADGE_BLACKLIST': 7,
+	'UNDO_AWARD_PINS': 7,
+ 	'SEE_GHOST_VOTES': 7,
+ 	'MODS_EVERY_HOLE': 7,
+ 	'VIEW_DM_IMAGES': 7,
 }
 
 FEATURES = {
diff --git a/files/helpers/config/modaction_types.py b/files/helpers/config/modaction_types.py
index 2e3b2466d..aae1ab81d 100644
--- a/files/helpers/config/modaction_types.py
+++ b/files/helpers/config/modaction_types.py
@@ -46,6 +46,11 @@ MODACTION_TYPES = {
 		"icon": 'fa-lock',
 		"color": 'bg-danger'
 	},
+	'delete_media': {
+		"str": 'deleted media',
+		"icon": 'fa-trash-alt',
+		"color": 'bg-danger'
+	},
 	'delete_report': {
 		"str": 'deleted report on {self.target_link}',
 		"icon": 'fa-flag',
diff --git a/files/helpers/regex.py b/files/helpers/regex.py
index d8212340b..2d7a0740c 100644
--- a/files/helpers/regex.py
+++ b/files/helpers/regex.py
@@ -196,3 +196,5 @@ discord_username_regex = re.compile("(\s|^|>).{2,32}#[0-9]{4}(?=[^0-9]|$)", flag
 numbered_list_regex = re.compile('((\s|^)[0-9]+)\. ', flags=re.A)
 
 comment_link_regex = re.compile("/[0-9]+$", flags=re.A)
+
+media_deletion_regex = re.compile(f"{SITE_FULL}\/(chat_)?(images|videos)\/[0-9]{{11,17}}\.(webp|{video_regex_extensions})", flags=re.A)
diff --git a/files/routes/admin.py b/files/routes/admin.py
index 706ee6f88..18a82d745 100644
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@@ -1,6 +1,7 @@
 import time
 from urllib.parse import quote, urlencode
 from math import floor
+import os
 
 from sqlalchemy.exc import IntegrityError
 from psycopg2.errors import UniqueViolation
@@ -1649,3 +1650,39 @@ def unblacklist_user(user_id, v):
 	g.db.add(ma)
 
 	return {"message": f"@{user.username} has been unblacklisted from restricted holes!"}
+
+@app.get('/admin/delete_media')
+@limiter.limit(DEFAULT_RATELIMIT, key_func=get_ID)
+@admin_level_required(PERMS['DELETE_MEDIA'])
+def delete_media_get(v):
+	return render_template("admin/delete_media.html", v=v)
+
+@app.post("/admin/delete_media")
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER)
+@limiter.limit(DEFAULT_RATELIMIT_SLOWER, key_func=get_ID)
+@admin_level_required(PERMS['DELETE_MEDIA'])
+def delete_media_post(v):
+
+	url = request.values.get("url")
+	if not url:
+		return render_template("admin/delete_media.html", v=v, url=url, error="No url provided!")
+
+	if not media_deletion_regex.fullmatch(url):
+		return render_template("admin/delete_media.html", v=v, url=url, error="Invalid url!")
+
+	path = url.split(SITE_FULL)[1]
+
+	if not os.path.isfile(path):
+		return render_template("admin/delete_media.html", v=v, url=url, error="File not found on the server!")
+
+	os.remove(path)
+
+	ma=ModAction(
+		kind="delete_media",
+		user_id=v.id,
+		_note=url,
+		)
+	g.db.add(ma)
+
+	purge_files_in_cache(url)
+	return render_template("admin/delete_media.html", v=v, msg="Media deleted successfully!")
diff --git a/files/templates/admin/admin_home.html b/files/templates/admin/admin_home.html
index 57bf67e78..ecf2098c3 100644
--- a/files/templates/admin/admin_home.html
+++ b/files/templates/admin/admin_home.html
@@ -68,6 +68,9 @@
 
 <h4>Safety</h4>
 <ul>
+	{% if v.admin_level >= PERMS['DELETE_MEDIA'] %}
+		<li><a href="/admin/delete_media">Delete Media</a></li>
+	{% endif %}
 	{% if v.admin_level >= PERMS['DOMAINS_BAN'] %}
 		<li><a href="/admin/banned_domains">Banned Domains</a></li>
 	{% endif %}
diff --git a/files/templates/admin/delete_media.html b/files/templates/admin/delete_media.html
new file mode 100644
index 000000000..12fd91800
--- /dev/null
+++ b/files/templates/admin/delete_media.html
@@ -0,0 +1,28 @@
+{% extends "default.html" %}
+
+{% block pagetitle %}Delete Media{% endblock %}
+
+{% block content %}
+{% if error %}{{macros.alert(error, true)}}{% endif %}
+{% if msg %}{{macros.alert(msg, false)}}{% endif %}
+<form class="mt-3" action="/admin/delete_media" method="post">
+	<div class="container">
+		<div class="row justify-content-center mb-4 pb-6">
+			<div class="col col-md-6 p-3 py-md-0">
+				<h1 class="d-mob-none">Delete Media</h1>
+				<h3 class=" d-md-none">Delete Media</h3>
+				<div class="body">
+					<input hidden name="formkey" value="{{v|formkey}}">
+					<label>URL</label>
+					<input class="form-control" type="url" name="url" required {% if url %}value="{{url}}"{% endif %}>
+					<div class="footer">
+						<div class="d-flex">
+							<button type="submit" class="btn btn-primary ml-auto">Delete</button>
+						</div>
+					</div>
+				</div>
+			</div>
+		</div>
+	</div>
+</form>
+{% endblock %}