From 2c7a98e433a0544892097076baa8be3feebc391c Mon Sep 17 00:00:00 2001 From: Aevann1 Date: Thu, 6 Jan 2022 18:46:09 +0200 Subject: [PATCH] big one --- files/classes/user.py | 6 +- files/helpers/alerts.py | 2 +- files/helpers/const.py | 4 +- files/helpers/wrappers.py | 7 +- files/routes/awards.py | 4 -- files/routes/comments.py | 4 +- files/routes/discord.py | 9 ++- files/routes/front.py | 2 - files/routes/oauth.py | 4 +- files/routes/posts.py | 4 +- files/routes/settings.py | 9 ++- files/routes/users.py | 85 +++---------------------- files/routes/votes.py | 25 +++++--- files/templates/CHRISTMAS/contact.html | 8 +-- files/templates/CHRISTMAS/default.html | 2 +- files/templates/CHRISTMAS/settings.html | 2 +- files/templates/contact.html | 43 ++++++------- files/templates/default.html | 2 +- files/templates/emoji_modal.html | 2 +- files/templates/message_success.html | 4 +- files/templates/userpage.html | 6 +- files/templates/userpage_comments.html | 2 +- files/templates/userpage_private.html | 2 +- 23 files changed, 83 insertions(+), 155 deletions(-) diff --git a/files/classes/user.py b/files/classes/user.py index 090a17024..7291aab06 100644 --- a/files/classes/user.py +++ b/files/classes/user.py @@ -491,7 +491,7 @@ class User(Base): def json_core(self): now = int(time.time()) - if self.is_banned and (not self.unban_utc or now < self.unban_utc): + if self.is_suspended: return {'username': self.username, 'url': self.url, 'is_banned': True, @@ -545,7 +545,6 @@ class User(Base): @property - @lazy def is_suspended(self): if self.unban_utc and self.unban_utc < time.time(): self.is_banned = 0 @@ -553,7 +552,8 @@ class User(Base): self.ban_evade = 0 g.db.add(self) g.db.commit() - return (self.is_banned and (not self.unban_utc or self.unban_utc > time.time())) + return False + return (self.is_banned and (self.unban_utc == 0 or self.unban_utc > time.time())) @property diff --git a/files/helpers/alerts.py b/files/helpers/alerts.py index a17edd921..6f3e78de0 100644 --- a/files/helpers/alerts.py +++ b/files/helpers/alerts.py @@ -89,7 +89,7 @@ def send_admin(vid, text): g.db.add(new_comment) g.db.flush() - admins = g.db.query(User).filter(User.admin_level > 0).all() + admins = g.db.query(User).filter(User.admin_level > 2).all() for admin in admins: notif = Notification(comment_id=new_comment.id, user_id=admin.id) g.db.add(notif) diff --git a/files/helpers/const.py b/files/helpers/const.py index cdfb77d8f..8a999eb04 100644 --- a/files/helpers/const.py +++ b/files/helpers/const.py @@ -9,8 +9,8 @@ SITE_NAME = environ.get("SITE_NAME", '').strip() import json with open("files/assets/js/emoji_modal.js", 'r') as file: - text = file.read().split('emojis: ')[1].split('cops police"},')[0] + '"}}' - result = loads(text) + marseytext = file.read().split('emojis: ')[1].split('cops police"},')[0] + '"}}' + result = loads(marseytext) marseys = {} diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py index f3dc9fc49..fcddb0d9e 100644 --- a/files/helpers/wrappers.py +++ b/files/helpers/wrappers.py @@ -28,7 +28,7 @@ def get_logged_in_user(): return v def check_ban_evade(v): - if v and not v.patron and v.ban_evade and v.admin_level == 0 and not v.is_suspended: + if v and not v.patron and v.admin_level == 0 and v.ban_evade and not v.unban_utc: if random.randint(0,30) < v.ban_evade: v.shadowbanned = "AutoJanny" else: v.ban_evade +=1 g.db.add(v) @@ -65,7 +65,7 @@ def auth_required(f): return wrapper -def is_not_banned(f): +def is_not_permabanned(f): def wrapper(*args, **kwargs): @@ -75,7 +75,8 @@ def is_not_banned(f): check_ban_evade(v) - if v.is_suspended: return {"error": "You can't perform this action while being banned."}, 403 + if v.is_banned and v.unban_utc == 0: + return {"error": "Interal server error"}, 500 resp = make_response(f(*args, v=v, **kwargs)) return resp diff --git a/files/routes/awards.py b/files/routes/awards.py index 6f6c17d97..666b2144c 100644 --- a/files/routes/awards.py +++ b/files/routes/awards.py @@ -186,8 +186,6 @@ def award_post(pid, v): if v.shadowbanned: return render_template('errors/500.html', error=True, v=v), 500 - if v.is_banned and not v.unban_utc: return {"error": "forbidden."}, 403 - kind = request.values.get("kind", "").strip() if kind not in AWARDS: @@ -351,8 +349,6 @@ def award_comment(cid, v): if v.shadowbanned: return render_template('errors/500.html', error=True, v=v), 500 - if v.is_suspended and v.unban_utc == 0: return {"error": "forbidden"}, 403 - kind = request.values.get("kind", "").strip() if kind not in AWARDS: diff --git a/files/routes/comments.py b/files/routes/comments.py index 45d9f0483..1273af972 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -135,9 +135,11 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None): @app.post("/comment") @limiter.limit("1/second") @limiter.limit("6/minute") -@is_not_banned +@auth_required @validate_formkey def api_comment(v): + if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403 + if v and v.patron: if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413 elif request.content_length > 4 * 1024 * 1024: return {"error":"Max file size is 4 MB."}, 413 diff --git a/files/routes/discord.py b/files/routes/discord.py index 76fac468f..640a6da5c 100644 --- a/files/routes/discord.py +++ b/files/routes/discord.py @@ -14,14 +14,13 @@ WELCOME_CHANNEL="846509313941700618" SITE_NAME = environ.get("SITE_NAME", "").strip() @app.get("/discord") -@auth_required +@is_not_permabanned def join_discord(v): - if v.is_banned and not v.unban_utc: return {"error": "Permabanned users cannot join the discord server!"} + if v.shadowbanned: return {"error": "Internal server error"} - if SITE_NAME == 'Drama' and v.admin_level == 0 and v.patron == 0 and v.truecoins < 150: return f"You must receive 150 upvotes/downvotes from other users before being able to join the Discord server." - - if v.shadowbanned or v.agendaposter: return "" + if SITE_NAME == 'Drama' and v.admin_level == 0 and v.patron == 0 and v.truecoins < 150: + return f"You must receive 150 upvotes/downvotes from other users before being able to join the Discord server." now=int(time.time()) diff --git a/files/routes/front.py b/files/routes/front.py index b564311e1..66e0c6279 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -129,8 +129,6 @@ def front_all(v): if not v and request.path == "/" and not request.headers.get("Authorization"): return redirect(f"/logged_out{request.full_path}") - if v and v.is_banned and not v.unban_utc: return render_template('errors/500.html', error=True, v=v), 500 - if v and request.path.startswith('/logged_out'): v = None try: page = max(int(request.values.get("page", 1)), 1) diff --git a/files/routes/oauth.py b/files/routes/oauth.py index db047699e..69b97dfd7 100644 --- a/files/routes/oauth.py +++ b/files/routes/oauth.py @@ -39,7 +39,7 @@ def authorize(v): @app.post("/api_keys") @limiter.limit("1/second") -@is_not_banned +@is_not_permabanned @validate_formkey def request_api_keys(v): @@ -82,7 +82,7 @@ def delete_oauth_app(v, aid): @app.post("/edit_app/") @limiter.limit("1/second") -@is_not_banned +@is_not_permabanned @validate_formkey def edit_oauth_app(v, aid): diff --git a/files/routes/posts.py b/files/routes/posts.py index 067633a63..47960107a 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -715,9 +715,11 @@ def thumbnail_thread(pid): @app.post("/submit") @limiter.limit("1/second") @limiter.limit("6/minute") -@is_not_banned +@auth_required @validate_formkey def submit_post(v): + if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403 + if v and v.patron: if request.content_length > 8 * 1024 * 1024: return {"error": "Max file size is 8 MB."}, 413 elif request.content_length > 4 * 1024 * 1024: return {"error": "Max file size is 4 MB."}, 413 diff --git a/files/routes/settings.py b/files/routes/settings.py index 8ee0c5db6..381867d3f 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -499,7 +499,8 @@ def gumroad(v): if SITE_NAME == 'Drama': patron = 'Paypig' else: patron = 'Patron' - if not (v.email and v.is_activated): return {"error": f"You must have a verified email to verify {patron} status and claim your rewards"}, 400 + if not (v.email and v.is_activated): + return {"error": f"You must have a verified email to verify {patron} status and claim your rewards"}, 400 data = {'access_token': GUMROAD_TOKEN, 'email': v.email} response = requests.get('https://api.gumroad.com/v2/sales', data=data).json()["sales"] @@ -624,7 +625,7 @@ def settings_security_post(v): v=v) ) - return render_template("settings_security.html", v=v, error="Check your email and click the verification link to complete the email change.") + return render_template("settings_security.html", v=v, msg="Check your email and click the verification link to complete the email change.") if request.values.get("2fa_token"): if not v.verifyPass(request.values.get('password')): @@ -931,12 +932,10 @@ def settings_content_get(v): @app.post("/settings/name_change") @limiter.limit("1/second") -@auth_required +@is_not_permabanned @validate_formkey def settings_name_change(v): - if v.is_banned and not v.unban_utc: return {"error": "forbidden."}, 403 - new_name=request.values.get("name").strip() if new_name==v.username: diff --git a/files/routes/users.py b/files/routes/users.py index aa8fcfaa9..436c9d7b3 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -140,7 +140,7 @@ def pay_rent(v): @app.post("/steal") @limiter.limit("1/second") -@is_not_banned +@auth_required @validate_formkey def steal(v): if int(time.time()) - v.created_utc < 604800: @@ -222,7 +222,7 @@ def get_coins(v, username): @app.post("/@/transfer_coins") @limiter.limit("1/second") -@is_not_banned +@is_not_permabanned @validate_formkey def transfer_coins(v, username): receiver = g.db.query(User).filter_by(username=username).one_or_none() @@ -260,7 +260,7 @@ def transfer_coins(v, username): @app.post("/@/transfer_bux") @limiter.limit("1/second") -@is_not_banned +@is_not_permabanned @validate_formkey def transfer_bux(v, username): receiver = g.db.query(User).filter_by(username=username).one_or_none() @@ -393,85 +393,16 @@ def reportbugs(v): @app.post("/@/message") @limiter.limit("1/second") @limiter.limit("10/hour") -@auth_required +@is_not_permabanned @validate_formkey def message2(v, username): user = get_user(username, v=v) if hasattr(user, 'is_blocking') and user.is_blocking: return {"error": "You're blocking this user."}, 403 - if v.admin_level <= 1 and hasattr(user, 'is_blocked') and user.is_blocked: return {"error": "This user is blocking you."}, 403 - - if v.is_banned and not v.unban_utc: return render_template('errors/500.html', error=True, v=v), 500 - - if v.shadowbanned: return redirect(f"/@{username}") - - message = request.values.get("message", "").strip()[:1000].strip() - - if 'linkedin.com' in message: return {"error": "this domain 'linkedin.com' is banned"} - - message = re.sub('!\[\]\((.*?)\)', r'\1', message) - - text_html = Renderer().render(mistletoe.Document(message)) - - text_html = sanitize(text_html, True) - - existing = g.db.query(Comment.id).filter(Comment.author_id == v.id, - Comment.sentto == user.id, - Comment.body_html == text_html, - ).first() - if existing: return redirect('/notifications?messages=true') - - new_comment = Comment(author_id=v.id, - parent_submission=None, - level=1, - sentto=user.id, - body_html=text_html, - ) - g.db.add(new_comment) - - g.db.flush() - - - notif = Notification(comment_id=new_comment.id, user_id=user.id) - g.db.add(notif) - - - try: - beams_client.publish_to_interests( - interests=[str(user.id)], - publish_body={ - 'web': { - 'notification': { - 'title': f'New message from @{v.username}', - 'body': message, - 'deep_link': f'https://{site}/notifications', - }, - }, - }, - ) - except Exception as e: - print(e) - - g.db.commit() - - return redirect(f"/@{username}") - -@app.post("/@/message2") -@limiter.limit("1/second") -@limiter.limit("10/hour") -@auth_required -@validate_formkey -def message3(v, username): - - user = get_user(username, v=v) - if hasattr(user, 'is_blocking') and user.is_blocking: return {"error": "You're blocking this user."}, 403 - if v.admin_level <= 1 and hasattr(user, 'is_blocked') and user.is_blocked: return {"error": "This user is blocking you."}, 403 - if v.is_banned and not v.unban_utc: return {"error": "Internal server error"}, 500 - if v.shadowbanned: return {"message": "Message sent!"} message = request.values.get("message", "").strip()[:1000].strip() @@ -542,7 +473,9 @@ def messagereply(v): id = int(request.values.get("parent_id")) parent = get_comment(id, v=v) - user = parent.author + user_id = parent.author.id + + if v.id == user_id: user_id = parent.sentto text_html = Renderer().render(mistletoe.Document(message)) text_html = sanitize(text_html, True) @@ -551,13 +484,13 @@ def messagereply(v): parent_submission=None, parent_comment_id=id, level=parent.level + 1, - sentto=user.id, + sentto=user_id, body_html=text_html, ) g.db.add(new_comment) g.db.flush() - notif = Notification(comment_id=new_comment.id, user_id=user.id) + notif = Notification(comment_id=new_comment.id, user_id=user_id) g.db.add(notif) g.db.commit() diff --git a/files/routes/votes.py b/files/routes/votes.py index 34438e00d..6c0fdb92a 100644 --- a/files/routes/votes.py +++ b/files/routes/votes.py @@ -16,8 +16,6 @@ def admin_vote_info_get(v): if not v or v.oldsite: template = '' else: template = 'CHRISTMAS/' - if v and v.shadowbanned: return render_template('errors/500.html', error=True, v=v), 500 - link = request.values.get("link") if not link: return render_template(f"{template}votes.html", v=v) @@ -27,36 +25,43 @@ def admin_vote_info_get(v): else: abort(400) except: abort(400) - if thing.author.shadowbanned and not (v and v.admin_level): return render_template('errors/500.html', error=True, v=v), 500 - if isinstance(thing, Submission): + if thing.author.shadowbanned and not (v and v.admin_level): + thing_id = g.db.query(Submission.id).filter_by(upvotes=thing.upvotes, downvotes=thing.downvotes).first()[0] + else: thing_id = thing.id + ups = g.db.query(Vote ).options(joinedload(Vote.user) - ).filter_by(submission_id=thing.id, vote_type=1 + ).filter_by(submission_id=thing_id, vote_type=1 ).order_by(Vote.id).all() downs = g.db.query(Vote ).options(joinedload(Vote.user) - ).filter_by(submission_id=thing.id, vote_type=-1 + ).filter_by(submission_id=thing_id, vote_type=-1 ).order_by(Vote.id).all() elif isinstance(thing, Comment): + if thing.author.shadowbanned and not (v and v.admin_level): + thing_id = g.db.query(Comment.id).filter_by(upvotes=thing.upvotes, downvotes=thing.downvotes).first()[0] + else: thing_id = thing.id + ups = g.db.query(CommentVote ).options(joinedload(CommentVote.user) - ).filter_by(comment_id=thing.id, vote_type=1 + ).filter_by(comment_id=thing_id, vote_type=1 ).order_by(CommentVote.id).all() downs = g.db.query(CommentVote ).options(joinedload(CommentVote.user) - ).filter_by(comment_id=thing.id, vote_type=-1 + ).filter_by(comment_id=thing_id, vote_type=-1 ).order_by(CommentVote.id).all() else: abort(400) if not v or v.oldsite: template = '' else: template = 'CHRISTMAS/' + return render_template(f"{template}votes.html", v=v, thing=thing, @@ -71,7 +76,7 @@ def admin_vote_info_get(v): @validate_formkey def api_vote_post(post_id, new, v): - if v.is_banned and not v.unban_utc or new == "-1" and environ.get('DISABLE_DOWNVOTES') == '1': return {"error": "forbidden."}, 403 + if new == "-1" and environ.get('DISABLE_DOWNVOTES') == '1': return {"error": "forbidden."}, 403 if new not in ["-1", "0", "1"]: abort(400) @@ -130,7 +135,7 @@ def api_vote_post(post_id, new, v): @validate_formkey def api_vote_comment(comment_id, new, v): - if v.is_banned and not v.unban_utc or new == "-1" and environ.get('DISABLE_DOWNVOTES') == '1': return {"error": "forbidden."}, 403 + if new == "-1" and environ.get('DISABLE_DOWNVOTES') == '1': return {"error": "forbidden."}, 403 if new not in ["-1", "0", "1"]: abort(400) diff --git a/files/templates/CHRISTMAS/contact.html b/files/templates/CHRISTMAS/contact.html index bbd52b77a..8a11c566b 100644 --- a/files/templates/CHRISTMAS/contact.html +++ b/files/templates/CHRISTMAS/contact.html @@ -9,22 +9,22 @@
- {% if request.values.get('error') or error %} + {% if error %} {% endif %} - {% if request.values.get('msg') or msg %} + {% if msg %} - {% endif %} + {% endif %} -

Contact {{'SITE_NAME' | app_config}} Admins

-{% if v and v.is_activated and not v.is_suspended %} +

Contact {{'SITE_NAME' | app_config}} Admins

-

Use this form to contact {{'SITE_NAME' | app_config}} Admins.

+

Use this form to contact {{'SITE_NAME' | app_config}} Admins.

- - + + -
+ - - + + + - +
- + 
 
 
-{% elif v %}
+
-

Please verify your email address in order to ensure we can respond to your message if needed. Then, refresh this page.

+

If you can see this line, we haven't been contacted by any law enforcement or governmental organizations in 2022 yet.

-{% else %} - -

In order to ensure that we can respond to your message, please first sign up or log in and make sure you have verified your email address. Then, refresh this page.

- -{% endif %} - -
+	
 
 
-

-
-
If you can see this line, we haven't been contacted by any law enforcement or governmental organizations in 2022 yet.

+
{% endblock %} diff --git a/files/templates/default.html b/files/templates/default.html index eb1a7e658..3b0596e9f 100644 --- a/files/templates/default.html +++ b/files/templates/default.html @@ -325,7 +325,7 @@ {% if v %} - + {% endif %} diff --git a/files/templates/emoji_modal.html b/files/templates/emoji_modal.html index 7f3c96746..74b9136fb 100644 --- a/files/templates/emoji_modal.html +++ b/files/templates/emoji_modal.html @@ -80,7 +80,7 @@
- +