move feature_required wrappers up

files/routes/admin.py

@@ -520,17 +520,17 @@ def under_attack(v):
 
 @app.get("/admin/badge_grant")
 @app.get("/admin/badge_remove")
-@admin_level_required(PERMS['USER_BADGES'])
 @feature_required('BADGES')
+@admin_level_required(PERMS['USER_BADGES'])
 def badge_grant_get(v):
 	grant = request.url.endswith("grant")
 	badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all()
 	return render_template("admin/badge_admin.html", v=v, badge_types=badges, grant=grant)
 
 @app.post("/admin/badge_grant")
+@feature_required('BADGES')
 @limiter.limit(DEFAULT_RATELIMIT_SLOWER)
 @admin_level_required(PERMS['USER_BADGES'])
-@feature_required('BADGES')
 def badge_grant_post(v):
 	badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all()
 
@@ -577,9 +577,9 @@ def badge_grant_post(v):
 	return render_template("admin/badge_admin.html", v=v, badge_types=badges, grant=True, msg=f"{new_badge.name} Badge granted to @{user.username} successfully!")
 
 @app.post("/admin/badge_remove")
+@feature_required('BADGES')
 @limiter.limit(DEFAULT_RATELIMIT_SLOWER)
 @admin_level_required(PERMS['USER_BADGES'])
-@feature_required('BADGES')
 def badge_remove_post(v):
 	badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all()
 
@@ -1221,8 +1221,8 @@ def distinguish_post(post_id, v):
 
 
 @app.post("/sticky/<post_id>")
-@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
 @feature_required('PINS')
+@admin_level_required(PERMS['POST_COMMENT_MODERATION'])
 def sticky_post(post_id, v):
 	post = get_post(post_id)
 	if post.is_banned: abort(403, "Can't sticky removed posts!")

files/routes/awards.py

@@ -16,8 +16,8 @@ from copy import deepcopy
 
 @app.get("/shop")
 @app.get("/settings/shop")
-@auth_required
 @feature_required('AWARDS')
+@auth_required
 def shop(v):
 	AWARDS = deepcopy(AWARDS2)
 
@@ -40,9 +40,9 @@ def shop(v):
 
 
 @app.post("/buy/<award>")
+@feature_required('AWARDS')
 @limiter.limit("100/minute;200/hour;1000/day")
 @auth_required
-@feature_required('AWARDS')
 def buy(v, award):
 	if award == 'benefactor' and not request.values.get("mb"):
 		abort(403, "You can only buy the Benefactor award with marseybux.")

files/routes/casino.py

@@ -12,9 +12,9 @@ from files.helpers.lottery import *
 
 
 @app.get("/casino")
+@feature_required('GAMBLING')
 @limiter.limit("100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def casino(v):
 	if v.rehab:
 		return render_template("casino/rehab.html", v=v)
@@ -23,9 +23,9 @@ def casino(v):
 
 
 @app.get("/casino/<game>")
+@feature_required('GAMBLING')
 @limiter.limit("100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def casino_game_page(v, game):
 	if v.rehab:
 		return render_template("casino/rehab.html", v=v)
@@ -51,9 +51,9 @@ def casino_game_page(v, game):
 
 
 @app.get("/casino/<game>/feed")
+@feature_required('GAMBLING')
 @limiter.limit("100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def casino_game_feed(v, game):
 	if v.rehab: 
 		abort(403, "You are under Rehab award effect!")
@@ -66,9 +66,9 @@ def casino_game_feed(v, game):
 
 # Lottershe
 @app.get("/lottershe")
+@feature_required('GAMBLING')
 @limiter.limit("100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def lottershe(v):
 	if v.rehab:
 		return render_template("casino/rehab.html", v=v)
@@ -78,9 +78,9 @@ def lottershe(v):
 
 # Slots
 @app.post("/casino/slots")
+@feature_required('GAMBLING')
 @limiter.limit("100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def pull_slots(v):
 	if v.rehab:
 		abort(403, "You are under Rehab award effect!")
@@ -109,9 +109,9 @@ def pull_slots(v):
 
 # 21
 @app.post("/casino/twentyone/deal")
+@feature_required('GAMBLING')
 @limiter.limit("1/second;100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def blackjack_deal_to_player(v):
 	if v.rehab:
 		abort(403, "You are under Rehab award effect!")
@@ -129,9 +129,9 @@ def blackjack_deal_to_player(v):
 
 
 @app.post("/casino/twentyone/hit")
+@feature_required('GAMBLING')
 @limiter.limit("1/second;100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def blackjack_player_hit(v):
 	if v.rehab:
 		abort(403, "You are under Rehab award effect!")
@@ -145,9 +145,9 @@ def blackjack_player_hit(v):
 
 
 @app.post("/casino/twentyone/stay")
+@feature_required('GAMBLING')
 @limiter.limit("1/second;100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def blackjack_player_stay(v):
 	if v.rehab:
 		abort(403, "You are under Rehab award effect!")
@@ -161,9 +161,9 @@ def blackjack_player_stay(v):
 
 
 @app.post("/casino/twentyone/double-down")
+@feature_required('GAMBLING')
 @limiter.limit("1/second;100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def blackjack_player_doubled_down(v):
 	if v.rehab:
 		abort(403, "You are under Rehab award effect!")
@@ -177,9 +177,9 @@ def blackjack_player_doubled_down(v):
 
 
 @app.post("/casino/twentyone/buy-insurance")
+@feature_required('GAMBLING')
 @limiter.limit("1/second;100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def blackjack_player_bought_insurance(v):
 	if v.rehab:
 		abort(403, "You are under Rehab award effect!")
@@ -193,9 +193,9 @@ def blackjack_player_bought_insurance(v):
 
 # Roulette
 @app.get("/casino/roulette/bets")
+@feature_required('GAMBLING')
 @limiter.limit("100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def roulette_get_bets(v):
 	if v.rehab:
 		abort(403, "You are under Rehab award effect!")
@@ -206,9 +206,9 @@ def roulette_get_bets(v):
 
 
 @app.post("/casino/roulette/place-bet")
+@feature_required('GAMBLING')
 @limiter.limit("100/minute;2000/hour;12000/day")
 @auth_required
-@feature_required('GAMBLING')
 def roulette_player_placed_bet(v):
 	if v.rehab:
 		abort(403, "You are under Rehab award effect!")

files/routes/comments.py

@@ -514,8 +514,8 @@ def undelete_comment(cid, v):
 
 
 @app.post("/pin_comment/<cid>")
-@auth_required
 @feature_required('PINS')
+@auth_required
 def pin_comment(cid, v):
 	
 	comment = get_comment(cid, v=v)

files/routes/hats.py

@@ -7,8 +7,8 @@ from files.helpers.useractions import *
 from flask import g
 
 @app.get("/hats")
-@auth_required
 @feature_required('HATS')
+@auth_required
 def hats(v):
 	owned_hat_ids = [x.hat_id for x in v.owned_hats]
 
@@ -32,9 +32,9 @@ def hats(v):
 	return render_template("hats.html", owned_hat_ids=owned_hat_ids, hats=hats, v=v, sales=sales, num_of_hats=num_of_hats)
 
 @app.post("/buy_hat/<hat_id>")
+@feature_required('HATS')
 @limiter.limit('100/minute;1000/3 days')
 @auth_required
-@feature_required('HATS')
 def buy_hat(v, hat_id):
 	try: hat_id = int(hat_id)
 	except: abort(404, "Hat not found!")
@@ -84,8 +84,8 @@ def buy_hat(v, hat_id):
 
 
 @app.post("/equip_hat/<hat_id>")
-@auth_required
 @feature_required('HATS')
+@auth_required
 def equip_hat(v, hat_id):
 	try: hat_id = int(hat_id)
 	except: abort(404, "Hat not found!")
@@ -99,8 +99,8 @@ def equip_hat(v, hat_id):
 	return {"message": f"'{hat.name}' equipped!"}
 
 @app.post("/unequip_hat/<hat_id>")
-@auth_required
 @feature_required('HATS')
+@auth_required
 def unequip_hat(v, hat_id):
 	try: hat_id = int(hat_id)
 	except: abort(404, "Hat not found!")

files/routes/lottery.py

@@ -8,25 +8,25 @@ from files.helpers.lottery import *
 import requests
 
 @app.post("/lottery/end")
-@admin_level_required(PERMS['LOTTERY_ADMIN'])
 @feature_required('GAMBLING')
+@admin_level_required(PERMS['LOTTERY_ADMIN'])
 def lottery_end(v):
 	success, message = end_lottery_session()
 	return {"message": message} if success else {"error": message}
 
 
 @app.post("/lottery/start")
-@admin_level_required(PERMS['LOTTERY_ADMIN'])
 @feature_required('GAMBLING')
+@admin_level_required(PERMS['LOTTERY_ADMIN'])
 def lottery_start(v):
 	start_new_lottery_session()
 	return {"message": "Lottery started."}
 
 
 @app.post("/lottery/buy")
+@feature_required('GAMBLING')
 @limiter.limit("3/second;100/minute;500/hour;1000/day")
 @auth_required
-@feature_required('GAMBLING')
 def lottery_buy(v):
 	try: quantity = int(request.values.get("quantity"))
 	except: abort(400, "Invalid ticket quantity.")
@@ -42,17 +42,17 @@ def lottery_buy(v):
 
 
 @app.get("/lottery/active")
+@feature_required('GAMBLING')
 @limiter.limit("3/second;100/minute;500/hour;1000/day")
 @auth_required
-@feature_required('GAMBLING')
 def lottery_active(v):
 	lottery, participants = get_active_lottery_stats()
 
 	return {"message": "", "stats": {"user": v.lottery_stats, "lottery": lottery, "participants": participants}}
 
 @app.get("/admin/lottery/participants")
-@admin_level_required(PERMS['LOTTERY_VIEW_PARTICIPANTS'])
 @feature_required('GAMBLING')
+@admin_level_required(PERMS['LOTTERY_VIEW_PARTICIPANTS'])
 def lottery_admin(v):
 	participants = get_users_participating_in_lottery()
 	return render_template("admin/lottery.html", v=v, participants=participants)

files/routes/posts.py

@@ -29,8 +29,8 @@ titleheaders = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWe
 
 
 @app.post("/club_post/<pid>")
-@auth_required
 @feature_required('COUNTRY_CLUB')
+@auth_required
 def club_post(pid, v):
 	post = get_post(pid)
 	if post.author_id != v.id and v.admin_level < PERMS['POST_COMMENT_MODERATION']: abort(403)
@@ -53,8 +53,8 @@ def club_post(pid, v):
 	return {"message": f"Post has been marked as {CC_TITLE}!"}
 
 @app.post("/unclub_post/<pid>")
-@auth_required
 @feature_required('COUNTRY_CLUB')
+@auth_required
 def unclub_post(pid, v):
 	post = get_post(pid)
 	if post.author_id != v.id and v.admin_level < PERMS['POST_COMMENT_MODERATION']: abort(403)

files/routes/settings.py

@@ -506,10 +506,10 @@ def settings_images_profile(v):
 
 
 @app.post("/settings/images/banner")
+@feature_required('USERS_PROFILE_BANNER')
 @limiter.limit(DEFAULT_RATELIMIT_SLOWER)
 @auth_required
 @ratelimit_user()
-@feature_required('USERS_PROFILE_BANNER')
 def settings_images_banner(v):
 	if request.headers.get("cf-ipcountry") == "T1": abort(403, "Image uploads are not allowed through TOR.")
 
@@ -659,10 +659,10 @@ def settings_name_change(v):
 	return redirect("/settings/personal")
 
 @app.post("/settings/song_change_mp3")
+@feature_required('USERS_PROFILE_SONG')
 @limiter.limit("3/second;10/day")
 @limiter.limit("3/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
 @auth_required
-@feature_required('USERS_PROFILE_SONG')
 def settings_song_change_mp3(v):
 	file = request.files['file']
 	if file.content_type != 'audio/mpeg':
@@ -687,10 +687,10 @@ def settings_song_change_mp3(v):
 	return redirect("/settings/personal")
 
 @app.post("/settings/song_change")
+@feature_required('USERS_PROFILE_SONG')
 @limiter.limit("3/second;10/day")
 @limiter.limit("3/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
 @auth_required
-@feature_required('USERS_PROFILE_SONG')
 def settings_song_change(v):
 	song=request.values.get("song").strip()
 

files/routes/static.py

@@ -324,8 +324,8 @@ def badge_list(site):
 	return badges, counts
 
 @app.get("/badges")
-@auth_required
 @feature_required('BADGES')
+@auth_required
 def badges(v):
 	badges, counts = badge_list(SITE)
 	return render_template("badges.html", v=v, badges=badges, counts=counts)

files/routes/subs.py

@@ -640,8 +640,8 @@ def sub_stealth(v, sub):
 
 
 @app.post("/mod_pin/<cid>")
-@is_not_permabanned
 @feature_required('PINS')
+@is_not_permabanned
 def mod_pin(cid, v):
 	
 	comment = get_comment(cid, v=v)

files/routes/users.py

@@ -251,10 +251,10 @@ def downvoting(v, username):
 	return all_upvoters_downvoters(v, username, -1, True)
 
 @app.post("/@<username>/suicide")
+@feature_required('USERS_SUICIDE')
 @limiter.limit("1/second;5/day")
 @limiter.limit("1/second;5/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
 @auth_required
-@feature_required('USERS_SUICIDE')
 def suicide(v, username):