fdMerge branch 'frost' of https://github.com/Aevann1/Drama into frost

2022-05-03 04:28:54 +00:00 · 2022-05-03 04:28:54 +00:00 · 70a1812fc5
parent 88103b863f 5e2da5673c
commit 70a1812fc5
18 changed files with 95 additions and 11 deletions
--- a/files/classes/user.py
+++ b/files/classes/user.py
@ -190,6 +190,7 @@ class User(Base):
 		elif self.patron == 4: discount = 0.75
 		elif self.patron == 5: discount = 0.70
 		elif self.patron == 6: discount = 0.65
+		elif self.patron == 7: discount = 0.60
 		else: discount = 1

 		for badge in [69,70,71,72,73]:
--- a/files/mail/init.py
+++ b/files/mail/init.py
@ -41,6 +41,7 @@ def send_verification_email(user, email=None):

@app.post("/verify_email")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def api_verify_email(v):

--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@ -710,11 +710,7 @@ def users_list(v):
 	try: page = int(request.values.get("page", 1))
 	except: page = 1

-	users = g.db.query(User).filter_by(is_banned=0
-									   ).order_by(User.created_utc.desc()
-												  ).offset(25 * (page - 1)).limit(26)
-
-	users = [x for x in users]
+	users = g.db.query(User).order_by(User.id.desc()).offset(25 * (page - 1)).limit(26).all()

 	next_exists = (len(users) > 25)
 	users = users[:25]
@ -726,6 +722,30 @@ def users_list(v):
 						   page=page,
 						   )

+
+@app.get("/badge_owners/<bid>")
+@auth_required
+def bid_list(v, bid):
+
+	try: bid = int(bid)
+	except: abort(400)
+
+	try: page = int(request.values.get("page", 1))
+	except: page = 1
+
+	users = g.db.query(User).join(Badge, Badge.user_id == User.id).filter(Badge.badge_id==bid).offset(25 * (page - 1)).limit(26).all()
+
+	next_exists = (len(users) > 25)
+	users = users[:25]
+
+	return render_template("admin/new_users.html",
+						   v=v,
+						   users=users,
+						   next_exists=next_exists,
+						   page=page,
+						   )
+
+
@app.get("/admin/alt_votes")
@admin_level_required(2)
 def alt_votes_get(v):
--- a/files/routes/awards.py
+++ b/files/routes/awards.py
@ -121,6 +121,7 @@ def buy(v, award):

@app.post("/award_post/<pid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def award_post(pid, v):
 	if v.shadowbanned: return render_template('errors/500.html', err=True, v=v), 500
@ -360,6 +361,7 @@ def award_post(pid, v):

@app.post("/award_comment/<cid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def award_comment(cid, v):
 	if v.shadowbanned: return render_template('errors/500.html', err=True, v=v), 500
--- a/files/routes/chat.py
+++ b/files/routes/chat.py
@ -35,6 +35,7 @@ def chatjs():

@socketio.on('speak')
@limiter.limit("3/second;10/minute")
+@limiter.limit("3/second;10/minute", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def speak(data, v):
 	if v.is_banned: return '', 403
--- a/files/routes/comments.py
+++ b/files/routes/comments.py
@ -160,6 +160,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):

@app.post("/comment")
@limiter.limit("1/second;20/minute;200/hour;1000/day")
+@limiter.limit("1/second;20/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def api_comment(v):
 	if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403
@ -667,6 +668,7 @@ def api_comment(v):

@app.post("/edit_comment/<cid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def edit_comment(cid, v):

@ -842,6 +844,7 @@ def edit_comment(cid, v):

@app.post("/delete/comment/<cid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def delete_comment(cid, v):

@ -863,6 +866,7 @@ def delete_comment(cid, v):

@app.post("/undelete/comment/<cid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def undelete_comment(cid, v):

@ -969,6 +973,7 @@ def mod_unpin(cid, v):

@app.post("/save_comment/<cid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def save_comment(cid, v):

@ -986,6 +991,7 @@ def save_comment(cid, v):

@app.post("/unsave_comment/<cid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def unsave_comment(cid, v):

@ -1001,6 +1007,7 @@ def unsave_comment(cid, v):

@app.post("/blackjack/<cid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def handle_blackjack_action(cid, v):
 	comment = get_comment(cid)
@ -1041,6 +1048,7 @@ def diff_words(answer, guess):

@app.post("/wordle/<cid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def handle_wordle_action(cid, v):

--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -169,6 +169,7 @@ def me(v):

@app.post("/logout")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def logout(v):

--- a/files/routes/oauth.py
+++ b/files/routes/oauth.py
@ -18,6 +18,7 @@ def authorize_prompt(v):

@app.post("/authorize")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def authorize(v):

@ -40,6 +41,7 @@ def authorize(v):

@app.post("/api_keys")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def request_api_keys(v):

@ -81,6 +83,7 @@ def request_api_keys(v):

@app.post("/delete_app/<aid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def delete_oauth_app(v, aid):

@ -101,6 +104,7 @@ def delete_oauth_app(v, aid):

@app.post("/edit_app/<aid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def edit_oauth_app(v, aid):

@ -264,6 +268,7 @@ def admin_apps_list(v):

@app.post("/oauth/reroll/<aid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def reroll_oauth_tokens(aid, v):

--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -56,6 +56,7 @@ def toggle_club(pid, v):

@app.post("/publish/<pid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def publish(pid, v):
 	post = get_post(pid)
@ -419,6 +420,7 @@ def morecomments(v, cid):

@app.post("/edit_post/<pid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def edit_post(pid, v):
 	p = get_post(pid)
@ -856,6 +858,7 @@ def api_is_repost():
@app.post("/submit")
@app.post("/h/<sub>/submit")
@limiter.limit("1/second;2/minute;10/hour;50/day")
+@limiter.limit("1/second;2/minute;10/hour;50/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def submit_post(v, sub=None):

@ -1395,6 +1398,7 @@ def submit_post(v, sub=None):

@app.post("/delete_post/<pid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def delete_post_pid(pid, v):

@ -1416,6 +1420,7 @@ def delete_post_pid(pid, v):

@app.post("/undelete_post/<pid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def undelete_post_pid(pid, v):
 	post = get_post(pid)
@ -1471,6 +1476,7 @@ def toggle_post_nsfw(pid, v):

@app.post("/save_post/<pid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def save_post(pid, v):

@ -1487,6 +1493,7 @@ def save_post(pid, v):

@app.post("/unsave_post/<pid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def unsave_post(pid, v):

@ -1520,6 +1527,7 @@ def api_pin_post(post_id, v):

@app.get("/submit/title")
@limiter.limit("6/minute")
+@limiter.limit("6/minute", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def get_post_title(v):

--- a/files/routes/reporting.py
+++ b/files/routes/reporting.py
@ -7,6 +7,7 @@ from files.helpers.sanitize import filter_emojis_only

@app.post("/report/post/<pid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def api_flag_post(pid, v):

@ -58,6 +59,7 @@ def api_flag_post(pid, v):

@app.post("/report/comment/<cid>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def api_flag_comment(cid, v):

--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@ -29,6 +29,7 @@ tiers={

@app.post("/settings/removebackground")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def removebackground(v):
 	v.background = None
@ -38,6 +39,7 @@ def removebackground(v):

@app.post("/settings/profile")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_profile_post(v):
 	updated = False
@ -340,6 +342,7 @@ def changelogsub(v):

@app.post("/settings/namecolor")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def namecolor(v):

@ -353,6 +356,7 @@ def namecolor(v):
 	
@app.post("/settings/themecolor")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def themecolor(v):

@ -366,6 +370,7 @@ def themecolor(v):

@app.post("/settings/gumroad")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def gumroad(v):
 	if not (v.email and v.is_activated):
@ -408,6 +413,7 @@ def gumroad(v):

@app.post("/settings/titlecolor")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def titlecolor(v):

@ -421,6 +427,7 @@ def titlecolor(v):

@app.post("/settings/verifiedcolor")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def verifiedcolor(v):
 	verifiedcolor = str(request.values.get("verifiedcolor", "")).strip()
@ -433,6 +440,7 @@ def verifiedcolor(v):

@app.post("/settings/security")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_security_post(v):
 	if request.values.get("new_password"):
@ -516,6 +524,7 @@ def settings_security_post(v):

@app.post("/settings/log_out_all_others")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_log_out_others(v):

@ -537,6 +546,7 @@ def settings_log_out_others(v):

@app.post("/settings/images/profile")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_images_profile(v):
 	if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
@ -572,6 +582,7 @@ def settings_images_profile(v):

@app.post("/settings/images/banner")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_images_banner(v):
 	if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
@ -607,6 +618,7 @@ def settings_css_get(v):

@app.post("/settings/css")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_css(v):
 	if v.agendaposter: return {"error": "Agendapostered users can't edit css!"}
@ -625,6 +637,7 @@ def settings_profilecss_get(v):

@app.post("/settings/profilecss")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_profilecss(v):
 	profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000]
@ -635,6 +648,7 @@ def settings_profilecss(v):

@app.post("/settings/block")
@limiter.limit("1/second;10/day")
+@limiter.limit("1/second;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_block_user(v):

@ -672,6 +686,7 @@ def settings_block_user(v):

@app.post("/settings/unblock")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_unblock_user(v):

@ -701,6 +716,7 @@ def settings_apps(v):

@app.post("/settings/remove_discord")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_remove_discord(v):

@ -721,6 +737,7 @@ def settings_content_get(v):

@app.post("/settings/name_change")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def settings_name_change(v):

@ -765,6 +782,7 @@ def settings_name_change(v):

@app.post("/settings/song_change")
@limiter.limit("2/second;10/day")
+@limiter.limit("2/second;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_song_change(v):
 	song=request.values.get("song").strip()
@ -844,6 +862,7 @@ def settings_song_change(v):

@app.post("/settings/title_change")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def settings_title_change(v):

--- a/files/routes/static.py
+++ b/files/routes/static.py
@ -385,6 +385,7 @@ def contact(v):

@app.post("/send_admin")
@limiter.limit("1/second;2/minute;6/hour;10/day")
+@limiter.limit("1/second;2/minute;6/hour;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def submit_contact(v):
 	body = request.values.get("message")
--- a/files/routes/subs.py
+++ b/files/routes/subs.py
@ -158,6 +158,7 @@ def blockers(v, sub):

@app.post("/h/<sub>/add_mod")
@limiter.limit("1/second;5/day")
+@limiter.limit("1/second;5/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def add_mod(v, sub):
 	sub = g.db.query(Sub).filter_by(name=sub.strip().lower()).one_or_none()
@ -306,6 +307,7 @@ def sub_settings(v, sub):

@app.post('/h/<sub>/sidebar')
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def post_sub_sidebar(v, sub):
 	sub = g.db.query(Sub).filter_by(name=sub.strip().lower()).one_or_none()
@ -326,6 +328,7 @@ def post_sub_sidebar(v, sub):

@app.post('/h/<sub>/css')
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def post_sub_css(v, sub):
 	sub = g.db.query(Sub).filter_by(name=sub.strip().lower()).one_or_none()
@ -352,6 +355,7 @@ def get_sub_css(sub):

@app.post("/h/<sub>/banner")
@limiter.limit("1/second;10/day")
+@limiter.limit("1/second;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def sub_banner(v, sub):
 	if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
@ -379,6 +383,7 @@ def sub_banner(v, sub):

@app.post("/h/<sub>/sidebar_image")
@limiter.limit("1/second;10/day")
+@limiter.limit("1/second;10/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def sub_sidebar(v, sub):
 	if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
--- a/files/routes/users.py
+++ b/files/routes/users.py
@ -371,6 +371,7 @@ def downvoting(v, username):

@app.post("/@<username>/suicide")
@limiter.limit("1/second;5/day")
+@limiter.limit("1/second;5/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def suicide(v, username):
 	user = get_user(username)
@ -389,6 +390,7 @@ def get_coins(v, username):

@app.post("/@<username>/transfer_coins")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def transfer_coins(v, username):
 	receiver = g.db.query(User).filter_by(username=username).one_or_none()
@ -423,6 +425,7 @@ def transfer_coins(v, username):

@app.post("/@<username>/transfer_bux")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def transfer_bux(v, username):
 	receiver = g.db.query(User).filter_by(username=username).one_or_none()
@ -567,6 +570,7 @@ def song(song):

@app.post("/subscribe/<post_id>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def subscribe(v, post_id):
 	new_sub = Subscription(user_id=v.id, submission_id=post_id)
@ -576,6 +580,7 @@ def subscribe(v, post_id):
 	
@app.post("/unsubscribe/<post_id>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def unsubscribe(v, post_id):
 	sub=g.db.query(Subscription).filter_by(user_id=v.id, submission_id=post_id).one_or_none()
@ -591,6 +596,7 @@ def reportbugs(v):

@app.post("/@<username>/message")
@limiter.limit("1/second;10/minute;20/hour;50/day")
+@limiter.limit("1/second;10/minute;20/hour;50/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def message2(v, username):

@ -655,6 +661,7 @@ def message2(v, username):

@app.post("/reply")
@limiter.limit("1/second;6/minute;50/hour;200/day")
+@limiter.limit("1/second;6/minute;50/hour;200/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def messagereply(v):

@ -1041,6 +1048,7 @@ def u_user_id_info(id, v=None):

@app.post("/follow/<username>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def follow_user(username, v):

@ -1065,6 +1073,7 @@ def follow_user(username, v):

@app.post("/unfollow/<username>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def unfollow_user(username, v):

@ -1092,6 +1101,7 @@ def unfollow_user(username, v):

@app.post("/remove_follow/<username>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@auth_required
 def remove_follow(username, v):
 	target = get_user(username)
--- a/files/routes/votes.py
+++ b/files/routes/votes.py
@ -7,7 +7,6 @@ from files.__main__ import app, limiter, cache
 from os import environ

@app.get("/votes")
-@limiter.limit("5/second;60/minute;200/hour;1000/day")
@auth_required
 def admin_vote_info_get(v):
 	link = request.values.get("link")
@ -53,6 +52,7 @@ def admin_vote_info_get(v):

@app.post("/vote/post/<post_id>/<new>")
@limiter.limit("5/second;60/minute;600/hour;1000/day")
+@limiter.limit("5/second;60/minute;600/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def api_vote_post(post_id, new, v):

@ -116,6 +116,7 @@ def api_vote_post(post_id, new, v):

@app.post("/vote/comment/<comment_id>/<new>")
@limiter.limit("5/second;60/minute;600/hour;1000/day")
+@limiter.limit("5/second;60/minute;600/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def api_vote_comment(comment_id, new, v):

@ -218,6 +219,7 @@ def api_vote_poll(comment_id, v):

@app.post("/bet/<comment_id>")
@limiter.limit("1/second;30/minute;200/hour;1000/day")
+@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{request.host}-{session.get("lo_user")}')
@is_not_permabanned
 def bet(comment_id, v):
 	
--- a/files/templates/badges.html
+++ b/files/templates/badges.html
@ -30,7 +30,7 @@
 		<td><img alt="{{badge.name}}" loading="lazy" src="/assets/images/badges/{{badge.id}}.webp?v=1016" width=45.83 height=50>
 		<td>{{badge.description}}</td>
 		{%- set ct = counts[badge.id] if badge.id in counts else (0, 0) %}
-		<td class="badges-rarity-qty">{{ ct[0] }}</td>
+		<td class="badges-rarity-qty"><a href="/badge_owners/{{badge.id}}">{{ ct[0] }}</a></td>
 		<td class="badges-rarity-ratio">{{ "{:0.3f}".format(ct[1]) }}%</td>
 	</tr>
 {% endfor %}
--- a/push.sh
+++ b/push.sh
@ -1,5 +1,4 @@
 git pull
 git add .
 git commit -m "sneed"
-git push
-. 'D:\1.sh'
+git push
--- a/pushforce.sh
+++ b/pushforce.sh
@ -1,4 +1,3 @@
 git add .
 git commit -m "force push"
-git push --force
-. 'D:\1.sh'
+git push --force