diff --git a/files/helpers/wrappers.py b/files/helpers/wrappers.py index e58fd72cb..dc0005944 100644 --- a/files/helpers/wrappers.py +++ b/files/helpers/wrappers.py @@ -164,6 +164,17 @@ def admin_level_required(x): return wrapper_maker +def feature_required(x): + def wrapper_maker(f): + def wrapper(*args, **kwargs): + v = get_logged_in_user() + if not FEATURES[x]: abort(404) + return make_response(f(*args, v=v, **kwargs)) + + wrapper.__name__ = f.__name__ + return wrapper + return wrapper_maker + def casino_required(f): def wrapper(*args, **kwargs): v = get_logged_in_user() diff --git a/files/routes/admin.py b/files/routes/admin.py index deb4554b1..69c8daa2a 100644 --- a/files/routes/admin.py +++ b/files/routes/admin.py @@ -521,10 +521,8 @@ def under_attack(v): @app.get("/admin/badge_grant") @admin_level_required(PERMS['USER_BADGES']) +@feature_required('BADGES') def badge_grant_get(v): - if not FEATURES['BADGES']: - abort(404) - badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() return render_template("admin/badge_grant.html", v=v, badge_types=badges) @@ -532,10 +530,8 @@ def badge_grant_get(v): @app.post("/admin/badge_grant") @limiter.limit("1/second;30/minute;200/hour;1000/day") @admin_level_required(PERMS['USER_BADGES']) +@feature_required('BADGES') def badge_grant_post(v): - if not FEATURES['BADGES']: - abort(404) - badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() user = get_user(request.values.get("username").strip(), graceful=True) @@ -582,22 +578,17 @@ def badge_grant_post(v): @app.get("/admin/badge_remove") @admin_level_required(PERMS['USER_BADGES']) +@feature_required('BADGES') def badge_remove_get(v): - if not FEATURES['BADGES']: - abort(404) - badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() - return render_template("admin/badge_remove.html", v=v, badge_types=badges) @app.post("/admin/badge_remove") @limiter.limit("1/second;30/minute;200/hour;1000/day") @admin_level_required(PERMS['USER_BADGES']) +@feature_required('BADGES') def badge_remove_post(v): - if not FEATURES['BADGES']: - abort(404) - badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all() user = get_user(request.values.get("username").strip(), graceful=True) @@ -1212,10 +1203,8 @@ def distinguish_post(post_id, v): @app.post("/sticky/") @admin_level_required(PERMS['POST_COMMENT_MODERATION']) +@feature_required('PINS') def sticky_post(post_id, v): - if not FEATURES['PINS']: - abort(403) - post = get_post(post_id) if not post.stickied: pins = g.db.query(Submission).filter(Submission.stickied != None, Submission.is_banned == False).count() diff --git a/files/routes/awards.py b/files/routes/awards.py index 5d5a154e4..bfae09e99 100644 --- a/files/routes/awards.py +++ b/files/routes/awards.py @@ -17,10 +17,8 @@ from copy import deepcopy @app.get("/shop") @app.get("/settings/shop") @auth_required +@feature_required('AWARDS') def shop(v): - if not FEATURES['AWARDS']: - abort(404) - AWARDS = deepcopy(AWARDS2) if v.house: @@ -44,10 +42,8 @@ def shop(v): @app.post("/buy/") @limiter.limit("100/minute;200/hour;1000/day") @auth_required +@feature_required('AWARDS') def buy(v, award): - if not FEATURES['AWARDS']: - abort(404) - if award == 'benefactor' and not request.values.get("mb"): return {"error": "You can only buy the Benefactor award with marseybux."}, 403 @@ -127,10 +123,8 @@ def buy(v, award): @limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @is_not_permabanned +@feature_required('AWARDS') def award_thing(v, thing_type, id): - if not FEATURES['AWARDS']: - abort(404) - if thing_type == 'post': thing = get_post(id) else: thing = get_comment(id) diff --git a/files/routes/casino.py b/files/routes/casino.py index 7053de0f5..5208f6615 100644 --- a/files/routes/casino.py +++ b/files/routes/casino.py @@ -14,10 +14,9 @@ from files.helpers.lottery import * @app.get("/casino") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def casino(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return render_template("casino/rehab.html", v=v) return render_template("casino.html", v=v) @@ -26,10 +25,9 @@ def casino(v): @app.get("/casino/") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def casino_game_page(v, game): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return render_template("casino/rehab.html", v=v) elif game not in CASINO_GAME_KINDS: abort(404) @@ -55,10 +53,9 @@ def casino_game_page(v, game): @app.get("/casino//feed") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def casino_game_feed(v, game): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 elif game not in CASINO_GAME_KINDS: abort(404) @@ -71,10 +68,9 @@ def casino_game_feed(v, game): @app.get("/lottershe") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def lottershe(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return render_template("casino/rehab.html", v=v) participants = get_users_participating_in_lottery() @@ -84,10 +80,9 @@ def lottershe(v): @app.post("/casino/slots") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def pull_slots(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -115,10 +110,9 @@ def pull_slots(v): @app.post("/casino/twentyone/deal") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def blackjack_deal_to_player(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -136,10 +130,9 @@ def blackjack_deal_to_player(v): @app.post("/casino/twentyone/hit") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def blackjack_player_hit(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -153,10 +146,9 @@ def blackjack_player_hit(v): @app.post("/casino/twentyone/stay") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def blackjack_player_stay(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -170,10 +162,9 @@ def blackjack_player_stay(v): @app.post("/casino/twentyone/double-down") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def blackjack_player_doubled_down(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -187,10 +178,9 @@ def blackjack_player_doubled_down(v): @app.post("/casino/twentyone/buy-insurance") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def blackjack_player_bought_insurance(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: @@ -204,10 +194,9 @@ def blackjack_player_bought_insurance(v): @app.get("/casino/roulette/bets") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def roulette_get_bets(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 bets = get_roulette_bets() @@ -218,10 +207,9 @@ def roulette_get_bets(v): @app.post("/casino/roulette/place-bet") @limiter.limit("100/minute;2000/hour;12000/day") @auth_required +@feature_required('GAMBLING') def roulette_player_placed_bet(v): - if not FEATURES['GAMBLING']: - abort(404) - elif v.rehab: + if v.rehab: return {"error": "You are under Rehab award effect!"}, 400 try: diff --git a/files/routes/comments.py b/files/routes/comments.py index 547a34af8..fbfceba30 100644 --- a/files/routes/comments.py +++ b/files/routes/comments.py @@ -647,9 +647,8 @@ def undelete_comment(cid, v): @app.post("/pin_comment/") @auth_required +@feature_required('PINS') def pin_comment(cid, v): - if not FEATURES['PINS']: - abort(403) comment = get_comment(cid, v=v) if not comment.stickied: diff --git a/files/routes/hats.py b/files/routes/hats.py index 024bcc3db..4eff02150 100644 --- a/files/routes/hats.py +++ b/files/routes/hats.py @@ -8,9 +8,8 @@ from flask import g @app.get("/hats") @auth_required +@feature_required('HATS') def hats(v): - if not FEATURES['HATS']: abort(404) - owned_hat_ids = [x.hat_id for x in v.owned_hats] if request.values.get("sort") == 'author_asc': @@ -34,9 +33,8 @@ def hats(v): @app.post("/buy_hat/") @auth_required +@feature_required('HATS') def buy_hat(v, hat_id): - if not FEATURES['HATS']: abort(404) - try: hat_id = int(hat_id) except: return {"error": "Hat not found!"}, 400 @@ -85,9 +83,8 @@ def buy_hat(v, hat_id): @app.post("/equip_hat/") @auth_required +@feature_required('HATS') def equip_hat(v, hat_id): - if not FEATURES['HATS']: abort(404) - try: hat_id = int(hat_id) except: return {"error": "Hat not found!"}, 400 @@ -101,9 +98,8 @@ def equip_hat(v, hat_id): @app.post("/unequip_hat/") @auth_required +@feature_required('HATS') def unequip_hat(v, hat_id): - if not FEATURES['HATS']: abort(404) - try: hat_id = int(hat_id) except: return {"error": "Hat not found!"}, 400 diff --git a/files/routes/posts.py b/files/routes/posts.py index b276f6030..4eb60f380 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -30,10 +30,8 @@ titleheaders = {"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWe @app.post("/club_post/") @auth_required +@feature_required('COUNTRY_CLUB') def club_post(pid, v): - if not FEATURES['COUNTRY_CLUB']: - abort(403) - post = get_post(pid) if post.author_id != v.id and v.admin_level < PERMS['POST_COMMENT_MODERATION']: abort(403) @@ -56,10 +54,8 @@ def club_post(pid, v): @app.post("/unclub_post/") @auth_required +@feature_required('COUNTRY_CLUB') def unclub_post(pid, v): - if not FEATURES['COUNTRY_CLUB']: - abort(403) - post = get_post(pid) if post.author_id != v.id and v.admin_level < 2: abort(403) diff --git a/files/routes/settings.py b/files/routes/settings.py index c262b53a8..f31b27ef0 100644 --- a/files/routes/settings.py +++ b/files/routes/settings.py @@ -547,10 +547,8 @@ def settings_images_profile(v): @limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required +@feature_required('USERS_PROFILE_BANNER') def settings_images_banner(v): - if not FEATURES['USERS_PROFILE_BANNER']: - abort(403) - if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403 file = request.files["banner"] @@ -755,10 +753,8 @@ def settings_name_change(v): @limiter.limit("3/second;10/day") @limiter.limit("3/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required +@feature_required('USERS_PROFILE_BANNER') def settings_song_change_mp3(v): - if not FEATURES['USERS_PROFILE_SONG']: - abort(403) - file = request.files['file'] if file.content_type != 'audio/mpeg': return render_template("settings_profile.html", v=v, error="Not a valid MP3 file") @@ -787,10 +783,8 @@ def settings_song_change_mp3(v): @limiter.limit("3/second;10/day") @limiter.limit("3/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required +@feature_required('USERS_PROFILE_BANNER') def settings_song_change(v): - if not FEATURES['USERS_PROFILE_SONG']: - abort(403) - song=request.values.get("song").strip() if song == "" and v.song: @@ -892,10 +886,8 @@ def settings_title_change(v): @limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required +@feature_required('PRONOUNS') def settings_pronouns_change(v): - if not FEATURES['PRONOUNS']: - abort(403) - pronouns = request.values.get("pronouns").replace("𒐪","").strip() if len(pronouns) > 11: diff --git a/files/routes/static.py b/files/routes/static.py index 4115b21a7..303a4e18e 100644 --- a/files/routes/static.py +++ b/files/routes/static.py @@ -348,10 +348,8 @@ def badge_list(site): @app.get("/badges") @auth_required +@feature_required('BADGES') def badges(v): - if not FEATURES['BADGES']: - abort(404) - badges, counts = badge_list(SITE) return render_template("badges.html", v=v, badges=badges, counts=counts) diff --git a/files/routes/subs.py b/files/routes/subs.py index 1f9b80bb2..9b7da1346 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -653,9 +653,8 @@ def sub_stealth(v, sub): @app.post("/mod_pin/") @is_not_permabanned +@feature_required('PINS') def mod_pin(cid, v): - if not FEATURES['PINS']: - abort(403) comment = get_comment(cid, v=v) if not comment.stickied: diff --git a/files/routes/users.py b/files/routes/users.py index a8cd94fb5..fa667a02a 100644 --- a/files/routes/users.py +++ b/files/routes/users.py @@ -230,10 +230,8 @@ def downvoting(v, username): @limiter.limit("1/second;5/day") @limiter.limit("1/second;5/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @auth_required +@feature_required('USERS_SUICIDE') def suicide(v, username): - if not FEATURES['USERS_SUICIDE']: - abort(403) - user = get_user(username) suicide = f"Hi there,\n\nA [concerned user](/id/{v.id}) reached out to us about you.\n\nWhen you're in the middle of something painful, it may feel like you don't have a lot of options. But whatever you're going through, you deserve help and there are people who are here for you.\n\nThere are resources available in your area that are free, confidential, and available 24/7:\n\n- Call, Text, or Chat with Canada's [Crisis Services Canada](https://www.crisisservicescanada.ca/en/)\n- Call, Email, or Visit the UK's [Samaritans](https://www.samaritans.org/)\n- Text CHAT to America's [Crisis Text Line](https://www.crisistextline.org/) at 741741.\nIf you don't see a resource in your area above, the moderators keep a comprehensive list of resources and hotlines for people organized by location. Find Someone Now\n\nIf you think you may be depressed or struggling in another way, don't ignore it or brush it aside. Take yourself and your feelings seriously, and reach out to someone.\n\nIt may not feel like it, but you have options. There are people available to listen to you, and ways to move forward.\n\nYour fellow users care about you and there are people who want to help." if not v.shadowbanned: