From 9575e11b8b590e5c684132370fdec31832773028 Mon Sep 17 00:00:00 2001 From: justcool393 Date: Wed, 5 Oct 2022 03:30:44 -0700 Subject: [PATCH] add get_sub_by_name function --- files/helpers/get.py | 13 ++++++ files/routes/front.py | 2 +- files/routes/posts.py | 3 +- files/routes/subs.py | 97 ++++++++++--------------------------------- 4 files changed, 38 insertions(+), 77 deletions(-) diff --git a/files/helpers/get.py b/files/helpers/get.py index 6c2720779..8ebd3a4dc 100644 --- a/files/helpers/get.py +++ b/files/helpers/get.py @@ -298,6 +298,19 @@ def get_comments(cids, v=None, load_parent=False): return sorted(output, key=lambda x: cids.index(x.id)) +def get_sub_by_name(sub, v=None, graceful=False): + if not sub: + if graceful: return None + else: abort(404) + sub = sub.replace('/h/', '').strip().lower() + if not sub: + if graceful: return None + else: abort(404) + sub = g.db.get(Sub, sub) + if not sub: + if graceful: return None + else: abort(404) + return sub def get_domain(s): diff --git a/files/routes/front.py b/files/routes/front.py index c8337d146..6e5900b9e 100644 --- a/files/routes/front.py +++ b/files/routes/front.py @@ -22,7 +22,7 @@ def front_all(v, sub=None, subdomain=None): if sub: sub = sub.strip().lower() if sub == 'chudrama' and not (v and v.can_see_chudrama): abort(403) - sub = g.db.get(Sub, sub) + sub = get_sub_by_name(sub, graceful=True) if (request.path.startswith('/h/') or request.path.startswith('/s/')) and not sub: abort(404) diff --git a/files/routes/posts.py b/files/routes/posts.py index 826a9c8b5..02427f9a3 100644 --- a/files/routes/posts.py +++ b/files/routes/posts.py @@ -87,8 +87,7 @@ def publish(pid, v): @app.get("/h//submit") @auth_required def submit_get(v, sub=None): - if sub: sub = g.db.get(Sub, sub.strip().lower()) - + sub = get_sub_by_name(sub, graceful=True) if request.path.startswith('/h/') and not sub: abort(404) SUBS = [x[0] for x in g.db.query(Sub.name).order_by(Sub.name).all()] diff --git a/files/routes/subs.py b/files/routes/subs.py index f9ccbb6b4..36dcaec67 100644 --- a/files/routes/subs.py +++ b/files/routes/subs.py @@ -109,10 +109,7 @@ def unexile(v, sub, uid): @app.post("/h//block") @auth_required def block_sub(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - sub = sub.name - + sub = get_sub_by_name(sub).name existing = g.db.query(SubBlock).filter_by(user_id=v.id, sub=sub).one_or_none() if not existing: @@ -126,10 +123,7 @@ def block_sub(v, sub): @app.post("/h//unblock") @auth_required def unblock_sub(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - sub = sub.name - + sub = get_sub_by_name(sub).name block = g.db.query(SubBlock).filter_by(user_id=v.id, sub=sub).one_or_none() if block: @@ -142,10 +136,7 @@ def unblock_sub(v, sub): @app.post("/h//subscribe") @auth_required def subscribe_sub(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - sub = sub.name - + sub = get_sub_by_name(sub).name existing = g.db.query(SubJoin).filter_by(user_id=v.id, sub=sub).one_or_none() if not existing: @@ -158,10 +149,7 @@ def subscribe_sub(v, sub): @app.post("/h//unsubscribe") @auth_required def unsubscribe_sub(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - sub = sub.name - + sub = get_sub_by_name(sub).name subscribe = g.db.query(SubJoin).filter_by(user_id=v.id, sub=sub).one_or_none() if subscribe: @@ -173,11 +161,8 @@ def unsubscribe_sub(v, sub): @app.post("/h//follow") @auth_required def follow_sub(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) existing = g.db.query(SubSubscription).filter_by(user_id=v.id, sub=sub.name).one_or_none() - if not existing: subscription = SubSubscription(user_id=v.id, sub=sub.name) g.db.add(subscription) @@ -188,11 +173,8 @@ def follow_sub(v, sub): @app.post("/h//unfollow") @auth_required def unfollow_sub(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) subscription = g.db.query(SubSubscription).filter_by(user_id=v.id, sub=sub.name).one_or_none() - if subscription: g.db.delete(subscription) cache.delete_memoized(frontlist) @@ -202,9 +184,7 @@ def unfollow_sub(v, sub): @app.get("/h//mods") @auth_required def mods(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) users = g.db.query(User, Mod).join(Mod).filter_by(sub=sub.name).order_by(Mod.created_utc).all() return render_template("sub/mods.html", v=v, sub=sub, users=users) @@ -213,9 +193,7 @@ def mods(v, sub): @app.get("/h//exilees") @auth_required def sub_exilees(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) users = g.db.query(User, Exile).join(Exile, Exile.user_id==User.id) \ .filter_by(sub=sub.name) \ .order_by(nullslast(Exile.created_utc.desc()), User.username).all() @@ -226,9 +204,7 @@ def sub_exilees(v, sub): @app.get("/h//blockers") @auth_required def sub_blockers(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) users = g.db.query(User).join(SubBlock) \ .filter_by(sub=sub.name) \ .order_by(nullslast(SubBlock.created_utc.desc()), User.username).all() @@ -240,9 +216,7 @@ def sub_blockers(v, sub): @app.get("/h//followers") @auth_required def sub_followers(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) users = g.db.query(User).join(SubSubscription) \ .filter_by(sub=sub.name) \ .order_by(nullslast(SubSubscription.created_utc.desc()), User.username).all() @@ -257,11 +231,7 @@ def sub_followers(v, sub): @is_not_permabanned def add_mod(v, sub): if SITE_NAME == 'WPD': abort(403) - - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - sub = sub.name - + sub = get_sub_by_name(sub).name if not v.mods(sub): abort(403) if v.shadowbanned: return redirect(f'/h/{sub}/mods') @@ -297,10 +267,8 @@ def add_mod(v, sub): @app.post("/h//remove_mod") @is_not_permabanned def remove_mod(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - sub = sub.name - + sub = get_sub_by_name(sub).name + if not v.mods(sub): abort(403) if v.shadowbanned: return redirect(f'/h/{sub}/mods') @@ -356,7 +324,7 @@ def create_sub2(v): if not valid_sub_regex.fullmatch(name): return render_template("sub/create_hole.html", v=v, cost=HOLE_COST, error=f"{HOLE_NAME.capitalize()} name not allowed."), 400 - sub = g.db.get(Sub, name) + sub = get_sub_by_name(sub, graceful=True) if not sub: if v.coins < HOLE_COST: return render_template("sub/create_hole.html", v=v, cost=HOLE_COST, error="You don't have enough coins!"), 403 @@ -425,11 +393,8 @@ def kick(v, pid): @app.get('/h//settings') @is_not_permabanned def sub_settings(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) if not v.mods(sub.name): abort(403) - return render_template('sub/settings.html', v=v, sidebar=sub.sidebar, sub=sub) @@ -438,9 +403,7 @@ def sub_settings(v, sub): @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @is_not_permabanned def post_sub_sidebar(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) if not v.mods(sub.name): abort(403) if v.shadowbanned: return redirect(f'/h/{sub}/settings') @@ -465,7 +428,7 @@ def post_sub_sidebar(v, sub): @limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}') @is_not_permabanned def post_sub_css(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) + sub = get_sub_by_name(sub) css = request.values.get('css', '').strip() if not sub: abort(404) @@ -509,9 +472,7 @@ def get_sub_css(sub): def sub_banner(v, sub): if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403 - sub = g.db.get(Sub, sub.lower().strip()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) if not v.mods(sub.name): abort(403) if v.shadowbanned: return redirect(f'/h/{sub}/settings') @@ -544,9 +505,7 @@ def sub_banner(v, sub): def sub_sidebar(v, sub): if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403 - sub = g.db.get(Sub, sub.lower().strip()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) if not v.mods(sub.name): abort(403) if v.shadowbanned: return redirect(f'/h/{sub}/settings') @@ -578,9 +537,7 @@ def sub_sidebar(v, sub): def sub_marsey(v, sub): if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403 - sub = g.db.get(Sub, sub.lower().strip()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) if not v.mods(sub.name): abort(403) if v.shadowbanned: return redirect(f'/h/{sub}/settings') @@ -667,9 +624,7 @@ def hole_unpin(v, pid): @app.post('/h//stealth') @is_not_permabanned def sub_stealth(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - + sub = get_sub_by_name(sub) if sub.name == 'braincels': abort(403) if not v.mods(sub.name): abort(403) @@ -754,10 +709,7 @@ def mod_unpin(cid, v): @app.get("/h//modlog") @auth_required def hole_log(v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - sub = sub - + sub = get_sub_by_name(sub) try: page = max(int(request.values.get("page", 1)), 1) except: page = 1 @@ -796,10 +748,7 @@ def hole_log(v, sub): @app.get("/h//log/") @auth_required def hole_log_item(id, v, sub): - sub = g.db.get(Sub, sub.strip().lower()) - if not sub: abort(404) - sub = sub - + sub = get_sub_by_name(sub) try: id = int(id) except: abort(404)