rDrama
/
rDrama
9
10
Fork 6
Code Issues Pull Requests Packages Releases Wiki Activity

under attack

remotes/1693045480750635534/spooky-22
Aevann1 2022-01-09 17:15:02 +02:00
parent dc80252fde
commit b69199054c
31 changed files with 105 additions and 184 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.gitignore vendored
View File

@ -3,7 +3,8 @@ video.mp4
video.webm
cache/
__pycache__/
disablesignups
disable_signups
under_attack
.idea/
**/.pytest_cache/
venv/

1
disablesignups
View File

@ -1 +0,0 @@
no

2
docker-compose.yml
View File

@ -43,6 +43,8 @@ services:
- MAIL_USERNAME=blahblahblah@gmail.com
- MAIL_PASSWORD=3435tdfsdudebussylmaoxxt43
- DESCRIPTION=rdrama.net caters to drama in all forms such as Real life, videos, photos, gossip, rumors, news sites, Reddit, and Beyond™. There isn't drama we won't touch, and we want it all!
- CF_KEY=3435tdfsdudebussylmaoxxt43
- CF_ZONE=3435tdfsdudebussylmaoxxt43
links:
- "redis"
- "postgres"

4
env
View File

@ -31,4 +31,6 @@ export DEFAULT_THEME="midnight"
export DEFAULT_COLOR="ff66ac" # YOU HAVE TO PICK ONE OF THOSE COLORS OR SHIT WILL BREAK: ff66ac, 805ad5, 62ca56, 38a169, 80ffff, 2a96f3, eb4963, ff0000, f39731, 30409f, 3e98a7, e4432d, 7b9ae4, ec72de, 7f8fa6, f8db58
export MAIL_USERNAME="blahblahblah@gmail.com"
export MAIL_PASSWORD="3435tdfsdudebussylmaoxxt43"
export DESCRIPTION="rdrama.net caters to drama in all forms such as: Real life, videos, photos, gossip, rumors, news sites, Reddit, and Beyond™. There isn't drama we won't touch, and we want it all!"
export DESCRIPTION="rdrama.net caters to drama in all forms such as: Real life, videos, photos, gossip, rumors, news sites, Reddit, and Beyond™. There isn't drama we won't touch, and we want it all!"
export CF_KEY="3435tdfsdudebussylmaoxxt43"
export CF_ZONE="3435tdfsdudebussylmaoxxt43"

10
files/classes/mod_logs.py
View File

@ -174,6 +174,16 @@ ACTIONTYPES={
"icon": "fa-user",
"color": "bg-success",
},
"disable_under_attack": {
"str": "disabled under attack mode",
"icon": "fa-shield",
"color": "bg-success",
},
"enable_under_attack": {
"str": "enabled under attack mode",
"icon": "fa-shield",
"color": "bg-danger",
},
"ban_user":{
"str":'banned user {self.target_link}',
"icon":"fa-user-slash",

26
files/helpers/wrappers.py
View File

@ -23,8 +23,13 @@ def get_logged_in_user():
v = g.db.query(User).filter_by(id=lo_user).one_or_none()
if not v or nonce < v.login_nonce: return None
v.client = None
if request.method != "GET":
submitted_key = request.values.get("formkey")
if not submitted_key: abort(401)
elif not v.validate_formkey(submitted_key): abort(401)
return v
def check_ban_evade(v):
@ -110,21 +115,4 @@ def admin_level_required(x):
wrapper.__name__ = f.__name__
return wrapper
return wrapper_maker
def validate_formkey(f):
def wrapper(*args, v, **kwargs):
if not request.headers.get("Authorization"):
submitted_key = request.values.get("formkey", None)
if not submitted_key: abort(401)
elif not v.validate_formkey(submitted_key): abort(401)
return f(*args, v=v, **kwargs)
wrapper.__name__ = f.__name__
return wrapper
return wrapper_maker

1
files/mail/__init__.py
View File

@ -43,7 +43,6 @@ def send_verification_email(user, email=None):
@app.post("/verify_email")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def api_verify_email(v):
send_verification_email(v)

82
files/routes/admin.py
View File

@ -23,14 +23,18 @@ SITE_NAME = environ.get("SITE_NAME", "").strip()
GUMROAD_ID = environ.get("GUMROAD_ID", "tfcvri").strip()
GUMROAD_TOKEN = environ.get("GUMROAD_TOKEN", "").strip()
CF_KEY = environ.get("CF_KEY", "").strip()
CF_ZONE = environ.get("CF_ZONE", "").strip()
CF_HEADERS = {"Authorization": f"Bearer {CF_KEY}", "Content-Type": "application/json"}
if SITE_NAME == 'PCM': cc = "splash mountain"
else: cc = "country club"
month = datetime.now().strftime('%B')
@app.post("/@<username>/make_admin")
@limiter.limit("1/second")
@admin_level_required(3)
@validate_formkey
def make_admin(v, username):
if request.host == 'rdrama.net': abort(403)
user = get_user(username)
@ -44,7 +48,6 @@ def make_admin(v, username):
@app.post("/@<username>/remove_admin")
@limiter.limit("1/second")
@admin_level_required(3)
@validate_formkey
def remove_admin(v, username):
user = get_user(username)
if not user: abort(404)
@ -91,7 +94,6 @@ def distribute(v, comment):
@app.post("/@<username>/revert_actions")
@limiter.limit("1/second")
@admin_level_required(3)
@validate_formkey
def revert_actions(v, username):
user = get_user(username)
if not user: abort(404)
@ -130,7 +132,6 @@ def revert_actions(v, username):
@app.post("/@<username>/club_allow")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def club_allow(v, username):
u = get_user(username, v=v)
@ -152,7 +153,6 @@ def club_allow(v, username):
@app.post("/@<username>/club_ban")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def club_ban(v, username):
u = get_user(username, v=v)
@ -174,7 +174,6 @@ def club_ban(v, username):
@app.post("/@<username>/make_meme_admin")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def make_meme_admin(v, username):
if request.host == 'pcmemes.net' or (SITE_NAME == 'Drama' and v.admin_level > 2) or (request.host != 'rdrama.net' and request.host != 'pcmemes.net'):
user = get_user(username)
@ -188,7 +187,6 @@ def make_meme_admin(v, username):
@app.post("/@<username>/remove_meme_admin")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def remove_meme_admin(v, username):
if request.host == 'pcmemes.net' or (SITE_NAME == 'Drama' and v.admin_level > 2) or (request.host != 'rdrama.net' and request.host != 'pcmemes.net'):
user = get_user(username)
@ -202,7 +200,6 @@ def remove_meme_admin(v, username):
@app.post("/admin/monthly")
@limiter.limit("1/day")
@admin_level_required(3)
@validate_formkey
def monthly(v):
if request.host == 'rdrama.net' and v.id != AEVANN_ID: abort (403)
@ -247,7 +244,6 @@ def get_sidebar(v):
@app.post('/admin/sidebar')
@limiter.limit("1/second")
@admin_level_required(3)
@validate_formkey
def post_sidebar(v):
text = request.values.get('sidebar', '').strip()
@ -351,21 +347,21 @@ def reported_comments(v):
@admin_level_required(2)
def admin_home(v):
with open('disablesignups', 'r') as f: x = f.read()
with open('disable_signups', 'r') as f: x = f.read()
with open('under_attack', 'r') as f: x2 = f.read()
if not v or v.oldsite: return render_template("admin/admin_home.html", v=v, x=x)
if not v or v.oldsite: return render_template("admin/admin_home.html", v=v, x=x, x2=x2)
actions = g.db.query(ModAction).order_by(ModAction.id.desc()).limit(10).all()
return render_template("CHRISTMAS/admin/admin_home.html", actions=actions, v=v, x=x)
return render_template("CHRISTMAS/admin/admin_home.html", actions=actions, v=v, x=x, x2=x2)
@app.post("/admin/disablesignups")
@app.post("/admin/disable_signups")
@admin_level_required(3)
@validate_formkey
def disablesignups(v):
with open('disablesignups', 'r') as f: content = f.read()
def disable_signups(v):
with open('disable_signups', 'r') as f: content = f.read()
with open('disablesignups', 'w') as f:
with open('disable_signups', 'w') as f:
if content == "yes":
f.write("no")
ma = ModAction(
@ -385,6 +381,35 @@ def disablesignups(v):
g.db.commit()
return {"message": "Signups disabled!"}
@app.post("/admin/under_attack")
@admin_level_required(2)
def under_attack(v):
with open('under_attack', 'r') as f: content = f.read()
with open('under_attack', 'w') as f:
if content == "yes":
f.write("no")
ma = ModAction(
kind="disable_under_attack",
user_id=v.id,
)
g.db.add(ma)
g.db.commit()
data='{"value":"high"}'
else:
f.write("yes")
ma = ModAction(
kind="enable_under_attack",
user_id=v.id,
)
g.db.add(ma)
g.db.commit()
data='{"value":"under_attack"}'
response = requests.patch(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, data=data)
return {"message": response.text}
@app.get("/admin/badge_grant")
@admin_level_required(2)
def badge_grant_get(v):
@ -397,7 +422,6 @@ def badge_grant_get(v):
@app.post("/admin/badge_grant")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def badge_grant_post(v):
if not v or v.oldsite: template = ''
else: template = 'CHRISTMAS/'
@ -571,7 +595,6 @@ def alt_votes_get(v):
@app.post("/admin/link_accounts")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def admin_link_accounts(v):
u1 = int(request.values.get("u1"))
@ -643,7 +666,6 @@ def admin_removed_comments(v):
@app.post("/agendaposter/<user_id>")
@admin_level_required(2)
@validate_formkey
def agendaposter(user_id, v):
user = g.db.query(User).filter_by(id=user_id).one_or_none()
@ -700,7 +722,6 @@ def agendaposter(user_id, v):
@app.post("/shadowban/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def shadowban(user_id, v):
user = g.db.query(User).filter_by(id=user_id).one_or_none()
if user.admin_level != 0: abort(403)
@ -726,7 +747,6 @@ def shadowban(user_id, v):
@app.post("/unshadowban/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def unshadowban(user_id, v):
user = g.db.query(User).filter_by(id=user_id).one_or_none()
if user.admin_level != 0: abort(403)
@ -753,7 +773,6 @@ def unshadowban(user_id, v):
@app.post("/admin/verify/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def verify(user_id, v):
user = g.db.query(User).filter_by(id=user_id).one_or_none()
user.verified = "Verified"
@ -772,7 +791,6 @@ def verify(user_id, v):
@app.post("/admin/unverify/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def unverify(user_id, v):
user = g.db.query(User).filter_by(id=user_id).one_or_none()
user.verified = None
@ -792,7 +810,6 @@ def unverify(user_id, v):
@app.post("/admin/title_change/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def admin_title_change(user_id, v):
user = g.db.query(User).filter_by(id=user_id).one_or_none()
@ -826,7 +843,6 @@ def admin_title_change(user_id, v):
@app.post("/ban_user/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def ban_user(user_id, v):
user = g.db.query(User).filter_by(id=user_id).one_or_none()
@ -886,7 +902,6 @@ def ban_user(user_id, v):
@app.post("/unban_user/<user_id>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def unban_user(user_id, v):
user = g.db.query(User).filter_by(id=user_id).one_or_none()
@ -926,7 +941,6 @@ def unban_user(user_id, v):
@app.post("/ban_post/<post_id>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def ban_post(post_id, v):
post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@ -963,7 +977,6 @@ def ban_post(post_id, v):
@app.post("/unban_post/<post_id>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def unban_post(post_id, v):
post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@ -996,7 +1009,6 @@ def unban_post(post_id, v):
@app.post("/distinguish/<post_id>")
@admin_level_required(1)
@validate_formkey
def api_distinguish_post(post_id, v):
post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@ -1022,7 +1034,6 @@ def api_distinguish_post(post_id, v):
@app.post("/sticky/<post_id>")
@admin_level_required(2)
@validate_formkey
def sticky_post(post_id, v):
post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@ -1045,7 +1056,6 @@ def sticky_post(post_id, v):
@app.post("/unsticky/<post_id>")
@admin_level_required(2)
@validate_formkey
def unsticky_post(post_id, v):
post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@ -1072,7 +1082,6 @@ def unsticky_post(post_id, v):
@app.post("/sticky_comment/<cid>")
@admin_level_required(2)
@validate_formkey
def sticky_comment(cid, v):
comment = get_comment(cid, v=v)
@ -1089,7 +1098,6 @@ def sticky_comment(cid, v):
@app.post("/unsticky_comment/<cid>")
@admin_level_required(2)
@validate_formkey
def unsticky_comment(cid, v):
comment = get_comment(cid, v=v)
@ -1117,7 +1125,6 @@ def unsticky_comment(cid, v):
@app.post("/ban_comment/<c_id>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def api_ban_comment(c_id, v):
comment = g.db.query(Comment).filter_by(id=c_id).one_or_none()
@ -1141,7 +1148,6 @@ def api_ban_comment(c_id, v):
@app.post("/unban_comment/<c_id>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def api_unban_comment(c_id, v):
comment = g.db.query(Comment).filter_by(id=c_id).one_or_none()
@ -1170,7 +1176,6 @@ def api_unban_comment(c_id, v):
@app.post("/distinguish_comment/<c_id>")
@admin_level_required(1)
@validate_formkey
def admin_distinguish_comment(c_id, v):
@ -1205,7 +1210,6 @@ def admin_banned_domains(v):
@app.post("/admin/banned_domains")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def admin_toggle_ban_domain(v):
domain=request.values.get("domain", "").strip()
@ -1241,7 +1245,6 @@ def admin_toggle_ban_domain(v):
@app.post("/admin/nuke_user")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def admin_nuke_user(v):
user=get_user(request.values.get("user"))
@ -1275,7 +1278,6 @@ def admin_nuke_user(v):
@app.post("/admin/unnuke_user")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def admin_nunuke_user(v):
user=get_user(request.values.get("user"))

4
files/routes/awards.py
View File

@ -84,7 +84,6 @@ def shop(v):
@app.post("/buy/<award>")
@auth_required
@validate_formkey
def buy(v, award):
AWARDS = deepcopy(AWARDS2)
@ -181,7 +180,6 @@ def buy(v, award):
@app.post("/post/<pid>/awards")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def award_post(pid, v):
if v.shadowbanned: return render_template('errors/500.html', error=True, v=v), 500
@ -365,7 +363,6 @@ def award_post(pid, v):
@app.post("/comment/<cid>/awards")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def award_comment(cid, v):
if v.shadowbanned: return render_template('errors/500.html', error=True, v=v), 500
@ -556,7 +553,6 @@ def admin_userawards_get(v):
@app.post("/admin/awards")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def admin_userawards_post(v):
if not v or v.oldsite: template = ''
else: template = 'CHRISTMAS/'

8
files/routes/comments.py
View File

@ -136,7 +136,6 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
@limiter.limit("1/second")
@limiter.limit("6/minute")
@auth_required
@validate_formkey
def api_comment(v):
if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403
@ -549,7 +548,6 @@ def api_comment(v):
@app.post("/edit_comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def edit_comment(cid, v):
if v and v.patron:
if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@ -739,7 +737,6 @@ def edit_comment(cid, v):
@app.post("/delete/comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def delete_comment(cid, v):
c = g.db.query(Comment).filter_by(id=cid).one_or_none()
@ -761,7 +758,6 @@ def delete_comment(cid, v):
@app.post("/undelete/comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def undelete_comment(cid, v):
c = g.db.query(Comment).filter_by(id=cid).one_or_none()
@ -785,7 +781,6 @@ def undelete_comment(cid, v):
@app.post("/pin_comment/<cid>")
@auth_required
@validate_formkey
def pin_comment(cid, v):
comment = get_comment(cid, v=v)
@ -806,7 +801,6 @@ def pin_comment(cid, v):
@app.post("/unpin_comment/<cid>")
@auth_required
@validate_formkey
def unpin_comment(cid, v):
comment = get_comment(cid, v=v)
@ -828,7 +822,6 @@ def unpin_comment(cid, v):
@app.post("/save_comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def save_comment(cid, v):
comment=get_comment(cid)
@ -847,7 +840,6 @@ def save_comment(cid, v):
@app.post("/unsave_comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def unsave_comment(cid, v):
comment=get_comment(cid)

42
files/routes/errors.py
View File

@ -1,5 +1,3 @@
import jinja2.exceptions
from files.helpers.wrappers import *
from flask import *
from urllib.parse import quote, urlencode
@ -8,10 +6,9 @@ from files.__main__ import app, limiter
@app.errorhandler(400)
@auth_desired
def error_400(e, v):
def error_400(e):
if request.headers.get("Authorization"): return {"error": "400 Bad Request"}, 400
else: return render_template('errors/400.html', error=True, v=v), 400
else: return render_template('errors/400.html', error=True), 400
@app.errorhandler(401)
def error_401(e):
@ -26,40 +23,35 @@ def error_401(e):
@app.errorhandler(403)
@auth_desired
def error_403(e, v):
def error_403(e):
if request.headers.get("Authorization"): return {"error": "403 Forbidden"}, 403
else: return render_template('errors/403.html', error=True, v=v), 403
else: return render_template('errors/403.html', error=True), 403
@app.errorhandler(404)
@auth_desired
def error_404(e, v):
def error_404(e):
if request.headers.get("Authorization"): return {"error": "404 Not Found"}, 404
else: return render_template('errors/404.html', error=True, v=v), 404
else: return render_template('errors/404.html', error=True), 404
@app.errorhandler(405)
@auth_desired
def error_405(e, v):
def error_405(e):
if request.headers.get("Authorization"): return {"error": "405 Method Not Allowed"}, 405
else: return render_template('errors/405.html', error=True, v=v), 405
else: return render_template('errors/405.html', error=True), 405
@app.errorhandler(429)
@auth_desired
def error_429(e, v):
def error_429(e):
if request.headers.get("Authorization"): return {"error": "429 Too Many Requests"}, 429
else: return render_template('errors/429.html', error=True, v=v), 429
else: return render_template('errors/429.html', error=True), 429
@app.errorhandler(500)
@auth_desired
def error_500(e, v):
def error_500(e):
g.db.rollback()
if request.headers.get("Authorization"): return {"error": "500 Internal Server Error"}, 500
else: return render_template('errors/500.html', error=True, v=v), 500
else: return render_template('errors/500.html', error=True), 500
@app.post("/allow_nsfw")
@ -69,11 +61,7 @@ def allow_nsfw():
@app.get("/error/<error>")
@auth_desired
def error_all_preview(error, v):
try:
return render_template(f"errors/{error}.html", error=True, v=v)
except jinja2.exceptions.TemplateNotFound:
abort(400)
def error_all_preview(error):
try: return render_template(f"errors/{error}.html", error=True)
except: abort(400)

1
files/routes/front.py
View File

@ -12,7 +12,6 @@ def slash_post():
@app.post("/clear")
@auth_required
@validate_formkey
def clear(v):
for n in v.notifications.filter_by(read=False).all():
n.read = True

5
files/routes/login.py
View File

@ -158,7 +158,6 @@ def me(v):
@app.post("/logout")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def logout(v):
session.pop("session_id", None)
@ -170,7 +169,7 @@ def logout(v):
@app.get("/signup")
@auth_desired
def sign_up_get(v):
with open('disablesignups', 'r') as f:
with open('disable_signups', 'r') as f:
if f.read() == "yes": return {"error": "New account registration is currently closed. Please come back later."}, 403
if v: return redirect("/")
@ -215,7 +214,7 @@ def sign_up_get(v):
@limiter.limit("5/day")
@auth_desired
def sign_up_post(v):
with open('disablesignups', 'r') as f:
with open('disable_signups', 'r') as f:
if f.read() == "yes": return {"error": "New account registration is currently closed. Please come back later."}, 403
if v: abort(403)

8
files/routes/oauth.py
View File

@ -21,7 +21,6 @@ def authorize_prompt(v):
@app.post("/authorize")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def authorize(v):
client_id = request.values.get("client_id")
@ -40,7 +39,6 @@ def authorize(v):
@app.post("/api_keys")
@limiter.limit("1/second")
@is_not_permabanned
@validate_formkey
def request_api_keys(v):
new_app = OauthApp(
@ -62,7 +60,6 @@ def request_api_keys(v):
@app.post("/delete_app/<aid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def delete_oauth_app(v, aid):
aid = int(aid)
@ -83,7 +80,6 @@ def delete_oauth_app(v, aid):
@app.post("/edit_app/<aid>")
@limiter.limit("1/second")
@is_not_permabanned
@validate_formkey
def edit_oauth_app(v, aid):
aid = int(aid)
@ -105,7 +101,6 @@ def edit_oauth_app(v, aid):
@app.post("/admin/app/approve/<aid>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def admin_app_approve(v, aid):
app = g.db.query(OauthApp).filter_by(id=aid).one_or_none()
@ -140,7 +135,6 @@ def admin_app_approve(v, aid):
@app.post("/admin/app/revoke/<aid>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def admin_app_revoke(v, aid):
app = g.db.query(OauthApp).filter_by(id=aid).one_or_none()
@ -166,7 +160,6 @@ def admin_app_revoke(v, aid):
@app.post("/admin/app/reject/<aid>")
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def admin_app_reject(v, aid):
app = g.db.query(OauthApp).filter_by(id=aid).one_or_none()
@ -262,7 +255,6 @@ def admin_apps_list(v):
@app.post("/oauth/reroll/<aid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def reroll_oauth_tokens(aid, v):
aid = aid

9
files/routes/posts.py
View File

@ -49,7 +49,6 @@ def toggle_club(pid, v):
@app.post("/publish/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def publish(pid, v):
post = get_post(pid)
if not post.author_id == v.id: abort(403)
@ -393,7 +392,6 @@ def morecomments(v, cid):
@app.post("/edit_post/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def edit_post(pid, v):
if v and v.patron:
if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@ -683,7 +681,6 @@ def thumbnail_thread(pid):
@limiter.limit("1/second")
@limiter.limit("6/minute")
@auth_required
@validate_formkey
def submit_post(v):
if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403
@ -1144,7 +1141,6 @@ def submit_post(v):
@app.post("/delete_post/<pid>")
@limiter.limit("2/second")
@auth_required
@validate_formkey
def delete_post_pid(pid, v):
post = get_post(pid)
@ -1166,7 +1162,6 @@ def delete_post_pid(pid, v):
@app.post("/undelete_post/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def undelete_post_pid(pid, v):
post = get_post(pid)
if not post.author_id == v.id: abort(403)
@ -1182,7 +1177,6 @@ def undelete_post_pid(pid, v):
@app.post("/toggle_comment_nsfw/<cid>")
@auth_required
@validate_formkey
def toggle_comment_nsfw(cid, v):
comment = g.db.query(Comment).filter_by(id=cid).one_or_none()
@ -1197,7 +1191,6 @@ def toggle_comment_nsfw(cid, v):
@app.post("/toggle_post_nsfw/<pid>")
@auth_required
@validate_formkey
def toggle_post_nsfw(pid, v):
post = get_post(pid)
@ -1224,7 +1217,6 @@ def toggle_post_nsfw(pid, v):
@app.post("/save_post/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def save_post(pid, v):
post=get_post(pid)
@ -1241,7 +1233,6 @@ def save_post(pid, v):
@app.post("/unsave_post/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def unsave_post(pid, v):
post=get_post(pid)

3
files/routes/reporting.py
View File

@ -8,7 +8,6 @@ from files.helpers.sanitize import filter_emojis_only
@app.post("/report/post/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def api_flag_post(pid, v):
post = get_post(pid)
@ -39,7 +38,6 @@ def api_flag_post(pid, v):
@app.post("/report/comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def api_flag_comment(cid, v):
comment = get_comment(cid)
@ -64,7 +62,6 @@ def api_flag_comment(cid, v):
@app.post('/del_report/<report_fn>')
@limiter.limit("1/second")
@admin_level_required(2)
@validate_formkey
def remove_report(report_fn, v):
if report_fn.startswith('c'):

23
files/routes/settings.py
View File

@ -37,7 +37,6 @@ tiers={
@app.post("/settings/removebackground")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def removebackground(v):
v.background = None
g.db.add(v)
@ -47,7 +46,6 @@ def removebackground(v):
@app.post("/settings/profile")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_profile_post(v):
if v and v.patron:
if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@ -431,7 +429,6 @@ def settings_profile_post(v):
@app.post("/settings/filters")
@auth_required
@validate_formkey
def filters(v):
filters=request.values.get("filters")[:1000].strip()
@ -449,7 +446,6 @@ def filters(v):
@app.post("/changelogsub")
@auth_required
@validate_formkey
def changelogsub(v):
v.changelogsub = not v.changelogsub
g.db.add(v)
@ -463,7 +459,6 @@ def changelogsub(v):
@app.post("/settings/namecolor")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def namecolor(v):
if not v or v.oldsite: template = ''
else: template = 'CHRISTMAS/'
@ -479,7 +474,6 @@ def namecolor(v):
@app.post("/settings/themecolor")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def themecolor(v):
if not v or v.oldsite: template = ''
else: template = 'CHRISTMAS/'
@ -495,7 +489,6 @@ def themecolor(v):
@app.post("/settings/gumroad")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def gumroad(v):
if SITE_NAME == 'Drama': patron = 'Paypig'
else: patron = 'Patron'
@ -548,7 +541,6 @@ def gumroad(v):
@app.post("/settings/titlecolor")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def titlecolor(v):
if not v or v.oldsite: template = ''
else: template = 'CHRISTMAS/'
@ -564,7 +556,6 @@ def titlecolor(v):
@app.post("/settings/verifiedcolor")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def verifiedcolor(v):
if not v or v.oldsite: template = ''
else: template = 'CHRISTMAS/'
@ -580,7 +571,6 @@ def verifiedcolor(v):
@app.post("/settings/security")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_security_post(v):
if request.values.get("new_password"):
if request.values.get("new_password") != request.values.get("cnf_password"):
@ -664,7 +654,6 @@ def settings_security_post(v):
@app.post("/settings/log_out_all_others")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_log_out_others(v):
submitted_password = request.values.get("password", "").strip()
@ -690,7 +679,6 @@ def settings_log_out_others(v):
@app.post("/settings/images/profile")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_images_profile(v):
if v and v.patron:
if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@ -728,7 +716,6 @@ def settings_images_profile(v):
@app.post("/settings/images/banner")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_images_banner(v):
if v and v.patron:
if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@ -756,7 +743,6 @@ def settings_images_banner(v):
@app.post("/settings/delete/profile")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_delete_profile(v):
if v.profileurl or v.highres:
@ -772,7 +758,6 @@ def settings_delete_profile(v):
@app.post("/settings/delete/banner")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_delete_banner(v):
if v.bannerurl:
@ -804,7 +789,6 @@ def settings_css_get(v):
@app.post("/settings/css")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_css(v):
if v.agendaposter: return {"error": "Agendapostered users can't edit css!"}
@ -829,7 +813,6 @@ def settings_profilecss_get(v):
@app.post("/settings/profilecss")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_profilecss(v):
if v.truecoins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a paypig to set profile css."
profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000]
@ -844,7 +827,6 @@ def settings_profilecss(v):
@app.post("/settings/block")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_block_user(v):
user = get_user(request.values.get("username"), graceful=True)
@ -879,7 +861,6 @@ def settings_block_user(v):
@app.post("/settings/unblock")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_unblock_user(v):
user = get_user(request.values.get("username"))
@ -911,7 +892,6 @@ def settings_apps(v):
@app.post("/settings/remove_discord")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_remove_discord(v):
remove_user(v)
@ -934,7 +914,6 @@ def settings_content_get(v):
@app.post("/settings/name_change")
@limiter.limit("1/second")
@is_not_permabanned
@validate_formkey
def settings_name_change(v):
new_name=request.values.get("name").strip()
@ -985,7 +964,6 @@ def settings_name_change(v):
@app.post("/settings/song_change")
@limiter.limit("5/day;1/second")
@auth_required
@validate_formkey
def settings_song_change(v):
song=request.values.get("song").strip()
@ -1074,7 +1052,6 @@ def settings_song_change(v):
@app.post("/settings/title_change")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_title_change(v):
if not v or v.oldsite: template = ''
else: template = 'CHRISTMAS/'

1
files/routes/static.py
View File

@ -269,7 +269,6 @@ def contact(v):
@app.post("/send_admin")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def submit_contact(v):
message = f'This message has been sent automatically to all admins via [/contact](/contact), user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "")
send_admin(v.id, message)

13
files/routes/users.py
View File

@ -124,7 +124,6 @@ def downvoting(v, username):
@app.post("/pay_rent")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def pay_rent(v):
if v.coins < 500: return {"error":"You must have more than 500 coins."}
v.coins -= 500
@ -141,7 +140,6 @@ def pay_rent(v):
@app.post("/steal")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def steal(v):
if int(time.time()) - v.created_utc < 604800:
return {"error":"You must have an account older than 1 week in order to attempt stealing."}
@ -200,7 +198,6 @@ def thiefs(v):
@app.post("/@<username>/suicide")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def suicide(v, username):
t = int(time.time())
if v.admin_level == 0 and t - v.suicide_utc < 86400: return {"message": "You're on 1-day cooldown!"}
@ -223,7 +220,6 @@ def get_coins(v, username):
@app.post("/@<username>/transfer_coins")
@limiter.limit("1/second")
@is_not_permabanned
@validate_formkey
def transfer_coins(v, username):
receiver = g.db.query(User).filter_by(username=username).one_or_none()
@ -261,7 +257,6 @@ def transfer_coins(v, username):
@app.post("/@<username>/transfer_bux")
@limiter.limit("1/second")
@is_not_permabanned
@validate_formkey
def transfer_bux(v, username):
receiver = g.db.query(User).filter_by(username=username).one_or_none()
@ -367,7 +362,6 @@ def song(song):
@app.post("/subscribe/<post_id>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def subscribe(v, post_id):
new_sub = Subscription(user_id=v.id, submission_id=post_id)
g.db.add(new_sub)
@ -377,7 +371,6 @@ def subscribe(v, post_id):
@app.post("/unsubscribe/<post_id>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def unsubscribe(v, post_id):
sub=g.db.query(Subscription).filter_by(user_id=v.id, submission_id=post_id).one_or_none()
if sub:
@ -394,7 +387,6 @@ def reportbugs(v):
@limiter.limit("1/second")
@limiter.limit("10/hour")
@is_not_permabanned
@validate_formkey
def message2(v, username):
user = get_user(username, v=v)
@ -464,7 +456,6 @@ def message2(v, username):
@limiter.limit("1/second")
@limiter.limit("6/minute")
@auth_required
@validate_formkey
def messagereply(v):
message = request.values.get("body", "").strip()[:1000].strip()
@ -832,7 +823,6 @@ def u_username_info(username, v=None):
@app.post("/follow/<username>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def follow_user(username, v):
target = get_user(username)
@ -857,7 +847,6 @@ def follow_user(username, v):
@app.post("/unfollow/<username>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def unfollow_user(username, v):
target = get_user(username)
@ -882,7 +871,6 @@ def unfollow_user(username, v):
@app.post("/remove_follow/<username>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def remove_follow(username, v):
target = get_user(username)
@ -977,7 +965,6 @@ def saved_comments(v, username):
@app.post("/fp/<fp>")
@auth_required
@validate_formkey
def fp(v, fp):
if v.username != fp:
v.fp = fp

4
files/routes/votes.py
View File

@ -73,7 +73,6 @@ def admin_vote_info_get(v):
@app.post("/vote/post/<post_id>/<new>")
@limiter.limit("5/second;60/minute;600/hour")
@auth_required
@validate_formkey
def api_vote_post(post_id, new, v):
if new == "-1" and environ.get('DISABLE_DOWNVOTES') == '1': return {"error": "forbidden."}, 403
@ -132,7 +131,6 @@ def api_vote_post(post_id, new, v):
@app.post("/vote/comment/<comment_id>/<new>")
@limiter.limit("5/second;60/minute;600/hour")
@auth_required
@validate_formkey
def api_vote_comment(comment_id, new, v):
if new == "-1" and environ.get('DISABLE_DOWNVOTES') == '1': return {"error": "forbidden."}, 403
@ -199,7 +197,6 @@ def api_vote_comment(comment_id, new, v):
@app.post("/vote/poll/<comment_id>")
@auth_required
@validate_formkey
def api_vote_poll(comment_id, v):
vote = request.values.get("vote")
@ -235,7 +232,6 @@ def api_vote_poll(comment_id, v):
@app.post("/bet/<comment_id>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def bet(comment_id, v):
if v.coins < 200: return {"error": "You don't have 200 coins!"}

9
files/templates/admin/admin_home.html
View File

@ -58,9 +58,14 @@
{% if v.admin_level > 2 %}
<div class="custom-control custom-switch">
<input autocomplete="off" type="checkbox" class="custom-control-input" id="disablesignups" name="disablesignups" {% if x == "yes" %}checked{% endif %} onchange="post_toast('/admin/disablesignups');">
<label class="custom-control-label" for="disablesignups">Disable signups</label>
<input autocomplete="off" type="checkbox" class="custom-control-input" id="disable_signups" name="disable_signups" {% if x == "yes" %}checked{% endif %} onchange="post_toast('/admin/disable_signups');">
<label class="custom-control-label" for="disable_signups">Disable signups</label>
</div>
{% endif %}
<div class="custom-control custom-switch">
<input autocomplete="off" type="checkbox" class="custom-control-input" id="under_attack" name="under_attack" {% if x2 == "yes" %}checked{% endif %} onchange="post_toast('/admin/under_attack');">
<label class="custom-control-label" for="under_attack">Under attack mode</label>
</div>
{% endblock %}

4
files/templates/authforms.html
View File

@ -15,7 +15,7 @@
{% if v %}
<style>:root{--primary:#{{v.themecolor}}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
{% if v.agendaposter %}
<style>
html {
@ -39,7 +39,7 @@
{% endif %}
{% else %}
<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
{% endif %}
</head>

4
files/templates/default.html
View File

@ -7,7 +7,7 @@
<script src="/static/assets/js/bootstrap.js?a=3"></script>
{% if v %}
<style>:root{--primary:#{{v.themecolor}}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68">
<link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
{% if v.agendaposter %}
<style>
@ -32,7 +32,7 @@
{% endif %}
{% else %}
<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
{% endif %}
<meta charset="utf-8">

4
files/templates/log.html
View File

@ -6,7 +6,7 @@
{% block content %}
{% if v %}
<style>:root{--primary:#{{v.themecolor}}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
{% if v.agendaposter %}
<style>
html {
@ -30,7 +30,7 @@
{% endif %}
{% else %}
<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
{% endif %}
<div class="row justify-content-around">

2
files/templates/login.html
View File

@ -18,7 +18,7 @@
{% endblock %}
<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68">
<link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
</head>

2
files/templates/login_2fa.html
View File

@ -14,7 +14,7 @@
<title>2-Step Login - {{'SITE_NAME' | app_config}}</title>
<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
</head>

2
files/templates/settings.html
View File

@ -34,7 +34,7 @@
<style>:root{--primary:#{{v.themecolor}}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
{% if v.agendaposter %}
<style>
html {

4
files/templates/settings2.html
View File

@ -39,10 +39,10 @@
{% if v %}
<style>:root{--primary:#{{v.themecolor}}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
{% else %}
<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
{% endif %}
</head>

2
files/templates/sign_up.html
View File

@ -31,7 +31,7 @@
<title>{% if ref_user %}{{ref_user.username}} invites you to {{'SITE_NAME' | app_config}}{% else %}Sign up - {{'SITE_NAME' | app_config}}{% endif %}</title>
<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
</head>

2
files/templates/sign_up_failed_ref.html
View File

@ -32,7 +32,7 @@
<title>{% if ref_user %}{{ref_user.username}} invites you to {{'SITE_NAME' | app_config}}{% else %}{{'SITE_NAME' | app_config}}{% endif %}</title>
<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
</head>

4
files/templates/submit.html
View File

@ -26,7 +26,7 @@
{% block stylesheets %}
{% if v %}
<style>:root{--primary:#{{v.themecolor}}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
{% if v.agendaposter %}
<style>
html {
@ -50,7 +50,7 @@
{% endif %}
{% else %}
<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
<link rel="stylesheet" href="/static/assets/css/main.css?a=67">
<link rel="stylesheet" href="/static/assets/css/main.css?a=68">
<link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
{% endif %}
{% endblock %}