rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests Packages Releases Wiki Activity

abort a bunch of stuff where we manually returned JSON

remotes/1693176582716663532/tmp_refs/heads/watchparty
justcool393 2022-10-11 06:01:39 -07:00
parent 64cd11377e
commit c0acb1722b
17 changed files with 171 additions and 196 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
files/assets/js/bootstrap.js
View File

@ -218,6 +218,7 @@ function post_toast(t, url, button1, button2, classname, extra_actions) {
} else {
document.getElementById('toast-post-error-text').innerText = "Error, please try again later."
if (data && data["error"]) document.getElementById('toast-post-error-text').innerText = data["error"];
if (data && data["details"]) document.getElementById('toast-post-error-text').innerText = data["details"];
bootstrap.Toast.getOrCreateInstance(document.getElementById('toast-post-error')).show();
}
if (!isShopConfirm)

22
files/routes/admin.py
View File

@ -196,7 +196,7 @@ def remove_admin(v, username):
@admin_level_required(PERMS['POST_BETS_DISTRIBUTE'])
def distribute(v, option_id):
autojanny = get_account(AUTOJANNY_ID)
if autojanny.coins == 0: return {"error": "@AutoJanny has 0 coins"}, 400
if autojanny.coins == 0: abort(400, "@AutoJanny has 0 coins")
try: option_id = int(option_id)
except: abort(400)
@ -303,7 +303,7 @@ def revert_actions(v, username):
def club_allow(v, username):
u = get_user(username, v=v)
if u.admin_level >= v.admin_level: return {"error": "noob"}, 400
if u.admin_level >= v.admin_level: abort(403, 'noob')
u.club_allowed = True
g.db.add(u)
@ -329,7 +329,7 @@ def club_allow(v, username):
def club_ban(v, username):
u = get_user(username, v=v)
if u.admin_level >= v.admin_level: return {"error": "noob"}, 400
if u.admin_level >= v.admin_level: abort(403, 'noob')
u.club_allowed = False
@ -490,7 +490,7 @@ def purge_cache(v):
g.db.add(ma)
if response == "<Response [200]>": return {"message": "Cache purged!"}
return {"error": "Failed to purge cache."}, 400
abort(400, 'Failed to purge cache.')
@app.post("/admin/under_attack")
@ -507,7 +507,7 @@ def under_attack(v):
response = str(requests.patch(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, data='{"value":"high"}', timeout=5))
if response == "<Response [200]>": return {"message": "Under attack mode disabled!"}
return {"error": "Failed to disable under attack mode."}, 400
abort(400, "Failed to disable under attack mode.")
else:
ma = ModAction(
kind="enable_under_attack",
@ -517,7 +517,7 @@ def under_attack(v):
response = str(requests.patch(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, data='{"value":"under_attack"}', timeout=5))
if response == "<Response [200]>": return {"message": "Under attack mode enabled!"}
return {"error": "Failed to enable under attack mode."}, 400
abort(400, "Failed to enable under attack mode.")
@app.get("/admin/badge_grant")
@admin_level_required(PERMS['USER_BADGES'])
@ -1158,7 +1158,7 @@ def approve_post(post_id, v):
post = get_post(post_id)
if post.author.id == v.id and post.author.agendaposter and AGENDAPOSTER_PHRASE not in post.body.lower() and post.sub != 'chudrama':
return {"error": "You can't bypass the chud award!"}, 400
abort(400, "You can't bypass the chud award!")
if post.is_banned:
ma=ModAction(
@ -1223,7 +1223,7 @@ def sticky_post(post_id, v):
if v.admin_level >= PERMS['BYPASS_PIN_LIMIT']:
post.stickied = v.username
post.stickied_utc = int(time.time()) + 3600
else: return {"error": f"Can't exceed {PIN_LIMIT} pinned posts limit!"}, 403
else: abort(403, f"Can't exceed {PIN_LIMIT} pinned posts limit!")
else: post.stickied = v.username
g.db.add(post)
@ -1246,7 +1246,7 @@ def unsticky_post(post_id, v):
post = get_post(post_id)
if post.stickied:
if post.stickied.endswith('(pin award)'): return {"error": "Can't unpin award pins!"}, 403
if post.stickied.endswith('(pin award)'): abort(403, "Can't unpin award pins!")
post.stickied = None
post.stickied_utc = None
@ -1296,7 +1296,7 @@ def unsticky_comment(cid, v):
comment = get_comment(cid, v=v)
if comment.stickied:
if comment.stickied.endswith("(pin award)"): return {"error": "Can't unpin award pins!"}, 403
if comment.stickied.endswith("(pin award)"): abort(403, "Can't unpin award pins!")
comment.stickied = None
g.db.add(comment)
@ -1344,7 +1344,7 @@ def approve_comment(c_id, v):
if not comment: abort(404)
if comment.author.id == v.id and comment.author.agendaposter and AGENDAPOSTER_PHRASE not in comment.body.lower() and comment.post.sub != 'chudrama':
return {"error": "You can't bypass the chud award!"}, 400
abort(400, "You can't bypass the chud award!")
if comment.is_banned:
ma=ModAction(

41
files/routes/asset_submissions.py
View File

@ -96,27 +96,27 @@ if SITE not in ('pcmemes.net', 'watchpeopledie.co'):
@admin_level_required(PERMS['MODERATE_PENDING_SUBMITTED_MARSEYS'])
def approve_marsey(v, name):
if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, SNAKES_ID):
return {"error": "Only Carp can approve marseys!"}, 403
abort(403, "Only Carp can approve marseys!")
name = name.lower().strip()
marsey = g.db.query(Marsey).filter_by(name=name).one_or_none()
if not marsey:
return {"error": f"This marsey '{name}' doesn't exist!"}, 404
abort(404, f"This marsey '{name}' doesn't exist!")
tags = request.values.get('tags').lower().strip()
if not tags:
return {"error": "You need to include tags!"}, 400
abort(400, "You need to include tags!")
new_name = request.values.get('name').lower().strip()
if not new_name:
return {"error": "You need to include name!"}, 400
abort(400, "You need to include name!")
if not marsey_regex.fullmatch(new_name):
return {"error": "Invalid name!"}, 400
abort(400, "Invalid name!")
if not tags_regex.fullmatch(tags):
return {"error": "Invalid tags!"}, 400
abort(400, "Invalid tags!")
marsey.name = new_name
@ -168,10 +168,10 @@ if SITE not in ('pcmemes.net', 'watchpeopledie.co'):
marsey = g.db.query(Marsey).filter_by(name=name).one_or_none()
if not marsey:
return {"error": f"This marsey '{name}' doesn't exist!"}, 404
abort(404, f"This marsey '{name}' doesn't exist!")
if v.id not in (marsey.submitter_id, AEVANN_ID, CARP_ID):
return {"error": "Only Carp can remove marseys!"}, 403
abort(403, "Only Carp can remove marseys!")
if v.id != marsey.submitter_id:
msg = f"@{v.username} has rejected a marsey you submitted: `'{marsey.name}'`"
@ -257,27 +257,20 @@ if SITE not in ('pcmemes.net', 'watchpeopledie.co'):
@admin_level_required(PERMS['MODERATE_PENDING_SUBMITTED_HATS'])
def approve_hat(v, name):
if AEVANN_ID and v.id not in (AEVANN_ID, CARP_ID, SNAKES_ID):
return {"error": "Only Carp can approve hats!"}, 403
abort(403, "Only Carp can approve hats!"}, 403
name = name.strip()
hat = g.db.query(HatDef).filter_by(name=name).one_or_none()
if not hat:
return {"error": f"This hat '{name}' doesn't exist!"}, 404
if not hat: abort(404, f"This hat '{name}' doesn't exist!")
description = request.values.get('description').strip()
if not description:
return {"error": "You need to include description!"}, 400
if not description: abort(400, "You need to include a description!")
new_name = request.values.get('name').strip()
if not new_name:
return {"error": "You need to include name!"}, 400
if not hat_regex.fullmatch(new_name):
return {"error": "Invalid name!"}, 400
if not description_regex.fullmatch(description):
return {"error": "Invalid description!"}, 400
if not new_name: abort(400, "You need to include a name!")
if not hat_regex.fullmatch(new_name): abort(400, "Invalid name!")
if not description_regex.fullmatch(description): abort(400, "Invalid description!")
hat.price = int(request.values.get('price'))
hat.name = new_name
@ -332,11 +325,9 @@ if SITE not in ('pcmemes.net', 'watchpeopledie.co'):
name = name.strip()
hat = g.db.query(HatDef).filter_by(name=name).one_or_none()
if not hat:
return {"error": f"This hat '{name}' doesn't exist!"}, 404
if not hat: abort(404, f"This hat '{name}' doesn't exist!")
if v.id not in (hat.submitter_id, AEVANN_ID, CARP_ID):
return {"error": "Only Carp can remove hats!"}, 403
abort(403, 'Only Carp can remove hats!')
if v.id != hat.submitter_id:
msg = f"@{v.username} has rejected a hat you submitted: `'{hat.name}'`"

32
files/routes/awards.py
View File

@ -49,10 +49,10 @@ def buy(v, award):
if award == 'benefactor' and not request.values.get("mb"):
return {"error": "You can only buy the Benefactor award with marseybux."}, 403
abort(403, "You can only buy the Benefactor award with marseybux.")
if award == 'ghost' and v.admin_level < PERMS['BUY_GHOST_AWARD']:
return {"error": "Only admins can buy this award."}, 403
abort(403, "Only admins can buy this award")
AWARDS = deepcopy(AWARDS2)
@ -67,15 +67,15 @@ def buy(v, award):
if request.values.get("mb"):
if award == "grass":
return {"error": "You can't buy the grass award with marseybux."}, 403
abort(403, "You can't buy the grass award with marseybux.")
charged = v.charge_account('procoins', price)
if not charged:
return {"error": "Not enough marseybux."}, 400
abort(400, "Not enough marseybux.")
else:
charged = v.charge_account('coins', price)
if not charged:
return {"error": "Not enough coins."}, 400
abort(400, "Not enough coins.")
v.coins_spent += price
if v.coins_spent >= 1000000:
@ -129,8 +129,6 @@ def buy(v, award):
@is_not_permabanned
@feature_required('BADGES')
def award_thing(v, thing_type, id):
if thing_type == 'post': thing = get_post(id)
else: thing = get_comment(id)
@ -142,8 +140,7 @@ def award_thing(v, thing_type, id):
if v.house:
AWARDS[v.house] = HOUSE_AWARDS[v.house]
if kind not in AWARDS:
return {"error": "This award doesn't exist."}, 404
if kind not in AWARDS: abort(404, "This award doesn't exist")
award = g.db.query(AwardRelationship).filter(
AwardRelationship.kind == kind,
@ -152,8 +149,7 @@ def award_thing(v, thing_type, id):
AwardRelationship.comment_id == None
).first()
if not award:
return {"error": "You don't have that award."}, 404
if not award: abort(404, "You don't have that award")
if thing_type == 'post': award.submission_id = thing.id
else: award.comment_id = thing.id
@ -167,13 +163,13 @@ def award_thing(v, thing_type, id):
if author.shadowbanned: abort(404)
if SITE == 'rdrama.net' and author.id in (PIZZASHILL_ID, CARP_ID):
return {"error": "This user is immune to awards."}, 403
abort(403, "This user is immune to awards.")
if kind == "benefactor" and author.id == v.id:
return {"error": "You can't use this award on yourself."}, 400
abort(400, "You can't use this award on yourself.")
if kind == 'marsify' and author.marsify == 1:
return {"error": "User is already permanently marsified!"}, 403
abort(403, "User is already permanently marsified!")
if v.id != author.id:
safe_username = "👻" if thing.ghost else f"@{author.username}"
@ -254,7 +250,7 @@ def award_thing(v, thing_type, id):
g.db.add(thing)
elif kind == "agendaposter" and not (author.agendaposter and author.agendaposter == 0):
if author.marseyawarded:
return {"error": "This user is the under the effect of a conflicting award: Marsey award."}, 404
abort(400, "This user is under the effect of a conflicting award: Marsey award.")
if author.agendaposter and time.time() < author.agendaposter: author.agendaposter += 86400
else: author.agendaposter = int(time.time()) + 86400
@ -284,13 +280,13 @@ def award_thing(v, thing_type, id):
badge_grant(user=author, badge_id=98)
elif kind == "pizzashill":
if author.bird:
return {"error": "This user is the under the effect of a conflicting award: Bird Site award."}, 404
abort(400, "This user is under the effect of a conflicting award: Bird Site award.")
if author.longpost: author.longpost += 86400
else: author.longpost = int(time.time()) + 86400
badge_grant(user=author, badge_id=97)
elif kind == "bird":
if author.longpost:
return {"error": "This user is the under the effect of a conflicting award: Pizzashill award."}, 404
abort(400, "This user is under the effect of a conflicting award: Pizzashill award.")
if author.bird: author.bird += 86400
else: author.bird = int(time.time()) + 86400
badge_grant(user=author, badge_id=95)
@ -317,7 +313,7 @@ def award_thing(v, thing_type, id):
else: author.progressivestack = int(time.time()) + 21600
badge_grant(user=author, badge_id=94)
elif kind == "benefactor":
if author.patron: return {"error": "This user is already a paypig!"}, 400
if author.patron: abort(400, "This user is already a paypig!")
author.patron = 1
if author.patron_utc: author.patron_utc += 2629746
else: author.patron_utc = int(time.time()) + 2629746

40
files/routes/casino.py
View File

@ -55,8 +55,8 @@ def casino_game_page(v, game):
@auth_required
@feature_required('GAMBLING')
def casino_game_feed(v, game):
if v.rehab:
return {"error": "You are under Rehab award effect!"}, 400
if v.rehab:
abort(403, "You are under Rehab award effect!")
elif game not in CASINO_GAME_KINDS:
abort(404)
@ -83,27 +83,27 @@ def lottershe(v):
@feature_required('GAMBLING')
def pull_slots(v):
if v.rehab:
return {"error": "You are under Rehab award effect!"}, 400
abort(403, "You are under Rehab award effect!")
try:
wager = int(request.values.get("wager"))
except:
return {"error": "Invalid wager."}, 400
abort(400, "Invalid wager.")
try:
currency = request.values.get("currency")
except:
return {"error": "Invalid currency (expected 'coin' or 'marseybux')."}, 400
abort(400, "Invalid currency (expected 'coin' or 'marseybux').")
if (currency == "coin" and wager > v.coins) or (currency == "marseybux" and wager > v.procoins):
return {"error": f"Not enough {currency} to make that bet."}, 400
abort(400, f"Not enough {currency} to make that bet")
success, game_state = casino_slot_pull(v, wager, currency)
if success:
return {"game_state": game_state, "gambler": {"coins": v.coins, "procoins": v.procoins}}
else:
return {"error": f"Wager must be more than 5 {currency}."}, 400
abort(400, f"Wager must be more than 5 {currency}")
# 21
@ -113,7 +113,7 @@ def pull_slots(v):
@feature_required('GAMBLING')
def blackjack_deal_to_player(v):
if v.rehab:
return {"error": "You are under Rehab award effect!"}, 400
abort(403, "You are under Rehab award effect!")
try:
wager = int(request.values.get("wager"))
@ -124,7 +124,7 @@ def blackjack_deal_to_player(v):
return {"success": True, "state": state, "feed": feed, "gambler": {"coins": v.coins, "procoins": v.procoins}}
except Exception as e:
return {"error": str(e)}, 400
abort(400, str(e))
@app.post("/casino/twentyone/hit")
@ -133,14 +133,14 @@ def blackjack_deal_to_player(v):
@feature_required('GAMBLING')
def blackjack_player_hit(v):
if v.rehab:
return {"error": "You are under Rehab award effect!"}, 400
abort(403, "You are under Rehab award effect!")
try:
state = dispatch_action(v, BlackjackAction.HIT)
feed = get_game_feed('blackjack')
return {"success": True, "state": state, "feed": feed, "gambler": {"coins": v.coins, "procoins": v.procoins}}
except:
return {"error": "Unable to hit."}, 400
abort(400, "Unable to hit.")
@app.post("/casino/twentyone/stay")
@ -149,14 +149,14 @@ def blackjack_player_hit(v):
@feature_required('GAMBLING')
def blackjack_player_stay(v):
if v.rehab:
return {"error": "You are under Rehab award effect!"}, 400
abort(403, "You are under Rehab award effect!")
try:
state = dispatch_action(v, BlackjackAction.STAY)
feed = get_game_feed('blackjack')
return {"success": True, "state": state, "feed": feed, "gambler": {"coins": v.coins, "procoins": v.procoins}}
except:
return {"error": "Unable to stay."}, 400
abort(400, "Unable to stay.")
@app.post("/casino/twentyone/double-down")
@ -165,14 +165,14 @@ def blackjack_player_stay(v):
@feature_required('GAMBLING')
def blackjack_player_doubled_down(v):
if v.rehab:
return {"error": "You are under Rehab award effect!"}, 400
abort(403, "You are under Rehab award effect!")
try:
state = dispatch_action(v, BlackjackAction.DOUBLE_DOWN)
feed = get_game_feed('blackjack')
return {"success": True, "state": state, "feed": feed, "gambler": {"coins": v.coins, "procoins": v.procoins}}
except:
return {"error": "Unable to double down."}, 400
abort(400, "Unable to double down.")
@app.post("/casino/twentyone/buy-insurance")
@ -181,14 +181,14 @@ def blackjack_player_doubled_down(v):
@feature_required('GAMBLING')
def blackjack_player_bought_insurance(v):
if v.rehab:
return {"error": "You are under Rehab award effect!"}, 400
abort(403, "You are under Rehab award effect!")
try:
state = dispatch_action(v, BlackjackAction.BUY_INSURANCE)
feed = get_game_feed('blackjack')
return {"success": True, "state": state, "feed": feed, "gambler": {"coins": v.coins, "procoins": v.procoins}}
except:
return {"error": "Unable to buy insurance."}, 400
abort(403, "Unable to buy insurance.")
# Roulette
@app.get("/casino/roulette/bets")
@ -197,7 +197,7 @@ def blackjack_player_bought_insurance(v):
@feature_required('GAMBLING')
def roulette_get_bets(v):
if v.rehab:
return {"error": "You are under Rehab award effect!"}, 400
abort(403, "You are under Rehab award effect!")
bets = get_roulette_bets()
@ -210,7 +210,7 @@ def roulette_get_bets(v):
@feature_required('GAMBLING')
def roulette_player_placed_bet(v):
if v.rehab:
return {"error": "You are under Rehab award effect!"}, 400
abort(403, "You are under Rehab award effect!")
try:
bet = request.values.get("bet")
@ -227,4 +227,4 @@ def roulette_player_placed_bet(v):
return {"success": True, "bets": bets, "gambler": {"coins": v.coins, "procoins": v.procoins}}
except:
return {"error": "Unable to place a bet."}, 400
abort(400, "Unable to place a bet.")

47
files/routes/comments.py
View File

@ -56,7 +56,7 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
post = get_post(pid, v=v)
if post.over_18 and not (v and v.over_18) and not session.get('over_18', 0) >= int(time.time()):
if request.headers.get("Authorization"): return {"error": 'This content is not suitable for some users and situations.'}, 403
if request.headers.get("Authorization"): abort(403, "This content is not suitable for some users and situations.")
else: return render_template("errors/nsfw.html", v=v)
try: context = min(int(request.values.get("context", 0)), 8)
@ -126,17 +126,17 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
@limiter.limit("1/second;20/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@auth_required
def comment(v):
if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403
if v.is_suspended: abort(403, "You can't perform this action while banned.")
parent_submission = request.values.get("submission").strip()
parent_fullname = request.values.get("parent_fullname").strip()
parent_post = get_post(parent_submission, v=v)
sub = parent_post.sub
if sub and v.exiled_from(sub): return {"error": f"You're exiled from /h/{sub}"}, 403
if sub and v.exiled_from(sub): abort(403, f"You're exiled from /h/{sub}")
if sub in ('furry','vampire','racist','femboy') and not v.client and not v.house.lower().startswith(sub):
return {"error": f"You need to be a member of House {sub.capitalize()} to comment in /h/{sub}"}, 400
abort(403, f"You need to be a member of House {sub.capitalize()} to comment in /h/{sub}")
if parent_post.club and not (v and (v.paid_dues or v.id == parent_post.author_id)): abort(403)
@ -157,18 +157,17 @@ def comment(v):
if not parent.can_see(v): abort(404)
if parent.deleted_utc != 0: abort(404)
if level > COMMENT_MAX_DEPTH:
return {"error": f"Max comment level is {COMMENT_MAX_DEPTH}"}, 400
if level > COMMENT_MAX_DEPTH: abort(400, f"Max comment level is {COMMENT_MAX_DEPTH}")
body = sanitize_raw_body(request.values.get("body", ""), False)
if parent_post.id not in ADMIGGERS:
if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')):
return {"error":"You have to type more than 280 characters!"}, 403
abort(403, "You have to type more than 280 characters!")
elif v.bird and len(body) > 140:
return {"error":"You have to type less than 140 characters!"}, 403
abort(403, "You have to type less than 140 characters!")
if not body and not request.files.get('file'): return {"error":"You need to actually write something!"}, 400
if not body and not request.files.get('file'): abort(400, "You need to actually write something!")
options = []
for i in poll_regex.finditer(body):
@ -187,7 +186,7 @@ def comment(v):
oldname = f'/images/{time.time()}'.replace('.','') + '.webp'
file.save(oldname)
image = process_image(oldname, patron=v.patron)
if image == "": return {"error":"Image upload failed"}, 400
if image == "": abort(400, "Image upload failed")
if v.admin_level >= PERMS['SITE_SETTINGS_SIDEBARS_BANNERS_BADGES'] and level == 1:
if parent_post.id == SIDEBAR_THREAD:
li = sorted(os.listdir(f'files/assets/images/{SITE_NAME}/sidebar'),
@ -210,7 +209,7 @@ def comment(v):
name = badge_def["name"]
existing = g.db.query(BadgeDef).filter_by(name=name).one_or_none()
if existing: return {"error": "A badge with this name already exists!"}, 403
if existing: abort(403, "A badge with this name already exists!")
badge = BadgeDef(name=name, description=badge_def["description"])
g.db.add(badge)
@ -221,7 +220,7 @@ def comment(v):
requests.post(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/purge_cache', headers=CF_HEADERS,
data=f'{{"files": ["https://{SITE}/assets/images/badges/{badge.id}.webp"]}}', timeout=5)
except Exception as e:
return {"error": str(e)}, 400
abort(400, str(e))
body += f"\n\n![]({image})"
elif file.content_type.startswith('video/'):
body += f"\n\n{process_video(file)}"
@ -257,7 +256,7 @@ def comment(v):
if existing: return {"error": f"You already made that comment: /comment/{existing.id}"}, 409
if parent.author.any_block_exists(v) and v.admin_level < PERMS['POST_COMMENT_MODERATION']:
return {"error": "You can't reply to users who have blocked you or users that you have blocked."}, 403
abort(403, "You can't reply to users who have blocked you or users that you have blocked.")
is_bot = v.id != BBBB_ID and (bool(request.headers.get("Authorization")) or (SITE == 'pcmemes.net' and v.id == SNAPPY_ID))
@ -297,7 +296,7 @@ def comment(v):
g.db.add(ma)
g.db.commit()
return {"error": "Too much spam!"}, 403
abort(403, "Too much spam!")
if len(body_html) > COMMENT_BODY_HTML_LENGTH_LIMIT: abort(400)
@ -442,7 +441,7 @@ def comment(v):
g.db.add(c)
if v.marseyawarded and parent_post.id not in ADMIGGERS and marseyaward_body_regex.search(body_html):
return {"error":"You can only type marseys!"}, 403
abort(403, "You can only type marseys!")
check_for_treasure(body, c)
@ -469,7 +468,7 @@ def edit_comment(cid, v):
c = get_comment(cid, v=v)
if time.time() - c.created_utc > 7*24*60*60 and not (c.post and c.post.private):
return {"error":"You can't edit comments older than 1 week!"}, 403
abort(403, "You can't edit comments older than 1 week!")
if c.author_id != v.id: abort(403)
if not c.post: abort(403)
@ -477,13 +476,13 @@ def edit_comment(cid, v):
body = sanitize_raw_body(request.values.get("body", ""), False)
if len(body) < 1 and not (request.files.get("file") and request.headers.get("cf-ipcountry") != "T1"):
return {"error":"You have to actually type something!"}, 400
abort(400, "You have to actually type something!")
if body != c.body or request.files.get("file") and request.headers.get("cf-ipcountry") != "T1":
if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')):
return {"error":"You have to type more than 280 characters!"}, 403
abort(403, "You have to type more than 280 characters!")
elif v.bird and len(body) > 140:
return {"error":"You have to type less than 140 characters!"}, 403
abort(403, "You have to type less than 140 characters!")
for i in poll_regex.finditer(body):
body = body.replace(i.group(0), "")
@ -535,7 +534,7 @@ def edit_comment(cid, v):
g.db.add(comment)
g.db.commit()
return {"error": "Too much spam!"}, 403
abort(403, "Too much spam!")
body += process_files()
body = body.strip()[:COMMENT_BODY_LENGTH_LIMIT] # process_files potentially adds characters to the post
@ -553,7 +552,7 @@ def edit_comment(cid, v):
if len(body_html) > COMMENT_BODY_HTML_LENGTH_LIMIT: abort(400)
if v.marseyawarded and marseyaward_body_regex.search(body_html):
return {"error":"You can only type marseys!"}, 403
abort(403, "You can only type marseys!")
c.body = body
c.body_html = body_html
@ -568,7 +567,7 @@ def edit_comment(cid, v):
g.db.add(notif)
if v.agendaposter and not v.marseyawarded and AGENDAPOSTER_PHRASE not in c.body.lower() and c.post.sub != 'chudrama':
return {"error": f'You have to include "{AGENDAPOSTER_PHRASE}" in your comment!'}, 403
abort(403, f'You have to include "{AGENDAPOSTER_PHRASE}" in your comment!')
if int(time.time()) - c.created_utc > 60 * 3: c.edited_utc = int(time.time())
@ -745,7 +744,6 @@ def diff_words(answer, guess):
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@auth_required
def handle_wordle_action(cid, v):
comment = get_comment(cid)
if v.id != comment.author_id:
@ -757,8 +755,7 @@ def handle_wordle_action(cid, v):
try: guess = request.values.get("thing").strip().lower()
except: abort(400)
if len(guess) != 5:
return {"error": "Not a valid guess!"}, 400
if len(guess) != 5: abort(400, "Not a valid guess!")
if status == "active":
guesses += "".join(cg + WORDLE_COLOR_MAPPINGS[diff] for cg, diff in zip(guess, diff_words(answer, guess)))

7
files/routes/discord.py
View File

@ -8,15 +8,10 @@ import requests
@app.get("/discord")
@is_not_permabanned
def join_discord(v):
if v.shadowbanned: return {"error": "Internal server error"}, 400
if v.shadowbanned: return {"error": "Internal Server Error"}, 500
now=int(time.time())
state=generate_hash(f"{now}+{v.id}+discord")
state=f"{now}.{state}"
return redirect(f"https://discord.com/api/oauth2/authorize?client_id={DISCORD_CLIENT_ID}&redirect_uri=https%3A%2F%2F{SITE}%2Fdiscord_redirect&response_type=code&scope=identify%20guilds.join&state={state}")

20
files/routes/hats.py
View File

@ -36,25 +36,23 @@ def hats(v):
@feature_required('HATS')
def buy_hat(v, hat_id):
try: hat_id = int(hat_id)
except: return {"error": "Hat not found!"}, 400
except: abort(404, "Hat not found!")
hat = g.db.query(HatDef).filter_by(submitter_id=None, id=hat_id).one_or_none()
if not hat: return {"error": "Hat not found!"}, 400
if not hat: abort(404, "Hat not found!")
existing = g.db.query(Hat).filter_by(user_id=v.id, hat_id=hat.id).one_or_none()
if existing: return {"error": "You already own this hat!"}, 400
if existing: abort(400, "You already own this hat!")
if request.values.get("mb"):
charged = v.charge_account('procoins', hat.price)
if not charged:
return {"error": "Not enough marseybux."}, 400
if not charged: abort(400, "Not enough marseybux.")
hat.author.procoins += hat.price * 0.1
currency = "marseybux"
else:
charged = v.charge_account('coins', hat.price)
if not charged:
return {"error": "Not enough coins."}, 400
if not charged: abort(400, "Not enough coins.")
v.coins_spent_on_hats += hat.price
hat.author.coins += hat.price * 0.1
@ -86,10 +84,10 @@ def buy_hat(v, hat_id):
@feature_required('HATS')
def equip_hat(v, hat_id):
try: hat_id = int(hat_id)
except: return {"error": "Hat not found!"}, 400
except: abort(404, "Hat not found!")
hat = g.db.query(Hat).filter_by(hat_id=hat_id, user_id=v.id).one_or_none()
if not hat: return {"error": "You don't own this hat!"}, 400
if not hat: abort(403, "You don't own this hat!")
hat.equipped = True
g.db.add(hat)
@ -101,10 +99,10 @@ def equip_hat(v, hat_id):
@feature_required('HATS')
def unequip_hat(v, hat_id):
try: hat_id = int(hat_id)
except: return {"error": "Hat not found!"}, 400
except: abort(404, "Hat not found!")
hat = g.db.query(Hat).filter_by(hat_id=hat_id, user_id=v.id).one_or_none()
if not hat: return {"error": "You don't own this hat!"}, 400
if not hat: abort(403, "You don't own this hat!")
hat.equipped = False
g.db.add(hat)

2
files/routes/lottery.py
View File

@ -29,7 +29,7 @@ def lottery_start(v):
@feature_required('GAMBLING')
def lottery_buy(v):
try: quantity = int(request.values.get("quantity"))
except: return {"error": "Invalid ticket quantity."}, 400
except: abort(400, "Invalid ticket quantity.")
success, message = purchase_lottery_tickets(v, quantity)
lottery, participants = get_active_lottery_stats()

8
files/routes/polls.py
View File

@ -19,10 +19,10 @@ def vote_option(option_id, v):
sub = option.post.sub
if sub in ('furry','vampire','racist','femboy') and not v.house.lower().startswith(sub):
return {"error": f"You need to be a member of House {sub.capitalize()} to vote on polls in /h/{sub}"}, 400
abort(403, f"You need to be a member of House {sub.capitalize()} to vote on polls in /h/{sub}")
if option.exclusive == 2:
if v.coins < POLL_BET_COINS: return {"error": f"You don't have {POLL_BET_COINS} coins!"}, 400
if v.coins < POLL_BET_COINS: abort(400, f"You don't have {POLL_BET_COINS} coins!")
v.coins -= POLL_BET_COINS
g.db.add(v)
autojanny = get_account(AUTOJANNY_ID)
@ -35,7 +35,7 @@ def vote_option(option_id, v):
SubmissionOptionVote.submission_id==option.submission_id,
SubmissionOption.exclusive==option.exclusive).one_or_none()
if vote:
if option.exclusive == 2: return {"error": "You already voted on this bet!"}, 400
if option.exclusive == 2: abort(400, "You already voted on this bet!")
g.db.delete(vote)
existing = g.db.query(SubmissionOptionVote).filter_by(option_id=option_id, user_id=v.id).one_or_none()
@ -85,7 +85,7 @@ def vote_option_comment(option_id, v):
sub = option.comment.post.sub
if sub in ('furry','vampire','racist','femboy') and not v.house.lower().startswith(sub):
return {"error": f"You need to be a member of House {sub.capitalize()} to vote on polls in /h/{sub}"}, 400
abort(403, f"You need to be a member of House {sub.capitalize()} to vote on polls in /h/{sub}")
if option.exclusive:
vote = g.db.query(CommentOptionVote).join(CommentOption).filter(

23
files/routes/posts.py
View File

@ -414,26 +414,26 @@ def edit_post(pid, v):
# Disable edits on things older than 1wk unless it's a draft or editor is a jannie
if (time.time() - p.created_utc > 7*24*60*60 and not p.private
and not v.admin_level >= PERMS['POST_EDITING']):
return {"error": "You can't edit posts older than 1 week!"}, 403
abort(403, "You can't edit posts older than 1 week!")
title = sanitize_raw_title(request.values.get("title", ""))
body = sanitize_raw_body(request.values.get("body", ""), True)
if v.id == p.author_id:
if v.longpost and (len(body) < 280 or ' [](' in body or body.startswith('[](')):
return {"error":"You have to type more than 280 characters!"}, 403
abort(403, "You have to type more than 280 characters!")
elif v.bird and len(body) > 140:
return {"error":"You have to type less than 140 characters!"}, 403
abort(403, "You have to type less than 140 characters!")
if not title:
return {"error": "Please enter a better title."}, 400
abort(400, "Please enter a better title.")
if title != p.title:
torture = (v.agendaposter and not v.marseyawarded and p.sub != 'chudrama' and v.id == p.author_id)
title_html = filter_emojis_only(title, golden=False, torture=torture)
if v.id == p.author_id and v.marseyawarded and not marseyaward_title_regex.fullmatch(title_html):
return {"error":"You can only type marseys!"}, 403
abort(403, "You can only type marseys!")
p.title = title
p.title_html = title_html
@ -466,7 +466,7 @@ def edit_post(pid, v):
body_html = sanitize(body, golden=False, limit_pings=100, showmore=False, torture=torture)
if v.id == p.author_id and v.marseyawarded and marseyaward_body_regex.search(body_html):
return {"error":"You can only type marseys!"}, 403
abort(403, "You can only type marseys!")
p.body = body
@ -477,12 +477,13 @@ def edit_post(pid, v):
g.db.add(v)
send_repeatable_notification(CARP_ID, p.permalink)
if len(body_html) > POST_BODY_HTML_LENGTH_LIMIT: return {"error":f"Submission body_html too long! (max {POST_BODY_HTML_LENGTH_LIMIT} characters)"}, 400
if len(body_html) > POST_BODY_HTML_LENGTH_LIMIT:
abort(400, f"Submission body_html too long! (max {POST_BODY_HTML_LENGTH_LIMIT} characters)")
p.body_html = body_html
if v.id == p.author_id and v.agendaposter and not v.marseyawarded and AGENDAPOSTER_PHRASE not in f'{p.body}{p.title}'.lower() and p.sub != 'chudrama':
return {"error": f'You have to include "{AGENDAPOSTER_PHRASE}" in your post!'}, 403
abort(403, f'You have to include "{AGENDAPOSTER_PHRASE}" in your post!')
if not p.private and not p.ghost:
@ -702,7 +703,7 @@ def submit_post(v, sub=None):
body = sanitize_raw_body(request.values.get("body", ""), True)
def error(error):
if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": error}, 400
if request.headers.get("Authorization") or request.headers.get("xhr"): abort(400, error)
SUBS = [x[0] for x in g.db.query(Sub.name).order_by(Sub.name).all()]
return render_template("submit.html", SUBS=SUBS, v=v, error=error, title=title, url=url, body=body), 400
@ -1204,7 +1205,7 @@ def pin_post(post_id, v):
post = get_post(post_id)
if post:
if v.id != post.author_id: return {"error": "Only the post author's can do that!"}, 400
if v.id != post.author_id: abort(400, "Only the post author's can do that!")
post.is_pinned = not post.is_pinned
g.db.add(post)
@ -1212,7 +1213,7 @@ def pin_post(post_id, v):
if post.is_pinned: return {"message": "Post pinned!"}
else: return {"message": "Post unpinned!"}
return {"error": "Post not found!"}, 400
return abort(404, "Post not found!")
extensions = (

15
files/routes/reporting.py
View File

@ -21,14 +21,13 @@ def flag_post(pid, v):
if not v.is_banned: v.ban_reason = 'Blackjack'
send_repeatable_notification(CARP_ID, f"reports on {post.permalink}")
if v.is_muted:
return {"error": "You are forbidden from making reports."}, 400
if v.is_muted: abort(400, "You are forbidden from making reports.")
reason = reason[:100]
reason = filter_emojis_only(reason)
if len(reason) > 350: return {"error": "Too long."}, 400
if len(reason) > 350: abort(400, "Too long.")
if reason.startswith('!') and (v.admin_level >= PERMS['POST_COMMENT_MODERATION'] or post.sub and v.mods(post.sub)):
post.flair = reason[1:]
@ -58,16 +57,16 @@ def flag_post(pid, v):
sub_to = g.db.get(Sub, sub_to)
sub_to = sub_to.name if sub_to else None
if sub_from == sub_to: {"error": f"Post is already in /h/{sub_to}"}, 400
if sub_from == sub_to: abort(400, f"Post is already in /h/{sub_to}")
if post.author.exiled_from(sub_to):
return {"error": f"User is exiled from this {HOLE_NAME}!"}, 400
abort(400, f"User is exiled from this {HOLE_NAME}!")
if sub_to in ('furry','vampire','racist','femboy') and not v.client and not post.author.house.lower().startswith(sub_to):
if v.id == post.author_id:
return {"error": f"You need to be a member of House {sub.capitalize()} to post in /h/{sub}"}, 403
abort(403, f"You need to be a member of House {sub_to.capitalize()} to post in /h/{sub_to}")
else:
return {"error": f"@{post.author.username} needs to be a member of House {sub.capitalize()} for their post to be moved to /h/{sub}"}, 400
abort(403, f"@{post.author.username} needs to be a member of House {sub_to.capitalize()} for their post to be moved to /h/{sub_to}")
post.sub = sub_to
g.db.add(post)
@ -135,7 +134,7 @@ def flag_comment(cid, v):
reason = filter_emojis_only(reason)
if len(reason) > 350: return {"error": "Too long."}, 400
if len(reason) > 350: abort(400, "Too long.")
flag = CommentFlag(comment_id=comment.id, user_id=v.id, reason=reason)

6
files/routes/search.py
View File

@ -75,7 +75,7 @@ def searchposts(v):
author = get_user(criteria['author'], v=v, include_shadowbanned=False)
if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
if request.headers.get("Authorization"):
return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
return render_template("search.html",
v=v,
query=query,
@ -193,7 +193,7 @@ def searchcomments(v):
if 'post' in criteria:
try: post = int(criteria['post'])
except: return {"error": f"Post with id {post} does not exist."}, 400
except: abort(404, f"Post with id {post} does not exist."})
comments = comments.filter(Comment.parent_submission == post)
@ -202,7 +202,7 @@ def searchcomments(v):
author = get_user(criteria['author'], v=v, include_shadowbanned=False)
if author.is_private and author.id != v.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye:
if request.headers.get("Authorization"):
return {"error": f"@{author.username}'s profile is private; You can't use the 'author' syntax on them"}, 400
abort(403, f"@{author.username}'s profile is private; You can't use the 'author' syntax on them")
return render_template("search_comments.html", v=v, query=query, total=0, page=page, comments=[], sort=sort, t=t, next_exists=False, error=f"@{author.username}'s profile is private; You can't use the 'author' syntax on them.")

28
files/routes/settings.py
View File

@ -263,7 +263,7 @@ def settings_profile_post(v):
if theme:
if theme in {"4chan","classic","classic_dark","coffee","dark","dramblr","light","midnight","transparent","tron","win98"}:
if theme == "transparent" and not v.background:
return {"error": "You need to set a background to use the transparent theme!"}, 400
abort(400, "You need to set a background to use the transparent theme!")
v.theme = theme
if theme == "win98": v.themecolor = "30409f"
updated = True
@ -294,7 +294,7 @@ def settings_profile_post(v):
return {"message": "Your settings have been updated."}
else:
return {"error": "You didn't change anything."}, 400
abort(400, "You didn't change anything.")
@app.post("/settings/filters")
@ -348,23 +348,23 @@ def themecolor(v):
@auth_required
def gumroad(v):
if not (v.email and v.is_activated):
return {"error": f"You must have a verified email to verify {patron} status and claim your rewards!"}, 400
abort(400, f"You must have a verified email to verify {patron} status and claim your rewards!")
data = {'access_token': GUMROAD_TOKEN, 'email': v.email}
response = requests.get('https://api.gumroad.com/v2/sales', data=data, timeout=5).json()["sales"]
if len(response) == 0: return {"error": "Email not found"}, 404
if len(response) == 0: abort(404, "Email not found")
response = [x for x in response if x['variants_and_quantity']]
response = response[0]
tier = tiers[response["variants_and_quantity"]]
if v.patron == tier: return {"error": f"{patron} rewards already claimed"}, 400
if v.patron == tier: abort(400, f"{patron} rewards already claimed")
procoins = procoins_li[tier] - procoins_li[v.patron]
if procoins < 0: return {"error": f"{patron} rewards already claimed"}, 400
if procoins < 0: abort(400, f"{patron} rewards already claimed")
existing = g.db.query(User.id).filter(User.email == v.email, User.is_activated == True, User.patron >= tier).first()
if existing: return {"error": f"{patron} rewards already claimed on another account"}, 400
if existing: abort(400, f"{patron} rewards already claimed on another account")
v.patron = tier
if v.discord_id: add_role(v, f"{tier}")
@ -513,7 +513,7 @@ def settings_log_out_others(v):
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@auth_required
def settings_images_profile(v):
if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
if request.headers.get("cf-ipcountry") == "T1": abort(403, "Image uploads are not allowed through TOR.")
file = request.files["profile"]
@ -549,9 +549,7 @@ def settings_images_profile(v):
@auth_required
@feature_required('USERS_PROFILE_BANNER')
def settings_images_banner(v):
if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
if request.headers.get("cf-ipcountry") == "T1": abort(403, "Image uploads are not allowed through TOR.")
file = request.files["banner"]
@ -586,12 +584,12 @@ def settings_css_get(v):
@limiter.limit("1/second;30/minute;200/hour;1000/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@auth_required
def settings_css(v):
if v.agendaposter: return {"error": "Agendapostered users can't edit css!"}, 400
if v.agendaposter: abort(400, "Agendapostered users can't edit CSS!")
css = request.values.get("css").strip().replace('\\', '').strip()[:4000]
if '</style' in css.lower():
return {"error": "Please message @Aevann if you get this error"}, 400
abort(400, "Please message @Aevann if you get this error")
v.css = css
g.db.add(v)
@ -625,12 +623,12 @@ def settings_profilecss(v):
def settings_block_user(v):
user = get_user(request.values.get("username"), graceful=True)
if not user: return {"error": "This user doesn't exist."}, 404
if not user: abort(404, "This user doesn't exist.")
if user.unblockable:
if not v.shadowbanned:
send_notification(user.id, f"@{v.username} has tried to block you and failed because of your unblockable status!")
return {"error": "This user is unblockable."}, 403
abort(403, "This user is unblockable.")
if user.id == v.id:
return {"error": "You can't block yourself."}, 409

8
files/routes/subs.py
View File

@ -245,7 +245,7 @@ def add_mod(v, sub):
user = get_user(user, v=v, include_shadowbanned=False)
if sub in ('furry','vampire','racist','femboy') and not v.client and not user.house.lower().startswith(sub):
return {"error": f"@{user.username} needs to be a member of House {sub.capitalize()} to be added as a mod there!"}, 400
abort(403, f"@{user.username} needs to be a member of House {sub.capitalize()} to be added as a mod there!")
existing = g.db.query(Mod).filter_by(user_id=user.id, sub=sub).one_or_none()
@ -470,7 +470,7 @@ def get_sub_css(sub):
@limiter.limit("1/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@is_not_permabanned
def sub_banner(v, sub):
if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
if request.headers.get("cf-ipcountry") == "T1": abort(403, "Image uploads are not allowed through TOR.")
sub = get_sub_by_name(sub)
if not v.mods(sub.name): abort(403)
@ -503,7 +503,7 @@ def sub_banner(v, sub):
@limiter.limit("1/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@is_not_permabanned
def sub_sidebar(v, sub):
if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
if request.headers.get("cf-ipcountry") == "T1": abort(403, "Image uploads are not allowed through TOR.")
sub = get_sub_by_name(sub)
if not v.mods(sub.name): abort(403)
@ -535,7 +535,7 @@ def sub_sidebar(v, sub):
@limiter.limit("1/second;10/day", key_func=lambda:f'{SITE}-{session.get("lo_user")}')
@is_not_permabanned
def sub_marsey(v, sub):
if request.headers.get("cf-ipcountry") == "T1": return {"error":"Image uploads are not allowed through TOR."}, 403
if request.headers.get("cf-ipcountry") == "T1": abort(403, "Image uploads are not allowed through TOR.")
sub = get_sub_by_name(sub)
if not v.mods(sub.name): abort(403)

63
files/routes/users.py
View File

@ -264,9 +264,9 @@ def transfer_coins(v, username):
amount = int(amount) if amount.isdigit() else None
reason = request.values.get("reason", "").strip()
if amount is None or amount <= 0: return {"error": "Invalid amount of coins."}, 400
if v.coins < amount: return {"error": "You don't have enough coins."}, 400
if amount < 100: return {"error": "You have to gift at least 100 coins."}, 400
if amount is None or amount <= 0: abort(400, "Invalid amount of coins.")
if v.coins < amount: abort(400, "You don't have enough coins.")
if amount < 100: abort(400, "You have to gift at least 100 coins.")
if not v.patron and not receiver.patron and not v.alts_patron and not receiver.alts_patron: tax = math.ceil(amount*0.03)
else: tax = 0
@ -291,8 +291,7 @@ def transfer_coins(v, username):
g.db.add(v)
return {"message": f"{amount-tax} coins have been transferred to @{receiver.username}"}, 200
return {"message": "You can't transfer coins to yourself!"}, 400
abort(400, "You can't transfer coins to yourself!")
@app.post("/@<username>/transfer_bux")
@ -307,9 +306,9 @@ def transfer_bux(v, username):
amount = int(amount) if amount.isdigit() else None
reason = request.values.get("reason", "").strip()
if not amount or amount < 0: return {"error": "Invalid amount of marseybux."}, 400
if v.procoins < amount: return {"error": "You don't have enough marseybux"}, 400
if amount < 100: return {"error": "You have to gift at least 100 marseybux."}, 400
if not amount or amount < 0: abort(400, "Invalid amount of marseybux.")
if v.procoins < amount: abort(400, "You don't have enough marseybux")
if amount < 100: abort(400, "You have to gift at least 100 marseybux.")
v.procoins -= amount
@ -331,7 +330,7 @@ def transfer_bux(v, username):
g.db.add(v)
return {"message": f"{amount} marseybux have been transferred to @{receiver.username}"}, 200
return {"message": "You can't transfer marseybux to yourself!"}, 400
abort(400, "You can't transfer marseybux to yourslef!")
@app.get("/leaderboard")
@ -500,16 +499,16 @@ def message2(v, username):
user = get_user(username, v=v, include_blocks=True, include_shadowbanned=False)
if hasattr(user, 'is_blocking') and user.is_blocking:
return {"error": "You're blocking this user."}, 403
abort(403, "You're blocking this user.")
if v.admin_level <= PERMS['MESSAGE_BLOCKED_USERS'] and hasattr(user, 'is_blocked') and user.is_blocked:
return {"error": "This user is blocking you."}, 403
abort(403, "This user is blocking you.")
message = request.values.get("message", "").strip()[:10000].strip()
if not message: return {"error": "Message is empty!"}, 400
if not message: abort(400, "Message is empty!")
if 'linkedin.com' in message: return {"error": "This domain 'linkedin.com' is banned."}, 403
if 'linkedin.com' in message: abort(403, "This domain 'linkedin.com' is banned.")
body_html = sanitize(message)
@ -519,7 +518,7 @@ def message2(v, username):
Comment.body_html == body_html,
).first()
if existing: return {"error": "Message already exists."}, 403
if existing: abort(403, "Message already exists.")
c = Comment(author_id=v.id,
parent_submission=None,
@ -573,18 +572,18 @@ def messagereply(v):
body = request.values.get("body", "").strip().replace('','')
body = body.replace('\r\n', '\n')[:COMMENT_BODY_LENGTH_LIMIT]
if not body and not request.files.get("file"): return {"error": "Message is empty!"}, 400
if not body and not request.files.get("file"): abort(400, "Message is empty!")
if 'linkedin.com' in body: return {"error": "this domain 'linkedin.com' is banned"}, 400
if 'linkedin.com' in body: abort(400, "this domain 'linkedin.com' is banned")
id = int(request.values.get("parent_id"))
parent = get_comment(id, v=v)
user_id = parent.author.id
if v.is_suspended_permanently and parent.sentto != 2:
return {"error": "You are permabanned and may not reply to messages."}, 400
abort(400, "You are permabanned and may not reply to messages.")
elif v.is_muted and parent.sentto == 2:
return {"error": "You are forbidden from replying to modmail."}, 400
abort(400, "You are forbidden from replying to modmail.")
if parent.sentto == 2: user_id = None
elif v.id == user_id: user_id = parent.sentto
@ -791,14 +790,14 @@ def u_username(username, v=None):
if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": "This userpage is private"}, 403
abort(403, "This userpage is private")
return render_template("userpage_private.html", u=u, v=v)
if v and hasattr(u, 'is_blocking') and u.is_blocking:
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": f"You are blocking @{u.username}."}, 403
abort(403, f"You are blocking @{u.username}.")
return render_template("userpage_blocking.html", u=u, v=v)
@ -877,12 +876,12 @@ def u_username_comments(username, v=None):
if u.is_private and (not v or (v.id != u.id and v.admin_level < PERMS['VIEW_PRIVATE_PROFILES'] and not v.eye)):
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": "This userpage is private"}, 403
abort(403, "This userpage is private")
return render_template("userpage_private.html", u=u, v=v)
if v and hasattr(u, 'is_blocking') and u.is_blocking:
if request.headers.get("Authorization") or request.headers.get("xhr") or request.path.endswith(".json"):
return {"error": f"You are blocking @{u.username}."}, 403
abort(403, f"You are blocking @{u.username}.")
return render_template("userpage_blocking.html", u=u, v=v)
try: page = max(int(request.values.get("page", "1")), 1)
@ -933,9 +932,9 @@ def u_username_info(username, v=None):
user=get_user(username, v=v, include_blocks=True, include_shadowbanned=False)
if hasattr(user, 'is_blocking') and user.is_blocking:
return {"error": "You're blocking this user."}, 401
abort(401, "You're blocking this user.")
elif hasattr(user, 'is_blocked') and user.is_blocked:
return {"error": "This user is blocking you."}, 403
abort(403, "This user is blocking you.")
return user.json
@ -946,9 +945,9 @@ def u_user_id_info(id, v=None):
user=get_account(id, v=v, include_blocks=True, include_shadowbanned=False)
if hasattr(user, 'is_blocking') and user.is_blocking:
return {"error": "You're blocking this user."}, 401
abort(403, "You're blocking this user.")
elif hasattr(user, 'is_blocked') and user.is_blocked:
return {"error": "This user is blocking you."}, 403
abort(403, "This user is blocking you.")
return user.json
@ -961,10 +960,10 @@ def follow_user(username, v):
target = get_user(username, v=v, include_shadowbanned=False)
if target.id==v.id:
return {"error": "You can't follow yourself!"}, 400
abort(400, "You can't follow yourself!")
if target.is_nofollow:
return {"error": "This user has disallowed other users from following them!"}, 403
abort(403, "This user has disallowed other users from following them!")
if g.db.query(Follow).filter_by(user_id=v.id, target_id=target.id).one_or_none():
return {"message": f"@{target.username} has been followed!"}
@ -993,7 +992,7 @@ def unfollow_user(username, v):
if target.fish:
if not v.shadowbanned:
send_notification(target.id, f"@{v.username} has tried to unfollow you and failed because of your fish award!")
return {"error": "You can't unfollow this user!"}, 400
abort(400, "You can't unfollow this user!")
follow = g.db.query(Follow).filter_by(user_id=v.id, target_id=target.id).one_or_none()
@ -1223,15 +1222,15 @@ kofi_tiers={
@auth_required
def settings_kofi(v):
if not (v.email and v.is_activated):
return {"error": f"You must have a verified email to verify {patron} status and claim your rewards!"}, 400
abort(400, f"You must have a verified email to verify {patron} status and claim your rewards!")
transaction = g.db.query(Transaction).filter_by(email=v.email).order_by(Transaction.created_utc.desc()).first()
if not transaction:
return {"error": "Email not found"}, 404
abort(404, "Email not found")
if transaction.claimed:
return {"error": f"{patron} rewards already claimed"}, 400
abort(400, f"{patron} rewards already claimed")
tier = kofi_tiers[transaction.amount]

4
files/routes/votes.py
View File

@ -49,7 +49,7 @@ def vote_info_get(v, link):
@is_not_permabanned
def vote_post(post_id, new, v):
if new == "-1" and DISABLE_DOWNVOTES: return {"error": "forbidden."}, 403
if new == "-1" and DISABLE_DOWNVOTES: abort(403)
if new not in ["-1", "0", "1"]: abort(400)
@ -126,7 +126,7 @@ def vote_post(post_id, new, v):
@is_not_permabanned
def vote_comment(comment_id, new, v):
if new == "-1" and DISABLE_DOWNVOTES: return {"error": "forbidden."}, 403
if new == "-1" and DISABLE_DOWNVOTES: abort(403, "forbidden.")
if new not in ["-1", "0", "1"]: abort(400)