rDrama
/
rDrama
9
10
Fork 8
Code Issues Pull Requests Packages Releases Wiki Activity

dffdfd

remotes/1693045480750635534/spooky-22
Aevann1 2021-07-28 00:31:28 +02:00
parent bfb00967f0
commit ee6419eb4e
16 changed files with 206 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
drama/mail/mail.py
View File

@ -51,7 +51,7 @@ def send_verification_email(user, email=None):
)
@app.route("/api/verify_email", methods=["POST"])
@app.post("/api/verify_email")
@is_not_banned
def api_verify_email(v):
@ -60,7 +60,7 @@ def api_verify_email(v):
return "", 204
@app.route("/activate", methods=["GET"])
@app.get("/activate")
@auth_desired
def activate(v):

74
drama/routes/admin.py
View File

@ -20,7 +20,7 @@ import matplotlib.pyplot as plt
from .front import frontlist
from drama.__main__ import app, cache
@app.route("/admin/shadowbanned", methods=["GET"])
@app.get("/admin/shadowbanned")
@auth_required
def shadowbanned(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -29,7 +29,7 @@ def shadowbanned(v):
return render_template("banned.html", v=v, users=users)
@app.route("/admin/agendaposters", methods=["GET"])
@app.get("/admin/agendaposters")
@auth_required
def agendaposters(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -38,7 +38,7 @@ def agendaposters(v):
return render_template("banned.html", v=v, users=users)
@app.route("/admin/flagged/posts", methods=["GET"])
@app.get("/admin/flagged/posts")
@admin_level_required(3)
def flagged_posts(v):
@ -61,7 +61,7 @@ def flagged_posts(v):
next_exists=next_exists, listing=listing, page=page, v=v)
@app.route("/admin/image_posts", methods=["GET"])
@app.get("/admin/image_posts")
@admin_level_required(3)
@api("read")
def image_posts_listing(v):
@ -89,7 +89,7 @@ def image_posts_listing(v):
}
@app.route("/admin/flagged/comments", methods=["GET"])
@app.get("/admin/flagged/comments")
@admin_level_required(3)
def flagged_comments(v):
@ -115,7 +115,7 @@ def flagged_comments(v):
v=v,
standalone=True)
@app.route("/admin", methods=["GET"])
@app.get("/admin")
@admin_level_required(3)
def admin_home(v):
with open('./disablesignups', 'r') as f:
@ -123,7 +123,7 @@ def admin_home(v):
return render_template("admin/admin_home.html", v=v, x=x)
@app.route("/admin/disablesignups", methods=["POST"])
@app.post("/admin/disablesignups")
@admin_level_required(6)
@validate_formkey
def disablesignups(v):
@ -134,7 +134,7 @@ def disablesignups(v):
return "", 204
@app.route("/admin/badge_grant", methods=["GET"])
@app.get("/admin/badge_grant")
@admin_level_required(4)
def badge_grant_get(v):
@ -155,7 +155,7 @@ def badge_grant_get(v):
)
@app.route("/admin/badge_grant", methods=["POST"])
@app.post("/admin/badge_grant")
@admin_level_required(4)
@validate_formkey
def badge_grant_post(v):
@ -207,7 +207,7 @@ def badge_grant_post(v):
return redirect(user.url)
@app.route("/admin/users", methods=["GET"])
@app.get("/admin/users")
@admin_level_required(2)
def users_list(v):
@ -230,7 +230,7 @@ def users_list(v):
)
@app.route("/admin/content_stats", methods=["GET"])
@app.get("/admin/content_stats")
@admin_level_required(2)
def participation_stats(v):
@ -265,7 +265,7 @@ def participation_stats(v):
return render_template("admin/content_stats.html", v=v, title="Content Statistics", data=data)
@app.route("/admin/alt_votes", methods=["GET"])
@app.get("/admin/alt_votes")
@admin_level_required(4)
def alt_votes_get(v):
@ -374,7 +374,7 @@ def alt_votes_get(v):
)
@app.route("/admin/link_accounts", methods=["POST"])
@app.post("/admin/link_accounts")
@admin_level_required(4)
@validate_formkey
def admin_link_accounts(v):
@ -394,7 +394,7 @@ def admin_link_accounts(v):
return redirect(f"/admin/alt_votes?u1={g.db.query(User).get(u1).username}&u2={g.db.query(User).get(u2).username}")
@app.route("/admin/removed", methods=["GET"])
@app.get("/admin/removed")
@admin_level_required(3)
def admin_removed(v):
@ -419,7 +419,7 @@ def admin_removed(v):
)
@app.route("/admin/appdata", methods=["GET"])
@app.get("/admin/appdata")
@admin_level_required(4)
def admin_appdata(v):
@ -441,7 +441,7 @@ def admin_appdata(v):
v=v)
@app.route("/admin/domain/<domain_name>", methods=["GET"])
@app.get("/admin/domain/<domain_name>")
@admin_level_required(4)
def admin_domain_domain(domain_name, v):
@ -460,7 +460,7 @@ def admin_domain_domain(domain_name, v):
)
@app.route("/admin/image_purge", methods=["POST"])
@app.post("/admin/image_purge")
@admin_level_required(5)
def admin_image_purge(v):
@ -469,7 +469,7 @@ def admin_image_purge(v):
return redirect("/admin/image_purge")
@app.route("/admin/image_ban", methods=["POST"])
@app.post("/admin/image_ban")
@admin_level_required(4)
@validate_formkey
def admin_image_ban(v):
@ -507,7 +507,7 @@ def admin_image_ban(v):
return render_template("admin/image_ban.html", v=v, success=True)
@app.route("/agendaposter/<user_id>", methods=["POST"])
@app.post("/agendaposter/<user_id>")
@admin_level_required(6)
@validate_formkey
def agendaposter(user_id, v):
@ -549,7 +549,7 @@ def agendaposter(user_id, v):
else:
return redirect(user.url)
@app.route("/shadowban/<user_id>", methods=["POST"])
@app.post("/shadowban/<user_id>")
@admin_level_required(6)
@validate_formkey
def shadowban(user_id, v):
@ -571,7 +571,7 @@ def shadowban(user_id, v):
return "", 204
@app.route("/unshadowban/<user_id>", methods=["POST"])
@app.post("/unshadowban/<user_id>")
@admin_level_required(6)
@validate_formkey
def unshadowban(user_id, v):
@ -593,7 +593,7 @@ def unshadowban(user_id, v):
return "", 204
@app.route("/admin/title_change/<user_id>", methods=["POST"])
@app.post("/admin/title_change/<user_id>")
@admin_level_required(6)
@validate_formkey
def admin_title_change(user_id, v):
@ -626,7 +626,7 @@ def admin_title_change(user_id, v):
return (redirect(user.url), user)
@app.route("/api/ban_user/<user_id>", methods=["POST"])
@app.post("/api/ban_user/<user_id>")
@admin_level_required(6)
@validate_formkey
def ban_user(user_id, v):
@ -683,7 +683,7 @@ def ban_user(user_id, v):
return jsonify({"message": f"@{user.username} was banned"})
@app.route("/api/unban_user/<user_id>", methods=["POST"])
@app.post("/api/unban_user/<user_id>")
@admin_level_required(6)
@validate_formkey
def unban_user(user_id, v):
@ -713,7 +713,7 @@ def unban_user(user_id, v):
if request.args.get("notoast"): return (redirect(user.url), user)
return jsonify({"message": f"@{user.username} was unbanned"})
@app.route("/api/ban_post/<post_id>", methods=["POST"])
@app.post("/api/ban_post/<post_id>")
@admin_level_required(3)
@validate_formkey
def ban_post(post_id, v):
@ -749,7 +749,7 @@ def ban_post(post_id, v):
return "", 204
@app.route("/api/unban_post/<post_id>", methods=["POST"])
@app.post("/api/unban_post/<post_id>")
@admin_level_required(3)
@validate_formkey
def unban_post(post_id, v):
@ -777,7 +777,7 @@ def unban_post(post_id, v):
return "", 204
@app.route("/api/distinguish/<post_id>", methods=["POST"])
@app.post("/api/distinguish/<post_id>")
@admin_level_required(1)
@validate_formkey
def api_distinguish_post(post_id, v):
@ -800,7 +800,7 @@ def api_distinguish_post(post_id, v):
return "", 204
@app.route("/api/sticky/<post_id>", methods=["POST"])
@app.post("/api/sticky/<post_id>")
@admin_level_required(3)
def api_sticky_post(post_id, v):
@ -813,7 +813,7 @@ def api_sticky_post(post_id, v):
return "", 204
@app.route("/api/pin/<post_id>", methods=["POST"])
@app.post("/api/pin/<post_id>")
@auth_required
def api_pin_post(post_id, v):
@ -824,7 +824,7 @@ def api_pin_post(post_id, v):
return "", 204
@app.route("/api/ban_comment/<c_id>", methods=["post"])
@app.post("/api/ban_comment/<c_id>")
@admin_level_required(1)
def api_ban_comment(c_id, v):
@ -845,7 +845,7 @@ def api_ban_comment(c_id, v):
return "", 204
@app.route("/api/unban_comment/<c_id>", methods=["post"])
@app.post("/api/unban_comment/<c_id>")
@admin_level_required(1)
def api_unban_comment(c_id, v):
@ -869,8 +869,8 @@ def api_unban_comment(c_id, v):
return "", 204
@app.route("/api/distinguish_comment/<c_id>", methods=["post"])
@app.route("/api/v1/distinguish_comment/<c_id>", methods=["post"])
@app.post("/api/distinguish_comment/<c_id>")
@app.post("/api/v1/distinguish_comment/<c_id>")
@auth_required
@api("read")
def admin_distinguish_comment(c_id, v):
@ -898,14 +898,14 @@ def admin_distinguish_comment(c_id, v):
return jsonify({"html":html, "api":html})
@app.route("/admin/dump_cache", methods=["GET"])
@app.get("/admin/dump_cache")
@admin_level_required(6)
def admin_dump_cache(v):
cache.clear()
return jsonify({"message": "Internal cache cleared."})
@app.route("/admin/ban_domain", methods=["POST"])
@app.post("/admin/ban_domain")
@admin_level_required(4)
@validate_formkey
def admin_ban_domain(v):
@ -940,7 +940,7 @@ def admin_ban_domain(v):
return redirect(d.permalink)
@app.route("/admin/nuke_user", methods=["POST"])
@app.post("/admin/nuke_user")
@admin_level_required(4)
@validate_formkey
def admin_nuke_user(v):
@ -970,7 +970,7 @@ def admin_nuke_user(v):
return redirect(user.url)
@app.route("/admin/unnuke_user", methods=["POST"])
@app.post("/admin/unnuke_user")
@admin_level_required(4)
@validate_formkey
def admin_nunuke_user(v):

38
drama/routes/comments.py
View File

@ -50,16 +50,16 @@ def banawardcomment(comment_id, v):
return jsonify({"message": "User banned successfully!"}), 204
@app.route("/api/v1/post/<pid>/comment/<cid>", methods=["GET"])
@app.get("/api/v1/post/<pid>/comment/<cid>")
def comment_cid_api_redirect(cid=None, pid=None):
redirect(f'/api/v1/comment/<cid>')
@app.route("/comment/<cid>", methods=["GET"])
@app.route("/comment/<cid>", methods=["GET"])
@app.route("/post_short/<pid>/<cid>", methods=["GET"])
@app.route("/post_short/<pid>/<cid>/", methods=["GET"])
@app.route("/api/v1/comment/<cid>", methods=["GET"])
@app.route("/post/<pid>/<anything>/<cid>", methods=["GET"])
@app.get("/comment/<cid>")
@app.get("/comment/<cid>")
@app.get("/post_short/<pid>/<cid>")
@app.get("/post_short/<pid>/<cid>/")
@app.get("/api/v1/comment/<cid>")
@app.get("/post/<pid>/<anything>/<cid>")
@app.route("/api/vue/comment/<cid>")
@auth_desired
@api("read")
@ -229,8 +229,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
'api': lambda: top_comment.json
}
@app.route("/api/comment", methods=["POST"])
@app.route("/api/v1/comment", methods=["POST"])
@app.post("/api/comment")
@app.post("/api/v1/comment")
@limiter.limit("6/minute")
@is_not_banned
@validate_formkey
@ -635,7 +635,7 @@ def api_comment(v):
@app.route("/edit_comment/<cid>", methods=["POST"])
@app.post("/edit_comment/<cid>")
@is_not_banned
@validate_formkey
@api("edit")
@ -868,8 +868,8 @@ def delete_comment(cid, v):
return {"html": lambda: ("", 204),
"api": lambda: ("", 204)}
@app.route("/undelete/comment/<cid>", methods=["POST"])
@app.route("/api/v1/undelete/comment/<cid>", methods=["POST"])
@app.post("/undelete/comment/<cid>")
@app.post("/api/v1/undelete/comment/<cid>")
@auth_required
@validate_formkey
@api("delete")
@ -892,10 +892,10 @@ def undelete_comment(cid, v):
return {"html": lambda: ("", 204),
"api": lambda: ("", 204)}
@app.route("/embed/comment/<cid>", methods=["GET"])
@app.route("/embed/post/<pid>/comment/<cid>", methods=["GET"])
@app.route("/api/v1/embed/comment/<cid>", methods=["GET"])
@app.route("/api/v1/embed/post/<pid>/comment/<cid>", methods=["GET"])
@app.get("/embed/comment/<cid>")
@app.get("/embed/post/<pid>/comment/<cid>")
@app.get("/api/v1/embed/comment/<cid>")
@app.get("/api/v1/embed/post/<pid>/comment/<cid>")
def embed_comment_cid(cid, pid=None):
comment = get_comment(int(cid))
@ -910,7 +910,7 @@ def embed_comment_cid(cid, pid=None):
return render_template("embeds/comment.html", c=comment)
@app.route("/comment_pin/<cid>", methods=["POST"])
@app.post("/comment_pin/<cid>")
@auth_required
@validate_formkey
def toggle_comment_pin(cid, v):
@ -945,7 +945,7 @@ def toggle_comment_pin(cid, v):
return jsonify({"html":html})
@app.route("/save_comment/<cid>", methods=["POST"])
@app.post("/save_comment/<cid>")
@auth_required
@validate_formkey
def save_comment(cid, v):
@ -961,7 +961,7 @@ def save_comment(cid, v):
return "", 204
@app.route("/unsave_comment/<cid>", methods=["POST"])
@app.post("/unsave_comment/<cid>")
@auth_required
@validate_formkey
def unsave_comment(cid, v):

4
drama/routes/discord.py
View File

@ -12,7 +12,7 @@ DISCORD_ENDPOINT = "https://discordapp.com/api/v6"
WELCOME_CHANNEL="846509313941700618"
@app.route("/discord", methods=["GET"])
@app.get("/discord")
@auth_required
def join_discord(v):
@ -27,7 +27,7 @@ def join_discord(v):
return redirect(f"https://discord.com/api/oauth2/authorize?client_id={CLIENT_ID}&redirect_uri=https%3A%2F%2F{app.config['SERVER_NAME']}%2Fdiscord_redirect&response_type=code&scope=identify%20guilds.join&state={state}")
@app.route("/discord_redirect", methods=["GET"])
@app.get("/discord_redirect")
@auth_required
def discord_redirect(v):

4
drama/routes/errors.py
View File

@ -154,7 +154,7 @@ def error_503(e, v):
}
@app.route("/allow_nsfw", methods=["POST"])
@app.post("/allow_nsfw")
def allow_nsfw():
session["over_18"] = int(time.time()) + 3600
@ -162,7 +162,7 @@ def allow_nsfw():
return redirect(request.form.get("redir"))
@app.route("/error/<error>", methods=["GET"])
@app.get("/error/<error>")
@auth_desired
def error_all_preview(error, v):

2
drama/routes/feeds.py
View File

@ -7,7 +7,7 @@ from yattag import Doc
from drama.__main__ import app
@app.route('/rss/<sort>/<t>', methods=["GET"])
@app.get('/rss/<sort>/<t>')
def feeds_user(sort='hot', t='all'):
page = int(request.args.get("page", 1))

4
drama/routes/flagging.py
View File

@ -4,7 +4,7 @@ from flask import g
from drama.__main__ import app
@app.route("/api/flag/post/<pid>", methods=["POST"])
@app.post("/api/flag/post/<pid>")
@auth_desired
def api_flag_post(pid, v):
@ -30,7 +30,7 @@ def api_flag_post(pid, v):
return "", 204
@app.route("/api/flag/comment/<cid>", methods=["POST"])
@app.post("/api/flag/comment/<cid>")
@auth_desired
def api_flag_comment(cid, v):

18
drama/routes/front.py
View File

@ -4,13 +4,13 @@ from drama.helpers.get import *
from drama.__main__ import app, cache
from drama.classes.submission import Submission
@app.route("/post/", methods=["GET"])
@app.get("/post/")
def slash_post():
return redirect("/")
# this is a test
@app.route("/notifications", methods=["GET"])
@app.get("/notifications")
@auth_required
def notifications(v):
@ -176,8 +176,8 @@ def frontlist(v=None, sort="hot", page=1,t="all", ids_only=True, filter_words=''
return posts
return posts
@app.route("/", methods=["GET"])
@app.route("/api/v1/listing", methods=["GET"])
@app.get("/")
@app.get("/api/v1/listing")
@auth_desired
def front_all(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -288,8 +288,8 @@ def changeloglist(v=None, sort="new", page=1 ,t="all", **kwargs):
posts = [x.id for x in posts]
return posts
@app.route("/changelog", methods=["GET"])
@app.route("/api/v1/changelog", methods=["GET"])
@app.get("/changelog")
@app.get("/api/v1/changelog")
@auth_desired
@api("read")
def changelog(v):
@ -330,7 +330,7 @@ def changelog(v):
)
}
@app.route("/random", methods=["GET"])
@app.get("/random")
@auth_desired
def random_post(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -404,8 +404,8 @@ def comment_idlist(page=1, v=None, nsfw=False, sort="new", t="all", **kwargs):
return comments[:26]
@app.route("/comments", methods=["GET"])
@app.route("/api/v1/front/comments", methods=["GET"])
@app.get("/comments")
@app.get("/api/v1/front/comments")
@auth_desired
@api("read")
def all_comments(v):

26
drama/routes/login.py
View File

@ -6,7 +6,7 @@ valid_username_regex = re.compile("^[a-zA-Z0-9_\-]{3,25}$")
valid_password_regex = re.compile("^.{8,100}$")
@app.route("/login", methods=["GET"])
@app.get("/login")
@no_cors
@auth_desired
def login_get(v):
@ -52,7 +52,7 @@ def check_for_alts(current_id):
@no_cors
@app.route("/login", methods=["POST"])
@app.post("/login")
@limiter.limit("6/minute")
def login_post():
@ -133,14 +133,14 @@ def login_post():
return redirect(account.url)
@app.route("/me", methods=["GET"])
@app.route("/@me", methods=["GET"])
@app.get("/me")
@app.get("/@me")
@auth_required
def me(v):
return redirect(v.url)
@app.route("/logout", methods=["POST"])
@app.post("/logout")
@auth_required
@validate_formkey
def logout(v):
@ -153,7 +153,7 @@ def logout(v):
# signing up
@app.route("/signup", methods=["GET"])
@app.get("/signup")
@no_cors
@auth_desired
def sign_up_get(v):
@ -210,7 +210,7 @@ def sign_up_get(v):
# signup api
@app.route("/signup", methods=["POST"])
@app.post("/signup")
@no_cors
@auth_desired
def sign_up_post(v):
@ -382,7 +382,7 @@ def sign_up_post(v):
return redirect("/")
@app.route("/forgot", methods=["GET"])
@app.get("/forgot")
def get_forgot():
return render_template("forgot_password.html",
@ -390,7 +390,7 @@ def get_forgot():
)
@app.route("/forgot", methods=["POST"])
@app.post("/forgot")
def post_forgot():
username = request.form.get("username").lstrip('@')
@ -426,7 +426,7 @@ def post_forgot():
i=random_image())
@app.route("/reset", methods=["GET"])
@app.get("/reset")
def get_reset():
user_id = request.args.get("id")
@ -458,7 +458,7 @@ def get_reset():
)
@app.route("/reset", methods=["POST"])
@app.post("/reset")
@auth_desired
def post_reset(v):
if v:
@ -510,7 +510,7 @@ def lost_2fa(v):
v=v
)
@app.route("/request_2fa_disable", methods=["POST"])
@app.post("/request_2fa_disable")
@limiter.limit("6/minute")
def request_2fa_disable():
@ -558,7 +558,7 @@ def request_2fa_disable():
title="Removal request received",
message="If username, password, and email match, we will send you an email.")
@app.route("/reset_2fa", methods=["GET"])
@app.get("/reset_2fa")
def reset_2fa():
now=int(time.time())

32
drama/routes/oauth.py
View File

@ -15,7 +15,7 @@ SCOPES = {
}
@app.route("/oauth/authorize", methods=["GET"])
@app.get("/oauth/authorize")
@auth_required
def oauth_authorize_prompt(v):
'''
@ -80,7 +80,7 @@ def oauth_authorize_prompt(v):
)
@app.route("/oauth/authorize", methods=["POST"])
@app.post("/oauth/authorize")
@auth_required
@validate_formkey
def oauth_authorize_post(v):
@ -136,7 +136,7 @@ def oauth_authorize_post(v):
return redirect(f"{redirect_uri}?code={new_auth.oauth_code}&scopes={scopes_txt}&state={state}")
@app.route("/oauth/grant", methods=["POST"])
@app.post("/oauth/grant")
def oauth_grant():
'''
This endpoint takes the following parameters:
@ -221,7 +221,7 @@ def oauth_grant():
return jsonify({"oauth_error": f"Invalid grant_type `{request.values.get('grant_type','')}`. Expected `code` or `refresh`."}), 400
@app.route("/api_keys", methods=["POST"])
@app.post("/api_keys")
@is_not_banned
def request_api_keys(v):
@ -239,7 +239,7 @@ def request_api_keys(v):
return redirect('/settings/apps')
@app.route("/delete_app/<aid>", methods=["POST"])
@app.post("/delete_app/<aid>")
@is_not_banned
@validate_formkey
def delete_oauth_app(v, aid):
@ -257,7 +257,7 @@ def delete_oauth_app(v, aid):
return redirect('/apps')
@app.route("/edit_app/<aid>", methods=["POST"])
@app.post("/edit_app/<aid>")
@is_not_banned
@validate_formkey
def edit_oauth_app(v, aid):
@ -282,7 +282,7 @@ def api_v1_identity(v):
return jsonify(v.json)
@app.route("/admin/app/approve/<aid>", methods=["POST"])
@app.post("/admin/app/approve/<aid>")
@admin_level_required(3)
@validate_formkey
def admin_app_approve(v, aid):
@ -300,7 +300,7 @@ def admin_app_approve(v, aid):
return jsonify({"message": f"{app.app_name} approved"})
@app.route("/admin/app/revoke/<aid>", methods=["POST"])
@app.post("/admin/app/revoke/<aid>")
@admin_level_required(3)
@validate_formkey
def admin_app_revoke(v, aid):
@ -318,7 +318,7 @@ def admin_app_revoke(v, aid):
return jsonify({"message": f"{app.app_name} revoked"})
@app.route("/admin/app/reject/<aid>", methods=["POST"])
@app.post("/admin/app/reject/<aid>")
@admin_level_required(3)
@validate_formkey
def admin_app_reject(v, aid):
@ -337,7 +337,7 @@ def admin_app_reject(v, aid):
return jsonify({"message": f"{app.app_name} rejected"})
@app.route("/admin/app/<aid>", methods=["GET"])
@app.get("/admin/app/<aid>")
@admin_level_required(3)
def admin_app_id(v, aid):
@ -363,7 +363,7 @@ def admin_app_id(v, aid):
next_exists=next_exists
)
@app.route("/admin/app/<aid>/comments", methods=["GET"])
@app.get("/admin/app/<aid>/comments")
@admin_level_required(3)
def admin_app_id_comments(v, aid):
@ -392,7 +392,7 @@ def admin_app_id_comments(v, aid):
)
@app.route("/admin/apps", methods=["GET"])
@app.get("/admin/apps")
@admin_level_required(3)
def admin_apps_list(v):
@ -405,7 +405,7 @@ def admin_apps_list(v):
return render_template("admin/apps.html", v=v, apps=apps)
@app.route("/oauth/reroll/<aid>", methods=["POST"])
@app.post("/oauth/reroll/<aid>")
@auth_required
def reroll_oauth_tokens(aid, v):
@ -428,7 +428,7 @@ def reroll_oauth_tokens(aid, v):
)
@app.route("/oauth/rescind/<aid>", methods=["POST"])
@app.post("/oauth/rescind/<aid>")
@auth_required
@validate_formkey
def oauth_rescind_app(aid, v):
@ -443,7 +443,7 @@ def oauth_rescind_app(aid, v):
return jsonify({"message": f"{auth.application.app_name} Revoked"})
@app.route("/api/v1/release", methods=["POST"])
@app.post("/api/v1/release")
@auth_required
@api()
def oauth_release_auth(v):
@ -462,7 +462,7 @@ def oauth_release_auth(v):
return jsonify({"message":"Authorization released"})
@app.route("/api/v1/kill", methods=["POST"])
@app.post("/api/v1/kill")
@auth_required
@api()
def oauth_kill_auth(v):

40
drama/routes/posts.py
View File

@ -52,7 +52,7 @@ def postbanaward(post_id, v):
return jsonify({"message": "User banned successfully!"}), 204
@app.route("/api/publish/<pid>", methods=["POST"])
@app.post("/api/publish/<pid>")
@is_not_banned
@validate_formkey
def publish(pid, v):
@ -64,7 +64,7 @@ def publish(pid, v):
g.db.commit()
return "", 204
@app.route("/submit", methods=["GET"])
@app.get("/submit")
@auth_required
def submit_get(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -72,10 +72,10 @@ def submit_get(v):
return render_template("submit.html",
v=v)
@app.route("/post/<pid>", methods=["GET"])
@app.route("/post/<pid>/", methods=["GET"])
@app.route("/post/<pid>/<anything>", methods=["GET"])
@app.route("/api/v1/post/<pid>", methods=["GET"])
@app.get("/post/<pid>")
@app.get("/post/<pid>/")
@app.get("/post/<pid>/<anything>")
@app.get("/api/v1/post/<pid>")
@auth_desired
@api("read")
def post_base36id(pid, anything=None, v=None):
@ -246,7 +246,7 @@ def post_base36id(pid, anything=None, v=None):
"api":lambda:jsonify(post.json)
}
@app.route("/edit_post/<pid>", methods=["POST"])
@app.post("/edit_post/<pid>")
@is_not_banned
@validate_formkey
def edit_post(pid, v):
@ -550,8 +550,8 @@ def archiveorg(url):
@app.route("/submit", methods=['POST'])
@app.route("/api/v1/submit", methods=["POST"])
@app.route("/api/vue/submit", methods=["POST"])
@app.post("/api/v1/submit")
@app.post("/api/vue/submit")
@limiter.limit("6/minute")
@is_not_banned
@validate_formkey
@ -1042,8 +1042,8 @@ def submit_post(v):
}
@app.route("/delete_post/<pid>", methods=["POST"])
@app.route("/api/v1/delete_post/<pid>", methods=["POST"])
@app.post("/delete_post/<pid>")
@app.post("/api/v1/delete_post/<pid>")
@auth_required
@api("delete")
@validate_formkey
@ -1063,8 +1063,8 @@ def delete_post_pid(pid, v):
return "", 204
@app.route("/undelete_post/<pid>", methods=["POST"])
@app.route("/api/v1/undelete_post/<pid>", methods=["POST"])
@app.post("/undelete_post/<pid>")
@app.post("/api/v1/undelete_post/<pid>")
@auth_required
@api("delete")
@validate_formkey
@ -1076,7 +1076,7 @@ def undelete_post_pid(pid, v):
cache.delete_memoized(frontlist)
return "", 204
@app.route("/embed/post/<pid>", methods=["GET"])
@app.get("/embed/post/<pid>")
def embed_post_pid(pid):
post = get_post(int(pid))
@ -1086,8 +1086,8 @@ def embed_post_pid(pid):
return render_template("embeds/submission.html", p=post)
@app.route("/api/toggle_comment_nsfw/<cid>", methods=["POST"])
@app.route("/api/v1/toggle_comment_nsfw/<cid>", methods=["POST"])
@app.post("/api/toggle_comment_nsfw/<cid>")
@app.post("/api/v1/toggle_comment_nsfw/<cid>")
@is_not_banned
@api("update")
@validate_formkey
@ -1099,8 +1099,8 @@ def toggle_comment_nsfw(cid, v):
g.db.add(comment)
return "", 204
@app.route("/api/toggle_post_nsfw/<pid>", methods=["POST"])
@app.route("/api/v1/toggle_post_nsfw/<pid>", methods=["POST"])
@app.post("/api/toggle_post_nsfw/<pid>")
@app.post("/api/v1/toggle_post_nsfw/<pid>")
@is_not_banned
@api("update")
@validate_formkey
@ -1124,7 +1124,7 @@ def toggle_post_nsfw(pid, v):
return "", 204
@app.route("/save_post/<pid>", methods=["POST"])
@app.post("/save_post/<pid>")
@auth_required
@validate_formkey
def save_post(pid, v):
@ -1140,7 +1140,7 @@ def save_post(pid, v):
return "", 204
@app.route("/unsave_post/<pid>", methods=["POST"])
@app.post("/unsave_post/<pid>")
@auth_required
@validate_formkey
def unsave_post(pid, v):

12
drama/routes/search.py
View File

@ -196,8 +196,8 @@ def searchcommentlisting(criteria, v=None, page=1, t="None", sort="top"):
comments = comments[firstrange:secondrange]
return total, [x.id for x in comments]
@app.route("/search/posts", methods=["GET"])
@app.route("/api/v1/search", methods=["GET"])
@app.get("/search/posts")
@app.get("/api/v1/search")
@app.route("/api/vue/search")
@auth_desired
@api("read")
@ -242,8 +242,8 @@ def searchposts(v, search_type="posts"):
"api":lambda:jsonify({"data":[x.json for x in posts]})
}
@app.route("/search/comments", methods=["GET"])
@app.route("/api/v1/search/comments", methods=["GET"])
@app.get("/search/comments")
@app.get("/api/v1/search/comments")
@app.route("/api/vue/search/comments")
@auth_desired
@api("read")
@ -279,8 +279,8 @@ def searchcomments(v):
"api":lambda:jsonify({"data":[x.json for x in comments]})
}
@app.route("/search/users", methods=["GET"])
@app.route("/api/v1/search/users", methods=["GET"])
@app.get("/search/users")
@app.get("/api/v1/search/users")
@app.route("/api/vue/search/users")
@auth_desired
@api("read")

52
drama/routes/settings.py
View File

@ -15,7 +15,7 @@ valid_password_regex = re.compile("^.{8,100}$")
youtubekey = environ.get("youtubekey").strip()
@app.route("/settings/profile", methods=["POST"])
@app.post("/settings/profile")
@auth_required
@validate_formkey
def settings_profile_post(v):
@ -153,7 +153,7 @@ def settings_profile_post(v):
else:
return jsonify({"error": "You didn't change anything."}), 400
@app.route("/changelogsub", methods=["POST"])
@app.post("/changelogsub")
@auth_required
@validate_formkey
def changelogsub(v):
@ -162,7 +162,7 @@ def changelogsub(v):
cache.delete_memoized(frontlist)
return "", 204
@app.route("/settings/namecolor", methods=["POST"])
@app.post("/settings/namecolor")
@auth_required
@validate_formkey
def namecolor(v):
@ -172,7 +172,7 @@ def namecolor(v):
g.db.add(v)
return redirect("/settings/profile")
@app.route("/settings/themecolor", methods=["POST"])
@app.post("/settings/themecolor")
@auth_required
@validate_formkey
def themecolor(v):
@ -182,7 +182,7 @@ def themecolor(v):
g.db.add(v)
return redirect("/settings/profile")
@app.route("/settings/titlecolor", methods=["POST"])
@app.post("/settings/titlecolor")
@auth_required
@validate_formkey
def titlecolor(v):
@ -192,7 +192,7 @@ def titlecolor(v):
g.db.add(v)
return redirect("/settings/profile")
@app.route("/settings/security", methods=["POST"])
@app.post("/settings/security")
@auth_required
@validate_formkey
def settings_security_post(v):
@ -297,7 +297,7 @@ def settings_security_post(v):
return redirect("/settings/security?msg=" +
escape("Two-factor authentication disabled."))
@app.route("/settings/log_out_all_others", methods=["POST"])
@app.post("/settings/log_out_all_others")
@auth_required
@validate_formkey
def settings_log_out_others(v):
@ -320,7 +320,7 @@ def settings_log_out_others(v):
msg="All other devices have been logged out")
@app.route("/settings/images/profile", methods=["POST"])
@app.post("/settings/images/profile")
@auth_required
@validate_formkey
def settings_images_profile(v):
@ -339,7 +339,7 @@ def settings_images_profile(v):
v=v, msg="Profile picture successfully updated.")
@app.route("/settings/images/banner", methods=["POST"])
@app.post("/settings/images/banner")
@auth_required
@validate_formkey
def settings_images_banner(v):
@ -357,7 +357,7 @@ def settings_images_banner(v):
v=v, msg="Banner successfully updated.")
@app.route("/settings/delete/profile", methods=["POST"])
@app.post("/settings/delete/profile")
@auth_required
@validate_formkey
def settings_delete_profile(v):
@ -367,7 +367,7 @@ def settings_delete_profile(v):
return render_template("settings_profile.html", v=v,
msg="Profile picture successfully removed.")
@app.route("/settings/delete/banner", methods=["POST"])
@app.post("/settings/delete/banner")
@auth_required
@validate_formkey
def settings_delete_banner(v):
@ -378,7 +378,7 @@ def settings_delete_banner(v):
msg="Banner successfully removed.")
@app.route("/settings/read_announcement", methods=["POST"])
@app.post("/settings/read_announcement")
@auth_required
@validate_formkey
def update_announcement(v):
@ -389,7 +389,7 @@ def update_announcement(v):
return "", 204
@app.route("/settings/blocks", methods=["GET"])
@app.get("/settings/blocks")
@auth_required
def settings_blockedpage(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -399,14 +399,14 @@ def settings_blockedpage(v):
return render_template("settings_blocks.html",
v=v)
@app.route("/settings/css", methods=["GET"])
@app.get("/settings/css")
@auth_required
def settings_css_get(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
return render_template("settings_css.html", v=v)
@app.route("/settings/css", methods=["POST"])
@app.post("/settings/css")
@auth_required
def settings_css(v):
css = request.form.get("css").replace('\\', '')[0:50000]
@ -418,14 +418,14 @@ def settings_css(v):
g.db.add(v)
return render_template("settings_css.html", v=v)
@app.route("/settings/profilecss", methods=["GET"])
@app.get("/settings/profilecss")
@auth_required
def settings_profilecss_get(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
if v.dramacoins < 1000: return "You must have +1000 dramacoins to set profile css."
return render_template("settings_profilecss.html", v=v)
@app.route("/settings/profilecss", methods=["POST"])
@app.post("/settings/profilecss")
@auth_required
def settings_profilecss(v):
if v.dramacoins < 1000: return "You must have +1000 dramacoins to set profile css."
@ -434,7 +434,7 @@ def settings_profilecss(v):
g.db.add(v)
return render_template("settings_profilecss.html", v=v)
@app.route("/settings/block", methods=["POST"])
@app.post("/settings/block")
@auth_required
@validate_formkey
def settings_block_user(v):
@ -468,7 +468,7 @@ def settings_block_user(v):
return jsonify({"message": f"@{user.username} blocked."})
@app.route("/settings/unblock", methods=["POST"])
@app.post("/settings/unblock")
@auth_required
@validate_formkey
def settings_unblock_user(v):
@ -490,7 +490,7 @@ def settings_unblock_user(v):
return jsonify({"message": f"@{user.username} unblocked."})
@app.route("/settings/apps", methods=["GET"])
@app.get("/settings/apps")
@auth_required
def settings_apps(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -498,7 +498,7 @@ def settings_apps(v):
return render_template("settings_apps.html", v=v)
@app.route("/settings/remove_discord", methods=["POST"])
@app.post("/settings/remove_discord")
@auth_required
@validate_formkey
def settings_remove_discord(v):
@ -514,14 +514,14 @@ def settings_remove_discord(v):
return redirect("/settings/profile")
@app.route("/settings/content", methods=["GET"])
@app.get("/settings/content")
@auth_required
def settings_content_get(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
return render_template("settings_filters.html", v=v)
@app.route("/settings/name_change", methods=["POST"])
@app.post("/settings/name_change")
@auth_required
@validate_formkey
def settings_name_change(v):
@ -569,7 +569,7 @@ def settings_name_change(v):
return redirect("/settings/profile")
@app.route("/settings/song_change", methods=["POST"])
@app.post("/settings/song_change")
@auth_required
@validate_formkey
def settings_song_change(v):
@ -650,7 +650,7 @@ def settings_song_change(v):
return redirect("/settings/profile")
@app.route("/settings/title_change", methods=["POST"])
@app.post("/settings/title_change")
@auth_required
@validate_formkey
def settings_title_change(v):
@ -683,7 +683,7 @@ def settings_title_change(v):
return redirect("/settings/profile")
@app.route("/settings/badges", methods=["POST"])
@app.post("/settings/badges")
@auth_required
@validate_formkey
def settings_badge_recheck(v):

42
drama/routes/static.py
View File

@ -3,9 +3,9 @@ from drama.__main__ import app, limiter
from drama.helpers.alerts import *
@app.route("/badmins", methods=["GET"])
@app.get("/badmins")
@app.route("/api/vue/admins", methods=["GET"])
@app.route("/api/v1/admins", methods=["GET"])
@app.get("/api/v1/admins")
@auth_desired
@public("read")
def badmins(v):
@ -15,8 +15,8 @@ def badmins(v):
"api":lambda:jsonify({"data":[x.json for x in badmins]})
}
@app.route("/log", methods=["GET"])
@app.route("/api/v1/mod_log", methods=["GET"])
@app.get("/log")
@app.get("/api/v1/mod_log")
@auth_desired
@api("read")
def log(v):
@ -40,7 +40,7 @@ def log(v):
"api":lambda:jsonify({"data":[x.json for x in actions]})
}
@app.route("/log/<aid>", methods=["GET"])
@app.get("/log/<aid>")
@auth_desired
def log_item(aid, v):
@ -64,22 +64,22 @@ def log_item(aid, v):
def index():
return render_template("index.html", **{"greeting": "Hello from Flask!"})
@app.route("/assets/favicon.ico", methods=["GET"])
@app.get("/assets/favicon.ico")
def favicon():
return send_file("./assets/images/favicon.png")
@app.route("/oauthhelp", methods=["GET"])
@app.get("/oauthhelp")
@auth_desired
def oauthhelp(v):
return render_template("oauthhelp.html", v=v)
@app.route("/contact", methods=["GET"])
@app.get("/contact")
@auth_desired
def contact(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
return render_template("contact.html", v=v)
@app.route("/contact", methods=["POST"])
@app.post("/contact")
@auth_desired
def submit_contact(v):
message = f'This message has been sent automatically to all admins via https://rdrama.net/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.form.get("message", "")
@ -109,11 +109,11 @@ def static_service(path):
resp.headers.add("Content-Type", "text/css")
return resp
@app.route("/robots.txt", methods=["GET"])
@app.get("/robots.txt")
def robots_txt():
return send_file("./assets/robots.txt")
@app.route("/settings", methods=["GET"])
@app.get("/settings")
@auth_required
def settings(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -121,7 +121,7 @@ def settings(v):
return redirect("/settings/profile")
@app.route("/settings/profile", methods=["GET"])
@app.get("/settings/profile")
@auth_required
def settings_profile(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -130,7 +130,7 @@ def settings_profile(v):
v=v)
@app.route("/titles", methods=["GET"])
@app.get("/titles")
@auth_desired
def titles(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -140,7 +140,7 @@ def titles(v):
v=v,
titles=titles)
@app.route("/badges", methods=["GET"])
@app.get("/badges")
@auth_desired
def badges(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -152,7 +152,7 @@ def badges(v):
v=v,
badges=badges)
@app.route("/blocks", methods=["GET"])
@app.get("/blocks")
@auth_desired
def blocks(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -166,7 +166,7 @@ def blocks(v):
return render_template("blocks.html", v=v, users=users, targets=targets)
@app.route("/banned", methods=["GET"])
@app.get("/banned")
@auth_desired
def banned(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -174,18 +174,18 @@ def banned(v):
users = [x for x in g.db.query(User).filter(User.is_banned > 0, User.unban_utc == 0).all()]
return render_template("banned.html", v=v, users=users)
@app.route("/formatting", methods=["GET"])
@app.get("/formatting")
@auth_desired
def formatting(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
return render_template("formatting.html", v=v)
@app.route("/.well-known/brave-rewards-verification.txt", methods=["GET"])
@app.get("/.well-known/brave-rewards-verification.txt")
def brave():
with open(".well-known/brave-rewards-verification.txt", "r") as f: return Response(f.read(), mimetype='text/plain')
@app.route("/.well-known/assetlinks.json", methods=["GET"])
@app.get("/.well-known/assetlinks.json")
def googleplayapp():
with open(".well-known/assetlinks.json", "r") as f: return Response(f.read(), mimetype='application/json')
@ -194,7 +194,7 @@ def serviceworker():
with open(".well-known/service-worker.js", "r") as f: return Response(f.read(), mimetype='application/javascript')
@app.route("/settings/security", methods=["GET"])
@app.get("/settings/security")
@auth_required
def settings_security(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -206,7 +206,7 @@ def settings_security(v):
msg=request.args.get("msg") or None
)
@app.route("/dismiss_mobile_tip", methods=["POST"])
@app.post("/dismiss_mobile_tip")
def dismiss_mobile_tip():
session["tooltip_last_dismissed"]=int(time.time())

50
drama/routes/users.py
View File

@ -31,14 +31,14 @@ def suicide(v, username):
g.db.add(v)
return "", 204
@app.route("/api/v1/user/<username>", methods=["GET"])
@app.get("/api/v1/user/<username>")
@auth_desired
@api("read")
def user_info(v, username):
user = get_user(username, v=v)
return jsonify(user.json)
@app.route("/leaderboard", methods=["GET"])
@app.get("/leaderboard")
@auth_desired
def leaderboard(v):
if v and v.is_banned and not v.unban_utc:return render_template("seized.html")
@ -72,7 +72,7 @@ def get_profilecss(username):
resp.headers.add("Content-Type", "text/css")
return resp
@app.route("/@<username>/reply/<id>", methods=["POST"])
@app.post("/@<username>/reply/<id>")
@auth_required
def messagereply(v, username, id):
message = request.form.get("message", "")[:1000].strip()
@ -97,14 +97,14 @@ def messagereply(v, username, id):
g.db.commit()
return redirect('/notifications?all=true')
@app.route("/songs/<id>", methods=["GET"])
@app.get("/songs/<id>")
def songs(id):
try: id = int(id)
except: return '', 400
user = g.db.query(User).filter_by(id=id).first()
return send_from_directory('/songs/', f'{user.song}.mp3')
@app.route("/subscribe/<post_id>", methods=["POST"])
@app.post("/subscribe/<post_id>")
@auth_required
def subscribe(v, post_id):
new_sub = Subscription(user_id=v.id, submission_id=post_id)
@ -112,14 +112,14 @@ def subscribe(v, post_id):
g.db.commit()
return "", 204
@app.route("/unsubscribe/<post_id>", methods=["POST"])
@app.post("/unsubscribe/<post_id>")
@auth_required
def unsubscribe(v, post_id):
sub=g.db.query(Subscription).filter_by(user_id=v.id, submission_id=post_id).first()
g.db.delete(sub)
return "", 204
@app.route("/@<username>/message", methods=["POST"])
@app.post("/@<username>/message")
@auth_required
def message2(v, username):
user = get_user(username, v=v)
@ -141,7 +141,7 @@ def message2(v, username):
)
return redirect('/notifications?all=true')
@app.route("/2faqr/<secret>", methods=["GET"])
@app.get("/2faqr/<secret>")
@auth_required
def mfa_qr(secret, v):
x = pyotp.TOTP(secret)
@ -158,8 +158,8 @@ def mfa_qr(secret, v):
return send_file(mem, mimetype="image/png", as_attachment=False)
@app.route("/api/is_available/<name>", methods=["GET"])
@app.route("/api/v1/is_available/<name>", methods=["GET"])
@app.get("/api/is_available/<name>")
@app.get("/api/v1/is_available/<name>")
@auth_desired
@api("read")
def api_is_available(name, v):
@ -186,7 +186,7 @@ def api_is_available(name, v):
return jsonify({name: True})
@app.route("/id/<id>", methods=["GET"])
@app.get("/id/<id>")
def user_id(id):
user = get_account(int(id))
@ -196,7 +196,7 @@ def user_id(id):
# actual user api endpoint.
# So they get the data and then there will be no need to reinvent
# the wheel.
@app.route("/api/v1/uid/<uid>", methods=["GET"])
@app.get("/api/v1/uid/<uid>")
@auth_desired
@api("read")
def user_by_uid(uid, v=None):
@ -204,11 +204,11 @@ def user_by_uid(uid, v=None):
return redirect(f'/api/v1/user/{user.username}/info')
@app.route("/u/<username>", methods=["GET"])
@app.get("/u/<username>")
def redditor_moment_redirect(username):
return redirect(f"/@{username}")
@app.route("/@<username>/followers", methods=["GET"])
@app.get("/@<username>/followers")
@auth_required
def followers(username, v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -224,8 +224,8 @@ def visitors(v):
viewers=sorted(v.viewers, key = lambda x: x.last_view_utc, reverse=True)
return render_template("viewers.html", v=v, viewers=viewers)
@app.route("/@<username>", methods=["GET"])
@app.route("/api/v1/user/<username>/listing", methods=["GET"])
@app.get("/@<username>")
@app.get("/api/v1/user/<username>/listing")
@auth_desired
@public("read")
def u_username(username, v=None):
@ -336,8 +336,8 @@ def u_username(username, v=None):
}
@app.route("/@<username>/comments", methods=["GET"])
@app.route("/api/v1/user/<username>/comments", methods=["GET"])
@app.get("/@<username>/comments")
@app.get("/api/v1/user/<username>/comments")
@auth_desired
@public("read")
def u_username_comments(username, v=None):
@ -415,7 +415,7 @@ def u_username_comments(username, v=None):
"api": lambda: jsonify({"data": [c.json for c in listing]})
}
@app.route("/api/v1/user/<username>/info", methods=["GET"])
@app.get("/api/v1/user/<username>/info")
@auth_desired
@public("read")
def u_username_info(username, v=None):
@ -430,7 +430,7 @@ def u_username_info(username, v=None):
return jsonify(user.json)
@app.route("/api/follow/<username>", methods=["POST"])
@app.post("/api/follow/<username>")
@auth_required
def follow_user(username, v):
@ -455,7 +455,7 @@ def follow_user(username, v):
return "", 204
@app.route("/api/unfollow/<username>", methods=["POST"])
@app.post("/api/unfollow/<username>")
@auth_required
def unfollow_user(username, v):
@ -490,8 +490,8 @@ def user_profile_uid(uid):
return redirect(x.profile_url)
@app.route("/@<username>/saved/posts", methods=["GET"])
@app.route("/api/v1/saved/posts", methods=["GET"])
@app.get("/@<username>/saved/posts")
@app.get("/api/v1/saved/posts")
@auth_required
@api("read")
def saved_posts(v, username):
@ -517,8 +517,8 @@ def saved_posts(v, username):
}
@app.route("/@<username>/saved/comments", methods=["GET"])
@app.route("/api/v1/saved/comments", methods=["GET"])
@app.get("/@<username>/saved/comments")
@app.get("/api/v1/saved/comments")
@auth_required
@api("read")
def saved_comments(v, username):

10
drama/routes/votes.py
View File

@ -5,7 +5,7 @@ from flask import *
from drama.__main__ import app
@app.route("/votes", methods=["GET"])
@app.get("/votes")
@auth_desired
def admin_vote_info_get(v):
if v and v.is_banned and not v.unban_utc: return render_template("seized.html")
@ -62,8 +62,8 @@ def admin_vote_info_get(v):
@app.route("/api/v1/vote/post/<post_id>/<new>", methods=["POST"])
@app.route("/api/vote/post/<post_id>/<new>", methods=["POST"])
@app.post("/api/v1/vote/post/<post_id>/<new>")
@app.post("/api/vote/post/<post_id>/<new>")
@is_not_banned
@api("vote")
@validate_formkey
@ -107,8 +107,8 @@ def api_vote_post(post_id, new, v):
g.db.add(post)
return "", 204
@app.route("/api/v1/vote/comment/<comment_id>/<new>", methods=["POST"])
@app.route("/api/vote/comment/<comment_id>/<new>", methods=["POST"])
@app.post("/api/v1/vote/comment/<comment_id>/<new>")
@app.post("/api/vote/comment/<comment_id>/<new>")
@is_not_banned
@api("vote")
@validate_formkey