rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests Packages Releases Wiki Activity

fdsfsd

remotes/1693045480750635534/spooky-22
Aevann1 2021-10-07 08:04:29 +02:00
parent a72552c082
commit f09d25fd04
13 changed files with 127 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
files/mail/__init__.py
View File

@ -1,5 +1,4 @@
from os import environ
import requests
import time
from flask import *
from urllib.parse import quote
@ -7,7 +6,7 @@ from urllib.parse import quote
from files.helpers.security import *
from files.helpers.wrappers import *
from files.classes import *
from files.__main__ import app, mail
from files.__main__ import app, mail, limiter
from flask_mail import Message
site = environ.get("DOMAIN").strip()
@ -42,6 +41,7 @@ def send_verification_email(user, email=None):
@app.post("/verify_email")
@limiter.limit("1/second")
@auth_required
def api_verify_email(v):

31
files/routes/admin.py
View File

@ -28,6 +28,7 @@ def truescore(v):
@app.post("/@<username>/revert_actions")
@limiter.limit("1/second")
@admin_level_required(6)
def revert_actions(v, username):
if 'pcm' in request.host or ('rdrama' in request.host and v.id in [1,12,28,29,747,995,1480]) or ('rdrama' not in request.host and 'pcm' not in request.host):
@ -51,6 +52,7 @@ def revert_actions(v, username):
return {"message": "Admin actions reverted!"}
@app.post("/@<username>/club_allow")
@limiter.limit("1/second")
@admin_level_required(6)
def club_allow(v, username):
@ -81,6 +83,7 @@ def club_allow(v, username):
return {"message": f"@{username} has been allowed into the country club!"}
@app.post("/@<username>/club_ban")
@limiter.limit("1/second")
@admin_level_required(6)
def club_ban(v, username):
@ -110,6 +113,7 @@ def club_ban(v, username):
@app.post("/@<username>/make_admin")
@limiter.limit("1/second")
@admin_level_required(6)
def make_admin(v, username):
if 'pcm' in request.host or ('rdrama' in request.host and v.id in [1,12,28,29,747,995,1480]) or ('rdrama' not in request.host and 'pcm' not in request.host):
@ -122,6 +126,7 @@ def make_admin(v, username):
@app.post("/@<username>/remove_admin")
@limiter.limit("1/second")
@admin_level_required(6)
def remove_admin(v, username):
if 'pcm' in request.host or ('rdrama' in request.host and v.id in [1,12,28,29,747,995,1480]) or ('rdrama' not in request.host and 'pcm' not in request.host):
@ -134,6 +139,7 @@ def remove_admin(v, username):
@app.post("/@<username>/make_fake_admin")
@limiter.limit("1/second")
@admin_level_required(6)
def make_fake_admin(v, username):
if 'pcm' in request.host or ('rdrama' in request.host and v.id in [1,12,28,29,747,995,1480]) or ('rdrama' not in request.host and 'pcm' not in request.host):
@ -146,6 +152,7 @@ def make_fake_admin(v, username):
@app.post("/@<username>/remove_fake_admin")
@limiter.limit("1/second")
@admin_level_required(6)
def remove_fake_admin(v, username):
if 'pcm' in request.host or ('rdrama' in request.host and v.id in [1,12,28,29,747,995,1480]) or ('rdrama' not in request.host and 'pcm' not in request.host):
@ -228,6 +235,7 @@ def get_rules(v):
@app.post('/admin/rules')
@limiter.limit("1/second")
@admin_level_required(6)
@validate_formkey
def post_rules(v):
@ -331,6 +339,7 @@ def admin_home(v):
return render_template("admin/admin_home.html", v=v, x=x)
@app.post("/admin/disablesignups")
@limiter.limit("1/second")
@admin_level_required(6)
@validate_formkey
def disablesignups(v):
@ -364,6 +373,7 @@ def badge_grant_get(v):
@app.post("/admin/badge_grant")
@limiter.limit("1/second")
@admin_level_required(4)
@validate_formkey
def badge_grant_post(v):
@ -592,6 +602,7 @@ def alt_votes_get(v):
@app.post("/admin/link_accounts")
@limiter.limit("1/second")
@admin_level_required(4)
@validate_formkey
def admin_link_accounts(v):
@ -638,6 +649,7 @@ def admin_removed(v):
@app.post("/admin/image_ban")
@limiter.limit("1/second")
@admin_level_required(4)
@validate_formkey
def admin_image_ban(v):
@ -693,6 +705,7 @@ def admin_image_ban(v):
@app.post("/agendaposter/<user_id>")
@limiter.limit("1/second")
@admin_level_required(6)
@validate_formkey
def agendaposter(user_id, v):
@ -746,6 +759,7 @@ def agendaposter(user_id, v):
@app.post("/shadowban/<user_id>")
@limiter.limit("1/second")
@admin_level_required(6)
@validate_formkey
def shadowban(user_id, v):
@ -771,6 +785,7 @@ def shadowban(user_id, v):
@app.post("/unshadowban/<user_id>")
@limiter.limit("1/second")
@admin_level_required(6)
@validate_formkey
def unshadowban(user_id, v):
@ -795,6 +810,7 @@ def unshadowban(user_id, v):
return {"message": "User unshadowbanned!"}
@app.post("/admin/verify/<user_id>")
@limiter.limit("1/second")
@admin_level_required(6)
@validate_formkey
def verify(user_id, v):
@ -805,6 +821,7 @@ def verify(user_id, v):
return {"message": "User verfied!"}
@app.post("/admin/unverify/<user_id>")
@limiter.limit("1/second")
@admin_level_required(6)
@validate_formkey
def unverify(user_id, v):
@ -816,6 +833,7 @@ def unverify(user_id, v):
@app.post("/admin/title_change/<user_id>")
@limiter.limit("1/second")
@admin_level_required(6)
@validate_formkey
def admin_title_change(user_id, v):
@ -849,6 +867,7 @@ def admin_title_change(user_id, v):
return redirect(user.url)
@app.post("/ban_user/<user_id>")
@limiter.limit("1/second")
@admin_level_required(6)
@validate_formkey
def ban_user(user_id, v):
@ -924,6 +943,7 @@ def ban_user(user_id, v):
@app.post("/unban_user/<user_id>")
@limiter.limit("1/second")
@admin_level_required(6)
@validate_formkey
def unban_user(user_id, v):
@ -961,6 +981,7 @@ def unban_user(user_id, v):
@app.post("/ban_post/<post_id>")
@limiter.limit("1/second")
@admin_level_required(3)
@validate_formkey
def ban_post(post_id, v):
@ -1004,6 +1025,7 @@ def ban_post(post_id, v):
@app.post("/unban_post/<post_id>")
@limiter.limit("1/second")
@admin_level_required(3)
@validate_formkey
def unban_post(post_id, v):
@ -1037,6 +1059,7 @@ def unban_post(post_id, v):
@app.post("/distinguish/<post_id>")
@limiter.limit("1/second")
@admin_level_required(1)
@validate_formkey
def api_distinguish_post(post_id, v):
@ -1062,6 +1085,7 @@ def api_distinguish_post(post_id, v):
@app.post("/sticky/<post_id>")
@limiter.limit("1/second")
@admin_level_required(3)
def api_sticky_post(post_id, v):
@ -1085,6 +1109,7 @@ def api_sticky_post(post_id, v):
else: return {"message": "Post unpinned!"}
@app.post("/pin/<post_id>")
@limiter.limit("1/second")
@auth_required
def api_pin_post(post_id, v):
@ -1098,6 +1123,7 @@ def api_pin_post(post_id, v):
else: return {"message": "Post unpinned!"}
@app.post("/ban_comment/<c_id>")
@limiter.limit("1/second")
@admin_level_required(1)
def api_ban_comment(c_id, v):
@ -1121,6 +1147,7 @@ def api_ban_comment(c_id, v):
@app.post("/unban_comment/<c_id>")
@limiter.limit("1/second")
@admin_level_required(1)
def api_unban_comment(c_id, v):
@ -1146,6 +1173,7 @@ def api_unban_comment(c_id, v):
@app.post("/distinguish_comment/<c_id>")
@limiter.limit("1/second")
@auth_required
def admin_distinguish_comment(c_id, v):
@ -1186,6 +1214,7 @@ def admin_banned_domains(v):
return render_template("admin/banned_domains.html", v=v, banned_domains=banned_domains)
@app.post("/admin/banned_domains")
@limiter.limit("1/second")
@admin_level_required(4)
@validate_formkey
def admin_toggle_ban_domain(v):
@ -1207,6 +1236,7 @@ def admin_toggle_ban_domain(v):
@app.post("/admin/nuke_user")
@limiter.limit("1/second")
@admin_level_required(4)
@validate_formkey
def admin_nuke_user(v):
@ -1240,6 +1270,7 @@ def admin_nuke_user(v):
@app.post("/admin/unnuke_user")
@limiter.limit("1/second")
@admin_level_required(4)
@validate_formkey
def admin_nunuke_user(v):

6
files/routes/awards.py
View File

@ -1,4 +1,4 @@
from files.__main__ import app
from files.__main__ import app, limiter
from files.helpers.wrappers import *
from files.helpers.alerts import *
from files.helpers.get import *
@ -85,6 +85,7 @@ def shop(v):
@app.post("/buy/<award>")
@limiter.limit("1/second")
@auth_required
def buy(v, award):
if site_name == "Drama":
@ -185,6 +186,7 @@ ALLOW_MULTIPLE = (
)
@app.post("/post/<pid>/awards")
@limiter.limit("1/second")
@auth_required
def award_post(pid, v):
@ -248,6 +250,7 @@ def award_post(pid, v):
@app.post("/comment/<cid>/awards")
@limiter.limit("1/second")
@auth_required
def award_comment(cid, v):
@ -320,6 +323,7 @@ def admin_userawards_get(v):
return render_template("admin/user_award.html", awards=list(AWARDS.values()), v=v)
@app.post("/admin/user_award")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def admin_userawards_post(v):

11
files/routes/comments.py
View File

@ -120,8 +120,8 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
@app.post("/comment")
@limiter.limit("6/minute")
@limiter.limit("1/second")
@limiter.limit("6/minute")
@is_not_banned
@validate_formkey
def api_comment(v):
@ -574,6 +574,7 @@ def api_comment(v):
@app.post("/edit_comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def edit_comment(cid, v):
@ -770,6 +771,7 @@ def edit_comment(cid, v):
@app.post("/delete/comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def delete_comment(cid, v):
@ -793,6 +795,7 @@ def delete_comment(cid, v):
return {"message": "Comment deleted!"}
@app.post("/undelete/comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def undelete_comment(cid, v):
@ -817,6 +820,7 @@ def undelete_comment(cid, v):
@app.post("/pin_comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def toggle_pin_comment(cid, v):
@ -847,6 +851,7 @@ def toggle_pin_comment(cid, v):
@app.post("/save_comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def save_comment(cid, v):
@ -858,12 +863,12 @@ def save_comment(cid, v):
if not save:
new_save=SaveRelationship(user_id=v.id, submission_id=comment.id, type=2)
g.db.add(new_save)
try: g.db.commit()
except: g.db.rollback()
g.db.commit()
return {"message": "Comment saved!"}
@app.post("/unsave_comment/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def unsave_comment(cid, v):

3
files/routes/errors.py
View File

@ -5,7 +5,7 @@ from files.helpers.session import *
from flask import *
from urllib.parse import quote, urlencode
import time
from files.__main__ import app
from files.__main__ import app, limiter
# Errors
@ -67,6 +67,7 @@ def error_500(e, v):
@app.post("/allow_nsfw")
@limiter.limit("1/second")
def allow_nsfw():
session["over_18"] = int(time.time()) + 3600

6
files/routes/login.py
View File

@ -77,6 +77,7 @@ def check_for_alts(current_id):
@app.post("/login")
@limiter.limit("1/second")
@limiter.limit("6/minute")
def login_post():
@ -165,6 +166,7 @@ def me(v):
@app.post("/logout")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def logout(v):
@ -225,6 +227,7 @@ def sign_up_get(v):
@app.post("/signup")
@limiter.limit("1/second")
@limiter.limit("5/day")
@auth_desired
def sign_up_post(v):
@ -376,6 +379,7 @@ def get_forgot():
@app.post("/forgot")
@limiter.limit("1/second")
def post_forgot():
username = request.values.get("username").lstrip('@')
@ -445,6 +449,7 @@ def get_reset():
@app.post("/reset")
@limiter.limit("1/second")
@auth_desired
def post_reset(v):
if v:
@ -497,6 +502,7 @@ def lost_2fa(v):
)
@app.post("/request_2fa_disable")
@limiter.limit("1/second")
@limiter.limit("6/minute")
def request_2fa_disable():

10
files/routes/oauth.py
View File

@ -4,7 +4,7 @@ from files.helpers.get import *
from files.helpers.const import *
from files.classes import *
from flask import *
from files.__main__ import app
from files.__main__ import app, limiter
from sqlalchemy.orm import joinedload
@app.get("/authorize")
@ -17,6 +17,7 @@ def authorize_prompt(v):
@app.post("/authorize")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def authorize(v):
@ -39,6 +40,7 @@ def authorize(v):
@app.post("/api_keys")
@limiter.limit("1/second")
@is_not_banned
def request_api_keys(v):
@ -59,6 +61,7 @@ def request_api_keys(v):
@app.post("/delete_app/<aid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def delete_oauth_app(v, aid):
@ -77,6 +80,7 @@ def delete_oauth_app(v, aid):
@app.post("/edit_app/<aid>")
@limiter.limit("1/second")
@is_not_banned
@validate_formkey
def edit_oauth_app(v, aid):
@ -96,6 +100,7 @@ def edit_oauth_app(v, aid):
@app.post("/admin/app/approve/<aid>")
@limiter.limit("1/second")
@admin_level_required(3)
@validate_formkey
def admin_app_approve(v, aid):
@ -123,6 +128,7 @@ def admin_app_approve(v, aid):
@app.post("/admin/app/revoke/<aid>")
@limiter.limit("1/second")
@admin_level_required(3)
@validate_formkey
def admin_app_revoke(v, aid):
@ -141,6 +147,7 @@ def admin_app_revoke(v, aid):
@app.post("/admin/app/reject/<aid>")
@limiter.limit("1/second")
@admin_level_required(3)
@validate_formkey
def admin_app_reject(v, aid):
@ -223,6 +230,7 @@ def admin_apps_list(v):
@app.post("/oauth/reroll/<aid>")
@limiter.limit("1/second")
@auth_required
def reroll_oauth_tokens(aid, v):

10
files/routes/posts.py
View File

@ -25,6 +25,7 @@ with open("snappy.txt", "r") as f: snappyquotes = f.read().split("{[para]}")
@app.post("/toggle_club/<pid>")
@limiter.limit("1/second")
@auth_required
def toggle_club(pid, v):
@ -50,6 +51,7 @@ def toggle_club(pid, v):
@app.post("/publish/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def publish(pid, v):
@ -188,6 +190,7 @@ def post_id(pid, anything=None, v=None):
@app.post("/edit_post/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def edit_post(pid, v):
@ -501,6 +504,7 @@ def thumbnail_thread(pid):
@app.post("/submit")
@limiter.limit("1/second")
@limiter.limit("6/minute")
@is_not_banned
@validate_formkey
@ -958,6 +962,7 @@ def submit_post(v):
@app.post("/delete_post/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def delete_post_pid(pid, v):
@ -979,6 +984,7 @@ def delete_post_pid(pid, v):
return {"message": "Post deleted!"}
@app.post("/undelete_post/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def undelete_post_pid(pid, v):
@ -995,6 +1001,7 @@ def undelete_post_pid(pid, v):
@app.post("/toggle_comment_nsfw/<cid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def toggle_comment_nsfw(cid, v):
@ -1011,6 +1018,7 @@ def toggle_comment_nsfw(cid, v):
else: return {"message": "Comment has been unmarked as +18!"}
@app.post("/toggle_post_nsfw/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def toggle_post_nsfw(pid, v):
@ -1037,6 +1045,7 @@ def toggle_post_nsfw(pid, v):
else: return {"message": "Post has been unmarked as +18!"}
@app.post("/save_post/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def save_post(pid, v):
@ -1053,6 +1062,7 @@ def save_post(pid, v):
return {"message": "Post saved!"}
@app.post("/unsave_post/<pid>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def unsave_post(pid, v):

5
files/routes/reporting.py
View File

@ -1,10 +1,11 @@
from files.helpers.wrappers import *
from files.helpers.get import *
from flask import g
from files.__main__ import app
from files.__main__ import app, limiter
from os import path
@app.post("/flag/post/<pid>")
@limiter.limit("1/second")
@auth_desired
def api_flag_post(pid, v):
@ -36,6 +37,7 @@ def api_flag_post(pid, v):
@app.post("/flag/comment/<cid>")
@limiter.limit("1/second")
@auth_desired
def api_flag_comment(cid, v):
@ -66,6 +68,7 @@ def api_flag_comment(cid, v):
@app.post('/del_report/<report_fn>')
@limiter.limit("1/second")
@auth_required
@validate_formkey
def remove_report(report_fn, v):

23
files/routes/settings.py
View File

@ -6,7 +6,7 @@ from files.helpers.markdown import *
from files.helpers.discord import remove_user, set_nick
from files.helpers.const import *
from files.mail import *
from files.__main__ import app, cache
from files.__main__ import app, cache, limiter
import youtube_dl
from .front import frontlist
import os
@ -30,6 +30,7 @@ tiers={
}
@app.post("/settings/removebackground")
@limiter.limit("1/second")
@auth_required
def removebackground(v):
v.background = None
@ -38,6 +39,7 @@ def removebackground(v):
return {"message": "Background removed!"}
@app.post("/settings/profile")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_profile_post(v):
@ -248,6 +250,7 @@ def settings_profile_post(v):
return {"error": "You didn't change anything."}, 400
@app.post("/changelogsub")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def changelogsub(v):
@ -261,6 +264,7 @@ def changelogsub(v):
else: return {"message": "You have unsubscribed from the changelog!"}
@app.post("/settings/namecolor")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def namecolor(v):
@ -273,6 +277,7 @@ def namecolor(v):
return redirect("/settings/profile")
@app.post("/settings/themecolor")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def themecolor(v):
@ -285,6 +290,7 @@ def themecolor(v):
return redirect("/settings/profile")
@app.post("/settings/gumroad")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def gumroad(v):
@ -359,6 +365,7 @@ def gumroad(v):
return {"message": f"{patron} rewards claimed!"}
@app.post("/settings/titlecolor")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def titlecolor(v):
@ -372,6 +379,7 @@ def titlecolor(v):
return redirect("/settings/profile")
@app.post("/settings/security")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_security_post(v):
@ -475,6 +483,7 @@ def settings_security_post(v):
escape("Two-factor authentication disabled."))
@app.post("/settings/log_out_all_others")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_log_out_others(v):
@ -497,6 +506,7 @@ def settings_log_out_others(v):
@app.post("/settings/images/profile")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_images_profile(v):
@ -528,6 +538,7 @@ def settings_images_profile(v):
@app.post("/settings/images/banner")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_images_banner(v):
@ -550,6 +561,7 @@ def settings_images_banner(v):
@app.post("/settings/delete/profile")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_delete_profile(v):
@ -561,6 +573,7 @@ def settings_delete_profile(v):
msg="Profile picture successfully removed.")
@app.post("/settings/delete/banner")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_delete_banner(v):
@ -586,6 +599,7 @@ def settings_css_get(v):
return render_template("settings_css.html", v=v)
@app.post("/settings/css")
@limiter.limit("1/second")
@auth_required
def settings_css(v):
css = request.values.get("css").replace('\\', '')[:50000]
@ -607,6 +621,7 @@ def settings_profilecss_get(v):
return render_template("settings_profilecss.html", v=v)
@app.post("/settings/profilecss")
@limiter.limit("1/second")
@auth_required
def settings_profilecss(v):
if v.coins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a patron to set profile css."
@ -618,6 +633,7 @@ def settings_profilecss(v):
return render_template("settings_profilecss.html", v=v)
@app.post("/settings/block")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_block_user(v):
@ -655,6 +671,7 @@ def settings_block_user(v):
@app.post("/settings/unblock")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_unblock_user(v):
@ -689,6 +706,7 @@ def settings_apps(v):
@app.post("/settings/remove_discord")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_remove_discord(v):
@ -709,6 +727,7 @@ def settings_content_get(v):
return render_template("settings_filters.html", v=v)
@app.post("/settings/name_change")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_name_change(v):
@ -758,6 +777,7 @@ def settings_name_change(v):
return redirect("/settings/profile")
@app.post("/settings/song_change")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_song_change(v):
@ -839,6 +859,7 @@ def settings_song_change(v):
return redirect("/settings/profile")
@app.post("/settings/title_change")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def settings_title_change(v):

2
files/routes/static.py
View File

@ -222,6 +222,7 @@ def contact(v):
return render_template("contact.html", v=v)
@app.post("/contact")
@limiter.limit("1/second")
@auth_required
def submit_contact(v):
message = f'This message has been sent automatically to all admins via https://{site}/contact, user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "")
@ -333,6 +334,7 @@ def settings_security(v):
)
@app.post("/dismiss_mobile_tip")
@limiter.limit("1/second")
def dismiss_mobile_tip():
session["tooltip_last_dismissed"]=int(time.time())

15
files/routes/users.py
View File

@ -21,6 +21,7 @@ beams_client = PushNotifications(
@app.post("/pay_rent")
@limiter.limit("1/second")
@auth_required
def pay_rent(v):
if v.coins < 500: return "You must have more than 500 coins."
@ -36,6 +37,7 @@ def pay_rent(v):
@app.post("/steal")
@limiter.limit("1/second")
@is_not_banned
def steal(v):
if int(time.time()) - v.created_utc < 604800:
@ -89,6 +91,7 @@ def thiefs(v):
@app.post("/@<username>/suicide")
@limiter.limit("1/second")
@auth_required
def suicide(v, username):
t = int(time.time())
@ -110,6 +113,7 @@ def get_coins(v, username):
else: return {"error": "invalid_user"}, 404
@app.post("/@<username>/transfer_coins")
@limiter.limit("1/second")
@is_not_banned
@validate_formkey
def transfer_coins(v, username):
@ -198,6 +202,7 @@ def song(song):
return resp
@app.post("/subscribe/<post_id>")
@limiter.limit("1/second")
@auth_required
def subscribe(v, post_id):
new_sub = Subscription(user_id=v.id, submission_id=post_id)
@ -206,6 +211,7 @@ def subscribe(v, post_id):
return {"message": "Post subscribed!"}
@app.post("/unsubscribe/<post_id>")
@limiter.limit("1/second")
@auth_required
def unsubscribe(v, post_id):
sub=g.db.query(Subscription).options(lazyload('*')).filter_by(user_id=v.id, submission_id=post_id).first()
@ -215,6 +221,7 @@ def unsubscribe(v, post_id):
return {"message": "Post unsubscribed!"}
@app.post("/@<username>/message")
@limiter.limit("1/second")
@limiter.limit("10/hour")
@auth_required
def message2(v, username):
@ -277,6 +284,7 @@ def message2(v, username):
@app.post("/reply")
@limiter.limit("1/second")
@limiter.limit("6/minute")
@auth_required
def messagereply(v):
@ -608,6 +616,7 @@ def u_username_info(username, v=None):
@app.post("/follow/<username>")
@limiter.limit("1/second")
@auth_required
def follow_user(username, v):
@ -621,9 +630,7 @@ def follow_user(username, v):
new_follow = Follow(user_id=v.id, target_id=target.id)
g.db.add(new_follow)
try: g.db.flush()
except: g.db.rollback()
g.db.flush()
target.stored_subscriber_count = g.db.query(Follow.id).options(lazyload('*')).filter_by(target_id=target.id).count()
g.db.add(target)
@ -635,6 +642,7 @@ def follow_user(username, v):
return {"message": "User followed!"}
@app.post("/unfollow/<username>")
@limiter.limit("1/second")
@auth_required
def unfollow_user(username, v):
@ -661,6 +669,7 @@ def unfollow_user(username, v):
return {"message": "User unfollowed!"}
@app.post("/remove_follow/<username>")
@limiter.limit("1/second")
@auth_required
def remove_follow(username, v):
target = get_user(username)

29
files/routes/votes.py
View File

@ -2,7 +2,7 @@ from files.helpers.wrappers import *
from files.helpers.get import *
from files.classes import *
from flask import *
from files.__main__ import app
from files.__main__ import app, limiter
from sqlalchemy.orm import joinedload
@ -56,6 +56,7 @@ def admin_vote_info_get(v):
@app.post("/vote/post/<post_id>/<new>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def api_vote_post(post_id, new, v):
@ -97,16 +98,15 @@ def api_vote_post(post_id, new, v):
)
g.db.add(vote)
try:
g.db.flush()
post.upvotes = g.db.query(Vote.id).options(lazyload('*')).filter_by(submission_id=post.id, vote_type=1).count()
post.downvotes = g.db.query(Vote.id).options(lazyload('*')).filter_by(submission_id=post.id, vote_type=-1).count()
g.db.add(post)
g.db.commit()
except: g.db.rollback()
g.db.flush()
post.upvotes = g.db.query(Vote.id).options(lazyload('*')).filter_by(submission_id=post.id, vote_type=1).count()
post.downvotes = g.db.query(Vote.id).options(lazyload('*')).filter_by(submission_id=post.id, vote_type=-1).count()
g.db.add(post)
g.db.commit()
return "", 204
@app.post("/vote/comment/<comment_id>/<new>")
@limiter.limit("1/second")
@auth_required
@validate_formkey
def api_vote_comment(comment_id, new, v):
@ -153,17 +153,16 @@ def api_vote_comment(comment_id, new, v):
g.db.add(vote)
try:
g.db.flush()
comment.upvotes = g.db.query(CommentVote.id).options(lazyload('*')).filter_by(comment_id=comment.id, vote_type=1).count()
comment.downvotes = g.db.query(CommentVote.id).options(lazyload('*')).filter_by(comment_id=comment.id, vote_type=-1).count()
g.db.add(comment)
g.db.commit()
except: g.db.rollback()
g.db.flush()
comment.upvotes = g.db.query(CommentVote.id).options(lazyload('*')).filter_by(comment_id=comment.id, vote_type=1).count()
comment.downvotes = g.db.query(CommentVote.id).options(lazyload('*')).filter_by(comment_id=comment.id, vote_type=-1).count()
g.db.add(comment)
g.db.commit()
return "", 204
@app.post("/vote/poll/<comment_id>")
@limiter.limit("1/second")
@auth_required
def api_vote_poll(comment_id, v):