rDrama
/
rDrama
9
10
Fork 7
Code Issues Pull Requests Packages Releases Wiki Activity
21,474 Commits
1 Branch
0 Tags
2.4 GiB
Commit Graph

5374 Commits (5d49821e7a8d9187d11af5de735cbbeebb21ddcb)

Author SHA1 Message Date
justcool393 35b1532bb4 admin: remove meme admin vestige 2022-11-25 19:15:39 -06:00
Aevann1 5e2f449df7 fix prev commit lol 2022-11-26 01:52:39 +02:00
Aevann1 c470cb7516 make shit award not give DC 2022-11-26 01:50:25 +02:00
Aevann1 642d19b861 move ratelimit_user after auth 2022-11-26 01:37:04 +02:00
Aevann1 bf4031c832 remove annoying excalmation sign in notifs 2022-11-26 01:18:24 +02:00
Nekobit 2e1d2cb774 Merge branch 'master' into docs 2022-11-25 22:27:15 +00:00
justcool393 7e403469cd polls: constantify max poll options 2022-11-25 16:12:25 -06:00
justcool393 f86d351ac4 fix saved subscribers stuff 2022-11-25 16:06:18 -06:00
Aevann1 e4b521a63f limit polls to 10 options to prevent spam 2022-11-25 23:33:38 +02:00
Aevann1 2938f930fd make me not see modmail, if its important the other jannies will tell me 2022-11-25 22:56:11 +02:00
Nekobit af4411b0d7
Documentation page 2022-11-25 15:36:29 -05:00
justcool393 0356c589a4 api: don't hit calc_users if this is the API 
sometimes we render HTML where we probably... shouldn't. in most cases
this is fine, but if API clients hit it it can errenously set
 2022-11-25 14:31:07 -06:00
justcool393 23505c68b3 errors: use abort for sign up errors 2022-11-25 12:27:18 -06:00
justcool393 816389cf28 security: fix DoS on title getter 
the `timeout` parameter only applies to seconds per *byte* received (and time to first
byte), not the entire request

this means an attacker could theoretically send a very... slow...
stream... of... bytes... and... crash... the... worker... when... the...
timeout... is... reached...
 2022-11-25 07:10:05 -06:00
Snakes af7df7f62d
Ensure all entry points get sessions. 
Somewhat speculative, but the change in f62a9769fd, while fixing
certain errors where logged-out users sometimes didn't have sessions
come calc_users, also opened the possibility of certain request
sequences that wouldn't give a user a session.

In the interest of conservatism, we create a session if not exists
in both the new location in calc_users and the previous spot in
before_request.
 2022-11-22 18:37:55 -05:00
Aevann1 755cfbf335 temp fix to shitting up console 2022-11-23 00:23:04 +02:00
Aevann1 9e89166e2f restore reload icon for legacy app users 2022-11-22 23:34:33 +02:00
Aevann1 e198102383 repurpose "upvoted" to "voted" 2022-11-22 23:28:30 +02:00
Aevann1 4640abed4b remove hole nerf 2022-11-22 22:25:48 +02:00
justcool393 6acd896967 sbs: since propagation isn't optional anyway, let's propagate on a ban to get their alts 2022-11-22 09:51:44 -06:00
Aevann1 0b1f166211 remove "alts" checkbox for shadowbanning since shadowbans propagate anway via check_for_alts() 2022-11-22 17:44:16 +02:00
justcool393 b0ff8916a5
win loss stats to casino games (#475) 
* casino: add stats to casino

* casino: stats should target the right thing
casino: properly style

* pluralize properly

* refactor casino leaderboards :marseytroublemarker:

* fsfsdsd

* fsdsdsdsd

* i'm r-slurred

* -
 2022-11-22 07:11:01 -08:00
justcool393 007e41e7d0 security: validate YouTube link IDs 2022-11-22 06:13:44 -06:00
Snakes 9eab252e5b
Fix reply/mention notifications from muted users. 
Consider the case of the current /notifications filter condition:
    WHERE ... NOT ((comments.sentto = 2) AND (users.is_muted))

SELECT 1 WHERE NOT ((null = 2) AND (true)); ⇒ 0 rows
SELECT 1 WHERE NOT ((1 = 2) AND (true)); ⇒ 1 row
SELECT 1 WHERE NOT ((2 = 2) AND (true)); ⇒ 0 rows

We want the first expression, where comments.sentto = null, to evaluate
to false, not to null, so it negates to true. Behavior as written is:

SELECT 1 WHERE NOT ((null = 2) AND (true)); →
SELECT 1 WHERE NOT (null AND true); →
SELECT 1 WHERE NOT null; →
SELECT 1 WHERE null;

Which guarantees a null return set. If we check first for non-nullity:

SELECT 1 WHERE NOT ((null IS NOT null) AND (null = 2) AND (true)); ⇒ 1
SELECT 1 WHERE NOT ((1 IS NOT null) AND (1 = 2) AND (true)); ⇒ 1
SELECT 1 WHERE NOT ((2 IS NOT null) AND (2 = 2) AND (true)); ⇒ 0
 2022-11-21 23:08:31 -05:00
justcool393 272e2ee936
sneed (rename procoins to marseybux) (#472) 
* sneed (rename procoins to marseybux)

* literally unusable

Co-authored-by: TLSM <duolsm@outlook.com>
 2022-11-21 18:08:29 -05:00
Aevann1 f272989735 Revert "stop adding target="_blank" in the backend and move it to the frontend (to accomodate PWA users) - THANK YOU GEESE I LOVE YOU SO MUCH (#473)" 
This reverts commit 88f3cd519d.
 2022-11-21 19:37:38 +02:00
Aevann1 0d6b26d404 sneed 2022-11-21 19:09:04 +02:00
Aevann1 2f31fdfdd7 Revert "remove User.newtab and see if anyone complains" 
This reverts commit 787c89961f.
 2022-11-21 18:55:13 +02:00
justcool393 79b2b5cff8 cookies: set SameSite Lax to get rid of annoying console warning 2022-11-21 09:36:34 -06:00
justcool393 427d8f643d ratelimiting: use ratelimit_user everywhere 2022-11-21 09:30:27 -06:00
Aevann1 88f3cd519d
stop adding target="_blank" in the backend and move it to the frontend (to accomodate PWA users) - THANK YOU GEESE I LOVE YOU SO MUCH (#473) 
* test

* bleg

* remove User.newtab and see if anyone complains (#471)

* fddf
 2022-11-21 07:14:26 -08:00
justcool393 f52aec0477 fix betting on 0 2022-11-21 09:13:14 -06:00
justcool393 4d096a5bb6 make roulette cute and valid python syntax 2022-11-21 09:10:41 -06:00
justcool393 9f51259ee6
[DO NOT MERGE] roulette 0 and 00 bets redux (#470) 
* backend support for roulette betting on 0 and 00

* casino: roulette: add 0 and 00 frontend

* add spacer

* roulette: fix the thing

* don't payout where needful not to

* sanity check

* roulette: validate requests properly

* roulette actions from API make more sane
 2022-11-21 06:44:16 -08:00
Aevann1 787c89961f remove User.newtab and see if anyone complains 2022-11-21 16:36:17 +02:00
Aevann1 1de69518be stop forcing posts in /h/chudrama 2022-11-21 16:13:21 +02:00
justcool393 153fb4e2a2
[DO NOT MERGE] titlesssssssssss (#468) 
* titles

* testing

* self

* Revert "self"

This reverts commit d6c12d5a5ba125feb44673f55e1fdac75f151cb5.

* Revert "testing"

This reverts commit 86d800f9fd552196b31f0e0b3891d4fc072a9bc0.

* testing on devrama

* rewrite the html head

* reference error or smth idk

* tempalte debug

* template debug redux

* default2

* rename default2 -> root, page title

* fix settings2

* include the set_variables block

* root scope variables 2

* test 3

* remove unnecessary set

* add pagetitles to all settings2 pages

* add pagetitle to casino

* remove bloat

* remove duplicate site name thingy

* page titles 2

* page titles 3

* remove duplicate imports and add page titles everywhere iirc

* ok but actually this time

* remove unnecessary newlines

* fix title lol

* >

* fsdfsfsfsfsfs

* fsfs

* template configurations

* fix 500

* reduce login template bloat

* move files and add status codes where needful

* move authfroms to login

* remove 2fa bloat

* verification code

* sign up fixes

* readability

* fssfsfsfs

* move forgot password to login/

* readability

* don't emit comments

* add page titles where needful

* gsgsgs

* modals: move to respective pages

* testing on devrama

* get home garbage out of title

* remove insane amount of icon duplication

* sign up text

* add votes pagetitle

* fix blank lines

* Revert "fix blank lines"

This reverts commit b2c54339970725d00b6fc82bb458c1757909952c.

* Fix blank lines on sign_up.html.

* title: votes.html more meaningful identifier.

* titles: Lottery, Directory, Notifications

* head final in submission.html

* fix missing comma

* >

* test

* title: /comments

* fsfsfsfsf

* titles: user_cards

* head: only load video and audio meta attributes if they actually exist

* titlessssss: /admin/lottery/participants

* titlessssssss: extra quote in search.html

* titlessssss: userpage voters.

* titties: /h/<sub>/{followers,blockers,exilees[sic]}

* test banner

* Revert "test banner"

This reverts commit c3d875d03f3e60d72a60dab7d28bf108554a5826.

* make submit.html inherit from default.html

Co-authored-by: TLSM <duolsm@outlook.com>
 2022-11-21 02:52:22 -06:00
Aevann1 cb2fd8e43f increase approve hat ratelimit per minute from 30 to 120 2022-11-21 03:18:02 +02:00
Aevann1 e82d92d844 default response code is 200, dont need to specify it 2022-11-21 03:13:31 +02:00
Aevann1 0c9ed95c55 allow me and sneks to award carp and pizzashill 2022-11-21 03:12:01 +02:00
Snakes 220409c8fb
Fix 62ffe2d628: returning document, must send 200. 2022-11-20 20:11:17 -05:00
Aevann1 62ffe2d628 use postToast in betting so the js deducting coins only execute if responde code is < 300 2022-11-21 03:00:16 +02:00
Snakes 1f234ef67d
Actually call total_bet_voted in betting poll. 
Currently always truthy because it's a non-None first-class function.
 2022-11-20 19:56:28 -05:00
Snakes 44ef4bc551
search: fix tsquery when quoted unstripped space. 2022-11-20 19:31:27 -05:00
Aevann1 0c9d19c7eb add safari and firefox screenshots to /app 2022-11-21 01:31:26 +02:00
Aevann1 ccfc71290d fix 500 error 2022-11-21 01:20:57 +02:00
Aevann1 caabaf0c6f expand IS_LOCALHOST 2022-11-21 00:16:49 +02:00
Aevann1 da34a099a3 fix 500 errors 2022-11-20 21:05:32 +02:00
Aevann1 6b7b2ff59a show only permachudded users in /chuds 2022-11-20 19:37:45 +02:00
Aevann1 36a0d48fe6 sneed 2022-11-20 19:21:19 +02:00
Aevann1 d354a86cbb fix 500 errors 2022-11-20 19:00:05 +02:00
Aevann1 f62a9769fd fix annoying 500 errors 2022-11-20 18:46:15 +02:00
justcool393 a2c4bca2da polls: don't allow bets on closed polls 2022-11-20 10:11:47 -06:00
Snakes 23ff5450d6
Rename ranking constant by Capy request. 2022-11-20 06:31:16 -05:00
Snakes db329f487f
User.pay_account everywhere, fix lottery payout. 2022-11-20 05:50:02 -05:00
Snakes f5563900ae
Un-nerf schizohole in rankings. 2022-11-19 21:19:06 -05:00
Aevann1 5288d7a7dc remove android app and replace with instructions on how to install PWA 2022-11-20 00:04:08 +02:00
Aevann1 4eccfeb705 sneed 2022-11-19 18:23:53 +02:00
Aevann1 caff8815ee restore pinning to how it was before JC raped it 2022-11-19 17:36:37 +02:00
justcool393 750a87713f pins: fix removal behavior 2022-11-19 08:24:32 -06:00
justcool393 33878fcd02 remove unnecessary check 2022-11-19 07:46:23 -06:00
Aevann1 0be653e632 remove unecessary request when making a post linking to a yt video 2022-11-19 06:44:07 -06:00
Snakes 38ac92b4aa
search: escape apostrophes. 2022-11-18 16:55:15 -05:00
Aevann1 2fd63d7474 I hate you and I hope you die a violent death 2022-11-18 23:11:03 +02:00
justcool393 aaa6d6696e lowercase it too 2022-11-18 14:39:52 -06:00
justcool393 fc5d78a4a1 don't do it for the POST either 2022-11-18 14:34:23 -06:00
Snakes 2c81db79ef
Fix API for /comment/<cid>, /search/comments. 2022-11-18 15:33:07 -05:00
justcool393 6f1b9014b4 fix 400: improve 4e57369e68 
a couple of other places shouldn't redirect either
 2022-11-18 14:32:00 -06:00
Aevann1 4e57369e68 dont actually redirect to /reset_2fa 2022-11-18 22:16:28 +02:00
Aevann1 785fb28bb2 fix bug when 2fa toggle looked like it didnt apply 2022-11-18 22:07:07 +02:00
Aevann1 bcfe98c295 remove hole pins when post moved 2022-11-18 21:58:12 +02:00
Aevann1 446ef58c2c sneed 2022-11-18 21:20:17 +02:00
Snakes ce84861a44
admin_home: add git HEAD to server status. 2022-11-18 14:05:47 -05:00
justcool393 255d5b2453 security: fix mute bypass 
modmail: constantify user ID
 2022-11-17 16:50:06 -06:00
justcool393 83963470e8
user can_view functions (#460) 
* user: move can_see_to user class

* stub out can_see in comments and posts

* make can_see a classmethod so it's usable for loggedoutfriends

* test

* kill me now

* threelargeclassesmating

* dfdfdfdfdfdfd

* sdsdsdsd

* classmethod should be above i think

* Revert "classmethod should be above i think"

This reverts commit df1772eb9e7e71bf7b89123f6277b648de2b1af3.

* Revert "Revert "classmethod should be above i think""

This reverts commit 32883406c2e2916fc6c436611376a1817c16cb84.

* test rewritnig thing

* go home python

* what the fuck python

* fix AttributeError

* sdsdsdsdsdsd

* lazy and user and stuff

* test

* Revert "test"

This reverts commit 45af5bb3d45f3ec17126ab117d494ec978062a38.

* merge

* newline

* test

* test 2

* Revert "test"

This reverts commit 196dae677e2ee8cd29261c93dcb747087cb399b6.

* revert test

* fix merge error

* fix import error ciruclation i think

* sdsd

* add type annotations back

* deleted_utc

* isinstance

* user_can_see in jinja and remove unnecessary things

* a bunch of stuff
remove can_see from comment and post
expand can_see to messages

* antiannoyingamountsofwhitespace

* fix for chudrama

* improve prev
 2022-11-17 16:02:08 -05:00
justcool393 5b03c2535a kofi: fix rare 500. don't attempt to activate via kofi on sites where it's not enabled 
this can cause a weird 500
 2022-11-17 13:55:07 -06:00
justcool393 8414cec5d5 kofi: don't let "blahblahblah" be considered a valid token 2022-11-17 11:12:32 -06:00
justcool393 caf3a81748 remove unnecessary fstrings 
(or actually use the feature)
 2022-11-17 10:01:03 -06:00
Aevann1 62ef32c9c5
Update votes.py 2022-11-16 21:00:18 +02:00
gooseman 16e23e6f54 make banners not retarded + increase future scalability 2022-11-16 12:07:20 -05:00
justcool393 eba6625b81 casino: procoins -> mbux 2022-11-16 10:14:46 -06:00
justcool393 d1197bac82 chat: sanitize raw body 2022-11-16 08:00:04 -06:00
justcool393 f1bfb87243 chat: permission for mute bypass 2022-11-16 07:00:03 -06:00
justcool393 5b313dd13d hats: only load routes if feature flag enabled 2022-11-16 06:52:16 -06:00
justcool393 ee8df1e3f1 chat: mops are unmutable 2022-11-16 06:38:24 -06:00
justcool393 1559de125c add error handler 2022-11-15 23:36:56 -06:00
justcool393 1565d9ca26 use abort(410) instead of the old message.html template 2022-11-15 23:32:57 -06:00
justcool393 5dedde4691 admin: move admin pages to admin dir 2022-11-15 17:15:53 -05:00
justcool393 ee8ad10fac fix 500 on IntegrityError 2022-11-15 15:12:36 -06:00
justcool393 519a9f91f8 signup: don't accidentally leak *what* validation error it was 2022-11-15 12:59:38 -06:00
justcool393 711518d942 don't redirect to /signup page if registrations are closed 2022-11-15 12:56:57 -06:00
justcool393 01e18dc28b remove unnecessary checks 
* in post_reset even if get_account could return a None, it'd 500 anyway
* lmao even in get reset (why is this done twice anyway?)
 2022-11-15 11:11:22 -06:00
justcool393 b2f5cf92d0 change msg to be more clear 2022-11-15 10:56:40 -06:00
justcool393 b95ee0864e fix 2fa bug 2022-11-15 10:56:04 -06:00
justcool393 3d7737387c use default config vlaue const everywhere 2022-11-15 10:55:00 -06:00
Aevann1 532ebd3ac8 standardize g.db behavior 2022-11-15 17:39:00 +02:00
Aevann1 b130139f3d sneed 2022-11-15 16:55:21 +02:00
Aevann1 4dbc4096d3 remove weird variable 2022-11-15 16:45:18 +02:00
Aevann1 6d607a6f59 give ppl a message when they change their settings sucessfully 2022-11-15 16:33:21 +02:00
justcool393 9b734a8e3a fix ghost 2022-11-15 08:21:37 -06:00