import time import gevent import requests from files.helpers.wrappers import * from files.helpers.sanitize import * from files.helpers.filters import * from files.helpers.alerts import * from files.helpers.discord import send_discord_message from files.helpers.const import * from files.classes import * from flask import * from io import BytesIO from files.__main__ import app, limiter, cache, db_session from PIL import Image as PILimage from .front import frontlist, changeloglist from urllib.parse import ParseResult, urlunparse, urlparse, quote, unquote from os import path import requests IMGUR_KEY = environ.get("IMGUR_KEY").strip() CF_KEY = environ.get("CF_KEY", "").strip() CF_ZONE = environ.get("CF_ZONE", "").strip() CF_HEADERS = {"Authorization": f"Bearer {CF_KEY}", "Content-Type": "application/json"} @app.post("/toggle_club/") @auth_required def toggle_club(pid, v): if v.club_allowed == False: abort(403) post = get_post(pid) if post.author_id != v.id and v.admin_level == 0: abort(403) post.club = not post.club g.db.add(post) g.db.commit() if post.club: return {"message": "Post has been marked as club-only!"} else: return {"message": "Post has been unmarked as club-only!"} @app.post("/publish/") @limiter.limit("1/second;30/minute;200/hour;1000/day") @auth_required def publish(pid, v): post = get_post(pid) if post.author_id != v.id: abort(403) post.private = False post.created_utc = int(time.time()) g.db.add(post) notify_users = NOTIFY_USERS(post.body_html, v) | NOTIFY_USERS2(post.title, v) cid = notif_comment(f"@{v.username} has mentioned you: [{post.title}]({post.permalink})") for x in notify_users: add_notif(cid, x) cid = notif_comment(f"@{v.username} has made a new post: [{post.title}]({post.permalink})", autojanny=True) for follow in v.followers: user = get_account(follow.user_id) if post.club and not user.paid_dues: continue add_notif(cid, user.id) cache.delete_memoized(frontlist) cache.delete_memoized(User.userpagelisting) if v.admin_level > 0 and ("[changelog]" in post.title or "(changelog)" in post.title): send_discord_message(f"{request.host_url}{post.permalink[1:]}") cache.delete_memoized(changeloglist) g.db.commit() return {"message": "Post published!"} @app.get("/submit") @auth_required def submit_get(v): return render_template("submit.html", v=v) @app.get("/post/") @app.get("/post//") @app.get("/logged_out/post/") @app.get("/logged_out/post//") @auth_desired def post_id(pid, anything=None, v=None): if not v and not request.path.startswith('/logged_out') and not request.headers.get("Authorization"): return redirect(f"/logged_out{request.full_path}") if v and request.path.startswith('/logged_out'): v = None try: pid = int(pid) except Exception as e: pass try: pid = int(pid) except: try: pid = int(pid, 36) except: abort(404) post = get_post(pid, v=v) if 'megathread' in post.title.lower(): defaultsortingcomments = 'new' elif v: defaultsortingcomments = v.defaultsortingcomments else: defaultsortingcomments = "top" sort = request.values.get("sort", defaultsortingcomments) if post.club and not (v and (v.paid_dues or v.id == post.author_id)): abort(403) if v: votes = g.db.query(CommentVote).filter_by(user_id=v.id).subquery() blocking = v.blocking.subquery() blocked = v.blocked.subquery() comments = g.db.query( Comment, votes.c.vote_type, blocking.c.id, blocked.c.id, ) if not (v and v.shadowbanned) and not (v and v.admin_level > 1): comments = comments.join(User, User.id == Comment.author_id).filter(User.shadowbanned == None) comments=comments.filter(Comment.parent_submission == post.id, Comment.author_id.notin_((AUTOPOLLER_ID, AUTOBETTER_ID))).join( votes, votes.c.comment_id == Comment.id, isouter=True ).join( blocking, blocking.c.target_id == Comment.author_id, isouter=True ).join( blocked, blocked.c.user_id == Comment.author_id, isouter=True ) output = [] for c in comments.all(): comment = c[0] comment.voted = c[1] or 0 comment.is_blocking = c[2] or 0 comment.is_blocked = c[3] or 0 output.append(comment) pinned = [c[0] for c in comments.filter(Comment.is_pinned != None).all()] comments = comments.filter(Comment.level == 1, Comment.is_pinned == None) if sort == "new": comments = comments.order_by(Comment.created_utc.desc()) elif sort == "old": comments = comments.order_by(Comment.created_utc.asc()) elif sort == "controversial": comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes) elif sort == "top": comments = comments.order_by(Comment.realupvotes.desc()) elif sort == "bottom": comments = comments.order_by(Comment.upvotes - Comment.downvotes) comments = [c[0] for c in comments.all()] else: pinned = g.db.query(Comment).filter(Comment.parent_submission == post.id, Comment.is_pinned != None).all() comments = g.db.query(Comment).join(User, User.id == Comment.author_id).filter(User.shadowbanned == None, Comment.parent_submission == post.id, Comment.author_id.notin_((AUTOPOLLER_ID, AUTOBETTER_ID)), Comment.level == 1, Comment.is_pinned == None) if sort == "new": comments = comments.order_by(Comment.created_utc.desc()) elif sort == "old": comments = comments.order_by(Comment.created_utc.asc()) elif sort == "controversial": comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes) elif sort == "top": comments = comments.order_by(Comment.realupvotes.desc()) elif sort == "bottom": comments = comments.order_by(Comment.upvotes - Comment.downvotes) comments = comments.all() offset = 0 if post.comment_count > 60 and not request.headers.get("Authorization") and not request.values.get("all"): comments2 = [] count = 0 if post.created_utc > 1638672040: for comment in comments: comments2.append(comment) count += g.db.query(Comment.id).filter_by(parent_submission=post.id, top_comment_id=comment.id).count() + 1 offset += 1 if count > 50: break else: for comment in comments: comments2.append(comment) count += g.db.query(Comment.id).filter_by(parent_submission=post.id, parent_comment_id=comment.id).count() + 1 offset += 1 if count > 10: break if len(comments) == len(comments2): offset = None comments = comments2 for pin in pinned: if pin.is_pinned_utc and int(time.time()) > pin.is_pinned_utc: pin.is_pinned = None pin.is_pinned_utc = None g.db.add(pin) pinned.remove(pin) post.replies = pinned + comments post.views += 1 g.db.add(post) if request.host != 'old.rdrama.net' and post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()): if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error":"Must be 18+ to view"}, 451 return render_template("errors/nsfw.html", v=v) g.db.commit() if request.headers.get("Authorization"): return post.json else: if post.is_banned and not (v and (v.admin_level > 1 or post.author_id == v.id)): template = "submission_banned.html" else: template = "submission.html" return render_template(template, v=v, p=post, sort=sort, render_replies=True, offset=offset) @app.post("/viewmore///") @limiter.limit("1/second;30/minute;200/hour;1000/day") @auth_required def viewmore(v, pid, sort, offset): offset = int(offset) if v: votes = g.db.query(CommentVote).filter_by(user_id=v.id).subquery() blocking = v.blocking.subquery() blocked = v.blocked.subquery() comments = g.db.query( Comment, votes.c.vote_type, blocking.c.id, blocked.c.id, ) if not (v and v.shadowbanned) and not (v and v.admin_level > 1): comments = comments.join(User, User.id == Comment.author_id).filter(User.shadowbanned == None) comments=comments.filter(Comment.parent_submission == pid, Comment.author_id.notin_((AUTOPOLLER_ID, AUTOBETTER_ID)), Comment.is_pinned == None).join( votes, votes.c.comment_id == Comment.id, isouter=True ).join( blocking, blocking.c.target_id == Comment.author_id, isouter=True ).join( blocked, blocked.c.user_id == Comment.author_id, isouter=True ) output = [] for c in comments.all(): comment = c[0] comment.voted = c[1] or 0 comment.is_blocking = c[2] or 0 comment.is_blocked = c[3] or 0 output.append(comment) comments = comments.filter(Comment.level == 1) if sort == "new": comments = comments.order_by(Comment.created_utc.desc()) elif sort == "old": comments = comments.order_by(Comment.created_utc.asc()) elif sort == "controversial": comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes) elif sort == "top": comments = comments.order_by(Comment.realupvotes.desc()) elif sort == "bottom": comments = comments.order_by(Comment.upvotes - Comment.downvotes) comments = comments.offset(offset) comments = [c[0] for c in comments.all()] else: comments = g.db.query(Comment).join(User, User.id == Comment.author_id).filter(User.shadowbanned == None, Comment.parent_submission == pid, Comment.author_id.notin_((AUTOPOLLER_ID, AUTOBETTER_ID)), Comment.level == 1, Comment.is_pinned == None) if sort == "new": comments = comments.order_by(Comment.created_utc.desc()) elif sort == "old": comments = comments.order_by(Comment.created_utc.asc()) elif sort == "controversial": comments = comments.order_by(-1 * Comment.upvotes * Comment.downvotes * Comment.downvotes) elif sort == "top": comments = comments.order_by(Comment.realupvotes.desc()) elif sort == "bottom": comments = comments.order_by(Comment.upvotes - Comment.downvotes) comments = comments.offset(offset) comments = comments.all() comments2 = [] count = 0 post = get_post(pid, v=v) if post.created_utc > 1638672040: for comment in comments: comments2.append(comment) count += g.db.query(Comment.id).filter_by(parent_submission=post.id, top_comment_id=comment.id).count() + 1 offset += 1 if count > 50: break else: for comment in comments: comments2.append(comment) count += g.db.query(Comment.id).filter_by(parent_submission=post.id, parent_comment_id=comment.id).count() + 1 offset += 1 if count > 10: break if len(comments) == len(comments2): offset = None comments = comments2 return render_template("comments.html", v=v, comments=comments, render_replies=True, pid=pid, sort=sort, offset=offset) @app.post("/morecomments/") @limiter.limit("1/second;30/minute;200/hour;1000/day") @auth_required def morecomments(v, cid): tcid = g.db.query(Comment.top_comment_id).filter_by(id=cid).one_or_none()[0] if v: votes = g.db.query(CommentVote).filter_by(user_id=v.id).subquery() blocking = v.blocking.subquery() blocked = v.blocked.subquery() comments = g.db.query( Comment, votes.c.vote_type, blocking.c.id, blocked.c.id, ).filter(Comment.top_comment_id == tcid, Comment.level > 10).join( votes, votes.c.comment_id == Comment.id, isouter=True ).join( blocking, blocking.c.target_id == Comment.author_id, isouter=True ).join( blocked, blocked.c.user_id == Comment.author_id, isouter=True ) output = [] dump = [] for c in comments.all(): comment = c[0] comment.voted = c[1] or 0 comment.is_blocking = c[2] or 0 comment.is_blocked = c[3] or 0 if c[0].parent_comment_id == int(cid): output.append(comment) else: dump.append(comment) comments = output else: c = g.db.query(Comment).filter_by(id=cid).one_or_none() comments = c.replies return render_template("comments.html", v=v, comments=comments, render_replies=True) @app.post("/edit_post/") @limiter.limit("1/second;30/minute;200/hour;1000/day") @auth_required def edit_post(pid, v): if v and v.patron: if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413 elif request.content_length > 4 * 1024 * 1024: return {"error":"Max file size is 4 MB."}, 413 p = get_post(pid) if p.author_id != v.id and not (v.admin_level > 1 and v.admin_level > 2): abort(403) title = request.values.get("title", "").strip().replace('‎','') body = request.values.get("body", "").strip().replace('‎','') if len(body) > 20000: return {"error":"Character limit is 20000!"}, 403 if v.marseyawarded: marregex = list(re.finditer("^(:[!#]{0,2}m\w+:\s*)+$", title)) if len(marregex) == 0: return {"error":"You can only type marseys!"}, 403 if body: marregex = list(re.finditer("^(:[!#]{0,2}m\w+:\s*)+$", body)) if len(marregex) == 0: return {"error":"You can only type marseys!"}, 403 if v.longpost and len(body) < 280 or ' [](' in body or body.startswith('[]('): return {"error":"You have to type more than 280 characters!"}, 403 elif v.bird and len(body) > 140: return {"error":"You have to type less than 140 characters!"}, 403 if title != p.title: if v.agendaposter and not v.marseyawarded: title = torture_ap(title, v.username) title_html = filter_emojis_only(title, edit=True) if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))): return {"error":"You can only type marseys!"}, 403 p.title = title[:500] p.title_html = title_html if request.files.get("file") and request.headers.get("cf-ipcountry") != "T1": file=request.files["file"] if file.content_type.startswith('image/'): body += f"\n\n![]({process_image(file)})" elif file.content_type.startswith('video/'): file.save("video.mp4") with open("video.mp4", 'rb') as f: try: url = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)]).json()['data']['link'] except: return {"error": "Imgur error"}, 400 if url.endswith('.'): url += 'mp4' body += f"\n\n{url}" else: return {"error": "Image/Video files only"}, 400 if body != p.body: for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})') if v.agendaposter and not v.marseyawarded: body = torture_ap(body, v.username) if not p.options.count(): for i in re.finditer('\s*\$\$([^\$\n]+)\$\$\s*', body): body = body.replace(i.group(0), "") c = Comment(author_id=AUTOPOLLER_ID, parent_submission=p.id, level=1, body_html=filter_emojis_only(i.group(1)), upvotes=0, is_bot=True ) g.db.add(c) body_html = sanitize(body, edit=True) bans = filter_comment_html(body_html) if bans: ban = bans[0] reason = f"Remove the {ban.domain} link from your post and try again." if ban.reason: reason += f" {ban.reason}" return {"error": reason}, 403 p.body = body if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', body_html))): return {"error":"You can only type marseys!"}, 40 if v.longpost: if len(body) < 280 or ' [](' in body or body.startswith('[]('): return {"error":"You have to type more than 280 characters!"}, 403 elif v.bird: if len(body) > 140 : return {"error":"You have to type less than 140 characters!"}, 403 if len(body_html) > 40000: return {"error":"Submission body too long!"}, 400 p.body_html = body_html if v.agendaposter and not v.marseyawarded and AGENDAPOSTER_PHRASE not in f'{p.body}{p.title}'.lower(): p.is_banned = True p.ban_reason = "AutoJanny" g.db.add(p) body = AGENDAPOSTER_MSG.format(username=v.username, type='post', AGENDAPOSTER_PHRASE=AGENDAPOSTER_PHRASE) body_jannied_html = sanitize(body) c_jannied = Comment(author_id=NOTIFICATIONS_ID, parent_submission=p.id, level=1, over_18=False, is_bot=True, app_id=None, is_pinned='AutoJanny', distinguish_level=6, body_html=body_jannied_html, ) g.db.add(c_jannied) g.db.flush() n = Notification(comment_id=c_jannied.id, user_id=v.id) g.db.add(n) notify_users = NOTIFY_USERS(body_html, v) | NOTIFY_USERS2(title, v) soup = BeautifulSoup(body_html, features="html.parser") cid = notif_comment(f"@{v.username} has mentioned you: [{p.title}]({p.permalink})") for x in notify_users: add_notif(cid, x) if (title != p.title or body != p.body) and v.id == p.author_id: if int(time.time()) - p.created_utc > 60 * 3: p.edited_utc = int(time.time()) g.db.add(p) g.db.commit() return redirect(p.permalink) def archiveorg(url): try: requests.get(f'https://web.archive.org/save/{url}', headers={'User-Agent': 'Mozilla/4.0 (compatible; MSIE 5.5; Windows NT)'}, timeout=100) except Exception as e: print(e) def thumbnail_thread(pid): db = db_session() def expand_url(post_url, fragment_url): if fragment_url.startswith("https://"): return fragment_url elif fragment_url.startswith("https://"): return f"https://{fragment_url.split('https://')[1]}" elif fragment_url.startswith('//'): return f"https:{fragment_url}" elif fragment_url.startswith('/'): parsed_url = urlparse(post_url) return f"https://{parsed_url.netloc}{fragment_url}" else: return f"{post_url}{'/' if not post_url.endswith('/') else ''}{fragment_url}" post = db.query(Submission).filter_by(id=pid).one_or_none() if not post or not post.url: time.sleep(5) post = db.query(Submission).filter_by(id=pid).one_or_none() if not post or not post.url: return fetch_url = post.url if fetch_url.startswith('/'): fetch_url = f"{request.host_url}{fetch_url[1:]}" headers={"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.72 Safari/537.36"} try: x=requests.get(fetch_url, headers=headers, timeout=5) except: db.close() return if x.status_code != 200: db.close() return if x.headers.get("Content-Type","").startswith("text/html"): soup=BeautifulSoup(x.content, 'html.parser') thumb_candidate_urls=[] meta_tags = [ "drama:thumbnail", "twitter:image", "og:image", "thumbnail" ] for tag_name in meta_tags: tag = soup.find( 'meta', attrs={ "name": tag_name, "content": True } ) if not tag: tag = soup.find( 'meta', attrs={ 'property': tag_name, 'content': True } ) if tag: thumb_candidate_urls.append(expand_url(post.url, tag['content'])) for tag in soup.find_all("img", attrs={'src':True}): thumb_candidate_urls.append(expand_url(post.url, tag['src'])) for url in thumb_candidate_urls: try: image_req=requests.get(url, headers=headers, timeout=5) except: continue if image_req.status_code >= 400: continue if not image_req.headers.get("Content-Type","").startswith("image/"): continue if image_req.headers.get("Content-Type","").startswith("image/svg"): continue image = PILimage.open(BytesIO(image_req.content)) if image.width < 30 or image.height < 30: continue break else: db.close() return elif x.headers.get("Content-Type","").startswith("image/"): image_req=x image = PILimage.open(BytesIO(x.content)) else: db.close() return name = f'/images/{time.time()}'.replace('.','')[:-5] + '.webp' with open(name, "wb") as file: for chunk in image_req.iter_content(1024): file.write(chunk) post.thumburl = process_image(filename=name, resize=100) db.add(post) db.commit() db.close() return @app.post("/submit") @limiter.limit("1/second;6/minute;200/hour;1000/day") @auth_required def submit_post(v): if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403 if v and v.patron: if request.content_length > 8 * 1024 * 1024: return {"error": "Max file size is 8 MB."}, 413 elif request.content_length > 4 * 1024 * 1024: return {"error": "Max file size is 4 MB."}, 413 title = request.values.get("title", "").strip()[:500].replace('‎','') url = request.values.get("url", "").strip() if v.agendaposter and not v.marseyawarded: title = torture_ap(title, v.username) title_html = filter_emojis_only(title) body = request.values.get("body", "").strip().replace('‎','') if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', title_html))): return {"error":"You can only type marseys!"}, 40 if v.longpost: if len(body) < 280 or ' [](' in body or body.startswith('[]('): return {"error":"You have to type more than 280 characters!"}, 403 elif v.bird: if len(body) > 140 : return {"error":"You have to type less than 140 characters!"}, 403 if url: if "/i.imgur.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp") elif "/media.giphy.com/" in url or "/c.tenor.com/" in url: url = url.replace(".gif", ".webp") elif "/i.ibb.com/" in url: url = url.replace(".png", ".webp").replace(".jpg", ".webp").replace(".jpeg", ".webp").replace(".gif", ".webp") for rd in ["://reddit.com", "://new.reddit.com", "://www.reddit.com", "://redd.it", "://libredd.it"]: url = url.replace(rd, "://old.reddit.com") url = url.replace("old.reddit.com/gallery", "new.reddit.com/gallery").replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://open.spotify.com/", "https://open.spotify.com/embed/").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("m.wikipedia.org", "wikipedia.org").replace("https://m.youtube", "https://youtube").replace("https://www.youtube", "https://youtube") if url.startswith("https://streamable.com/") and not url.startswith("https://streamable.com/e/"): url = url.replace("https://streamable.com/", "https://streamable.com/e/") parsed_url = urlparse(url) domain = parsed_url.netloc if domain == 'old.reddit.com': new_url = ParseResult(scheme="https", netloc=parsed_url.netloc, path=parsed_url.path, params=parsed_url.params, query=None, fragment=parsed_url.fragment) else: qd = parse_qs(parsed_url.query) filtered = {k: val for k, val in qd.items() if not k.startswith('utm_') and not k.startswith('ref_')} new_url = ParseResult(scheme="https", netloc=parsed_url.netloc, path=parsed_url.path, params=parsed_url.params, query=urlencode(filtered, doseq=True), fragment=parsed_url.fragment) url = urlunparse(new_url) if SITE != 'localhost': repost = g.db.query(Submission).filter( Submission.url.ilike(url), Submission.deleted_utc == 0, Submission.is_banned == False ).one_or_none() if repost: return redirect(repost.permalink) domain_obj = get_domain(domain) if domain_obj: if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error":domain_obj.reason}, 400 return render_template("submit.html", v=v, error=domain_obj.reason, title=title, url=url, body=request.values.get("body", "")), 400 elif "twitter.com" == domain: try: embed = requests.get("https://publish.twitter.com/oembed", timeout=5, params={"url":url, "omit_script":"t"}).json()["html"] except: embed = None elif url.startswith('https://youtube.com/watch?v='): url = unquote(url).replace('?t', '&t') yt_id = url.split('https://youtube.com/watch?v=')[1].split('&')[0].split('%')[0] params = parse_qs(urlparse(url).query) t = params.get('t', params.get('start', [0]))[0] if isinstance(t, str): t = t.replace('s','') embed = f'' elif app.config['SERVER_NAME'] in domain and "/post/" in url and "context" not in url: id = url.split("/post/")[1] if "/" in id: id = id.split("/")[0] embed = id else: embed = None else: embed = None if not url and not request.values.get("body") and not request.files.get("file", None): if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "`url` or `body` parameter required."}, 400 return render_template("submit.html", v=v, error="Please enter a url or some text.", title=title, url=url, body=request.values.get("body", "")), 400 if not title: if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "Please enter a better title"}, 400 return render_template("submit.html", v=v, error="Please enter a better title.", title=title, url=url, body=request.values.get("body", "")), 400 elif len(title) > 500: if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "500 character limit for titles"}, 400 else: render_template("submit.html", v=v, error="500 character limit for titles.", title=title[:500], url=url, body=request.values.get("body", "")), 400 if v.marseyawarded: marregex = list(re.finditer("^(:[!#]{0,2}m\w+:\s*)+$", title)) if len(marregex) == 0: return {"error":"You can only type marseys!"}, 403 if body: marregex = list(re.finditer("^(:[!#]{0,2}m\w+:\s*)+$", body)) if len(marregex) == 0: return {"error":"You can only type marseys!"}, 403 if v.longpost and len(body) < 280 or ' [](' in body or body.startswith('[]('): return {"error":"You have to type more than 280 characters!"}, 403 elif v.bird and len(body) > 140: return {"error":"You have to type less than 140 characters!"}, 403 dup = g.db.query(Submission).filter( Submission.author_id == v.id, Submission.deleted_utc == 0, Submission.title == title, Submission.url == url, Submission.body == body ).one_or_none() if dup: return redirect(dup.permalink) now = int(time.time()) cutoff = now - 60 * 60 * 24 similar_posts = g.db.query(Submission).filter( Submission.author_id == v.id, Submission.title.op('<->')(title) < app.config["SPAM_SIMILARITY_THRESHOLD"], Submission.created_utc > cutoff ).all() if url: similar_urls = g.db.query(Submission).filter( Submission.author_id == v.id, Submission.url.op('<->')(url) < app.config["SPAM_URL_SIMILARITY_THRESHOLD"], Submission.created_utc > cutoff ).all() else: similar_urls = [] threshold = app.config["SPAM_SIMILAR_COUNT_THRESHOLD"] if v.age >= (60 * 60 * 24 * 7): threshold *= 3 elif v.age >= (60 * 60 * 24): threshold *= 2 if max(len(similar_urls), len(similar_posts)) >= threshold: text = "Your account has been suspended for 1 day for the following reason:\n\n> Too much spam!" send_repeatable_notification(v.id, text) v.ban(reason="Spamming.", days=1) for post in similar_posts + similar_urls: post.is_banned = True post.is_pinned = False post.ban_reason = "AutoJanny" g.db.add(post) ma=ModAction( user_id=AUTOJANNY_ID, target_submission_id=post.id, kind="ban_post", _note="spam" ) g.db.add(ma) return redirect("/notifications") if len(str(body)) > 20000: if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error":"There's a 20000 character limit for text body."}, 400 return render_template("submit.html", v=v, error="There's a 20000 character limit for text body.", title=title, url=url, body=request.values.get("body", "")), 400 if len(url) > 2048: if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error":"2048 character limit for URLs."}, 400 return render_template("submit.html", v=v, error="2048 character limit for URLs.", title=title, url=url,body=request.values.get("body", "")), 400 for i in re.finditer('^(https:\/\/.*\.(png|jpg|jpeg|gif|webp|PNG|JPG|JPEG|GIF|WEBP|9999))', body, re.MULTILINE): if "wikipedia" not in i.group(1): body = body.replace(i.group(1), f'![]({i.group(1)})') if v and v.admin_level > 2: bet_options = [] for i in re.finditer('\s*\$\$\$([^\$\n]+)\$\$\$\s*', body): bet_options.append(i.group(1)) body = body.replace(i.group(0), "") options = [] for i in re.finditer('\s*\$\$([^\$\n]+)\$\$\s*', body): options.append(i.group(1)) body = body.replace(i.group(0), "") if v.agendaposter and not v.marseyawarded: body = torture_ap(body, v.username) if request.files.get("file2") and request.headers.get("cf-ipcountry") != "T1": file=request.files["file2"] if file.content_type.startswith('image/'): body += f"\n\n![]({process_image(file)})" elif file.content_type.startswith('video/'): file.save("video.mp4") with open("video.mp4", 'rb') as f: try: url = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)]).json()['data']['link'] except: return {"error": "Imgur error"}, 400 if url.endswith('.'): url += 'mp4' body += f"\n\n{url}" else: if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "Image/Video files only"}, 400 return render_template("submit.html", v=v, error=f"Image/Video files only."), 400 body_html = sanitize(body) if v.marseyawarded and len(list(re.finditer('>[^<\s+]|[^>\s+]<', body_html))): return {"error":"You can only type marseys!"}, 400 if v.longpost: if len(body) < 280 or ' [](' in body or body.startswith('[]('): return {"error":"You have to type more than 280 characters!"}, 403 elif v.bird: if len(body) > 140 : return {"error":"You have to type less than 140 characters!"}, 403 if len(body_html) > 40000: return {"error":"Submission body too long!"}, 400 bans = filter_comment_html(body_html) if bans: ban = bans[0] reason = f"Remove the {ban.domain} link from your post and try again." if ban.reason: reason += f" {ban.reason}" if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": reason}, 403 return render_template("submit.html", v=v, error=reason, title=title, url=url, body=request.values.get("body", "")), 403 if v.club_allowed == False: club = False else: club = bool(request.values.get("club","")) if embed and len(embed) > 1500: embed = None new_post = Submission( private=bool(request.values.get("private","")), club=club, author_id=v.id, over_18=bool(request.values.get("over_18","")), app_id=v.client.application.id if v.client else None, is_bot = request.headers.get("Authorization"), url=url, body=body[:20000], body_html=body_html, embed_url=embed, title=title[:500], title_html=title_html, created_utc=int(time.time()) ) g.db.add(new_post) g.db.flush() if v and v.admin_level > 2: for option in bet_options: bet_option = Comment(author_id=AUTOBETTER_ID, parent_submission=new_post.id, level=1, body_html=filter_emojis_only(option), upvotes=0, is_bot=True ) g.db.add(bet_option) for option in options: c = Comment(author_id=AUTOPOLLER_ID, parent_submission=new_post.id, level=1, body_html=filter_emojis_only(option), upvotes=0, is_bot=True ) g.db.add(c) vote = Vote(user_id=v.id, vote_type=1, submission_id=new_post.id ) g.db.add(vote) if request.files.get('file') and request.headers.get("cf-ipcountry") != "T1": file = request.files['file'] if file.content_type.startswith('image/'): new_post.url = process_image(file) new_post.thumburl = process_image(file, resize=100) elif file.content_type.startswith('video/'): file.save("video.mp4") with open("video.mp4", 'rb') as f: try: url = requests.request("POST", "https://api.imgur.com/3/upload", headers={'Authorization': f'Client-ID {IMGUR_KEY}'}, files=[('video', f)]).json()['data']['link'] except: return {"error": "Imgur error"}, 400 if url.endswith('.'): url += 'mp4' new_post.url = url else: if request.headers.get("Authorization") or request.headers.get("xhr"): return {"error": "File type not allowed"}, 400 return render_template("submit.html", v=v, error="File type not allowed.", title=title, body=request.values.get("body", "")), 400 if not new_post.thumburl and new_post.url: if request.host in new_post.url or new_post.url.startswith('/') or request.host == 'rdrama.net' and 'rdrama' in new_post.domain: new_post.thumburl = f'/static/assets/images/{SITE_NAME}/site_preview.webp' elif request.headers.get('cf-ipcountry')!="T1": gevent.spawn( thumbnail_thread, new_post.id) if not new_post.private: notify_users = NOTIFY_USERS(body_html, v) | NOTIFY_USERS2(title, v) cid = notif_comment(f"@{v.username} has mentioned you: [{title}]({new_post.permalink})") for x in notify_users: add_notif(cid, x) cid = notif_comment(f"@{v.username} has made a new post: [{title}]({new_post.permalink})", autojanny=True) for follow in v.followers: user = get_account(follow.user_id) if new_post.club and not user.paid_dues: continue add_notif(cid, user.id) if v.agendaposter and not v.marseyawarded and AGENDAPOSTER_PHRASE not in f'{new_post.body}{new_post.title}'.lower(): new_post.is_banned = True new_post.ban_reason = "AutoJanny" body = AGENDAPOSTER_MSG.format(username=v.username, type='post', AGENDAPOSTER_PHRASE=AGENDAPOSTER_PHRASE) body_jannied_html = sanitize(body) c_jannied = Comment(author_id=NOTIFICATIONS_ID, parent_submission=new_post.id, level=1, over_18=False, is_bot=True, app_id=None, is_pinned='AutoJanny', distinguish_level=6, body_html=body_jannied_html, ) g.db.add(c_jannied) g.db.flush() n = Notification(comment_id=c_jannied.id, user_id=v.id) g.db.add(n) if v.id == CARP_ID: if random.random() < 0.02: body = "i love you carp" else: body = ":#marseyfuckoffcarp:" elif v.id == LAWLZ_ID: if random.random() < 0.5: body = "wow, this lawlzpost sucks!" else: body = "wow, a good lawlzpost for once!" elif path.exists(f'snappy_{SITE_NAME}.txt'): with open(f'snappy_{SITE_NAME}.txt', "r") as f: snappyquotes = f.read().split("{[para]}") if request.host != 'pcmemes.net': with open("marseys.json", 'r') as f: marseys = loads(f.read()).keys() snappyquotes += [f':#{x}:' for x in marseys] body = random.choice(snappyquotes) body += "\n\n" if new_post.url: if new_post.url.startswith('https://old.reddit.com/r/'): rev = new_post.url.replace('https://old.reddit.com/', '') rev = f"* [unddit.com](https://unddit.com/{rev})\n" else: rev = '' newposturl = new_post.url if newposturl.startswith('/'): newposturl = f"{request.host_url}{newposturl[1:]}" body += f"Snapshots:\n\n{rev}* [archive.org](https://web.archive.org/{newposturl})\n* [archive.ph](https://archive.ph/?url={quote(newposturl)}&run=1) (click to archive)\n\n" gevent.spawn(archiveorg, newposturl) url_regex = '(.+)<\/a>' for url_match in re.finditer(url_regex, new_post.body_html): href = url_match.group(1) if not href: continue title = url_match.group(2) if "Snapshots:\n\n" not in body: body += "Snapshots:\n\n" if f'**[{title}]({href})**:\n\n' not in body: body += f'**[{title}]({href})**:\n\n' if href.startswith('https://old.reddit.com/'): body += f'* [unddit.com](https://unddit.com/{href.replace("https://old.reddit.com/", "")})\n' body += f'* [archive.org](https://web.archive.org/{href})\n' body += f'* [archive.ph](https://archive.ph/?url={quote(href)}&run=1) (click to archive)\n\n' gevent.spawn(archiveorg, href) body_html = sanitize(body) if len(body_html) < 40000: c = Comment(author_id=SNAPPY_ID, distinguish_level=6, parent_submission=new_post.id, level=1, over_18=False, is_bot=True, app_id=None, body_html=body_html ) g.db.add(c) snappy = g.db.query(User).filter_by(id = SNAPPY_ID).one_or_none() snappy.comment_count += 1 snappy.coins += 1 g.db.add(snappy) if not v.is_blocking(snappy): g.db.flush() n = Notification(comment_id=c.id, user_id=v.id) g.db.add(n) new_post.comment_count += 1 v.post_count = g.db.query(Submission.id).filter_by(author_id=v.id, is_banned=False, deleted_utc=0).count() g.db.add(v) cache.delete_memoized(frontlist) cache.delete_memoized(User.userpagelisting) if v.admin_level > 0 and ("[changelog]" in new_post.title or "(changelog)" in new_post.title) and not new_post.private: send_discord_message(f"{request.host_url}{new_post.permalink[1:]}") cache.delete_memoized(changeloglist) if v.id in (PIZZASHILL_ID, HIL_ID): autovote = Vote(user_id=CARP_ID, submission_id=new_post.id, vote_type=1) g.db.add(autovote) autovote = Vote(user_id=AEVANN_ID, submission_id=new_post.id, vote_type=1) g.db.add(autovote) autovote = Vote(user_id=CRAT_ID, submission_id=new_post.id, vote_type=1) g.db.add(autovote) v.coins += 3 v.truecoins += 3 g.db.add(v) new_post.upvotes += 3 g.db.add(new_post) g.db.commit() if request.headers.get("Authorization"): return new_post.json else: new_post.voted = 1 if 'megathread' in new_post.title.lower(): sort = 'new' else: sort = v.defaultsortingcomments if len(body_html) < 40000: new_post.replies = [c] return render_template('submission.html', v=v, p=new_post, sort=sort, render_replies=True, offset=0, success=True) @app.post("/delete_post/") @limiter.limit("1/second;30/minute;200/hour;1000/day") @auth_required def delete_post_pid(pid, v): post = get_post(pid) if post.author_id != v.id: abort(403) post.deleted_utc = int(time.time()) post.is_pinned = False post.stickied = None g.db.add(post) cache.delete_memoized(frontlist) g.db.commit() return {"message": "Post deleted!"} @app.post("/undelete_post/") @limiter.limit("1/second;30/minute;200/hour;1000/day") @auth_required def undelete_post_pid(pid, v): post = get_post(pid) if post.author_id != v.id: abort(403) post.deleted_utc =0 g.db.add(post) cache.delete_memoized(frontlist) g.db.commit() return {"message": "Post undeleted!"} @app.post("/toggle_comment_nsfw/") @auth_required def toggle_comment_nsfw(cid, v): comment = g.db.query(Comment).filter_by(id=cid).one_or_none() if comment.author_id != v.id and not v.admin_level > 1: abort(403) comment.over_18 = not comment.over_18 g.db.add(comment) g.db.commit() if comment.over_18: return {"message": "Comment has been marked as +18!"} else: return {"message": "Comment has been unmarked as +18!"} @app.post("/toggle_post_nsfw/") @auth_required def toggle_post_nsfw(pid, v): post = get_post(pid) if post.author_id != v.id and not v.admin_level > 1: abort(403) post.over_18 = not post.over_18 g.db.add(post) if post.author_id!=v.id: ma=ModAction( kind="set_nsfw" if post.over_18 else "unset_nsfw", user_id=v.id, target_submission_id=post.id, ) g.db.add(ma) g.db.commit() if post.over_18: return {"message": "Post has been marked as +18!"} else: return {"message": "Post has been unmarked as +18!"} @app.post("/save_post/") @limiter.limit("1/second;30/minute;200/hour;1000/day") @auth_required def save_post(pid, v): post=get_post(pid) save = g.db.query(SaveRelationship).filter_by(user_id=v.id, submission_id=post.id, type=1).one_or_none() if not save: new_save=SaveRelationship(user_id=v.id, submission_id=post.id, type=1) g.db.add(new_save) g.db.commit() return {"message": "Post saved!"} @app.post("/unsave_post/") @limiter.limit("1/second;30/minute;200/hour;1000/day") @auth_required def unsave_post(pid, v): post=get_post(pid) save = g.db.query(SaveRelationship).filter_by(user_id=v.id, submission_id=post.id, type=1).one_or_none() if save: g.db.delete(save) g.db.commit() return {"message": "Post unsaved!"} @app.post("/pin/") @auth_required def api_pin_post(post_id, v): post = g.db.query(Submission).filter_by(id=post_id).one_or_none() if post: if v.id != post.author_id: return {"error": "Only the post author's can do that!"} post.is_pinned = not post.is_pinned g.db.add(post) cache.delete_memoized(User.userpagelisting) g.db.commit() if post.is_pinned: return {"message": "Post pinned!"} else: return {"message": "Post unpinned!"}