under attack

.gitignore

@@ -3,7 +3,8 @@ video.mp4
 video.webm
 cache/
 __pycache__/
-disablesignups
+disable_signups
+under_attack
 .idea/
 **/.pytest_cache/
 venv/

disablesignups

@@ -1 +0,0 @@
-no

docker-compose.yml

@@ -43,6 +43,8 @@ services:
       - MAIL_USERNAME=blahblahblah@gmail.com
       - MAIL_PASSWORD=3435tdfsdudebussylmaoxxt43
       - DESCRIPTION=rdrama.net caters to drama in all forms such as Real life, videos, photos, gossip, rumors, news sites, Reddit, and Beyond™. There isn't drama we won't touch, and we want it all!
+      - CF_KEY=3435tdfsdudebussylmaoxxt43
+      - CF_ZONE=3435tdfsdudebussylmaoxxt43
     links:
       - "redis"
       - "postgres"

env

@@ -32,3 +32,5 @@ export DEFAULT_COLOR="ff66ac" # YOU HAVE TO PICK ONE OF THOSE COLORS OR SHIT WIL
 export MAIL_USERNAME="blahblahblah@gmail.com"
 export MAIL_PASSWORD="3435tdfsdudebussylmaoxxt43"
 export DESCRIPTION="rdrama.net caters to drama in all forms such as: Real life, videos, photos, gossip, rumors, news sites, Reddit, and Beyond™. There isn't drama we won't touch, and we want it all!"
+export CF_KEY="3435tdfsdudebussylmaoxxt43"
+export CF_ZONE="3435tdfsdudebussylmaoxxt43"

files/classes/mod_logs.py

@@ -174,6 +174,16 @@ ACTIONTYPES={
 		"icon": "fa-user",
 		"color": "bg-success",
 	},
+	"disable_under_attack": {
+		"str": "disabled under attack mode",
+		"icon": "fa-shield",
+		"color": "bg-success",
+	},
+	"enable_under_attack": {
+		"str": "enabled under attack mode",
+		"icon": "fa-shield",
+		"color": "bg-danger",
+	},
 	"ban_user":{
 		"str":'banned user {self.target_link}',
 		"icon":"fa-user-slash",

files/helpers/wrappers.py

@@ -23,8 +23,13 @@ def get_logged_in_user():
 		v = g.db.query(User).filter_by(id=lo_user).one_or_none()
 
 		if not v or nonce < v.login_nonce: return None
-
 		v.client = None
+
+		if request.method != "GET":
+			submitted_key = request.values.get("formkey")
+			if not submitted_key: abort(401)
+			elif not v.validate_formkey(submitted_key): abort(401)
+
 		return v
 
 def check_ban_evade(v):
@@ -111,20 +116,3 @@ def admin_level_required(x):
 		return wrapper
 
 	return wrapper_maker
-
-
-def validate_formkey(f):
-	def wrapper(*args, v, **kwargs):
-
-		if not request.headers.get("Authorization"):
-
-			submitted_key = request.values.get("formkey", None)
-
-			if not submitted_key: abort(401)
-
-			elif not v.validate_formkey(submitted_key): abort(401)
-
-		return f(*args, v=v, **kwargs)
-
-	wrapper.__name__ = f.__name__
-	return wrapper

files/mail/__init__.py

@@ -43,7 +43,6 @@ def send_verification_email(user, email=None):
 @app.post("/verify_email")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def api_verify_email(v):
 
 	send_verification_email(v)

files/routes/admin.py

@@ -23,14 +23,18 @@ SITE_NAME = environ.get("SITE_NAME", "").strip()
 GUMROAD_ID = environ.get("GUMROAD_ID", "tfcvri").strip()
 GUMROAD_TOKEN = environ.get("GUMROAD_TOKEN", "").strip()
 
+CF_KEY = environ.get("CF_KEY", "").strip()
+CF_ZONE = environ.get("CF_ZONE", "").strip()
+CF_HEADERS = {"Authorization": f"Bearer {CF_KEY}", "Content-Type": "application/json"}
+
 if SITE_NAME == 'PCM': cc = "splash mountain"
 else: cc = "country club"
 month = datetime.now().strftime('%B')
 
+
 @app.post("/@<username>/make_admin")
 @limiter.limit("1/second")
 @admin_level_required(3)
-@validate_formkey
 def make_admin(v, username):
 	if request.host == 'rdrama.net': abort(403)
 	user = get_user(username)
@@ -44,7 +48,6 @@ def make_admin(v, username):
 @app.post("/@<username>/remove_admin")
 @limiter.limit("1/second")
 @admin_level_required(3)
-@validate_formkey
 def remove_admin(v, username):
 	user = get_user(username)
 	if not user: abort(404)
@@ -91,7 +94,6 @@ def distribute(v, comment):
 @app.post("/@<username>/revert_actions")
 @limiter.limit("1/second")
 @admin_level_required(3)
-@validate_formkey
 def revert_actions(v, username):
 	user = get_user(username)
 	if not user: abort(404)
@@ -130,7 +132,6 @@ def revert_actions(v, username):
 @app.post("/@<username>/club_allow")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def club_allow(v, username):
 
 	u = get_user(username, v=v)
@@ -152,7 +153,6 @@ def club_allow(v, username):
 @app.post("/@<username>/club_ban")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def club_ban(v, username):
 
 	u = get_user(username, v=v)
@@ -174,7 +174,6 @@ def club_ban(v, username):
 @app.post("/@<username>/make_meme_admin")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def make_meme_admin(v, username):
 	if request.host == 'pcmemes.net' or (SITE_NAME == 'Drama' and v.admin_level > 2) or (request.host != 'rdrama.net' and request.host != 'pcmemes.net'):
 		user = get_user(username)
@@ -188,7 +187,6 @@ def make_meme_admin(v, username):
 @app.post("/@<username>/remove_meme_admin")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def remove_meme_admin(v, username):
 	if request.host == 'pcmemes.net' or (SITE_NAME == 'Drama' and v.admin_level > 2) or (request.host != 'rdrama.net' and request.host != 'pcmemes.net'):
 		user = get_user(username)
@@ -202,7 +200,6 @@ def remove_meme_admin(v, username):
 @app.post("/admin/monthly")
 @limiter.limit("1/day")
 @admin_level_required(3)
-@validate_formkey
 def monthly(v):
 	if request.host == 'rdrama.net' and v.id != AEVANN_ID: abort (403)
 
@@ -247,7 +244,6 @@ def get_sidebar(v):
 @app.post('/admin/sidebar')
 @limiter.limit("1/second")
 @admin_level_required(3)
-@validate_formkey
 def post_sidebar(v):
 
 	text = request.values.get('sidebar', '').strip()
@@ -351,21 +347,21 @@ def reported_comments(v):
 @admin_level_required(2)
 def admin_home(v):
 
-	with open('disablesignups', 'r') as f: x = f.read()
+	with open('disable_signups', 'r') as f: x = f.read()
+	with open('under_attack', 'r') as f: x2 = f.read()
 
-	if not v or v.oldsite: return render_template("admin/admin_home.html", v=v, x=x)
+	if not v or v.oldsite: return render_template("admin/admin_home.html", v=v, x=x, x2=x2)
 
 	actions = g.db.query(ModAction).order_by(ModAction.id.desc()).limit(10).all()
 
-	return render_template("CHRISTMAS/admin/admin_home.html", actions=actions, v=v, x=x)
+	return render_template("CHRISTMAS/admin/admin_home.html", actions=actions, v=v, x=x, x2=x2)
 
-@app.post("/admin/disablesignups")
+@app.post("/admin/disable_signups")
 @admin_level_required(3)
-@validate_formkey
+def disable_signups(v):
-def disablesignups(v):
+	with open('disable_signups', 'r') as f: content = f.read()
-	with open('disablesignups', 'r') as f: content = f.read()
 
-	with open('disablesignups', 'w') as f:
+	with open('disable_signups', 'w') as f:
 		if content == "yes":
 			f.write("no")
 			ma = ModAction(
@@ -385,6 +381,35 @@ def disablesignups(v):
 			g.db.commit()
 			return {"message": "Signups disabled!"}
 
+
+@app.post("/admin/under_attack")
+@admin_level_required(2)
+def under_attack(v):
+	with open('under_attack', 'r') as f: content = f.read()
+
+	with open('under_attack', 'w') as f:
+		if content == "yes":
+			f.write("no")
+			ma = ModAction(
+				kind="disable_under_attack",
+				user_id=v.id,
+			)
+			g.db.add(ma)
+			g.db.commit()
+			data='{"value":"high"}'
+		else:
+			f.write("yes")
+			ma = ModAction(
+				kind="enable_under_attack",
+				user_id=v.id,
+			)
+			g.db.add(ma)
+			g.db.commit()
+			data='{"value":"under_attack"}'
+
+	response = requests.patch(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, data=data)
+	return {"message": response.text}
+
 @app.get("/admin/badge_grant")
 @admin_level_required(2)
 def badge_grant_get(v):
@@ -397,7 +422,6 @@ def badge_grant_get(v):
 @app.post("/admin/badge_grant")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def badge_grant_post(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
@@ -571,7 +595,6 @@ def alt_votes_get(v):
 @app.post("/admin/link_accounts")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def admin_link_accounts(v):
 
 	u1 = int(request.values.get("u1"))
@@ -643,7 +666,6 @@ def admin_removed_comments(v):
 
 @app.post("/agendaposter/<user_id>")
 @admin_level_required(2)
-@validate_formkey
 def agendaposter(user_id, v):
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
 
@@ -700,7 +722,6 @@ def agendaposter(user_id, v):
 @app.post("/shadowban/<user_id>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def shadowban(user_id, v):
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
 	if user.admin_level != 0: abort(403)
@@ -726,7 +747,6 @@ def shadowban(user_id, v):
 @app.post("/unshadowban/<user_id>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def unshadowban(user_id, v):
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
 	if user.admin_level != 0: abort(403)
@@ -753,7 +773,6 @@ def unshadowban(user_id, v):
 @app.post("/admin/verify/<user_id>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def verify(user_id, v):
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
 	user.verified = "Verified"
@@ -772,7 +791,6 @@ def verify(user_id, v):
 @app.post("/admin/unverify/<user_id>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def unverify(user_id, v):
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
 	user.verified = None
@@ -792,7 +810,6 @@ def unverify(user_id, v):
 @app.post("/admin/title_change/<user_id>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def admin_title_change(user_id, v):
 
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
@@ -826,7 +843,6 @@ def admin_title_change(user_id, v):
 @app.post("/ban_user/<user_id>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def ban_user(user_id, v):
 	
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
@@ -886,7 +902,6 @@ def ban_user(user_id, v):
 @app.post("/unban_user/<user_id>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def unban_user(user_id, v):
 
 	user = g.db.query(User).filter_by(id=user_id).one_or_none()
@@ -926,7 +941,6 @@ def unban_user(user_id, v):
 @app.post("/ban_post/<post_id>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def ban_post(post_id, v):
 
 	post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@@ -963,7 +977,6 @@ def ban_post(post_id, v):
 @app.post("/unban_post/<post_id>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def unban_post(post_id, v):
 
 	post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@@ -996,7 +1009,6 @@ def unban_post(post_id, v):
 
 @app.post("/distinguish/<post_id>")
 @admin_level_required(1)
-@validate_formkey
 def api_distinguish_post(post_id, v):
 
 	post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@@ -1022,7 +1034,6 @@ def api_distinguish_post(post_id, v):
 
 @app.post("/sticky/<post_id>")
 @admin_level_required(2)
-@validate_formkey
 def sticky_post(post_id, v):
 
 	post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@@ -1045,7 +1056,6 @@ def sticky_post(post_id, v):
 
 @app.post("/unsticky/<post_id>")
 @admin_level_required(2)
-@validate_formkey
 def unsticky_post(post_id, v):
 
 	post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
@@ -1072,7 +1082,6 @@ def unsticky_post(post_id, v):
 
 @app.post("/sticky_comment/<cid>")
 @admin_level_required(2)
-@validate_formkey
 def sticky_comment(cid, v):
 	
 	comment = get_comment(cid, v=v)
@@ -1089,7 +1098,6 @@ def sticky_comment(cid, v):
 
 @app.post("/unsticky_comment/<cid>")
 @admin_level_required(2)
-@validate_formkey
 def unsticky_comment(cid, v):
 	
 	comment = get_comment(cid, v=v)
@@ -1117,7 +1125,6 @@ def unsticky_comment(cid, v):
 @app.post("/ban_comment/<c_id>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def api_ban_comment(c_id, v):
 
 	comment = g.db.query(Comment).filter_by(id=c_id).one_or_none()
@@ -1141,7 +1148,6 @@ def api_ban_comment(c_id, v):
 @app.post("/unban_comment/<c_id>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def api_unban_comment(c_id, v):
 
 	comment = g.db.query(Comment).filter_by(id=c_id).one_or_none()
@@ -1170,7 +1176,6 @@ def api_unban_comment(c_id, v):
 
 @app.post("/distinguish_comment/<c_id>")
 @admin_level_required(1)
-@validate_formkey
 def admin_distinguish_comment(c_id, v):
 	
 	
@@ -1205,7 +1210,6 @@ def admin_banned_domains(v):
 @app.post("/admin/banned_domains")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def admin_toggle_ban_domain(v):
 
 	domain=request.values.get("domain", "").strip()
@@ -1241,7 +1245,6 @@ def admin_toggle_ban_domain(v):
 @app.post("/admin/nuke_user")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def admin_nuke_user(v):
 
 	user=get_user(request.values.get("user"))
@@ -1275,7 +1278,6 @@ def admin_nuke_user(v):
 @app.post("/admin/unnuke_user")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def admin_nunuke_user(v):
 
 	user=get_user(request.values.get("user"))

files/routes/awards.py

@@ -84,7 +84,6 @@ def shop(v):
 
 @app.post("/buy/<award>")
 @auth_required
-@validate_formkey
 def buy(v, award):
 	AWARDS = deepcopy(AWARDS2)
 
@@ -181,7 +180,6 @@ def buy(v, award):
 @app.post("/post/<pid>/awards")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def award_post(pid, v):
 
 	if v.shadowbanned: return render_template('errors/500.html', error=True, v=v), 500
@@ -365,7 +363,6 @@ def award_post(pid, v):
 @app.post("/comment/<cid>/awards")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def award_comment(cid, v):
 
 	if v.shadowbanned: return render_template('errors/500.html', error=True, v=v), 500
@@ -556,7 +553,6 @@ def admin_userawards_get(v):
 @app.post("/admin/awards")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def admin_userawards_post(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'

files/routes/comments.py

@@ -136,7 +136,6 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None):
 @limiter.limit("1/second")
 @limiter.limit("6/minute")
 @auth_required
-@validate_formkey
 def api_comment(v):
 	if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403
 
@@ -549,7 +548,6 @@ def api_comment(v):
 @app.post("/edit_comment/<cid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def edit_comment(cid, v):
 	if v and v.patron:
 		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@@ -739,7 +737,6 @@ def edit_comment(cid, v):
 @app.post("/delete/comment/<cid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def delete_comment(cid, v):
 
 	c = g.db.query(Comment).filter_by(id=cid).one_or_none()
@@ -761,7 +758,6 @@ def delete_comment(cid, v):
 @app.post("/undelete/comment/<cid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def undelete_comment(cid, v):
 
 	c = g.db.query(Comment).filter_by(id=cid).one_or_none()
@@ -785,7 +781,6 @@ def undelete_comment(cid, v):
 
 @app.post("/pin_comment/<cid>")
 @auth_required
-@validate_formkey
 def pin_comment(cid, v):
 	
 	comment = get_comment(cid, v=v)
@@ -806,7 +801,6 @@ def pin_comment(cid, v):
 
 @app.post("/unpin_comment/<cid>")
 @auth_required
-@validate_formkey
 def unpin_comment(cid, v):
 	
 	comment = get_comment(cid, v=v)
@@ -828,7 +822,6 @@ def unpin_comment(cid, v):
 @app.post("/save_comment/<cid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def save_comment(cid, v):
 
 	comment=get_comment(cid)
@@ -847,7 +840,6 @@ def save_comment(cid, v):
 @app.post("/unsave_comment/<cid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def unsave_comment(cid, v):
 
 	comment=get_comment(cid)

files/routes/errors.py

@@ -1,5 +1,3 @@
-import jinja2.exceptions
-
 from files.helpers.wrappers import *
 from flask import *
 from urllib.parse import quote, urlencode
@@ -8,10 +6,9 @@ from files.__main__ import app, limiter
 
 
 @app.errorhandler(400)
-@auth_desired
+def error_400(e):
-def error_400(e, v):
 	if request.headers.get("Authorization"): return {"error": "400 Bad Request"}, 400
-	else: return render_template('errors/400.html', error=True, v=v), 400
+	else: return render_template('errors/400.html', error=True), 400
 
 @app.errorhandler(401)
 def error_401(e):
@@ -26,40 +23,35 @@ def error_401(e):
 
 
 @app.errorhandler(403)
-@auth_desired
+def error_403(e):
-def error_403(e, v):
 	if request.headers.get("Authorization"): return {"error": "403 Forbidden"}, 403
-	else: return render_template('errors/403.html', error=True, v=v), 403
+	else: return render_template('errors/403.html', error=True), 403
 
 
 @app.errorhandler(404)
-@auth_desired
+def error_404(e):
-def error_404(e, v):
 	if request.headers.get("Authorization"): return {"error": "404 Not Found"}, 404
-	else: return render_template('errors/404.html', error=True, v=v), 404
+	else: return render_template('errors/404.html', error=True), 404
 
 
 @app.errorhandler(405)
-@auth_desired
+def error_405(e):
-def error_405(e, v):
 	if request.headers.get("Authorization"): return {"error": "405 Method Not Allowed"}, 405
-	else: return render_template('errors/405.html', error=True, v=v), 405
+	else: return render_template('errors/405.html', error=True), 405
 
 
 @app.errorhandler(429)
-@auth_desired
+def error_429(e):
-def error_429(e, v):
 	if request.headers.get("Authorization"): return {"error": "429 Too Many Requests"}, 429
-	else: return render_template('errors/429.html', error=True, v=v), 429
+	else: return render_template('errors/429.html', error=True), 429
 
 
 @app.errorhandler(500)
-@auth_desired
+def error_500(e):
-def error_500(e, v):
 	g.db.rollback()
 
 	if request.headers.get("Authorization"): return {"error": "500 Internal Server Error"}, 500
-	else: return render_template('errors/500.html', error=True, v=v), 500
+	else: return render_template('errors/500.html', error=True), 500
 
 
 @app.post("/allow_nsfw")
@@ -69,11 +61,7 @@ def allow_nsfw():
 
 
 @app.get("/error/<error>")
-@auth_desired
+def error_all_preview(error):
-def error_all_preview(error, v):
-
-	try:
-		return render_template(f"errors/{error}.html", error=True, v=v)
-	except jinja2.exceptions.TemplateNotFound:
-		abort(400)
 
+	try: return render_template(f"errors/{error}.html", error=True)
+	except: abort(400)

files/routes/front.py

@@ -12,7 +12,6 @@ def slash_post():
 
 @app.post("/clear")
 @auth_required
-@validate_formkey
 def clear(v):
 	for n in v.notifications.filter_by(read=False).all():
 		n.read = True

files/routes/login.py

@@ -158,7 +158,6 @@ def me(v):
 @app.post("/logout")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def logout(v):
 
 	session.pop("session_id", None)
@@ -170,7 +169,7 @@ def logout(v):
 @app.get("/signup")
 @auth_desired
 def sign_up_get(v):
-	with open('disablesignups', 'r') as f:
+	with open('disable_signups', 'r') as f:
 		if f.read() == "yes": return {"error": "New account registration is currently closed. Please come back later."}, 403
 
 	if v: return redirect("/")
@@ -215,7 +214,7 @@ def sign_up_get(v):
 @limiter.limit("5/day")
 @auth_desired
 def sign_up_post(v):
-	with open('disablesignups', 'r') as f:
+	with open('disable_signups', 'r') as f:
 		if f.read() == "yes": return {"error": "New account registration is currently closed. Please come back later."}, 403
 
 	if v: abort(403)

files/routes/oauth.py

@@ -21,7 +21,6 @@ def authorize_prompt(v):
 @app.post("/authorize")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def authorize(v):
 
 	client_id = request.values.get("client_id")
@@ -40,7 +39,6 @@ def authorize(v):
 @app.post("/api_keys")
 @limiter.limit("1/second")
 @is_not_permabanned
-@validate_formkey
 def request_api_keys(v):
 
 	new_app = OauthApp(
@@ -62,7 +60,6 @@ def request_api_keys(v):
 @app.post("/delete_app/<aid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def delete_oauth_app(v, aid):
 
 	aid = int(aid)
@@ -83,7 +80,6 @@ def delete_oauth_app(v, aid):
 @app.post("/edit_app/<aid>")
 @limiter.limit("1/second")
 @is_not_permabanned
-@validate_formkey
 def edit_oauth_app(v, aid):
 
 	aid = int(aid)
@@ -105,7 +101,6 @@ def edit_oauth_app(v, aid):
 @app.post("/admin/app/approve/<aid>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def admin_app_approve(v, aid):
 
 	app = g.db.query(OauthApp).filter_by(id=aid).one_or_none()
@@ -140,7 +135,6 @@ def admin_app_approve(v, aid):
 @app.post("/admin/app/revoke/<aid>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def admin_app_revoke(v, aid):
 
 	app = g.db.query(OauthApp).filter_by(id=aid).one_or_none()
@@ -166,7 +160,6 @@ def admin_app_revoke(v, aid):
 @app.post("/admin/app/reject/<aid>")
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def admin_app_reject(v, aid):
 
 	app = g.db.query(OauthApp).filter_by(id=aid).one_or_none()
@@ -262,7 +255,6 @@ def admin_apps_list(v):
 @app.post("/oauth/reroll/<aid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def reroll_oauth_tokens(aid, v):
 
 	aid = aid

files/routes/posts.py

@@ -49,7 +49,6 @@ def toggle_club(pid, v):
 @app.post("/publish/<pid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def publish(pid, v):
 	post = get_post(pid)
 	if not post.author_id == v.id: abort(403)
@@ -393,7 +392,6 @@ def morecomments(v, cid):
 @app.post("/edit_post/<pid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def edit_post(pid, v):
 	if v and v.patron:
 		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@@ -683,7 +681,6 @@ def thumbnail_thread(pid):
 @limiter.limit("1/second")
 @limiter.limit("6/minute")
 @auth_required
-@validate_formkey
 def submit_post(v):
 	if v.is_suspended: return {"error": "You can't perform this action while banned."}, 403
 	
@@ -1144,7 +1141,6 @@ def submit_post(v):
 @app.post("/delete_post/<pid>")
 @limiter.limit("2/second")
 @auth_required
-@validate_formkey
 def delete_post_pid(pid, v):
 
 	post = get_post(pid)
@@ -1166,7 +1162,6 @@ def delete_post_pid(pid, v):
 @app.post("/undelete_post/<pid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def undelete_post_pid(pid, v):
 	post = get_post(pid)
 	if not post.author_id == v.id: abort(403)
@@ -1182,7 +1177,6 @@ def undelete_post_pid(pid, v):
 
 @app.post("/toggle_comment_nsfw/<cid>")
 @auth_required
-@validate_formkey
 def toggle_comment_nsfw(cid, v):
 
 	comment = g.db.query(Comment).filter_by(id=cid).one_or_none()
@@ -1197,7 +1191,6 @@ def toggle_comment_nsfw(cid, v):
 	
 @app.post("/toggle_post_nsfw/<pid>")
 @auth_required
-@validate_formkey
 def toggle_post_nsfw(pid, v):
 
 	post = get_post(pid)
@@ -1224,7 +1217,6 @@ def toggle_post_nsfw(pid, v):
 @app.post("/save_post/<pid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def save_post(pid, v):
 
 	post=get_post(pid)
@@ -1241,7 +1233,6 @@ def save_post(pid, v):
 @app.post("/unsave_post/<pid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def unsave_post(pid, v):
 
 	post=get_post(pid)

files/routes/reporting.py

@@ -8,7 +8,6 @@ from files.helpers.sanitize import filter_emojis_only
 @app.post("/report/post/<pid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def api_flag_post(pid, v):
 
 	post = get_post(pid)
@@ -39,7 +38,6 @@ def api_flag_post(pid, v):
 @app.post("/report/comment/<cid>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def api_flag_comment(cid, v):
 
 	comment = get_comment(cid)
@@ -64,7 +62,6 @@ def api_flag_comment(cid, v):
 @app.post('/del_report/<report_fn>')
 @limiter.limit("1/second")
 @admin_level_required(2)
-@validate_formkey
 def remove_report(report_fn, v):
 
 	if report_fn.startswith('c'):

files/routes/settings.py

@@ -37,7 +37,6 @@ tiers={
 @app.post("/settings/removebackground")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def removebackground(v):
 	v.background = None
 	g.db.add(v)
@@ -47,7 +46,6 @@ def removebackground(v):
 @app.post("/settings/profile")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_profile_post(v):
 	if v and v.patron:
 		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@@ -431,7 +429,6 @@ def settings_profile_post(v):
 
 @app.post("/settings/filters")
 @auth_required
-@validate_formkey
 def filters(v):
 	filters=request.values.get("filters")[:1000].strip()
 
@@ -449,7 +446,6 @@ def filters(v):
 
 @app.post("/changelogsub")
 @auth_required
-@validate_formkey
 def changelogsub(v):
 	v.changelogsub = not v.changelogsub
 	g.db.add(v)
@@ -463,7 +459,6 @@ def changelogsub(v):
 @app.post("/settings/namecolor")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def namecolor(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
@@ -479,7 +474,6 @@ def namecolor(v):
 @app.post("/settings/themecolor")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def themecolor(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
@@ -495,7 +489,6 @@ def themecolor(v):
 @app.post("/settings/gumroad")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def gumroad(v):
 	if SITE_NAME == 'Drama': patron = 'Paypig'
 	else: patron = 'Patron'
@@ -548,7 +541,6 @@ def gumroad(v):
 @app.post("/settings/titlecolor")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def titlecolor(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
@@ -564,7 +556,6 @@ def titlecolor(v):
 @app.post("/settings/verifiedcolor")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def verifiedcolor(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'
@@ -580,7 +571,6 @@ def verifiedcolor(v):
 @app.post("/settings/security")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_security_post(v):
 	if request.values.get("new_password"):
 		if request.values.get("new_password") != request.values.get("cnf_password"):
@@ -664,7 +654,6 @@ def settings_security_post(v):
 @app.post("/settings/log_out_all_others")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_log_out_others(v):
 
 	submitted_password = request.values.get("password", "").strip()
@@ -690,7 +679,6 @@ def settings_log_out_others(v):
 @app.post("/settings/images/profile")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_images_profile(v):
 	if v and v.patron:
 		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@@ -728,7 +716,6 @@ def settings_images_profile(v):
 @app.post("/settings/images/banner")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_images_banner(v):
 	if v and v.patron:
 		if request.content_length > 8 * 1024 * 1024: return {"error":"Max file size is 8 MB."}, 413
@@ -756,7 +743,6 @@ def settings_images_banner(v):
 @app.post("/settings/delete/profile")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_delete_profile(v):
 
 	if v.profileurl or v.highres:
@@ -772,7 +758,6 @@ def settings_delete_profile(v):
 @app.post("/settings/delete/banner")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_delete_banner(v):
 
 	if v.bannerurl:
@@ -804,7 +789,6 @@ def settings_css_get(v):
 @app.post("/settings/css")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_css(v):
 	if v.agendaposter: return {"error": "Agendapostered users can't edit css!"}
 
@@ -829,7 +813,6 @@ def settings_profilecss_get(v):
 @app.post("/settings/profilecss")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_profilecss(v):
 	if v.truecoins < 1000 and not v.patron: return f"You must have +1000 {COINS_NAME} or be a paypig to set profile css."
 	profilecss = request.values.get("profilecss").strip().replace('\\', '').strip()[:4000]
@@ -844,7 +827,6 @@ def settings_profilecss(v):
 @app.post("/settings/block")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_block_user(v):
 
 	user = get_user(request.values.get("username"), graceful=True)
@@ -879,7 +861,6 @@ def settings_block_user(v):
 @app.post("/settings/unblock")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_unblock_user(v):
 
 	user = get_user(request.values.get("username"))
@@ -911,7 +892,6 @@ def settings_apps(v):
 @app.post("/settings/remove_discord")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_remove_discord(v):
 
 	remove_user(v)
@@ -934,7 +914,6 @@ def settings_content_get(v):
 @app.post("/settings/name_change")
 @limiter.limit("1/second")
 @is_not_permabanned
-@validate_formkey
 def settings_name_change(v):
 
 	new_name=request.values.get("name").strip()
@@ -985,7 +964,6 @@ def settings_name_change(v):
 @app.post("/settings/song_change")
 @limiter.limit("5/day;1/second")
 @auth_required
-@validate_formkey
 def settings_song_change(v):
 	song=request.values.get("song").strip()
 
@@ -1074,7 +1052,6 @@ def settings_song_change(v):
 @app.post("/settings/title_change")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def settings_title_change(v):
 	if not v or v.oldsite: template = ''
 	else: template = 'CHRISTMAS/'

files/routes/static.py

@@ -269,7 +269,6 @@ def contact(v):
 @app.post("/send_admin")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def submit_contact(v):
 	message = f'This message has been sent automatically to all admins via [/contact](/contact), user email is "{v.email}"\n\nMessage:\n\n' + request.values.get("message", "")
 	send_admin(v.id, message)

files/routes/users.py

@@ -124,7 +124,6 @@ def downvoting(v, username):
 @app.post("/pay_rent")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def pay_rent(v):
 	if v.coins < 500: return {"error":"You must have more than 500 coins."}
 	v.coins -= 500
@@ -141,7 +140,6 @@ def pay_rent(v):
 @app.post("/steal")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def steal(v):
 	if int(time.time()) - v.created_utc < 604800:
 		return {"error":"You must have an account older than 1 week in order to attempt stealing."}
@@ -200,7 +198,6 @@ def thiefs(v):
 @app.post("/@<username>/suicide")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def suicide(v, username):
 	t = int(time.time())
 	if v.admin_level == 0 and t - v.suicide_utc < 86400: return {"message": "You're on 1-day cooldown!"}
@@ -223,7 +220,6 @@ def get_coins(v, username):
 @app.post("/@<username>/transfer_coins")
 @limiter.limit("1/second")
 @is_not_permabanned
-@validate_formkey
 def transfer_coins(v, username):
 	receiver = g.db.query(User).filter_by(username=username).one_or_none()
 
@@ -261,7 +257,6 @@ def transfer_coins(v, username):
 @app.post("/@<username>/transfer_bux")
 @limiter.limit("1/second")
 @is_not_permabanned
-@validate_formkey
 def transfer_bux(v, username):
 	receiver = g.db.query(User).filter_by(username=username).one_or_none()
 
@@ -367,7 +362,6 @@ def song(song):
 @app.post("/subscribe/<post_id>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def subscribe(v, post_id):
 	new_sub = Subscription(user_id=v.id, submission_id=post_id)
 	g.db.add(new_sub)
@@ -377,7 +371,6 @@ def subscribe(v, post_id):
 @app.post("/unsubscribe/<post_id>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def unsubscribe(v, post_id):
 	sub=g.db.query(Subscription).filter_by(user_id=v.id, submission_id=post_id).one_or_none()
 	if sub:
@@ -394,7 +387,6 @@ def reportbugs(v):
 @limiter.limit("1/second")
 @limiter.limit("10/hour")
 @is_not_permabanned
-@validate_formkey
 def message2(v, username):
 
 	user = get_user(username, v=v)
@@ -464,7 +456,6 @@ def message2(v, username):
 @limiter.limit("1/second")
 @limiter.limit("6/minute")
 @auth_required
-@validate_formkey
 def messagereply(v):
 
 	message = request.values.get("body", "").strip()[:1000].strip()
@@ -832,7 +823,6 @@ def u_username_info(username, v=None):
 @app.post("/follow/<username>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def follow_user(username, v):
 
 	target = get_user(username)
@@ -857,7 +847,6 @@ def follow_user(username, v):
 @app.post("/unfollow/<username>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def unfollow_user(username, v):
 
 	target = get_user(username)
@@ -882,7 +871,6 @@ def unfollow_user(username, v):
 @app.post("/remove_follow/<username>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def remove_follow(username, v):
 	target = get_user(username)
 
@@ -977,7 +965,6 @@ def saved_comments(v, username):
 
 @app.post("/fp/<fp>")
 @auth_required
-@validate_formkey
 def fp(v, fp):
 	if v.username != fp:
 		v.fp = fp

files/routes/votes.py

@@ -73,7 +73,6 @@ def admin_vote_info_get(v):
 @app.post("/vote/post/<post_id>/<new>")
 @limiter.limit("5/second;60/minute;600/hour")
 @auth_required
-@validate_formkey
 def api_vote_post(post_id, new, v):
 
 	if new == "-1" and environ.get('DISABLE_DOWNVOTES') == '1': return {"error": "forbidden."}, 403
@@ -132,7 +131,6 @@ def api_vote_post(post_id, new, v):
 @app.post("/vote/comment/<comment_id>/<new>")
 @limiter.limit("5/second;60/minute;600/hour")
 @auth_required
-@validate_formkey
 def api_vote_comment(comment_id, new, v):
 
 	if new == "-1" and environ.get('DISABLE_DOWNVOTES') == '1': return {"error": "forbidden."}, 403
@@ -199,7 +197,6 @@ def api_vote_comment(comment_id, new, v):
 
 @app.post("/vote/poll/<comment_id>")
 @auth_required
-@validate_formkey
 def api_vote_poll(comment_id, v):
 	
 	vote = request.values.get("vote")
@@ -235,7 +232,6 @@ def api_vote_poll(comment_id, v):
 @app.post("/bet/<comment_id>")
 @limiter.limit("1/second")
 @auth_required
-@validate_formkey
 def bet(comment_id, v):
 	
 	if v.coins < 200: return {"error": "You don't have 200 coins!"}

files/templates/admin/admin_home.html

@@ -58,9 +58,14 @@
 
 {% if v.admin_level > 2 %}
 	<div class="custom-control custom-switch">
-		<input autocomplete="off" type="checkbox" class="custom-control-input" id="disablesignups" name="disablesignups" {% if x == "yes" %}checked{% endif %} onchange="post_toast('/admin/disablesignups');">
+		<input autocomplete="off" type="checkbox" class="custom-control-input" id="disable_signups" name="disable_signups" {% if x == "yes" %}checked{% endif %} onchange="post_toast('/admin/disable_signups');">
-		<label class="custom-control-label" for="disablesignups">Disable signups</label>
+		<label class="custom-control-label" for="disable_signups">Disable signups</label>
 	</div>
 {% endif %}
 
+<div class="custom-control custom-switch">
+	<input autocomplete="off" type="checkbox" class="custom-control-input" id="under_attack" name="under_attack" {% if x2 == "yes" %}checked{% endif %} onchange="post_toast('/admin/under_attack');">
+	<label class="custom-control-label" for="under_attack">Under attack mode</label>
+</div>
+
 {% endblock %}

files/templates/authforms.html

@@ -15,7 +15,7 @@
 
 		{% if v %}
 			<style>:root{--primary:#{{v.themecolor}}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 			{% if v.agendaposter %}
 				<style>
 					html {
@@ -39,7 +39,7 @@
 			{% endif %}
 		{% else %}
 			<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 		{% endif %}
 
 </head>

files/templates/default.html

@@ -7,7 +7,7 @@
 	<script src="/static/assets/js/bootstrap.js?a=3"></script>
 	{% if v %}
 		<style>:root{--primary:#{{v.themecolor}}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68">
 		<link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 		{% if v.agendaposter %}
 			<style>
@@ -32,7 +32,7 @@
 		{% endif %}
 	{% else %}
 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 	{% endif %}
 
 	<meta charset="utf-8">

files/templates/log.html

@@ -6,7 +6,7 @@
 {% block content %}
 {% if v %}
 	<style>:root{--primary:#{{v.themecolor}}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 	{% if v.agendaposter %}
 		<style>
 			html {
@@ -30,7 +30,7 @@
 	{% endif %}
 {% else %}
 	<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 {% endif %}
 
 <div class="row justify-content-around">

files/templates/login.html

@@ -18,7 +18,7 @@
 	{% endblock %}
 	
 	<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=67">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=68">
 	<link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 
 </head>

files/templates/login_2fa.html

@@ -14,7 +14,7 @@
 		<title>2-Step Login - {{'SITE_NAME' | app_config}}</title>
 
 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 
 </head>
 

files/templates/settings.html

@@ -34,7 +34,7 @@
 
 
 	<style>:root{--primary:#{{v.themecolor}}}</style>
-	<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
+	<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 	{% if v.agendaposter %}
 		<style>
 			html {

files/templates/settings2.html

@@ -39,10 +39,10 @@
 	
 	{% if v %}
 		<style>:root{--primary:#{{v.themecolor}}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 	{% else %}
 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 	{% endif %}
 </head>
 

files/templates/sign_up.html

@@ -31,7 +31,7 @@
 		<title>{% if ref_user %}{{ref_user.username}} invites you to {{'SITE_NAME' | app_config}}{% else %}Sign up - {{'SITE_NAME' | app_config}}{% endif %}</title>
 
 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 
 </head>
 

files/templates/sign_up_failed_ref.html

@@ -32,7 +32,7 @@
 		<title>{% if ref_user %}{{ref_user.username}} invites you to {{'SITE_NAME' | app_config}}{% else %}{{'SITE_NAME' | app_config}}{% endif %}</title>
 
 		<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-		<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
+		<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 
 </head>
 

files/templates/submit.html

@@ -26,7 +26,7 @@
 		{% block stylesheets %}
 		{% if v %}
 			<style>:root{--primary:#{{v.themecolor}}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=67"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=68"><link rel="stylesheet" href="/static/assets/css/{{v.theme}}.css?a=11">
 			{% if v.agendaposter %}
 				<style>
 					html {
@@ -50,7 +50,7 @@
 			{% endif %}
 		{% else %}
 			<style>:root{--primary:#{{'DEFAULT_COLOR' | app_config}}</style>
-			<link rel="stylesheet" href="/static/assets/css/main.css?a=67">
+			<link rel="stylesheet" href="/static/assets/css/main.css?a=68">
 			<link rel="stylesheet" href="/static/assets/css/{{'DEFAULT_THEME' | app_config}}.css?a=3">
 		{% endif %}
 		{% endblock %}