sffsd

2021-12-17 05:25:05 +02:00 · 2021-12-17 05:25:05 +02:00 · 525f121e24
commit 525f121e24
parent 64a851a77e
16 changed files with 55 additions and 86 deletions
--- a/files/classes/comment.py
+++ b/files/classes/comment.py
@ -26,7 +26,6 @@ class Comment(Base):
 	created_utc = Column(Integer, default=0)
 	edited_utc = Column(Integer, default=0)
 	is_banned = Column(Boolean, default=False)
 	removed_by = Column(Integer)
 	bannedfor = Column(Boolean)
 	distinguish_level = Column(Integer, default=0)
 	deleted_utc = Column(Integer, default=0)
--- a/files/classes/submission.py
+++ b/files/classes/submission.py
@ -27,7 +27,6 @@ class Submission(Base):
 	created_utc = Column(BigInteger, default=0)
 	thumburl = Column(String)
 	is_banned = Column(Boolean, default=False)
 	removed_by = Column(Integer)
 	bannedfor = Column(Boolean)
 	views = Column(Integer, default=0)
 	deleted_utc = Column(Integer, default=0)
--- a/files/helpers/jinja2.py
+++ b/files/helpers/jinja2.py
@ -22,14 +22,6 @@ def post_embed(id, v):
 	return render_template("submission_listing.html", listing=[p], v=v)
@app.template_filter("favorite_emojis")
 def favorite_emojis(x):
 	str = ""
 	emojis = sorted(x.items(), key=lambda x: x[1], reverse=True)[:25]
 	for k, v in emojis:
 		str += f'<button class="m-1 p-[3px] bg-transparent hover:bg-gray-300 w-16 h-16 overflow-hidden" onclick="getEmoji(\'{k}\')" data-bs-toggle="tooltip" title=":{k}:" delay:="0"><img loading="lazy" width=50 src="/assets/images/emojis/{k}.webp" alt="{k}-emoji"></button>'
 	return str
@app.context_processor
 def inject_constants():
 	constants = [c for c in dir(const) if not c.startswith("_")]
--- a/files/helpers/markdown.py
+++ b/files/helpers/markdown.py
@ -74,11 +74,6 @@ class CustomRenderer(HTMLRenderer):
 		user = get_user(target, graceful=True)
 		try:
 			if g.v.admin_level == 0 and g.v.any_block_exists(user):
 				return f"{space}@{target}"
 		except BaseException: pass
 		if not user: return f"{space}@{target}"
 		return f'''{space}<a href="{user.url}"><img alt="@{user.username}'s profile picture" loading="lazy" src="/uid/{user.id}/pic" class="pp20">@{user.username}</a>'''
@ -113,13 +108,6 @@ class Renderer(HTMLRenderer):
 		user = get_user(target, graceful=True)
 		try:
 			if g.v.admin_level == 0 and g.v.any_block_exists(user):
 				return f"{space}@{target}"
 		except BaseException:
 			pass
 		if not user: return f"{space}@{target}"
 		return f'{space}<a href="{user.url}">@{user.username}</a>'
--- a/files/helpers/sanitize.py
+++ b/files/helpers/sanitize.py
@ -183,7 +183,7 @@ def sanitize(sanitized, noimages=False):
 				remoji = emoji
 			if path.isfile(f'files/assets/images/emojis/{remoji}.webp'):
-				new = re.sub(f'(?<!"):{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":{emoji}: emoji" title=":{emoji}:" delay="0" {classes}src="/assets/images/emojis/{remoji}.webp" >', new, flags=re.I)
+				new = re.sub(f'(?<!"):{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":{emoji}:" title=":{emoji}:" delay="0" {classes}src="/assets/images/emojis/{remoji}.webp" >', new, flags=re.I)
 		sanitized = sanitized.replace(old, new)
@ -193,10 +193,10 @@ def sanitize(sanitized, noimages=False):
 		if emoji.startswith("!"):
 			emoji = emoji[1:]
 			if path.isfile(f'files/assets/images/emojis/{emoji}.webp'):
-				sanitized = re.sub(f'(?<!"):!{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":!{emoji}: emoji" title=":!{emoji}:" delay="0" height=30 class="emoji mirrored" src="/assets/images/emojis/{emoji}.webp">', sanitized, flags=re.I)
+				sanitized = re.sub(f'(?<!"):!{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":!{emoji}:" title=":!{emoji}:" delay="0" height=30 class="emoji mirrored" src="/assets/images/emojis/{emoji}.webp">', sanitized, flags=re.I)
 		elif path.isfile(f'files/assets/images/emojis/{emoji}.webp'):
-			sanitized = re.sub(f'(?<!"):{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":{emoji}: emoji" title=":{emoji}:" delay="0" height=30 class="emoji" src="/assets/images/emojis/{emoji}.webp">', sanitized, flags=re.I)
+			sanitized = re.sub(f'(?<!"):{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":{emoji}:" title=":{emoji}:" delay="0" height=30 class="emoji" src="/assets/images/emojis/{emoji}.webp">', sanitized, flags=re.I)
 	sanitized = sanitized.replace("https://www.", "https://").replace("https://youtu.be/", "https://youtube.com/watch?v=").replace("https://music.youtube.com/watch?v=", "https://youtube.com/watch?v=").replace("https://open.spotify.com/", "https://open.spotify.com/embed/").replace("https://streamable.com/", "https://streamable.com/e/").replace("https://youtube.com/shorts/", "https://youtube.com/watch?v=").replace("https://mobile.twitter", "https://twitter").replace("https://m.facebook", "https://facebook").replace("https://m.wikipedia", "https://wikipedia").replace("https://m.youtube", "https://youtube")
@ -240,10 +240,10 @@ def filter_emojis_only(title):
 		if emoji.startswith("!"):
 			emoji = emoji[1:]
 			if path.isfile(f'files/assets/images/emojis/{emoji}.webp'):
-				title = re.sub(f'(?<!"):!{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":!{emoji}: emoji" title=":!{emoji}:" delay="0" height=30 src="/assets/images/emojis/{emoji}.webp" class="emoji mirrored">', title, flags=re.I)
+				title = re.sub(f'(?<!"):!{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":!{emoji}:" title=":!{emoji}:" delay="0" height=30 src="/assets/images/emojis/{emoji}.webp" class="emoji mirrored">', title, flags=re.I)
 		elif path.isfile(f'files/assets/images/emojis/{emoji}.webp'):
-			title = re.sub(f'(?<!"):{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":{emoji}: emoji" title=":{emoji}:" delay="0" height=30 class="emoji" src="/assets/images/emojis/{emoji}.webp">', title, flags=re.I)
+			title = re.sub(f'(?<!"):{emoji}:', f'<img loading="lazy" data-bs-toggle="tooltip" alt=":{emoji}:" title=":{emoji}:" delay="0" height=30 class="emoji" src="/assets/images/emojis/{emoji}.webp">', title, flags=re.I)
 	if len(title) > 1500: abort(400)
 	else: return title
--- a/files/helpers/wrappers.py
+++ b/files/helpers/wrappers.py
@ -4,36 +4,26 @@ from files.helpers.const import *
 def get_logged_in_user():
 	token = request.headers.get("Authorization")
-	if request.headers.get("Authorization"):
+	if token:
-		token = request.headers.get("Authorization")
+		client = g.db.query(ClientAuth).filter(ClientAuth.access_token == token).first()
-		if not token: return None
+		if not client: return None
 		try:
 			client = g.db.query(ClientAuth).filter(ClientAuth.access_token == token).first()
 			x = (client.user, client) if client else (None, None)
 		except: x = (None, None)
 		v = client.user
 		v.client = client
 		return v
 	else:
 		uid = session.get("user_id")
 		nonce = session.get("login_nonce", 0)
-		if not uid: x= (None, None)
+		logged_in = session.get("logged_in")
 		try:
 			if g.db: v = g.db.query(User).filter_by(id=uid).first()
 			else: v = None
 		except: v = None
-		if v and (nonce < v.login_nonce):
+		if not uid or not logged_in or uid != logged_in: return None
 			x= (None, None)
 		else:
 			x=(v, None)
 		v = g.db.query(User).filter_by(id=uid).first()
 		if not v or nonce < v.login_nonce: return None
-	if x[0]: x[0].client=x[1]
+		return v
 	return x[0]
 def check_ban_evade(v):
 	if v and v.ban_evade and v.admin_level == 0 and not v.is_suspended:
@ -71,8 +61,6 @@ def auth_required(f):
 		check_ban_evade(v)
 		g.v = v
 		resp = make_response(f(*args, v=v, **kwargs))
 		return resp
@ -94,8 +82,6 @@ def is_not_banned(f):
 		if v.is_suspended: return {"error": "You can't perform this action while being banned."}, 403
 		g.v = v
 		resp = make_response(f(*args, v=v, **kwargs))
 		return resp
@ -115,8 +101,6 @@ def admin_level_required(x):
 			if v.admin_level < x: abort(403)
 			g.v = v
 			response = f(*args, v=v, **kwargs)
 			if isinstance(response, tuple): resp = make_response(response[0])
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@ -49,28 +49,35 @@ def truescore(v):
@app.post("/@<username>/revert_actions")
@limiter.limit("1/second")
-@admin_level_required(2)
+@admin_level_required(3)
@validate_formkey
 def revert_actions(v, username):
-	if 'pcm' in request.host or (SITE_NAME == 'Drama' and v.admin_level > 2) or ('rama' not in request.host and 'pcm' not in request.host):
+	user = get_user(username)
-		user = get_user(username)
+	if not user: abort(404)
-		if not user: abort(404)
+	
 	cutoff = int(time.time()) - 86400
-		items = g.db.query(Submission).filter_by(removed_by=user.id).all() + g.db.query(Comment).filter_by(removed_by=user.id).all()
+	posts = (x[0] for x in g.db.query(ModAction.target_submission_id).filter(ModAction.user_id == user.id, ModAction.created_utc > cutoff, Mod.action.kind == 'ban_post').all())
 	comments = (x[0] for x in g.db.query(ModAction.target_comment_id).filter(ModAction.user_id == user.id, ModAction.created_utc > cutoff, Mod.action.kind == 'ban_comment').all())
 	for item in posts + comments:
 		item.is_banned = False
 		g.db.add(item)
-		for item in items:
+	users = (x[0] for x in g.db.query(ModAction.target_user_id).filter(ModAction.user_id == user.id, ModAction.created_utc > cutoff, Mod.action.kind.in_['shadowban', 'ban_user']).all())
-			item.is_banned = False
+	for user in users:
-			item.removed_by = None
+		user.shadowbanned = None
-			g.db.add(item)
+		user.is_banned = 0
 		user.unban_utc = 0
 		user.ban_evade = 0
 		g.db.add(user)
 		for u in user.alts:
 			u.shadowbanned = None
 			u.is_banned = 0
 			u.unban_utc = 0
 			u.ban_evade = 0
 			g.db.add(u)
-		users = g.db.query(User).filter_by(is_banned=user.id).all()
+	g.db.commit()
 		for user in users:
 			user.is_banned = 0
 			user.unban_utc = 0
 			user.ban_evade = 0
 			g.db.add(user)
 		g.db.commit()
 	return {"message": "Admin actions reverted!"}
@app.post("/@<username>/club_allow")
@ -868,7 +875,6 @@ def ban_post(post_id, v):
 	post.is_approved = 0
 	post.stickied = None
 	post.is_pinned = False
 	post.removed_by = v.id
 	post.ban_reason = v.username
 	g.db.add(post)
@ -997,7 +1003,6 @@ def api_ban_comment(c_id, v):
 	comment.is_banned = True
 	comment.is_approved = 0
 	comment.removed_by = v.id
 	comment.ban_reason = v.username
 	g.db.add(comment)
 	ma=ModAction(
--- a/files/routes/login.py
+++ b/files/routes/login.py
@ -132,6 +132,7 @@ def login_post():
 		abort(400)
 	session["user_id"] = account.id
 	session["logged_in"] = account.id
 	session["session_id"] = token_hex(16)
 	session["login_nonce"] = account.login_nonce
 	session.permanent = True
@ -162,6 +163,7 @@ def logout(v):
 	session.pop("user_id", None)
 	session.pop("session_id", None)
 	session.pop("logged_in", None)
 	return {"message": "Logout successful!"}
@ -350,6 +352,7 @@ def sign_up_post(v):
 	if "rama" in request.host: send_notification(new_user.id, WELCOME_MSG)
 	session["user_id"] = new_user.id
 	session["logged_in"] = new_user.id
 	session["session_id"] = token_hex(16)
 	g.db.commit()
--- a/files/routes/posts.py
+++ b/files/routes/posts.py
@ -1146,8 +1146,10 @@ def submit_post(v):
 				rev = new_post.url.replace('https://old.reddit.com/', '')
 				rev = f"* [unddit.com](https://unddit.com/{rev})\n"
 			else: rev = ''
-			body += f"Snapshots:\n\n{rev}* [archive.org](https://web.archive.org/{new_post.url})\n* [archive.ph](https://archive.ph/?url={quote(new_post.url)}&run=1) (click to archive)\n\n"			
+			newposturl = new_post.url
-			gevent.spawn(archiveorg, new_post.url)
+			if newposturl.startswith('/'): newposturl = f"https://{site}{newposturl}"
 			body += f"Snapshots:\n\n{rev}* [archive.org](https://web.archive.org/{newposturl})\n* [archive.ph](https://archive.ph/?url={quote(newposturl)}&run=1) (click to archive)\n\n"			
 			gevent.spawn(archiveorg, newposturl)
 		url_regex = '<a (target=\"_blank\"  )?(rel=\"nofollow noopener noreferrer\" )?href=\"(https?://[a-z]{1,20}\.[^\"]+)\"( rel=\"nofollow noopener noreferrer\" target=\"_blank\")?>([^\"]+)</a>'
 		for url_match in re.finditer(url_regex, new_post.body_html, flags=re.M|re.I):
--- a/files/routes/settings.py
+++ b/files/routes/settings.py
@ -698,7 +698,8 @@ def settings_log_out_others(v):
 	submitted_password = request.values.get("password", "").strip()
-	if not v.verifyPass(submitted_password): return render_template("settings_security.html", v=v, error="Incorrect Password"), 401
+	if not v.verifyPass(submitted_password):
 		return render_template("settings_security.html", v=v, error="Incorrect Password"), 401
 	v.login_nonce += 1
--- a/files/routes/static.py
+++ b/files/routes/static.py
@ -289,6 +289,7 @@ def static_service(path):
 	return resp
@app.get('/images/<path:path>')
@app.get('/IMAGES/<path:path>')
@app.get('/hostedimages/<path:path>')
@limiter.exempt
 def images(path):
--- a/files/templates/CHRISTMAS/emoji_modal.html
+++ b/files/templates/CHRISTMAS/emoji_modal.html
@ -50,9 +50,6 @@
 					<div class="tab-content">
 						<div class="tab-pane fade show active" id="emoji-tab-favorite">
 							<div class="flex flex-wrap p-3" id="EMOJIS_favorite">
 								{% if session.get("favorite_emojis") %}
 									{{session.get("favorite_emojis") | favorite_emojis | safe}}
 								{% endif %}								
 							</div>
 						</div>
 						<div class="tab-pane fade" id="emoji-tab-marsey">
--- a/files/templates/CHRISTMAS/header.html
+++ b/files/templates/CHRISTMAS/header.html
@ -224,6 +224,6 @@
 	}
 </style>
-{% if v %}
+{% if v and not error %}
 	<div id="formkey" class="d-none">{{v.formkey}}</div>
 {% endif %}
--- a/files/templates/CHRISTMAS/sidebars/HomeSidebar.html
+++ b/files/templates/CHRISTMAS/sidebars/HomeSidebar.html
@ -12,7 +12,7 @@
 				</div>
 				<div class="pl-3 mt-[-1px] truncate">
 					<a href="/post/29747/" class="block font-medium text-black hover:text-red-600 truncate ellipsis">
-						rDrama presents: FISTMAS 2021 | Santa Claus is CUMMING to town for the HOLIGAYS :marseysanta: emoji
+						rDrama presents: FISTMAS 2021 | Santa Claus is CUMMING to town for the HOLIGAYS :marseysanta:
 					</a>
 					<small class="block text-gray-500">
 						posted by <a href="/@christmaspathianflorist" class="text-gray-500 hover:text-gray-600">@christmaspathianflorist</a>
--- a/files/templates/header.html
+++ b/files/templates/header.html
@ -226,6 +226,6 @@
 	}
 </style>
-{% if v %}
+{% if v and not error %}
 	<div id="formkey" class="d-none">{{v.formkey}}</div>
 {% endif %}
--- a/schema.sql
+++ b/schema.sql
@ -260,8 +260,7 @@ CREATE TABLE public.comments (
    app_id integer,
    sentto integer,
    bannedfor boolean,
-    removed_by integer,
+=    is_pinned character varying(30),
    is_pinned character varying(30),
    body character varying(10000),
    body_html character varying(40000),
    ban_reason character varying(25),
@ -574,7 +573,6 @@ CREATE TABLE public.submissions (
    is_bot boolean,
    bannedfor boolean,
    comment_count integer DEFAULT 0,
    removed_by integer,
    club boolean,
    stickied character varying(25),
    title character varying(500),