skorotkiewicz/rDrama
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Move post/comment ID boilerplate inside getters.

Browse source 
Borrows code from the upstream which has been working in production
reliably for ~months. Also, most of it was literally copy-pasted,
and the casted ID values aren't used later in the route functions.
This commit is contained in:
TLSM 2022-11-05 18:40:30 -04:00 committed by Ben Rog-Wilhelm
parent 1018cf3412
commit c85cd469a1
6 changed files with 10 additions and 36 deletions
Download patch file Download diff file Expand all files Collapse all files

8
files/helpers/get.py
View file

@ -113,6 +113,10 @@ def get_account(id, v=None):
def get_post(i, v=None, graceful=False): def get_post(i, v=None, graceful=False):
try: i = int(i)
except:
if graceful: return None
else: abort(404)
if v: if v:
vt = g.db.query(Vote).filter_by( vt = g.db.query(Vote).filter_by(
@ -201,6 +205,10 @@ def get_posts(pids, v=None):
return sorted(output, key=lambda x: pids.index(x.id)) return sorted(output, key=lambda x: pids.index(x.id))
def get_comment(i, v=None, graceful=False): def get_comment(i, v=None, graceful=False):
try: i = int(i)
except:
if graceful: return None
abort(404)
if v: if v:

4
files/helpers/jinja2.py
View file

@ -7,10 +7,6 @@ from files.helpers.assetcache import assetcache_path
@app.template_filter("post_embed") @app.template_filter("post_embed")
def post_embed(id, v): def post_embed(id, v):
try: id = int(id)
except: return None
p = get_post(id, v, graceful=True) p = get_post(id, v, graceful=True)
if p: return render_template("submission_listing.html", listing=[p], v=v) if p: return render_template("submission_listing.html", listing=[p], v=v)

7
files/routes/comments.py
View file

@ -52,10 +52,6 @@ def pusher_thread(interests, c, username):
# @app.get("/h/<sub>/post/<pid>/<anything>/<cid>") # @app.get("/h/<sub>/post/<pid>/<anything>/<cid>")
@auth_desired @auth_desired
def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None): def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
try: cid = int(cid)
except: abort(404)
comment = get_comment(cid, v=v) comment = get_comment(cid, v=v)
if v and request.values.get("read"): if v and request.values.get("read"):
@ -75,9 +71,6 @@ def post_pid_comment_cid(cid, pid=None, anything=None, v=None, sub=None):
if comment.parent_submission: pid = comment.parent_submission if comment.parent_submission: pid = comment.parent_submission
else: pid = 1 else: pid = 1
try: pid = int(pid)
except: abort(404)
post = get_post(pid, v=v) post = get_post(pid, v=v)
if post.over_18 and not (v and v.over_18) and not session.get('over_18', 0) >= int(time.time()): if post.over_18 and not (v and v.over_18) and not session.get('over_18', 0) >= int(time.time()):

10
files/routes/posts.py
View file

@ -129,14 +129,6 @@ def submit_get(v, sub=None):
# @app.get("/h/<sub>/post/<pid>/<anything>") # @app.get("/h/<sub>/post/<pid>/<anything>")
@auth_desired @auth_desired
def post_id(pid, anything=None, v=None, sub=None): def post_id(pid, anything=None, v=None, sub=None):
try: pid = int(pid)
except Exception as e: pass
try: pid = int(pid)
except: abort(404)
post = get_post(pid, v=v) post = get_post(pid, v=v)
if post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()): if post.over_18 and not (v and v.over_18) and session.get('over_18', 0) < int(time.time()):
@ -276,8 +268,6 @@ def post_id(pid, anything=None, v=None, sub=None):
@limiter.limit("1/second;30/minute;200/hour;1000/day") @limiter.limit("1/second;30/minute;200/hour;1000/day")
@auth_desired @auth_desired
def viewmore(v, pid, sort, offset): def viewmore(v, pid, sort, offset):
try: pid = int(pid)
except: abort(400)
post = get_post(pid, v=v) post = get_post(pid, v=v)
if post.club and not (v and (v.paid_dues or v.id == post.author_id)): abort(403) if post.club and not (v and (v.paid_dues or v.id == post.author_id)): abort(403)

9
files/routes/subs.py
View file

@ -9,9 +9,6 @@ from .front import frontlist
@app.post("/exile/post/<pid>") @app.post("/exile/post/<pid>")
@is_not_permabanned @is_not_permabanned
def exile_post(v, pid): def exile_post(v, pid):
try: pid = int(pid)
except: abort(400)
p = get_post(pid) p = get_post(pid)
sub = p.sub sub = p.sub
if not sub: abort(400) if not sub: abort(400)
@ -37,9 +34,6 @@ def exile_post(v, pid):
@app.post("/exile/comment/<cid>") @app.post("/exile/comment/<cid>")
@is_not_permabanned @is_not_permabanned
def exile_comment(v, cid): def exile_comment(v, cid):
try: cid = int(cid)
except: abort(400)
c = get_comment(cid) c = get_comment(cid)
sub = c.post.sub sub = c.post.sub
if not sub: abort(400) if not sub: abort(400)
@ -268,9 +262,6 @@ def create_sub2(v):
@app.post("/kick/<pid>") @app.post("/kick/<pid>")
@is_not_permabanned @is_not_permabanned
def kick(v, pid): def kick(v, pid):
try: pid = int(pid)
except: abort(400)
post = get_post(pid) post = get_post(pid)
if not post.sub: abort(403) if not post.sub: abort(403)

4
files/routes/votes.py
View file

@ -65,8 +65,6 @@ def api_vote_post(post_id, new, v):
new = int(new) new = int(new)
# get the post # get the post
try: post_id = int(post_id)
except: abort(404)
post = get_post(post_id) post = get_post(post_id)
# get the old vote, if we have one # get the old vote, if we have one
@ -135,8 +133,6 @@ def api_vote_comment(comment_id, new, v):
new = int(new) new = int(new)
# get the comment # get the comment
try: comment_id = int(comment_id)
except: abort(404)
comment = get_comment(comment_id) comment = get_comment(comment_id)
# get the old vote, if we have one # get the old vote, if we have one