Ported in from upstream with adjustments for TheMotte, most notably
universal default to 'new' and fixes to 'hot'. Lumped into this PR
because eager comment loading uses it.
Ported in logic from upstream to use SQLAlchemy eager loading instead
of repeated queries when building a submission_listing. Adjusted
loaded relationships to include only those used on TheMotte.
Using test data from seed_db, before and after:
GET /
|----------|--------|--------|--------|--------|--------|------------|
| Database | SELECT | INSERT | UPDATE | DELETE | Totals | Duplicates |
|----------|--------|--------|--------|--------|--------|------------|
| default | 83 | 0 | 0 | 0 | 83 | 72 |
|----------|--------|--------|--------|--------|--------|------------|
Total queries: 83 in 0.031s
GET /
|----------|--------|--------|--------|--------|--------|------------|
| Database | SELECT | INSERT | UPDATE | DELETE | Totals | Duplicates |
|----------|--------|--------|--------|--------|--------|------------|
| default | 14 | 0 | 0 | 0 | 14 | 0 |
|----------|--------|--------|--------|--------|--------|------------|
Total queries: 14 in 0.00718s
Generally standardizes the get_* helpers:
- Adds type hinting.
- Deduplicates block property addition.
- Respects `graceful` in more contexts.
- More resilient to invalid user input / less boilerplate necessary
at call-sites.
The ADMINISTRATORS list contained hardcoded post IDs (in the 30000s)
intended to be used for uploading graphical assets onto a production
instance of the site. This functionality is not needed here, and the
special logic to bypass awards when commenting on those posts was
largely removed in 9d4195a89f.
Removes the following awards / fields on User:
- flairlock
- progressivestack
- bird
- longpost (pizzashill)
- marseyawarded
- rehab
- deflector
- mute
- unmutable
- eye (All-Seeing Eye)
- alt (Alt-Seeing Eye)
Primarily motivated by starting to remove some un-Mottelike cruft
from core commenting/posting routes. Cleared out other inapplicable
awards while in the process.
Borrows code from the upstream which has been working in production
reliably for ~months. Also, most of it was literally copy-pasted,
and the casted ID values aren't used later in the route functions.
PR #374 removed `@auth_required` from a number of routes and changed
those which used their `v` parameters to `v=None` and removed the `v`
parameter from those which didn't internally use it. 1841134b47
PR #392 re-added `@auth_desired` to those routes to ensure the
templates rendered with awareness of the current logged-in user
(matters for search, header bar, etc). 9f042c1aeb
However, 500 errors occurred on /random_post, /random_user, /id/<uid>,
and /u/<username>. Those were the four which had their `v` parameter
removed entirely. This has been re-added, which fixes the bug.
The way to understand auth_required vs auth_desired is that they are
nearly identical, with the sole difference than auth_required
checks if v is None and aborts with 401 if so. This means that
auth_desired routes must handle the v=None case. They are the same in
that they always try to give a `v` kwarg to the decorated function,
which was the root cause of those four routes erroring.
Recommended style: the vast majority of routes which return a rendered
template should be auth_desired, because the top-level templates often
draw extensively from `v` state even when the route handler does not.
When a route is either auth_desired or auth_required, it should have a
`v` parameter, which we typically give as the first positional
parameter.
This commit adds the @auth_desired decorator to
routes that previous had the @auth_required decorator,
but had it removed in #374. This should cause
the user to remain logged in on these routes.
Fixes#321. Due to the extremely large quantity of comments on a
typical Motte post, 'hot' sorting logic underflowed an intermediate
value. Roughly:
|(-1 000 000) * (103 [votes] + 1 + 2723 [comments] / 1)| > 2^31
We resolve this by reducing the coefficient from 1e6 to 1e5, which
reduces precision of intermediate calculations somewhat, and by
dividing #comments by 10 rather than 1, which better matches Motte
user behavior regardless: Users comment much more often than vote.
This buys us two orders of magnitude more headroom before out-of-
bounds. Shouldn't be an issue until the CW thread reaches ~200k
comments.
Moves behavior in api_comment that updates stateful counters and
generates notifications into a function which can also be called
if a filtered comment is approved. Fixes#272.
Incidentally, also fixes#278 by adding another filter to the post
subscribers query during general clean-up/refactoring.
Originally was going to move this function into the Comments model,
since assurances about state (even with side effects) should probably
be made there, but I couldn't find a sane way to untangle the imports.
Resolves root problem of non-admin users seeing comments they shouldn't
by JOINing on the appropriate fields and including them in the WHERE
clause of the query.
In the process, was also able to remove some unperformant queries
that used (potentially extremely long) lists passed to WHERE clauses in
lieu of proper JOINs.
The Slur Replacer feature from rDrama has already been removed, but
the toggle for it in settings remained. A user in Discord pointed out
it was confusing and potentially disconcerting to have a default-on
toggle to 'enable slurs'.
Explicitly exempts admin action routes from rate limiting because
the limits were being hit during normal user behavior.
While verbose, alternatives like grouping admin routes into e.g. a
Flask blueprint to modify their behavior as a collective would have
been a larger refactor than seemed wise at the moment.
Also, some routes that were limited at 1/second were originally set
as such as a makeshift debounce for people double-clicking buttons.
This was discussed and deemed an acceptable risk compared to making
the mod queue more frustrating to go through.
The last places coins were visible to non-admins were in user popovers
and, potentially, via direct access of /@<username>/coins. These have
been removed.
Additionally, there are a number of routes which, despite being removed
from the UI, were still operative and usable. These are disabled
pending possible(?) future uses of coins.
