be952c2771
* prepare codebase to create scheduled tasks
there is some prep work involved with this. the scheduler would be happy
if this work was done. simply, we extract out the `created_utc`
interface from *everything* that uses it such that we don't have to
repeat ourselves a bunch. all fun stuff.
next commit is the meat of it.
* cron: basic backend work for scheduler
* avoid ipmort loop
* attempt 2 at fixing import loops
* parathensize because operator precedence
* delete file that came back for some reason.
* does NOPing the oauth apps work?
* import late and undo clients.py change
* stringify column names.
* reorder imports.
* remove task reference
* fix missing mapper object
* make coupled to repeatabletask i guess
* sanitize: fix sanitize imports
* import shadowing crap
* re-shadow shadowed variable
* fix regexes
* use the correct not operator
* readd missing commit
* scheduler: SQLA only allows concrete relations
* implement submission scheduler
* fix import loop with db_session
* get rid of import loop in submission.py and comment.py
* remove import loops by deferring import until function clal
* i give up.
* awful.
* ...
* fix another app import loop
* fix missing import in route handler
* fix import error in wrappers.py
* fix wrapper error
* call update wrapper in the admin_level_required case
* :marseyshrug:
* fix issue with wrapper
* some cleanup and some fixes
* some more cleanup
let's avoid polluting scopes where we can.
* ...
* add SCHEDULED_POSTS permission.
* move const.py into config like the other files.
* style fixes.
* lock table for concurrency improvements
* don't attempt to commit on errors
* Refactor code, create `TaskRunContext`, create python callable task type.
* use import contextlib
* testing stuff i guess.
* handle repeatable tasks properly.
* Attempt another fix at fighting the mapper
* do it right ig
* SQLA1.4 doesn't support nested polymorphism ig
* fix errenous class import
* fix mapper errors
* import app in wrappers.py
* fix import failures and stuff like that.
* embed and import fixes
* minor formatting changes.
* Add running state enum and don't attempt to check for currently running tasks.
* isort
* documentation, style, and commit after each task.
* Add completion time and more docs, rename, etc
* document `CRON_SLEEP_SECONDS` better.
* add note about making LiteralString
* filter out tasks that have been run in the future
* reference RepeatableTask's `__tablename__` directly
* use a master/slave configuration for tasks
the master periodically checks to see if the slave is alive, healthy,
and not taking too many resources, and if applicable kills its
child and restarts it.
only one relation is supported at the moment.
* don't duplicate process unnecessarily
* note impl detail, add comments
* fix imports.
* getting imports to stop being stupid.
* environment notes.
* syntax derp
* *sigh*
* stupid environment stuff
* add UI for submitting a scheduled post
* stupid things i need to fix the user class
* ...
* fix template
* add formkey
* pass v
* add hour and minute field
* bleh
* remove concrete
* the sqlalchemy docs are wrong
* fix me being dumb and not understanding error messages
* missing author attribute for display
* author_name property
* it's a property
* with_polymorphic i think fixes this
* dsfavgnhmjk
* *sigh*
* okay try this again
* try getting rid of the comment section
* include -> extends
* put the div outside of the thing.
* fix user page listings :/
* mhm
* i hate this why isn't this working
* this should fix it
* Fix posts being set as disabled by default
* form UI imrpovements
* label
* <textarea>s should have their closing tag
* UI fixes.
* and fix errenous spinner thing.
* don't abort(415) when browsers send 0 length files for some reason
* UI improvements
* line break.
* CSS :S
* better explainer
* don't show moderation buttons for scheduled posts
* ...
* meh
* add edit form
* include forms on default page.
* fix hour minute selectino.
* improve ui i guess and add api
* Show previous postings on scheduled task page
* create task id
* sqla
* posts -> submissions
* fix OTM relationship
* edit URL
* use common formkey control
* Idk why this isn't working
* Revert "Idk why this isn't working"
This reverts commit 3b93f741df.
* does removing viewonly fix it?
* don't import routes on db migrations
* apparently this has to be a string
* UI improvements redux
* margins and stuff
* add cron to supervisord
* remove stupid duplication
* typo fix
* postgres syntax error
* better lock and error handling
* add relationship between task and runs
* fix some ui stuff
* fix incorrect timestamp comparison
* ...
* Fix logic errors blocking scheduled posts
Two bugs here:
- RepeatableTask.run_time_last <= now: run_time_last is NULL by
default. NULL is not greater than, less than, or equal to any
value. We use NULL to signify a never-run task; check for that
condition when building the task list.
- `6 <= weekday <= 0`: there is no integer that is both gte 6 and
lte 0. This was always false.
* pasthrough worker process STDOUT and STDERR
* Add scheduler to admin panel
* scheduler
* fix listing and admin home
* date formatting ixes
* fix ages
* task user interface
* fix some more import crap i have to deal with
* fix typing
* avoid import loop
* UI fixes
* fix incorrect type
* task type
* Scheduled task UI improvements (add runs and stuff)
* make the width a lil bit smaller
* task runs.
* fix submit page
* add alembic migration
* log on startup
* Fix showing edit button
* Fix logic for `can_edit` (accidentally did `author_id` instead of `id`)
* Broad review pass
Review:
- Call `invalidate_cache` with `is_html=` explicitly for clarity,
rather than a bare boolean in the call args.
- Remove `marseys_const*` and associated stateful const system:
the implementation was good if we needed them, but TheMotte
doesn't use emoji, and a greenfield emoji system would likely
not keep those darned lists floating in thread-local scope.
Also they were only needed for goldens and random emoji, which
are fairly non-central features.
- Get `os.environ` fully out of the templates by using the new
constants we already have in files.helpers.config.environment.
- Given files.routes.posts cleanup,get rid of shop discount dict.
It's already a mapping of badge IDs to discounts for badges that
likely won't continue to exist (if they even do at present).
- RepeatableTaskRun.exception: use `@property.setter` instead of
overriding `__setattr__`.
Fix:
- Welcome message literal contained an indented Markdown code block.
- Condition to show "View source" button changed to show source to
logged out. This may well be a desirable change, but it's not
clearly intended here.
* Fix couple of routing issues
* fix 400 with post body editing
* Add error handler for HTTP 415
* fix router giving wrong arg name to handler
* Use supervisord to monitor memory rather than DIY
Also means we're using pip for getting supervisord now, so we don't rely
on the Debian image base for any packages.
* fix task run elapsed time display
* formatting and removing redundant code
* Fix missing ModAction import
* dates and times fixes
* Having to modify imports here anyway, might as
well change it.
* correct documentation.
* don't use urlunparse
* validators: import sanitize instead of from syntax
* cron: prevent races on task running
RepeatableTask.run_state_enum acts as the mutex on repeatable tasks.
Previously, the list of tasks to run was acquired before individually
locking each task. However, there was a period where the table is both
unlocked and the tasks are in state WAITING between those points.
This could potentially have led to two 'cron' processes each running the
same task simultaneously. Instead, we check for runnability both when
building the preliminary list and when mutexing the task via run state
in the database.
Also:
- g.db and the cron db object are both instances of `Session`, not
`scoped_session` because they are obtained from
`scoped_session.__call__`, which acts as a `Session` factory.
Propagate this to the type hints.
- Sort order of task run submissions so /tasks/scheduled_posts/<id>
"Previous Task Runs" listings are useful.
* Notify followers on post publication
This was old behavior lost in the refactoring of the submit endpoint.
Also fix an AttributeError in `Follow.__repr__` which carried over
from all the repr copypasta.
* Fix image attachment
Any check for `file.content_length` relies on browsers sending
Content-Length headers with the request. It seems that few actually do.
The pre-refactor approach was to check for truthiness, which excludes
both None and the strange empty strings that we seem to get in absence
of a file upload. We return to doing so.
---------
Co-authored-by: TLSM <duolsm@outlook.com>
1507 lines
37 KiB
Python
1507 lines
37 KiB
Python
import json
|
|
import time
|
|
from datetime import datetime
|
|
|
|
import requests
|
|
|
|
from files.classes import *
|
|
from files.helpers.alerts import *
|
|
from files.helpers.caching import invalidate_cache
|
|
from files.helpers.comments import comment_on_publish, comment_on_unpublish
|
|
from files.helpers.config.const import *
|
|
from files.helpers.config.environment import CF_HEADERS, CF_ZONE
|
|
from files.helpers.get import *
|
|
from files.helpers.media import *
|
|
from files.helpers.sanitize import *
|
|
from files.helpers.security import *
|
|
from files.helpers.wrappers import *
|
|
from files.__main__ import app, cache, limiter
|
|
from files.routes.importstar import *
|
|
|
|
month = datetime.now().strftime('%B')
|
|
|
|
@app.post("/@<username>/make_admin")
|
|
@limiter.exempt
|
|
@admin_level_required(3)
|
|
def make_admin(v, username):
|
|
user = get_user(username)
|
|
if not user: abort(404)
|
|
user.admin_level = 2
|
|
g.db.add(user)
|
|
|
|
ma = ModAction(
|
|
kind="make_admin",
|
|
user_id=v.id,
|
|
target_user_id=user.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
return {"message": "User has been made admin!"}
|
|
|
|
|
|
@app.post("/@<username>/remove_admin")
|
|
@limiter.exempt
|
|
@admin_level_required(3)
|
|
def remove_admin(v, username):
|
|
user = get_user(username)
|
|
if not user: abort(404)
|
|
user.admin_level = 0
|
|
g.db.add(user)
|
|
|
|
ma = ModAction(
|
|
kind="remove_admin",
|
|
user_id=v.id,
|
|
target_user_id=user.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
return {"message": "Admin removed!"}
|
|
|
|
@app.post("/@<username>/delete_note/<id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def delete_note(v,username,id):
|
|
g.db.query(UserNote).filter_by(id=id).delete()
|
|
g.db.commit()
|
|
|
|
return make_response(jsonify({
|
|
'success':True, 'message': 'Note deleted', 'note': id
|
|
}), 200)
|
|
|
|
@app.post("/@<username>/create_note")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def create_note(v,username):
|
|
|
|
def result(msg,succ,note):
|
|
return make_response(jsonify({
|
|
'success':succ, 'message': msg, 'note': note
|
|
}), 200)
|
|
|
|
data = json.loads(request.values.get('data'))
|
|
user = g.db.query(User).filter_by(username=username).one_or_none()
|
|
|
|
if not user:
|
|
return result('User not found',False,None)
|
|
|
|
author_id = v.id
|
|
reference_user = user.id
|
|
reference_comment = data.get('comment',None)
|
|
reference_post = data.get('post',None)
|
|
note = data['note']
|
|
tag = UserTag(int(data['tag']))
|
|
|
|
if reference_comment:
|
|
reference_post = None
|
|
elif reference_post:
|
|
reference_comment = None
|
|
|
|
note = UserNote(
|
|
author_id=author_id,
|
|
reference_user=reference_user,
|
|
reference_comment=reference_comment,
|
|
reference_post=reference_post,
|
|
note=note,
|
|
tag=tag)
|
|
|
|
g.db.add(note)
|
|
g.db.commit()
|
|
|
|
return result('Note saved',True,note.json())
|
|
|
|
@app.post("/@<username>/revert_actions")
|
|
@limiter.exempt
|
|
@admin_level_required(3)
|
|
def revert_actions(v, username):
|
|
user = get_user(username)
|
|
if not user: abort(404)
|
|
|
|
ma = ModAction(
|
|
kind="revert",
|
|
user_id=v.id,
|
|
target_user_id=user.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
cutoff = int(time.time()) - 86400
|
|
|
|
posts = [x[0] for x in g.db.query(ModAction.target_submission_id).filter(ModAction.user_id == user.id, ModAction.created_utc > cutoff, ModAction.kind == 'ban_post').all()]
|
|
posts = g.db.query(Submission).filter(Submission.id.in_(posts)).all()
|
|
|
|
comments = [x[0] for x in g.db.query(ModAction.target_comment_id).filter(ModAction.user_id == user.id, ModAction.created_utc > cutoff, ModAction.kind == 'ban_comment').all()]
|
|
comments = g.db.query(Comment).filter(Comment.id.in_(comments)).all()
|
|
|
|
for item in posts + comments:
|
|
item.is_banned = False
|
|
item.ban_reason = None
|
|
g.db.add(item)
|
|
|
|
users = (x[0] for x in g.db.query(ModAction.target_user_id).filter(ModAction.user_id == user.id, ModAction.created_utc > cutoff, ModAction.kind.in_(('shadowban', 'ban_user'))).all())
|
|
users = g.db.query(User).filter(User.id.in_(users)).all()
|
|
|
|
for user in users:
|
|
user.shadowbanned = None
|
|
user.is_banned = 0
|
|
user.unban_utc = 0
|
|
user.ban_evade = 0
|
|
send_repeatable_notification(user.id, f"@{v.username} has unbanned you!")
|
|
g.db.add(user)
|
|
for u in user.alts:
|
|
u.shadowbanned = None
|
|
u.is_banned = 0
|
|
u.unban_utc = 0
|
|
u.ban_evade = 0
|
|
send_repeatable_notification(u.id, f"@{v.username} has unbanned you!")
|
|
g.db.add(u)
|
|
|
|
g.db.commit()
|
|
return {"message": "Admin actions reverted!"}
|
|
|
|
@app.post("/@<username>/club_allow")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def club_allow(v, username):
|
|
|
|
u = get_user(username, v=v)
|
|
|
|
if not u: abort(404)
|
|
|
|
if u.admin_level >= v.admin_level:
|
|
abort(403, "Can't target users with admin level higher than you")
|
|
|
|
u.club_allowed = True
|
|
g.db.add(u)
|
|
|
|
for x in u.alts_unique:
|
|
x.club_allowed = True
|
|
g.db.add(x)
|
|
|
|
ma = ModAction(
|
|
kind="club_allow",
|
|
user_id=v.id,
|
|
target_user_id=u.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
return {"message": f"@{username} has been allowed into the {CC_TITLE}!"}
|
|
|
|
@app.post("/@<username>/club_ban")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def club_ban(v, username):
|
|
|
|
u = get_user(username, v=v)
|
|
|
|
if not u: abort(404)
|
|
|
|
if u.admin_level >= v.admin_level:
|
|
abort(403, "Can't target users with admin level higher than you")
|
|
|
|
u.club_allowed = False
|
|
|
|
for x in u.alts_unique:
|
|
u.club_allowed = False
|
|
g.db.add(x)
|
|
|
|
ma = ModAction(
|
|
kind="club_ban",
|
|
user_id=v.id,
|
|
target_user_id=u.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
return {"message": f"@{username} has been kicked from the {CC_TITLE}. Deserved."}
|
|
|
|
@app.get("/admin/shadowbanned")
|
|
@limiter.exempt
|
|
@auth_required
|
|
def shadowbanned(v):
|
|
if not (v and v.admin_level > 1): abort(404)
|
|
users = [x for x in g.db.query(User).filter(User.shadowbanned != None).order_by(User.shadowbanned).all()]
|
|
return render_template("shadowbanned.html", v=v, users=users)
|
|
|
|
@app.get("/admin/filtered/posts")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def filtered_submissions(v):
|
|
try: page = int(request.values.get('page', 1))
|
|
except: page = 1
|
|
|
|
posts_just_ids = g.db.query(Submission) \
|
|
.order_by(Submission.id.desc()) \
|
|
.filter(Submission.filter_state == 'filtered') \
|
|
.limit(26) \
|
|
.offset(25 * (page - 1)) \
|
|
.with_entities(Submission.id)
|
|
|
|
post_ids = [x.id for x in posts_just_ids]
|
|
next_exists = (len(post_ids) > 25)
|
|
posts = get_posts(post_ids[:25], v=v)
|
|
|
|
return render_template("admin/filtered_submissions.html", v=v, listing=posts, next_exists=next_exists, page=page, sort="new")
|
|
|
|
@app.get("/admin/filtered/comments")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def filtered_comments(v):
|
|
try: page = int(request.values.get('page', 1))
|
|
except: page = 1
|
|
|
|
comments_just_ids = g.db.query(Comment) \
|
|
.order_by(Comment.id.desc()) \
|
|
.filter(Comment.filter_state == 'filtered') \
|
|
.limit(26) \
|
|
.offset(25 * (page - 1)) \
|
|
.with_entities(Comment.id)
|
|
|
|
comment_ids = [x.id for x in comments_just_ids]
|
|
next_exists = (len(comment_ids) > 25)
|
|
comments = get_comments(comment_ids[:25], v=v)
|
|
|
|
return render_template("admin/filtered_comments.html", v=v, listing=comments, next_exists=next_exists, page=page, sort="new")
|
|
|
|
@app.post("/admin/update_filter_status")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def update_filter_status(v):
|
|
update_body = request.get_json()
|
|
new_status = update_body.get('new_status')
|
|
post_id = update_body.get('post_id')
|
|
comment_id = update_body.get('comment_id')
|
|
if new_status not in ['normal', 'removed', 'ignored']:
|
|
return { 'result': f'Status of {new_status} is not permitted' }
|
|
|
|
if post_id:
|
|
p = g.db.get(Submission, post_id)
|
|
old_status = p.filter_state
|
|
rows_updated = g.db.query(Submission).where(Submission.id == post_id) \
|
|
.update({Submission.filter_state: new_status})
|
|
elif comment_id:
|
|
c = g.db.get(Comment, comment_id)
|
|
old_status = c.filter_state
|
|
rows_updated = g.db.query(Comment).where(Comment.id == comment_id) \
|
|
.update({Comment.filter_state: new_status})
|
|
else:
|
|
return { 'result': f'No valid item ID provided' }
|
|
|
|
if rows_updated == 1:
|
|
# If comment now visible, update state to reflect publication.
|
|
if (comment_id
|
|
and old_status in ['filtered', 'removed']
|
|
and new_status in ['normal', 'ignored']):
|
|
comment_on_publish(c)
|
|
|
|
if (comment_id
|
|
and old_status in ['normal', 'ignored']
|
|
and new_status in ['filtered', 'removed']):
|
|
comment_on_unpublish(c)
|
|
|
|
g.db.commit()
|
|
return { 'result': 'Update successful' }
|
|
else:
|
|
return { 'result': 'Item ID does not exist' }
|
|
|
|
@app.get("/admin/image_posts")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def image_posts_listing(v):
|
|
|
|
try: page = int(request.values.get('page', 1))
|
|
except: page = 1
|
|
|
|
posts = g.db.query(Submission).order_by(Submission.id.desc())
|
|
|
|
firstrange = 25 * (page - 1)
|
|
secondrange = firstrange+26
|
|
posts = [x.id for x in posts if x.is_image][firstrange:secondrange]
|
|
next_exists = (len(posts) > 25)
|
|
posts = get_posts(posts[:25], v=v)
|
|
|
|
return render_template("admin/image_posts.html", v=v, listing=posts, next_exists=next_exists, page=page, sort="new")
|
|
|
|
|
|
@app.get("/admin/reported/posts")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def reported_posts(v):
|
|
page = max(1, int(request.values.get("page", 1)))
|
|
|
|
subs_just_ids = g.db.query(Submission) \
|
|
.filter(Submission.filter_state == 'reported') \
|
|
.order_by(Submission.id.desc()) \
|
|
.offset(25 * (page - 1)) \
|
|
.limit(26) \
|
|
.with_entities(Submission.id)
|
|
|
|
sub_ids = [x.id for x in subs_just_ids]
|
|
next_exists = len(sub_ids) > 25
|
|
listings = get_posts(sub_ids[:25], v=v)
|
|
return render_template("admin/reported_posts.html",
|
|
next_exists=next_exists, listing=listings, page=page, v=v)
|
|
|
|
|
|
@app.get("/admin/reported/comments")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def reported_comments(v):
|
|
|
|
page = max(1, int(request.values.get("page", 1)))
|
|
|
|
listing = g.db.query(Comment
|
|
).filter_by(
|
|
is_approved=None,
|
|
is_banned=False
|
|
).join(Comment.reports).order_by(Comment.id.desc()).offset(25 * (page - 1)).limit(26).all()
|
|
comments_just_ids = g.db.query(Comment) \
|
|
.filter(Comment.filter_state == 'reported') \
|
|
.order_by(Comment.id.desc()) \
|
|
.offset(25 * (page - 1)) \
|
|
.limit(26) \
|
|
.with_entities(Comment.id)
|
|
|
|
comment_ids = [c.id for c in comments_just_ids]
|
|
next_exists = len(comment_ids) > 25
|
|
comments = get_comments(comment_ids[:25], v=v)
|
|
|
|
return render_template("admin/reported_comments.html",
|
|
next_exists=next_exists,
|
|
listing=comments,
|
|
page=page,
|
|
v=v,
|
|
standalone=True)
|
|
|
|
@app.get("/admin")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def admin_home(v):
|
|
if CF_ZONE == 'blahblahblah': response = 'high'
|
|
else: response = requests.get(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, timeout=5).json()['result']['value']
|
|
under_attack = response == 'under_attack'
|
|
|
|
return render_template("admin/admin_home.html", v=v, under_attack=under_attack, site_settings=app.config['SETTINGS'])
|
|
|
|
|
|
@app.post("/admin/site_settings/<setting>")
|
|
@limiter.exempt
|
|
@admin_level_required(3)
|
|
def change_settings(v, setting):
|
|
site_settings = app.config['SETTINGS']
|
|
new_value = request.form.get('new_value')
|
|
if new_value:
|
|
word = f'set {new_value} for'
|
|
if isinstance(site_settings[setting], int):
|
|
# we want to blow up if you try setting an int field to something that doesn't parse as an int
|
|
site_settings[setting] = int(new_value)
|
|
else:
|
|
# 422ing for any other types for now, feel free to add some more types if needed
|
|
abort(422, "Not a valid config value type")
|
|
else:
|
|
site_settings[setting] = not site_settings[setting]
|
|
if site_settings[setting]: word = 'enabled'
|
|
else: word = 'disabled'
|
|
with open("site_settings.json", "w") as f:
|
|
json.dump(site_settings, f)
|
|
|
|
body = f"@{v.username} has {word} `{setting}` in the [admin dashboard](/admin)!"
|
|
|
|
body_html = sanitize(body)
|
|
|
|
new_comment = Comment(author_id=NOTIFICATIONS_ID,
|
|
parent_submission=None,
|
|
level=1,
|
|
body_html=body_html,
|
|
sentto=MODMAIL_ID,
|
|
distinguish_level=6
|
|
)
|
|
g.db.add(new_comment)
|
|
g.db.flush()
|
|
|
|
new_comment.top_comment_id = new_comment.id
|
|
|
|
for admin in g.db.query(User).filter(User.admin_level > 2, User.id != v.id).all():
|
|
notif = Notification(comment_id=new_comment.id, user_id=admin.id)
|
|
g.db.add(notif)
|
|
|
|
ma = ModAction(
|
|
kind=f"{word}_{setting}".replace(' ', '_')[:32],
|
|
user_id=v.id,
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
|
|
return {'message': f"{word} {setting} successfully!"}
|
|
|
|
|
|
@app.post("/admin/purge_cache")
|
|
@limiter.exempt
|
|
@admin_level_required(3)
|
|
def purge_cache(v):
|
|
cache.clear()
|
|
response = str(requests.post(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/purge_cache', headers=CF_HEADERS, data='{"purge_everything":true}', timeout=5))
|
|
|
|
ma = ModAction(
|
|
kind="purge_cache",
|
|
user_id=v.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
if response == "<Response [200]>": return {"message": "Cache purged!"}
|
|
abort(500, "Failed to purge cache.")
|
|
|
|
|
|
@app.post("/admin/under_attack")
|
|
@limiter.exempt
|
|
@admin_level_required(3)
|
|
def under_attack(v):
|
|
response = requests.get(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, timeout=5).json()['result']['value']
|
|
|
|
if response == 'under_attack':
|
|
ma = ModAction(
|
|
kind="disable_under_attack",
|
|
user_id=v.id,
|
|
)
|
|
g.db.add(ma)
|
|
g.db.commit()
|
|
|
|
response = str(requests.patch(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, data='{"value":"medium"}', timeout=5))
|
|
if response == "<Response [200]>": return {"message": "Under attack mode disabled!"}
|
|
abort(500, "Failed to disable under attack mode.")
|
|
else:
|
|
ma = ModAction(
|
|
kind="enable_under_attack",
|
|
user_id=v.id,
|
|
)
|
|
g.db.add(ma)
|
|
g.db.commit()
|
|
|
|
response = str(requests.patch(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/settings/security_level', headers=CF_HEADERS, data='{"value":"under_attack"}', timeout=5))
|
|
if response == "<Response [200]>": return {"message": "Under attack mode enabled!"}
|
|
abort(500, "Failed to enable under attack mode.")
|
|
|
|
@app.get("/admin/badge_grant")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def badge_grant_get(v):
|
|
badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all()
|
|
return render_template("admin/badge_grant.html", v=v, badge_types=badges)
|
|
|
|
|
|
@app.post("/admin/badge_grant")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def badge_grant_post(v):
|
|
badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all()
|
|
|
|
user = get_user(request.values.get("username").strip(), graceful=True)
|
|
if not user:
|
|
return render_template("admin/badge_grant.html", v=v, badge_types=badges, error="User not found.")
|
|
|
|
try: badge_id = int(request.values.get("badge_id"))
|
|
except: abort(400)
|
|
|
|
if badge_id in {16,17,94,95,96,97,98,109} and v.id != OWNER_ID:
|
|
abort(403)
|
|
|
|
if user.has_badge(badge_id):
|
|
return render_template("admin/badge_grant.html", v=v, badge_types=badges, error="User already has that badge.")
|
|
|
|
new_badge = Badge(badge_id=badge_id, user_id=user.id)
|
|
|
|
desc = request.values.get("description")
|
|
if desc: new_badge.description = desc
|
|
|
|
url = request.values.get("url")
|
|
if url: new_badge.url = url
|
|
|
|
g.db.add(new_badge)
|
|
g.db.flush()
|
|
|
|
if v.id != user.id:
|
|
text = f"@{v.username} has given you the following profile badge:\n\n\n\n{new_badge.name}"
|
|
send_notification(user.id, text)
|
|
|
|
ma = ModAction(
|
|
kind="badge_grant",
|
|
user_id=v.id,
|
|
target_user_id=user.id,
|
|
_note=new_badge.name
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
return render_template("admin/badge_grant.html", v=v, badge_types=badges, msg="Badge granted!")
|
|
|
|
|
|
|
|
@app.get("/admin/badge_remove")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def badge_remove_get(v):
|
|
badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all()
|
|
|
|
return render_template("admin/badge_remove.html", v=v, badge_types=badges)
|
|
|
|
|
|
@app.post("/admin/badge_remove")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def badge_remove_post(v):
|
|
badges = g.db.query(BadgeDef).order_by(BadgeDef.id).all()
|
|
|
|
user = get_user(request.values.get("username").strip(), graceful=True)
|
|
if not user:
|
|
return render_template("admin/badge_remove.html", v=v, badge_types=badges, error="User not found.")
|
|
|
|
try: badge_id = int(request.values.get("badge_id"))
|
|
except: abort(400)
|
|
|
|
badge = user.has_badge(badge_id)
|
|
if not badge:
|
|
return render_template("admin/badge_remove.html", v=v, badge_types=badges, error="User doesn't have that badge.")
|
|
|
|
ma = ModAction(
|
|
kind="badge_remove",
|
|
user_id=v.id,
|
|
target_user_id=user.id,
|
|
_note=badge.name
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.delete(badge)
|
|
|
|
g.db.commit()
|
|
|
|
return render_template("admin/badge_remove.html", v=v, badge_types=badges, msg="Badge removed!")
|
|
|
|
|
|
@app.get("/admin/users")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def users_list(v):
|
|
|
|
try: page = int(request.values.get("page", 1))
|
|
except: page = 1
|
|
|
|
users = g.db.query(User).filter_by(is_banned=0
|
|
).order_by(User.created_utc.desc()
|
|
).offset(25 * (page - 1)).limit(26)
|
|
|
|
users = [x for x in users]
|
|
|
|
next_exists = (len(users) > 25)
|
|
users = users[:25]
|
|
|
|
return render_template("admin/new_users.html",
|
|
v=v,
|
|
users=users,
|
|
next_exists=next_exists,
|
|
page=page,
|
|
)
|
|
|
|
|
|
@app.get('/admin/loggedin')
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def loggedin_list(v):
|
|
ids = [x for x, val in cache.get(f'{SITE}_loggedin').items() \
|
|
if (time.time() - val) < LOGGEDIN_ACTIVE_TIME]
|
|
users = g.db.query(User).filter(User.id.in_(ids)) \
|
|
.order_by(User.admin_level.desc(), User.truecoins.desc()).all()
|
|
return render_template("admin/loggedin.html", v=v, users=users)
|
|
|
|
|
|
@app.get('/admin/loggedout')
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def loggedout_list(v):
|
|
users = sorted([val[1] for x, val in cache.get(f'{SITE}_loggedout').items() \
|
|
if (time.time() - val[0]) < LOGGEDIN_ACTIVE_TIME])
|
|
return render_template("admin/loggedout.html", v=v, users=users)
|
|
|
|
|
|
@app.get("/admin/alt_votes")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def alt_votes_get(v):
|
|
|
|
u1 = request.values.get("u1")
|
|
u2 = request.values.get("u2")
|
|
|
|
if not u1 or not u2:
|
|
return render_template("admin/alt_votes.html", v=v)
|
|
|
|
u1 = get_user(u1)
|
|
u2 = get_user(u2)
|
|
|
|
u1_post_ups = g.db.query(
|
|
Vote.submission_id).filter_by(
|
|
user_id=u1.id,
|
|
vote_type=1).all()
|
|
u1_post_downs = g.db.query(
|
|
Vote.submission_id).filter_by(
|
|
user_id=u1.id,
|
|
vote_type=-1).all()
|
|
u1_comment_ups = g.db.query(
|
|
CommentVote.comment_id).filter_by(
|
|
user_id=u1.id,
|
|
vote_type=1).all()
|
|
u1_comment_downs = g.db.query(
|
|
CommentVote.comment_id).filter_by(
|
|
user_id=u1.id,
|
|
vote_type=-1).all()
|
|
u2_post_ups = g.db.query(
|
|
Vote.submission_id).filter_by(
|
|
user_id=u2.id,
|
|
vote_type=1).all()
|
|
u2_post_downs = g.db.query(
|
|
Vote.submission_id).filter_by(
|
|
user_id=u2.id,
|
|
vote_type=-1).all()
|
|
u2_comment_ups = g.db.query(
|
|
CommentVote.comment_id).filter_by(
|
|
user_id=u2.id,
|
|
vote_type=1).all()
|
|
u2_comment_downs = g.db.query(
|
|
CommentVote.comment_id).filter_by(
|
|
user_id=u2.id,
|
|
vote_type=-1).all()
|
|
|
|
data = {}
|
|
data['u1_only_post_ups'] = len(
|
|
[x for x in u1_post_ups if x not in u2_post_ups])
|
|
data['u2_only_post_ups'] = len(
|
|
[x for x in u2_post_ups if x not in u1_post_ups])
|
|
data['both_post_ups'] = len(list(set(u1_post_ups) & set(u2_post_ups)))
|
|
|
|
data['u1_only_post_downs'] = len(
|
|
[x for x in u1_post_downs if x not in u2_post_downs])
|
|
data['u2_only_post_downs'] = len(
|
|
[x for x in u2_post_downs if x not in u1_post_downs])
|
|
data['both_post_downs'] = len(
|
|
list(set(u1_post_downs) & set(u2_post_downs)))
|
|
|
|
data['u1_only_comment_ups'] = len(
|
|
[x for x in u1_comment_ups if x not in u2_comment_ups])
|
|
data['u2_only_comment_ups'] = len(
|
|
[x for x in u2_comment_ups if x not in u1_comment_ups])
|
|
data['both_comment_ups'] = len(
|
|
list(set(u1_comment_ups) & set(u2_comment_ups)))
|
|
|
|
data['u1_only_comment_downs'] = len(
|
|
[x for x in u1_comment_downs if x not in u2_comment_downs])
|
|
data['u2_only_comment_downs'] = len(
|
|
[x for x in u2_comment_downs if x not in u1_comment_downs])
|
|
data['both_comment_downs'] = len(
|
|
list(set(u1_comment_downs) & set(u2_comment_downs)))
|
|
|
|
data['u1_post_ups_unique'] = 100 * \
|
|
data['u1_only_post_ups'] // len(u1_post_ups) if u1_post_ups else 0
|
|
data['u2_post_ups_unique'] = 100 * \
|
|
data['u2_only_post_ups'] // len(u2_post_ups) if u2_post_ups else 0
|
|
data['u1_post_downs_unique'] = 100 * \
|
|
data['u1_only_post_downs'] // len(
|
|
u1_post_downs) if u1_post_downs else 0
|
|
data['u2_post_downs_unique'] = 100 * \
|
|
data['u2_only_post_downs'] // len(
|
|
u2_post_downs) if u2_post_downs else 0
|
|
|
|
data['u1_comment_ups_unique'] = 100 * \
|
|
data['u1_only_comment_ups'] // len(
|
|
u1_comment_ups) if u1_comment_ups else 0
|
|
data['u2_comment_ups_unique'] = 100 * \
|
|
data['u2_only_comment_ups'] // len(
|
|
u2_comment_ups) if u2_comment_ups else 0
|
|
data['u1_comment_downs_unique'] = 100 * \
|
|
data['u1_only_comment_downs'] // len(
|
|
u1_comment_downs) if u1_comment_downs else 0
|
|
data['u2_comment_downs_unique'] = 100 * \
|
|
data['u2_only_comment_downs'] // len(
|
|
u2_comment_downs) if u2_comment_downs else 0
|
|
|
|
return render_template("admin/alt_votes.html",
|
|
u1=u1,
|
|
u2=u2,
|
|
v=v,
|
|
data=data
|
|
)
|
|
|
|
|
|
@app.post("/admin/link_accounts")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def admin_link_accounts(v):
|
|
u1 = get_account(request.values.get("u1", ''))
|
|
u2 = get_account(request.values.get("u2", ''))
|
|
|
|
new_alt = Alt(
|
|
user1=u1.id,
|
|
user2=u2.id,
|
|
is_manual=True
|
|
)
|
|
|
|
g.db.add(new_alt)
|
|
|
|
ma = ModAction(
|
|
kind="link_accounts",
|
|
user_id=v.id,
|
|
target_user_id=u1,
|
|
_note=f'with {u2}'
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
return redirect(f"/admin/alt_votes?u1={u1.id}&u2={u2.id}")
|
|
|
|
|
|
@app.get("/admin/removed/posts")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def admin_removed(v):
|
|
|
|
try: page = int(request.values.get("page", 1))
|
|
except: page = 1
|
|
|
|
if page < 1: abort(400)
|
|
|
|
ids = g.db.query(Submission.id).join(User, User.id == Submission.author_id).filter(or_(Submission.is_banned==True, User.shadowbanned != None)).order_by(Submission.id.desc()).offset(25 * (page - 1)).limit(26).all()
|
|
|
|
ids=[x[0] for x in ids]
|
|
|
|
next_exists = len(ids) > 25
|
|
|
|
ids = ids[:25]
|
|
|
|
posts = get_posts(ids, v=v)
|
|
|
|
return render_template("admin/removed_posts.html",
|
|
v=v,
|
|
listing=posts,
|
|
page=page,
|
|
next_exists=next_exists
|
|
)
|
|
|
|
|
|
@app.get("/admin/removed/comments")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def admin_removed_comments(v):
|
|
|
|
try: page = int(request.values.get("page", 1))
|
|
except: page = 1
|
|
|
|
ids = g.db.query(Comment.id).join(User, User.id == Comment.author_id).filter(or_(Comment.is_banned==True, User.shadowbanned != None)).order_by(Comment.id.desc()).offset(25 * (page - 1)).limit(26).all()
|
|
|
|
ids=[x[0] for x in ids]
|
|
|
|
next_exists = len(ids) > 25
|
|
|
|
ids = ids[:25]
|
|
|
|
comments = get_comments(ids, v=v)
|
|
|
|
return render_template("admin/removed_comments.html",
|
|
v=v,
|
|
listing=comments,
|
|
page=page,
|
|
next_exists=next_exists
|
|
)
|
|
|
|
|
|
@app.post("/shadowban/<user_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def shadowban(user_id, v):
|
|
user = g.db.query(User).filter_by(id=user_id).one_or_none()
|
|
if user.admin_level != 0: abort(403)
|
|
user.shadowbanned = v.username
|
|
g.db.add(user)
|
|
|
|
for alt in user.alts:
|
|
if alt.admin_level: break
|
|
alt.shadowbanned = v.username
|
|
g.db.add(alt)
|
|
|
|
ma = ModAction(
|
|
kind="shadowban",
|
|
user_id=v.id,
|
|
target_user_id=user.id,
|
|
)
|
|
g.db.add(ma)
|
|
|
|
invalidate_cache(frontlist=True)
|
|
|
|
body = f"@{v.username} has shadowbanned @{user.username}"
|
|
|
|
body_html = sanitize(body)
|
|
|
|
|
|
new_comment = Comment(author_id=NOTIFICATIONS_ID,
|
|
parent_submission=None,
|
|
level=1,
|
|
body_html=body_html,
|
|
distinguish_level=6
|
|
)
|
|
g.db.add(new_comment)
|
|
g.db.flush()
|
|
|
|
new_comment.top_comment_id = new_comment.id
|
|
|
|
for admin in g.db.query(User).filter(User.admin_level > 2, User.id != v.id).all():
|
|
notif = Notification(comment_id=new_comment.id, user_id=admin.id)
|
|
g.db.add(notif)
|
|
|
|
|
|
|
|
g.db.commit()
|
|
return {"message": "User shadowbanned!"}
|
|
|
|
|
|
@app.post("/unshadowban/<user_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def unshadowban(user_id, v):
|
|
user = g.db.query(User).filter_by(id=user_id).one_or_none()
|
|
user.shadowbanned = None
|
|
user.ban_evade = 0
|
|
g.db.add(user)
|
|
for alt in user.alts:
|
|
alt.shadowbanned = None
|
|
alt.ban_evade = 0
|
|
g.db.add(alt)
|
|
|
|
ma = ModAction(
|
|
kind="unshadowban",
|
|
user_id=v.id,
|
|
target_user_id=user.id,
|
|
)
|
|
g.db.add(ma)
|
|
|
|
invalidate_cache(frontlist=True)
|
|
|
|
g.db.commit()
|
|
return {"message": "User unshadowbanned!"}
|
|
|
|
@app.post("/admin/verify/<user_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(3)
|
|
def verify(user_id, v):
|
|
user = g.db.query(User).filter_by(id=user_id).one_or_none()
|
|
user.verified = "Verified"
|
|
g.db.add(user)
|
|
|
|
ma = ModAction(
|
|
kind="check",
|
|
user_id=v.id,
|
|
target_user_id=user.id,
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
return {"message": "User verfied!"}
|
|
|
|
@app.post("/admin/unverify/<user_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(3)
|
|
def unverify(user_id, v):
|
|
user = g.db.query(User).filter_by(id=user_id).one_or_none()
|
|
user.verified = None
|
|
g.db.add(user)
|
|
|
|
ma = ModAction(
|
|
kind="uncheck",
|
|
user_id=v.id,
|
|
target_user_id=user.id,
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
return {"message": "User unverified!"}
|
|
|
|
|
|
@app.post("/admin/title_change/<user_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def admin_title_change(user_id, v):
|
|
|
|
user = g.db.query(User).filter_by(id=user_id).one_or_none()
|
|
|
|
new_name=request.values.get("title").strip()[:256]
|
|
|
|
user.customtitleplain=new_name
|
|
new_name = filter_emojis_only(new_name)
|
|
|
|
user=g.db.query(User).filter_by(id=user.id).one_or_none()
|
|
user.customtitle=new_name
|
|
user.flairchanged = None
|
|
if request.values.get("locked"):
|
|
user.flairchanged = (2 << 30) - 1
|
|
|
|
g.db.add(user)
|
|
|
|
if user.flairchanged: kind = "set_flair_locked"
|
|
else: kind = "set_flair_notlocked"
|
|
|
|
ma=ModAction(
|
|
kind=kind,
|
|
user_id=v.id,
|
|
target_user_id=user.id,
|
|
_note=f'"{user.customtitleplain}"'
|
|
)
|
|
g.db.add(ma)
|
|
g.db.commit()
|
|
|
|
return redirect(user.url)
|
|
|
|
@app.post("/ban_user/<user_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def ban_user(user_id, v):
|
|
|
|
user = g.db.query(User).filter_by(id=user_id).one_or_none()
|
|
|
|
if not user: abort(404)
|
|
|
|
if user.admin_level >= v.admin_level: abort(403)
|
|
|
|
days = float(request.values.get("days")) if request.values.get('days') else 0
|
|
|
|
reason = request.values.get("reason", "").strip()[:256]
|
|
passed_reason = filter_emojis_only(reason)
|
|
|
|
if len(passed_reason) > 256: passed_reason = reason
|
|
|
|
user.ban(admin=v, reason=passed_reason, days=days)
|
|
|
|
if request.values.get("alts"):
|
|
for x in user.alts:
|
|
if x.admin_level: break
|
|
x.ban(admin=v, reason=passed_reason, days=days)
|
|
|
|
if days:
|
|
if reason: text = f"@{v.username} has banned you for **{days}** days for the following reason:\n\n> {reason}"
|
|
else: text = f"@{v.username} has banned you for **{days}** days."
|
|
else:
|
|
if reason: text = f"@{v.username} has banned you permanently for the following reason:\n\n> {reason}"
|
|
else: text = f"@{v.username} has banned you permanently."
|
|
|
|
send_repeatable_notification(user.id, text)
|
|
|
|
if days == 0: duration = "permanent"
|
|
elif days == 1: duration = "1 day"
|
|
else: duration = f"{days} days"
|
|
|
|
note = f'reason: "{reason}", duration: {duration}'
|
|
ma=ModAction(
|
|
kind="ban_user",
|
|
user_id=v.id,
|
|
target_user_id=user.id,
|
|
_note=note
|
|
)
|
|
g.db.add(ma)
|
|
|
|
if 'reason' in request.values:
|
|
if reason.startswith("/post/"):
|
|
try:
|
|
post = int(reason.split("/post/")[1].split(None, 1)[0])
|
|
post = get_post(post)
|
|
post.bannedfor = True
|
|
g.db.add(post)
|
|
except: pass
|
|
elif reason.startswith("/comment/"):
|
|
try:
|
|
comment = int(reason.split("/comment/")[1].split(None, 1)[0])
|
|
comment = get_comment(comment)
|
|
comment.bannedfor = True
|
|
g.db.add(comment)
|
|
except: pass
|
|
|
|
|
|
body = f"@{v.username} has banned @{user.username} ({note})"
|
|
|
|
body_html = sanitize(body)
|
|
|
|
|
|
new_comment = Comment(author_id=NOTIFICATIONS_ID,
|
|
parent_submission=None,
|
|
level=1,
|
|
body_html=body_html,
|
|
distinguish_level=6
|
|
)
|
|
g.db.add(new_comment)
|
|
g.db.flush()
|
|
|
|
new_comment.top_comment_id = new_comment.id
|
|
|
|
for admin in g.db.query(User).filter(User.admin_level > 2, User.id != v.id).all():
|
|
notif = Notification(comment_id=new_comment.id, user_id=admin.id)
|
|
g.db.add(notif)
|
|
|
|
|
|
g.db.commit()
|
|
|
|
if 'redir' in request.values: return redirect(user.url)
|
|
else: return {"message": f"@{user.username} was banned!"}
|
|
|
|
|
|
@app.post("/unban_user/<user_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def unban_user(user_id, v):
|
|
|
|
user = g.db.query(User).filter_by(id=user_id).one_or_none()
|
|
|
|
if not user or not user.is_banned: abort(400)
|
|
|
|
user.is_banned = 0
|
|
user.unban_utc = 0
|
|
user.ban_evade = 0
|
|
user.ban_reason = None
|
|
send_repeatable_notification(user.id, f"@{v.username} has unbanned you!")
|
|
g.db.add(user)
|
|
|
|
for x in user.alts:
|
|
if x.is_banned: send_repeatable_notification(x.id, f"@{v.username} has unbanned you!")
|
|
x.is_banned = 0
|
|
x.unban_utc = 0
|
|
x.ban_evade = 0
|
|
x.ban_reason = None
|
|
g.db.add(x)
|
|
|
|
ma=ModAction(
|
|
kind="unban_user",
|
|
user_id=v.id,
|
|
target_user_id=user.id,
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
|
|
if "@" in request.referrer: return redirect(user.url)
|
|
else: return {"message": f"@{user.username} was unbanned!"}
|
|
|
|
|
|
@app.post("/ban_post/<post_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def ban_post(post_id, v):
|
|
|
|
post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
|
|
|
|
if not post:
|
|
abort(400)
|
|
|
|
post.is_banned = True
|
|
post.is_approved = None
|
|
post.stickied = None
|
|
post.is_pinned = False
|
|
post.ban_reason = v.username
|
|
g.db.add(post)
|
|
|
|
|
|
|
|
ma=ModAction(
|
|
kind="ban_post",
|
|
user_id=v.id,
|
|
target_submission_id=post.id,
|
|
)
|
|
g.db.add(ma)
|
|
|
|
invalidate_cache(frontlist=True)
|
|
|
|
v.coins += 1
|
|
g.db.add(v)
|
|
|
|
requests.post(f'https://api.cloudflare.com/client/v4/zones/{CF_ZONE}/purge_cache', headers=CF_HEADERS, json={'files': [f"{SITE_FULL}/logged_out/"]}, timeout=5)
|
|
|
|
g.db.commit()
|
|
|
|
return {"message": "Post removed!"}
|
|
|
|
|
|
@app.post("/unban_post/<post_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def unban_post(post_id, v):
|
|
|
|
post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
|
|
|
|
if not post:
|
|
abort(400)
|
|
|
|
if post.is_banned:
|
|
ma=ModAction(
|
|
kind="unban_post",
|
|
user_id=v.id,
|
|
target_submission_id=post.id,
|
|
)
|
|
g.db.add(ma)
|
|
|
|
post.is_banned = False
|
|
post.ban_reason = None
|
|
post.is_approved = v.id
|
|
|
|
g.db.add(post)
|
|
|
|
invalidate_cache(frontlist=True)
|
|
|
|
v.coins -= 1
|
|
g.db.add(v)
|
|
|
|
g.db.commit()
|
|
|
|
return {"message": "Post approved!"}
|
|
|
|
|
|
@app.post("/distinguish/<post_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(1)
|
|
def api_distinguish_post(post_id, v):
|
|
|
|
post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
|
|
|
|
if not post: abort(404)
|
|
|
|
if post.author_id != v.id and v.admin_level < 2 : abort(403)
|
|
|
|
if post.distinguish_level:
|
|
post.distinguish_level = 0
|
|
kind = 'undistinguish_post'
|
|
else:
|
|
post.distinguish_level = v.admin_level
|
|
kind = 'distinguish_post'
|
|
|
|
g.db.add(post)
|
|
|
|
ma = ModAction(
|
|
kind=kind,
|
|
user_id=v.id,
|
|
target_submission_id=post.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
|
|
if post.distinguish_level: return {"message": "Post distinguished!"}
|
|
else: return {"message": "Post undistinguished!"}
|
|
|
|
|
|
@app.post("/sticky/<post_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def sticky_post(post_id, v):
|
|
|
|
post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
|
|
if post and not post.stickied:
|
|
pins = g.db.query(Submission.id).filter(Submission.stickied != None, Submission.is_banned == False).count()
|
|
if pins > 2:
|
|
if v.admin_level > 1:
|
|
post.stickied = v.username
|
|
post.stickied_utc = int(time.time()) + 3600
|
|
else: abort(403, "Can't exceed 3 pinned posts limit!")
|
|
else: post.stickied = v.username
|
|
g.db.add(post)
|
|
|
|
ma=ModAction(
|
|
kind="pin_post",
|
|
user_id=v.id,
|
|
target_submission_id=post.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
if v.id != post.author_id:
|
|
send_repeatable_notification(post.author_id, f"@{v.username} has pinned your [post](/post/{post_id})!")
|
|
|
|
invalidate_cache(frontlist=True)
|
|
g.db.commit()
|
|
return {"message": "Post pinned!"}
|
|
|
|
@app.post("/unsticky/<post_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def unsticky_post(post_id, v):
|
|
post = g.db.query(Submission).filter_by(id=post_id).one_or_none()
|
|
if post and post.stickied:
|
|
if FEATURES['AWARDS'] and post.stickied.endswith('(pin award)'): abort(403, "Can't unpin award pins!")
|
|
|
|
post.stickied = None
|
|
post.stickied_utc = None
|
|
g.db.add(post)
|
|
|
|
ma=ModAction(
|
|
kind="unpin_post",
|
|
user_id=v.id,
|
|
target_submission_id=post.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
if v.id != post.author_id:
|
|
send_repeatable_notification(post.author_id, f"@{v.username} has unpinned your [post](/post/{post_id})!")
|
|
|
|
invalidate_cache(frontlist=True)
|
|
g.db.commit()
|
|
return {"message": "Post unpinned!"}
|
|
|
|
@app.post("/sticky_comment/<cid>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def sticky_comment(cid, v):
|
|
comment = get_comment(cid, v=v)
|
|
|
|
if not comment.is_pinned:
|
|
comment.is_pinned = v.username
|
|
g.db.add(comment)
|
|
|
|
ma=ModAction(
|
|
kind="pin_comment",
|
|
user_id=v.id,
|
|
target_comment_id=comment.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
if v.id != comment.author_id:
|
|
message = f"@{v.username} has pinned your [comment]({comment.shortlink})!"
|
|
send_repeatable_notification(comment.author_id, message)
|
|
|
|
g.db.commit()
|
|
return {"message": "Comment pinned!"}
|
|
|
|
|
|
@app.post("/unsticky_comment/<cid>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def unsticky_comment(cid, v):
|
|
comment = get_comment(cid, v=v)
|
|
|
|
if comment.is_pinned:
|
|
if FEATURES['AWARDS'] and comment.is_pinned.endswith("(pin award)"): abort(403, "Can't unpin award pins!")
|
|
|
|
comment.is_pinned = None
|
|
g.db.add(comment)
|
|
|
|
ma=ModAction(
|
|
kind="unpin_comment",
|
|
user_id=v.id,
|
|
target_comment_id=comment.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
if v.id != comment.author_id:
|
|
message = f"@{v.username} has unpinned your [comment]({comment.shortlink})!"
|
|
send_repeatable_notification(comment.author_id, message)
|
|
|
|
g.db.commit()
|
|
return {"message": "Comment unpinned!"}
|
|
|
|
|
|
@app.post("/ban_comment/<c_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def api_ban_comment(c_id, v):
|
|
|
|
comment = g.db.query(Comment).filter_by(id=c_id).one_or_none()
|
|
if not comment:
|
|
abort(404)
|
|
|
|
comment.is_banned = True
|
|
comment.is_approved = None
|
|
comment.ban_reason = v.username
|
|
g.db.add(comment)
|
|
ma=ModAction(
|
|
kind="ban_comment",
|
|
user_id=v.id,
|
|
target_comment_id=comment.id,
|
|
)
|
|
g.db.add(ma)
|
|
g.db.commit()
|
|
return {"message": "Comment removed!"}
|
|
|
|
|
|
@app.post("/unban_comment/<c_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def api_unban_comment(c_id, v):
|
|
|
|
comment = g.db.query(Comment).filter_by(id=c_id).one_or_none()
|
|
if not comment: abort(404)
|
|
|
|
if comment.is_banned:
|
|
ma=ModAction(
|
|
kind="unban_comment",
|
|
user_id=v.id,
|
|
target_comment_id=comment.id,
|
|
)
|
|
g.db.add(ma)
|
|
|
|
comment.is_banned = False
|
|
comment.ban_reason = None
|
|
comment.is_approved = v.id
|
|
|
|
g.db.add(comment)
|
|
|
|
g.db.commit()
|
|
|
|
return {"message": "Comment approved!"}
|
|
|
|
|
|
@app.post("/distinguish_comment/<c_id>")
|
|
@limiter.exempt
|
|
@admin_level_required(1)
|
|
def admin_distinguish_comment(c_id, v):
|
|
|
|
|
|
comment = get_comment(c_id, v=v)
|
|
|
|
if comment.author_id != v.id: abort(403)
|
|
|
|
if comment.distinguish_level:
|
|
comment.distinguish_level = 0
|
|
kind = 'undistinguish_comment'
|
|
else:
|
|
comment.distinguish_level = v.admin_level
|
|
kind = 'distinguish_comment'
|
|
|
|
g.db.add(comment)
|
|
|
|
ma = ModAction(
|
|
kind=kind,
|
|
user_id=v.id,
|
|
target_comment_id=comment.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
|
|
if comment.distinguish_level: return {"message": "Comment distinguished!"}
|
|
else: return {"message": "Comment undistinguished!"}
|
|
|
|
@app.post("/admin/dump_cache")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def admin_dump_cache(v):
|
|
cache.clear()
|
|
|
|
ma = ModAction(
|
|
kind="dump_cache",
|
|
user_id=v.id
|
|
)
|
|
g.db.add(ma)
|
|
|
|
return {"message": "Internal cache cleared."}
|
|
|
|
|
|
@app.get("/admin/banned_domains/")
|
|
@limiter.exempt
|
|
@admin_level_required(3)
|
|
def admin_banned_domains(v):
|
|
|
|
banned_domains = g.db.query(BannedDomain).all()
|
|
return render_template("admin/banned_domains.html", v=v, banned_domains=banned_domains)
|
|
|
|
@app.post("/admin/banned_domains")
|
|
@limiter.exempt
|
|
@admin_level_required(3)
|
|
def admin_toggle_ban_domain(v):
|
|
|
|
domain=request.values.get("domain", "").strip()
|
|
if not domain: abort(400)
|
|
|
|
reason=request.values.get("reason", "").strip()
|
|
|
|
d = g.db.query(BannedDomain).filter_by(domain=domain).one_or_none()
|
|
if d:
|
|
g.db.delete(d)
|
|
ma = ModAction(
|
|
kind="unban_domain",
|
|
user_id=v.id,
|
|
_note=domain
|
|
)
|
|
g.db.add(ma)
|
|
|
|
else:
|
|
d = BannedDomain(domain=domain, reason=reason)
|
|
g.db.add(d)
|
|
ma = ModAction(
|
|
kind="ban_domain",
|
|
user_id=v.id,
|
|
_note=f'{domain}, reason: {reason}'
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
|
|
return redirect("/admin/banned_domains/")
|
|
|
|
|
|
@app.post("/admin/nuke_user")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def admin_nuke_user(v):
|
|
|
|
user=get_user(request.values.get("user"))
|
|
|
|
for post in g.db.query(Submission).filter_by(author_id=user.id).all():
|
|
if post.is_banned:
|
|
continue
|
|
|
|
post.is_banned = True
|
|
post.ban_reason = v.username
|
|
g.db.add(post)
|
|
|
|
for comment in g.db.query(Comment).filter_by(author_id=user.id).all():
|
|
if comment.is_banned:
|
|
continue
|
|
|
|
comment.is_banned = True
|
|
comment.ban_reason = v.username
|
|
g.db.add(comment)
|
|
|
|
ma=ModAction(
|
|
kind="nuke_user",
|
|
user_id=v.id,
|
|
target_user_id=user.id,
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
|
|
return redirect(user.url)
|
|
|
|
|
|
@app.post("/admin/unnuke_user")
|
|
@limiter.exempt
|
|
@admin_level_required(2)
|
|
def admin_nunuke_user(v):
|
|
|
|
user=get_user(request.values.get("user"))
|
|
|
|
for post in g.db.query(Submission).filter_by(author_id=user.id).all():
|
|
if not post.is_banned:
|
|
continue
|
|
|
|
post.is_banned = False
|
|
post.ban_reason = None
|
|
g.db.add(post)
|
|
|
|
for comment in g.db.query(Comment).filter_by(author_id=user.id).all():
|
|
if not comment.is_banned:
|
|
continue
|
|
|
|
comment.is_banned = False
|
|
comment.ban_reason = None
|
|
g.db.add(comment)
|
|
|
|
ma=ModAction(
|
|
kind="unnuke_user",
|
|
user_id=v.id,
|
|
target_user_id=user.id,
|
|
)
|
|
g.db.add(ma)
|
|
|
|
g.db.commit()
|
|
|
|
return redirect(user.url)
|