def send_message(username):
user = g.user
if user.forum_ban:
return jsonify({
'err': 1,
'message': 'Oops, you are blocked from sending any messages. Awkward...'
})
body = request.form.get('body')
to_user = User.query.outerjoin(Player).options(
joinedload(User.player)
).filter(
or_(Player.username == username, User.username == username)
).first()
if to_user:
to_player = to_user.player
else:
# for cases of messages sent to players with no users created yet
to_player = Player.query.filter_by(username=username).first()
if not to_player:
rollbar.report_message('to_player None', request=request)
return jsonify({
'err': 1
})
if libmessages.is_sender_spamming(user, to_user, to_player):
rollbar.report_message('User blocked from spamming messages', request=request, extra_data={
'to_user_id': to_user.id if to_user else None,
'to_player_id': to_player.id if to_player else None
})
return jsonify({
'err': 1,
'message': 'Whoa there, you sent too many messages recently! Try sending a bit later.'
})
message = Message(
from_user=user,
to_user=to_user,
to_player=to_player,
body=body,
user_ip=request.remote_addr
)
message.save()
notify_new_message(message)
stats.incr('messages.created')
return jsonify({
'err': 0,
'message': message.to_dict()
})
def messages(username=None):
user = g.user
messages = []
form = MessageForm()
template_vars = {
'form': form
}
other_user_id = None
if username:
to_user = User.query.outerjoin(Player).options(
joinedload(User.player)
).filter(
or_(Player.username == username, User.username == username)
).first()
if to_user == user:
# don't allow user to send messages to themselves
return redirect(url_for('messages'))
if to_user:
other_user_id = to_user.id
to_player = to_user.player
else:
# for cases of messages sent to players with no users created yet
to_player = Player.query.filter_by(username=username).first()
if not to_player:
abort(404)
if form.validate_on_submit():
text = form.text.data
# prevent spam
recent_messages = Message.query.with_entities(Message.id).filter(
Message.from_user == user,
Message.sent_at > datetime.utcnow() - timedelta(minutes=MESSAGE_THROTTLE_PERIOD)
).all()
if not app.config['DEBUG'] and len(recent_messages) > MESSAGE_THROTTLE_COUNT:
flash('Whoa there, you sent too many messages recently! Try sending a bit later.', 'error')
else:
message = Message(from_user=user, to_user=to_user, to_player=to_player,
body=text, user_ip=request.remote_addr)
message.save()
notify_new_message(message)
return redirect(url_for('messages', username=username))
if to_user:
# If the username matches an existing user, use it for the message query
recipient_filter = or_(
and_(Message.from_user == user, Message.to_user == to_user),
and_(Message.from_user == to_user, Message.to_user == user)
)
else:
# Otherwise, use the player matched by the username for the message query
recipient_filter = or_(
and_(Message.from_user == user, Message.to_player == to_player),
and_(Message.from_user == to_user, Message.to_user == user)
)
messages = Message.query.filter(
recipient_filter
).options(
joinedload(Message.from_user)
.joinedload(User.player)
).options(
joinedload(Message.to_user)
.joinedload(User.player)
).options(
joinedload(Message.to_player)
).order_by(
Message.sent_at.desc()
).limit(40)
# reverse to get newest at the bottom
messages = list(messages)[::-1]
for message in messages:
if message.to_user == user and not message.seen_at:
Message.query.filter_by(
to_user=user,
from_user=message.from_user,
seen_at=None
).update({
'seen_at': datetime.utcnow()
})
@after_this_request
def commit(response):
db.session.commit()
return response
break
contacts = get_contact_list(user)
if not username and not contacts:
return redirect(url_for('new_message'))
if username and not messages:
# show new contact at the top that will be messaged
contacts.insert(0, {
'username': username
})
template_vars.update({
'contacts': contacts,
'messages': messages,
'username': username,
'other_user_id': other_user_id
})
return render_template('messages/index.html', **template_vars)
def message_reply():
api_key = app.config['MAILGUN_API_KEY']
token = request.form.get('token')
timestamp = request.form.get('timestamp')
signature = request.form.get('signature')
if not verify_mailgun_signature(api_key, token, timestamp, signature):
abort(403)
body = request.form.get('stripped-text')
full_body = request.form.get('body-plain')
sender = request.form.get('sender')
# try to find the reply token of the original message
match = re.search(r'--([^\s]+)-([^\s]+)-([^\s]+)--', full_body)
if match:
b64_from_user_id, b64_to_user_id, signature = match.groups()
try:
# swap to/from in the original message since this is a reply
reply_to_user_id = base64.b64decode(b64_from_user_id)
reply_from_user_id = base64.b64decode(b64_to_user_id)
except Exception:
rollbar.report_message('Message not sent via email - cannot parse token', level='warning', extra_data={
'b64_from_user_id': b64_from_user_id,
'b64_to_user_id': b64_to_user_id
})
else:
if verify_message_reply_signature(reply_to_user_id, reply_from_user_id, signature):
to_user = User.query.options(
joinedload(User.player)
).get(reply_to_user_id)
from_user = User.query.options(
joinedload(User.player)
).get(reply_from_user_id)
if to_user and from_user:
message = Message(
from_user=from_user,
to_user=to_user,
to_player=to_user.player,
body=body,
user_ip=request.remote_addr
)
message.save()
stats.incr('messages.created')
notify_new_message(message)
rollbar.report_message('Message successfully sent via email', level='debug', extra_data={
'from_user_id': from_user.id,
'to_user_id': to_user.id
})
else:
rollbar.report_message('Message not sent via email - user not found', level='warning', extra_data={
'reply_from_user_id': reply_from_user_id,
'reply_to_user_id': reply_to_user_id
})
else:
rollbar.report_message('Message not sent via email - reply token signature mismatch', level='warning', extra_data={
'reply_from_user_id': reply_from_user_id,
'reply_to_user_id': reply_to_user_id,
'signature': signature
})
else:
rollbar.report_message('Message not sent via email - token not found', level='warning', extra_data={
'sender': sender,
'full_body': full_body
})
return jsonify({})
def send_message(username):
user = g.user
player = user.player
if user.forum_ban or (player and player.banned):
rollbar.report_message('User blocked from sending a message', level='warning', request=request)
return jsonify({
'err': 1,
'message': 'Oops, you are blocked from sending any messages. Awkward...'
})
body = request.form.get('body')
to_user = User.query.outerjoin(Player).options(
joinedload(User.player)
).filter(
or_(Player.username == username, User.username == username)
).first()
if to_user:
to_player = to_user.player
else:
# for cases of messages sent to players with no users created yet
to_player = Player.query.filter_by(username=username).first()
if not to_player:
rollbar.report_message('to_player None', request=request)
return jsonify({
'err': 1
})
if libmessages.is_sender_spamming(user, to_user, to_player):
can_post = libforums.can_user_post(user)
rollbar.report_message('User blocked from spamming messages', request=request, extra_data={
'to_user_id': to_user.id if to_user else None,
'to_player_id': to_player.id if to_player else None,
'can-Post': can_post
})
if not can_post and not user.forum_ban:
player = user.player
libplayer.ban_player(player, source='message_spamming', commit=False)
ban = ForumBan(user_id=user.id)
ban.save(commit=True)
return jsonify({
'err': 1,
'message': 'Whoa there, you sent too many messages recently! Try sending a bit later.'
})
message = Message(
from_user=user,
to_user=to_user,
to_player=to_player,
body=body,
user_ip=request.remote_addr
)
message.save()
notify_new_message(message)
stats.incr('messages.created')
return jsonify({
'err': 0,
'message': message.to_dict()
})
def message_reply():
api_key = app.config['MAILGUN_API_KEY']
token = request.form.get('token')
timestamp = request.form.get('timestamp')
signature = request.form.get('signature')
if not verify_mailgun_signature(api_key, token, timestamp, signature):
abort(403)
body = request.form.get('stripped-text')
full_body = request.form.get('body-plain')
sender = request.form.get('sender')
# try to find the reply token of the original message
match = re.search(r'--([^\s]+)-([^\s]+)-([^\s]+)--', full_body)
if match:
b64_from_user_id, b64_to_user_id, signature = match.groups()
try:
# swap to/from in the original message since this is a reply
reply_to_user_id = base64.b64decode(b64_from_user_id)
reply_from_user_id = base64.b64decode(b64_to_user_id)
except Exception:
rollbar.report_message(
'Message not sent via email - cannot parse token',
level='warning',
extra_data={
'b64_from_user_id': b64_from_user_id,
'b64_to_user_id': b64_to_user_id
})
else:
if verify_message_reply_signature(reply_to_user_id,
reply_from_user_id, signature):
to_user = User.query.options(joinedload(
User.player)).get(reply_to_user_id)
from_user = User.query.options(joinedload(
User.player)).get(reply_from_user_id)
if to_user and from_user:
message = Message(from_user=from_user,
to_user=to_user,
to_player=to_user.player,
body=body,
user_ip=request.remote_addr)
message.save()
stats.incr('messages.created')
notify_new_message(message)
rollbar.report_message(
'Message successfully sent via email',
level='debug',
extra_data={
'from_user_id': from_user.id,
'to_user_id': to_user.id
})
else:
rollbar.report_message(
'Message not sent via email - user not found',
level='warning',
extra_data={
'reply_from_user_id': reply_from_user_id,
'reply_to_user_id': reply_to_user_id
})
else:
rollbar.report_message(
'Message not sent via email - reply token signature mismatch',
level='warning',
extra_data={
'reply_from_user_id': reply_from_user_id,
'reply_to_user_id': reply_to_user_id,
'signature': signature
})
else:
rollbar.report_message('Message not sent via email - token not found',
level='warning',
extra_data={
'sender': sender,
'full_body': full_body
})
return jsonify({})
def send_message(username):
user = g.user
player = user.player
if user.forum_ban or (player and player.banned):
rollbar.report_message('User blocked from sending a message',
level='warning',
request=request)
return jsonify({
'err':
1,
'message':
'Oops, you are blocked from sending any messages. Awkward...'
})
body = request.form.get('body')
to_user = User.query.outerjoin(Player).options(joinedload(
User.player)).filter(
or_(Player.username == username,
User.username == username)).first()
if to_user:
to_player = to_user.player
else:
# for cases of messages sent to players with no users created yet
to_player = Player.query.filter_by(username=username).first()
if not to_player:
rollbar.report_message('to_player None', request=request)
return jsonify({'err': 1})
if libmessages.is_sender_spamming(user, to_user, to_player):
can_post = libforums.can_user_post(user)
rollbar.report_message('User blocked from spamming messages',
request=request,
extra_data={
'to_user_id':
to_user.id if to_user else None,
'to_player_id':
to_player.id if to_player else None,
'can-Post': can_post
})
if not can_post and not user.forum_ban:
player = user.player
libplayer.ban_player(player,
source='message_spamming',
commit=False)
ban = ForumBan(user_id=user.id)
ban.save(commit=True)
return jsonify({
'err':
1,
'message':
'Whoa there, you sent too many messages recently! Try sending a bit later.'
})
message = Message(from_user=user,
to_user=to_user,
to_player=to_player,
body=body,
user_ip=request.remote_addr)
message.save()
notify_new_message(message)
stats.incr('messages.created')
return jsonify({'err': 0, 'message': message.to_dict()})
