def _list_post(spamlist, **kwargs):
if spamlist not in ("banned_names", "blacklist", "warnlist"):
spamlist = "warnlist"
# Validate the command is either adding or removing.
if request.form["command"] not in ("add", "remove"):
return _list(spamlist)
# Consume and validate the arguments.
phrase = log_message = request.form["phrase"].strip().lower()
score = request.form.get("score")
if not phrase:
abort(400)
try:
re.compile(phrase)
except re.error as e:
return _list(spamlist, error=e.args[0])
if spamlist == "blacklist":
if request.form["command"] == "add":
log_message = "%s (%s)" % (phrase, score)
g.db.add(
AdminLogEntry(action_user=g.user,
type="spamless:%s:%s" %
(spamlist, request.form["command"]),
description=log_message))
handle_command(request.form["command"], phrase, spamlist, score)
g.redis.set("spamless:reload", str(time.time()))
return redirect(url_for("spamless_" + spamlist))
def admin_tier_add_user(admin_tier_id):
if not request.form.get("username"):
abort(404)
try:
admin_tier = g.db.query(AdminTier).filter(
AdminTier.id == admin_tier_id).one()
except NoResultFound:
abort(404)
try:
user = g.db.query(User).filter(
func.lower(User.username) ==
request.form["username"].lower()).one()
except NoResultFound:
abort(404)
if admin_tier.id != user.admin_tier_id:
g.db.add(
AdminLogEntry(
action_user=g.user,
type="user_set_admin_tier",
description=admin_tier.name if admin_tier.id else None,
affected_user=user,
))
user.admin_tier_id = admin_tier.id
return redirect(
request.headers.get("Referer")
or url_for("admin_admin_tier_get", admin_tier_id=admin_tier.id))
def user_notes_post(username):
try:
user = g.db.query(User).filter(
func.lower(User.username) == username.lower()).one()
except NoResultFound:
abort(404)
if not request.form.get("text"):
abort(403)
g.db.add(
UserNote(
user_id=user.id,
creator_id=g.user.id,
text=request.form["text"],
))
g.db.add(
AdminLogEntry(
action_user=g.user,
type="user_notes_post",
description=request.form["text"],
affected_user=user,
))
return redirect(
request.headers.get("Referer")
or url_for("admin_user", username=user.username))
def user_set_admin_tier(username):
try:
user = g.db.query(User).filter(
func.lower(User.username) == username.lower()).one()
except NoResultFound:
abort(404)
if request.form.get("admin_tier"):
try:
admin_tier = g.db.query(AdminTier).filter(
AdminTier.id == request.form["admin_tier"]).one()
except NoResultFound:
abort(404)
new_admin_tier_id = admin_tier.id
else:
new_admin_tier_id = None
if new_admin_tier_id != user.admin_tier_id:
g.db.add(
AdminLogEntry(
action_user=g.user,
type="user_set_admin_tier",
description=admin_tier.name if new_admin_tier_id else None,
affected_user=user,
))
user.admin_tier_id = new_admin_tier_id
return redirect(
request.headers.get("Referer")
or url_for("admin_user", username=user.username))
def user_set_group(username):
if request.form["group"] not in User.group.type.enums:
abort(400)
try:
user = g.db.query(User).filter(
func.lower(User.username) == username.lower()).one()
except NoResultFound:
abort(404)
if user.is_admin and not g.user.has_permission("permissions"):
abort(403)
if user.group != request.form["group"]:
user.group = request.form["group"]
if user.group != "active":
user.admin_tier_id = None
g.db.add(
AdminLogEntry(
action_user=g.user,
type="user_set_group",
description=request.form["group"],
affected_user=user,
))
return redirect(url_for("admin_user", username=user.username))
def delete_email_ban():
g.db.query(EmailBan).filter(EmailBan.pattern == request.form["pattern"]).delete()
g.db.add(AdminLogEntry(
action_user=g.user,
type="email_ban",
description="Unbanned %s." % request.form["pattern"],
))
return redirect(request.headers.get("Referer") or url_for("admin_email_bans"))
def delete_ip_ban():
try:
g.db.query(IPBan).filter(IPBan.address == request.form["address"]).delete()
except DataError:
abort(400)
g.db.add(AdminLogEntry(
action_user=g.user,
type="ip_ban",
description="Unbanned %s." % request.form["address"],
))
return redirect(request.headers.get("Referer") or url_for("admin_ip_bans"))
def announcements_post():
if "announcements" in request.form:
current_announcements = g.redis.get("announcements")
if request.form["announcements"] != current_announcements:
g.redis.set("announcements", request.form["announcements"])
g.db.add(AdminLogEntry(
action_user=g.user,
type="announcements",
description=request.form["announcements"],
))
if "chat_links" in request.form:
current_chat_links = g.redis.get("chat_links")
if request.form["chat_links"] != current_chat_links:
g.redis.set("chat_links", request.form["chat_links"])
g.db.add(AdminLogEntry(
action_user=g.user,
type="chat_links",
description=request.form["chat_links"],
))
return redirect(url_for("admin_announcements"))
def broadcast_post():
title = request.form.get("title", "Global Announcement").strip()
text = request.form["text"].strip()
if not text:
abort(400)
if request.form["color"][0] == "#":
color = request.form["color"][1:]
else:
color = request.form["color"]
if not color_validator.match(color):
abort(400)
if request.form["headercolor"][0] == "#":
headercolor = request.form["headercolor"][1:]
else:
headercolor = request.form["headercolor"]
if not color_validator.match(headercolor):
abort(400)
g.db.add(AdminLogEntry(
action_user=g.user,
type="broadcast",
description=text,
))
message_json = json.dumps({
"messages": [{
"id": None,
"user_number": None,
"posted": time.time(),
"type": "global",
"color": color,
"headercolor": headercolor,
"acronym": "",
"name": "",
"text": text,
"title": title,
"important": "important" in request.form
}]
})
next_index = 0
while True:
next_index, keys = g.redis.scan(next_index, "chat:*:online")
for key in keys:
chat_id = key[5:-7]
g.redis.publish("channel:%s" % chat_id, message_json)
if int(next_index) == 0:
break
return redirect(url_for("admin_broadcast"))
def broadcast_post():
title = request.form.get("title", "Global Announcement").strip()
text = request.form["text"].strip()
if not text:
abort(400)
if request.form["color"][0] == "#":
color = request.form["color"][1:]
else:
color = request.form["color"]
if not color_validator.match(color):
abort(400)
if request.form["headercolor"][0] == "#":
headercolor = request.form["headercolor"][1:]
else:
headercolor = request.form["headercolor"]
if not color_validator.match(headercolor):
abort(400)
g.db.add(
AdminLogEntry(
action_user=g.user,
type="broadcast",
description=text,
))
message_json = json.dumps({
"messages": [{
"id": None,
"user_number": None,
"posted": time.time(),
"type": "global",
"color": color,
"headercolor": headercolor,
"acronym": "",
"name": "",
"text": text,
"title": title,
"important": "important" in request.form
}]
})
for chat_id in UserListStore.scan_active_chats(
NewparpRedis(connection_pool=redis_chat_pool)):
g.redis.publish("channel:%s" % chat_id, message_json)
return redirect(url_for("admin_broadcast"))
def new_ip_ban():
if not request.form.get("reason"):
abort(400)
if "subnet" in request.form:
full_address = request.form["address"] + "/" + request.form["subnet"]
else:
full_address = request.form["address"]
try:
existing_ban = (g.db.query(func.count('*')).select_from(IPBan).filter(
IPBan.address == full_address).scalar())
except DataError:
abort(400)
if existing_ban != 0:
return redirect(url_for("admin_ip_bans",
ip_ban_error="already_banned"))
try:
g.db.add(
IPBan(
address=full_address[:42],
creator_id=g.user.id,
reason=request.form["reason"][:255],
))
g.db.flush()
except DataError:
abort(400)
g.db.add(
AdminLogEntry(
action_user=g.user,
type="ip_ban",
description="Banned %s. Reason: %s" %
(full_address, request.form["reason"]),
))
if request.headers.get("Referer"):
referer = request.headers["Referer"]
if "?ip_ban_error=already_banned" in referer:
referer = referer.replace("?ip_ban_error=already_banned", "")
return redirect(referer)
return redirect(url_for("admin_ip_bans"))
def new_email_ban():
if not request.form.get("pattern") or not request.form.get("reason"):
abort(400)
pattern = request.form["pattern"][:255]
reason = request.form["reason"][:255]
try:
existing_ban = (g.db.query(
func.count('*')).select_from(EmailBan).filter(
EmailBan.pattern == pattern).scalar())
except DataError:
abort(400)
if existing_ban != 0:
return redirect(
url_for("admin_email_bans", email_ban_error="already_banned"))
try:
g.db.add(
EmailBan(
pattern=pattern,
creator_id=g.user.id,
reason=reason,
))
g.db.flush()
except DataError:
abort(400)
g.db.add(
AdminLogEntry(
action_user=g.user,
type="email_ban",
description="Banned %s. Reason: %s" % (pattern, reason),
))
if request.headers.get("Referer"):
referer = request.headers["Referer"]
if "?email_ban_error=already_banned" in referer:
referer = referer.replace("?email_ban_error=already_banned", "")
return redirect(referer)
return redirect(url_for("admin_email_bans"))