custom code, fix thread and comment deletions

2023-07-30 10:07:37 +03:00
parent 7fe10f05a2
commit da15d163e2
4 changed files with 33 additions and 54 deletions
--- a/forum/main.py
+++ b/forum/main.py
@@ -13,27 +13,13 @@ import captcha, password, minimd
 app = Flask(__name__)
 db = DB(os.getenv("DB"))
 config = Config(os.getenv("CONF"))
+custom_code = os.getenv("CUSTOM_PY",'custom.py')
 # This defaults to None, which allows CSRF attacks in FireFox
 # and older versions of Chrome.
 # 'Lax' is sufficient to prevent malicious POST requests.
 app.config["SESSION_COOKIE_SAMESITE"] = "Lax"
 app.config["SECRET_KEY"] = config.secret_key

-# ~ class Config:
-# ~ pass
-# ~ config = Config()
-# ~ (
-# ~ config.version,
-# ~ config.server_name,
-# ~ config.server_description,
-# ~ app.config["SECRET_KEY"],
-# ~ config.captcha_key,
-# ~ config.registration_enabled,
-# ~ config.login_required
-# ~ ) = db.get_config()
-# ~ app.config['user_css'] = os.path.exists(os.path.join(app.static_folder, 'user.css'))
-# ~ config.threads_per_page = 50
-
 if config.version != VERSION:
    print(f"Incompatible version {config.version} (expected {VERSION})")
    sys.exit(1)
@@ -281,6 +267,7 @@ def confirm_delete_thread(thread_id):
        config=config,
        user=get_user(),
        thread_title=title,
+        thread_id=thread_id
    )


@@ -289,13 +276,13 @@ def delete_thread(thread_id):
    user_id = session.get("user_id")
    if user_id is None:
        return redirect(url_for("login"))
-
+    forum_id = db.get_thread_forum(thread_id)
    if db.delete_thread(user_id, thread_id):
        flash("Thread has been deleted", "success")
    else:
        flash("Thread could not be removed", "error")
        # TODO return 403, maybe?
-    return redirect(url_for("index"))
+    return redirect(url_for("forum", forum_id=forum_id))


 def _add_comment_check_user():
@@ -346,6 +333,7 @@ def confirm_delete_comment(comment_id):
        user=get_user(),
        thread_title=title,
        text=text,
+        comment_id=comment_id
    )


@@ -354,13 +342,13 @@ def delete_comment(comment_id):
    user_id = session.get("user_id")
    if user_id is None:
        return redirect(url_for("login"))
-
+    thread_id = db.get_comment_thread(comment_id)
    if db.delete_comment(user_id, comment_id):
        flash("Comment has been deleted", "success")
    else:
        flash("Comment could not be removed", "error")
        # TODO return 403, maybe?
-    return redirect(url_for("index"))
+    return redirect(url_for("thread", thread_id = thread_id))


@app.route("/thread/<int:thread_id>/edit/", methods=["GET", "POST"])
@@ -925,3 +913,10 @@ def trim_text(s):
    Because browsers LOVE \\r, trailing whitespace etc.
    """
    return s.replace("\r", "")
+
+
+#### custom code
+if os.path.exists(custom_code):
+    with open(custom_code, "rb") as source_file:
+        code = compile(source_file.read(), custom_code, "exec")
+    exec(code, globals(), locals())