moonq/qgreper
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement banning

Browse Source
This commit is contained in:
David Hoppenbrouwers
2022-10-09 13:48:44 +02:00
parent f73f2b405c
commit eaa77d363b
5 changed files with 139 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
db/sqlite.py
View File

@@ -164,9 +164,9 @@ class DB:
) )
db.commit() db.commit()
def get_user_name_role(self, user_id): def get_user_name_role_banned(self, user_id):
return self._db().execute(''' return self._db().execute('''
select name, role select name, role, banned_until
from users from users
where user_id = ? where user_id = ?
''', ''',
@@ -188,11 +188,15 @@ class DB:
c.execute(''' c.execute('''
insert into threads (author_id, forum_id, title, text, insert into threads (author_id, forum_id, title, text,
create_time, modify_time, update_time) create_time, modify_time, update_time)
values (?, ?, ?, ?, ?, ?, ?) select ?, ?, ?, ?, ?, ?, ?
from users
where user_id = ? and banned_until < ?
''', ''',
(author_id, forum_id, title, text, time, time, time) (author_id, forum_id, title, text, time, time, time, author_id, time)
) )
rowid = c.lastrowid rowid = c.lastrowid
if rowid is None:
return None
db.commit() db.commit()
return db.execute(''' return db.execute('''
select thread_id select thread_id
@@ -245,10 +249,10 @@ class DB:
c.execute(''' c.execute('''
insert into comments(thread_id, author_id, text, create_time, modify_time) insert into comments(thread_id, author_id, text, create_time, modify_time)
select ?, ?, ?, ?, ? select ?, ?, ?, ?, ?
from threads from threads, users
where thread_id = ? where thread_id = ? and user_id = ? and banned_until < ?
''', ''',
(thread_id, author_id, text, time, time, thread_id) (thread_id, author_id, text, time, time, thread_id, author_id, time)
) )
if c.rowcount > 0: if c.rowcount > 0:
print('SHIT') print('SHIT')
@@ -269,10 +273,10 @@ class DB:
c.execute(''' c.execute('''
insert into comments(thread_id, parent_id, author_id, text, create_time, modify_time) insert into comments(thread_id, parent_id, author_id, text, create_time, modify_time)
select thread_id, ?, ?, ?, ?, ? select thread_id, ?, ?, ?, ?, ?
from comments from comments, users
where comment_id = ? where comment_id = ? and user_id = ? and banned_until < ?
''', ''',
(parent_id, author_id, text, time, time, parent_id) (parent_id, author_id, text, time, time, parent_id, author_id, time)
) )
if c.rowcount > 0: if c.rowcount > 0:
c.execute(''' c.execute('''
@@ -297,12 +301,17 @@ class DB:
update threads update threads
set title = ?, text = ?, modify_time = ? set title = ?, text = ?, modify_time = ?
where thread_id = ? and ( where thread_id = ? and (
author_id = ? (author_id = ? and (select 1 from users where user_id = ? and banned_until < ?))
-- 1 = moderator, 2 = admin -- 1 = moderator, 2 = admin
or (select 1 from users where user_id = ? and (role = 1 or role = 2)) or (select 1 from users where user_id = ? and (role = 1 or role = 2))
) )
''', ''',
(title, text, time, thread_id, user_id, user_id) (
title, text, time,
thread_id,
user_id, user_id, time,
user_id,
)
) )
if c.rowcount > 0: if c.rowcount > 0:
db.commit() db.commit()
@@ -316,12 +325,17 @@ class DB:
update comments update comments
set text = ?, modify_time = ? set text = ?, modify_time = ?
where comment_id = ? and ( where comment_id = ? and (
author_id = ? (author_id = ? and (select 1 from users where user_id = ? and banned_until < ?))
-- 1 = moderator, 2 = admin -- 1 = moderator, 2 = admin
or (select 1 from users where user_id = ? and (role = 1 or role = 2)) or (select 1 from users where user_id = ? and (role = 1 or role = 2))
) )
''', ''',
(text, time, comment_id, user_id, user_id) (
text, time,
comment_id,
user_id, user_id, time,
user_id,
)
) )
if c.rowcount > 0: if c.rowcount > 0:
db.commit() db.commit()
@@ -398,6 +412,15 @@ class DB:
(secret_key, captcha_key) (secret_key, captcha_key)
) )
def set_user_ban(self, user_id, until):
return self.change_one('''
update users
set banned_until = ?
where user_id = ?
''',
(until, user_id)
)
def change_one(self, query, values): def change_one(self, query, values):
db = self._db() db = self._db()
c = db.cursor() c = db.cursor()
@@ -415,4 +438,4 @@ class DB:
return rows, c.rowcount return rows, c.rowcount
def _db(self): def _db(self):
return sqlite3.connect(self.conn) return sqlite3.connect(self.conn, timeout=5)

95
main.py
View File

@@ -153,7 +153,12 @@ def new_thread(forum_id):
return redirect(url_for('login')) return redirect(url_for('login'))
if request.method == 'POST': if request.method == 'POST':
id, = db.add_thread(user_id, forum_id, request.form['title'], trim_text(request.form['text']), time.time_ns()) id = db.add_thread(user_id, forum_id, request.form['title'], trim_text(request.form['text']), time.time_ns())
if id is None:
flash('Failed to create thread', 'error')
return redirect(url_for('forum', forum_id = forum_id))
else:
id, = id
flash('Created thread', 'success') flash('Created thread', 'success')
return redirect(url_for('thread', thread_id = id)) return redirect(url_for('thread', thread_id = id))
@@ -430,6 +435,42 @@ def admin_new_secrets():
flash(str(e), 'error') flash(str(e), 'error')
return redirect(url_for('admin')) return redirect(url_for('admin'))
@app.route('/admin/user/<int:user_id>/ban/', methods = ['POST'])
def admin_ban_user(user_id):
chk, user = _admin_check()
if not chk:
return user
d, t = request.form['days'], request.form['time']
d = 0 if d == '' else int(d)
h, m = (0, 0) if t == '' else map(int, t.split(':'))
until = time.time_ns() + (d * 24 * 60 + h * 60 + m) * (60 * 10**9)
until = min(until, 0xffff_ffff_ffff_ffff)
try:
if db.set_user_ban(user_id, until):
flash('Banned user', 'success')
else:
flash('Failed to ban user', 'error')
except Exception as e:
flash(str(e), 'error')
return redirect(url_for('admin'))
@app.route('/admin/user/<int:user_id>/unban/', methods = ['POST'])
def admin_unban_user(user_id):
chk, user = _admin_check()
if not chk:
return user
try:
if db.set_user_ban(user_id, None):
flash('Unbanned user', 'success')
else:
flash('Failed to unban user', 'error')
except Exception as e:
flash(str(e), 'error')
return redirect(url_for('admin'))
def _admin_check(): def _admin_check():
user = get_user() user = get_user()
if user is None: if user is None:
@@ -480,10 +521,11 @@ def create_comment_tree(comments):
class User: class User:
def __init__(self, id, name, role): def __init__(self, id, name, role, banned_until):
self.id = id self.id = id
self.name = name self.name = name
self.role = role self.role = role
self.banned_until = banned_until
def is_moderator(self): def is_moderator(self):
return self.role in (Role.ADMIN, Role.MODERATOR) return self.role in (Role.ADMIN, Role.MODERATOR)
@@ -491,54 +533,64 @@ class User:
def is_admin(self): def is_admin(self):
return self.role == Role.ADMIN return self.role == Role.ADMIN
def is_banned(self):
return self.banned_until is not None and self.banned_until > time.time_ns()
def get_user(): def get_user():
id = session.get('user_id') id = session.get('user_id')
if id is not None: if id is not None:
name, role = db.get_user_name_role(id) name, role, banned_until = db.get_user_name_role_banned(id)
return User(id, name, role) return User(id, name, role, banned_until)
return None return None
@app.context_processor @app.context_processor
def utility_processor(): def utility_processor():
def format_since(t): def _format_time_delta(n, t):
n = time.time_ns()
if n < t:
return 'In a distant future'
# Try the sane thing first # Try the sane thing first
dt = (n - t) // 10 ** 9 dt = (n - t) // 10 ** 9
if dt < 1: if dt < 1:
return "less than a second ago" return "less than a second"
if dt < 2: if dt < 2:
return f"1 second ago" return f"1 second"
if dt < 60: if dt < 60:
return f"{dt} seconds ago" return f"{dt} seconds"
if dt < 119: if dt < 119:
return f"1 minute ago" return f"1 minute"
if dt < 3600: if dt < 3600:
return f"{dt // 60} minutes ago" return f"{dt // 60} minutes"
if dt < 3600 * 2: if dt < 3600 * 2:
return f"1 hour ago" return f"1 hour"
if dt < 3600 * 24: if dt < 3600 * 24:
return f"{dt // 3600} hours ago" return f"{dt // 3600} hours"
if dt < 3600 * 24 * 31: if dt < 3600 * 24 * 31:
return f"{dt // (3600 * 24)} days ago" return f"{dt // (3600 * 24)} days"
# Try some very rough estimate, whatever # Try some very rough estimate, whatever
f = lambda x: datetime.utcfromtimestamp(x // 10 ** 9) f = lambda x: datetime.utcfromtimestamp(x // 10 ** 9)
n, t = f(n), f(t) n, t = f(n), f(t)
def f(x, y, s): def f(x, y, s):
return f'{y - x} {s}{"s" if y - x > 1 else ""} ago' return f'{y - x} {s}{"s" if y - x > 1 else ""}'
if t.year < n.year: if t.year < n.year:
return f(t.year, n.year, "year") return f(t.year, n.year, "year")
if t.month < n.month: if t.month < n.month:
return f(t.month, n.month, "month") return f(t.month, n.month, "month")
# This shouldn't be reachable, but it's still better to return something assert False, 'unreachable'
return "incredibly long ago"
def format_since(t):
n = time.time_ns()
if n < t:
return 'in a distant future'
return _format_time_delta(n, t) + ' ago'
def format_until(t):
n = time.time_ns()
if t <= n:
return 'in a distant past'
return _format_time_delta(t, n)
def format_time(t): def format_time(t):
return datetime.utcfromtimestamp(t / 10 ** 9) return datetime.utcfromtimestamp(t / 10 ** 9).replace(microsecond=0)
def minimd(text): def minimd(text):
# Replace angle brackets to prevent XSS # Replace angle brackets to prevent XSS
@@ -554,6 +606,7 @@ def utility_processor():
return { return {
'format_since': format_since, 'format_since': format_since,
'format_time': format_time, 'format_time': format_time,
'format_until': format_until,
'minimd': minimd, 'minimd': minimd,
} }

31
templates/admin/index.html
View File

@@ -76,30 +76,35 @@
<th>Name</th> <th>Name</th>
<th>Join date</th> <th>Join date</th>
<th>Role</th> <th>Role</th>
<th>Banned until</th> <th>Banned</th>
<th>Actions</th>
</tr> </tr>
{%- for id, name, join_date, role, banned_until in users -%} {%- for id, name, join_date, role, banned_until in users -%}
<tr> <tr>
<td>{{ id }}</td> <td>{{ id }}</td>
<td>{{ name }}</td> <td>{{ name }}</td>
<td>{{ format_time(join_date) }}</td> <td>{{ format_time(join_date) }}</td>
<td>{{ ['user', 'moderator', 'admin'][role] if role >= 0 and role <= 2 else role }}</td>
<td>{{ '' if banned_until is none else format_time(banned_until) }}</td>
<td> <td>
<form method=post action="user/{{ id }}/edit/ban/"> <form method=post action="user/{{ id }}/edit/role/">
<select name=role>
<option value=0 {{ 'selected' if role == 0 else '' }}>user</option>
<option value=1 {{ 'selected' if role == 1 else '' }}>moderator</option>
<option value=2 {{ 'selected' if role == 2 else '' }}>admin</option>
</select>
<input type=submit value="Set role">
</form>
</td>
<td>
{% if banned_until is not none %}
<form method=post action="user/{{ id }}/unban/">
{{- format_time(banned_until) }}
<input type=submit value=Unban>
</form>
{% endif %}
<form method=post action="user/{{ id }}/ban/">
<input type=number name=days placeholder=days> <input type=number name=days placeholder=days>
<input type=time name=time> <input type=time name=time>
<input type=submit value=Ban> <input type=submit value=Ban>
</form> </form>
<form method=post action="user/{{ id }}/edit/role/">
<select name=role>
<option value=0>user</option>
<option value=1>moderator</option>
<option value=2>admin</option>
</select>
<input type=submit value="Set role">
</form>
</td> </td>
</tr> </tr>
{%- endfor -%} {%- endfor -%}

5
templates/base.html
View File

@@ -10,7 +10,10 @@
<a class=logo href="{{ url_for('index') }}">A</a> <a class=logo href="{{ url_for('index') }}">A</a>
<div style="margin:auto"></div> <div style="margin:auto"></div>
{%- if user is not none -%} {%- if user is not none -%}
<a href="{{ url_for('user_edit') }}">{{ user.name }}</a> <a href="{{ url_for('user_edit') }}">
{{- user.name }}
{%- if user.is_banned() %} (banned for {{ format_until(user.banned_until) }}){% endif -%}
</a>
<span> | </span> <span> | </span>
{%- if user.is_admin() -%} {%- if user.is_admin() -%}
<a href="{{ url_for('admin') }}">Admin panel</a> <a href="{{ url_for('admin') }}">Admin panel</a>

6
templates/comment.html
View File

@@ -10,7 +10,7 @@
{%- if comment.parent_id is not none -%} {%- if comment.parent_id is not none -%}
<a href="{{ url_for('comment', comment_id = comment.parent_id) }}#"> parent</a> <a href="{{ url_for('comment', comment_id = comment.parent_id) }}#"> parent</a>
{%- endif -%} {%- endif -%}
{%- if user is not none and (comment.author_id == user.id or user.is_moderator()) -%} {%- if user is not none and (comment.author_id == user.id or user.is_moderator()) and not user.is_banned() -%}
<a href="{{ url_for('edit_comment', comment_id = comment.id) }}"> edit</a> <a href="{{ url_for('edit_comment', comment_id = comment.id) }}"> edit</a>
{%- if can_delete -%} {%- if can_delete -%}
<a href="{{ url_for('confirm_delete_comment', comment_id = comment.id) }}"> delete</a> <a href="{{ url_for('confirm_delete_comment', comment_id = comment.id) }}"> delete</a>
@@ -22,7 +22,7 @@
{%- macro thread_author(author_id, name, ctime, mtime) -%} {%- macro thread_author(author_id, name, ctime, mtime) -%}
<p><sub> <p><sub>
{{- author(author_id, name, ctime, mtime) -}} {{- author(author_id, name, ctime, mtime) -}}
{%- if user is not none and (author_id == user.id or user.is_moderator()) -%} {%- if user is not none and (author_id == user.id or user.is_moderator()) and not user.is_banned() -%}
<a href="{{ url_for('edit_thread', thread_id = thread_id) }}"> edit</a> <a href="{{ url_for('edit_thread', thread_id = thread_id) }}"> edit</a>
<a href="{{ url_for('confirm_delete_thread', thread_id = thread_id) }}"> delete</a> <a href="{{ url_for('confirm_delete_thread', thread_id = thread_id) }}"> delete</a>
{%- endif -%} {%- endif -%}
@@ -49,7 +49,7 @@
{%- endmacro -%} {%- endmacro -%}
{%- macro reply() -%} {%- macro reply() -%}
{%- if user is not none -%} {%- if user is not none and not user.is_banned() -%}
<form method="post" action="comment/"> <form method="post" action="comment/">
<p><textarea name="text"></textarea></p> <p><textarea name="text"></textarea></p>
<p><input type="submit" value="Post comment"></p> <p><input type="submit" value="Post comment"></p>