Users could double their ratelimit by uploading some torrents as
anonymous submissions, then log into their account and post more.
We can stop this by making the filter_uploader helper function use
an sqlalchemy.or_ query to check for uploads from either that user
or that user's IP.
This commit introduces a regex to replace illegal (expectedly unused)
characters from torrent display name, information link and description
upon upload or edit.
Fixes#541
Windows has a few special filenames that it does not allow the
explorer.exe and command line to see, but can still be created by
applications. This is due to some jank DOS compatibility.
These filenames can be abused to troll Windows users, so we should
probably blacklist them.
* Implement range bans
People connecting from banned IP ranges are unable to upload
torrents anonymously, and need to manually have their accounts
activated.
This adds a new table "rangebans", and a command line utility,
"rangeban.py", which can be used to add, list and remove rangebans
from the command line.
As an example:
./rangeban.py ban 192.168.0.0/24
This would rangeban anything in this /24.
The temporary_tor column allows automated scripts to clean out and
re-add ever-changing sets of ranges to be banned without affecting
the other ranges.
This has only been tested for IPv4.
* Revise Rangebans
Add an id column, and change "temporary_tor" to "temp". Also
index masked_cidr and mask.
* rangebans: fix enabled and the binary op
kill me
* Add enabling/disabling bans to rangeban.py
* rangebans: fail earlier on garbage arguments
* rangebans: fix linter errors
* rangeban.py: don't shadow builtin keyword 'id'
* rangebans: change temporary ban logic, column
The 'temp' column is now a nullable time column. If the field is
null, the ban is understood to be permanent. If there is a time
in there, it's understood to be the creation time of the ban.
This allows scripts to e.g. delete all temporary bans older than
a certain amount of time.
Also, rename the '_cidr_string' column to 'cidr_string', because
reasons.
* rangeban.py: use ip_address to parse CIDR subnet
* rangebans: fixes to the mask calculation and query
Both were not bugs per-se, but just technically not needed/correct.
* De-meme apparently
* Implement comment locking
This adds a new flags to torrents, which is only editable by
moderators and admins. If checked, it does not allow unprivileged
users to post, edit or delete comments on that torrent.
* Rename "locked" to "comment_locked".
* Shorter button and additional words on alt text
* Admin log: Change comment locking message
dude I love bikeshedding xd
* Bikeshedding over admin log messages
* >&
Also some bikeshedding
* Clean up PR #349
- Rely on os.makedirs(..., exist_ok=True) for "thread"-safety
- Remove the previous info_dict when we know the transaction went through.
- bytes.hex() will always be lowercase (unless we go off CPython):
c3d9508ff2/Python/pystrhex.c (L5-L49)c3d9508ff2/Python/codecs.c (L16)
- Reintroduce comments and meaningful creation dates in generated torrents:
Also make create_default_metadata_base set the correct metadata now
* Implement torrent nuking ability for mods
This deletes all torrents of a specific user.
A current caveat is that it will delete both sukebei and nyaa torrents,
but will only leave a log entry in the current flavour's log.
Also did some bootstrap untangling on the user view page.
* Per-flavour logging
Hopefully this works. Maybe.
* Tracker API: chunk into 100-element sublists
* isort
* Restrict nuking to superadmins
Also do a lint.sh.
* Implement upload ratelimit for non-trusted uploaders
Users may upload X torrents in Y minutes after which they
will have to wait Z minutes between uploads.
* Show torrent period count when ratelimited
* Only ratelimit new accounts
MINIMUM_ANONYMOUS_TORRENT_SIZE can be used to require a minimum total
size of torrents uploaded by anonymous users (ie. without accounts).
Sets up a "framework" for post-WTForm torrent validation as well;
this can easily be extended into filename blacklists and such.
* Replace all `from nyaa import app` imports with `app = flask.current_app` (or `from flask import current_app as app` where possible)
* Add a separate config object for top-level and class statements as `nyaa.extensions.config`
Required because those codes don't have app context at the time of evaluation/execution.
* Remove `routes.py` file and register all blueprints in `nyaa/__init__.py`
* Refactor `nyaa/__init__.py` into an app factory
* Update tools
* Update tests (temporary, will be replaced)
url-list is supposed to be omitted in case of no webseeds,
but qB will instead use an empty bytestring '' as the value.
This commit makes the validation more lenient regarding url-list.
* Update isort settings
* Apply import sorting (isort) on all files in nyaa/
* Fixed Flake8 errors in nyaa/ (see PR for list)
* Add isort to lint.sh and requirements.txt
Added migration script!: remove sukebei_ lines if your local db does not have those.
Show users ip address on user page for superadmins.
Rename Admin to Moderator internally.
Moderators can now change user level to trusted.
Superadmins can make users moderator.
Improve changing user level.
This will allow most (if not all) torrents that have been rejected by 'Malformed torrent metadata (path part is empty)'
Adjusts _validate_bytes to disable empty check
Adds the empty check to file tree parsing