If users kept their page open for a while before reporting a
torrent, and mods got it in the meantime, users could still
submit reports for that torrent. This is silly and really doesn't
need to happen.
* Clean up PR #349
- Rely on os.makedirs(..., exist_ok=True) for "thread"-safety
- Remove the previous info_dict when we know the transaction went through.
- bytes.hex() will always be lowercase (unless we go off CPython):
c3d9508ff2/Python/pystrhex.c (L5-L49)c3d9508ff2/Python/codecs.c (L16)
- Reintroduce comments and meaningful creation dates in generated torrents:
Also make create_default_metadata_base set the correct metadata now
Because reading warnings is overrated.
This does not fix people using custom domains, but it's more likely
they'll know what's up when their email is thrown into the void.
Fixes#437.
Used TruePNG and zopflipng to optimise the images even more,
saving a whopping 4073 bytes.
The optimisation is lossless, i.e. the decoded pixel values do not
change at all.
With all trackers.txt trackers being included in generated .torrents,
we can now be certain the magnet (which use trackers.txt) and the .torrent
uses will not be split up in different swarms in case the main announce dies.
(That is, if uploaders add enough of their own trackers and additional trackers
were deemed unnecessary (at least 5 already), the magnet and .torrent would only
share the main site announce)
People could delete their own comments on torrents other than
the one the URL would indicate, which meant they could mess with
the total comment count on a torrent by having it be higher than
it actually is through repeatedly posting and deleting comments
that way.
However, they could only ever delete their own comments, so this
isn't a huge issue in the first place.
Before bootstrap-select is loaded, a small JS piece replaces the
class for the pickers with the appropriate bootstrap-select classes.
If there is no JS, the dropdowns will stay as form-control.
* Implement torrent nuking ability for mods
This deletes all torrents of a specific user.
A current caveat is that it will delete both sukebei and nyaa torrents,
but will only leave a log entry in the current flavour's log.
Also did some bootstrap untangling on the user view page.
* Per-flavour logging
Hopefully this works. Maybe.
* Tracker API: chunk into 100-element sublists
* isort
* Restrict nuking to superadmins
Also do a lint.sh.
* Implement upload ratelimit for non-trusted uploaders
Users may upload X torrents in Y minutes after which they
will have to wait Z minutes between uploads.
* Show torrent period count when ratelimited
* Only ratelimit new accounts
This tells users who are banned the reason that they are banned,
and doesn't show the same message for inactive users.
IP banned users are still just shown the boring 403 page.
Previously, people couldn't quite tell you needed to give a report
reason. Now we disable the submit button until there is a reason,
and flask.flash() if someone manages to submit an empty reason
anyway.
Disables all POSTs, optionally allowing users to log in (without updating last login date)
Blocked POSTs will redirect to the GET endpoint if possible, otherwise to referrer or in last case, home page.
API requests will get a plaintext message with 405 status code.