From a7876ca4108b3c33365c5b2d8811eee717748f01 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lera=20Elvo=C3=A9?= <yagich@poto.cafe>
Date: Wed, 3 Dec 2025 08:07:03 +0300
Subject: [PATCH] return 404 where it makes sense

---
 app/routes/posts.py   | 12 ++++++++----
 app/routes/threads.py | 15 ++++++++++-----
 app/routes/topics.py  | 15 ++++++++++-----
 app/routes/users.py   |  4 +++-
 4 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/app/routes/posts.py b/app/routes/posts.py
index 8a8c38d..037780f 100644
--- a/app/routes/posts.py
+++ b/app/routes/posts.py
@@ -71,7 +71,8 @@ def update_post(post_id, new_content, markup_language='babycode'):
 def delete(post_id):
     post = Posts.find({'id': post_id})
     if not post:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
 
     thread = Threads.find({'id': post.thread_id})
     user = get_active_user()
@@ -103,13 +104,15 @@ def delete(post_id):
 def edit(post_id):
     post = Posts.find({'id': post_id})
     if not post:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
 
     user = get_active_user()
     q = f"{Posts.FULL_POSTS_QUERY} WHERE posts.id = ?"
     editing_post = db.fetch_one(q, post_id)
     if not editing_post:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
     if editing_post['user_id'] != user.id:
         return redirect(url_for('topics.all_topics'))
 
@@ -136,7 +139,8 @@ def edit_form(post_id):
     user = get_active_user()
     post = Posts.find({'id': post_id})
     if not post:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
     if post.user_id != user.id:
         return redirect(url_for('topics.all_topics'))
 
diff --git a/app/routes/threads.py b/app/routes/threads.py
index 586ab25..80d143b 100644
--- a/app/routes/threads.py
+++ b/app/routes/threads.py
@@ -1,5 +1,6 @@
 from flask import (
-    Blueprint, render_template, request, redirect, url_for, flash
+    Blueprint, render_template, request, redirect, url_for, flash,
+    abort,
     )
 from .users import login_required, mod_only, get_active_user, is_logged_in
 from ..db import db
@@ -32,7 +33,8 @@ def thread(slug):
     POSTS_PER_PAGE = 10
     thread = Threads.find({"slug": slug})
     if not thread:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
 
     post_count = Posts.count({"thread_id": thread.id})
     page_count = max(math.ceil(post_count / POSTS_PER_PAGE), 1)
@@ -86,7 +88,8 @@ def thread(slug):
 def reply(slug):
     thread = Threads.find({"slug": slug})
     if not thread:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
     user = get_active_user()
     if user.is_guest():
         return redirect(url_for('.thread', slug=slug))
@@ -148,7 +151,8 @@ def lock(slug):
     user = get_active_user()
     thread = Threads.find({'slug': slug})
     if not thread:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
     if not ((thread.user_id == user.id) or user.is_mod()):
         return redirect(url_for('.thread', slug=slug))
     target_op = request.form.get('target_op')
@@ -165,7 +169,8 @@ def sticky(slug):
     user = get_active_user()
     thread = Threads.find({'slug': slug})
     if not thread:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
     if not ((thread.user_id == user.id) or user.is_mod()):
         return redirect(url_for('.thread', slug=slug))
     target_op = request.form.get('target_op')
diff --git a/app/routes/topics.py b/app/routes/topics.py
index 100fd08..31f170f 100644
--- a/app/routes/topics.py
+++ b/app/routes/topics.py
@@ -1,5 +1,6 @@
 from flask import (
-    Blueprint, render_template, request, redirect, url_for, flash, session
+    Blueprint, render_template, request, redirect, url_for, flash, session,
+    abort,
     )
 from .users import login_required, mod_only, get_active_user, is_logged_in
 from ..models import Users, Topics, Threads, Subscriptions
@@ -50,7 +51,8 @@ def topic(slug):
         "slug": slug
     })
     if not target_topic:
-        return redirect(url_for('.all_topics'))
+        abort(404)
+        return
 
     threads_count = Threads.count({
         "topic_id": target_topic.id
@@ -88,7 +90,8 @@ def topic(slug):
 def edit(slug):
     topic = Topics.find({"slug": slug})
     if not topic:
-        return redirect(url_for('.all_topics'))
+        abort(404)
+        return
     return render_template("topics/edit.html", topic=topic)
 
 
@@ -98,7 +101,8 @@ def edit(slug):
 def edit_post(slug):
     topic = Topics.find({"slug": slug})
     if not topic:
-        return redirect(url_for('.all_topics'))
+        abort(404)
+        return
 
     topic.update({
         "name": request.form.get('name', default = topic.name).strip(),
@@ -115,7 +119,8 @@ def edit_post(slug):
 def delete(slug):
     topic = Topics.find({"slug": slug})
     if not topic:
-        return redirect(url_for('.all_topics'))
+        abort(404)
+        return
 
     topic.delete()
 
diff --git a/app/routes/users.py b/app/routes/users.py
index f8fe4d0..0daa70e 100644
--- a/app/routes/users.py
+++ b/app/routes/users.py
@@ -1,5 +1,5 @@
 from flask import (
-    Blueprint, render_template, request, redirect, url_for, flash, session, current_app
+    Blueprint, render_template, request, redirect, url_for, flash, session, current_app, abort
     )
 from functools import wraps
 from ..db import db
@@ -295,6 +295,8 @@ def sign_up_post():
 @bp.get("/<username>")
 def page(username):
     target_user = Users.find({"username": username.lower()})
+    if not target_user:
+        abort(404)
     return render_template("users/user.html", target_user = target_user)