return 404 where it makes sense

2025-12-03 08:07:03 +03:00
parent 7c037d1593
commit a7876ca410
4 changed files with 31 additions and 15 deletions
--- a/app/routes/posts.py
+++ b/app/routes/posts.py
@@ -71,7 +71,8 @@ def update_post(post_id, new_content, markup_language='babycode'):
 def delete(post_id):
    post = Posts.find({'id': post_id})
    if not post:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return

    thread = Threads.find({'id': post.thread_id})
    user = get_active_user()
@@ -103,13 +104,15 @@ def delete(post_id):
 def edit(post_id):
    post = Posts.find({'id': post_id})
    if not post:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return

    user = get_active_user()
    q = f"{Posts.FULL_POSTS_QUERY} WHERE posts.id = ?"
    editing_post = db.fetch_one(q, post_id)
    if not editing_post:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
    if editing_post['user_id'] != user.id:
        return redirect(url_for('topics.all_topics'))

@@ -136,7 +139,8 @@ def edit_form(post_id):
    user = get_active_user()
    post = Posts.find({'id': post_id})
    if not post:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
    if post.user_id != user.id:
        return redirect(url_for('topics.all_topics'))

--- a/app/routes/threads.py
+++ b/app/routes/threads.py
@@ -1,5 +1,6 @@
 from flask import (
-    Blueprint, render_template, request, redirect, url_for, flash
+    Blueprint, render_template, request, redirect, url_for, flash,
+    abort,
    )
 from .users import login_required, mod_only, get_active_user, is_logged_in
 from ..db import db
@@ -32,7 +33,8 @@ def thread(slug):
    POSTS_PER_PAGE = 10
    thread = Threads.find({"slug": slug})
    if not thread:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return

    post_count = Posts.count({"thread_id": thread.id})
    page_count = max(math.ceil(post_count / POSTS_PER_PAGE), 1)
@@ -86,7 +88,8 @@ def thread(slug):
 def reply(slug):
    thread = Threads.find({"slug": slug})
    if not thread:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
    user = get_active_user()
    if user.is_guest():
        return redirect(url_for('.thread', slug=slug))
@@ -148,7 +151,8 @@ def lock(slug):
    user = get_active_user()
    thread = Threads.find({'slug': slug})
    if not thread:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
    if not ((thread.user_id == user.id) or user.is_mod()):
        return redirect(url_for('.thread', slug=slug))
    target_op = request.form.get('target_op')
@@ -165,7 +169,8 @@ def sticky(slug):
    user = get_active_user()
    thread = Threads.find({'slug': slug})
    if not thread:
-        return redirect(url_for('topics.all_topics'))
+        abort(404)
+        return
    if not ((thread.user_id == user.id) or user.is_mod()):
        return redirect(url_for('.thread', slug=slug))
    target_op = request.form.get('target_op')
--- a/app/routes/topics.py
+++ b/app/routes/topics.py
@@ -1,5 +1,6 @@
 from flask import (
-    Blueprint, render_template, request, redirect, url_for, flash, session
+    Blueprint, render_template, request, redirect, url_for, flash, session,
+    abort,
    )
 from .users import login_required, mod_only, get_active_user, is_logged_in
 from ..models import Users, Topics, Threads, Subscriptions
@@ -50,7 +51,8 @@ def topic(slug):
        "slug": slug
    })
    if not target_topic:
-        return redirect(url_for('.all_topics'))
+        abort(404)
+        return

    threads_count = Threads.count({
        "topic_id": target_topic.id
@@ -88,7 +90,8 @@ def topic(slug):
 def edit(slug):
    topic = Topics.find({"slug": slug})
    if not topic:
-        return redirect(url_for('.all_topics'))
+        abort(404)
+        return
    return render_template("topics/edit.html", topic=topic)


@@ -98,7 +101,8 @@ def edit(slug):
 def edit_post(slug):
    topic = Topics.find({"slug": slug})
    if not topic:
-        return redirect(url_for('.all_topics'))
+        abort(404)
+        return

    topic.update({
        "name": request.form.get('name', default = topic.name).strip(),
@@ -115,7 +119,8 @@ def edit_post(slug):
 def delete(slug):
    topic = Topics.find({"slug": slug})
    if not topic:
-        return redirect(url_for('.all_topics'))
+        abort(404)
+        return

    topic.delete()

--- a/app/routes/users.py
+++ b/app/routes/users.py
@@ -1,5 +1,5 @@
 from flask import (
-    Blueprint, render_template, request, redirect, url_for, flash, session, current_app
+    Blueprint, render_template, request, redirect, url_for, flash, session, current_app, abort
    )
 from functools import wraps
 from ..db import db
@@ -295,6 +295,8 @@ def sign_up_post():
@bp.get("/<username>")
 def page(username):
    target_user = Users.find({"username": username.lower()})
+    if not target_user:
+        abort(404)
    return render_template("users/user.html", target_user = target_user)