From a4ddce07d05931ed35638efb27a37651452dcfbe Mon Sep 17 00:00:00 2001
From: hole-thu <hole_thu@riseup.net>
Date: Tue, 8 Sep 2020 17:47:33 +0800
Subject: [PATCH] =?UTF-8?q?=E6=94=AF=E6=8C=81=E6=9B=B4=E6=96=B0=E6=8A=98?=
 =?UTF-8?q?=E5=8F=A0=E8=AD=A6=E5=91=8A?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 hole.py | 26 ++++++++++++++++++++++++--
 1 file changed, 24 insertions(+), 2 deletions(-)

diff --git a/hole.py b/hole.py
index 1e193ae..0d9cae7 100644
--- a/hole.py
+++ b/hole.py
@@ -182,6 +182,30 @@ def do_post():
             'date': p.id
             }
 
+@app.route('/_api/v1/editcw', methods=['POST'])
+@limiter.limit("50 / hour; 1 / 2 second")
+def edit_cw():
+    u = require_token()
+
+    cw = request.form.get('cw')
+    pid = get_num(request.form.get('pid'))
+
+    cw =  cw.strip() if cw else None
+    if cw and len(cw)>32: abort(422)
+
+    post = Post.query.get(pid)
+    if not post: abort(404)
+    if post.deleted: abort(451)
+
+    if not (u.name in app.config.get('ADMINS') or hash_name(u.name) == post.name_hash):
+        abort(403)
+
+    post.cw = cw;
+    db.session.commit()
+
+    return {'code': 0}
+
+
 @app.route('/_api/v1/getcomment')
 def get_comment():
     u = require_token()
@@ -249,8 +273,6 @@ def attention():
         at = Attention(name_hash=hash_name(u.name), pid=pid, disabled=True)
         db.session.add(at)
 
-    print(at.disabled, s=='0')
-
     if(at.disabled != (s == '0')):
         at.disabled = (s == '0')
         post.likenum += 1 - 2 * int(s == '0');