Fix cookie localhost and everyone permission calculation

webapp/titanembeds/app.py

@@ -38,7 +38,8 @@ app.config['RATELIMIT_STORAGE_URL'] = config["redis-uri"]
 app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=3)
 app.config['REDIS_URL'] = config["redis-uri"]
 app.config['MAX_CONTENT_LENGTH'] = 4 * 1024 * 1024 # Limit upload size to 4mb
-app.config['SESSION_COOKIE_SAMESITE'] = "None"
+if not config.get("disable-samesite-cookie-flag", False):
+    app.config['SESSION_COOKIE_SAMESITE'] = "None"
 app.secret_key = config['app-secret']
 
 #sentry.init_app(app)

webapp/titanembeds/blueprints/embed/embed.py

@@ -118,7 +118,10 @@ def noscript():
 def cookietest1():
     js = "window._3rd_party_test_step1_loaded();"
     response = make_response(js, 200, {'Content-Type': 'application/javascript'})
-    response.set_cookie('third_party_c_t', "works", max_age=30, samesite='None')
+    if not config.get("disable-samesite-cookie-flag", False):
+        response.set_cookie('third_party_c_t', "works", max_age=30, samesite='None')
+    else:
+        response.set_cookie('third_party_c_t', "works", max_age=30)
     return response
 
 @embed.route("/cookietest2")
@@ -130,5 +133,8 @@ def cookietest2():
         js = js + "false"
     js = js + ");"
     response = make_response(js, 200, {'Content-Type': 'application/javascript'})
-    response.set_cookie('third_party_c_t', "", expires=0, samesite='None')
+    if not config.get("disable-samesite-cookie-flag", False):
+        response.set_cookie('third_party_c_t', "", expires=0, samesite='None')
+    else:
+        response.set_cookie('third_party_c_t', "", expires=0)
     return response

webapp/titanembeds/utils.py

@@ -259,8 +259,8 @@ def get_channel_permission(channel, guild_id, guild_owner, guild_roles, member_r
     # @everyone
     for role in guild_roles:
         if role["id"] == guild_id:
-            channel_perm |= role["permissions"]
-            continue
+            channel_perm = role["permissions"]
+            break
     
     # User Guild Roles
     for m_role in member_roles:
@@ -277,12 +277,25 @@ def get_channel_permission(channel, guild_id, guild_owner, guild_roles, member_r
         result["attach_files"] = True
         result["embed_links"] = True
         return result
+
+    # Apply @everyone allow/deny first since it's special
+    try:
+        maybe_everyone = channel["permission_overwrites"][0]
+        if maybe_everyone["id"] == guild_id:
+            allows = maybe_everyone["allow"]
+            denies = maybe_everyone["deny"]
+            channel_perm = (channel_perm & ~denies) | allows
+            remaining_overwrites = channel["permission_overwrites"][1:]
+        else:
+            remaining_overwrites = channel["permission_overwrites"]
+    except IndexError:
+        remaining_overwrites = channel["permission_overwrites"]
     
     denies = 0
     allows = 0
     
     # channel specific
-    for overwrite in channel["permission_overwrites"]:
+    for overwrite in remaining_overwrites:
         if overwrite["type"] == "role" and overwrite["id"] in member_roles:
             denies |= overwrite["deny"]
             allows |= overwrite["allow"]
@@ -290,7 +303,7 @@ def get_channel_permission(channel, guild_id, guild_owner, guild_roles, member_r
     channel_perm = (channel_perm & ~denies) | allows
     
     # member specific
-    for overwrite in channel["permission_overwrites"]:
+    for overwrite in remaining_overwrites:
         if overwrite["type"] == "member" and overwrite["id"] == str(session.get("user_id")):
             channel_perm = (channel_perm & ~overwrite['deny']) | overwrite['allow']
             break