Only db commit on requests that change the database

webapp/titanembeds/app.py

@@ -29,7 +29,6 @@ app.config['SQLALCHEMY_TRACK_MODIFICATIONS'] = False  # Suppress the warning/no
 app.config['RATELIMIT_HEADERS_ENABLED'] = True
 app.config['SQLALCHEMY_POOL_RECYCLE'] = 100
 app.config['SQLALCHEMY_POOL_SIZE'] = 15
-app.config['SQLALCHEMY_COMMIT_ON_TEARDOWN'] = True
 app.config['RATELIMIT_STORAGE_URL'] = config["redis-uri"]
 app.config['PERMANENT_SESSION_LIFETIME'] = timedelta(days=3)
 app.config['REDIS_URL'] = config["redis-uri"]

webapp/titanembeds/blueprints/admin/admin.py

@@ -68,6 +68,7 @@ def cosmetics_post():
             badges = []
         user.badges = json.dumps(badges)
     db.session.add(user)
+    db.session.commit()
     return ('', 204)
 
 @admin.route("/cosmetics", methods=["DELETE"])
@@ -80,6 +81,7 @@ def cosmetics_delete():
     if not entry:
         abort(409)
     db.session.delete(entry)
+    db.session.commit()
     return ('', 204)
 
 @admin.route("/cosmetics", methods=["PATCH"])
@@ -108,6 +110,7 @@ def cosmetics_patch():
         if badges == [""]:
             badges = []
         entry.badges = json.dumps(badges)
+    db.session.commit()
     return ('', 204)
     
 def prepare_guild_members_list(members, bans):
@@ -204,6 +207,7 @@ def update_administrate_guild(guild_id):
     if guest_icon != None and guest_icon.strip() == "":
         guest_icon = None
     db_guild.guest_icon = guest_icon
+    db.session.commit()
     emit("guest_icon_change", {"guest_icon": guest_icon if guest_icon else url_for('static', filename='img/titanembeds_square.png')}, room="GUILD_"+guild_id, namespace="/gateway")
     return jsonify(
         guild_id=db_guild.guild_id,
@@ -262,6 +266,7 @@ def post_titan_tokens():
     if get_titan_token(user_id) != -1:
         abort(409)
     set_titan_token(user_id, amount, "NEW VIA ADMIN [{}]".format(str(reason)))
+    db.session.commit()
     return ('', 204)
 
 @admin.route("/tokens", methods=["PATCH"])
@@ -275,6 +280,7 @@ def patch_titan_tokens():
     if get_titan_token(user_id) == -1:
         abort(409)
     set_titan_token(user_id, amount, "MODIFY VIA ADMIN [{}]".format(str(reason)))
+    db.session.commit()
     return ('', 204)
 
 @admin.route("/disabled_guilds", methods=["GET"])
@@ -290,6 +296,7 @@ def post_disabled_guilds():
         abort(409)
     guild = DisabledGuilds(guild_id)
     db.session.add(guild)
+    db.session.commit()
     return ('', 204)
 
 @admin.route("/disabled_guilds", methods=["DELETE"])
@@ -300,6 +307,7 @@ def delete_disabled_guilds():
         abort(409)
     guild = db.session.query(DisabledGuilds).filter(DisabledGuilds.guild_id == guild_id).first()
     db.session.delete(guild)
+    db.session.commit()
     return ('', 204)
 
 @admin.route("/custom_css", methods=["GET"])
@@ -344,6 +352,7 @@ def edit_custom_css_post(css_id):
     dbcss.css = css
     dbcss.css_variables = variables
     dbcss.css_var_bool = variables_enabled
+    db.session.commit()
     return jsonify({"id": dbcss.id})
     
 @admin.route("/custom_css/edit/<css_id>", methods=["DELETE"])
@@ -353,6 +362,7 @@ def edit_custom_css_delete(css_id):
     if not dbcss:
         abort(404)
     db.session.delete(dbcss)
+    db.session.commit()
     return jsonify({})
 
 @admin.route("/custom_css/new", methods=["GET"])

webapp/titanembeds/blueprints/api/api.py

@@ -330,6 +330,7 @@ def post():
             else:
                 message = discord_api.create_message(channel_id, content)
             status_code = message['code']
+    db.session.commit()
     response = jsonify(message=message.get('content', message), status=status, illegal_reasons=illegal_reasons)
     response.status_code = status_code
     return response
@@ -366,6 +367,7 @@ def create_unauthenticated_user():
         captcha_response = request.form['captcha_response']
         if not verify_captcha_request(captcha_response, request.remote_addr):
             abort(412)
+    final_response = None
     if not checkUserBanned(guild_id, ip_address):
         session['username'] = username
         if 'user_id' not in session or len(str(session["user_id"])) > 4:
@@ -379,12 +381,14 @@ def create_unauthenticated_user():
             session['user_keys'][guild_id] = key
         session.permanent = False
         status = update_user_status(guild_id, username, key)
-        return jsonify(status=status)
+        final_response = jsonify(status=status)
     else:
         status = {'banned': True}
         response = jsonify(status=status)
         response.status_code = 403
-        return response
+        final_response = response
+    db.session.commit()
+    return final_response
 
 @api.route("/change_unauthenticated_username", methods=["POST"])
 @rate_limiter.limit("1 per 10 minute", key_func=guild_ratelimit_key)
@@ -402,6 +406,7 @@ def change_unauthenticated_username():
         abort(404)
     if not guild_query_unauth_users_bool(guild_id):
         abort(401)
+    final_response = None
     if not checkUserBanned(guild_id, ip_address):
         if 'user_keys' not in session or guild_id not in session['user_keys'] or not session['unauthenticated']:
             abort(424)
@@ -415,12 +420,14 @@ def change_unauthenticated_username():
         session['user_keys'][guild_id] = key
         status = update_user_status(guild_id, username, key)
         emit("embed_user_disconnect", emitmsg, room="GUILD_"+guild_id, namespace="/gateway")
-        return jsonify(status=status)
+        final_response = jsonify(status=status)
     else:
         status = {'banned': True}
         response = jsonify(status=status)
         response.status_code = 403
-        return response
+        final_response = response
+    db.session.commit()
+    return final_response
 
 def get_guild_guest_icon(guild_id):
     guest_icon = db.session.query(Guilds).filter(Guilds.guild_id == guild_id).first().guest_icon
@@ -487,6 +494,7 @@ def create_authenticated_user():
             if not db_user:
                 db_user = AuthenticatedUsers(guild_id, session['user_id'])
                 db.session.add(db_user)
+                db.session.commit()
             status = update_user_status(guild_id, session['username'])
             return jsonify(status=status)
         else:
@@ -550,6 +558,7 @@ def webhook_discordbotsorg_vote():
             pass
     DBLTrans = DiscordBotsOrgTransactions(int(user_id), vote_type, referrer)
     db.session.add(DBLTrans)
+    db.session.commit()
     return ('', 204)
 
 @api.route("/af/direct_message", methods=["POST"])

webapp/titanembeds/blueprints/user/user.py

@@ -165,6 +165,7 @@ def edit_custom_css_post(css_id):
     dbcss.css = css
     dbcss.css_variables = variables
     dbcss.css_var_bool = variables_enabled
+    db.session.commit()
     return jsonify({"id": dbcss.id})
 
 @user.route("/custom_css/edit/<css_id>", methods=["DELETE"])
@@ -179,6 +180,7 @@ def edit_custom_css_delete(css_id):
     if dbcss.user_id != session['user_id']:
         abort(403)
     db.session.delete(dbcss)
+    db.session.commit()
     return jsonify({})
 
 @user.route("/administrate_guild/<guild_id>", methods=["GET"])
@@ -252,6 +254,7 @@ def update_administrate_guild(guild_id):
         guest_icon = None
     db_guild.guest_icon = guest_icon
     
+    db.session.commit()
     emit("guest_icon_change", {"guest_icon": guest_icon if guest_icon else url_for('static', filename='img/titanembeds_square.png')}, room="GUILD_"+guild_id, namespace="/gateway")
     return jsonify(
         guild_id=db_guild.guild_id,
@@ -339,6 +342,7 @@ def ban_unauthenticated_user():
         db.session.delete(db_ban)
     db_ban = UnauthenticatedBans(guild_id, db_user.ip_address, db_user.username, db_user.discriminator, reason, session["user_id"])
     db.session.add(db_ban)
+    db.session.commit()
     return ('', 204)
 
 @user.route("/ban", methods=["DELETE"])
@@ -361,6 +365,7 @@ def unban_unauthenticated_user():
     if db_ban.lifter_id is not None:
         abort(409)
     db_ban.liftBan(session["user_id"])
+    db.session.commit()
     return ('', 204)
 
 @user.route("/revoke", methods=["POST"])
@@ -380,6 +385,7 @@ def revoke_unauthenticated_user():
     if db_user.isRevoked():
         abort(409)
     db_user.revokeUser()
+    db.session.commit()
     return ('', 204)
 
 @user.route('/donate', methods=["GET"])
@@ -440,6 +446,7 @@ def donate_confirm():
         set_titan_token(session["user_id"], tokens, action)
         session["tokens"] = get_titan_token(session["user_id"])
         add_badge(session["user_id"], "supporter")
+        db.session.commit()
         return redirect(url_for('user.donate_thanks', transaction=trans_id))
     else:
         return redirect(url_for('index'))
@@ -482,6 +489,7 @@ def donate_patch():
             entry = Cosmetics(session["user_id"])
         entry.guest_icon = True
     db.session.add(entry)
+    db.session.commit()
     return ('', 204)
 
 @user.route("/patreon")
@@ -564,6 +572,7 @@ def patreon_sync_post():
     set_titan_token(session["user_id"], usr["titan"]["eligible_tokens"], "PATREON {} [{}]".format(usr["attributes"]["full_name"], usr["id"]))
     add_badge(session["user_id"], "supporter")
     session["tokens"] = get_titan_token(session["user_id"])
+    db.session.commit()
     return ('', 204)
 
 @user.route("/patreon/thanks")

webapp/titanembeds/utils.py

@@ -145,6 +145,7 @@ def update_user_status(guild_id, username, user_key=None):
         if dbUser.username != username or dbUser.ip_address != ip_address:
             dbUser.username = username
             dbUser.ip_address = ip_address
+            db.session.commit()
     else:
         status = {
             'authenticated': True,