2024-11-25 16:48:58 +00:00
11 changed files with 20 additions and 153 deletions
--- a/requirements.txt
+++ b/requirements.txt
@ -6,5 +6,3 @@ Flask==1.1.1
 flask-mysqldb==0.2.0
 bcrypt == 3.1.7
 requests==2.22.0
-http-ece==1.1.0
-cryptography==2.7
--- a/service.py
+++ b/service.py
@ -1,33 +0,0 @@
-#!/usr/bin/env python3
-from mastodon import Mastodon
-import MySQLdb
-import requests
-from multiprocessing import Pool
-import json
-
-cfg = json.load(open('config.json'))
-
-def scrape_posts(handle, outbox):
-	# check for min_id
-	last_post = 0
-	r = requests.get(outbox)
-	j = r.json()
-	pleroma = 'next' not in j
-	if pleroma:
-		j = j['first']
-	else:
-		uri = "{}&min_id={}".format(outbox, last_post)
-		r = requests.get(uri)
-		j = r.json()
-
-print("Establishing DB connection")
-db = MySQLdb.connect(
-	host = cfg['db_host'],
-	user=cfg['db_user'],
-	passwd=cfg['db_pass'],
-	db=cfg['db_name']
-)
-
-c = db.cursor()
-
-print("Downloading posts")
--- a/setup.sql
+++ b/setup.sql
@ -18,10 +18,7 @@ CREATE TABLE IF NOT EXISTS `bots` (
  `handle` VARCHAR(128) PRIMARY KEY,
  `user_id` INT NOT NULL,
  `credentials_id` INT NOT NULL,
-  `push_private_key` BINARY(128) NOT NULL,
-  `push_public_key` BINARY(128) NOT NULL,
-  `push_secret` BINARY(16)),
-  `enabled` BOOLEAN DEFAULT 0,
+  `enabled` BOOLEAN DEFAULT 1,
  `replies_enabled` BOOLEAN DEFAULT 1,
  `post_frequency` SMALLINT UNSIGNED DEFAULT 30,
  `content_warning` VARCHAR(128),
--- a/static/style.css
+++ b/static/style.css
@ -178,11 +178,3 @@ form .row {
 	background: center/contain url("https://lynnesbian.space/img/bune.png");
 	display: inline-block;
 }
-
-.error {
-	background-color: #e66;
-	color: white;
-	text-align: center;
-	font-size: 1.6em;
-	padding: 10px;
-}
--- a/templates/bot_accounts_add.html
+++ b/templates/bot_accounts_add.html
@ -10,8 +10,6 @@
 	<div class="container">
 		<h1 class="thin centred">Add account</h1>
 	</div>
-
-	{%include 'error.html' %}
 	
 	<div class="container centred">
 		<form action="/bot/accounts/add" method="POST">
--- a/templates/bot_accounts_delete.html
+++ b/templates/bot_accounts_delete.html
@ -1,27 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-	<meta charset="UTF-8">
-	<title>FediBooks</title>
-	{% include 'imports.html' %}
-</head>
-
-<body>
-	<div class="container centred">
-		<h1 class="thin centred">Stop learning from account</h1>
-	</div>
-	
-	<div class="container centred">
-		<form method='POST'>
-			<div class="panel-icon large"></div>
-			<div class="container centred">
-				<p>Are you sure you want {{ bot }} to stop learning from {{ user }}?</p>
-				<a class="button btn-secondary" href="/"><i class="fas fa-times"></i> Cancel</a>
-				<button class="button btn-dangerous"><i class="fas fa-trash"></i> Stop learning</button>
-			</div>
-		</form>
-	</div>
-
-	{% include 'footer.html' %}
-</body>
-</html>
--- a/templates/bot_create.html
+++ b/templates/bot_create.html
@ -10,8 +10,6 @@
 	<div class="container">
 		<h1 class="thin centred">Create bot</h1>
 	</div>
-
-	{% include 'error.html' %}
 	
 	<div class="container centred">
 		<form action="/bot/create" method="POST">
--- a/templates/error.html
+++ b/templates/error.html
@ -1,3 +0,0 @@
-{% if error != None %}
-<div class="error"><i class="fas fa-exclamation-triangle"></i> {{ error }}</div>
-{% endif %}
--- a/templates/footer.html
+++ b/templates/footer.html
@ -1,5 +1,5 @@
 <footer>
 	<div class='subtle'>
-		<p>FediBooks is beta software. It might behave unexpectedly. Website design and FediBooks software by <a href='https://fedi.lynnesbian.space/@LynnearSoftware'>Lynne</a>. This site uses <a href="https://fontawesome.com">Font Awesome</a>. Source code available <a href="https://github.com/Lynnesbian/Fedibooks">here</a>.</p>
+		<p>Website design and FediBooks software by <a href='https://fedi.lynnesbian.space/@LynnearSoftware'>Lynne</a>. This site uses <a href="https://fontawesome.com">Font Awesome</a>. Source code available <a href="https://github.com/Lynnesbian/Fedibooks">here</a>.</p>
 	</div>
 </footer>
--- a/templates/login.html
+++ b/templates/login.html
@ -10,8 +10,6 @@
 	<div class="container">
 		<h1 class="thin centred">{% if signup %}Sign up{% else %}Log in{% endif %}</h1>
 	</div>
-
-	{% include 'error.html' %}
 	
 	<div class="container centred">
 		<form action="/do/{% if signup %}signup{% else %}login{% endif %}" method="POST">
--- a/webui.py
+++ b/webui.py
@ -18,7 +18,7 @@ app.config['MYSQL_PASSWORD'] = cfg['db_pass']

 mysql = MySQL(app)

-scopes = ['write:statuses', 'write:accounts', 'read:accounts', 'read:notifications', 'read:statuses', 'push']
+scopes = ['write:statuses', 'write:accounts', 'read:accounts', 'read:notifications', 'read:statuses']

@app.route("/")
 def home():
@ -60,17 +60,12 @@ def about():

@app.route("/login")
 def show_login_page():
-	error = None
-	if 'error' in session:
-		error = session.pop('error')
-	return render_template("login.html", signup = False, error = error)
+	return render_template("login.html", signup = False)

@app.route("/signup")
-def show_signup_page():
-	error = None
-	if 'error' in session:
-		error = session.pop('error')
-	return render_template("login.html", signup = True, error = error)
+def show_signup_page(error = None):
+	#TODO: display error if any
+	return render_template("login.html", signup = True)

@app.route("/settings")
 def settings():
@ -141,13 +136,8 @@ def bot_accounts(id):

@app.route("/bot/accounts/add", methods = ['GET', 'POST'])
 def bot_accounts_add():
-	error = None
 	if request.method == 'POST':
 		if session['step'] == 1:
-			if request.form['account'] == session['bot']:
-				error = "Bots cannot learn from themselves."
-				return render_template("bot_accounts_add.html", error = error)
-
 			# look up user
 			handle_list = request.form['account'].split('@')
 			username = handle_list[1]
@ -169,8 +159,7 @@ def bot_accounts_add():
 					found = True
 					break
 			if not found:
-				error = "Couldn't find a valid ActivityPub outbox URL."
-				return render_template("bot_accounts_add.html", error = error)
+				return "Couldn't find a valid ActivityPub outbox URL."

 			# 3. format as outbox URL and check to make sure it works
 			outbox = "{}/outbox?page=true".format(uri)
@ -182,12 +171,10 @@ def bot_accounts_add():
 				c.execute("INSERT INTO `bot_learned_accounts` (`bot_id`, `fedi_id`) VALUES (%s, %s)", (session['bot'], request.form['account']))
 				c.close()
 				mysql.connection.commit()
-				return redirect("/bot/accounts/{}".format(session['bot']), 303)
-			else:
-				error = "Couldn't access ActivityPub outbox. {} may require authenticated fetches, which FediBooks doesn't support yet."
-				return render_template("bot_accounts_add.html", error = error)

-	return render_template("bot_accounts_add.html", error = error)
+				return redirect("/bot/accounts/{}".format(session['bot']), 303)
+
+	return render_template("bot_accounts_add.html")

@app.route("/bot/accounts/toggle/<id>")
 def bot_accounts_toggle(id):
@ -197,28 +184,10 @@ def bot_accounts_toggle(id):
 	c.close()
 	return redirect("/bot/accounts/{}".format(session['bot']), 303)

-@app.route("/bot/accounts/delete/<id>", methods=['GET', 'POST'])
-def bot_accounts_delete(id):
-	if request.method == 'GET':
-		instance = id.split("@")[2]
-		return render_template("bot_accounts_delete.html", user = id, instance = instance)
-	else:
-		#NOTE: when user credential support is added, we'll need to delete the creds too
-		c = mysql.connection.cursor()
-		c.execute("DELETE FROM `bot_learned_accounts` WHERE `fedi_id` = %s AND bot_id = %s", (id, session['bot']))
-		# check to see if anyone else is learning from this account
-		c.execute("SELECT COUNT(*) FROM `bot_learned_accounts` WHERE `fedi_id` = %s", (id,))
-		if c.fetchone()[0] == 0:
-			# nobody else learns from this account, remove it from the db
-			c.execute("DELETE FROM `fedi_accounts` WHERE `handle` = %s", (id,))
-		c.close()
-		mysql.connection.commit()
-
-		return redirect(url_for("/bot/accounts/{}".format(session['bot'])), 303)

@app.route("/bot/create/", methods=['GET', 'POST'])
 def bot_create():
-	error = None
+	#TODO: error handling
 	if request.method == 'POST':
 		if session['step'] == 1:
 			# strip leading https://, if provided
@ -245,7 +214,7 @@ def bot_create():
 				# all other instance types are also unsupported
 				# return an error message
 				#TODO: misskey
-				session['error'] = "Unsupported instance type. Misskey support is planned."
+				session['error'] = "Unsupported instance type."

 		elif session['step'] == 2:
 			# nothing needs to be done here, this step just informs the user that their instance type is supported
@ -283,7 +252,7 @@ def bot_create():
 				del session['instance']
 				del session['instance_type']
 				session['step'] = 1
-				return redirect(url_for("bot_create"), 303)
+				return bot_create()

 	else:
 		if session['step'] == 4:
@ -295,9 +264,7 @@ def bot_create():
 				handle = "@{}@{}".format(username, session['instance'])
 			except:
 				# authentication error occurred
-				error = "Authentication failed."
-				session['step'] = 3
-				return render_template("bot_create.html", error = error)
+				return render_template("bot_oauth_error.html")

 			# authentication success!!
 			c = mysql.connection.cursor()
@ -305,15 +272,7 @@ def bot_create():
 			credentials_id = c.lastrowid
 			mysql.connection.commit()

-			# get webpush url
-			privated, publicd = client.push_subscription_generate_keys()
-			private = privated['privkey']
-			public = publicd['pubkey']
-			secret = privated['auth']
-			# replace fedibooks.com with cfg['base_uri'] on release
-			client.push_subscription_set("https://fedibooks.com/push/{}".format(handle), publicd, mention_events = True)
-
-			c.execute("INSERT INTO `bots` (handle, user_id, credentials_id, push_public_key, push_private_key, push_secret) VALUES (%s, %s, %s, %s, %s, %s)", (handle, session['user_id'], credentials_id, public, private, secret))
+			c.execute("INSERT INTO `bots` (handle, user_id, credentials_id) VALUES (%s, %s, %s)", (handle, session['user_id'], credentials_id))
 			mysql.connection.commit()
 			c.close()

@ -324,9 +283,7 @@ def bot_create():
 			del session['client_id']
 			del session['client_secret']

-	if 'error' in session:
-		error = session.pop('error')
-	return render_template("bot_create.html", error = error)
+	return render_template("bot_create.html")

@app.route("/bot/create/back")
 def bot_create_back():
@ -344,12 +301,10 @@ def do_signup():
 	# email validation is basically impossible without actually sending an email to the address
 	# because fedibooks can't send email yet, we'll just check if the string contains an @ ;)
 	if "@" not in request.form['email']:
-		session['error'] = "Invalid email address."
-		return redirect(url_for("show_signup_page"), 303)
+		return show_signup_page("Invalid email address.")

 	if len(request.form['password']) < 8:
-		session['error'] = "Password too short."
-		return redirect(url_for("show_signup_page"), 303)
+		return show_signup_page("Password too short.")

 	pw_hashed = hashlib.sha256(request.form['password'].encode('utf-8')).digest()
 	pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(12))
@ -377,24 +332,18 @@ def do_login():
 	c.execute("SELECT * FROM users WHERE email = %s", (request.form['email'],))
 	data = c.fetchone()
 	c.close()
-	if data == None:
-		session['error'] = "Incorrect login information."
-		return redirect(url_for("show_login_page"), 303)
-	
 	if bcrypt.checkpw(pw_hashed, data['password']):
 		session['user_id'] = data['id']
 		return redirect(url_for("home"))

 	else:
-		session['error'] = "Incorrect login information."
-		return redirect(url_for("show_login_page"), 303)
+		return "invalid login"

@app.route("/img/bot_generic.png")
 def img_bot_generic():
 	return send_file("static/bot_generic.png", mimetype="image/png")

 def bot_check(bot):
-	# check to ensure bot is owned by user
 	c = mysql.connection.cursor()
 	c.execute("SELECT COUNT(*) FROM `bots` WHERE `handle` = %s AND `user_id` = %s", (bot, session['user_id']))
 	return c.fetchone()[0] == 1