5 changed files with 23 additions and 79 deletions
--- a/meta.sample.json
+++ b/meta.sample.json
@ -1,8 +1,5 @@
 {
 	"name":"Curious Greg",
 	"website":"https://git.lynnesbian.space/lynnesbian/curious-greg",
-	"flask_key":"put a secure secret key here, and rename this file to 'meta.json'",
-	"dbuser":"curiousgreg",
-	"dbpass":"choose a good password for the mysql user and put it here",
-	"dbname":"curiousgreg"
+	"flask_key":"put a secure secret key here, and rename this file to 'meta.json'"
 }
--- a/requirements.txt
+++ b/requirements.txt
@ -1,4 +1,2 @@
 Flask==1.0.2
-bcrypt==3.1.4
-mysql-connector-python<9
-Mastodon.py==1.3.1
+bcrypt==3.1.4
--- a/templates/create_password.html
+++ b/templates/create_password.html
@ -9,7 +9,7 @@
 <h2>Please enter a password for your new Curious Greg account.</h2>
 <!-- <div id='logo-main'></div> -->
 <form action='/internal/create_account' method='POST'>
-	<div id='form-avi' style={{ bg }}></div>
+	<div id='form-avi' style='background-image:url("")'></div>
 	<span id='form-avi-label'>{{ session['acct'] }}</span><br /><br />
 	<label for='pw'>Password</label><br />
 	<input type='password' name='pw' placeholder='••••••••' required /><br />
--- a/templates/home.html
+++ b/templates/home.html
@ -6,16 +6,10 @@
 </head>
 <body>
 <h1>Welcome</h1>
+<h2>You're all set up and ready to go.</h2>
 <!-- <div id='logo-main'></div> -->
-<div class='profilecard left'>
-	<div class='pc-title'>Mastodon</div>
-	<div id='pc-avi' style={{ mabg }}></div>
-	<span id='pc-avi-label'>{{ session['acct'] }}</span><br /><br />
-</div>
-<div class='profilecard right'>
-	<div class='pc-title'>Curious Cat</div>
-	<div id='pc-avi' style={{ ccbg }}></div>
-	<span id='pc-avi-label'>{{ session['cc'] }}</span><br /><br />
+<div id='body'>
+	You haven't posted to Curious Cat in a while, so we'll wait <strong>14 minutes</strong> until we check for new answers.
 </div>
 {% include 'footer.html' %}
 </body>
--- a/web.py
+++ b/web.py
@ -4,35 +4,18 @@
 # License, v. 2.0. If a copy of the MPL was not distributed with this
 # file, You can obtain one at http://mozilla.org/MPL/2.0/.

-import requests, json, hashlib, urllib, time
+import requests, sqlite3, json, hashlib
 from mastodon import Mastodon
 from flask import Flask, render_template, request, session, redirect, url_for
-import mysql.connector
 import bcrypt
+import urllib

 cfg = json.load(open("meta.json"))
 scopes = ["read:accounts", "write:statuses"]

-db = mysql.connector.connect(user=cfg['dbuser'], password=cfg['dbpass'], database=cfg['dbname'])
+db = sqlite3.connect("database.db") #TODO: switch to mysql so concurrency is possible
 c = db.cursor()
-# MariaDB [curiousgreg]> DESCRIBE data;
-# +---------------------+--------------+------+-----+-------------------------------------------+-----------------------------+
-# | Field               | Type         | Null | Key | Default                                   | Extra                       |
-# +---------------------+--------------+------+-----+-------------------------------------------+-----------------------------+
-# | username            | varchar(64)  | NO   | PRI | NULL                                      |                             |
-# | instance            | varchar(128) | NO   | PRI | NULL                                      |                             |
-# | password            | tinytext     | NO   |     | NULL                                      |                             |
-# | avi                 | text         | NO   |     | NULL                                      |                             |
-# | secret              | tinytext     | NO   |     | NULL                                      |                             |
-# | client_id           | varchar(128) | NO   |     | NULL                                      |                             |
-# | client_secret       | tinytext     | NO   |     | NULL                                      |                             |
-# | cc                  | tinytext     | YES  |     | NULL                                      |                             |
-# | ccavi               | varchar(128) | YES  |     | https://lynnesbian.space/res/ceres/cc.png |                             |
-# | latest_post         | tinytext     | YES  |     | NULL                                      |                             |
-# | latest_timestamp    | timestamp    | NO   |     | CURRENT_TIMESTAMP                         | on update CURRENT_TIMESTAMP |
-# | time_between_checks | int(11)      | YES  |     | NULL                                      |                             |
-# +---------------------+--------------+------+-----+-------------------------------------------+-----------------------------+
-c.execute("CREATE TABLE IF NOT EXISTS `data` (username VARCHAR(64) NOT NULL, instance VARCHAR(128) NOT NULL, password TINYTEXT NOT NULL, avi TEXT NOT NULL, secret TINYTEXT NOT NULL, client_id VARCHAR(128) NOT NULL, client_secret TINYTEXT NOT NULL, cc TINYTEXT, ccavi VARCHAR(128) DEFAULT 'https://lynnesbian.space/res/ceres/cc.png', latest_post TINYTEXT, latest_timestamp TIMESTAMP, time_between_checks INT, PRIMARY KEY(username, instance))")
+c.execute("CREATE TABLE IF NOT EXISTS `data` (username TEXT NOT NULL, instance TEXT NOT NULL, password TEXT NOT NULL, avi TEXT NOT NULL, secret TEXT NOT NULL, client_id TEXT NOT NULL, client_secret TEXT NOT NULL, cc TEXT, latest_post TEXT, latest_timestamp TEXT, time_between_checks INT)")

 app = Flask(cfg['name'])
 app.secret_key = cfg['flask_key']
@ -47,29 +30,8 @@ def main():
@app.route('/home')
 def home():
 	if 'acct' in session:
-		if 'cc' not in session:
-			session['cc'] = "None"
-		if session['cc'] == "None":
-			#every time home is rendered without cc being set
-			cc = c.execute("SELECT cc FROM `data` WHERE client_id LIKE ? AND instance LIKE ?", (session['client_id'], session['instance'])).fetchone()[0]
-			if cc != '':
-				session['cc'] = cc
-		
-		if 'last_avi_update' not in session or session['last_avi_update'] + (24 * 60 * 60) < time.time():
-			#avatars haven't been updated for over 24 hours
-			# avis = c.execute("SELECT avi, ccavi FROM `data` WHERE client_id LIKE ?", (session['client_id'],)).fetchone()
-			client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance'])
-
-			session['avi'] = client.account_verify_credentials()['avatar']
-			if session['cc'] != None:
-				#update cc avi too
-				r = requests.get("https://curiouscat.me/api/v2/profile?username={}".format(session['cc']))
-				j = r.json()
-				session['ccavi'] = j['userData']['avatar']
-				c.execute("UPDATE data SET avi = ?, ccavi = ? WHERE client_id LIKE ? AND instance LIKE ?", (session['avi'], session['ccavi'], session['client_id'], session['instance']))
-			else:
-				c.execute("UPDATE data SET avi = ? WHERE client_id LIKE ? AND instance LIKE ?", (session['avi'], session['client_id'], session['instance']))
-		return render_template("home.html")
+		acct = session['acct']
+		return render_template("home.html", acct=acct)
 	else:
 		return redirect(url_for('main'))
 	
@ -92,18 +54,18 @@ def log_in():
@app.route('/internal/auth_a')
 def internal_auth_a(): #TODO: prevent these endpoints from being spammed somehow

-	session['instance'] = request.args.get('instance', default='mastodon.social', type=str)
-	if not session['instance'].startswith("https://"):
-		session['instance'] = "https://{}".format(session['instance'])
+	session['instance_url'] = request.args.get('instance', default='mastodon.social', type=str)
+	if not session['instance_url'].startswith("https://"):
+		session['instance_url'] = "https://{}".format(session['instance_url'])

 	session['client_id'], session['client_secret'] = Mastodon.create_app(cfg['name'],
-		api_base_url=session['instance'],
+		api_base_url=session['instance_url'],
 		scopes=scopes,
 		website=cfg['website'],
 		redirect_uris=['https://cg.lynnesbian.space/internal/auth_b', 'http://localhost:5000/internal/auth_b']
 	)

-	client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance'])
+	client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance_url'])
 	url = client.auth_request_url(client_id=session['client_id'], redirect_uris='http://localhost:5000/internal/auth_b', scopes=scopes)
 	
 	return redirect(url, code=307)
@ -111,16 +73,14 @@ def internal_auth_a(): #TODO: prevent these endpoints from being spammed somehow
@app.route('/internal/auth_b')
 def internal_auth_b():
 	#write details to DB
-	client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance'])
+	client = Mastodon(client_id=session['client_id'], client_secret=session['client_secret'], api_base_url=session['instance_url'])
 	session['secret'] = client.log_in(code = request.args.get('code'), scopes=scopes, redirect_uri='http://localhost:5000/internal/auth_b')
 	acct_info = client.account_verify_credentials()
 	session['username'] = acct_info['username']
 	session['avi'] = acct_info['avatar']
-	session['acct'] = "@{}@{}".format(session['username'], session['instance'].replace("https://", ""))
-	if c.execute("SELECT COUNT(*) FROM data WHERE username LIKE ? AND instance LIKE ?", (session['username'], session['instance'])).fetchone()[0] > 0:
+	session['acct'] = "@{}@{}".format(session['username'], session['instance_url'].replace("https://", ""))
+	if c.execute("SELECT COUNT(*) FROM data WHERE username LIKE ? AND instance LIKE ?", (session['username'], session['instance_url'])).fetchone()[0] > 0:
 		#user already has an account with CG
-		#update the user's info to use the new info we just got, then redirect them to the login page
-		c.execute("UPDATE data SET client_id = ?, client_secret = ?, secret = ?, avi = ? WHERE username LIKE ? AND instance LIKE ?", (session['client_id'], session['client_secret'], session['secret'], session['avi'], session['username'], session['instance']))
 		return redirect(url_for('log_in'))
 	else:
 		return redirect(url_for('home'))
@ -131,15 +91,10 @@ def do_login():

@app.route('/create_password')
 def create_password():
-	return render_template("create_password.html", bg = "\"background-image:url('{}')\"".format(session['avi']))
+	return render_template("create_password.html")

@app.route('/internal/create_account', methods=['POST'])
 def create_account():
-	pw_in = request.form['pw']
-	if len(pw_in < 6) or pw_in == 'password':
-		return redirect('/create_password?invalid')
-	pw_hashed = hashlib.sha256(pw_in.encode('utf-8'))
-	pw = bcrypt.hashpw(pw_hashed, bcrypt.gensalt(15))
-	c.execute("INSERT INTO data (username, instance, avi, password, secret, client_id, client_secret) VALUES (?, ?, ?, ?, ?)", (session['username'], pw, session['instance'],  session['secret'], session['client_id'], session['client_secret']))
+	pw = bcrypt.hashpw(request.form['pw'], bcrypt.gensalt(15))
+	c.execute("INSERT INTO data (username, instance, avi, password, secret, client_id, client_secret) VALUES (?, ?, ?, ?, ?)", (session['username'], pw, session['instance_url'],  session['secret'], session['client_id'], session['client_secret']))
 	db.commit()
-	return redirect(url_for('home'))