yagich/porom
1
0
Fork 1
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: yagich:main
Branches Tags
yagich:main
yagich:with-docker
..
compare: yagich:with-docker
Branches Tags
yagich:main
yagich:with-docker

1 Commits
main ... with-docke

Author SHA1 Message Date
xananax
ca23415288 feat: allow containerized deployments 
At the moment, it seems like it should be working, but I get:
```
lua5.1: error loading module 'bcrypt' from file '/usr/local/openresty/luajit/lib/lua/5.1/bcrypt.so':
	Error relocating /usr/local/openresty/luajit/lib/lua/5.1/bcrypt.so: luaL_setfuncs: symbol not found
```
 2025-05-22 11:25:21 +02:00
71 changed files with 250 additions and 1851 deletions
Show Stats Expand all files Collapse all files

8
.dockerignore
View File

@ -1,8 +0,0 @@
logs/
nginx.conf.compiled
.vscode/
.local/
data/db/*
secrets
secrets/.touched*
sass

11
.gitignore vendored
View File

@ -1,9 +1,10 @@
logs/
nginx.conf.compiled
db.*.sqlite
.vscode/
.local/
data/db/*
secrets/secrets.lua
secrets/.touched*
data/static/avatars/*
!data/static/avatars/default.webp
static/avatars/*
!static/avatars/default.webp
secrets.lua
.first_launch.*

16
Dockerfile
View File

@ -1,16 +0,0 @@
# HOW TO:
#
# docker compose up
#
# it exposes the data/ and secrets/ volumes in app root
#
FROM openresty/openresty:alpine-fat
RUN apk add --no-cache git make gcc g++ musl-dev libffi-dev openssl-dev sqlite-dev libsodium libsodium-dev imagemagick-dev openssl
WORKDIR /app
COPY . .
RUN eval "$(luarocks --lua-version=5.1 path)"
RUN luarocks --lua-version=5.1 build --only-deps
EXPOSE 8080
RUN chmod +x /app/start.sh
ENTRYPOINT ["/app/start.sh", "production"]

44
README.md
View File

@ -6,45 +6,34 @@ Released under [CNPLv7+](https://thufie.lain.haus/NPL.html).
Please read the [full terms](./LICENSE.md) for proper wording.
# installing & first time setup
## docker
```bash
$ docker compose up
```
- opens port 8080
- exposes `data/db` and `data/avatars` as volumes for data backup and persistence
- exposes `secrets/` as a volume so that the script won't try to perform first time setup again
make sure to run it in an interactive session the first time, because it will spit out the password to the auto-created admin account.
## manual
1. install:
- OpenResty. instructions for linux can be found [here](https://openresty.org/en/linux-packages.html)
- LuaJIT and Lua 5.1 (usually called `lua5.1` in package managers)
- openssl (-dev)
- sqlite (-dev)
- libsodium (-dev)
- imagemagick (-dev)
- [LuaRocks](https://luarocks.org) (either through the guide's instructions or your package manager, whichever is newer)
2. add luarocks search dirs to path:
1. first, install OpenResty. instructions for linux can be found [here](https://openresty.org/en/linux-packages.html).
2. then, install LuaJIT and Lua 5.1 (usually called `lua5.1` in package managers)
3. then, install [LuaRocks](https://luarocks.org) (prefer your package manager instead of a local install recommended by the guide)
4. add luarocks search dirs to path:
```bash
# in .bashrc (or other shell equivalent)
eval "$(luarocks --lua-version 5.1 path)"
```
3. clone repo
4. install the lua dependencies:
5. clone repo
6. install the dependencies:
```bash
$ luarocks --local --lua-version 5.1 build --only-deps
```
5. run:
7. create a file named `secrets.lua` in the project directory.
use the `secrets.lua.example` file as reference, and generate a cryptographically secure random key, for example, with:
```bash
$ start.sh production # or 'development' or empty string
$ openssl rand -hex 32
```
8. run:
```bash
$ start.sh production
```
the script will perform some necessary first time setup (and create a hidden file in the folder to ensure it won't do so again). it will create an administrator account and print the credentials to the console; **this will only happen once**. make sure you save them somewhere. the administrator account is the only one that can promote other users to moderator.
(note the `production` argument. if called with no arguments, `start.sh` will run in a development environment, which uses a separate database and shows more debug information.)
(note the `production` argument. if called with no arguments, `start.sh` will run in a development environment, which uses a separate database.)
this app is made with the assumption that it is being reverse-proxied. as such, you may want to change the port to something other than the default `8080`. you can do that in [`config.lua`]([./config.lua]).
@ -54,6 +43,3 @@ once you are able to navigate to the forum, you can log in as the administrator
# icons
the icons in the `icons/` folder are by [Gabriele Malaspina](https://www.figma.com/community/file/1136337054881623512/iconcino-v2-0-0-free-icons-cc0-1-0-license)
# credits & acknowledgements
see [THIRDPARTY.md](./THIRDPARTY.md)

40
THIRDPARTY.md
View File

@ -1,40 +0,0 @@
# Acknowledgements
## Lapis
URL: https://leafo.net/lapis/
Copyright: `(c) 2023 Leaf Corcoran`
License: MIT
Repo: https://github.com/leafo/lapis
## ChicagoFLF
Affected files: [`fonts/ChicagoFLF.woff2`](./fonts/ChicagoFLF.woff2)
No canonical URL that I could find.
Obtained from: https://usemodify.com/fonts/chicago/
License: Public Domain
Designers: Susan Kare, Robin Casady
## Cadman
Affected files: [`fonts/Cadman_Bold.woff2`](./fonts/Cadman_Bold.woff2) [`fonts/Cadman_BoldItalic.woff2`](./fonts/Cadman_BoldItalic.woff2) [`fonts/Cadman_Italic.woff2`](./fonts/Cadman_Italic.woff2) [`fonts/Cadman_Roman.woff2`](./fonts/Cadman_Roman.woff2)
URL: https://localfonts.eu/shop/cyrillic-script/serbian/serbian-cyrillic-sans-serif/cadman/
Copyright: `© 2017-2020 by Paul James Miller. All rights reserved.`
License: SIL Open Font License 1.1
Designers: Paul James Miller
## ICONCINO
Affected files: [`svg-icons/error.etlua`](./svg-icons/error.etlua) [`svg-icons/info.etlua`](./svg-icons/info.etlua) [`svg-icons/lock.etlua`](./svg-icons/lock.etlua) [`svg-icons/sticky.etlua`](./svg-icons/sticky.etlua) [`svg-icons/warn.etlua`](./svg-icons/warn.etlua)
URL: https://www.figma.com/community/file/1136337054881623512/iconcino-v2-0-0-free-icons-cc0-1-0-license
Copyright: Gabriele Malaspina
Designers: Gabriele Malaspina
License: CC0 1.0/CC BY 4.0
CC BY 4.0 compliance: Modified to indicate the URL. Modified size.
## Forumoji
Affected files: everything in [`data/static/emoji`](./data/static/emoji)
URL: https://gh.vercte.net/forumoji/
License: CC0 1.0
Designers: lolecksdeehaha; Scratch137; 64lu (the project has many more contributors, but these are the people whose designs were reproduced here)

28
app.lua
View File

@ -1,10 +1,6 @@
local lapis = require("lapis")
local date = require("date")
local app = lapis.Application()
local constants = require("constants")
local babycode = require("lib.babycode")
local html_escape = require("lapis.html").escape
local config = require("lapis.config").get()
local db = require("lapis.db")
-- sqlite starts without foreign key enforcement
@ -15,23 +11,8 @@ local util = require("util")
app:enable("etlua")
app.layout = require "views.base"
app.cookie_attributes = function (self, name, value)
if name == config.session_name then
if not self.session.queue_delete then
local expires = date(true):adddays(30):fmt("${http}")
return "Expires="..expires.."; Path=/; HttpOnly; Secure"
else
local expires = date(true):addseconds(-30):fmt("${http}")
return "Expires="..expires.."; Path=/; HttpOnly; Secure"
end
end
end
local function inject_constants(req)
req.constants = constants
math.randomseed(os.time())
req.__cachebust = math.random(99999)
req.__commit = config.commit
end
local function inject_methods(req)
@ -40,13 +21,6 @@ local function inject_methods(req)
return util.ntob(v)
end
req.PermissionLevelString = constants.PermissionLevelString
req.infobox_message = function (_, s)
return util.infobox_message(s)
end
req.babycode_to_html = function (_, bb)
return babycode.to_html(bb, html_escape)
end
util.pop_infobox(req)
end
@ -58,8 +32,6 @@ app:include("apps.users", {path = "/user"})
app:include("apps.topics", {path = "/topics"})
app:include("apps.threads", {path = "/threads"})
app:include("apps.mod", {path = "/mod"})
app:include("apps.post", {path = "/post"})
app:include("apps.api", {path = "/api"})
app:get("/", function(self)
return {redirect_to = self:url_for("all_topics")}

36
apps/api.lua
View File

@ -1,36 +0,0 @@
local app = require("lapis").Application()
local sse = require("lib.sse")
local db = require("lapis.db")
local util = require("util")
app:get("sse_thread_updates", "/thread-updates/:thread_id", function(self)
do
local thread = db.query("SELECT threads.id FROM threads WHERE threads.id = ?", self.params.thread_id)
if #thread == 0 then
return {status = 404, skip_render = true}
end
end
local now = os.time()
local stream = sse:new()
local thread_id = self.params.thread_id
local new_posts_query = "SELECT id FROM posts WHERE thread_id = ? AND posts.created_at > ? ORDER BY posts.created_at ASC LIMIT 1"
while stream.active do
stream:dispatch()
local new_post = db.query(new_posts_query, thread_id, now)
if #new_post > 0 then
local url = util.get_post_url(self, new_post[1].id)
stream:enqueue(url, "new_post_url")
end
ngx.sleep(5)
end
return {skip_render = true}
end)
return app

35
apps/mod.lua
View File

@ -1,46 +1,23 @@
local app = require("lapis").Application()
local db = require("lapis.db")
local util = require("util")
local models = require("models")
local Users = models.Users
-- everything here requires a logged in moderator
app:before_filter(function(self)
app:get("user_list", "/list", function(self)
self.me = util.get_logged_in_user(self)
if not self.me then
self:write{redirect_to = self:url_for("all_topics")}
return
return {redirect_to = self:url_for("all_topics")}
end
if not self.me:is_mod() then
self:write{redirect_to = self:url_for("all_topics")}
return
return {redirect_to = self:url_for("all_topics")}
end
end)
app:get("user_list", "/list", function(self)
self.users = Users:select("")
return {render = "mod.user-list"}
end)
app:get("sort_topics", "/sort-topics", function(self)
self.topics = db.query("SELECT * FROM topics ORDER BY sort_order ASC")
self.page_title = "sorting topics"
return {render = "mod.sort-topics"}
end)
app:post("sort_topics", "/sort-topics", function(self)
local updates = self.params
db.query("BEGIN")
for topic_id, new_order in pairs(updates) do
db.update("topics", {sort_order = new_order}, {id = topic_id})
end
db.query("COMMIT")
return {redirect_to = self:url_for("sort_topics")}
end)
return app

104
apps/post.lua
View File

@ -1,104 +0,0 @@
local app = require("lapis").Application()
local db = require("lapis.db")
local constants = require("constants")
local util = require("util")
local models = require("models")
local Posts = models.Posts
local Threads = models.Threads
local PostHistory = models.PostHistory
app:get("single_post", "/:post_id", function(self)
local query = constants.FULL_POSTS_QUERY .. "WHERE posts.id = ?"
local p = db.query(query, self.params.post_id)
if p then
self.post = p[1]
self.thread = Threads:find({id = self.post.thread_id})
self.page_title = self.post.username .. "'s post in " .. self.thread.title
end
return {render = "post.single-post"}
end)
app:post("delete_post", "/:post_id/delete", function(self)
local user = util.get_logged_in_user(self)
if not user then
return {redirect_to = self:url_for"all_topics"}
end
print("id is " .. self.params.post_id)
local post = Posts:find({id = self.params.post_id})
if not post then
return {redirect_to = self:url_for"all_topics"}
end
local thread = Threads:find({id = post.thread_id})
if user:is_mod() then
post:delete()
util.inject_infobox(self, "Post deleted.")
return {redirect_to = self:url_for("thread", {slug = thread.slug})}
end
if post.user_id ~= user.id then
return {redirect_to = self:url_for"all_topics"}
end
post:delete()
util.inject_infobox(self, "Post deleted.")
return {redirect_to = self:url_for("thread", {slug = thread.slug})}
end)
app:get("edit_post", "/:post_id/edit", function(self)
local user = util.get_logged_in_user(self)
if not user then
return {redirect_to = self:url_for"all_topics"}
end
local editing_query = constants.FULL_POSTS_QUERY .. "WHERE posts.id = ?"
local p = db.query(editing_query, self.params.post_id)
if not p then
return {redirect_to = self:url_for"all_topics"}
end
if p[1].user_id ~= user.id then
return {redirect_to = self:url_for"all_topics"}
end
self.me = user
self.editing_post = p[1]
self.thread = Threads:find({id = self.editing_post.thread_id})
local thread_predicate = constants.FULL_POSTS_QUERY .. "WHERE posts.thread_id = ?\n"
local context_prev_query = thread_predicate .. "AND posts.created_at < ? ORDER BY posts.created_at DESC LIMIT 2"
local context_next_query = thread_predicate .. "AND posts.created_at > ? ORDER BY posts.created_at ASC LIMIT 2"
self.prev_context = db.query(context_prev_query, self.thread.id, self.editing_post.created_at)
self.next_context = db.query(context_next_query, self.thread.id, self.editing_post.created_at)
self.page_title = "editing a post"
return {render = "post.edit-post"}
end)
app:post("edit_post", "/:post_id/edit", function(self)
local user = util.get_logged_in_user(self)
if not user then
return {redirect_to = self:url_for("all_topics")}
end
local post = Posts:find({id = self.params.post_id})
if not post then
return {redirect_to = self:url_for("all_topics")}
end
if post.user_id ~= user.id then
return {redirect_to = self:url_for("all_topics")}
end
util.update_post(post, self.params.new_content)
local thread = Threads:find({id = post.thread_id})
local link = self:url_for("thread", {slug = thread.slug}, {after = post.id}) .. "#post-" .. post.id
return {redirect_to = link}
end)
return app

101
apps/threads.lua
View File

@ -1,6 +1,5 @@
local app = require("lapis").Application()
local lapis_util = require("lapis.util")
local constants = require("constants")
local db = require("lapis.db")
local util = require("util")
@ -23,7 +22,7 @@ app:get("thread_create", "/create", function(self)
return "how did you get here?"
end
self.all_topics = all_topics
self.page_title = "drafting a thread"
self.page_title = "creating thread"
self.me = user
return {render = "threads.create"}
end)
@ -36,10 +35,7 @@ app:post("thread_create", "/create", function(self)
end
local topic = Topics:find(self.params.topic_id)
if not topic then
return {redirect_to = self:url_for("all_topics")}
end
if util.is_topic_locked(topic) and not user:is_mod() then
return {redirect_to = self:url_for("all_topics")}
return {redirect_to = self:url_for("topics")}
end
local title = lapis_util.trim(self.params.title)
@ -58,7 +54,7 @@ app:post("thread_create", "/create", function(self)
local post = util.create_post(thread.id, user.id, post_content)
if not post then
return {redirect_to = self:url_for("all_topics")}
return {redirect_to = self:url_for("topics")}
end
return {redirect_to = self:url_for("thread", {slug = slug})}
@ -90,11 +86,24 @@ app:get("thread", "/:slug", function(self)
end
-- self.page = math.max(1, math.min(self.page, self.pages))
local query = (constants.FULL_POSTS_QUERY ..
"WHERE posts.thread_id = ? ORDER BY posts.created_at ASC LIMIT ? OFFSET ?")
local posts = db.query(query, thread.id, POSTS_PER_PAGE, (self.page - 1) * POSTS_PER_PAGE)
local posts = db.query([[
SELECT
posts.id, posts.created_at, post_history.content, post_history.edited_at, users.username, users.status, avatars.file_path AS avatar_path
FROM
posts
JOIN
post_history ON posts.current_revision_id = post_history.id
JOIN
users ON posts.user_id = users.id
LEFT JOIN
avatars ON users.avatar_id = avatars.id
WHERE
posts.thread_id = ?
ORDER BY
posts.created_at ASC
LIMIT ? OFFSET ?
]], thread.id, POSTS_PER_PAGE, (self.page - 1) * POSTS_PER_PAGE)
self.topic = Topics:find(thread.topic_id)
self.other_topics = db.query("SELECT topics.id, topics.name FROM topics")
self.me = util.get_logged_in_user_or_transient(self)
self.posts = posts
@ -136,74 +145,4 @@ app:post("thread", "/:slug", function(self)
return {redirect_to = self:url_for("thread", {slug = thread.slug}, {page = last_page}) .. "#latest-post"}
end)
app:post("thread_lock", "/:slug/lock", function(self)
local user = util.get_logged_in_user(self)
if not user then
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end
local thread = Threads:find({slug = self.params.slug})
if not ((thread.user_id == user.id) or user:is_mod()) then
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end
local target_op = util.form_bool_to_sqlite(self.params.target_op)
thread:update({
is_locked = target_op,
})
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end)
app:post("thread_sticky", "/:slug/sticky", function(self)
local user = util.get_logged_in_user(self)
if not user then
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end
if not user:is_mod() then
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end
local thread = Threads:find({slug = self.params.slug})
local target_op = util.form_bool_to_sqlite(self.params.target_op)
thread:update({
is_stickied = target_op,
})
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end)
app:post("thread_move", "/:slug/move", function(self)
local user = util.get_logged_in_user(self)
if not user then
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end
if not user:is_mod() then
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end
if not self.params.new_topic_id then
util.inject_err_infobox(self, "Thread already in this topic.")
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end
local new_topic = Topics:find({id = self.params.new_topic_id})
if not new_topic then
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end
local thread = Threads:find({slug = self.params.slug})
if not thread then
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end
if new_topic.id == thread.topic_id then
util.inject_err_infobox(self, "Thread already in this topic.")
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end
local old_topic = Topics:find({id = thread.topic_id})
thread:update({topic_id = new_topic.id})
util.inject_infobox(self, ("Thread moved from \"%s\" to \"%s\"."):format(old_topic.name, new_topic.name))
return {redirect_to = self:url_for("thread", {slug = self.params.slug})}
end)
return app

18
apps/topics.lua
View File

@ -53,7 +53,7 @@ app:get("topic_create", "/create", function(self)
return {status = 403}
end
self.page_title = "creating a topic"
self.page_title = "creating topic"
self.me = user
return {render = "topics.create"}
@ -194,20 +194,4 @@ app:post("topic_edit", "/:slug/edit", function(self)
return {redirect_to = self:url_for("topic", {slug = self.params.slug})}
end)
app:post("topic_delete", "/:slug/delete", function(self)
local user = util.get_logged_in_user(self)
if not user then
return {redirect_to = self:url_for("topic", {slug = self.params.slug})}
end
if not user:is_mod() then
return {redirect_to = self:url_for("topic", {slug = self.params.slug})}
end
local topic = Topics:find({slug = self.params.slug})
topic:delete()
util.inject_infobox(self, "Topic deleted.")
return {redirect_to = self:url_for("all_topics")}
end)
return app

55
apps/users.lua
View File

@ -1,13 +1,11 @@
local app = require("lapis").Application()
local babycode = require("lib.babycode")
local html_escape = require("lapis.html").escape
local db = require("lapis.db")
local constants = require("constants")
local util = require("util")
local auth = require("lib.auth")
local bcrypt = require("bcrypt")
local rand = require("openssl.rand")
local models = require("models")
@ -16,7 +14,7 @@ local Sessions = models.Sessions
local Avatars = models.Avatars
local function authenticate_user(user, password)
return auth.verify(password, user.password_hash)
return bcrypt.verify(password, user.password_hash)
end
local function create_session_key()
@ -116,20 +114,13 @@ app:post("user_delete", "/:username/delete", function(self)
return {redirect_to = self:url_for("user", {username = self.params.username})}
end
if me:is_admin() then
util.inject_err_infobox("You can not delete the admin account!")
return {redirect_to = self:url_for("user", {username = self.params.username})}
end
if not authenticate_user(target_user, self.params.password) then
util.inject_err_infobox(self, "The password you entered is incorrect.")
return {redirect_to = self:url_for("user_delete_confirm", {username = me.username})}
end
local session = Sessions:find({key = self.session.session_key})
session:delete()
self.session.queue_delete = true
util.transfer_and_delete_user(target_user)
util.inject_infobox(self, "Your account has been added to the deletion queue.")
return {redirect_to = self:url_for("user_signup")}
end)
@ -186,7 +177,7 @@ app:post("user_set_avatar", "/:username/set_avatar", function(self)
local time = os.time()
local filename = "u" .. target_user.id .. "d" .. time .. ".webp"
local proxied_filename = "/avatars/" .. filename
local save_path = "data/static" .. proxied_filename
local save_path = "static" .. proxied_filename
local res = util.validate_and_create_image(file.content, save_path)
if not res then
util.inject_warn_infobox(self, "Something went wrong. Try again later.")
@ -206,35 +197,6 @@ app:post("user_set_avatar", "/:username/set_avatar", function(self)
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
end)
app:post("user_change_password", "/:username/new_password", function(self)
local me = util.get_logged_in_user(self)
if not me then
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
end
local target_user = Users:find({username = self.params.username})
if me.id ~= target_user.id then
return {redirect_to = self:url_for("user", {username = self.params.username})}
end
local password = self.params.new_password
local password2 = self.params.new_password2
if not validate_password(password) then
util.inject_err_infobox(self, "Password must be 10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces.")
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
end
if password ~= password2 then
util.inject_err_infobox(self, "Passwords do not match.")
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
end
me:update({
password_hash = auth.digest(password)
})
util.extend_session_cookie(self)
util.inject_infobox(self, "Password updated.")
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
end)
app:get("user_settings", "/:username/settings", function(self)
local me = util.get_logged_in_user(self)
if me == nil then
@ -263,15 +225,11 @@ app:post("user_settings", "/:username/settings", function(self)
end
local status = self.params.status:sub(1, 100)
local original_sig = self.params.signature or ""
local rendered_sig = babycode.to_html(original_sig, html_escape)
target_user:update({
status = status,
signature_original_markup = original_sig,
signature_rendered = rendered_sig,
})
util.inject_infobox(self, "Settings updated.")
util.inject_infobox(self, "Status updated.")
return {redirect_to = self:url_for("user_settings", {username = self.params.username})}
end)
@ -363,7 +321,7 @@ app:post("user_signup", "/signup", function(self)
local new_user = Users:create({
username = username,
password_hash = auth.digest(password),
password_hash = bcrypt.digest(password, constants.BCRYPT_ROUNDS),
permission = constants.PermissionLevel.GUEST,
})
@ -381,7 +339,6 @@ app:post("user_logout", "/logout", function (self)
local session = Sessions:find({key = self.session.session_key})
session:delete()
self.session.queue_delete = true
return {redirect_to = self:url_for("user_login")}
end)

13
config.lua
View File

@ -1,23 +1,16 @@
local config = require("lapis.config")
local secrets = require("secrets.secrets")
local secrets = require("secrets")
local commit = nil
local f = io.open(".git/refs/heads/main", "r")
if f then
commit = f:read(8)
f:close()
end
config({"development", "production"}, {
port = 8080,
server = "nginx",
code_cache = "off",
num_workers = "1",
sqlite = {
database = "data/db/db.dev.sqlite"
database = "db.dev.sqlite"
},
secret = "SUPER SECRET",
session_name = "porom_session",
commit = commit,
})
config("production", {
@ -27,7 +20,7 @@ config("production", {
},
secret = secrets.key,
sqlite = {
database = "data/db/db.prod.sqlite"
database = "db.prod.sqlite"
},
session_name = "porom_session_s"
})

13
constants.lua
View File

@ -8,19 +8,6 @@ Constants.PermissionLevel = {
ADMIN = 4,
}
Constants.FULL_POSTS_QUERY = [[
SELECT
posts.id, posts.created_at, post_history.content, post_history.edited_at, users.username, users.status, avatars.file_path AS avatar_path, posts.thread_id, users.id AS user_id, post_history.original_markup, users.signature_rendered
FROM
posts
JOIN
post_history ON posts.current_revision_id = post_history.id
JOIN
users ON posts.user_id = users.id
LEFT JOIN
avatars ON users.avatar_id = avatars.id
]]
Constants.PermissionLevelString = {
[Constants.PermissionLevel.GUEST] = "Guest",
[Constants.PermissionLevel.USER] = "User",

5
create_default_accounts.lua
View File

@ -1,4 +1,4 @@
local auth = require("lib.auth")
local bcrypt = require("bcrypt")
local models = require("models")
local constants = require("constants")
@ -23,14 +23,13 @@ local function create_admin()
return
end
math.randomseed(os.time())
local password = ""
for _ = 1, 16 do
local randi = math.random(#alphabet)
password = password .. alphabet:sub(randi, randi)
end
local hash = auth.digest(password)
local hash = bcrypt.digest(password, constants.BCRYPT_ROUNDS)
models.Users:create({
username = username,

BIN
data/static/emoji/angry.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 458 B

BIN
data/static/emoji/frown.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 533 B

BIN
data/static/emoji/grin.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 535 B

BIN
data/static/emoji/imp.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 532 B

BIN
data/static/emoji/impangry.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 534 B

BIN
data/static/emoji/neutral.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 527 B

BIN
data/static/emoji/smile.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 532 B

BIN
data/static/emoji/sob.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 479 B

BIN
data/static/emoji/surprised.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 522 B

BIN
data/static/emoji/think.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 523 B

BIN
data/static/emoji/tongue.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 551 B

BIN
data/static/emoji/wink.png
View File

Binary file not shown.
Side by Side

Before

Width:  |  Height:  |  Size: 536 B

13
docker-compose.yaml Normal file
View File

@ -0,0 +1,13 @@
# Generate a random secret key
# export PROD_SECRET_KEY=$(openssl rand -hex 32)
# Start the container
# docker-compose up
version: "3"
services:
porom:
build:
context: .
args:
- PROD_SECRET_KEY=${PROD_SECRET_KEY}
ports:
- "8080:8080"

12
docker-compose.yml
View File

@ -1,12 +0,0 @@
version: "3"
services:
porom:
build:
context: .
ports:
- "8080:8080"
volumes:
- ./data/static:/app/data/static
- ./data/db:/app/data/db
- ./secrets:/app/secrets
restart: unless-stopped

36
dockerfile Normal file
View File

@ -0,0 +1,36 @@
# HOW TO:
#
# Generate a random secret key & build the Docker image
# ```sh
# SECRET_KEY=$(openssl rand -hex 32) docker build --build-arg PROD_SECRET_KEY="$SECRET_KEY" -t porom:latest .
# ```
#
# Then run the container
# ```sh
# docker run -d -p 8080:8080 --name porom porom:latest
# ```
#
FROM openresty/openresty:alpine-fat
COPY ./nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
COPY . /usr/local/openresty/nginx/html
WORKDIR /usr/local/openresty/nginx/html
RUN apk add --no-cache \
make \
git \
make \
gcc \
g++ \
musl-dev \
libffi-dev \
openssl-dev \
sqlite-dev \
imagemagick-dev \
lua5.1 \
lua5.1-dev
RUN eval "$(luarocks --lua-version 5.1 path)"
RUN luarocks --lua-version 5.1 build --only-deps
ARG PROD_SECRET_KEY
RUN echo "return { key = \"${PROD_SECRET_KEY}\",}" > /usr/local/openresty/nginx/html/secrets.lua
EXPOSE 8080
RUN chmod +x /usr/local/openresty/nginx/html/start.sh
ENTRYPOINT ["/usr/local/openresty/nginx/html/start.sh", "production"]

BIN
fonts/Cadman_Bold.woff2
View File

Binary file not shown.

BIN
fonts/Cadman_BoldItalic.woff2
View File

Binary file not shown.

BIN
fonts/Cadman_Italic.woff2
View File

Binary file not shown.

BIN
fonts/Cadman_Roman.woff2
View File

Binary file not shown.

BIN
fonts/ChicagoFLF.woff2
View File

Binary file not shown.

54
js/babycode-editor.js
View File

@ -1,54 +0,0 @@
{
let ta = document.getElementById("babycode-content");
const buttonBold = document.getElementById("post-editor-bold");
const buttonItalics = document.getElementById("post-editor-italics");
const buttonStrike = document.getElementById("post-editor-strike");
const buttonCode = document.getElementById("post-editor-code");
function insertTag(tagStart, newline = false) {
const tagEnd = tagStart;
const tagInsertStart = `[${tagStart}]${newline ? "\n" : ""}`;
const tagInsertEnd = `${newline ? "\n" : ""}[/${tagEnd}]`;
const hasSelection = ta.selectionStart !== ta.selectionEnd;
const text = ta.value;
if (hasSelection) {
const realStart = Math.min(ta.selectionStart, ta.selectionEnd);
const realEnd = Math.max(ta.selectionStart, ta.selectionEnd);
const selectionLength = realEnd - realStart;
const strStart = text.slice(0, realStart);
const strEnd = text.substring(realEnd);
const frag = `${tagInsertStart}${text.slice(realStart, realEnd)}${tagInsertEnd}`;
const reconst = `${strStart}${frag}${strEnd}`;
ta.value = reconst;
ta.setSelectionRange(realStart + tagInsertStart.length, realStart + tagInsertStart.length + selectionLength);
ta.focus()
} else {
const cursor = ta.selectionStart;
const strStart = text.slice(0, cursor);
const strEnd = text.substr(cursor);
const newCursor = strStart.length + tagInsertStart.length;
const reconst = `${strStart}${tagInsertStart}${tagInsertEnd}${strEnd}`;
ta.value = reconst;
ta.setSelectionRange(newCursor, newCursor);
ta.focus()
}
}
buttonBold.addEventListener("click", (e) => {
e.preventDefault();
insertTag("b")
})
buttonItalics.addEventListener("click", (e) => {
e.preventDefault();
insertTag("i")
})
buttonStrike.addEventListener("click", (e) => {
e.preventDefault();
insertTag("s")
})
buttonCode.addEventListener("click", (e) => {
e.preventDefault();
insertTag("code", true)
})
}

7
js/copy-code.js
View File

@ -1,7 +0,0 @@
for (let button of document.querySelectorAll(".copy-code")) {
button.addEventListener("click", async () => {
await navigator.clipboard.writeText(button.value)
button.textContent = "Copied!"
setTimeout(() => {button.textContent = "Copy"}, 1000.0)
})
}

10
js/date-fmt.js
View File

@ -1,10 +0,0 @@
document.addEventListener("DOMContentLoaded", () => {
const timestampSpans = document.getElementsByClassName("timestamp");
for (let timestampSpan of timestampSpans) {
const timestamp = parseInt(timestampSpan.dataset.utc);
if (!isNaN(timestamp)) {
const date = new Date(timestamp * 1000);
timestampSpan.textContent = date.toLocaleString();
}
}
})

45
js/sort-topics.js
View File

@ -1,45 +0,0 @@
// https://codepen.io/crouchingtigerhiddenadam/pen/qKXgap
let selected = null;
let container = document.getElementById("topics-container")
function isBefore(el1, el2) {
let cur
if (el2.parentNode === el1.parentNode) {
for (cur = el1.previousSibling; cur; cur = cur.previousSibling) {
if (cur === el2) return true
}
}
return false;
}
function dragOver(e) {
let target = e.target.closest(".draggable-topic")
if (!target || target === selected) {
return;
}
if (isBefore(selected, target)) {
container.insertBefore(selected, target)
} else {
container.insertBefore(selected, target.nextSibling)
}
}
function dragEnd() {
if (!selected) return;
selected.classList.remove("dragged")
selected = null;
for (let i = 0; i < container.childElementCount - 1; i++) {
let input = container.children[i].querySelector(".topic-input");
input.value = i + 1;
}
}
function dragStart(e) {
e.dataTransfer.effectAllowed = 'move'
e.dataTransfer.setData('text/plain', null)
selected = e.target
selected.classList.add("dragged")
}

83
js/thread.js
View File

@ -1,83 +0,0 @@
{
const ta = document.getElementById("babycode-content");
for (let button of document.querySelectorAll(".reply-button")) {
button.addEventListener("click", (e) => {
ta.value += button.value;
ta.scrollIntoView()
})
}
const deleteDialog = document.getElementById("delete-dialog");
const deleteDialogCloseButton = document.getElementById("post-delete-dialog-close");
let deletionTargetPostContainer;
function closeDeleteDialog() {
deletionTargetPostContainer.style.removeProperty("background-color");
deleteDialog.close();
}
deleteDialogCloseButton.addEventListener("click", (e) => {
closeDeleteDialog();
})
deleteDialog.addEventListener("click", (e) => {
if (e.target === deleteDialog) {
closeDeleteDialog();
}
})
for (let button of document.querySelectorAll(".post-delete-button")) {
button.addEventListener("click", (e) => {
deleteDialog.showModal();
const postId = button.value;
deletionTargetPostContainer = document.getElementById("post-" + postId).querySelector(".post-content-container");
deletionTargetPostContainer.style.setProperty("background-color", "#fff");
const form = document.getElementById("post-delete-form");
form.action = `/post/${postId}/delete`
})
}
let newPostSubscription = null;
function hideNotification() {
const notification = document.getElementById('new-post-notification');
notification.classList.add('hidden');
}
function showNewPostNotification(url) {
const notification = document.getElementById("new-post-notification");
notification.classList.remove("hidden");
document.getElementById("dismiss-new-post-button").onclick = () => {
hideNotification();
reconnectSSE();
}
document.getElementById("go-to-new-post-button").href = url;
document.getElementById("unsub-new-post-button").onclick = () => {
hideNotification()
}
}
function reconnectSSE() {
if (newPostSubscription) newPostSubscription.close();
const threadEndpoint = document.getElementById("thread-subscribe-endpoint").value;
newPostSubscription = new EventSource(threadEndpoint);
newPostSubscription.onerror = (e) => {
console.error(e);
};
newPostSubscription.addEventListener("new_post_url", (e) => {
showNewPostNotification(e.data);
newPostSubscription.close();
})
}
window.addEventListener('beforeunload', () => {
if(newPostSubscription)
{
newPostSubscription.close();
}
});
reconnectSSE();
}

16
js/topic.js
View File

@ -1,16 +0,0 @@
{
const deleteDialog = document.getElementById("delete-dialog");
const deleteDialogOpenButton = document.getElementById("topic-delete-dialog-open");
deleteDialogOpenButton.addEventListener("click", (e) => {
deleteDialog.showModal();
});
const deleteDialogCloseButton = document.getElementById("topic-delete-dialog-close");
deleteDialogCloseButton.addEventListener("click", (e) => {
deleteDialog.close();
})
deleteDialog.addEventListener("click", (e) => {
if (e.target === deleteDialog) {
deleteDialog.close();
}
})
}

16
lib/auth.lua
View File

@ -1,16 +0,0 @@
local auth = {}
local ls = require "luasodium"
function auth.digest(password)
return ls.crypto_pwhash_str(
password,
ls.crypto_pwhash_OPSLIMIT_INTERACTIVE,
ls.crypto_pwhash_MEMLIMIT_INTERACTIVE)
end
function auth.verify(password, hash)
return ls.crypto_pwhash_str_verify(hash, password)
end
return auth

36
lib/babycode-emoji.lua
View File

@ -1,36 +0,0 @@
local emoji_template = " <img class=emoji src=\"/emoji/$.png\" alt=\"$\" title=\"$\"> "
return {
["angry"] = emoji_template:gsub("%$", "angry"),
["("] = emoji_template:gsub("%$", "frown"),
["D"] = emoji_template:gsub("%$", "grin"),
["imp"] = emoji_template:gsub("%$", "imp"),
["angryimp"] = emoji_template:gsub("%$", "impangry"),
["impangry"] = emoji_template:gsub("%$", "impangry"),
["|"] = emoji_template:gsub("%$", "neutral"),
[")"] = emoji_template:gsub("%$", "smile"),
[","] = emoji_template:gsub("%$", "sob"),
["T"] = emoji_template:gsub("%$", "sob"),
["cry"] = emoji_template:gsub("%$", "sob"),
["sob"] = emoji_template:gsub("%$", "sob"),
["o"] = emoji_template:gsub("%$", "surprised"),
["O"] = emoji_template:gsub("%$", "surprised"),
["hmm"] = emoji_template:gsub("%$", "think"),
["think"] = emoji_template:gsub("%$", "think"),
["thinking"] = emoji_template:gsub("%$", "think"),
["P"] = emoji_template:gsub("%$", "tongue"),
["p"] = emoji_template:gsub("%$", "tongue"),
[";"] = emoji_template:gsub("%$", "wink"),
["wink"] = emoji_template:gsub("%$", "wink"),
}

151
lib/babycode.lua
View File

@ -1,167 +1,50 @@
local babycode = {}
local string_trim = require("lapis.util").trim
local emoji = require("lib.babycode-emoji")
local function s_split(s, delimiter, max_matches, trim, allow_empty)
local result = {}
if s == "" then
return result
end
trim = trim == nil and true or trim
local tr = function(subj)
if trim then return string_trim(subj) else return subj end
end
max_matches = max_matches or -1
allow_empty = allow_empty == nil and true or allow_empty
if delimiter == "" then
for i=1, #s do
local c = s:sub(i, 1)
if allow_empty or c ~= "" then
table.insert(result, c)
if max_matches > 0 and #result == max_matches then
break
end
end
end
return result
end
local current_pos = 1
local delim_len = #delimiter
while true do
if max_matches > 0 and #result >= max_matches then
break
end
---@diagnostic disable-next-line: param-type-mismatch
local start_pos, end_pos = s:find(delimiter, current_pos, true)
if not start_pos then
break
end
local substr = s:sub(current_pos, start_pos - 1)
if allow_empty or substr ~= "" then
table.insert(result, tr(substr))
end
current_pos = end_pos + 1
end
local substr = s:sub(current_pos)
if allow_empty or substr ~= "" then
table.insert(result, tr(substr))
end
return result
end
local function get_list_items(list_body, escape_html)
list_body = list_body:gsub(" +%s*\r?\n", "<br>")
list_body = list_body:gsub("(%S)(\r?\n\r?\n)\r?\n*", "%1\1")
local list_items = s_split(list_body, "\1")
local lis = ""
for _, li in ipairs(list_items) do
local rendered = babycode.to_html(li, escape_html)
lis = lis .. "<li>" .. rendered .. "</li>"
end
return lis
end
---renders babycode to html
---@param s string input babycode
---@param escape_html fun(s: string): string function that escapes html
function babycode.to_html(s, escape_html)
if not s or s == "" then return "" end
local text = escape_html(s)
-- extract code blocks and store them as placeholders
-- extract code blocks first and store them as placeholders
-- don't want to process bbcode embedded into a code block
local code_blocks = {}
local inline_codes = {}
text = text:gsub("%[code%](.-)%[/code%]", function(code)
local is_inline = code:match("\n") == nil
if is_inline then
table.insert(inline_codes, code)
return "\1ICODE:"..#inline_codes.."\1"
else
-- strip leading and trailing newlines, preserve others
local m, _ = code:gsub("^%s*(.-)%s*$", "%1")
table.insert(code_blocks, m)
return "\1CODE:"..#code_blocks.."\1"
end
local code_count = 0
local text = s:gsub("%[code%](.-)%[/code%]", function(code)
code_count = code_count + 1
-- strip leading and trailing newlines, preserve others
code_blocks[code_count] = code:gsub("^%s*(.-)%s*$", "%1")
return "\1CODE:"..code_count.."\1"
end)
text = text:gsub("%[ul%](.-)%[/ul%]", function(list_body)
return "<ul>" .. get_list_items(list_body, escape_html) .. "</ul>"
end)
text = text:gsub("%[ol%](.-)%[/ol%]", function(list_body)
return "<ol>" .. get_list_items(list_body, escape_html) .. "</ol>"
end)
-- images
local images = {}
text = text:gsub("%[img=(.-)%](.-)%[/img%]", function (img, alt)
table.insert(images, {img = img, alt = alt})
return "\1IMG:"..#images.."\1"
end)
-- normalize newlines, attempt #4
text = text:gsub(" +%s*\r?\n", "<br>")
text = text:gsub("(%S)(\r?\n\r?\n)\r?\n*", "%1<br><br>")
local url_tags = {}
-- replace `[url=https://example.com]Example[/url] tags
text = text:gsub("%[url=([^%]]+)%](.-)%[/url%]", function(url, label)
table.insert(url_tags, {url = url, label = label})
return "\1URL:"..#url_tags.."\1"
return '<a href="'..escape_html(url)..'">'..escape_html(label)..'</a>'
end)
-- replace `[url]https://example.com[/url] tags
text = text:gsub("%[url%]([^%]]+)%[/url%]", function(url)
return '<a href="'..escape_html(url)..'">'..escape_html(url)..'</a>'
end)
-- bold, italics, strikethrough
text = text:gsub("%[b%](.-)%[/b%]", "<strong>%1</strong>")
text = text:gsub("%[i%](.-)%[/i%]", "<em>%1</em>")
text = text:gsub("%[s%](.-)%[/s%]", "<del>%1</del>")
-- these can be nested, so replace open and closed separately
text = text:gsub("%[(/?)quote%]", "<%1blockquote>")
text = text:gsub(":(.-):", function(code)
if emoji[code] then
return emoji[code]
else
return code
end
end)
-- replace loose links
text = text:gsub("(https?://[%w-_%.%?%.:/%+=&~%@#%%]+[%w-/])", function(url)
if not text:find('<a[^>]*>'..url..'</a>') then
return '<a href="'..url..'">'..url..'</a>'
return '<a href="'..escape_html(url)..'">'..escape_html(url)..'</a>'
end
return url
end)
text = text:gsub("\1URL:(%d+)\1", function(n)
local url = url_tags[tonumber(n)]
return ("<a href=%s>%s</a>"):format(url.url, url.label)
end)
-- normalize newlines, replace them with <br>
text = text:gsub("\r?\n\r?\n+", "<br>"):gsub("\r?\n", "<br>")
-- rule
text = text:gsub("\n+%-%-%-", "<hr>")
-- <div class=\"post-img-container\"><img src=%1 alt=%2></div>
text = text:gsub("\1IMG:(%d+)\1", function (n)
local img = images[tonumber(n)]
return ("<div class=\"block-img-container\"><img class=\"block-img\" src=\"%s\" alt=\"%s\"></div>"):format(img.img, img.alt)
end)
-- replace code block placeholders back with their original contents
text = text:gsub("\1CODE:(%d+)\1", function(n)
local code = code_blocks[tonumber(n)]
local button = ("<button type=button class=\"copy-code\" value=\"%s\">Copy</button>"):format(code)
return "<pre><span class=\"copy-code-container\">" .. button .. "</span><code>"..code.."</code></pre>"
end)
text = text:gsub("\1ICODE:(%d+)\1", function (n)
local code = inline_codes[tonumber(n)]
return "<code class=\"inline-code\">" .. code .. "</code>"
return "<pre><code>"..code_blocks[tonumber(n)].."</code></pre>"
end)
return text

59
lib/sse.lua
View File

@ -1,59 +0,0 @@
---@class SSE
---@field active boolean if the stream is not active, you should stop the loop.
---@field private _queue table
local sse = {}
---Construct a new SSE object
---@return SSE
function sse:new()
ngx.header.content_type = "text/event-stream"
ngx.header.cache_control = "no-cache"
ngx.header.connection = "keep-alive"
ngx.status = ngx.HTTP_OK
ngx.flush(true)
local obj = {
active = true,
_queue = {},
}
ngx.on_abort(function()
obj.active = false
end)
return setmetatable(obj, {__index = sse})
end
---add data to the stream, writing on the next dispatch.
---if `event` is given, it will be the key.
---@param data string
---@param event? string
---@return boolean status
function sse:enqueue(data, event)
if not self.active then return false end
table.insert(self._queue, {
data = data,
event = event,
})
return true
end
---send all events since the last dispatch and flush the queue.
---call this every iteration of the loop.
function sse:dispatch()
while #self._queue > 0 do
local msg = table.remove(self._queue, 1)
if msg.event then
ngx.print("event: " .. msg.event .. "\n")
end
ngx.print("data: " .. msg.data .. "\n\n")
end
ngx.flush(true)
end
---close the stream.
function sse:close()
self.active = false
end
return sse

30
migrations.lua
View File

@ -62,33 +62,5 @@ return {
[8] = function ()
schema.add_column("topics", "sort_order", types.integer{default = 0})
db.query("UPDATE topics SET sort_order = (SELECT COUNT(*) FROM topics t2 WHERE t2.ROWID <= topics.ROWID)")
end,
[9] = function ()
schema.add_column("post_history", "original_markup", types.text{null = false})
schema.add_column("post_history", "markup_language", types.text{default = "babycode"})
end,
[10] = function ()
schema.add_column("users", "signature_original_markup", types.text{default = ""})
schema.add_column("users", "signature_rendered", types.text{default = ""})
end,
[11] = function ()
local render = require("lib.babycode").to_html
local html_escape = require("lapis.html").escape
local phs = db.query("SELECT * from post_history")
local users = db.query("SELECT * from users")
db.query("BEGIN")
for _, post_history in ipairs(phs) do
db.query("UPDATE post_history SET content = ? WHERE id = ?", render(post_history.original_markup, html_escape), post_history.id)
end
for _, user in ipairs(users) do
db.query("UPDATE users SET signature_rendered = ? WHERE id = ?", render(user.signature_original_markup, html_escape), user.id)
end
db.query("COMMIT")
end,
end
}

20
nginx.conf
View File

@ -19,7 +19,6 @@ http {
lua_code_cache ${{CODE_CACHE}};
location / {
lua_check_client_abort on;
default_type text/html;
content_by_lua_block {
require("lapis").serve("app")
@ -27,29 +26,16 @@ http {
}
location /static/ {
alias data/static/;
alias static/;
}
location /favicon.ico {
alias data/static/favicon.ico;
alias static/favicon.ico;
}
location /avatars {
alias data/static/avatars;
alias static/avatars;
expires 1y;
}
location /emoji {
alias data/static/emoji;
expires 1y;
}
location /static/js/ {
alias js/;
}
location /static/fonts/ {
alias fonts/;
}
}
}

2
porom-dev-1.rockspec
View File

@ -16,7 +16,7 @@ dependencies = {
"lapis == 1.16.0",
"lsqlite3",
"magick",
"luasodium",
"bcrypt",
"luaossl",
}

202
sass/style.scss
View File

@ -1,44 +1,11 @@
/* src: */
@use "sass:color";
@font-face {
font-family: "site-title";
src: url("/static/fonts/ChicagoFLF.woff2");
}
@mixin cadman($var) {
font-family: "Cadman";
src: url("/static/fonts/Cadman_#{$var}.woff2");
}
@font-face {
@include cadman("Roman");
font-weight: normal;
font-style: normal;
}
@font-face {
@include cadman("Bold");
font-weight: bold;
font-style: normal;
}
@font-face {
@include cadman("Italic");
font-weight: normal;
font-style: italic;
}
@font-face {
@include cadman("BoldItalic");
font-weight: bold;
font-style: italic;
}
$accent_color: #c1ceb1;
$dark_bg: color.scale($accent_color, $lightness: -25%, $saturation: -97%);
$dark2: color.scale($accent_color, $lightness: -30%, $saturation: -60%);
$verydark: color.scale($accent_color, $lightness: -80%, $saturation: -70%);
$light: color.scale($accent_color, $lightness: 40%, $saturation: -60%);
$lighter: color.scale($accent_color, $lightness: 60%, $saturation: -60%);
@ -49,8 +16,7 @@ $button_color: color.adjust($accent_color, $hue: 90);
%button-base {
cursor: default;
color: black;
font-size: 0.9em;
font-family: "Cadman";
font-size: 0.9rem;
text-decoration: none;
border: 1px solid black;
border-radius: 3px;
@ -83,8 +49,7 @@ $button_color: color.adjust($accent_color, $hue: 90);
}
body {
font-family: "Cadman";
// font-size: 18px;
font-family: sans-serif;
margin: 20px 100px;
background-color: $main_bg;
}
@ -96,7 +61,7 @@ body {
#topnav {
@include navbar($accent_color);
justify-content: space-between;
align-items: baseline;
align-items: center;
}
#bottomnav {
@ -116,9 +81,9 @@ body {
}
.site-title {
font-family: "site-title";
font-size: 3rem;
margin: 0 20px;
padding-right: 30px;
font-size: 1.5rem;
font-weight: bold;
text-decoration: none;
color: black;
}
@ -154,7 +119,7 @@ body {
.post-content-container {
display: grid;
grid-template-columns: 1fr;
grid-template-rows: 70px 2.5fr;
grid-template-rows: 0.2fr 2.5fr;
gap: 0px 0px;
grid-auto-flow: row;
grid-template-areas:
@ -175,85 +140,7 @@ body {
.post-content {
grid-area: post-content;
padding: 20px;
margin-right: 25%;
display: flex;
flex-direction: column;
overflow: hidden;
}
.post-inner {
height: 100%;
}
pre code {
display: block;
background-color: $verydark;
font-size: 1rem;
color: white;
border-bottom-right-radius: 8px;
border-bottom-left-radius: 8px;
border-left: 10px solid $lighter;
padding: 20px;
overflow: scroll;
}
.inline-code {
background-color: $verydark;
color: white;
padding: 5px 10px;
display: inline-block;
margin: 4px;
border-radius: 4px;
font-size: 1rem;
}
#delete-dialog {
padding: 0;
border-radius: 4px;
border: 2px solid black;
box-shadow: 0 0 30px rgba(0, 0, 0, 0.25);
}
.delete-dialog-inner {
display: flex;
flex-direction: column;
align-items: center;
padding: 20px;
}
.copy-code-container {
position: sticky;
// width: 100%;
width: calc(100% - 4px);
display: flex;
justify-content: space-between;
align-items: last baseline;
font-family: "Cadman";
border-top-right-radius: 8px;
border-top-left-radius: 8px;
background-color: $accent_color;
border-left: 2px solid black;
border-right: 2px solid black;
border-top: 2px solid black;
&::before {
content: "code block";
font-style: italic;
margin-left: 10px;
}
}
.copy-code {
margin-right: 10px;
}
blockquote {
padding: 10px 20px;
margin: 10px;
border-radius: 4px;
border-left: 10px solid $lighter;
background-color: $dark2;
padding: 5px 20px;
}
.user-posts {
@ -385,7 +272,7 @@ input[type="text"], input[type="password"], textarea, select {
.infobox {
border: 2px solid black;
background-color: #81a3e6;
background-color: $accent_color;
padding: 20px 15px;
&.critical {
@ -440,12 +327,6 @@ input[type="text"], input[type="password"], textarea, select {
width: 50%;
}
.block-img {
object-fit: contain;
max-width: 400px;
max-height: 400px;
}
.thread-info-container {
grid-area: thread-info-container;
background-color: $accent_color;
@ -454,16 +335,12 @@ input[type="text"], input[type="password"], textarea, select {
border-bottom: 1px solid black;
display: flex;
flex-direction: column;
overflow: hidden;
max-height: 110px;
mask-image: linear-gradient(180deg,#000 60%,transparent);
}
.thread-info-post-preview {
overflow: hidden;
text-overflow: ellipsis;
display: inline;
margin-right: 25%;
}
.topic {
@ -489,60 +366,3 @@ input[type="text"], input[type="password"], textarea, select {
grid-area: topic-locked-container;
border: 2px outset $light;
}
.draggable-topic {
cursor: pointer;
user-select: none;
background-color: $accent_color;
padding: 20px;
margin: 12px 0;
border-top: 6px outset $light;
border-bottom: 6px outset $dark2;
&.dragged {
background-color: $button_color;
}
}
.editing {
background-color: $light;
}
.context-explain {
margin: 20px 0;
display: flex;
justify-content: space-evenly;
}
.post-edit-form {
display: flex;
flex-direction: column;
align-items: baseline;
height: 100%;
}
.babycode-editor {
height: 150px;
}
ul, ol {
margin: 10px 0 10px 30px;
padding: 0;
}
.new-concept-notification.hidden {
display: none;
}
.new-concept-notification {
position: fixed;
bottom: 80px;
right: 80px;
border: 2px solid black;
background-color: #81a3e6;
padding: 20px 15px;
border-radius: 4px;
box-shadow: 0 0 30px rgba(0, 0, 0, 0.25);
}

0
secrets/secrets.lua.example → secrets.lua.example
View File

17
start.sh
View File

@ -1,24 +1,15 @@
#!/bin/bash
set -e
start() {
lapis migrate
lapis serve
}
first_launch() {
echo "Setting up for the first time"
mkdir -p secrets
local SECRET
SECRET="$(openssl rand -hex 32)"
echo "return { key = \"${SECRET}\",}" > secrets/secrets.lua
touch "secrets/.touched.$LAPIS_ENVIRONMENT"
mkdir -p data/db
luajit schema.lua
chmod -R a+rw data
touch ".first_launch.$LAPIS_ENVIRONMENT"
lua5.1 schema.lua
lapis migrate
luajit create_default_accounts.lua
lua5.1 create_default_accounts.lua
}
if [[ $# -ne 1 ]]; then
@ -30,7 +21,7 @@ fi
echo "Starting in $LAPIS_ENVIRONMENT"
if ! [ -f "secrets/.touched.$LAPIS_ENVIRONMENT" ]; then
if ! [ -f ".first_launch.$LAPIS_ENVIRONMENT" ]; then
first_launch
fi

0
data/static/avatars/default.webp → static/avatars/default.webp
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 8.3 KiB

After

Width:  |  Height:  |  Size: 8.3 KiB

188
data/static/style.css → static/style.css
View File

@ -1,36 +1,8 @@
@font-face {
font-family: "site-title";
src: url("/static/fonts/ChicagoFLF.woff2");
}
@font-face {
font-family: "Cadman";
src: url("/static/fonts/Cadman_Roman.woff2");
font-weight: normal;
font-style: normal;
}
@font-face {
font-family: "Cadman";
src: url("/static/fonts/Cadman_Bold.woff2");
font-weight: bold;
font-style: normal;
}
@font-face {
font-family: "Cadman";
src: url("/static/fonts/Cadman_Italic.woff2");
font-weight: normal;
font-style: italic;
}
@font-face {
font-family: "Cadman";
src: url("/static/fonts/Cadman_BoldItalic.woff2");
font-weight: bold;
font-style: italic;
}
/* src: */
.currentpage, .pagebutton, input[type=file]::file-selector-button, button.warn, input[type=submit].warn, .linkbutton.warn, button.critical, input[type=submit].critical, .linkbutton.critical, button, input[type=submit], .linkbutton {
cursor: default;
color: black;
font-size: 0.9em;
font-family: "Cadman";
font-size: 0.9rem;
text-decoration: none;
border: 1px solid black;
border-radius: 3px;
@ -39,7 +11,7 @@
}
body {
font-family: "Cadman";
font-family: sans-serif;
margin: 20px 100px;
background-color: rgb(173.5214173228, 183.6737007874, 161.0262992126);
}
@ -54,7 +26,7 @@ body {
justify-content: end;
background-color: #c1ceb1;
justify-content: space-between;
align-items: baseline;
align-items: center;
}
#bottomnav {
@ -77,9 +49,9 @@ body {
}
.site-title {
font-family: "site-title";
font-size: 3rem;
margin: 0 20px;
padding-right: 30px;
font-size: 1.5rem;
font-weight: bold;
text-decoration: none;
color: black;
}
@ -114,7 +86,7 @@ body {
.post-content-container {
display: grid;
grid-template-columns: 1fr;
grid-template-rows: 70px 2.5fr;
grid-template-rows: 0.2fr 2.5fr;
gap: 0px 0px;
grid-auto-flow: row;
grid-template-areas: "post-info" "post-content";
@ -133,83 +105,7 @@ body {
.post-content {
grid-area: post-content;
padding: 20px;
margin-right: 25%;
display: flex;
flex-direction: column;
overflow: hidden;
}
.post-inner {
height: 100%;
}
pre code {
display: block;
background-color: rgb(38.5714173228, 40.9237007874, 35.6762992126);
font-size: 1rem;
color: white;
border-bottom-right-radius: 8px;
border-bottom-left-radius: 8px;
border-left: 10px solid rgb(229.84, 231.92, 227.28);
padding: 20px;
overflow: scroll;
}
.inline-code {
background-color: rgb(38.5714173228, 40.9237007874, 35.6762992126);
color: white;
padding: 5px 10px;
display: inline-block;
margin: 4px;
border-radius: 4px;
font-size: 1rem;
}
#delete-dialog {
padding: 0;
border-radius: 4px;
border: 2px solid black;
box-shadow: 0 0 30px rgba(0, 0, 0, 0.25);
}
.delete-dialog-inner {
display: flex;
flex-direction: column;
align-items: center;
padding: 20px;
}
.copy-code-container {
position: sticky;
width: calc(100% - 4px);
display: flex;
justify-content: space-between;
align-items: last baseline;
font-family: "Cadman";
border-top-right-radius: 8px;
border-top-left-radius: 8px;
background-color: #c1ceb1;
border-left: 2px solid black;
border-right: 2px solid black;
border-top: 2px solid black;
}
.copy-code-container::before {
content: "code block";
font-style: italic;
margin-left: 10px;
}
.copy-code {
margin-right: 10px;
}
blockquote {
padding: 10px 20px;
margin: 10px;
border-radius: 4px;
border-left: 10px solid rgb(229.84, 231.92, 227.28);
background-color: rgb(135.1928346457, 145.0974015748, 123.0025984252);
padding: 5px 20px;
}
.user-posts {
@ -378,7 +274,7 @@ input[type=text]:focus, input[type=password]:focus, textarea:focus, select:focus
.infobox {
border: 2px solid black;
background-color: #81a3e6;
background-color: #c1ceb1;
padding: 20px 15px;
}
.infobox.critical {
@ -430,12 +326,6 @@ input[type=text]:focus, input[type=password]:focus, textarea:focus, select:focus
width: 50%;
}
.block-img {
object-fit: contain;
max-width: 400px;
max-height: 400px;
}
.thread-info-container {
grid-area: thread-info-container;
background-color: #c1ceb1;
@ -444,16 +334,12 @@ input[type=text]:focus, input[type=password]:focus, textarea:focus, select:focus
border-bottom: 1px solid black;
display: flex;
flex-direction: column;
overflow: hidden;
max-height: 110px;
mask-image: linear-gradient(180deg, #000 60%, transparent);
}
.thread-info-post-preview {
overflow: hidden;
text-overflow: ellipsis;
display: inline;
margin-right: 25%;
}
.topic {
@ -478,57 +364,3 @@ input[type=text]:focus, input[type=password]:focus, textarea:focus, select:focus
grid-area: topic-locked-container;
border: 2px outset rgb(217.26, 220.38, 213.42);
}
.draggable-topic {
cursor: pointer;
user-select: none;
background-color: #c1ceb1;
padding: 20px;
margin: 12px 0;
border-top: 6px outset rgb(217.26, 220.38, 213.42);
border-bottom: 6px outset rgb(135.1928346457, 145.0974015748, 123.0025984252);
}
.draggable-topic.dragged {
background-color: rgb(177, 206, 204.5);
}
.editing {
background-color: rgb(217.26, 220.38, 213.42);
}
.context-explain {
margin: 20px 0;
display: flex;
justify-content: space-evenly;
}
.post-edit-form {
display: flex;
flex-direction: column;
align-items: baseline;
height: 100%;
}
.babycode-editor {
height: 150px;
}
ul, ol {
margin: 10px 0 10px 30px;
padding: 0;
}
.new-concept-notification.hidden {
display: none;
}
.new-concept-notification {
position: fixed;
bottom: 80px;
right: 80px;
border: 2px solid black;
background-color: #81a3e6;
padding: 20px 15px;
border-radius: 4px;
box-shadow: 0 0 30px rgba(0, 0, 0, 0.25);
}

209
util.lua
View File

@ -3,13 +3,11 @@ local magick = require("magick")
local db = require("lapis.db")
local html_escape = require("lapis.html").escape
local constants = require("constants")
local string_trim = require("lapis.util").trim
local Avatars = require("models").Avatars
local Users = require("models").Users
local Posts = require("models").Posts
local PostHistory = require("models").PostHistory
local Threads = require("models").Threads
local babycode = require("lib.babycode")
@ -35,140 +33,10 @@ util.TransientUser = {
username = "Deleted User",
}
-- PURE API
function util.get_user_avatar_url(req, user)
return Avatars:find(user.avatar_id).file_path
end
---split a string
---@param s string subject
---@param delimiter string? string to split by, can be empty to split by character
---@param max_matches integer? the maximum number of returned elements
---@param trim boolean? whether to trim whitespace off matches
---@param allow_empty boolean? should empty matches be in the resulting table
---@return string[]
function util.s_split(s, delimiter, max_matches, trim, allow_empty)
local result = {}
if s == "" then
return result
end
trim = trim == nil and true or trim
local tr = function(subj)
if trim then return string_trim(subj) else return subj end
end
max_matches = max_matches or -1
allow_empty = allow_empty == nil and true or allow_empty
if delimiter == "" then
for i=1, #s do
local c = s:sub(i, 1)
if allow_empty or c ~= "" then
table.insert(result, c)
if max_matches > 0 and #result == max_matches then
break
end
end
end
return result
end
local current_pos = 1
local delim_len = #delimiter
while true do
if max_matches > 0 and #result >= max_matches then
break
end
---@diagnostic disable-next-line: param-type-mismatch
local start_pos, end_pos = s:find(delimiter, current_pos, true)
if not start_pos then
break
end
local substr = s:sub(current_pos, start_pos - 1)
if allow_empty or substr ~= "" then
table.insert(result, tr(substr))
end
current_pos = end_pos + 1
end
local substr = s:sub(current_pos)
if allow_empty or substr ~= "" then
table.insert(result, tr(substr))
end
return result
end
function util.split_sentences(sentences, max_sentences)
return util.s_split(sentences, ".", max_sentences or 2, true, false)
end
---@return string
function util.get_post_url(req, post_id)
local post = Posts:find({id = post_id})
if not post then return "" end
local thread = Threads:find({id = post.thread_id})
if not thread then return "" end
return req:url_for("thread", {slug = thread.slug}, {after = post_id}) .. "#post-" .. post_id
end
function util.infobox_message(msg)
local sentences = util.split_sentences(msg)
if #sentences == 1 then
return "<b>" .. sentences[1] .. ". " .. "</b>"
end
return "<span><b>" .. sentences[1] .. ". " .. "</b> " .. sentences[2] .. ".</span>"
end
function util.get_logged_in_user(req)
if req.session.session_key == nil then
return nil
end
local session = db.select('* FROM "sessions" WHERE "key" = ? AND "expires_at" > "?" LIMIT 1', req.session.session_key, os.time())
if #session > 0 then
return Users:find({id = session[1].user_id})
end
return nil
end
function util.get_logged_in_user_or_transient(req)
return util.get_logged_in_user(req) or util.TransientUser
end
function util.ntob(v)
return v ~= 0
end
function util.bton(b)
return 1 and b or 0
end
function util.stob(s)
return s == "true"
end
function util.form_bool_to_sqlite(s)
return util.bton(util.stob(s))
end
function util.is_thread_locked(thread)
return util.ntob(thread.is_locked)
end
function util.is_topic_locked(topic)
return util.ntob(topic.is_locked)
end
-- OTHER API
function util.extend_session_cookie(req)
req.session.last_activity = os.time()
end
function util.validate_and_create_image(input_image, filename)
local img = magick.load_image_from_blob(input_image)
@ -213,7 +81,7 @@ function util.destroy_avatar(avatar_id)
return
end
local file_path = "data/static" .. avatar.file_path
local file_path = "static" .. avatar.file_path
local f = io.open(file_path, "r")
if not f then
print("can't open avatar file")
@ -224,8 +92,49 @@ function util.destroy_avatar(avatar_id)
end
end
function util.create_post(thread_id, user_id, content, markup_language)
markup_language = markup_language or "babycode"
function util.get_logged_in_user(req)
if req.session.session_key == nil then
return nil
end
local session = db.select('* FROM "sessions" WHERE "key" = ? AND "expires_at" > "?" LIMIT 1', req.session.session_key, os.time())
if #session > 0 then
return Users:find({id = session[1].user_id})
end
return nil
end
function util.get_logged_in_user_or_transient(req)
return util.get_logged_in_user(req) or util.TransientUser
end
function util.ntob(v)
return v ~= 0
end
function util.bton(b)
return 1 and b or 0
end
function util.stob(s)
if s == "true" then
return true
end
if s == "false" then
return false
end
end
function util.form_bool_to_sqlite(s)
return util.bton(util.stob(s))
end
function util.is_thread_locked(thread)
return util.ntob(thread.is_locked)
end
function util.create_post(thread_id, user_id, content)
db.query("BEGIN")
local post = Posts:create({
thread_id = thread_id,
@ -233,17 +142,12 @@ function util.create_post(thread_id, user_id, content, markup_language)
current_revision_id = db.NULL,
})
local parsed_content = ""
if markup_language == "babycode" then
parsed_content = babycode.to_html(content, html_escape)
end
local bb_content = babycode.to_html(content, html_escape)
local revision = PostHistory:create({
post_id = post.id,
content = parsed_content,
content = bb_content,
is_initial_revision = true,
original_markup = content,
markup_language = "babycode",
})
post:update({current_revision_id = revision.id})
@ -252,27 +156,6 @@ function util.create_post(thread_id, user_id, content, markup_language)
return post
end
function util.update_post(post, new_content, markup_language)
markup_language = markup_language or "babycode"
db.query("BEGIN")
local parsed_content = ""
if markup_language == "babycode" then
parsed_content = babycode.to_html(new_content, html_escape)
end
local revision = PostHistory:create({
post_id = post.id,
content = parsed_content,
is_initial_revision = false,
original_markup = new_content,
markup_language = markup_language
})
post:update({current_revision_id = revision.id})
db.query("COMMIT")
end
function util.transfer_and_delete_user(user)
local deleted_user = Users:find({
username = "DeletedUser",

9
views/base.etlua
View File

@ -7,16 +7,11 @@
<% else %>
<title>Porom</title>
<% end %>
<link rel="stylesheet" href="<%= "/static/style.css?v=" .. __cachebust %>">
<% math.randomseed(os.time()) %>
<link rel="stylesheet" href="<%= "/static/style.css?" .. math.random(1, 100) %>">
</head>
<body>
<% render("views.common.topnav") -%>
<% content_for("inner") %>
<footer class="darkbg">
<span>Porom commit <a href="<%= "https://git.poto.cafe/yagich/porom/commit/" .. __commit %>"><%= __commit %></a>
</span>
</footer>
<script src="/static/js/copy-code.js"></script>
<script src="/static/js/date-fmt.js"></script>
</body>
</html>

8
views/common/babycode-editor-component.etlua
View File

@ -1,8 +0,0 @@
<span>
<button type=button id="post-editor-bold" title="Insert Bold">B</button>
<button type=button id="post-editor-italics" title="Insert Italics">I</button>
<button type=button id="post-editor-strike" title="Insert Strikethrough">S</button>
<button type=button id="post-editor-code" title="Insert Code block">Code</button>
</span>
<textarea class="babycode-editor" name="<%= ta_name %>" id="babycode-content" placeholder="<%= ta_placeholder or "Post body"%>" <%= not optional and "required" or "" %>><%- prefill or "" %></textarea>
<script src="/static/js/babycode-editor.js"></script>

16
views/common/babycode-editor.etlua
View File

@ -1,16 +0,0 @@
<%
local save_button_text = "Post reply"
if cancel_url then
save_button_text = "Save"
end
%>
<form class="post-edit-form" method="post" action="<%= url or "" %>">
<% render ("views.common.babycode-editor-component", {ta_name = ta_name, prefill = prefill}) %>
<span>
<input type=submit value="<%= save_button_text %>">
<% if cancel_url then %>
<a class="linkbutton warn" href="<%= cancel_url %>">Cancel</a>
<% end %>
</span>
<% render("views.common.bbcode_help") %>
</form>

59
views/common/bbcode_help.etlua
View File

@ -1,62 +1,11 @@
<details>
<summary>babycode guide</summary>
<summary>Supported babycode tags</summary>
<ul>
<li>
<details>
<summary>Forumoji (emoticons)</summary>
<ul>
<li><img class="emoji" src="/emoji/smile.png" alt="smile" title="smile"> - <code class=inline-code>:): </code></li>
<li><img class="emoji" src="/emoji/frown.png" alt="frown" title="frown"> - <code class=inline-code>:(: </code></li>
<li><img class="emoji" src="/emoji/grin.png" alt="grin" title="grin"> - <code class=inline-code>:D: </code></li>
<li><img class="emoji" src="/emoji/neutral.png" alt="neutral" title="neutral"> - <code class=inline-code>:|: </code></li>
<li><img class="emoji" src="/emoji/angry.png" alt="angry" title="angry"> - <code class=inline-code>:angry: </code></li>
<li><img class="emoji" src="/emoji/sob.png" alt="sob" title="sob"> - <code class=inline-code>:,: :cry: :sob: :T: </code></li>
<li><img class="emoji" src="/emoji/surprised.png" alt="surprised" title="surprised"> - <code class=inline-code>:o: :O: </code></li>
<li><img class="emoji" src="/emoji/think.png" alt="think" title="think"> - <code class=inline-code>:hmm: :think: :thinking: </code></li>
<li><img class="emoji" src="/emoji/tongue.png" alt="tongue" title="tongue"> - <code class=inline-code>:p: :P: </code></li>
<li><img class="emoji" src="/emoji/wink.png" alt="wink" title="wink"> - <code class=inline-code>:;: :wink: </code></li>
<li><img class="emoji" src="/emoji/imp.png" alt="imp" title="imp"> - <code class=inline-code>:imp: </code></li>
<li><img class="emoji" src="/emoji/impangry.png" alt="impangry" title="impangry"> - <code class=inline-code>:angryimp: :impangry: </code></li>
</ul>
</details>
</li>
<li>Loose links will be converted to clickable links automatically</li>
<li>[b]<b>bold</b>[/b]</li>
<li>[i]<i>italic</i>[/i]</li>
<li>[s]<del>strikethrough</del>[/s]</li>
<li>[img=https://example.com/some-image]alt text[/img] creates an image</li>
<li>[url=https://example.com]<a href="https://example.com">labeled URL</a>[/url]</li>
<li>
[ul] and [ol] are unordered and ordered lists:
<details>
<summary>Show list example</summary>
<pre><span class="copy-code-container"><button type=button class="copy-code" value="[ul]
item 1
item 2
item 3
still item 3 (break line without inserting a new item by using two spaces at the end of a line)
[/ul]">Copy</button></span><code>[ul]
item 1
item 2
item 3
still item 3 (break line without inserting a new item by using two spaces at the end of a line)
[/ul]</code></pre>
</details>
</li>
<li>
[code]with<br>line breaks[/code] will produce a code block:
<details>
<summary>Show code block example</summary>
<pre><span class="copy-code-container"><button type=button class="copy-code" value="with
line breaks">Copy</button></span><code>with
line breaks</code></pre>
</details>
</li>
<li>[code]<code class="inline-code">with no line breaks</code>[/code]</li>
<li><code class="inline-code">---</code> will create a horizontal rule for separating content</li>
<li>[url]<a href="https://unlabeled-url.example.com">https://unlabeled-url.example.com</a>[/url]</li>
<li>[code]<code>code block</code>[/code]</li>
</ul>
</details>
</details>

3
views/common/infobox.etlua
View File

@ -1,7 +1,6 @@
<%
local class = "infobox " .. constants.InfoboxHTMLClass[kind]
local icon = constants.InfoboxIcons[kind]
local sentences = infobox_message(msg)
%>
<div class="<%= class %>">
@ -9,6 +8,6 @@
<div class="infobox-icon-container">
<% render(icon) %>
</div>
<%- sentences %>
<%= msg %>
</span>
</div>

1
views/common/timestamp.etlua
View File

@ -1 +0,0 @@
<span class="timestamp" data-utc="<%= timestamp %>"><%= os.date("%c", timestamp) %></span>

19
views/mod/sort-topics.etlua
View File

@ -1,19 +0,0 @@
<div class="darkbg settings-container">
<% if infobox then %>
<% render("views.common.infobox", infobox) %>
<% end %>
<h1>Change topics order</h1>
<p>Drag topic titles to reoder them. Press submit when done. The topics will appear to users in the order set here.</p>
<form method="post" id=topics-container>
<% for _, topic in ipairs(topics) do %>
<div draggable="true" class="draggable-topic" ondragover="dragOver(event)" ondragstart="dragStart(event)" ondragend="dragEnd()">
<div class="thread-title"><%= topic.name %></div>
<div><%= topic.description %></div>
<input type="hidden" name="<%= topic.id %>" value="<%= topic.sort_order %>" class="topic-input">
</div>
<% end %>
<input type=submit value="Save order">
</form>
</div>
<script src="/static/js/sort-topics.js"></script>

17
views/post/edit-post.etlua
View File

@ -1,17 +0,0 @@
<% for i = #prev_context, 1, -1 do %>
<% local post = prev_context[i] %>
<% render("views.threads.post", {post = post, edit = false, is_latest = false, no_reply = true}) %>
<% end %>
<span class="context-explain">
<span>&uarr;&uarr;&uarr;</span><i>Context</i><span>&uarr;&uarr;&uarr;</span>
</span>
<% if infobox then %>
<% render("views.common.infobox", infobox) %>
<% end %>
<% render("views.threads.post", {post = editing_post, edit = true, is_latest = false, no_reply = true}) %>
<span class="context-explain">
<span>&darr;&darr;&darr;</span><i>Context</i><span>&darr;&darr;&darr;</span>
</span>
<% for _, post in ipairs(next_context) do %>
<% render("views.threads.post", {post = post, edit = false, is_latest = false, no_reply = true}) %>
<% end %>

9
views/post/single-post.etlua
View File

@ -1,9 +0,0 @@
<% if not post then %>
<% render("views.common.infobox", {kind = constants.InfoboxKind.ERROR, msg = "Post not found"}) %>
<% else %>
<div class=darkbg>
<h1 class=thread-title><%= post.username .. "'s post in " .. thread.title %></h1>
</div>
<% render("views.threads.post", {post = post, edit = false, is_latest = false, no_reply = true}) %>
<a class=linkbutton href="<%= url_for("thread", {slug = thread.slug}, {after = post.id}) .. "#post-" .. post.id %>">View in context</a>
<% end %>

4
views/threads/create.etlua
View File

@ -9,8 +9,8 @@
</select><br>
<label for="title">Thread title</label>
<input type="text" id="title" name="title" placeholder="Required" required>
<label for="initial_post">Post body</label><br>
<% render("views.common.babycode-editor-component", {ta_name = "initial_post"}) %>
<label for="initial_post">Post body</label>
<textarea id="initial_post" name="initial_post" placeholder="Required" rows=5 required></textarea>
<% render "views.common.bbcode_help" %>
<input type="submit" value="Create thread">
</form>

10
views/threads/new-post-notification.etlua
View File

@ -1,10 +0,0 @@
<div id="new-post-notification" class="new-concept-notification hidden">
<div class="new-notification-content">
<p>New post in thread!</p>
<span class="notification-buttons">
<button id="dismiss-new-post-button">Dismiss</button>
<a class="linkbutton" id="go-to-new-post-button">View post</a>
<button id="unsub-new-post-button">Stop updates</button>
</span>
</div>
</div>

76
views/threads/post.etlua
View File

@ -1,10 +1,4 @@
<%
local pc = "post"
if edit then
pc = pc .. " editing"
end
%>
<div class="<%= pc %>" id="post-<%= post.id %>">
<div class="post" id="post-<%= post.id %>">
<div class="usercard">
<a href="<%= url_for("user", {username = post.username}) %>" style="display: contents;">
<img src="<%= post.avatar_path %>" class="avatar">
@ -14,69 +8,19 @@
<em class="user-status"><%= post.status %></em>
<% end %>
</div>
<div class="post-content-container"<%= is_latest and 'id=latest-post' or "" %>>
<div class="post-info">
<%
local post_url = url_for("thread", {slug = thread.slug}, {page = page}) .. "#post-" .. post.id
%>
<a href="<%= post_url %>" title="Permalink"><i>
<% if tonumber(post.edited_at) > tonumber(post.created_at) then -%>
Edited at <% render("views.common.timestamp", {timestamp = post.edited_at}) -%>
<% else -%>
Posted on <% render("views.common.timestamp", {timestamp = post.created_at}) -%>
<% end -%>
</i></a>
<span>
<%
local show_edit = me.id == post.user_id and not me:is_guest() and (not ntob(thread.is_locked) or me:is_mod()) and not no_reply
if show_edit then
%>
<a class="linkbutton" href="<%= url_for("edit_post", {post_id = post.id}) %>">Edit</a>
<% end %>
<%
local show_reply = true
if ntob(thread.is_locked) and not me:is_mod() then
show_reply = false
elseif me:is_guest() then
show_reply = false
elseif edit then
show_reply = false
elseif no_reply then
show_reply = false
end
if show_reply then
local d = post.created_at < post.edited_at and post.edited_at or post.created_at
local quote_src_text = ("[url=%s]%s said:[/url]"):format(
post_url, post.username
)
local reply_text = ("%s\n[quote]%s[/quote]\n---\n\n"):format(quote_src_text, post.original_markup)
%>
<button value="<%= reply_text %>" class="reply-button">Reply</button>
<% end %>
<%
local show_delete = (post.user_id == me.id and not ntob(thread.is_locked)) or me:is_mod()
if show_delete then
%>
<button class="critical post-delete-button" value="<%= post.id %>">Delete</button>
<% end %>
</span>
<div><a href="<%= "#post-" .. post.id %>" title="Permalink"><i>
<% if tonumber(post.edited_at) > tonumber(post.created_at) then -%>
Edited at <%= os.date("%c", post.edited_at) %>
<% else -%>
Posted at <%= os.date("%c", post.created_at) %>
<% end -%>
</i></a></div>
<div><button>Reply</button></div>
</div>
<div class="post-content">
<% if not edit then %>
<div class="post-inner"><%- post.content %></div>
<% if render_sig and #post.signature_rendered > 0 then %>
<div class="signature-container">
<hr>
<%- post.signature_rendered %></div>
<% end %>
<% else %>
<% render("views.common.babycode-editor", {
cancel_url = url_for("thread", {slug = thread.slug}, {after = post.id}) .. "#post-" .. post.id,
prefill = post.original_markup,
ta_name = "new_content"
}) %>
<% end %>
<%- post.content %>
</div>
</div>
</div>

62
views/threads/thread.etlua
View File

@ -1,45 +1,11 @@
<%
local is_locked = ntob(thread.is_locked)
local is_stickied = ntob(thread.is_stickied)
local can_post = (not is_locked and not me:is_guest()) or me:is_mod()
local can_lock = me.id == thread.user_id or me:is_mod()
%>
<% if infobox then %>
<% render("views.common.infobox", infobox) %>
<% end %>
<% local is_locked = ntob(thread.is_locked) %>
<main>
<nav class="darkbg">
<h1 class="thread-title"><%= thread.title %></h1>
<span>Posted in <a href="<%= url_for("topic", {slug = topic.slug}) %>"><%= topic.name %></a>
<% if is_stickied then %> &bullet; <i>stickied, so it's probably important</i>
<% end %>
</span>
<% if can_lock then %>
<div>
<form class="modform" action="<%= url_for("thread_lock", {slug = thread.slug}) %>" method="post">
<input type=hidden value="<%= not is_locked %>" name="target_op">
<input class="warn" type="submit" value="<%= is_locked and "Unlock thread" or "Lock thread" %>">
</form>
<% if me:is_mod() then %>
<form class="modform" action="<%= url_for("thread_sticky", {slug = thread.slug}) %>" method="post">
<input type=hidden value="<%= not is_stickied %>" name="target_op">
<input class="warn" type="submit" value="<%= is_stickied and "Unsticky thread" or "Sticky thread" %>">
</form>
<form class="modform" action="<%= url_for("thread_move", {slug = thread.slug}) %>" method="post">
<label for="new_topic_id">Move to topic:</label>
<select style="width:200px;" id="new_topic_id" name="new_topic_id" autocomplete="off">
<% for _, topic in ipairs(other_topics) do %>
<option value="<%= topic.id %>" <%- thread.topic_id == topic.id and "selected disabled" or "" %>><%= topic.name %></option>
<% end %>
</select>
<input class="warn" type="submit" value="Move thread">
</form>
<% end %>
</div>
<% end %>
<span>Posted in <a href="<%= url_for("topic", {slug = topic.slug}) %>"><%= topic.name %></a></span>
</nav>
<% for i, post in ipairs(posts) do %>
<% render("views.threads.post", {post = post, render_sig = true, is_latest = i == #posts}) %>
<% render("views.threads.post", {post = post, is_latest = i == #posts}) %>
<% end %>
</main>
@ -50,20 +16,10 @@
<% if is_locked then -%>
<% render("views.common.infobox", {kind = constants.InfoboxKind.LOCK, msg = "This thread is locked."}) %>
<% end -%>
<% if can_post then %>
<h1>Respond to "<%= thread.title %>"</h1>
<% render("views.common.babycode-editor", {ta_name="post_content"}) %>
<% if not me:is_guest() and not is_locked then %>
<h1>Respond to "<%= thread.title %>"</h1>
<form method="post">
<textarea id="post_content" name="post_content" placeholder="Response body" required></textarea><br>
<input type="submit" value="Post reply">
</form>
<% end %>
<dialog id="delete-dialog">
<div class=delete-dialog-inner>
Are you sure you want to delete the highlighted post?
<span>
<button id=post-delete-dialog-close>Cancel</button>
<button class="critical" form=post-delete-form>Delete</button>
<form id="post-delete-form" method="post"></form>
</span>
</div>
</dialog>
<input type="hidden" id="thread-subscribe-endpoint" value="<%= url_for("sse_thread_updates", {thread_id = thread.id}) %>">
<% render("views.threads.new-post-notification") %>
<script src="/static/js/thread.js"></script>

33
views/topics/topic.etlua
View File

@ -2,8 +2,6 @@
<% render("views.common.infobox", infobox) %>
<% end %>
<% local is_locked = ntob(topic.is_locked) %>
<nav class="darkbg">
<h1 class="thread-title">All threads in "<%= topic.name %>"</h1>
<span><%= topic.description %></span>
@ -14,28 +12,25 @@
<p>Your account is still pending confirmation by a moderator. You are not able to create a new thread or post at this time.</p>
<% elseif thread_create_error == ThreadCreateError.LOGGED_OUT then %>
<p>Only logged in users can create threads. <a href="<%= url_for("user_signup") %>">Sign up</a> or <a href="<%= url_for("user_login")%>">log in</a> to create a thread.</p>
<% else %>
<p>This topic is locked.</p>
<% end %>
<% if me:is_mod() then %>
<a class="linkbutton" href="<%= url_for("topic_edit", {slug = topic.slug}) %>">Edit topic</a>
<form class="modform" method="post" action="<%= url_for("topic_edit", {slug = topic.slug}) %>">
<input type="hidden" name="is_locked" value="<%= not is_locked %>">
<input class="warn" type="submit" id="lock" value="<%= is_locked and "Unlock topic" or "Lock topic" %>">
<input type="hidden" name="is_locked" value="<%= not ntob(topic.is_locked) %>">
<input class="warn" type="submit" id="lock" value="<%= ntob(topic.is_locked) and "Unlock topic" or "Lock topic" %>">
</form>
<button type="button" class="critical" id="topic-delete-dialog-open">Delete</button>
<% end %>
</div>
</nav>
<% if is_locked then -%>
<% render("views.common.infobox", {kind = constants.InfoboxKind.LOCK, msg = "This topic is locked. Only moderators can create new threads."}) %>
<% end -%>
<% if #threads_list == 0 then %>
<p>There are no threads in this topic.</p>
<% else %>
<% for _, thread in ipairs(threads_list) do %>
<% local is_stickied = ntob(thread.is_stickied) %>
<% local thread_is_locked = ntob(thread.is_locked) %>
<% local is_locked = ntob(thread.is_locked) %>
<div class="thread">
<div class="thread-sticky-container contain-svg">
<% if is_stickied then -%>
@ -48,18 +43,18 @@
<span class="thread-title"><a href="<%= url_for("thread", {slug = thread.slug}) %>"><%= thread.title %></a></span>
&bullet;
Started by <a href=<%= url_for("user", {username = thread.started_by}) %>><%= thread.started_by %></a>
on <% render("views.common.timestamp", {timestamp = thread.created_at}) -%>
on <%= os.date("%c", thread.created_at) %>
</span>
<span>
Latest post by <a href="<%= url_for("user", {username = thread.latest_post_username}) %>"><%= thread.latest_post_username %></a>
<a href="<%= url_for("thread", {slug = thread.slug}, {after = thread.latest_post_id}) .. "#post-" .. thread.latest_post_id %>">on <% render("views.common.timestamp", {timestamp = thread.latest_post_created_at}) -%></a>:
<a href="<%= url_for("thread", {slug = thread.slug}, {after = thread.latest_post_id}) .. "#post-" .. thread.latest_post_id %>">on <%= os.date("%c", thread.latest_post_created_at) %></a>:
</span>
<span class="thread-info-post-preview">
<%- thread.latest_post_content %>
</span>
</div>
<div class="thread-locked-container contain-svg">
<% if thread_is_locked then -%>
<% if is_locked then -%>
<% render("svg-icons.lock") %>
<i>Locked</i>
<% end -%>
@ -71,15 +66,3 @@
<nav id="bottomnav">
<% render("views.common.pagination", {page_count = pages, current_page = page}) %>
</nav>
<dialog id="delete-dialog">
<div class=delete-dialog-inner>
Are you sure you want to delete this topic?
<span>
<button id=topic-delete-dialog-close>Cancel</button>
<button class="critical" form=topic-delete-form>Delete</button>
<form id="topic-delete-form" method="post" action="<%= url_for("topic_delete", {slug = topic.slug}) %>"></form>
</span>
</div>
</dialog>
<script src="/static/js/topic.js"></script>

9
views/topics/topics.etlua
View File

@ -2,14 +2,9 @@
<h1 class="thread-title">All topics</h1>
<% if me:is_mod() then %>
<a class="linkbutton" href="<%= url_for("topic_create") %>">Create new topic</a>
<a class="linkbutton" href="<%= url_for("sort_topics") %>">Sort topics</a>
<% end %>
</nav>
<% if infobox then %>
<% render("views.common.infobox", infobox) %>
<% end %>
<% if #topic_list == 0 then %>
<p>There are no topics.</p>
<% else %>
@ -17,11 +12,11 @@
<% local is_locked = ntob(topic.is_locked) %>
<div class="topic">
<div class="topic-info-container">
<a class="thread-title" href=<%= url_for("topic", {slug = topic.slug}) %>><%= topic.name %></a>
<a href=<%= url_for("topic", {slug = topic.slug}) %>><%= topic.name %></a>
<%= topic.description %>
<% if topic.latest_thread_username then %>
<span>
Latest thread: <a href="<%= url_for("thread", {slug = topic.latest_thread_slug}) %>"><%= topic.latest_thread_title %></a> by <a href="<%= url_for("user", {username = topic.latest_thread_username}) %>"><%= topic.latest_thread_username %></a> on <% render("views.common.timestamp", {timestamp = topic.latest_thread_created_at}) -%>
Latest thread: <a href="<%= url_for("thread", {slug = topic.latest_thread_slug}) %>"><%= topic.latest_thread_title %></a> by <a href="<%= url_for("user", {username = topic.latest_thread_username}) %>"><%= topic.latest_thread_username %></a> on <%= os.date("%c", topic.latest_thread_created_at) %>
</span>
<% else %>
<i>No threads yet.</i>

23
views/user/settings.etlua
View File

@ -8,7 +8,7 @@
<img src="<%= avatar_url(me) %>">
<input id="file" type="file" name="avatar" accept="image/*" required>
<div>
<input type="submit" value="Upload avatar" <%= disable_avatar and "disabled=disabled" %>>
<input type="submit" value="Update avatar" <%= disable_avatar and "disabled=disabled" %>>
<% if not me:is_default_avatar() then %>
<input type="submit" value="Clear avatar" formaction="<%= url_for("user_clear_avatar", {username = me.username}) %>" formnovalidate>
<% end %>
@ -16,21 +16,10 @@
</form>
<form method="post" action="">
<label for="status">Status</label>
<input type="text" id="status" name="status" value="<%= me.status %>" maxlength="70" placeholder="Will be shown under your username. Max 70 characters">
<label for="babycode-content">Signature</label><br>
<% render("views.common.babycode-editor-component", {ta_name = "signature", prefill = me.signature_original_markup, ta_placeholder = "Will be shown under each of your posts", optional = true}) %>
<input type="submit" value="Save settings">
<input type="text" id="status" name="status" value="<%= me.status %>" maxlength="30">
<input type="submit" value="Save status">
</form>
<form method="post" action="<%= url_for("user_change_password", {username = me.username}) %>">
<label for="new_password">Change password</label><br>
<input type="password" id="new_password" name="new_password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<label for="new_password2">Confirm new password</label><br>
<input type="password" id="new_password2" name="new_password2" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<input class="warn" type="submit" value="Change password">
</form>
<% if not me:is_admin() then %>
<div>
<a class="linkbutton critical" href="<%= url_for("user_delete_confirm", {username = me.username}) %>">Delete account</a>
</div>
<% end %>
<div>
<a class="linkbutton critical" href="<%= url_for("user_delete_confirm", {username = me.username}) %>">Delete account</a>
</div>
</div>

10
views/user/user.etlua
View File

@ -1,5 +1,5 @@
<% if infobox then %>
<% render("views.common.infobox", infobox) %>
<% render("views.common.infobox", pop_infobox) %>
<% end %>
<div class="darkbg">
<h1 class="thread-title">Latest posts by <i><%= user.username %></i></h1>
@ -27,9 +27,9 @@
<div class="post-info">
<div><a href="<%= url_for("thread", {slug = post.thread_slug}, {after = post.id}) .. "#post-" .. post.id %>" title="Permalink"><i>
<% if tonumber(post.edited_at) > tonumber(post.created_at) then -%>
Edited in <%= post.thread_title %> at <% render("views.common.timestamp", {timestamp = post.edited_at}) -%>
Edited in <%= post.thread_title %> at <%= os.date("%c", post.edited_at) %>
<% else -%>
Posted in <%= post.thread_title %> on <% render("views.common.timestamp", {timestamp = post.created_at}) -%>
Posted in <%= post.thread_title %> at <%= os.date("%c", post.created_at) %>
<% end -%>
</i></a></div>
</div>
@ -48,12 +48,12 @@
<div class="darkbg">
<h1>Moderator controls</h2>
<% if user:is_guest() then %>
<p>This user is a guest. They signed up on <% render("views.common.timestamp", {timestamp = user.created_at}) -%>.</p>
<p>This user is a guest. They signed up on <%= os.date("%c", user.created_at) %>.</p>
<form class="modform" method="post" action="<%= url_for("confirm_user", {user_id = user.id}) %>">
<input type="submit" value="Confirm user">
</form>
<% else %> <% --[[ user is not guest ]] %>
<p>This user signed up on <% render("views.common.timestamp", {timestamp = user.created_at}) -%> and was confirmed on <% render("views.common.timestamp", {timestamp = user.confirmed_on}) %>.</p>
<p>This user signed up on <%= os.date("%c", user.created_at) %> and was confirmed on <%= os.date("%c", user.confirmed_on) %>.</p>
<% if user.permission < me.permission then %>
<form class="modform" method="post" action="<%= url_for("guest_user", {user_id = user.id}) %>">
<input class="warn" type="submit" value="Demote user to guest (soft ban)">