yagich/pyrom
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: yagich:35483c27aaf9c41d49866fe1bde1526f0bf71be4
Branches Tags
yagich:main yagich:v2
..
compare: yagich:v2
Branches Tags
yagich:main yagich:v2

77 Commits
35483c27aa ... v2

Author SHA1 Message Date
Lera Elvoé
cd507ac25f rewrite topics routes to include id 2026-04-20 13:22:41 +03:00
Lera Elvoé
82659cedef experimental: change signature render to <aside> tag 2026-04-20 13:22:41 +03:00
Lera Elvoé
7eafcde1d7 rewrite threads routes to include id 2026-04-20 13:22:41 +03:00
Lera Elvoé
a2ceaa0966 add some posts route annotations 2026-04-20 13:22:41 +03:00
Lera Elvoé
f1931c76e6 disable buttons that will require js 2026-04-20 13:22:41 +03:00
Lera Elvoé
65ad672748 restore page count to topics view 2026-04-20 13:22:41 +03:00
Lera Elvoé
b9c4ec3911 improve fieldset legend legibility and set cursor to pointer on all buttons 2026-04-20 13:22:41 +03:00
Lera Elvoé
0c2e920206 add csrf protection 2026-04-19 12:57:59 +03:00
Lera Elvoé
9682295dae start user page and stub more endpoints 2026-04-19 10:03:03 +03:00
Lera Elvoé
f798bb5d7d add forbidden usernames 2026-04-19 07:17:07 +03:00
Lera Elvoé
68958e304b raise username length cap 2026-04-17 10:55:04 +03:00
Lera Elvoé
d2cdeaed1d ensure trailing slashes in all routes 2026-04-17 10:45:54 +03:00
Lera Elvoé
9d8404b774 add user signup flow 2026-04-17 10:45:37 +03:00
Lera Elvoé
84e69187ff solve minor annoyance in pager macro where it would do ?&page= instead of ?page= when args was empty 2026-04-17 10:24:04 +03:00
Lera Elvoé
0e71f597c9 lowercase username input in login form 2026-04-17 06:42:44 +03:00
Lera Elvoé
76d600f01d add login route 2026-04-17 06:34:45 +03:00
Lera Elvoé
54ed6fef3a add new thread route 2026-04-17 06:33:40 +03:00
Lera Elvoé
7c0cb623e3 rework session handling 2026-04-17 05:25:29 +03:00
Lera Elvoé
9c4f271259 add most mod routes 2026-04-16 23:11:19 +03:00
Lera Elvoé
d6b44da6c2 basic posting 2026-04-16 00:01:18 +03:00
Lera Elvoé
d0daaf4494 thread page mostly finished 2026-04-15 23:11:24 +03:00
Lera Elvoé
7db111d18b make babycode [img] tags inline 2026-04-15 03:15:31 +03:00
Lera Elvoé
dd54f5fe33 new babycode format for new style 2026-04-13 23:33:54 +03:00
Lera Elvoé
4aa4e58c58 start stubbing out endpoints 2026-04-13 20:04:06 +03:00
Lera Elvoé
ce9bca0a75 start the new topics route and view 2026-04-12 23:40:13 +03:00
Lera Elvoé
099b5c135e add a legacy credits section to THIRDPARTY.md 2026-04-12 23:34:55 +03:00
Lera Elvoé
5d53a0d179 change most double quotes to single quotes 2026-04-12 21:56:03 +03:00
Lera Elvoé
f31752797e import css from redesign project 2026-04-12 21:05:12 +03:00
Lera Elvoé
0b845b75c4 delete js files 2026-04-12 21:05:12 +03:00
Lera Elvoé
af57e2f10c a fresh start :) 2026-04-12 08:48:21 +03:00
Lera Elvoé
40219f2b54 clean stale sessions 2025-12-20 20:11:44 +03:00
Lera Elvoé
4a45b62521 prevent admin from deleting their account 2025-12-20 19:05:01 +03:00
Lera Elvoé
fc55aaf87a improve readme further 2025-12-20 18:52:15 +03:00
Lera Elvoé
db68ef2c3d remove cache test endpoint 2025-12-20 18:42:52 +03:00
Lera Elvoé
a808137e5b touch up the instructions and config example 2025-12-20 17:08:04 +03:00
Lera Elvoé
a93a89f0df acknowledge Flask-Caching in THIRDPARTY.md 2025-12-20 17:04:44 +03:00
Lera Elvoé
7aa3a9382e rss mention fix attempt; SITE_NAME is now required 2025-12-20 16:05:23 +03:00
Lera Elvoé
46704df7d9 new sortable list implementation 2025-12-19 19:31:12 +03:00
Lera Elvoé
98bf430604 fix inbox: show badges in inbox 2025-12-19 18:00:41 +03:00
Lera Elvoé
21ace9299f make guide section more mobile friendly on portrait 2025-12-15 19:59:57 +03:00
Lera Elvoé
122b706350 remove spaces from babycode html emoji, clean up js 2025-12-15 19:56:54 +03:00
Lera Elvoé
c655caab9e use template element for badge template 2025-12-15 19:34:16 +03:00
Lera Elvoé
b2d16e305d add bisexual pride badge 2025-12-15 19:25:14 +03:00
Lera Elvoé
a8398cad51 make sure uwsgi is utf 8 2025-12-15 14:16:23 +03:00
Lera Elvoé
f27d8eaf7e even more style changes 2025-12-15 05:40:17 +03:00
Lera Elvoé
36e17c6677 clean up newlines in babycode.py 2025-12-14 08:40:38 +03:00
Lera Elvoé
d7a90745f6 correct invalid void tags 2025-12-14 08:35:21 +03:00
Lera Elvoé
d90b4643cb reorganize settings a bit 2025-12-14 08:16:54 +03:00
Lera Elvoé
d82f25471d port to bitty 7.0.0 2025-12-14 08:16:28 +03:00
Lera Elvoé
791911b416 change min settings column width to 600px 2025-12-14 08:05:14 +03:00
Lera Elvoé
ba2c9132f6 and some styles 2025-12-14 07:19:49 +03:00
Lera Elvoé
d4e3d7cded draw the rest of the owl 2025-12-14 07:16:10 +03:00
Lera Elvoé
0898c56a51 add rss content to post history and generate it when creating or editing a post 2025-12-14 07:05:52 +03:00
Lera Elvoé
96c37f9081 add flask-cache dep 2025-12-13 23:31:50 +03:00
Lera Elvoé
94a4be8b97 remove erroneous dumps method from BabycodeRenderResult 2025-12-13 09:17:16 +03:00
Lera Elvoé
fa1140895a use no fragment in some places in babycode guide 2025-12-13 07:37:54 +03:00
Lera Elvoé
fc6c5d46e1 refactor babycode lib to have different code paths for html and rss-friendly generation 2025-12-13 07:36:49 +03:00
Lera Elvoé
dc0aa0dba7 ascii... 2025-12-09 13:40:25 +03:00
Lera Elvoé
dbf0150a5e add badges 2025-12-09 03:33:27 +03:00
Lera Elvoé
1539486456 undo the roundness in snow white theme 2025-12-07 20:22:21 +03:00
Lera Elvoé
c18dad4a77 raise on exception in connection, fix operator not being considered in QueryBuilder 2025-12-06 22:19:12 +03:00
Lera Elvoé
2b45cab4e8 actually disallow @ in display name 2025-12-06 19:08:35 +03:00
Lera Elvoé
37c1ffc2a1 strip animation from uploaded avatar 2025-12-06 18:09:15 +03:00
Lera Elvoé
09a19b5352 raise overall content body size, routes will implement stricter limits 2025-12-06 10:18:32 +03:00
Lera Elvoé
6c96563a0e fix title in 413 template 2025-12-06 06:15:51 +03:00
Lera Elvoé
77677eef6d new theme: snow white 2025-12-05 18:22:25 +03:00
Lera Elvoé
f99ae75503 excise settings-container and login-container outright. full width babey 2025-12-05 17:53:24 +03:00
Lera Elvoé
552fb67c6c settings width is now 95% 2025-12-05 17:26:05 +03:00
Lera Elvoé
e9c03b9046 add a background color to fieldset in settings grid 2025-12-05 17:23:35 +03:00
Lera Elvoé
f0b0fb8909 handle 413 2025-12-05 17:00:32 +03:00
Lera Elvoé
9ae4e376b8 load default site configuration first before merging file config 2025-12-05 16:55:13 +03:00
Lera Elvoé
d1bc1c644b remove errant paragraph from introduction guide 2025-12-05 16:53:36 +03:00
Lera Elvoé
7840399d01 untrack pyrom_config.toml, provide example with default values instead 2025-12-05 14:16:11 +03:00
Lera Elvoé
508b313871 fix babycode guide links 2025-12-05 13:58:13 +03:00
Lera Elvoé
db677abaa5 add a guide topics system 2025-12-05 13:53:21 +03:00
Lera Elvoé
65abea2093 port to bitty 7.0.0-rc1 2025-12-05 04:31:03 +03:00
Lera Elvoé
1533f82a6b oops 2025-12-04 10:27:49 +03:00
99 changed files with 2977 additions and 10634 deletions
Expand all files Collapse all files

2
.dockerignore
View File

@@ -4,5 +4,7 @@
data/db/*
data/static/avatars/*
!data/static/avatars/default.webp
data/static/badges/user
data/_cached
.local/

3
.gitignore vendored
View File

@@ -4,7 +4,10 @@
data/db/*
data/static/avatars/*
!data/static/avatars/default.webp
data/static/badges/user
data/_cached
config/secrets.prod.env
config/pyrom_config.toml
.local/

73
README.md
View File

@@ -1,18 +1,70 @@
# Pyrom
python/flask port of [porom](https://git.poto.cafe/yagich/porom)
pyrom is a playful home-grown forum software for the indie web borne out of frustration with social media and modern forums imitating it.
this is now the canonical implementation of porom. it's compatible with the database of porom.
the aim is not to recreate the feeling of forums from any time period. rather, it aims to serve as a lightweight alternative to other forum software packages. pyrom is lean and "fire-and-forget"; there is little necessary configuration, making it a great fit for smaller communities (though nothing prevents it from being used in larger ones.)
# License
Released under [CNPLv7+](https://thufie.lain.haus/NPL.html).
Please read the [full terms](./LICENSE.md) for proper wording.
a live example can be seen in action over at [Porom](https://forum.poto.cafe/).
## stack & structure
on the server side, pyrom is built in Python using the Flask framework. content is rendered mostly server-side with Jinja templates. the database used is SQLite.
on the client side, JS with only one library ([Bitty](https://bitty-js.com)) is used. for CSS, pyrom uses Sass.
below is an explanation of the folder structure:
- `/`
- `app/`
- `lib/` - utility libraries
- `routes/` - each `.py` file represents a "sub-app", usually the first part of the URL
- `templates/` - Jinja templates used by the routes. each subfolder corresponds to the "sub-app" that uses that template.
- `__init__.py` - creates the app
- `auth.py` - authentication helper
- `constants.py` - constant values used throughout the forum
- `db.py` - database abstraction layer and ORM library
- `migrations.py` - database migrations
- `models.py` - ORM model definitions
- `run.py` - runner script for development
- `schema.py` - database schema definition
- `config/` - configuration for the forum
- `data/`
- `_cached/` - cached versions of certain endpoints are stored here
- `db/` - the SQLite database is stored here
- `static/` - static files
- `avatars/` - user avatar uploads
- `badges/` - user badge uploads
- `css/` - CSS files generated from Sass sources
- `emoji/` - emoji images used on the forum
- `fonts/`
- `js/`
- `sass/`
- `_default.scss` - the default theme. Sass variables that other themes modify are defined here, along with the default styles. other files define the available themes.
- `build-themes.sh` - script for building Sass files into CSS
- `nginx.conf` - nginx config (production only)
- `uwsgi.ini` - uwsgi config (production only)
# license
released under [CNPLv7+](https://thufie.lain.haus/NPL.html).
please read the [full terms](./LICENSE.md) for proper wording.
# acknowledgments
pyrom uses many open-source and otherwise free-culture components. see the [THIRDPARTY](./THIRDPARTY.md) file for full credit.
# installing & first time setup
## docker (production)
create `config/secrets.prod.env` according to `config/secrets.prod.env.example`
1. clone the repo
2. create `config/secrets.prod.env` according to `config/secrets.prod.env.example`
3. create `config/pyrom_config.toml` according to `config/pyrom_config.toml.example` and modify as needed
4. make sure the `data/` folder is writable by the app:
```bash
$ docker compose up
$ chmod -R 777 data/
```
5. bring up the container:
```bash
$ docker compose up --build
```
- opens port 8080
@@ -20,10 +72,10 @@ $ docker compose up
make sure to run it in an interactive session the first time, because it will spit out the password to the auto-created admin account.
alternatively, if you already had porom running before, put the db file (`db.prod.sqlite`) in `data/db` and it will Just Work.
6. point your favorite proxy at `localhost:8080`
## manual (development)
1. install python >= 3.11, sqlite3, libargon2, and imagemagick & clone repo
1. install python >= 3.13, sqlite3, libargon2, and imagemagick & clone repo
2. create a venv:
```bash
@@ -59,6 +111,3 @@ $ source .venv/bin/activate
$ python -m app.run
```
# acknowledgments
pyrom uses many open-source and otherwise free-culture components. see the [THIRDPARTY](./THIRDPARTY.md) file for full credit.

36
THIRDPARTY.md
View File

@@ -30,13 +30,6 @@ Copyright: Copyright 2020-2024 The Atkinson Hyperlegible Mono Project Authors (h
License: SIL Open Font License 1.1
Designers: Elliott Scott, Megan Eiswerth, Braille Institute, Applied Design Works, Letters From Sweden
## ICONCINO
Affected files: [`app/templates/common/icons.html`](./app/templates/common/icons.html)
URL: https://www.figma.com/community/file/1136337054881623512/iconcino-v2-0-0-free-icons-cc0-1-0-license
Designers: Gabriele Malaspina
License: CC0 1.0
## Forumoji
Affected files: everything in [`data/static/emoji`](./data/static/emoji) except [`data/static/emoji/scissors.png`](data/static/emoji/scissors.png)
@@ -80,8 +73,33 @@ Repo: https://github.com/emcconville/wand
## Bitty
Affected files: [`data/static/js/vnd/bitty-6.0.0-rc3.min.js`](./data/static/js/vnd/bitty-6.0.0-rc3.min.js)
URL: https://bitty.alanwsmith.com/
Affected files: [`data/static/js/vnd/bitty-7.0.0.js`](./data/static/js/vnd/bitty-7.0.0.js)
URL: https://bitty-js.com/
License: CC0 1.0
Author: alan w smith https://www.alanwsmith.com/
Repo: https://github.com/alanwsmith/bitty
## Flask-Caching
URL: https://flask-caching.readthedocs.io/
Copyright:
```
Copyright (c) 2010 by Thadeus Burgess.
Copyright (c) 2016 by Peter Justin.
Some rights reserved.
```
License: BSD-3-Clause ([see more](https://github.com/pallets-eco/flask-caching/blob/e59bc040cd47cd2b43e501d636d43d442c50b3ff/LICENSE))
Repo: https://github.com/pallets-eco/flask-caching
# Legacy
this section lists credits for files/libraries that are no longer used by the project.
## ICONCINO
URL: https://www.figma.com/community/file/1136337054881623512/iconcino-v2-0-0-free-icons-cc0-1-0-license
Designers: Gabriele Malaspina
License: CC0 1.0

288
app/__init__.py
View File

@@ -1,59 +1,74 @@
from flask import Flask, session, request, render_template
from flask import Flask, session, request, render_template, redirect, url_for
from dotenv import load_dotenv
from .models import Avatars, Users, PostHistory, Posts, MOTD
from .auth import digest
from .routes.users import is_logged_in, get_active_user, get_prefers_theme
from .routes.threads import get_post_url
from .models import Avatars, Users, PostHistory, Posts, MOTD, BadgeUploads, Sessions
from .auth import digest, is_logged_in, get_active_user
from .constants import (
PermissionLevel, permission_level_string,
InfoboxKind, InfoboxHTMLClass,
REACTION_EMOJI, MOTD_BANNED_TAGS,
SIG_BANNED_TAGS, STRICT_BANNED_TAGS,
)
from .lib.babycode import babycode_to_html, EMOJI, BABYCODE_VERSION
from datetime import datetime
from .lib.babycode import babycode_to_html, babycode_to_rssxml, EMOJI, BABYCODE_VERSION
from .lib.exceptions import SiteNameMissingException
from .util import get_post_url, dict_to_query_string, csrf_input, get_csrf_token
from datetime import datetime, timezone
from flask_caching import Cache
import os
import time
import secrets
import hmac
import tomllib
import json
def create_default_avatar():
if Avatars.count() == 0:
print("Creating default avatar reference")
print('Creating default avatar reference')
Avatars.create({
"file_path": "/static/avatars/default.webp",
"uploaded_at": int(time.time())
'file_path': '/static/avatars/default.webp',
'uploaded_at': int(time.time())
})
def create_admin():
username = "admin"
if Users.count({"username": username}) == 0:
print("!!!!!Creating admin account!!!!!")
username = 'admin'
if Users.count({'username': username}) == 0:
print('!!!!!Creating admin account!!!!!')
password_length = 16
password = secrets.token_urlsafe(password_length)
hashed = digest(password)
Users.create({
"username": username,
"password_hash": hashed,
"permission": PermissionLevel.ADMIN.value,
'username': username,
'password_hash': hashed,
'permission': PermissionLevel.ADMIN.value,
})
print(f"!!!!!Administrator account created, use '{username}' as the login and '{password}' as the password. This will only be shown once!!!!!")
def create_deleted_user():
username = "DeletedUser"
if Users.count({"username": username.lower()}) == 0:
print("Creating DeletedUser")
username = 'DeletedUser'
if Users.count({'username': username.lower()}) == 0:
print('Creating DeletedUser')
Users.create({
"username": username.lower(),
"display_name": username,
"password_hash": "",
"permission": PermissionLevel.SYSTEM.value,
'username': username.lower(),
'display_name': username,
'password_hash': '',
'permission': PermissionLevel.SYSTEM.value,
})
def reparse_babycode():
print('Re-parsing babycode, this may take a while...')
from .db import db
from .constants import MOTD_BANNED_TAGS
post_histories_without_rss = PostHistory.findall([
('markup_language', '=', 'babycode'),
('content_rss', 'IS', None),
])
with db.transaction():
for ph in post_histories_without_rss:
ph.update({
'content_rss': babycode_to_rssxml(ph['original_markup']),
})
post_histories = PostHistory.findall([
('markup_language', '=', 'babycode'),
('format_version', 'IS NOT', BABYCODE_VERSION)
@@ -64,6 +79,7 @@ def reparse_babycode():
for ph in post_histories:
ph.update({
'content': babycode_to_html(ph['original_markup']).result,
'content_rss': babycode_to_rssxml(ph['original_markup']),
'format_version': BABYCODE_VERSION,
})
print('Re-parsing posts done.')
@@ -99,35 +115,102 @@ def reparse_babycode():
print('Re-parsing done.')
def bind_default_badges(path):
from .db import db
with db.transaction():
potential_stales = BadgeUploads.get_default()
d = os.listdir(path)
for bu in potential_stales:
if os.path.basename(bu.file_path) not in d:
print(f'Deleted stale default badge{os.path.basename(bu.file_path)}')
bu.delete()
for f in d:
real_path = os.path.join(path, f)
if not os.path.isfile(real_path):
continue
if not f.endswith('.webp'):
continue
proxied_path = f'/static/badges/{f}'
bu = BadgeUploads.find({'file_path': proxied_path})
if not bu:
BadgeUploads.create({
'file_path': proxied_path,
'uploaded_at': int(os.path.getmtime(real_path)),
})
def clear_stale_sessions():
from .db import db
with db.transaction():
now = int(time.time())
stale_sessions = Sessions.findall([
('expires_at', '<', now)
])
for sess in stale_sessions:
sess.delete()
cache = Cache()
def create_app():
app = Flask(__name__)
app.config.from_file('../config/pyrom_config.toml', load=tomllib.load, text=False)
app.config['SITE_NAME'] = 'Pyrom'
app.config['DISABLE_SIGNUP'] = False
app.config['MODS_CAN_INVITE'] = True
app.config['USERS_CAN_INVITE'] = False
app.config['ADMIN_CONTACT_INFO'] = ''
app.config['GUIDE_DESCRIPTION'] = ''
if os.getenv("PYROM_PROD") is None:
app.static_folder = os.path.join(os.path.dirname(__file__), "../data/static")
app.config['CACHE_TYPE'] = 'FileSystemCache'
app.config['CACHE_DEFAULT_TIMEOUT'] = 300
try:
app.config.from_file('../config/pyrom_config.toml', load=tomllib.load, text=False)
except FileNotFoundError:
print('No configuration file found, leaving defaults.')
if os.getenv('PYROM_PROD') is None:
app.static_folder = os.path.join(os.path.dirname(__file__), '../data/static')
app.debug = True
app.config["DB_PATH"] = "data/db/db.dev.sqlite"
app.config['DB_PATH'] = 'data/db/db.dev.sqlite'
app.config['SERVER_NAME'] = 'localhost:8080'
load_dotenv()
else:
app.config["DB_PATH"] = "data/db/db.prod.sqlite"
app.config['DB_PATH'] = 'data/db/db.prod.sqlite'
if not app.config['SERVER_NAME']:
raise SiteNameMissingException()
app.config["SECRET_KEY"] = os.getenv("FLASK_SECRET_KEY")
app.config['SECRET_KEY'] = os.getenv('FLASK_SECRET_KEY')
app.config['AVATAR_UPLOAD_PATH'] = 'data/static/avatars/'
app.config['MAX_CONTENT_LENGTH'] = 1000 * 1000
app.config['BADGES_PATH'] = 'data/static/badges/'
app.config['BADGES_UPLOAD_PATH'] = 'data/static/badges/user/'
app.config['MAX_CONTENT_LENGTH'] = 3 * 1000 * 1000 # 3M total, subject to further limits per route
os.makedirs(os.path.dirname(app.config["DB_PATH"]), exist_ok = True)
os.makedirs(os.path.dirname(app.config['DB_PATH']), exist_ok = True)
os.makedirs(os.path.dirname(app.config['BADGES_UPLOAD_PATH']), exist_ok = True)
css_dir = 'data/static/css/'
allowed_themes = []
for f in os.listdir(css_dir):
if not os.path.isfile(os.path.join(css_dir, f)):
continue
theme_name = os.path.splitext(os.path.basename(f))[0]
allowed_themes.append(theme_name)
if app.config['CACHE_TYPE'] == 'FileSystemCache':
cache_dir = app.config.get('CACHE_DIR', 'data/_cached')
os.makedirs(cache_dir, exist_ok = True)
app.config['CACHE_DIR'] = cache_dir
allowed_themes.sort(key=(lambda x: (x != 'style', x)))
app.config['allowed_themes'] = allowed_themes
cache.init_app(app)
from app.routes.app import bp as app_bp
from app.routes.topics import bp as topics_bp
from app.routes.threads import bp as threads_bp
from app.routes.users import bp as users_bp
from app.routes.guides import bp as guides_bp
from app.routes.mod import bp as mod_bp
from app.routes.posts import bp as posts_bp
app.register_blueprint(app_bp)
app.register_blueprint(topics_bp)
app.register_blueprint(threads_bp)
app.register_blueprint(users_bp)
app.register_blueprint(guides_bp)
app.register_blueprint(mod_bp)
app.register_blueprint(posts_bp)
with app.app_context():
from .schema import create as create_tables
@@ -139,94 +222,94 @@ def create_app():
create_admin()
create_deleted_user()
clear_stale_sessions()
reparse_babycode()
from app.routes.app import bp as app_bp
from app.routes.topics import bp as topics_bp
from app.routes.threads import bp as threads_bp
from app.routes.users import bp as users_bp
from app.routes.mod import bp as mod_bp
from app.routes.api import bp as api_bp
from app.routes.posts import bp as posts_bp
from app.routes.hyperapi import bp as hyperapi_bp
from app.routes.guides import bp as guides_bp
app.register_blueprint(app_bp)
app.register_blueprint(topics_bp)
app.register_blueprint(threads_bp)
app.register_blueprint(users_bp)
app.register_blueprint(mod_bp)
app.register_blueprint(api_bp)
app.register_blueprint(posts_bp)
app.register_blueprint(hyperapi_bp)
app.register_blueprint(guides_bp)
bind_default_badges(app.config['BADGES_PATH'])
app.config['SESSION_COOKIE_SECURE'] = True
@app.before_request
def make_session_permanent():
session.permanent = True
def revoke_session():
if is_logged_in():
sess = Sessions.find({'key': session['pyrom_session_key']})
if int(time.time()) > int(sess.expires_at):
sess.delete()
session.clear()
return redirect(url_for('topics.all_topics'))
commit = ""
@app.before_request
def generate_csrf_token():
if is_logged_in() and not session.get('csrf'):
rng = secrets.token_bytes(32)
session_key = session['pyrom_session_key']
message = f'd${len(session_key)}${session_key}@{len(rng)}@{rng.hex()}'
hashed = hmac.digest(app.config['SECRET_KEY'].encode('utf-8'), message.encode('utf-8'), 'SHA256')
csrf_token = f'{hashed.hex()}.{rng.hex()}'
session['csrf'] = csrf_token
commit = ''
with open('.git/refs/heads/main') as f:
commit = f.read().strip()
@app.context_processor
def inject_constants():
return {
"InfoboxHTMLClass": InfoboxHTMLClass,
"InfoboxKind": InfoboxKind,
"PermissionLevel": PermissionLevel,
"__commit": commit,
"__emoji": EMOJI,
"REACTION_EMOJI": REACTION_EMOJI,
"MOTD_BANNED_TAGS": MOTD_BANNED_TAGS,
"SIG_BANNED_TAGS": SIG_BANNED_TAGS,
'InfoboxHTMLClass': InfoboxHTMLClass,
'InfoboxKind': InfoboxKind,
'PermissionLevel': PermissionLevel,
'__commit': commit,
'__emoji': EMOJI,
'REACTION_EMOJI': REACTION_EMOJI,
'MOTD_BANNED_TAGS': MOTD_BANNED_TAGS,
'SIG_BANNED_TAGS': SIG_BANNED_TAGS,
}
@app.context_processor
def inject_auth():
return {"is_logged_in": is_logged_in, "get_active_user": get_active_user, "active_user": get_active_user()}
@app.context_processor
def inject_funcs():
return {
'get_post_url': get_post_url,
'get_prefers_theme': get_prefers_theme,
'get_motds': MOTD.get_all,
'get_time_now': lambda: int(time.time()),
'is_logged_in': is_logged_in,
'is_mod': lambda: is_logged_in() and get_active_user().is_mod(),
'get_active_user': get_active_user,
'get_post_url': get_post_url,
'csrf_input': csrf_input,
'get_csrf_token': get_csrf_token,
}
@app.template_filter("ts_datetime")
@app.template_filter('ts_datetime')
def ts_datetime(ts, format):
return datetime.utcfromtimestamp(ts or int(time.time())).strftime(format)
@app.template_filter("pluralize")
def pluralize(subject, num=1, singular = "", plural = "s"):
@app.template_filter('dict_to_query_string')
def d2q(d):
return dict_to_query_string(d)
@app.template_filter('pluralize')
def pluralize(subject, num=1, singular = '', plural = 's'):
if int(num) == 1:
return subject + singular
return subject + plural
@app.template_filter("permission_string")
@app.template_filter('permission_string')
def permission_string(term):
return permission_level_string(term)
@app.template_filter('babycode')
def babycode_filter(markup):
return babycode_to_html(markup).result
def babycode_filter(markup, nofrag=False):
return babycode_to_html(markup, fragment=not nofrag).result
@app.template_filter('babycode_strict')
def babycode_strict_filter(markup):
return babycode_to_html(markup, STRICT_BANNED_TAGS).result
def babycode_strict_filter(markup, nofrag=False):
return babycode_to_html(markup, banned_tags=STRICT_BANNED_TAGS, fragment=not nofrag).result
@app.template_filter('extract_h2')
def extract_h2(content):
import re
pattern = r'<h2\s+id="([^"]+)"[^>]*>(.*?)<\/h2>'
matches = re.findall(pattern, content, re.IGNORECASE | re.DOTALL)
return [
{'id': id_.strip(), 'text': text.strip()}
for id_, text in matches
]
@app.template_filter('basename_noext')
def basename_noext(subj):
return os.path.splitext(os.path.basename(subj))[0]
@app.errorhandler(404)
def _handle_404(e):
@@ -236,19 +319,36 @@ def create_app():
return {'error': 'not found'}, e.code
else:
return render_template('common/404.html'), e.code
#
# @app.errorhandler(413)
# def _handle_413(e):
# if request.path.startswith('/hyperapi/'):
# return '<h1>request body too large</h1>', e.code
# elif request.path.startswith('/api/'):
# return {'error': 'body too large'}, e.code
# else:
# return render_template('common/413.html'), e.code
# this only happens at build time but
# build time is when updates are done anyway
# sooo... /shrug
@app.template_filter('cachebust')
def cachebust(subject):
return f"{subject}?v={str(int(time.time()))}"
return f'{subject}?v={str(int(time.time()))}'
@app.template_filter('theme_name')
def get_theme_name(subject: str):
if subject == 'style':
return 'Default'
return f'{subject.removeprefix('theme-').capitalize()} (beta)'
return f'{subject.removeprefix('theme-').replace('-', ' ').capitalize()} (beta)'
@app.template_filter('fromjson')
def fromjson(subject: str):
return json.loads(subject)
@app.template_filter('iso8601')
def unix_to_iso8601(subject: str):
return datetime.fromtimestamp(int(subject), timezone.utc).isoformat()
return app

112
app/auth.py
View File

@@ -1,7 +1,25 @@
from flask import session, flash, redirect, url_for, abort, request, current_app
from .models import Sessions, Users
from argon2 import PasswordHasher
from functools import wraps
import secrets
import hmac
import time
import re
ph = PasswordHasher()
FORBIDDEN_USERNAMES = (
'administrator', 'administration', 'administrators',
'system',
'mod', 'moderator', 'moderators', 'moderation',
'deleted-user', 'deleted_user',
'support',
#routes
'log-in', 'log_in', 'login',
'sign-up', 'sign_up', 'signup',
)
def digest(password):
return ph.hash(password)
@@ -10,3 +28,97 @@ def verify(expected, given):
return ph.verify(expected, given)
except:
return False
def is_logged_in() -> bool:
if 'pyrom_session_key' not in session:
return False
sess = Sessions.find({'key': session['pyrom_session_key']})
if not sess:
return False
if sess.expires_at < int(time.time()):
session.clear()
sess.delete()
# flash('Your session expired.;Please log in again.', InfoboxKind.INFO)
return False
return True
def get_active_user() -> Users | None:
if not is_logged_in():
return None
sess = Sessions.find({'key': session['pyrom_session_key']})
return Users.find({'id': sess.user_id})
def create_session(user_id, temporary=False):
expires_days = 2 if temporary else 31
return Sessions.create({
'key': secrets.token_hex(16),
'user_id': user_id,
'expires_at': int(time.time()) + (expires_days * 24 * 60 * 60),
})
def parse_username(username: str) -> Tuple[str, str]:
"""first is the unmodified name/display name, second is username"""
if len(username) < 3:
raise ValueError
if username.lower() in FORBIDDEN_USERNAMES:
raise ValueError
invalid_regex = r'[^a-zA-Z0-9_-]'
return re.sub(invalid_regex, '_', username.lower())[:24], username
def is_password_valid(password: str) -> bool:
return re.match(r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,255}$', password) is not None
# annotations
def login_required(view_func):
@wraps(view_func)
def wrapper(*args, **kwargs):
if not is_logged_in():
return redirect(url_for('users.log_in'))
return view_func(*args, **kwargs)
return wrapper
def mod_only(view_func):
@wraps(view_func)
def wrapper(*args, **kwargs):
if not is_logged_in():
abort(403)
if not get_active_user().is_mod():
abort(403)
return view_func(*args, **kwargs)
return wrapper
def csrf_verified(view_func):
"""
protects a request with a form against csrf and invalidates the csrf token stored in the session.
requires @login_requred.
"""
@wraps(view_func)
def wrapper(*args, **kwargs):
if not session.get('csrf'):
abort(403)
if not request.form.get('csrf'):
abort(403)
parts = request.form['csrf'].split('.')
if len(parts) != 2:
abort(403)
given_message = parts[0]
rng = bytes.fromhex(parts[1])
session_key = session['pyrom_session_key']
message = f'd${len(session_key)}${session_key}@{len(rng)}@{rng.hex()}'
expected = hmac.digest(current_app.config['SECRET_KEY'].encode('utf-8'), message.encode('utf-8'), 'SHA256').hex()
if not hmac.compare_digest(given_message, expected):
abort(403)
session.pop('csrf')
return view_func(*args, **kwargs)
return wrapper

8
app/constants.py
View File

@@ -70,8 +70,8 @@ class InfoboxKind(IntEnum):
ERROR = 3
InfoboxHTMLClass = {
InfoboxKind.INFO: "",
InfoboxKind.LOCK: "warn",
InfoboxKind.WARN: "warn",
InfoboxKind.ERROR: "critical",
InfoboxKind.INFO: '',
InfoboxKind.LOCK: 'warn',
InfoboxKind.WARN: 'warn',
InfoboxKind.ERROR: 'critical',
}

3
app/db.py
View File

@@ -31,6 +31,7 @@ class DB:
except Exception as e:
if in_transaction and self._connection:
conn.rollback()
raise
finally:
if in_transaction:
self._transaction_depth -= 1
@@ -126,7 +127,7 @@ class DB:
def where(self, condition, operator = "="):
if isinstance(condition, dict):
for key, value in condition.items():
self._where.append((key, "=", value))
self._where.append((key, operator, value))
elif isinstance(condition, list):
for c in condition:
self._where.append(c)

624
app/lib/babycode.py
View File

@@ -6,17 +6,203 @@ from pygments.lexers import get_lexer_by_name
from pygments.util import ClassNotFound as PygmentsClassNotFound
import re
class BabycodeParseResult:
BABYCODE_VERSION = 10
class BabycodeError(Exception):
pass
class BabycodeRenderError(BabycodeError):
pass
class UnknownASTElementError(BabycodeRenderError):
def __init__(self, element_type, element=None):
self.element_type = element_type
self.element = element
message = f'Unknown AST element: {element_type}'
if element:
message += f' (element: {element})'
super().__init__(message)
class BabycodeRenderResult:
def __init__(self, result, mentions=[]):
self.result = result
self.mentions = mentions
def __str__(self):
return self.result
BABYCODE_VERSION = 5
class BabycodeRenderer:
def __init__(self, tag_map, void_tag_map, emote_map, fragment=False):
self.tag_map = tag_map
self.void_tag_map = void_tag_map
self.emote_map = emote_map
self.fragment = fragment
def make_mention(self, element):
raise NotImplementedError
def transform_para_whitespace(self, text):
# markdown rules:
# two spaces at end of line -> <br>
text = re.sub(r' +\n', '<br>', text)
# single newlines -> space (collapsed)
text = re.sub(r'\n', ' ', text)
return text
def wrap_in_paragraphs(self, nodes, context_is_block=True, is_root=False):
result = []
current_paragraph = []
is_first_para = is_root and self.fragment
def flush_paragraph():
# TIL nonlocal exists
nonlocal result, current_paragraph, is_first_para
if not current_paragraph:
return
para_content = ''.join(current_paragraph)
if para_content.strip(): # skip empty paragraphs
if is_first_para:
result.append(para_content)
is_first_para = False
else:
result.append(f"<p>{para_content}</p>")
current_paragraph.clear()
for node in nodes:
if isinstance(node, str):
paras = re.split(r'\n\n+', node)
for i, para in enumerate(paras):
if i > 0 and context_is_block:
flush_paragraph()
if para:
processed = self.transform_para_whitespace(para)
current_paragraph.append(processed)
else:
inline = is_inline(node)
if inline and context_is_block:
# inline child within a paragraph context
current_paragraph.append(self.fold(node))
elif not inline and context_is_block:
# block child within a block context
flush_paragraph()
if is_root:
# this is relevant for fragment.
# fragment only applies to the first inline node(s).
# if the first element is a block, reset "fragment mode".
is_first_para = False
result.append(self.fold(node))
else:
# either inline in inline context, or block in inline context
current_paragraph.append(self.fold(node))
if context_is_block:
# flush final para if we're in a block context
flush_paragraph()
elif current_paragraph:
# inline context - just append whatever we collected
result.append(''.join(current_paragraph))
return ''.join(result)
def fold(self, element):
if isinstance(element, str):
return element
match element['type']:
case 'bbcode':
tag_name = element['name']
if is_inline(element):
# inline tag
# since its inline, all children should be processed inline
content = "".join(self.fold(child) for child in element['children'])
return self.tag_map[tag_name](content, element['attr'])
else:
# block tag
if tag_name in {'ul', 'ol', 'code', 'img'}:
# these handle their own internal structure
content = ''.join(
child if isinstance(child, str) else self.fold(child)
for child in element['children']
)
return self.tag_map[tag_name](content, element['attr'])
else:
# block elements that can contain paragraphs
content = self.wrap_in_paragraphs(element['children'], context_is_block=True, is_root=False)
return self.tag_map[tag_name](content, element['attr'])
case 'bbcode_void':
return self.void_tag_map[element['name']](element['attr'])
case 'link':
return f"<a href=\"{element['url']}\">{element['url']}</a>"
case 'emote':
return self.emote_map[element['name']]
case 'rule':
return '<hr>'
case 'mention':
return self.make_mention(element)
case _:
raise UnknownASTElementError(
element_type=element['type'],
element=element
)
def render(self, ast):
out = self.wrap_in_paragraphs(ast, context_is_block=True, is_root=True)
return out
class HTMLRenderer(BabycodeRenderer):
def __init__(self, fragment=False):
super().__init__(TAGS, VOID_TAGS, EMOJI, fragment)
self.mentions = []
def make_mention(self, e):
from ..models import Users
from flask import url_for, current_app
with current_app.test_request_context('/'):
target_user = Users.find({'username': e['name'].lower()})
if not target_user:
return f"@{e['name']}"
mention_data = {
'mention_text': f"@{e['name']}",
'mentioned_user_id': int(target_user.id),
"start": e['start'],
"end": e['end'],
}
if mention_data not in self.mentions:
self.mentions.append(mention_data)
return f"<a class='mention{' display' if target_user.has_display_name() else ''}' href='{url_for('users.user_page', username=target_user.username)}' title='@{target_user.username}' data-init='highlightMentions' data-username='{target_user.username}'>{'@' if not target_user.has_display_name() else ''}{target_user.get_readable_name()}</a>"
def render(self, ast):
out = super().render(ast)
return BabycodeRenderResult(out, self.mentions)
class RSSXMLRenderer(BabycodeRenderer):
def __init__(self, fragment=False):
super().__init__(RSS_TAGS, VOID_TAGS, RSS_EMOJI, fragment)
def make_mention(self, e):
from ..models import Users
from flask import url_for
target_user = Users.find({'username': e['name'].lower()})
if not target_user:
return f"@{e['name']}"
return f'<a href="{url_for('users.user_page', username=target_user.username, _external=True)}" title="@{target_user.username}">{'@' if not target_user.has_display_name() else ''}{target_user.get_readable_name()}</a>'
NAMED_COLORS = [
'black', 'silver', 'gray', 'white', 'maroon', 'red',
@@ -49,113 +235,10 @@ NAMED_COLORS = [
'violet', 'wheat', 'white', 'whitesmoke', 'yellow', 'yellowgreen',
]
def is_tag(e, tag=None):
if e is None:
return False
if isinstance(e, str):
return False
if e['type'] != 'bbcode':
return False
if tag is None:
return True
return e['name'] == tag
def is_text(e):
return isinstance(e, str)
def tag_code(children, attr, surrounding):
is_inline = children.find('\n') == -1
if is_inline:
return f"<code class=\"inline-code\">{children}</code>"
else:
input_code = children.strip()
button = f"<button type=button class=\"copy-code\" value=\"{input_code}\" data-send=\"copyCode\" data-receive=\"copyCode\">Copy</button>"
unhighlighted = f"<pre><span class=\"copy-code-container\"><span class=\"code-language-identifier\">code block</span>{button}</span><code>{input_code}</code></pre>"
if not attr:
return unhighlighted
try:
lexer = get_lexer_by_name(attr.strip())
formatter = HtmlFormatter(nowrap=True)
return f"<pre><span class=\"copy-code-container\"><span class=\"code-language-identifier\">{lexer.name}</span>{button}</span><code>{highlight(input_code.unescape(), lexer, formatter)}</code></pre>"
except PygmentsClassNotFound:
return unhighlighted
def tag_list(children):
list_body = re.sub(r" +\n", "<br>", children.strip())
list_body = re.sub(r"\n\n+", "\1", list_body)
return " ".join([f"<li>{x}</li>" for x in list_body.split("\1") if x])
def tag_color(children, attr, surrounding):
if not attr:
return f"[color]{children}[/color]"
hex_re = r"^#?([0-9a-f]{6}|[0-9a-f]{3})$"
potential_color = attr.lower().strip()
if potential_color in NAMED_COLORS:
return f"<span style='color: {potential_color};'>{children}</span>"
m = re.match(hex_re, potential_color)
if m:
return f"<span style='color: #{m.group(1)};'>{children}</span>"
# return just the way it was if we can't parse it
return f"[color={attr}]{children}[/color]"
def tag_spoiler(children, attr, surrounding):
spoiler_name = attr if attr else "Spoiler"
content = f"<div class='accordion-content post-accordion-content hidden'>{children}</div>"
container = f"""<div class='accordion hidden' data-receive='toggleAccordion'><div class='accordion-header'><button type='button' class='accordion-toggle' data-send='toggleAccordion'>+</button><span>{spoiler_name}</span></div>{content}</div>"""
return container
def tag_image(children, attr, surrounding):
img = f"<img class=\"post-image\" src=\"{attr}\" alt=\"{children}\">"
if not is_tag(surrounding[0], 'img'):
img = f"<div class=post-img-container>{img}"
if not is_tag(surrounding[1], 'img'):
img = f"{img}</div>"
return img
TAGS = {
"b": lambda children, attr, _: f"<strong>{children}</strong>",
"i": lambda children, attr, _: f"<em>{children}</em>",
"s": lambda children, attr, _: f"<del>{children}</del>",
"u": lambda children, attr, _: f"<u>{children}</u>",
"img": tag_image,
"url": lambda children, attr, _: f"<a href={attr}>{children}</a>",
"quote": lambda children, attr, _: f"<blockquote>{children}</blockquote>",
"code": tag_code,
"ul": lambda children, attr, _: f"<ul>{tag_list(children)}</ul>",
"ol": lambda children, attr, _: f"<ol>{tag_list(children)}</ol>",
"big": lambda children, attr, _: f"<span style='font-size: 2rem;'>{children}</span>",
"small": lambda children, attr, _: f"<span style='font-size: 0.75rem;'>{children}</span>",
"color": tag_color,
"center": lambda children, attr, _: f"<div style='text-align: center;'>{children}</div>",
"right": lambda children, attr, _: f"<div style='text-align: right;'>{children}</div>",
"spoiler": tag_spoiler,
}
VOID_TAGS = {
'lb': lambda attr: '[',
'rb': lambda attr: ']',
'@': lambda attr: '@',
}
# [img] is considered block for the purposes of collapsing whitespace,
# despite being potentially inline (since the resulting <img> tag is inline, but creates a block container around itself and sibling images).
# [code] has a special case in is_inline().
INLINE_TAGS = {
'b', 'i', 's', 'u', 'color', 'big', 'small', 'url'
}
def make_emoji(name, code):
return f' <img class=emoji src="/static/emoji/{name}.png" alt="{name}" title=":{code}:">'
return f'<img class=emoji src="/static/emoji/{name}.png" alt="{name}" title=":{code}:">'
EMOJI = {
'angry': make_emoji('angry', 'angry'),
@@ -203,12 +286,218 @@ EMOJI = {
'wink': make_emoji('wink', 'wink'),
}
RSS_EMOJI = {
**EMOJI,
'angry': '😡',
'(': '🙁',
'D': '😃',
'imp': '😈',
'angryimp': '👿',
'impangry': '👿',
'lobster': '🦞',
'|': '😐',
'pensive': '😔',
'scissors': '✂️',
')': '🙂',
'smiletear': '🥲',
'crytear': '🥲',
',': '😭',
'T': '😭',
'cry': '😭',
'sob': '😭',
'o': '😮',
'O': '😮',
'hmm': '🤔',
'think': '🤔',
'thinking': '🤔',
'P': '😛',
'p': '😛',
'weary': '😩',
';': '😉',
'wink': '😉',
}
TEXT_ONLY = ["code"]
def break_lines(text):
text = re.sub(r" +\n", "<br>", text)
text = re.sub(r"\n\n+", "<br><br>", text)
return text
def tag_code(children, attr):
is_inline = children.find('\n') == -1
if is_inline:
return f"<code class=\"inline-code\">{children}</code>"
else:
input_code = children.strip()
language = 'code block'
if attr:
try:
lexer = get_lexer_by_name(attr.strip())
formatter = HtmlFormatter(nowrap=True)
language = lexer.name
code = highlight(Markup(input_code).unescape(), lexer, formatter)
except PygmentsClassNotFound:
code = input_code
else:
code = input_code
button = f'<button type=button class="copy-code" data-s="copyCode">Copy</button>'
block = f'<fieldset data-r="copyCode" value="{input_code}" class="code-block-container plank minimal no-shadow secondary-bg"><legend>{language}</legend>{button}<pre><code>{code}</code></pre></fieldset>'
return block
def tag_list(children):
list_body = re.sub(r" +\n", "<br>", children.strip())
list_body = re.sub(r"\n\n+", "\1", list_body)
return " ".join([f"<li>{x}</li>" for x in list_body.split("\1") if x])
def tag_color(children, attr):
if not attr:
return f"[color]{children}[/color]"
hex_re = r"^#?([0-9a-f]{6}|[0-9a-f]{3})$"
potential_color = attr.lower().strip()
if potential_color in NAMED_COLORS:
return f"<span style='color: {potential_color};'>{children}</span>"
m = re.match(hex_re, potential_color)
if m:
return f"<span style='color: #{m.group(1)};'>{children}</span>"
# return just the way it was if we can't parse it
return f"[color={attr}]{children}[/color]"
def tag_spoiler(children, attr):
spoiler_name = attr if attr else "Spoiler"
content = f"<div class='plank minimal even no-shadow hidden'>{children}</div>"
container = f"""<details><summary class='plank secondary-bg no-shadow even'>{spoiler_name}</summary>{content}</details>"""
return container
def tag_image(children, attr):
img = f"<img class=\"post-image\" src=\"{attr}\" alt=\"{children}\">"
return img
def tag_quote(children, attr):
if attr:
quotee = f'Quoting: {attr.strip()}'
else:
quotee = 'Quote'
return f'<fieldset class="plank minimal no-shadow secondary-bg"><legend>{quotee}</legend><blockquote>{children}</blockquote></fieldset>'
TAGS = {
"b": lambda children, attr: f"<strong>{children}</strong>",
"i": lambda children, attr: f"<em>{children}</em>",
"s": lambda children, attr: f"<del>{children}</del>",
"u": lambda children, attr: f"<u>{children}</u>",
"img": tag_image,
"url": lambda children, attr: f"<a href={attr}>{children}</a>",
"quote": tag_quote,
"code": tag_code,
"ul": lambda children, attr: f"<ul>{tag_list(children)}</ul>",
"ol": lambda children, attr: f"<ol>{tag_list(children)}</ol>",
"big": lambda children, attr: f"<span style='font-size: 2rem;'>{children}</span>",
"small": lambda children, attr: f"<span style='font-size: 0.75rem;'>{children}</span>",
"color": tag_color,
"center": lambda children, attr: f"<div style='text-align: center;'>{children}</div>",
"right": lambda children, attr: f"<div style='text-align: right;'>{children}</div>",
"spoiler": tag_spoiler,
}
def tag_code_rss(children, attr):
is_inline = children.find('\n') == -1
if is_inline:
return f'<code>{children}</code>'
else:
return f'<pre><code>{children}</code></pre>'
def tag_url_rss(children, attr):
if attr.startswith('/'):
from flask import current_app
uri = f"{current_app.config['PREFERRED_URL_SCHEME']}://{current_app.config['SERVER_NAME']}{attr}"
return f"<a href={uri}>{children}</a>"
return f"<a href={attr}>{children}</a>"
def tag_image_rss(children, attr):
if attr.startswith('/'):
from flask import current_app
uri = f"{current_app.config['PREFERRED_URL_SCHEME']}://{current_app.config['SERVER_NAME']}{attr}"
return f'<img src="{uri}" alt={children} />'
return f'<img src="{attr}" alt={children} />'
RSS_TAGS = {
**TAGS,
'img': tag_image_rss,
'url': tag_url_rss,
'spoiler': lambda children, attr: f'<details><summary>{attr or "Spoiler"} (click to reveal)</summary>{children}</details>',
'code': tag_code_rss,
'big': lambda children, attr: f'<span style="font-size: 1.2em">{children}</span>',
'small': lambda children, attr: f'<small>{children}</small>'
}
VOID_TAGS = {
'lb': lambda attr: '[',
'rb': lambda attr: ']',
'at': lambda attr: '@',
'd': lambda attr: '-',
}
INLINE_TAGS = {
'b', 'i', 's', 'u', 'color', 'big', 'small', 'url', 'lb', 'rb', 'at', 'd', 'img'
}
def is_tag(e, tag=None):
if e is None:
return False
if isinstance(e, str):
return False
if e['type'] != 'bbcode' and e['type'] != 'bbcode_void':
return False
if tag is None:
return True
return e['name'] == tag
def is_text(e):
return isinstance(e, str)
def is_inline(e):
if e is None:
@@ -219,29 +508,12 @@ def is_inline(e):
if is_tag(e):
if is_tag(e, 'code'): # special case, since [code] can be inline OR block
return '\n' not in e['children']
return '\n' not in e['children'][0]
return e['name'] in INLINE_TAGS
return e['type'] != 'rule'
def make_mention(e, mentions):
from ..models import Users
from flask import url_for
target_user = Users.find({'username': e['name'].lower()})
if not target_user:
return f"@{e['name']}"
mention_data = {
'mention_text': f"@{e['name']}",
'mentioned_user_id': int(target_user.id),
"start": e['start'],
"end": e['end'],
}
if mention_data not in mentions:
mentions.append(mention_data)
return f"<a class='mention{' display' if target_user.has_display_name() else ''}' href='{url_for('users.page', username=target_user.username)}' title='@{target_user.username}' data-init='highlightMentions' data-username='{target_user.username}'>{'@' if not target_user.has_display_name() else ''}{target_user.get_readable_name()}</a>"
def should_collapse(text, surrounding):
if not isinstance(text, str):
@@ -255,10 +527,30 @@ def should_collapse(text, surrounding):
return False
def sanitize(s):
return escape(s.strip().replace('\r\n', '\n').replace('\r', '\n'))
def babycode_to_html(s, banned_tags=[]):
def babycode_ast(s: str, banned_tags=[]):
"""
transforms a string of babycode into an AST.
the AST is a list of strings or dicts.
a string element is plain unformatted text.
a dict element is a node that contains at least the key `type`.
possible types are:
- bbcode
- bbcode_void
- link
- emote
- rule
- mention
bbcode type elements have a children key that is a list of children of that node. the children are themselves elements (string or dict).
"""
allowed_tags = set(TAGS.keys())
if banned_tags is not None:
for tag in banned_tags:
@@ -281,44 +573,38 @@ def babycode_to_html(s, banned_tags=[]):
)
if not should_collapse(e, surrounding):
elements.append(e)
return elements
out = ""
mentions = []
def fold(element, nobr, surrounding):
if isinstance(element, str):
if nobr:
return element
return break_lines(element)
match element['type']:
case "bbcode":
c = ""
for i in range(len(element['children'])):
child = element['children'][i]
_surrounding = (
element['children'][i - 1] if i-1 >= 0 else None,
element['children'][i + 1] if i+1 < len(element['children']) else None
)
_nobr = element['name'] == "code" or element['name'] == "ul" or element['name'] == "ol"
c = c + Markup(fold(child, _nobr, _surrounding))
res = TAGS[element['name']](c, element['attr'], surrounding)
return res
case "bbcode_void":
return VOID_TAGS[element['name']](element['attr'])
case "link":
return f"<a href=\"{element['url']}\">{element['url']}</a>"
case 'emote':
return EMOJI[element['name']]
case "rule":
return "<hr>"
case "mention":
return make_mention(element, mentions)
def babycode_to_html(s: str, banned_tags=[], fragment=False) -> BabycodeRenderResult:
"""
transforms a string of babycode into html.
for i in range(len(elements)):
e = elements[i]
surrounding = (
elements[i - 1] if i-1 >= 0 else None,
elements[i + 1] if i+1 < len(elements) else None
)
out = out + fold(e, False, surrounding)
return BabycodeParseResult(out, mentions)
parameters:
s (str) - babycode string
banned_tags (list) - babycode tags to exclude from being parsed. they will remain as plain text in the transformation.
fragment (bool) - skip adding an html p tag to the first element if it is inline.
"""
ast = babycode_ast(s, banned_tags)
r = HTMLRenderer(fragment=fragment)
return r.render(ast)
def babycode_to_rssxml(s: str, banned_tags=[], fragment=False) -> str:
"""
transforms a string of babycode into rss-compatible x/html.
parameters:
s (str) - babycode string
banned_tags (list) - babycode tags to exclude from being parsed. they will remain as plain text in the transformation.
fragment (bool) - skip adding an html p tag to the first element if it is inline.
"""
ast = babycode_ast(s, banned_tags)
r = RSSXMLRenderer(fragment=fragment)
return r.render(ast)

9
app/lib/exceptions.py Normal file
View File

@@ -0,0 +1,9 @@
class MissingConfigurationException(Exception):
def __init__(self, configuration_field: str):
message = f"Missing configuration field '{configuration_field}'"
super().__init__(message)
class SiteNameMissingException(MissingConfigurationException):
def __init__(self):
super().__init__('SITE_NAME')

10
app/lib/render_atom.py Normal file
View File

@@ -0,0 +1,10 @@
from flask import make_response, render_template, request
def render_atom_template(template, *args, **kwargs):
injects = {
**kwargs,
'__current_page': request.url,
}
r = make_response(render_template(template, *args, **injects))
r.mimetype = 'application/xml'
return r

9
app/migrations.py
View File

@@ -43,6 +43,7 @@ MIGRATIONS = [
add_signature_format,
create_default_bookmark_collections,
add_display_name,
'ALTER TABLE "post_history" ADD COLUMN "content_rss" STRING DEFAULT NULL'
]
def run_migrations():
@@ -52,11 +53,11 @@ def run_migrations():
)
""")
if len(MIGRATIONS) == 0:
print("No migrations defined.")
print('No migrations defined.')
return
print("Running migrations...")
print('Running migrations...')
ran = 0
completed = {int(row["id"]) for row in db.query("SELECT id FROM _migrations")}
completed = {int(row['id']) for row in db.query('SELECT id FROM _migrations')}
to_run = {idx: migration_obj for idx, migration_obj in enumerate(MIGRATIONS) if idx not in completed}
if not to_run:
print('No migrations need to run.')
@@ -73,4 +74,4 @@ def run_migrations():
db.execute('INSERT INTO _migrations (id) VALUES (?)', migration_id)
ran += 1
print(f"Ran {ran} migrations.")
print(f'Ran {ran} migrations.')

299
app/models.py
View File

@@ -4,10 +4,10 @@ from flask import current_app
import time
class Users(Model):
table = "users"
table = 'users'
def get_avatar_url(self):
return Avatars.find({"id": self.avatar_id}).file_path
return Avatars.find({'id': self.avatar_id}).file_path
def is_default_avatar(self):
return int(Avatars.find({'id': self.avatar_id}).id) == 1
@@ -30,23 +30,6 @@ class Users(Model):
def is_default_avatar(self):
return self.avatar_id == 1
def get_latest_posts(self):
q = """SELECT
posts.id, posts.created_at, post_history.content, post_history.edited_at, threads.title AS thread_title, topics.name as topic_name, threads.slug as thread_slug
FROM
posts
JOIN
post_history ON posts.current_revision_id = post_history.id
JOIN
threads ON posts.thread_id = threads.id
JOIN
topics ON threads.topic_id = topics.id
WHERE
posts.user_id = ?
ORDER BY posts.created_at DESC
LIMIT 10"""
return db.query(q, self.id)
def get_post_stats(self):
q = """SELECT
COUNT(DISTINCT posts.id) AS post_count,
@@ -116,93 +99,102 @@ class Users(Model):
def has_display_name(self):
return self.display_name != ''
def get_badges(self):
return Badges.findall({'user_id': int(self.id)})
class Topics(Model):
table = "topics"
table = 'topics'
@classmethod
def get_list(_cls):
q = """
SELECT
topics.id, topics.name, topics.slug, topics.description, topics.is_locked,
users.username AS latest_thread_username,
users.display_name AS latest_thread_display_name,
threads.title AS latest_thread_title,
threads.slug AS latest_thread_slug,
threads.created_at AS latest_thread_created_at
COUNT(DISTINCT threads.id) as threads_count,
COUNT(posts.id) AS posts_count,
MAX(posts.created_at) as latest_post_timestamp
FROM
topics
LEFT JOIN (
SELECT
*,
row_number() OVER (PARTITION BY threads.topic_id ORDER BY threads.created_at DESC) as rn
FROM
threads
) threads ON threads.topic_id = topics.id AND threads.rn = 1
LEFT JOIN
users on users.id = threads.user_id
ORDER BY
topics.sort_order ASC"""
threads ON threads.topic_id = topics.id
LEFT JOIN
posts ON posts.thread_id = threads.id
GROUP BY topics.id ORDER BY topics.sort_order ASC"""
return db.query(q)
@classmethod
def get_active_threads(cls):
def new(_cls, name: str, description: str) -> Topics:
from slugify import slugify
name = name.strip()
description = description.strip()
now = int(time.time())
slug = f'{slugify(name)}-{now}'
topic_count = Topics.count()
return Topics.create({
'name': name,
'description': description,
'slug': slug,
'sort_order': topic_count + 1,
})
def get_threads(self, per_page, page, sort_by = 'activity'):
order_clause = ''
if sort_by == 'thread':
order_clause = 'ORDER BY threads.is_stickied DESC, threads.created_at DESC'
else:
order_clause = 'ORDER BY threads.is_stickied DESC, latest_post_created_at DESC'
q = """
WITH ranked_threads AS (
WITH latest_posts AS (
SELECT
threads.topic_id, threads.id AS thread_id, threads.title AS thread_title, threads.slug AS thread_slug,
posts.id AS post_id, posts.created_at AS post_created_at,
users.username, users.display_name,
ROW_NUMBER() OVER (PARTITION BY threads.topic_id ORDER BY posts.created_at DESC) AS rn
FROM
threads
JOIN
posts ON threads.id = posts.thread_id
LEFT JOIN
users ON posts.user_id = users.id
thread_id,
id AS latest_post_id,
user_id AS latest_post_user_id,
created_at AS latest_post_created_at,
ROW_NUMBER() OVER (PARTITION BY thread_id ORDER BY created_at DESC) AS rn
FROM posts
),
post_counts AS (
SELECT
thread_id,
COUNT(*) AS posts_count
FROM posts
GROUP BY thread_id
)
SELECT
topic_id,
thread_id, thread_title, thread_slug,
post_id, post_created_at,
username, display_name
FROM
ranked_threads
WHERE
rn = 1
ORDER BY
topic_id"""
threads.id,
threads.title,
threads.slug,
threads.created_at,
threads.is_locked,
threads.is_stickied,
starter.username AS started_by,
starter.display_name AS started_by_display_name,
latest_poster.username AS latest_post_username,
latest_poster.display_name AS latest_post_display_name,
latest_posts.latest_post_created_at,
latest_posts.latest_post_id,
COALESCE(post_counts.posts_count, 0) AS posts_count
FROM threads
JOIN users AS starter ON starter.id = threads.user_id
LEFT JOIN latest_posts ON latest_posts.thread_id = threads.id AND latest_posts.rn = 1
LEFT JOIN users AS latest_poster ON latest_poster.id = latest_posts.latest_post_user_id
LEFT JOIN post_counts ON post_counts.thread_id = threads.id
WHERE threads.topic_id = ?
""" + order_clause + ' LIMIT ? OFFSET ?'
active_threads_raw = db.query(q)
active_threads = {}
for thread in active_threads_raw:
active_threads[int(thread['topic_id'])] = {
'thread_title': thread['thread_title'],
'thread_slug': thread['thread_slug'],
'post_id': thread['post_id'],
'username': thread['username'],
'display_name': thread['display_name'],
'post_created_at': thread['post_created_at']
}
return active_threads
def get_threads(self, per_page, page, sort_by = "activity"):
order_clause = ""
if sort_by == "thread":
order_clause = "ORDER BY threads.is_stickied DESC, threads.created_at DESC"
else:
order_clause = "ORDER BY threads.is_stickied DESC, latest_post_created_at DESC"
return db.query(q, self.id, per_page, (page - 1) * per_page)
def get_threads_with_op_rss(self):
q = """
SELECT
threads.id, threads.title, threads.slug, threads.created_at, threads.is_locked, threads.is_stickied,
users.username AS started_by,
users.display_name AS started_by_display_name,
u.username AS latest_post_username,
u.display_name AS latest_post_display_name,
ph.content AS latest_post_content,
posts.created_at AS latest_post_created_at,
posts.id AS latest_post_id
ph.content_rss AS original_post_content,
posts.id AS original_post_id
FROM
threads
JOIN users ON users.id = threads.user_id
@@ -213,7 +205,7 @@ class Topics(Model):
posts.user_id,
posts.created_at,
posts.current_revision_id,
ROW_NUMBER() OVER (PARTITION BY posts.thread_id ORDER BY posts.created_at DESC) AS rn
ROW_NUMBER() OVER (PARTITION BY posts.thread_id ORDER BY posts.created_at ASC) AS rn
FROM
posts
) posts ON posts.thread_id = threads.id AND posts.rn = 1
@@ -223,17 +215,24 @@ class Topics(Model):
users u ON u.id = posts.user_id
WHERE
threads.topic_id = ?
""" + order_clause + " LIMIT ? OFFSET ?"
ORDER BY threads.created_at DESC"""
return db.query(q, self.id, per_page, (page - 1) * per_page)
return db.query(q, self.id)
def locked(self):
return bool(self.is_locked)
class Threads(Model):
table = "threads"
table = 'threads'
def get_posts(self, limit, offset):
q = Posts.FULL_POSTS_QUERY + " WHERE posts.thread_id = ? ORDER BY posts.created_at ASC LIMIT ? OFFSET ?"
return db.query(q, self.id, limit, offset)
def get_posts(self, per_page, page):
q = Posts.FULL_POSTS_QUERY + ' WHERE posts.thread_id = ? ORDER BY posts.created_at ASC LIMIT ? OFFSET ?'
return db.query(q, self.id, per_page, (page - 1) * per_page)
def get_posts_rss(self):
q = Posts.FULL_POSTS_QUERY + ' WHERE posts.thread_id = ?'
return db.query(q, self.id)
def locked(self):
return bool(self.is_locked)
@@ -241,16 +240,49 @@ class Threads(Model):
def stickied(self):
return bool(self.is_stickied)
@classmethod
def new(cls, user_id: int, topic_id: int, title: str, content: str, language: str = 'babycode') -> Threads:
from slugify import slugify
now = int(time.time())
slug = f'{slugify(title)}-{now}'
thread = Threads.create({
'topic_id': topic_id,
'user_id': user_id,
'title': title.strip(),
'slug': slug,
'created_at': int(time.time()),
})
post = Posts.new(user_id, thread.id, content, language)
return thread
class Posts(Model):
FULL_POSTS_QUERY = """
WITH user_badges AS (
SELECT
b.user_id,
json_group_array(
json_object(
'label', b.label,
'link', b.link,
'sort_order', b.sort_order,
'file_path', bu.file_path
)
) AS badges_json
FROM badges b
LEFT JOIN badge_uploads bu ON b.upload = bu.id
GROUP BY b.user_id
ORDER BY b.sort_order
)
SELECT
posts.id, posts.created_at,
post_history.content, post_history.edited_at,
post_history.content, post_history.edited_at, post_history.content_rss,
users.username, users.display_name, users.status,
avatars.file_path AS avatar_path, posts.thread_id,
users.id AS user_id, post_history.original_markup,
users.signature_rendered, threads.slug AS thread_slug,
threads.is_locked AS thread_is_locked, threads.title AS thread_title
threads.is_locked AS thread_is_locked, threads.title AS thread_title,
COALESCE(user_badges.badges_json, '[]') AS badges_json
FROM
posts
JOIN
@@ -260,25 +292,60 @@ class Posts(Model):
JOIN
threads ON posts.thread_id = threads.id
LEFT JOIN
avatars ON users.avatar_id = avatars.id"""
avatars ON users.avatar_id = avatars.id
LEFT JOIN
user_badges ON users.id = user_badges.user_id"""
table = "posts"
table = 'posts'
def get_full_post_view(self):
q = f'{self.FULL_POSTS_QUERY} WHERE posts.id = ?'
return db.fetch_one(q, self.id)
@classmethod
def new(cls, user_id: int, thread_id: int, content: str, language: str = 'babycode') -> Posts:
from .lib.babycode import babycode_to_html, babycode_to_rssxml, BABYCODE_VERSION
html_content = babycode_to_html(content)
rssxml_content = babycode_to_rssxml(content)
with db.transaction():
post = Posts.create({
'thread_id': thread_id,
'user_id': user_id,
'current_revision_id': None,
})
revision = PostHistory.create({
'post_id': post.id,
'content': html_content.result,
'content_rss': rssxml_content,
'is_initial_revision': True,
'original_markup': content,
'markup_language': language,
'format_version': BABYCODE_VERSION,
})
for mention in html_content.mentions:
Mentions.create({
'revision_id': revision.id,
'mentioned_iser_id': mention['mentioned_iser_id'],
'start_index': mention['start'],
'end_index': mention['end'],
})
post.update({'current_revision_id': revision.id})
return post
class PostHistory(Model):
table = "post_history"
table = 'post_history'
class Sessions(Model):
table = "sessions"
table = 'sessions'
class Avatars(Model):
table = "avatars"
table = 'avatars'
class Subscriptions(Model):
table = "subscriptions"
table = 'subscriptions'
def get_unread_count(self):
q = """SELECT COUNT(*) AS unread_count
@@ -315,15 +382,15 @@ class APIRateLimits(Model):
return False
class Reactions(Model):
table = "reactions"
table = 'reactions'
@classmethod
def for_post(cls, post_id):
qb = db.QueryBuilder(cls.table)\
.select("reaction_text, COUNT(*) as c")\
.where({"post_id": post_id})\
.group_by("reaction_text")\
.order_by("c", False)
.select('reaction_text, COUNT(*) as c')\
.where({'post_id': post_id})\
.group_by('reaction_text')\
.order_by('c', False)
result = qb.all()
return result if result else []
@@ -341,7 +408,7 @@ class Reactions(Model):
class PasswordResetLinks(Model):
table = "password_reset_links"
table = 'password_reset_links'
class InviteKeys(Model):
@@ -434,3 +501,31 @@ class MOTD(Model):
class Mentions(Model):
table = 'mentions'
class BadgeUploads(Model):
table = 'badge_uploads'
@classmethod
def get_default(cls):
return BadgeUploads.findall({'user_id': None}, 'IS')
@classmethod
def get_for_user(cls, user_id):
q = 'SELECT * FROM badge_uploads WHERE user_id = ? OR user_id IS NULL ORDER BY uploaded_at'
res = db.query(q, int(user_id))
return [cls.from_data(row) for row in res]
@classmethod
def get_unused_for_user(cls, user_id):
q = 'SELECT bu.* FROM badge_uploads bu LEFT JOIN badges b ON bu.id = b.upload WHERE bu.user_id = ? AND b.upload IS NULL'
res = db.query(q, int(user_id))
return [cls.from_data(row) for row in res]
class Badges(Model):
table = 'badges'
def get_image_url(self):
bu = BadgeUploads.find({'id': int(self.upload)})
return bu.file_path

228
app/routes/api.py
View File

@@ -1,228 +0,0 @@
from flask import Blueprint, request, url_for
from ..lib.babycode import babycode_to_html
from ..constants import REACTION_EMOJI
from .users import is_logged_in, get_active_user
from ..models import APIRateLimits, Threads, Reactions, Users, BookmarkCollections, BookmarkedThreads, BookmarkedPosts
from ..db import db
bp = Blueprint("api", __name__, url_prefix="/api/")
@bp.post('/thread-updates/<thread_id>')
def thread_updates(thread_id):
thread = Threads.find({'id': thread_id})
if not thread:
return {'error': 'no such thread'}, 404
target_time = request.json.get('since')
if not target_time:
return {'error': 'missing parameter "since"'}, 400
try:
target_time = int(target_time)
except:
return {'error': 'parameter "since" is not/cannot be converted to a number'}, 400
q = 'SELECT id FROM posts WHERE thread_id = ? AND posts.created_at > ? ORDER BY posts.created_at ASC LIMIT 1'
new_post = db.fetch_one(q, thread_id, target_time)
if not new_post:
return {'status': 'none'}
url = url_for('threads.thread', slug=thread.slug, after=new_post['id'], _anchor=f"post-{new_post['id']}")
return {'status': 'new_post', 'url': url}
@bp.post('/babycode-preview')
def babycode_preview():
if not is_logged_in():
return {'error': 'not authorized'}, 401
user = get_active_user()
if not APIRateLimits.is_allowed(user.id, 'babycode_preview', 5):
return {'error': 'too many requests'}, 429
markup = request.json.get('markup')
if not markup or not isinstance(markup, str):
return {'error': 'markup field missing or invalid type'}, 400
banned_tags = request.json.get('banned_tags', [])
rendered = babycode_to_html(markup, banned_tags).result
return {'html': rendered}
@bp.post('/add-reaction/<post_id>')
def add_reaction(post_id):
if not is_logged_in():
return {'error': 'not authorized', 'error_code': 401}, 401
user = get_active_user()
reaction_text = request.json.get('emoji')
if not reaction_text or not isinstance(reaction_text, str):
return {'error': 'emoji field missing or invalid type', 'error_code': 400}, 400
if reaction_text not in REACTION_EMOJI:
return {'error': 'unsupported reaction', 'error_code': 400}, 400
reaction = Reactions.find({
'user_id': user.id,
'post_id': int(post_id),
'reaction_text': reaction_text,
})
if reaction:
return {'error': 'reaction already exists', 'error_code': 409}, 409
reaction = Reactions.create({
'user_id': user.id,
'post_id': int(post_id),
'reaction_text': reaction_text,
})
return {'status': 'added'}
@bp.post('/remove-reaction/<post_id>')
def remove_reaction(post_id):
if not is_logged_in():
return {'error': 'not authorized'}, 401
user = get_active_user()
reaction_text = request.json.get('emoji')
if not reaction_text or not isinstance(reaction_text, str):
return {'error': 'emoji field missing or invalid type'}, 400
if reaction_text not in REACTION_EMOJI:
return {'error': 'unsupported reaction'}, 400
reaction = Reactions.find({
'user_id': user.id,
'post_id': int(post_id),
'reaction_text': reaction_text,
})
if not reaction:
return {'error': 'reaction does not exist'}, 404
reaction.delete()
return {'status': 'removed'}
@bp.post('/manage-bookmark-collections/<user_id>')
def manage_bookmark_collections(user_id):
if not is_logged_in():
return {'error': 'not authorized', 'error_code': 401}, 401
target_user = Users.find({'id': user_id})
if target_user.id != get_active_user().id:
return {'error': 'forbidden', 'error_code': 403}, 403
if target_user.is_guest():
return {'error': 'forbidden', 'error_code': 403}, 403
collections_data = request.json
for idx, coll_data in enumerate(collections_data.get('collections')):
if coll_data['is_new']:
collection = BookmarkCollections.create({
'name': coll_data['name'],
'user_id': target_user.id,
'sort_order': idx,
})
else:
collection = BookmarkCollections.find({'id': coll_data['id']})
if not collection:
continue
update = {'name': coll_data['name']}
if not collection.is_default:
update['sort_order'] = idx
collection.update(update)
for removed_id in collections_data.get('removed_collections'):
collection = BookmarkCollections.find({'id': removed_id})
if not collection:
continue
if collection.is_default:
continue
collection.delete()
return {'status': 'ok'}, 200
@bp.post('/bookmark-post/<post_id>')
def bookmark_post(post_id):
if not is_logged_in():
return {'error': 'not authorized', 'error_code': 401}, 401
operation = request.json.get('operation')
if operation == 'remove' and request.json.get('collection_id', '') == '':
return {'status': 'not modified'}, 304
collection_id = int(request.json.get('collection_id'))
post_id = int(post_id)
memo = request.json.get('memo', '')
if operation == 'move':
bm = BookmarkedPosts.find({'post_id': post_id})
if not bm:
BookmarkedPosts.create({
'post_id': post_id,
'collection_id': collection_id,
'note': memo,
})
else:
bm.update({
'collection_id': collection_id,
'note': memo,
})
elif operation == 'remove':
bm = BookmarkedPosts.find({'post_id': post_id})
if bm:
bm.delete()
else:
return {'error': 'bad request'}, 400
return {'status': 'ok'}, 200
@bp.post('/bookmark-thread/<thread_id>')
def bookmark_thread(thread_id):
if not is_logged_in():
return {'error': 'not authorized', 'error_code': 401}, 401
operation = request.json.get('operation')
if operation == 'remove' and request.json.get('collection_id', '') == '':
return {'status': 'not modified'}, 304
collection_id = int(request.json.get('collection_id'))
thread_id = int(thread_id)
memo = request.json.get('memo', '')
if operation == 'move':
bm = BookmarkedThreads.find({'thread_id': thread_id})
if not bm:
BookmarkedThreads.create({
'thread_id': thread_id,
'collection_id': collection_id,
'note': memo,
})
else:
bm.update({
'collection_id': collection_id,
'note': memo,
})
elif operation == 'remove':
bm = BookmarkedThreads.find({
'thread_id': thread_id,
'note': memo,
})
if bm:
bm.delete()
else:
return {'error': 'bad request'}, 400
return {'status': 'ok'}, 200
@bp.get('/current-user')
def get_current_user_info():
if not is_logged_in():
return {'user': None}
user = get_active_user()
return {
'user': {
'username': user.username,
'display_name': user.display_name,
}
}

7
app/routes/app.py
View File

@@ -1,7 +1,6 @@
from flask import Blueprint, redirect, url_for, render_template
bp = Blueprint('app', __name__, url_prefix = '/')
bp = Blueprint("app", __name__, url_prefix = "/")
@bp.route("/")
@bp.get('/')
def index():
return redirect(url_for("topics.all_topics"))
return redirect(url_for('topics.all_topics'))

14
app/routes/guides.py
View File

@@ -1,13 +1,11 @@
from flask import Blueprint, render_template
from flask import Blueprint
bp = Blueprint('guides', __name__, url_prefix='/guides/')
@bp.get('/babycode')
def babycode():
return render_template('guides/babycode.html')
bp = Blueprint('guides', __name__, url_prefix = '/guides/')
@bp.get('/')
def index():
return 'stub'
@bp.get('/contact')
def contact():
return render_template('guides/contact.html')
return 'stub'

53
app/routes/hyperapi.py
View File

@@ -1,53 +0,0 @@
from flask import Blueprint, render_template, abort, request
from .users import get_active_user, is_logged_in
from ..models import BookmarkCollections, BookmarkedPosts, BookmarkedThreads
from functools import wraps
bp = Blueprint('hyperapi', __name__, url_prefix='/hyperapi/')
def login_required(view_func):
@wraps(view_func)
def dec(*args, **kwargs):
if not is_logged_in():
abort(403)
return view_func(*args, **kwargs)
return dec
def account_required(view_func):
@wraps(view_func)
def dec(*args, **kwargs):
if get_active_user().is_guest():
abort(403)
return view_func(*args, **kwargs)
return dec
@bp.errorhandler(403)
def handle_403(e):
return "<h1>forbidden</h1>", 403
@bp.get('bookmarks-dropdown/<bookmark_type>')
@login_required
@account_required
def bookmarks_dropdown(bookmark_type):
collections = BookmarkCollections.findall({'user_id': get_active_user().id})
concept_id = request.args.get('id')
require_reload = bool(int(request.args.get('require_reload', default=0)))
if bookmark_type.lower() == 'thread':
selected = next(filter(lambda bc: bc.has_thread(concept_id), collections), None)
elif bookmark_type.lower() == 'post':
selected = next(filter(lambda bc: bc.has_post(concept_id), collections), None)
else:
abort(400)
return
if selected:
if bookmark_type.lower() == 'thread':
memo = BookmarkedThreads.find({'collection_id': selected.id, 'thread_id': int(concept_id)}).note
else:
memo = BookmarkedPosts.find({'collection_id': selected.id, 'post_id': int(concept_id)}).note
else:
memo = ''
return render_template('components/bookmarks_dropdown.html', collections=collections, id=concept_id, selected=selected, type=bookmark_type, memo=memo, require_reload=require_reload)

166
app/routes/mod.py
View File

@@ -1,104 +1,96 @@
from flask import (
Blueprint, render_template, request, redirect, url_for,
flash
)
from .users import get_active_user, is_logged_in
from ..models import Users, PasswordResetLinks, MOTD
from ..constants import InfoboxKind, MOTD_BANNED_TAGS
from ..lib.babycode import babycode_to_html, BABYCODE_VERSION
from ..db import db
import secrets
import time
bp = Blueprint("mod", __name__, url_prefix = "/mod/")
from flask import Blueprint, abort, redirect, url_for, request, render_template
from ..auth import is_logged_in, get_active_user, csrf_verified
from ..models import Topics, Threads
bp = Blueprint('mod', __name__, url_prefix='/mod/')
@bp.before_request
def _before_request():
def mod_only():
if not is_logged_in():
return redirect(url_for("users.log_in"))
abort(403)
if not get_active_user().is_mod():
return redirect(url_for("topics.all_topics"))
abort(403)
@bp.get('/')
def index():
return 'stub'
@bp.get("/sort-topics")
@bp.get('/topics/new/')
def new_topic():
return render_template('mod/new_topic.html')
@bp.post('/topics/new/')
def new_topic_post():
topic = Topics.new(request.form.get('name'), request.form.get('description'))
return redirect(url_for('topics.topic_by_id', topic_id=topic.id))
@bp.get('/topics/sort/')
def sort_topics():
topics = db.query("SELECT * FROM topics ORDER BY sort_order ASC")
return render_template("mod/sort-topics.html", topics = topics)
return 'stub'
@bp.get('/topics/<int:topic_id>/edit/')
def edit_topic(topic_id):
topic = Topics.find({'id': topic_id})
if not topic:
abort(404)
return render_template('mod/edit_topic.html', topic=topic)
@bp.post("/sort-topics")
def sort_topics_post():
with db.transaction():
for topic_id, new_order in request.form.items():
db.execute("UPDATE topics SET sort_order = ? WHERE id = ?", new_order, topic_id)
return redirect(url_for(".sort_topics"))
@bp.get("/user-list")
def user_list():
users = Users.select()
return render_template("mod/user-list.html", users = users)
@bp.post("/reset-pass/<user_id>")
def create_reset_pass(user_id):
now = int(time.time())
key = secrets.token_urlsafe(20)
reset_link = PasswordResetLinks.create({
'user_id': int(user_id),
'expires_at': now + 24 * 60 * 60,
'key': key,
@bp.post('/topics/<int:topic_id>/edit/')
def edit_topic_post(topic_id):
topic = Topics.find({'id': topic_id})
if not topic:
abort(404)
topic.update({
'name': request.form.get('name').strip(),
'description': request.form.get('description').strip(),
})
return redirect(url_for('topics.topic_by_id', topic_id=topic.id))
return redirect(url_for('users.reset_link_login', key=key))
@bp.post('/topics/<int:topic_id>/lock/')
def lock_topic(topic_id):
topic = Topics.find({'id': topic_id})
if not topic:
abort(404)
topic.update({'is_locked': request.form.get('lock', default=0)})
return redirect(url_for('topics.topic_by_id', topic_id=topic.id))
@bp.post('/threads/<int:thread_id>/move/')
def move_thread(thread_id):
thread = Threads.find({'id': thread_id})
if not thread:
abort(404)
target_topic = Topics.find({'id': request.form.get('new_topic_id', default=None)})
if not target_topic:
abort(404)
thread.update({'topic_id': target_topic.id})
return redirect(url_for('threads.thread_by_id', thread_id=thread.id))
@bp.get('/panel')
def panel():
return render_template('mod/panel.html')
@bp.post('/threads/<int:thread_id>/lock/')
def lock_thread(thread_id):
thread = Threads.find({'id': thread_id})
if not thread:
abort(404)
thread.update({'is_locked': request.form.get('lock')})
return redirect(url_for('threads.thread_by_id', thread_id=thread.id))
@bp.post('/threads/<int:thread_id>/sticky/')
def sticky_thread(thread_id):
thread = Threads.find({'id': thread_id})
if not thread:
abort(404)
thread.update({'is_stickied': request.form.get('sticky')})
return redirect(url_for('threads.thread_by_id', thread_id=thread.id))
@bp.get('/motd')
def motd_editor():
current = MOTD.get_all()[0] if MOTD.has_motd() else None
return render_template('mod/motd.html', current=current)
@bp.post('/users/<int:user_id>/make-guest/')
@csrf_verified
def make_user_guest(user_id):
return 'stub'
@bp.post('/users/<int:user_id>/make-user/')
@csrf_verified
def make_user_regular(user_id):
return 'stub'
@bp.post('/motd')
def motd_editor_form():
orig_body = request.form.get('body', default='')
title = request.form.get('title', default='')
data = {
'title': title,
'body_original_markup': orig_body,
'body_rendered': babycode_to_html(orig_body, banned_tags=MOTD_BANNED_TAGS).result,
'format_version': BABYCODE_VERSION,
'edited_at': int(time.time()),
}
if MOTD.has_motd():
motd = MOTD.get_all()[0]
motd.update(data)
message = 'MOTD updated.'
else:
data['created_at'] = int(time.time())
data['user_id'] = get_active_user().id
motd = MOTD.create(data)
message = 'MOTD created.'
flash(message, InfoboxKind.INFO)
return redirect(url_for('.motd_editor'))
@bp.post('/motd/delete')
def motd_delete():
if not MOTD.has_motd():
flash('No MOTD to delete.', InfoboxKind.WARN)
return redirect(url_for('.motd_editor'))
current = MOTD.get_all()[0]
current.delete()
flash('MOTD deleted.', InfoboxKind.INFO)
return redirect(url_for('.motd_editor'))
@bp.post('/users/<int:user_id>/make-mod/')
@csrf_verified
def make_user_mod(user_id):
return 'stub'

165
app/routes/posts.py
View File

@@ -1,149 +1,44 @@
from flask import (
Blueprint, redirect, url_for, flash, render_template, request
)
from .users import login_required, get_active_user
from ..lib.babycode import babycode_to_html, BABYCODE_VERSION
from ..constants import InfoboxKind
from ..db import db
from ..models import Posts, PostHistory, Threads, Topics, Mentions
from flask import Blueprint, abort
from functools import wraps
from ..auth import login_required, get_active_user
from ..models import Posts
bp = Blueprint("posts", __name__, url_prefix = "/post")
bp = Blueprint('posts', __name__, url_prefix='/posts/')
def create_post(thread_id, user_id, content, markup_language="babycode"):
parsed_content = babycode_to_html(content)
with db.transaction():
post = Posts.create({
"thread_id": thread_id,
"user_id": user_id,
"current_revision_id": None,
})
revision = PostHistory.create({
"post_id": post.id,
"content": parsed_content.result,
"is_initial_revision": True,
"original_markup": content,
"markup_language": markup_language,
"format_version": BABYCODE_VERSION,
})
for mention in parsed_content.mentions:
Mentions.create({
'revision_id': revision.id,
'mentioned_user_id': mention['mentioned_user_id'],
'original_mention_text': mention['mention_text'],
'start_index': mention['start'],
'end_index': mention['end'],
})
post.update({"current_revision_id": revision.id})
return post
def update_post(post_id, new_content, markup_language='babycode'):
parsed_content = babycode_to_html(new_content)
with db.transaction():
post = Posts.find({'id': post_id})
new_revision = PostHistory.create({
'post_id': post.id,
'content': parsed_content.result,
'is_initial_revision': False,
'original_markup': new_content,
'markup_language': markup_language,
'format_version': BABYCODE_VERSION,
})
for mention in parsed_content.mentions:
Mentions.create({
'revision_id': new_revision.id,
'mentioned_user_id': mention['mentioned_user_id'],
'original_mention_text': mention['mention_text'],
'start_index': mention['start'],
'end_index': mention['end'],
})
post.update({'current_revision_id': new_revision.id})
@bp.post("/<post_id>/delete")
@login_required
def delete(post_id):
post = Posts.find({'id': post_id})
def ownership_required(view_func):
@wraps(view_func)
def wrapper(*args, **kwargs):
post = Posts.find({'id': kwargs.get('post_id', None)})
if not post:
abort(404)
return
thread = Threads.find({'id': post.thread_id})
user = get_active_user()
if not user:
return redirect(url_for('threads.thread', slug=thread.slug))
if post.user_id != get_active_user().id:
abort(403)
if user.is_mod() or post.user_id == user.id:
post.delete()
return view_func(*args, **kwargs)
return wrapper
post_count = Posts.count({
'thread_id': thread.id,
})
def ownership_or_mod_required(view_func):
@wraps(view_func)
def wrapper(*args, **kwargs):
post = Posts.find({'id': kwargs.get('post_id', None)})
if not post:
abort(404)
if post_count == 0:
topic = Topics.find({
'id': thread.topic_id,
})
thread.delete()
flash('Thread deleted.', InfoboxKind.INFO)
return redirect(url_for('topics.topic', slug=topic.slug))
if post.user_id != get_active_user().id and not get_active_user().is_mod():
abort(403)
flash('Post deleted.', InfoboxKind.INFO)
return view_func(*args, **kwargs)
return wrapper
return redirect(url_for('threads.thread', slug=thread.slug))
@bp.get("/<post_id>/edit")
@bp.get('/<int:post_id>/edit/')
@login_required
@ownership_required
def edit(post_id):
post = Posts.find({'id': post_id})
if not post:
abort(404)
return
return 'stub'
user = get_active_user()
q = f"{Posts.FULL_POSTS_QUERY} WHERE posts.id = ?"
editing_post = db.fetch_one(q, post_id)
if not editing_post:
abort(404)
return
if editing_post['user_id'] != user.id:
return redirect(url_for('topics.all_topics'))
thread = Threads.find({'id': editing_post['thread_id']})
thread_predicate = f'{Posts.FULL_POSTS_QUERY} WHERE posts.thread_id = ?'
context_prev_q = f'{thread_predicate} AND posts.created_at < ? ORDER BY posts.created_at DESC LIMIT 2'
context_next_q = f'{thread_predicate} AND posts.created_at > ? ORDER BY posts.created_at ASC LIMIT 2'
prev_context = db.query(context_prev_q, thread.id, editing_post['created_at'])
next_context = db.query(context_next_q, thread.id, editing_post['created_at'])
return render_template('posts/edit.html',
editing_post = editing_post,
thread = thread,
prev_context = prev_context,
next_context = next_context,
)
@bp.post("/<post_id>/edit")
@bp.get('/<int:post_id>/delete/')
@login_required
def edit_form(post_id):
user = get_active_user()
post = Posts.find({'id': post_id})
if not post:
abort(404)
return
if post.user_id != user.id:
return redirect(url_for('topics.all_topics'))
update_post(post.id, request.form.get('new_content', default=''))
thread = Threads.find({'id': post.thread_id})
return redirect(url_for('threads.thread', slug=thread.slug, after=post.id, _anchor=f'post-{post.id}'))
@ownership_or_mod_required
def delete(post_id):
return 'stub'

283
app/routes/threads.py
View File

@@ -1,247 +1,102 @@
from flask import (
Blueprint, render_template, request, redirect, url_for, flash,
abort,
)
from .users import login_required, mod_only, get_active_user, is_logged_in
from ..db import db
from ..models import Threads, Topics, Posts, Subscriptions, Reactions
from ..constants import InfoboxKind
from .posts import create_post
from slugify import slugify
from flask import Blueprint, redirect, url_for, render_template, request, abort
from ..auth import login_required, get_active_user
from ..models import Threads, Posts, Topics, Users, Reactions
import math
import time
bp = Blueprint("threads", __name__, url_prefix = "/threads/")
bp = Blueprint('threads', __name__, url_prefix='/threads/')
def get_post_url(post_id, _anchor=False):
post = Posts.find({'id': post_id})
if not post:
return ""
thread = Threads.find({'id': post.thread_id})
res = url_for('threads.thread', slug=thread.slug, after=post_id)
if not _anchor:
return res
return f"{res}#post-{post_id}"
@bp.get("/<slug>")
def thread(slug):
POSTS_PER_PAGE = 10
thread = Threads.find({"slug": slug})
@bp.get('/<int:thread_id>/')
def thread_by_id(thread_id):
thread = Threads.find({'id': thread_id})
if not thread:
abort(404)
return
return redirect(url_for('.thread', thread_id=thread_id, slug=thread.slug, **request.args))
post_count = Posts.count({"thread_id": thread.id})
page_count = max(math.ceil(post_count / POSTS_PER_PAGE), 1)
@bp.get('/<int:thread_id>/<slug>/')
def thread(thread_id, slug):
thread = Threads.find({'id': thread_id})
if not thread:
abort(404)
if thread.slug != slug:
return redirect(url_for('.thread', thread_id=thread_id, slug=thread.slug, **request.kwargs))
topic = Topics.find({'id': thread.topic_id})
started_by = Users.find({'id': thread.user_id})
PER_PAGE = 10
posts_count = Posts.count({'thread_id': thread.id})
page_count = max(1, math.ceil(posts_count / PER_PAGE))
page = 1
after = request.args.get("after", default=None)
after = request.args.get('after')
if after is not None:
try:
after_id = int(after)
post_position = Posts.count([
("thread_id", "=", thread.id),
("id", "<=", after_id),
('thread_id', '=', thread.id),
('id', '<=', after_id),
])
page = math.ceil((post_position) / POSTS_PER_PAGE)
page = math.ceil((post_position) / PER_PAGE)
except ValueError:
abort(404)
else:
page = max(1, min(page_count, int(request.args.get("page", default = 1))))
posts = thread.get_posts(POSTS_PER_PAGE, (page - 1) * POSTS_PER_PAGE)
topic = Topics.find({"id": thread.topic_id})
other_topics = Topics.select()
try:
page = max(1, min(int(request.args.get('page', default=1)), page_count))
except ValueError:
abort(404)
return render_template('threads/thread.html', thread=thread, posts=thread.get_posts(PER_PAGE, page), page=page, page_count=page_count, topic=topic, started_by=started_by, topics=Topics.get_list(), Reactions=Reactions)
is_subscribed = False
unread_count = None
if is_logged_in():
subscription = Subscriptions.find({
'thread_id': thread.id,
'user_id': get_active_user().id,
})
if subscription:
unread_count = subscription.get_unread_count()
if int(posts[-1]['created_at']) > int(subscription.last_seen):
subscription.update({
'last_seen': int(posts[-1]['created_at'])
})
is_subscribed = True
return render_template(
"threads/thread.html",
thread = thread,
current_page = page,
page_count = page_count,
posts = posts,
topic = topic,
topics = other_topics,
is_subscribed = is_subscribed,
Reactions = Reactions,
unread_count = unread_count,
)
@bp.post("/<slug>")
@bp.post('/<int:thread_id>/reply/')
@login_required
def reply(slug):
thread = Threads.find({"slug": slug})
def reply(thread_id):
user = get_active_user()
thread = Threads.find({'id': thread_id})
if not thread:
abort(404)
return
user = get_active_user()
if user.is_guest():
return redirect(url_for('.thread', slug=slug))
if thread.locked() and not user.is_mod():
return redirect(url_for('.thread', slug=slug))
# TODO: flash
return redirect(url_for('.thread_by_id', thread_id=thread_id))
post = Posts.new(user.id, thread.id, request.form.get('babycode_content'))
return redirect(url_for('.thread_by_id', thread_id=thread_id, after=post.id, _anchor=f'post-{post.id}'))
post_content = request.form['post_content']
post = create_post(thread.id, user.id, post_content)
@bp.get('/<int:thread_id>/feed.atom/')
def feed(thread_id):
return 'stub'
subscription = Subscriptions.find({'user_id': user.id, 'thread_id': thread.id})
if subscription:
subscription.update({'last_seen': int(time.time())})
elif request.form.get('subscribe', default=None) == 'on':
Subscriptions.create({'user_id': user.id, 'thread_id': thread.id, 'last_seen': int(time.time())})
return redirect(url_for(".thread", slug=slug, after=post.id, _anchor="latest-post"))
@bp.get("/create")
@bp.get('/new/')
@login_required
def create():
all_topics = Topics.select()
return render_template("threads/create.html", all_topics = all_topics)
def new():
topics = Topics.select()
try:
selected_topic = int(request.args.get('topic_id'))
except ValueError, TypeError:
selected_topic = None
return render_template('threads/new_thread.html', topics=topics, selected_topic=selected_topic)
@bp.post("/create")
@bp.post('/new/')
@login_required
def create_form():
topic = Topics.find({"id": request.form['topic_id']})
user = get_active_user()
def new_post():
try:
topic_id = int(request.form.get('topic_id'))
except ValueError, TypeError:
abort(404)
topic_id = int(topic_id)
topic = Topics.find({'id': topic_id})
if not topic:
flash('Invalid topic', InfoboxKind.ERROR)
return redirect(url_for('.create'))
if topic.is_locked and not get_active_user().is_mod():
flash(f'Topic "{topic.name}" is locked', InfoboxKind.ERROR)
return redirect(url_for('.create'))
title = request.form['title'].strip()
now = int(time.time())
slug = f"{slugify(title)}-{now}"
post_content = request.form['initial_post']
thread = Threads.create({
"topic_id": topic.id,
"user_id": user.id,
"title": title,
"slug": slug,
"created_at": now,
})
post = create_post(thread.id, user.id, post_content)
return redirect(url_for(".thread", slug = thread.slug))
@bp.post("/<slug>/lock")
@login_required
def lock(slug):
user = get_active_user()
thread = Threads.find({'slug': slug})
if not thread:
abort(404)
return
if not ((thread.user_id == user.id) or user.is_mod()):
return redirect(url_for('.thread', slug=slug))
target_op = request.form.get('target_op')
thread.update({
'is_locked': target_op
})
return redirect(url_for('.thread', slug=slug))
@bp.post("/<slug>/sticky")
@login_required
@mod_only(".thread", slug = lambda slug: slug)
def sticky(slug):
user = get_active_user()
thread = Threads.find({'slug': slug})
if not thread:
if not user.can_post_to_topic(topic):
abort(404)
return
if not ((thread.user_id == user.id) or user.is_mod()):
return redirect(url_for('.thread', slug=slug))
target_op = request.form.get('target_op')
thread.update({
'is_stickied': target_op
})
return redirect(url_for('.thread', slug=slug))
title = request.form.get('title')
if not title:
abort(404)
@bp.post("/<slug>/move")
@login_required
@mod_only(".thread", slug = lambda slug: slug)
def move(slug):
user = get_active_user()
if not title.strip():
abort(404)
new_topic_id = request.form.get('new_topic_id', default=None)
if new_topic_id is None:
flash('Thread is already in this topic.', InfoboxKind.ERROR)
return redirect(url_for('.thread', slug=slug))
title = title.strip()
new_topic = Topics.find({
'id': new_topic_id
})
if not new_topic:
return redirect(url_for('topics.all_topics'))
thread = Threads.find({
'slug': slug
})
if not thread:
return redirect(url_for('topics.all_topics'))
if new_topic.id == thread.topic_id:
flash('Thread is already in this topic.', InfoboxKind.ERROR)
return redirect(url_for('.thread', slug=slug))
content = request.form.get('babycode_content')
old_topic = Topics.find({'id': thread.topic_id})
thread.update({'topic_id': new_topic_id})
flash(f'Topic moved from "{old_topic.name}" to "{new_topic.name}".', InfoboxKind.INFO)
return redirect(url_for('.thread', slug=slug))
@bp.post("/<slug>/subscribe")
@login_required
def subscribe(slug):
user = get_active_user()
thread = Threads.find({'slug': slug})
if not thread:
return redirect(url_for('topics.all_topics'))
subscription = Subscriptions.find({
'user_id': user.id,
'thread_id': thread.id,
})
if request.form['subscribe'] == 'subscribe':
if subscription:
subscription.delete()
Subscriptions.create({
'user_id': user.id,
'thread_id': thread.id,
'last_seen': int(time.time()),
})
elif request.form['subscribe'] == 'unsubscribe':
if not subscription:
return redirect(url_for('.thread', slug=slug))
subscription.delete()
elif request.form['subscribe'] == 'read':
if not subscription:
return redirect(url_for('.thread', slug=slug))
subscription.update({
'last_seen': int(time.time())
})
last_visible_post = request.form.get('last_visible_post', default=None)
if last_visible_post is not None:
return redirect(url_for('.thread', slug=thread.slug, after=last_visible_post))
else:
return redirect(url_for('users.inbox', username=user.username))
thread = Threads.new(user.id, topic.id, title, content)
return redirect(url_for('.thread', slug=thread.slug))

146
app/routes/topics.py
View File

@@ -1,128 +1,40 @@
from flask import (
Blueprint, render_template, request, redirect, url_for, flash, session,
abort,
)
from .users import login_required, mod_only, get_active_user, is_logged_in
from ..models import Users, Topics, Threads, Subscriptions
from ..constants import InfoboxKind
from slugify import slugify
import time
from flask import Blueprint, redirect, url_for, render_template, request, session, abort
from ..models import Topics, Threads
import math
bp = Blueprint("topics", __name__, url_prefix = "/topics/")
bp = Blueprint('topics', __name__, url_prefix = '/topics/')
@bp.get("/")
@bp.get('/')
def all_topics():
return render_template("topics/topics.html", topic_list = Topics.get_list(), active_threads = Topics.get_active_threads())
topic_list = Topics.get_list()
return render_template('topics/topics.html', topics=topic_list)
@bp.get("/create")
@login_required
@mod_only(".all_topics")
def create():
return render_template("topics/create.html")
@bp.post("/create")
@login_required
@mod_only(".all_topics")
def create_post():
topic_name = request.form['name'].strip()
now = int(time.time())
slug = f"{slugify(topic_name)}-{now}"
topic_count = Topics.count()
topic = Topics.create({
"name": topic_name,
"description": request.form['description'],
"slug": slug,
"sort_order": topic_count + 1,
})
flash("Topic created.", InfoboxKind.INFO)
return redirect(url_for("topics.topic", slug = slug))
@bp.get("/<slug>")
def topic(slug):
THREADS_PER_PAGE = 10
target_topic = Topics.find({
"slug": slug
})
if not target_topic:
@bp.get('/<int:topic_id>/')
def topic_by_id(topic_id):
topic = Topics.find({'id': topic_id})
if not topic:
abort(404)
return
return redirect(url_for('.topic', topic_id=topic_id, slug=topic.slug, **request.args))
threads_count = Threads.count({
"topic_id": target_topic.id
})
@bp.get('/<int:topic_id>/<slug>/')
def topic(topic_id, slug):
topic = Topics.find({'id': topic_id})
if not topic:
abort(404)
if topic.slug != slug:
return redirect(url_for('.topic', topic_id=topic_id, slug=topic.slug, **request.args))
sort_by = session.get('sort_by', default="activity")
page_count = max(math.ceil(threads_count / THREADS_PER_PAGE), 1)
sort_by = request.args.get('sort_by', default=session.get('sort_by', default='activity'))
PER_PAGE = 10
threads_count = Threads.count({'topic_id': topic.id})
page_count = max(1, math.ceil(threads_count / PER_PAGE))
try:
page = max(1, min(int(request.args.get('page', default=1)), page_count))
threads_list = target_topic.get_threads(THREADS_PER_PAGE, page, sort_by)
subscriptions = {}
if is_logged_in():
for thread in threads_list:
subscription = Subscriptions.find({
'user_id': get_active_user().id,
'thread_id': thread['id'],
})
if subscription:
subscriptions[thread['id']] = subscription.get_unread_count()
return render_template(
"topics/topic.html",
threads_list = threads_list,
subscriptions = subscriptions,
topic = target_topic,
current_page = page,
page_count = page_count
)
@bp.get("/<slug>/edit")
@login_required
@mod_only(".topic", slug = lambda slug: slug)
def edit(slug):
topic = Topics.find({"slug": slug})
if not topic:
except ValueError:
abort(404)
return
return render_template("topics/edit.html", topic=topic)
return render_template('topics/topic.html', topic=topic, threads=topic.get_threads(PER_PAGE, page, sort_by), sort_by=sort_by, page=page, page_count=page_count)
@bp.post("/<slug>/edit")
@login_required
@mod_only(".topic", slug = lambda slug: slug)
def edit_post(slug):
topic = Topics.find({"slug": slug})
if not topic:
abort(404)
return
topic.update({
"name": request.form.get('name', default = topic.name).strip(),
"description": request.form.get('description', default = topic.description),
"is_locked": int(request.form.get("is_locked", default = topic.is_locked)),
})
return redirect(url_for("topics.topic", slug=slug))
@bp.post("/<slug>/delete")
@login_required
@mod_only(".topic", slug = lambda slug: slug)
def delete(slug):
topic = Topics.find({"slug": slug})
if not topic:
abort(404)
return
topic.delete()
flash("Topic deleted.", InfoboxKind.INFO)
return redirect(url_for("topics.all_topics"))
@bp.get('/<int:topic_id>/feed.atom/')
def feed(topic_id):
return 'stub'

944
app/routes/users.py
View File

@@ -1,853 +1,135 @@
from flask import (
Blueprint, render_template, request, redirect, url_for, flash, session, current_app, abort
)
from flask import Blueprint, redirect, url_for, render_template, request, session
from functools import wraps
from ..db import db
from ..lib.babycode import babycode_to_html, BABYCODE_VERSION
from ..models import (
Users, Sessions, Subscriptions,
Avatars, PasswordResetLinks, InviteKeys,
BookmarkCollections, BookmarkedThreads,
Mentions, PostHistory,
)
from ..constants import InfoboxKind, PermissionLevel, SIG_BANNED_TAGS
from ..auth import digest, verify
from wand.image import Image
from wand.exceptions import WandException
from datetime import datetime, timedelta
import secrets
import time
import re
import os
bp = Blueprint("users", __name__, url_prefix = "/users/")
from ..auth import (
digest, verify, create_session,
is_logged_in, parse_username, is_password_valid,
login_required
)
from ..models import Users
from ..constants import PermissionLevel
from secrets import compare_digest as compare_timesafe
bp = Blueprint('users', __name__, url_prefix='/users/')
def validate_and_create_avatar(input_image, filename):
try:
with Image(blob=input_image) as img:
img.strip()
img.gravity = 'center'
width, height = img.width, img.height
min_dim = min(width, height)
if min_dim > 256:
ratio = 256.0 / min_dim
new_width = int(width * ratio)
new_height = int(height * ratio)
img.resize(new_width, new_height)
width, height = img.width, img.height
crop_size = min(width, height)
x_offset = (width - crop_size) // 2
y_offset = (height - crop_size) // 2
img.crop(left=x_offset, top=y_offset,
width=crop_size, height=crop_size)
img.resize(256, 256)
img.format = 'webp'
img.compression_quality = 85
img.save(filename=filename)
return True
except WandException:
return False
def is_logged_in():
return "pyrom_session_key" in session
def get_active_user():
if not is_logged_in():
return None
sess = Sessions.find({"key": session["pyrom_session_key"]})
if not sess:
return None
return Users.find({"id": sess.user_id})
def create_session(user_id):
print('key')
key = secrets.token_hex(16)
print(key)
print('user id')
print(user_id)
print('expires')
expires_at = int(time.time()) + 31 * 24 * 60 * 60
print(expires_at)
print('create')
s = Sessions.create({
"key": key,
"user_id": user_id,
"expires_at": expires_at,
})
print(s)
return s
def extend_session(user_id):
session_obj = Sessions.find({'key': session['pyrom_session_key']})
if not session_obj:
return
new_duration = timedelta(31)
current_app.permanent_session_lifetime = new_duration
session.modified = True
session_obj.update({
'expires_at': int(time.time()) + 31 * 24 * 60 * 60
})
def validate_password(password):
pattern = r'^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,255}$'
return bool(re.fullmatch(pattern, password))
def validate_username(username):
pattern = r'^[a-zA-Z0-9_-]{3,20}$'
return bool(re.fullmatch(pattern, username))
def validate_display_name(display_name):
if not display_name:
return True
pattern = r'^[\w!#$%^*\(\)\-_=+\[\]\{\}\|;:,.?\s]{3,50}$'
display_name = display_name.replace('@', '_')
return bool(re.fullmatch(pattern, display_name))
def redirect_if_logged_in(*args, **kwargs):
def redirect_if_logged_in(destination='topics.all_topics'):
def decorator(view_func):
@wraps(view_func)
def wrapper(*view_args, **view_kwargs):
if is_logged_in():
# resolve callables
processed_kwargs = {
k: v(**view_kwargs) if callable(v) else v
for k, v in kwargs.items()
}
endpoint = args[0] if args else processed_kwargs.get("endpoint")
if endpoint.startswith("."):
blueprint = current_app.blueprints.get(view_func.__name__.split(".")[0])
if blueprint:
endpoint = endpoint.lstrip(".")
return redirect(url_for(f"{blueprint.name}.{endpoint}", **processed_kwargs))
return redirect(url_for(*args, **processed_kwargs))
return view_func(*view_args, **view_kwargs)
return wrapper
return decorator
def redirect_to_own(view_func):
@wraps(view_func)
def wrapper(username, *args, **kwargs):
user = get_active_user()
if username.lower() != user.username:
view_args = dict(request.view_args)
view_args.pop('username', None)
new_args = {**view_args, 'username': user.username}
return redirect(url_for(request.endpoint, **new_args))
return view_func(username, *args, **kwargs)
return wrapper
def login_required(view_func):
@wraps(view_func)
def wrapper(*args, **kwargs):
if not is_logged_in():
return redirect(url_for("users.log_in"))
if is_logged_in():
return redirect(url_for(destination))
return view_func(*args, **kwargs)
return wrapper
def mod_only(*args, **kwargs):
def decorator(view_func):
@wraps(view_func)
def wrapper(*view_args, **view_kwargs):
if not get_active_user().is_mod():
# resolve callables
processed_kwargs = {
k: v(**view_kwargs) if callable(v) else v
for k, v in kwargs.items()
}
endpoint = args[0] if args else processed_kwargs.get("endpoint")
if endpoint.startswith("."):
blueprint = current_app.blueprints.get(view_func.__name__.split(".")[0])
if blueprint:
endpoint = endpoint.lstrip(".")
return redirect(url_for(f"{blueprint.name}.{endpoint}", **processed_kwargs))
return redirect(url_for(*args, **processed_kwargs))
return view_func(*view_args, **view_kwargs)
return wrapper
return decorator
def admin_only(*args, **kwargs):
def decorator(view_func):
@wraps(view_func)
def wrapper(*view_args, **view_kwargs):
if not get_active_user().is_admin():
# resolve callables
processed_kwargs = {
k: v(**view_kwargs) if callable(v) else v
for k, v in kwargs.items()
}
endpoint = args[0] if args else processed_kwargs.get("endpoint")
if endpoint.startswith("."):
blueprint = current_app.blueprints.get(view_func.__name__.split(".")[0])
if blueprint:
endpoint = endpoint.lstrip(".")
return redirect(url_for(f"{blueprint.name}.{endpoint}", **processed_kwargs))
return redirect(url_for(*args, **processed_kwargs))
return view_func(*view_args, **view_kwargs)
return wrapper
return decorator
def get_prefers_theme():
if not 'theme' in session:
return 'style'
if session['theme'] not in current_app.config['allowed_themes']:
return 'style'
return session['theme']
def anonymize_user(user_id):
deleted_user = Users.find({'username': 'deleteduser'})
from ..models import Threads, Posts
from ..lib.babycode import sanitize
threads = Threads.findall({'user_id': user_id})
posts = Posts.findall({'user_id': user_id})
revs_q = """SELECT DISTINCT m.revision_id FROM mentions m
WHERE m.mentioned_user_id = ?"""
mentioned_revs = db.query(revs_q, int(user_id))
with db.transaction():
for thread in threads:
thread.update({'user_id': int(deleted_user.id)})
for post in posts:
post.update({'user_id': int(deleted_user.id)})
revs = {}
for rev in mentioned_revs:
ph = PostHistory.find({'id': int(rev['revision_id'])})
ms = Mentions.findall({
'mentioned_user_id': int(user_id),
'revision_id': int(rev['revision_id'])
})
data = {
'text': sanitize(ph.original_markup),
'mentions': ms,
}
data['mentions'] = sorted(data['mentions'], key=lambda x: int(x.end_index), reverse=True)
revs[rev['revision_id']] = data
for rev_id, data in revs.items():
text = data['text']
for mention in data['mentions']:
text = text[:mention.start_index] + '@deleteduser' + text[mention.end_index:]
mention.delete()
res = babycode_to_html(text)
ph = PostHistory.find({'id': int(rev_id)})
ph.update({
'original_markup': text.unescape(),
'content': res.result,
})
@bp.get("/log_in")
@redirect_if_logged_in(".page", username = lambda: get_active_user().username)
@bp.get('/log-in/')
@redirect_if_logged_in()
def log_in():
return render_template("users/log_in.html")
return render_template('users/log_in.html')
@bp.post("/log_in")
@redirect_if_logged_in(".page", username = lambda: get_active_user().username)
def log_in_post():
target_user = Users.find({
"username": request.form['username'].lower()
})
if not target_user:
flash("Incorrect username or password.", InfoboxKind.ERROR)
return redirect(url_for("users.log_in"))
if not verify(target_user.password_hash, request.form['password']):
flash("Incorrect username or password.", InfoboxKind.ERROR)
return redirect(url_for("users.log_in"))
session_obj = create_session(target_user.id)
session['pyrom_session_key'] = session_obj.key
flash("Logged in!", InfoboxKind.INFO)
return redirect(url_for("users.log_in"))
@bp.get("/sign_up")
@redirect_if_logged_in(".page", username = lambda: get_active_user().username)
def sign_up():
if current_app.config['DISABLE_SIGNUP']:
key = request.args.get('key', default=None)
if key is None:
return redirect(url_for('topics.all_topics'))
invite = InviteKeys.find({'key': key})
if not invite:
return redirect(url_for('topics.all_topics'))
inviter = Users.find({'id': invite.created_by})
return render_template("users/sign_up.html", inviter=inviter, key=key)
return render_template("users/sign_up.html")
@bp.post("/sign_up")
@redirect_if_logged_in(".page", username = lambda: get_active_user().username)
def sign_up_post():
key = request.form.get('key', default=None)
if current_app.config['DISABLE_SIGNUP']:
if not key:
return redirect(url_for("topics.all_topics"))
invite_key = InviteKeys.find({'key': key})
if not invite_key:
return redirect(url_for("topics.all_topics"))
username = request.form['username']
password = request.form['password']
password_confirm = request.form['password-confirm']
if not validate_username(username):
flash("Invalid username.", InfoboxKind.ERROR)
return redirect(url_for("users.sign_up", key=key))
user_exists = Users.count({"username": username.lower()}) > 0
if user_exists:
flash(f"Username '{username}' is already taken.", InfoboxKind.ERROR)
return redirect(url_for("users.sign_up", key=key))
if not validate_password(password):
flash("Invalid password.", InfoboxKind.ERROR)
return redirect(url_for("users.sign_up", key=key))
if password != password_confirm:
flash("Passwords do not match.", InfoboxKind.ERROR)
return redirect(url_for("users.sign_up", key=key))
hashed = digest(password)
if username.lower() != username:
display_name = username
else:
display_name = ''
with db.transaction():
new_user = Users.create({
"username": username.lower(),
'display_name': display_name,
"password_hash": hashed,
"permission": PermissionLevel.GUEST.value,
})
BookmarkCollections.create_default(new_user.id)
if current_app.config['DISABLE_SIGNUP']:
invite_key = InviteKeys.find({'key': key})
new_user.update({
'invited_by': invite_key.created_by,
'permission': PermissionLevel.USER.value,
})
invite_key.delete()
session_obj = create_session(new_user.id)
session['pyrom_session_key'] = session_obj.key
flash("Signed up successfully!", InfoboxKind.INFO)
return redirect(url_for("topics.all_topics"))
@bp.get("/<username>")
def page(username):
target_user = Users.find({"username": username.lower()})
if not target_user:
abort(404)
return render_template("users/user.html", target_user = target_user)
@bp.get("/<username>/settings")
@login_required
@redirect_to_own
def settings(username):
return render_template('users/settings.html')
@bp.post('/<username>/settings')
@login_required
@redirect_to_own
def settings_form(username):
# we silently ignore the passed username
# and grab the correct user from the session
user = get_active_user()
theme = request.form.get('theme', default='style')
if theme == 'style':
if 'theme' in session:
session.pop('theme')
else:
session['theme'] = theme
topic_sort_by = request.form.get('topic_sort_by', default='activity')
if topic_sort_by == 'activity' or topic_sort_by == 'thread':
sort_by = session['sort_by'] = topic_sort_by
status = request.form.get('status', default="")[:100]
original_sig = request.form.get('signature', default='').strip()
if original_sig:
rendered_sig = babycode_to_html(original_sig, SIG_BANNED_TAGS).result
else:
rendered_sig = ''
session['subscribe_by_default'] = request.form.get('subscribe_by_default', default='off') == 'on'
display_name = request.form.get('display_name', default='')
if not validate_display_name(display_name):
flash('Invalid display name.', InfoboxKind.ERROR)
return redirect('.settings', username=user.username)
old_dn = user.display_name
user.update({
'status': status,
'signature_original_markup': original_sig,
'signature_rendered': rendered_sig,
'signature_format_version': BABYCODE_VERSION,
'signature_markup_language': 'babycode',
'display_name': display_name,
})
if old_dn != display_name:
# re-parse mentions
q = """SELECT DISTINCT m.revision_id FROM mentions m
JOIN post_history ph ON m.revision_id = ph.id
JOIN posts p ON p.current_revision_id = ph.id
WHERE m.mentioned_user_id = ?"""
mentions = db.query(q, int(user.id))
with db.transaction():
for mention in mentions:
rev = PostHistory.find({'id': int(mention['revision_id'])})
parsed_content = babycode_to_html(rev.original_markup).result
rev.update({'content': parsed_content})
flash('Settings updated.', InfoboxKind.INFO)
return redirect(url_for('.settings', username=user.username))
@bp.post('/<username>/set_avatar')
@login_required
@redirect_to_own
def set_avatar(username):
user = get_active_user()
if user.is_guest():
flash('You are a guest. Your account must be confirmed by a moderator to perform this action.', InfoboxKind.ERROR)
return redirect(url_for('.settings', username=user.username))
if 'avatar' not in request.files:
flash('Avatar missing.', InfoboxKind.ERROR)
return redirect(url_for('.settings', username=user.username))
file = request.files['avatar']
if file.filename == '':
flash('Avatar missing.', InfoboxKind.ERROR)
return redirect(url_for('.settings', username=user.username))
file_bytes = file.read()
now = int(time.time())
filename = f"u{user.id}d{now}.webp"
output_path = os.path.join(current_app.config['AVATAR_UPLOAD_PATH'], filename)
proxied_filename = f"/static/avatars/{filename}"
res = validate_and_create_avatar(file_bytes, output_path)
if res:
flash('Avatar updated.', InfoboxKind.INFO)
avatar = Avatars.create({
'file_path': proxied_filename,
'uploaded_at': now,
})
old_avatar = Avatars.find({'id': user.avatar_id})
user.update({'avatar_id': avatar.id})
if int(old_avatar.id) != 1:
# delete old avi, but not default
filename = os.path.join(current_app.config['AVATAR_UPLOAD_PATH'], os.path.basename(old_avatar.file_path))
os.remove(filename)
old_avatar.delete()
return redirect(url_for('.settings', username=user.username))
else:
flash('Something went wrong. Please try again later.', InfoboxKind.WARN)
return redirect(url_for('.settings', username=user.username))
@bp.post('/<username>/change_password')
@login_required
@redirect_to_own
def change_password(username):
user = get_active_user()
password = request.form.get('new_password')
password2 = request.form.get('new_password2')
if not validate_password(password):
flash("Invalid password.", InfoboxKind.ERROR)
return redirect(url_for('.settings', username=user.username))
if password != password2:
flash("Passwords do not match.", InfoboxKind.ERROR)
return redirect(url_for('.settings', username=user.username))
hashed = digest(password)
user.update({'password_hash': hashed})
extend_session(user.id)
flash('Password updated.', InfoboxKind.INFO)
return redirect(url_for('.settings', username=user.username))
@bp.post('/<username>/clear_avatar')
@login_required
@redirect_to_own
def clear_avatar(username):
user = get_active_user()
if user.is_default_avatar():
return redirect(url_for('.settings', user.username))
old_avatar = Avatars.find({'id': user.avatar_id})
user.update({'avatar_id': 1})
# delete old avi
filename = os.path.join(current_app.config['AVATAR_UPLOAD_PATH'], os.path.basename(old_avatar.file_path))
os.remove(filename)
old_avatar.delete()
return redirect(url_for('.settings', username=user.username))
@bp.post("/log_out")
@bp.post('/log-out/')
@login_required
def log_out():
user = get_active_user()
session_obj = Sessions.find({"key": session['pyrom_session_key']})
session_obj.delete()
session.clear()
return redirect(url_for(".log_in"))
@bp.post("/confirm_user/<user_id>")
@login_required
@mod_only("topics.all_topics")
def confirm_user(user_id):
target_user = Users.find({"id": user_id})
if not target_user:
return redirect(url_for('.all_topics'))
if int(target_user.permission) > PermissionLevel.GUEST.value:
return redirect(url_for('.page', username=target_user.username))
target_user.update({
"permission": PermissionLevel.USER.value,
"confirmed_on": int(time.time()),
})
return redirect(url_for(".page", username=target_user.username))
@bp.post("/mod_user/<user_id>")
@login_required
@admin_only("topics.all_topics")
def mod_user(user_id):
target_user = Users.find({"id": user_id})
if not target_user:
return redirect(url_for('.all_topics'))
if target_user.is_mod():
return redirect(url_for('.page', username=target_user.username))
target_user.update({
"permission": PermissionLevel.MODERATOR.value,
})
return redirect(url_for(".page", username=target_user.username))
@bp.post("/demod_user/<user_id>")
@login_required
@admin_only("topics.all_topics")
def demod_user(user_id):
target_user = Users.find({"id": user_id})
if not target_user:
return redirect(url_for('.all_topics'))
if not target_user.is_mod():
return redirect(url_for('.page', username=target_user.username))
target_user.update({
"permission": PermissionLevel.USER.value,
})
return redirect(url_for(".page", username=target_user.username))
@bp.post("/guest_user/<user_id>")
@login_required
@mod_only("topics.all_topics")
def guest_user(user_id):
target_user = Users.find({"id": user_id})
if not target_user:
return redirect(url_for('.all_topics'))
if get_active_user().is_mod_only() and target_user.is_mod():
return redirect(url_for('.page', username=target_user.username))
target_user.update({
"permission": PermissionLevel.GUEST.value,
})
return redirect(url_for(".page", username=target_user.username))
@bp.get("/<username>/inbox")
@login_required
@redirect_to_own
def inbox(username):
user = get_active_user()
new_posts = []
subscription = Subscriptions.find({"user_id": user.id})
all_subscriptions = None
total_unreads_count = None
if subscription:
all_subscriptions = user.get_all_subscriptions()
q = """
WITH thread_metadata AS (
SELECT
posts.thread_id, threads.slug AS thread_slug, threads.title AS thread_title, COUNT(*) AS unread_count, MAX(posts.created_at) AS newest_post_time
FROM
posts
LEFT JOIN
threads ON threads.id = posts.thread_id
LEFT JOIN
subscriptions ON subscriptions.thread_id = posts.thread_id
WHERE subscriptions.user_id = ? AND posts.created_at > subscriptions.last_seen
GROUP BY posts.thread_id
)
SELECT
tm.thread_id, tm.thread_slug, tm.thread_title, tm.unread_count, tm.newest_post_time,
posts.id, posts.created_at, post_history.content, post_history.edited_at, users.username, users.status, avatars.file_path AS avatar_path, posts.thread_id, users.id AS user_id, post_history.original_markup, users.signature_rendered
FROM
thread_metadata tm
JOIN
posts ON posts.thread_id = tm.thread_id
JOIN
post_history ON posts.current_revision_id = post_history.id
JOIN
users ON posts.user_id = users.id
LEFT JOIN
threads ON threads.id = posts.thread_id
LEFT JOIN
avatars ON users.avatar_id = avatars.id
LEFT JOIN
subscriptions ON subscriptions.thread_id = posts.thread_id
WHERE
subscriptions.user_id = ? AND posts.created_at > subscriptions.last_seen
ORDER BY
tm.newest_post_time DESC, posts.created_at ASC"""
new_posts_raw = db.query(q, user.id, user.id)
current_thread_id = None
current_thread_group = None
total_unreads_count = 0
for row in new_posts_raw:
if row['thread_id'] != current_thread_id:
current_thread_group = {
'thread_id': row['thread_id'],
'thread_title': row['thread_title'],
'unread_count': row['unread_count'],
'thread_slug': row['thread_slug'],
'newest_post_time': row['newest_post_time'],
'posts': [],
}
total_unreads_count += int(row['unread_count'])
new_posts.append(current_thread_group)
current_thread_id = row['thread_id']
current_thread_group['posts'].append({
'id': row['id'],
'created_at': row['created_at'],
'content': row['content'],
'edited_at': row['edited_at'],
'username': row['username'],
'status': row['status'],
'avatar_path': row['avatar_path'],
'thread_id': row['thread_id'],
'user_id': row['user_id'],
'original_markup': row['original_markup'],
'signature_rendered': row['signature_rendered'],
'thread_slug': row['thread_slug'],
})
return render_template("users/inbox.html", new_posts = new_posts, total_unreads_count = total_unreads_count, all_subscriptions = all_subscriptions)
@bp.get('/reset-link/<key>')
def reset_link_login(key):
reset_link = PasswordResetLinks.find({
'key': key
})
if not reset_link:
return redirect(url_for('topics.all_topics'))
if int(time.time()) > int(reset_link.expires_at):
reset_link.delete()
return redirect(url_for('topics.all_topics'))
target_user = Users.find({
'id': reset_link.user_id
})
return render_template('users/reset_link_login.html', username = target_user.username)
@bp.post('/reset-link/<key>')
def reset_link_login_form(key):
reset_link = PasswordResetLinks.find({
'key': key
})
if not reset_link:
return redirect('topics.all_topics')
if int(time.time()) > int(reset_link.expires_at):
reset_link.delete()
return redirect('topics.all_topics')
password = request.form.get('password')
password2 = request.form.get('password2')
if not validate_password(password):
flash("Invalid password.", InfoboxKind.ERROR)
return redirect(url_for('.reset_link_login', key=key))
if password != password2:
flash("Passwords do not match.", InfoboxKind.ERROR)
return redirect(url_for('.reset_link_login', key=key))
target_user = Users.find({
'id': reset_link.user_id
})
reset_link.delete()
hashed = digest(password)
target_user.update({'password_hash': hashed})
session_obj = create_session(target_user.id)
session['pyrom_session_key'] = session_obj.key
flash("Logged in!", InfoboxKind.INFO)
return redirect(url_for('.page', username=target_user.username))
@bp.get('/<username>/invite-links/')
@login_required
@redirect_to_own
def invite_links(username):
target_user = Users.find({
'username': username.lower()
})
if not target_user or not target_user.can_invite():
return redirect(url_for('.page', username=username))
invites = InviteKeys.findall({
'created_by': target_user.id
})
return render_template('users/invite_links.html', invites=invites)
@bp.post('/<username>/invite-links/create')
@login_required
@redirect_to_own
def create_invite_link(username):
target_user = Users.find({
'username': username.lower()
})
if not target_user or not target_user.can_invite():
return redirect(url_for('.page', username=username.lower()))
invite = InviteKeys.create({
'created_by': target_user.id,
'key': secrets.token_urlsafe(20),
})
return redirect(url_for('.invite_links', username=target_user.username))
@bp.post('/<username>/invite-links/revoke')
@login_required
@redirect_to_own
def revoke_invite_link(username):
target_user = Users.find({
'username': username.lower()
})
if not target_user or not target_user.can_invite():
return redirect(url_for('.page', username=username.lower()))
invite = InviteKeys.find({
'key': request.form.get('key'),
})
if not invite:
return redirect(url_for('.invite_links', username=target_user.username))
if invite.created_by != target_user.id:
return redirect(url_for('.invite_links', username=target_user.username))
invite.delete()
return redirect(url_for('.invite_links', username=target_user.username))
@bp.get('/<username>/bookmarks')
@login_required
@redirect_to_own
def bookmarks(username):
target_user = get_active_user()
collections = target_user.get_bookmark_collections()
return render_template('users/bookmarks.html', collections=collections)
@bp.get('/<username>/bookmarks/collections')
@login_required
@redirect_to_own
def bookmark_collections(username):
target_user = get_active_user()
collections = target_user.get_bookmark_collections()
return render_template('users/bookmark_collections.html', collections=collections)
@bp.get('/<username>/delete-account')
@login_required
@redirect_to_own
def delete_page(username):
target_user = get_active_user()
return render_template('users/delete_page.html')
@bp.post('/<username>/delete-account')
@login_required
@redirect_to_own
def delete_page_confirm(username):
target_user = get_active_user()
return 'stub'
@bp.post('/log-in/')
@redirect_if_logged_in()
def log_in_post():
username = request.form.get('username', default='').lower()
user = Users.find({'username': username})
if not user:
return redirect(url_for('.log_in', error='The username or password you entered is incorrect.'))
password = request.form.get('password', default='')
if not verify(user.password_hash, password):
return redirect(url_for('.log_in', error='The username or password you entered is incorrect.'))
if not verify(target_user.password_hash, password):
flash('Incorrect password.', InfoboxKind.ERROR)
return redirect(url_for('.delete_page', username=username))
session['remember'] = request.form.get('remember') == 'on'
sess = create_session(user.id, not session['remember'])
session['pyrom_session_key'] = sess.key
if session['remember']:
session.permanent = True
return redirect(request.form.get('return_to', default=url_for('topics.all_topics')))
anonymize_user(target_user.id)
sessions = Sessions.findall({'user_id': int(target_user.id)})
for session_obj in sessions:
session_obj.delete()
@bp.get('/sign-up/')
@redirect_if_logged_in()
def sign_up():
return render_template('users/sign_up.html')
@bp.post('/sign-up/')
@redirect_if_logged_in()
def sign_up_post():
generic_error_page = redirect(url_for('.sign_up', error='The username or password you entered is invalid.'))
invalid_username_error_page = redirect(url_for('.sign_up', error='This username cannot be used. Please pick another.'))
passwords_error_page = redirect(url_for('.sign_up', error='The passwords do not match.'))
username = request.form.get('username', default='')
if not username:
return generic_error_page
if request.form.get('password') is None:
return generic_error_page
if len(request.form.getlist('password')) != 2:
return passwords_error_page
try:
username_pair = parse_username(username)
except ValueError:
return invalid_username_error_page
potential_user = Users.find({'username': username})
if potential_user:
return invalid_username_error_page
if not compare_timesafe(request.form.getlist('password')[0], request.form.getlist('password')[1]):
return passwords_error_page
password_hash = digest(request.form.get('password'))
user = Users.create({
'username': username_pair[0],
'password_hash': password_hash,
'permission': PermissionLevel.GUEST.value,
'created_at': int(time.time()),
})
if username_pair[0] != username_pair[1]:
user.update({
'display_name': username_pair[1]
})
session['remember'] = request.form.get('remember') == 'on'
sess = create_session(user.id, not session['remember'])
session['pyrom_session_key'] = sess.key
if session['remember']:
session.permanent = True
session.clear()
target_user.delete()
return redirect(url_for('topics.all_topics'))
@bp.get('/<username>/')
def user_page(username):
target_user = Users.find({'username': username})
if not target_user:
abort(404)
return render_template('users/user_page.html', target_user=target_user)
@bp.get('/<username>/posts/')
def posts(username):
return 'stub'
@bp.get('/<username>/threads/')
def threads(username):
return 'stub'
@bp.get('/<username>/comments/')
def comments(username):
return 'stub'
@bp.get('/<username>/settings/')
def settings(username):
return 'stub'
@bp.get('/<username>/inbox/')
def inbox(username):
return 'stub'
@bp.get('/<username>/bookmarks/')
def bookmarks(username):
return 'stub'

64
app/schema.py
View File

@@ -141,37 +141,57 @@ SCHEMA = [
"original_mention_text" TEXT NOT NULL
)""",
"""CREATE TABLE IF NOT EXISTS "badge_uploads" (
"id" INTEGER NOT NULL PRIMARY KEY,
"file_path" TEXT NOT NULL UNIQUE,
"uploaded_at" INTEGER DEFAULT (unixepoch(CURRENT_TIMESTAMP)),
"original_filename" TEXT,
"user_id" REFERENCES users(id) ON DELETE CASCADE
)""",
"""CREATE TABLE IF NOT EXISTS "badges" (
"id" INTEGER NOT NULL PRIMARY KEY,
"user_id" NOT NULL REFERENCES users(id) ON DELETE CASCADE,
"upload" NOT NULL REFERENCES badge_uploads(id) ON DELETE CASCADE,
"label" TEXT NOT NULL,
"link" TEXT DEFAULT '',
"sort_order" INTEGER NOT NULL DEFAULT 0
)""",
# INDEXES
"CREATE INDEX IF NOT EXISTS idx_post_history_post_id ON post_history(post_id)",
"CREATE INDEX IF NOT EXISTS idx_posts_thread ON posts(thread_id, created_at, id)",
"CREATE INDEX IF NOT EXISTS idx_posts_thread_id ON posts(thread_id)",
"CREATE INDEX IF NOT EXISTS idx_rate_limit_user_method ON api_rate_limits (user_id, method)",
"CREATE INDEX IF NOT EXISTS idx_subscription_user_thread ON subscriptions (user_id, thread_id)",
"CREATE INDEX IF NOT EXISTS idx_threads_slug ON threads(slug)",
"CREATE INDEX IF NOT EXISTS idx_threads_topic_id ON threads(topic_id)",
"CREATE INDEX IF NOT EXISTS idx_topics_slug ON topics(slug)",
"CREATE INDEX IF NOT EXISTS session_keys ON sessions(key)",
"CREATE INDEX IF NOT EXISTS sessions_user_id ON sessions(user_id)",
'CREATE INDEX IF NOT EXISTS idx_post_history_post_id ON post_history(post_id)',
'CREATE INDEX IF NOT EXISTS idx_posts_thread ON posts(thread_id, created_at, id)',
'CREATE INDEX IF NOT EXISTS idx_posts_thread_id ON posts(thread_id)',
'CREATE INDEX IF NOT EXISTS idx_rate_limit_user_method ON api_rate_limits (user_id, method)',
'CREATE INDEX IF NOT EXISTS idx_subscription_user_thread ON subscriptions (user_id, thread_id)',
'CREATE INDEX IF NOT EXISTS idx_threads_slug ON threads(slug)',
'CREATE INDEX IF NOT EXISTS idx_threads_topic_id ON threads(topic_id)',
'CREATE INDEX IF NOT EXISTS idx_topics_slug ON topics(slug)',
'CREATE INDEX IF NOT EXISTS session_keys ON sessions(key)',
'CREATE INDEX IF NOT EXISTS sessions_user_id ON sessions(user_id)',
"CREATE INDEX IF NOT EXISTS reaction_post_text ON reactions(post_id, reaction_text)",
"CREATE INDEX IF NOT EXISTS reaction_user_post_text ON reactions(user_id, post_id, reaction_text)",
'CREATE INDEX IF NOT EXISTS reaction_post_text ON reactions(post_id, reaction_text)',
'CREATE INDEX IF NOT EXISTS reaction_user_post_text ON reactions(user_id, post_id, reaction_text)',
"CREATE INDEX IF NOT EXISTS idx_bookmark_collections_user_id ON bookmark_collections(user_id)",
"CREATE INDEX IF NOT EXISTS idx_bookmark_collections_user_default ON bookmark_collections(user_id, is_default) WHERE is_default = 1",
'CREATE INDEX IF NOT EXISTS idx_bookmark_collections_user_id ON bookmark_collections(user_id)',
'CREATE INDEX IF NOT EXISTS idx_bookmark_collections_user_default ON bookmark_collections(user_id, is_default) WHERE is_default = 1',
"CREATE INDEX IF NOT EXISTS idx_bookmarked_posts_collection ON bookmarked_posts(collection_id)",
"CREATE INDEX IF NOT EXISTS idx_bookmarked_posts_post ON bookmarked_posts(post_id)",
'CREATE INDEX IF NOT EXISTS idx_bookmarked_posts_collection ON bookmarked_posts(collection_id)',
'CREATE INDEX IF NOT EXISTS idx_bookmarked_posts_post ON bookmarked_posts(post_id)',
"CREATE INDEX IF NOT EXISTS idx_bookmarked_threads_collection ON bookmarked_threads(collection_id)",
"CREATE INDEX IF NOT EXISTS idx_bookmarked_threads_thread ON bookmarked_threads(thread_id)",
'CREATE INDEX IF NOT EXISTS idx_bookmarked_threads_collection ON bookmarked_threads(collection_id)',
'CREATE INDEX IF NOT EXISTS idx_bookmarked_threads_thread ON bookmarked_threads(thread_id)',
"CREATE INDEX IF NOT EXISTS idx_mentioned_user ON mentions(mentioned_user_id)",
"CREATE INDEX IF NOT EXISTS idx_mention_revision_id ON mentions(revision_id)",
'CREATE INDEX IF NOT EXISTS idx_mentioned_user ON mentions(mentioned_user_id)',
'CREATE INDEX IF NOT EXISTS idx_mention_revision_id ON mentions(revision_id)',
'CREATE INDEX IF NOT EXISTS idx_badge_upload_user ON badge_uploads(user_id)',
'CREATE INDEX IF NOT EXISTS idx_badge_user ON badges(user_id)',
]
def create():
print("Creating schema...")
print('Creating schema...')
with db.transaction():
for stmt in SCHEMA:
db.execute(stmt)
print("Schema completed.")
print('Schema completed.')

44
app/templates/base.html
View File

@@ -1,29 +1,19 @@
{% from 'common/macros.html' import infobox with context %}
<!DOCTYPE HTML>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
{% if self.title() %}
<title>{{config.SITE_NAME}} - {% block title %}{% endblock %}</title>
{% else %}
<title>{{config.SITE_NAME}}</title>
{% endif %}
<link rel="stylesheet" href="{{ ("/static/css/%s.css" % get_prefers_theme()) | cachebust }}">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="icon" type="image/png" href="/static/favicon.png">
<script src="{{ '/static/js/vnd/bitty-6.0.0-rc3.min.js' | cachebust }}" type="module"></script>
</head>
<body>
<bitty-6-0 data-connect="{{ '/static/js/bitties/pyrom-bitty.js' | cachebust }}">
{% include 'common/topnav.html' %}
{% with messages = get_flashed_messages(with_categories=true) %}
{% if messages %}
{% for category, message in messages %}
{{ infobox(message, category) }}
{% endfor %}
{% endif %}
{% endwith %}
{% block content %}{% endblock %}
{% include 'common/footer.html' %}
</bitty-6-0>
<script src="{{ "/static/js/ui.js" | cachebust }}"></script>
</body>
<link rel="stylesheet" href="{{ "/static/css/style.css" | cachebust }}">
{% if self.title() -%}
<title>{{ config.SITE_NAME }} - {% block title -%}{%- endblock -%}</title>
{%- else -%}
<title>{{ config.SITE_NAME }}</title>
{%- endif -%}
</head>
<body>
{%- include 'common/topnav.html' -%}
{%- block content -%}{%- endblock -%}
{%- include 'common/footer.html' -%}
</body>
</html>

16
app/templates/common/404.html
View File

@@ -1,8 +1,8 @@
{% extends 'base.html' %}
{% block title %}not found{% endblock %}
{% block content %}
<div class="darkbg settings-container">
<h1 class="thread-title">404 Not Found</h1>
<p>The requested URL does not exist.</p>
</div>
{% endblock %}
{%- from 'common/macros.html' import subheader -%}
{%- extends 'base.html' -%}
{%- block title -%}Not found{%- endblock -%}
{%- block content -%}
{%- call() subheader('404 Not Found') -%}
<span>The requested URL was not found.</span>
{%- endcall -%}
{%- endblock -%}

5
app/templates/common/footer.html
View File

@@ -1,6 +1,7 @@
<footer id="footer">
<footer class="plank secondary-bg bottom">
<span>Pyrom commit <a href="{{ "https://git.poto.cafe/yagich/pyrom/commit/" + __commit }}">{{ __commit[:8] }}</a></span>
<ul class="horizontal">
<li><a href="{{ url_for('guides.contact') }}">Contact</a></li>
<li><a href="{{url_for('guides.contact')}}">Contact</a></li>
<li><a href="{{url_for('guides.index')}}">Guides</a></li>
</ul>
</footer>

55
app/templates/common/icons.html
View File

@@ -1,55 +0,0 @@
{# https://www.figma.com/community/file/1136337054881623512/iconcino-v2-0-0-free-icons-cc0-1-0-license #}
{% macro icn_bookmark(width=24) -%}
<svg class="icon" width="{{width}}px" height="{{width}}px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path fill-rule="evenodd" clip-rule="evenodd" d="M6 6C6 4.89543 6.89543 4 8 4H16C17.1046 4 18 4.89543 18 6V18.7268C18 19.5969 16.9657 20.0519 16.3243 19.4639L12 15.5L7.67573 19.4639C7.03432 20.0519 6 19.5969 6 18.7268V6Z" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
{%- endmacro %}
{% macro icn_error(width=60) -%}
<svg class="icon" width="{{width}}px" height="{{width}}px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M18.364 5.63604C19.9926 7.26472 21 9.51472 21 12C21 16.9706 16.9706 21 12 21C9.51472 21 7.26472 19.9926 5.63604 18.364M18.364 5.63604C16.7353 4.00736 14.4853 3 12 3C7.02944 3 3 7.02944 3 12C3 14.4853 4.00736 16.7353 5.63604 18.364M18.364 5.63604L5.63604 18.364" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
{%- endmacro %}
{% macro icn_info(width=60) -%}
<svg class="icon" width="{{width}}px" height="{{width}}px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M12 8V8.5M12 12V16M12 21C16.9706 21 21 16.9706 21 12C21 7.02944 16.9706 3 12 3C7.02944 3 3 7.02944 3 12C3 16.9706 7.02944 21 12 21Z" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
{%- endmacro %}
{% macro icn_lock(width=60) -%}
<svg class="icon" width="{{width}}px" height="{{width}}px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M12 14V16M8 9V6C8 3.79086 9.79086 2 12 2C14.2091 2 16 3.79086 16 6V9M7 21H17C18.1046 21 19 20.1046 19 19V11C19 9.89543 18.1046 9 17 9H7C5.89543 9 5 9.89543 5 11V19C5 20.1046 5.89543 21 7 21Z" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
{%- endmacro %}
{% macro icn_warn(width=60) -%}
<svg class="icon" width="{{width}}px" height="{{width}}px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M12 15H12.01M12 12V9M4.98207 19H19.0179C20.5615 19 21.5233 17.3256 20.7455 15.9923L13.7276 3.96153C12.9558 2.63852 11.0442 2.63852 10.2724 3.96153L3.25452 15.9923C2.47675 17.3256 3.43849 19 4.98207 19Z" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
{%- endmacro %}
{% macro icn_image(width=24) -%}
<svg class="icon" width="{{width}}px" height="{{width}}px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M4 17L7.58959 13.7694C8.38025 13.0578 9.58958 13.0896 10.3417 13.8417L11.5 15L15.0858 11.4142C15.8668 10.6332 17.1332 10.6332 17.9142 11.4142L20 13.5M11 9C11 9.55228 10.5523 10 10 10C9.44772 10 9 9.55228 9 9C9 8.44772 9.44772 8 10 8C10.5523 8 11 8.44772 11 9ZM6 20H18C19.1046 20 20 19.1046 20 18V6C20 4.89543 19.1046 4 18 4H6C4.89543 4 4 4.89543 4 6V18C4 19.1046 4.89543 20 6 20Z" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
{%- endmacro %}
{% macro icn_spoiler(width=24) -%}
<svg class="icon" width="{{width}}px" height="{{width}}px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M4 4L9.87868 9.87868M20 20L14.1213 14.1213M9.87868 9.87868C9.33579 10.4216 9 11.1716 9 12C9 13.6569 10.3431 15 12 15C12.8284 15 13.5784 14.6642 14.1213 14.1213M9.87868 9.87868L14.1213 14.1213M6.76821 6.76821C4.72843 8.09899 2.96378 10.026 2 11.9998C3.74646 15.5764 8.12201 19 11.9998 19C13.7376 19 15.5753 18.3124 17.2317 17.2317M9.76138 5.34717C10.5114 5.12316 11.2649 5 12.0005 5C15.8782 5 20.2531 8.42398 22 12.0002C21.448 13.1302 20.6336 14.2449 19.6554 15.2412" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
{%- endmacro %}
{% macro icn_sticky(width=24) -%}
<svg class="icon" width="{{width}}px" height="{{width}}px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M13 20H6C4.89543 20 4 19.1046 4 18V6C4 4.89543 4.89543 4 6 4H18C19.1046 4 20 4.89543 20 6V13M13 20L20 13M13 20V14C13 13.4477 13.4477 13 14 13H20" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
{%- endmacro %}
{% macro icn_megaphone(width=60) -%}
<svg width="{{width}}px" height="{{width}}px" viewBox="0 0 24 24" fill="none" xmlns="http://www.w3.org/2000/svg">
<path d="M6 18V14M6 14H8L13 17V7L8 10H5C3.89543 10 3 10.8954 3 12V12C3 13.1046 3.89543 14 5 14H6ZM17 7L19 5M17 17L19 19M19 12H21" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
</svg>
{%- endmacro %}

441
app/templates/common/macros.html
View File

@@ -1,307 +1,182 @@
{% from 'common/icons.html' import icn_image, icn_spoiler, icn_info, icn_lock, icn_warn, icn_error, icn_bookmark, icn_megaphone %}
{% macro pager(current_page, page_count) %}
{% set left_start = [1, current_page - 5] | max %}
{% set right_end = [page_count, current_page + 5] | min %}
<div class="pager">
<span>Page:</span>
{% if current_page > 5 %}
<a href="?page=1" class="pagebutton">1</a>
{% if left_start > 2 %}
<span class="currentpage">&hellip;</span>
{% endif %}
{% endif %}
{% for i in range(left_start, current_page) %}
<a href="?page={{i}}" class="pagebutton">{{i}}</a>
{% endfor %}
{% if page_count > 0 %}
<span class="currentpage">{{current_page}}</span>
{% endif %}
{% for i in range(current_page + 1, right_end + 1) %}
<a href="?page={{i}}" class="pagebutton">{{i}}</a>
{% endfor %}
{% if right_end < page_count %}
{% if right_end < page_count - 1 %}
<span class="currentpage">&hellip;</span>
{% endif %}
<a href="?page={{page_count}}" class="pagebutton">{{page_count}}</a>
{% endif %}
</div>
{% endmacro %}
{% macro bookmark_button(type, id, message = "Bookmark&hellip;", require_reload=false) %}
{% set bid = type[0] + id | string %}
<div class="bookmark-dropdown">
<button type="button" class="contain-svg inline icon" data-bookmark-type="{{type}}" data-send="showBookmarkMenu" data-concept-id="{{id}}" data-bookmark-id="{{bid}}">{{ icn_bookmark(20) }}{{ message | safe }}</button>
<div class="bookmark-dropdown-inner" data-receive="showBookmarkMenu" data-bookmark-id="{{bid}}" data-require-reload={{require_reload | int}}></div>
</div>
{% endmacro %}
{% macro infobox(message, kind=InfoboxKind.INFO) %}
<div class="{{ "infobox " + InfoboxHTMLClass[kind] }}">
<span>
<div class="infobox-icon-container">
{%- if kind == InfoboxKind.INFO -%}
{{- icn_info() -}}
{%- elif kind == InfoboxKind.LOCK -%}
{{- icn_lock() -}}
{%- elif kind == InfoboxKind.WARN -%}
{{- icn_warn() -}}
{%- elif kind == InfoboxKind.ERROR -%}
{{- icn_error() -}}
{%- endif -%}
</div>
<span>
{% set m = message.split(';', maxsplit=1) %}
<strong>{{ m[0] }}</strong>
{%- if m[1] %}
{{ m[1] -}}
{%- endif -%}
</span>
</span>
</div>
{% endmacro %}
{% macro motd(motd_obj) %}
<div class="motd">
<div class="motd-icon-container contain-svg">
{{ icn_megaphone(80) }}
<i><abbr title="Message of the Day">MOTD</abbr></i>
</div>
<div class="motd-content-container">
<div class="motd-title">{{ motd_obj.title }}</div>
<div class="motd-body">{{ motd_obj.body_rendered | safe}}</div>
</div>
</div>
{% endmacro %}
{% macro timestamp(unix_ts) -%}
<span class="timestamp" data-utc="{{ unix_ts }}" data-init="convertTimestamps">{{ unix_ts | ts_datetime('%Y-%m-%d %H:%M')}} <abbr title="Server Time">ST</abbr></span>
<span class="timestamp" data-utc="{{ unix_ts }}">{{ unix_ts | ts_datetime('%Y-%m-%d %H:%M')}} <abbr title="Server Time">ST</abbr></span>
{%- endmacro %}
{% macro babycode_editor_component(ta_name, ta_placeholder="Post body", optional=False, prefill="", banned_tags=[]) %}
<div class="babycode-editor-container tab-bar" data-receive="toggleTab">
<input type="hidden" id="babycode-banned-tags" value="{{banned_tags | unique | list | tojson | forceescape}}">
<div class="tab-buttons">
<button data-send="toggleTab" type=button class="tab-button active" data-target-id="tab-edit">Write</button>
<button data-send="babycodePreview toggleTab" type=button class="tab-button" data-target-id="tab-preview">Preview</button>
</div>
<div class="tab-content active" id="tab-edit">
<span class="babycode-button-container">
<button data-send="insertBabycodeTag" data-tag="b" class="babycode-button" type=button id="post-editor-bold" title="Insert Bold" {{"disabled" if "b" in banned_tags else ""}}><strong>B</strong></button>
<button data-send="insertBabycodeTag" data-tag="i" class="babycode-button" type=button id="post-editor-italics" title="Insert Italics" {{"disabled" if "i" in banned_tags else ""}}><em>I</em></button>
<button data-send="insertBabycodeTag" data-tag="s" class="babycode-button" type=button id="post-editor-strike" title="Insert Strikethrough" {{"disabled" if "s" in banned_tags else ""}}><del>S</del></button>
<button data-send="insertBabycodeTag" data-tag="u" class="babycode-button" type=button id="post-editor-underline" title="Insert Underline" {{"disabled" if "u" in banned_tags else ""}}><u>U</u></button>
<button data-send="insertBabycodeTag" data-tag="url=" data-prefill="link label" class="babycode-button" type=button id="post-editor-url" title="Insert Link" {{"disabled" if "url" in banned_tags else ""}}><code>://</code></button>
<button data-send="insertBabycodeTag" data-tag="code=" data-break-line="1" class="babycode-button" type=button id="post-editor-code" title="Insert Code block" {{"disabled" if "code" in banned_tags else ""}}><code>&lt;/&gt;</code></button>
<button data-send="insertBabycodeTag" data-tag="img=" data-prefill="alt text" class="babycode-button contain-svg" type=button id="post-editor-img" title="Insert Image" {{"disabled" if "img" in banned_tags else ""}}>{{ icn_image() }}</button>
<button data-send="insertBabycodeTag" data-tag="ol" data-break-line="1" class="babycode-button" type=button id="post-editor-ol" title="Insert Ordered list" {{"disabled" if "ol" in banned_tags else ""}}>1.</button>
<button data-send="insertBabycodeTag" data-tag="ul" data-break-line="1" class="babycode-button" type=button id="post-editor-ul" title="Insert Unordered list" {{"disabled" if "u;" in banned_tags else ""}}>&bullet;</button>
<button data-send="insertBabycodeTag" data-tag="spoiler=" data-break-line="1" data-prefill="hidden content" class="babycode-button contain-svg" type=button id="post-editor-spoiler" title="Insert spoiler" {{"disabled" if "spoiler" in banned_tags else ""}}>{{ icn_spoiler() }}</button>
</span>
<textarea class="babycode-editor" name="{{ ta_name }}" id="babycode-content" placeholder="{{ ta_placeholder }}" {{ "required" if not optional else "" }} autocomplete="off" data-receive="insertBabycodeTag addQuote">{{ prefill }}</textarea>
<a href="{{ url_for("guides.babycode") }}" target="_blank">babycode guide</a>
{% if banned_tags %}
<div>Forbidden tags:</div>
<div>
<ul class="horizontal">
{% for tag in banned_tags | unique %}
<li><code class="inline-code">{{ tag }}</code></li>
{% endfor %}
</ul>
</div>
{% endif %}
</div>
<div class="tab-content" id="tab-preview" data-receive="babycodePreview">
<div id="babycode-preview-errors-container">Type something!</div>
<div id="babycode-preview-container"></div>
</div>
{% macro subheader(title, desc='') -%}
<div id="subheader" class="plank secondary-bg">
<h1 class="info">{{title}}</h1>
{%- if desc -%}<span>{{desc}}</span>{%- endif -%}
<div class="actions-group">{% if caller %}{{- caller() -}}{% endif %}</div>
</div>
<script src="{{ "/static/js/babycode-editor.js" | cachebust }}"></script>
{% endmacro %}
{%- endmacro %}
{% macro babycode_editor_form(ta_name, prefill = "", cancel_url="", endpoint="") %}
{% set save_button_text = "Post reply" if not cancel_url else "Save" %}
<form class="post-edit-form" method="post" {%- if endpoint %}action={{ endpoint }}{% endif %}>
{{babycode_editor_component(ta_name, prefill = prefill)}}
{% if not cancel_url %}
<span>
<input type="checkbox" id="subscribe" name="subscribe" {{ "checked" if session.get('subscribe_by_default', default=true) else "" }}>
<label for="subscribe">Subscribe to thread</label>
{% macro pager(current_page, page_count, classes='', url='', args={}) -%}
{%- set args = dict(args.items() | rejectattr(0, 'equalto', 'page')) -%}
{%- if args -%}
{#- remove the page query argument -#}
{%- set url = url + (args | dict_to_query_string) + '&page=' -%}
{%- else -%}
{%- set url = url + '?page=' -%}
{%- endif -%}
<span class="button-row {{classes}}">
{%- if current_page == 0 -%}
{%- if page_count <= 3 -%}
{%- for i in range(page_count) -%}
<a href="{{url}}{{i+1}}" class="linkbutton minimal">{{i+1}}</a>
{%- endfor -%}
{%- else -%}
<a href="{{url}}1" class="linkbutton minimal">1</a>
<a href="{{url}}2" class="linkbutton minimal">2</a>
<button class="minimal" disabled>&hellip;</button>
<a href="{{url}}{{page_count - 1}}" class="linkbutton minimal">{{page_count - 1}}</a>
<a href="{{url}}{{page_count}}" class="linkbutton minimal">{{page_count}}</a>
{%- endif -%}
{%- else -%}
{%- set left_start = [2, current_page - 1] | max -%}
{%- set right_end = [page_count - 1, current_page + 1] | min -%}
{%- if current_page != 1 -%}
<a href="{{url}}1" class="linkbutton minimal">1</a>
{%- endif -%}
{%- if left_start > 2 -%}
<button class="minimal" disabled>&hellip;</button>
{%- endif -%}
{%- for i in range(left_start, current_page) -%}
<a href="{{url}}{{i}}" class="linkbutton minimal">{{i}}</a>
{%- endfor -%}
{%- if page_count > 0 -%}
<button class="minimal" disabled>{{current_page}}</button>
{%- endif -%}
{%- for i in range(current_page + 1, right_end + 1) -%}
<a href="{{url}}{{i}}" class="linkbutton minimal">{{i}}</a>
{%- endfor -%}
{%- if right_end < page_count - 1 -%}
<button class="minimal" disabled>&hellip;</button>
{%- endif -%}
{%- if page_count > 1 and current_page != page_count -%}
<a href="{{url}}{{page_count}}" class="linkbutton minimal">{{page_count}}</a>
{%- endif -%}
{%- endif -%}
</span>
{%- endmacro %}
{% macro tabs(prefix='', labels = []) -%}
<div class="tab-container">
<div class="tab-bar" role="tablist">
{%- for tab_label in labels -%}
<button type="button" class="tab-button" role="tab" aria-selected="{{'true' if loop.index0==0 else 'false'}}" id="{{prefix+'-'+(tab_label | lower)+'-tab'}}" aria-controls="{{prefix+'-'+(tab_label | lower)+'-content'}}">{{tab_label}}</button>
{%- endfor -%}
</div>
{%- for tab_label in labels -%}
<div class="plank secondary-bg even no-shadow tab-content {{'hidden' if loop.index0!=0 else ''}}" role="tabpanel" aria-labelledby="{{prefix+'-'+(tab_label | lower)+'-tab'}}" id="{{prefix+'-'+(tab_label | lower)+'-content'}}">
{{- caller(loop.index0) -}}
</div>
{%- endfor -%}
</div>
{%- endmacro %}
{% macro babycode_editor_component(
placeholder='Post content',
prefill='',
required=true,
id='babycode-content'
) -%}
{%- call(idx) tabs(prefix='babycode', labels=['Write', 'Preview']) -%}
{%- if idx == 0 -%}
<span class="babycode-editor-controls">
<span class="button-row">
<button type="button" class="minimal"><b>B</b></button>
<button type="button" class="minimal"><i>i</i></button>
<button type="button" class="minimal"><s>S</s></button>
<button type="button" class="minimal"><u>U</u></button>
<button type="button" class="minimal"><code>://</code></button>
<button type="button" class="minimal"><code>&lt;/&gt;</code></button>
<button type="button" class="minimal">1.</button>
<button type="button" class="minimal">&bullet;</button>
<button type="button" class="minimal"><img src="/static/emoji/angry.png" class="emoji"></button>
</span>
{% endif %}
<span>
<input type="submit" value="{{ save_button_text }}">
{% if cancel_url %}
<a class="linkbutton warn" href="{{ cancel_url }}">Cancel</a>
{% endif %}
</span>
</form>
{% endmacro %}
<a href="##">babycode help</a>
</span>
<textarea name="babycode_content" id="{{id}}" class="babycode-editor" placeholder="{{placeholder}}" {{'required' if required else ''}}>{{ prefill }}</textarea>
{%- endif -%}
{%- endcall -%}
{%- endmacro %}
{% macro full_post(
post, render_sig = True, is_latest = False,
editing = False, active_user = None, no_reply = false,
Reactions = none, show_thread_title = false,
show_bookmark = false, memo = None, bookmark_message = "Bookmark&hellip;",
reload_after_bookmark = false
) %}
{% set postclass = "post" %}
{% if editing %}
{% set postclass = postclass + " editing" %}
{% endif %}
{% set post_permalink = url_for("threads.thread", slug = post['thread_slug'], after = post['id'], _anchor = ("post-" + (post['id'] | string))) %}
<div class=" {{ postclass }}" id="post-{{ post['id'] }}" data-post-id="{{ post['id'] }}">
<div class="usercard">
post, render_sig=true, is_latest=false,
show_toolbar=true, is_editing=false, thread=none,
show_reactions=true
) -%}
{%- if is_logged_in() -%}
{%- set can_delete = post.user_id == get_active_user().id or is_mod() -%}
{%- else -%}
{%- set show_toolbar = false -%}
{%- endif -%}
{%- set owns = is_logged_in() and post.user_id == get_active_user().id -%}
{%- set can_reply = (is_logged_in()) and (not thread.locked or is_mod()) -%}
<div class="usercard plank even contrast-bg minimal no-shadow">
<div class="usercard-inner">
<a href="{{ url_for("users.page", username=post['username']) }}" style="display: contents;">
<img src="{{ post['avatar_path'] }}" class="avatar">
</a>
<a href="{{ url_for("users.page", username=post['username']) }}" class="username-link">{{ post['display_name'] or post['username'] }}</a>
<em><abbr title="Mention">@{{ post.username }}</abbr></em>
{% if post['status'] %}
<em class="user-status">{{ post['status'] }}</em>
{% endif %}
<img src="{{post.avatar_path}}" class="avatar">
<div class="usercard-rest">
<a href="{{url_for('users.user_page', username=post.username)}}">{{post.display_name if post.display_name else post.username}}</a>
<abbr title="mention">@{{post.username}}</abbr>
<i>{{post.status}}</i>
{%- set badges=post.badges_json | fromjson -%}
<div class="badges-container">
{%- for badge in badges -%}
{%- if badge.link -%}<a href="{{badge.link}}">{%- endif -%}
<img src="{{badge.file_path}}" alt="{{badge.label}}" title="{{badge.label}}" class="badge-button">
{%- if badge.link -%}</a>{%- endif -%}
{%- endfor -%}
</div>
</div>
<div class="post-content-container" {{ "id=latest-post" if is_latest else "" }}>
<div class="post-info">
<span>
{% if memo -%}
Memo: <i>{{ memo }}</i> &bullet;
{%- endif %}
{% if show_thread_title %}
<a href="{{ url_for('threads.thread', slug=post.thread_slug) }}">Thread: {{ post.thread_title }}</a>
&bullet;
{% endif %}
<a href="{{ post_permalink }}" title="Permalink"><i>
{% if (post['edited_at'] | int) > (post['created_at'] | int) %}
Edited on {{ timestamp(post['edited_at']) }}
{% else %}
Posted on {{ timestamp(post['edited_at']) }}
{% endif %}
</i></a>
</span>
</div>
</div>
<div class="post-content">
<div class="plank even minimal secondary-bg no-shadow post-info">
<a href="{{get_post_url(post.id, _anchor=true)}}"><i>Posted on {{timestamp(post.created_at)}}</i></a>
{%- if show_toolbar -%}
<span class="thread-actions">
{% set show_edit = false %}
{% if active_user %}
{% set show_edit = (active_user.id | string) == (post['user_id'] | string) and (not post['thread_is_locked'] or active_user.is_mod()) and not no_reply %}
{% endif %}
{% if show_edit %}
<a class="linkbutton" href="{{ url_for('posts.edit', post_id=post.id, _anchor='babycode-content') }}">Edit</a>
{% endif %}
{% set show_reply = true %}
{% if not active_user %}
{% set show_reply = false %}
{% elif post['thread_is_locked'] and not active_user.is_mod() %}
{% set show_reply = false %}
{% elif active_user.is_guest() %}
{% set show_reply = false %}
{% elif editing %}
{% set show_reply = false %}
{% elif no_reply %}
{% set show_reply = false %}
{% endif %}
{% if show_reply %}
{% set qtext = "@%s [url=%s]said:[/url]" | format(post['username'], post_permalink) %}
{% set reply_text = "%s\n[quote]\n%s\n[/quote]\n" | format(qtext, post['original_markup']) %}
<button data-send="addQuote" value="{{ reply_text }}" class="reply-button">Quote</button>
{% endif %}
{% set show_delete = false %}
{% if active_user %}
{% set show_delete = (((post['user_id'] | string) == (active_user.id | string) and not post['thread_is_locked']) or active_user.is_mod()) and not no_reply %}
{% endif %}
{% if show_delete %}
<button class="critical post-delete-button" value="{{ post['id'] }}">Delete</button>
{% endif %}
{% if show_bookmark %}
{{ bookmark_button(type="post", id=post.id, message=bookmark_message, require_reload=reload_after_bookmark)}}
{% endif %}
{%- if owns -%}
<a class="linkbutton" href="{{url_for('posts.edit', post_id=post.id)}}">Edit</a>
{%- endif -%}
{%- if can_reply -%}
<button disabled title="This feature requires JavaScript to be enabled.">Quote</button>
{%- endif -%}
{%- if can_delete -%}
<a class="linkbutton critical" href="{{url_for('posts.delete', post_id=post.id)}}">Delete</a>
{%- endif -%}
<button disabled title="This feature requires JavaScript to be enabled.">Bookmark&hellip;</button>
</span>
{%- endif -%}
</div>
<div class="post-content">
{% if not editing %}
<div class="post-inner" data-post-permalink="{{ post_permalink }}" data-author-username="{{ post.username }}">{{ post['content'] | safe }}</div>
{% if render_sig and post['signature_rendered'] %}
<div class="signature-container">
{{ post['signature_rendered'] | safe }}
<div class="plank even no-shadow post-content-inner minimal">{{post.content | safe}}
{%- if render_sig and post.signature_rendered -%}
<aside class="post-signature">{{post.signature_rendered | safe}}</aside>
{%- endif -%}
</div>
{% endif %}
{% else %}
{{ babycode_editor_form(cancel_url = post_permalink, prefill = post['original_markup'], ta_name = "new_content") }}
{% endif %}
</div>
{% if Reactions -%}
{% set can_react = true -%}
{% if not active_user -%}
{% set can_react = false -%}
{% elif post['thread_is_locked'] and not active_user.is_mod() -%}
{% set can_react = false -%}
{% elif active_user.is_guest() -%}
{% set can_react = false -%}
{% elif editing -%}
{% set can_react = false -%}
{% endif -%}
{% set reactions = Reactions.for_post(post.id) -%}
<div class="post-reactions">
{% for reaction in reactions %}
{%- if show_reactions -%}
<div class="plank even secondary-bg minimal no-shadow">
<span class="button-row">
{%- for reaction in Reactions.for_post(post.id) -%}
{% set reactors = Reactions.get_users(post.id, reaction.reaction_text) | map(attribute='username') | list %}
{% set reactors_trimmed = reactors[:10] %}
{% set reactors_str = reactors_trimmed | join (',\n') %}
{% if reactors | count > 10 %}
{% set reactors_str = reactors_str + '\n...and many others' %}
{% endif %}
{% set has_reacted = active_user is not none and active_user.username in reactors %}
<span class="reaction-container" data-emoji="{{ reaction.reaction_text }}" data-post-id="{{ post.id }}"><button type="button" class="reduced reaction-button {{"active" if has_reacted else ""}}" {{ "disabled" if not can_react else ""}} title="{{reactors_str}}"><img class=emoji src="/static/emoji/{{reaction.reaction_text}}.png"> x<span class="reaction-count" data-emoji="{{ reaction.reaction_text }}">{{reaction.c}}</span></button>
{% set has_reacted = get_active_user() is not none and get_active_user().username in reactors %}
<button disabled title="{{reactors_str}}" class="minimal {{'alt' if has_reacted else ''}}"><img src="/static/emoji/{{reaction.reaction_text}}.png">{{reaction.c}}</button>
{%- endfor -%}
</span>
{% endfor %}
{% if can_react %}
<button type="button" class="reduced add-reaction-button" data-post-id="{{ post.id }}">Add reaction</button>
{% endif %}
</div>
{% endif %}
{%- if is_logged_in() -%}<button disabled title="This feature requires JavaScript to be enabled.">Add reaction</button>{%- endif -%}
</div>
{%- endif -%}
</div>
{% endmacro %}
{% macro accordion(hidden=false, disabled=false) %}
{% if disabled %}
{% set hidden = true %}
{% endif %}
<div class="accordion {{ "hidden" if hidden else ""}}" data-receive="toggleAccordion">
<div class="accordion-header">
<button type="button" class="accordion-toggle" {{"disabled" if disabled else ""}} data-send="toggleAccordion">{{ "+" if hidden else "-" }}</button>
{{ caller('header') }}
</div>
<div class="accordion-content {{ "hidden" if hidden else "" }}">
{{ caller('content') }}
</div>
</div>
{% endmacro %}
{% macro guide_sections() %}
<div class="guide-container">
<div class="guide-topics">
{% set sections %}{{ caller() }}{% endset %}
{{ sections | safe }}
</div>
<div class="guide-toc">
<h2>Table of contents</h2>
{% set toc = sections | extract_h2 %}
<ul>
{% for heading in toc %}
<li><a href='#{{ heading.id }}'>{{ heading.text }}</a></li>
{% endfor %}
</ul>
</div>
</div>
{% endmacro %}
{%- endmacro %}

53
app/templates/common/topnav.html
View File

@@ -1,31 +1,26 @@
<nav id="topnav">
<span>
<a class="site-title" href="{{url_for('topics.all_topics')}}">{{config.SITE_NAME}}</a>
</span>
<span>
{% if not is_logged_in() %}
{% if not config.DISABLE_SIGNUP %}
Welcome, guest. Please <a href="{{url_for('users.sign_up')}}">sign up</a> or <a href="{{url_for('users.log_in')}}">log in</a>
{% else %}
Welcome, guest. Please <a href="{{url_for('users.log_in')}}">log in</a>
{% endif %}
{% else %}
{% with user = get_active_user() %}
Welcome, <a href="{{ url_for("users.page", username = user.username) }}">{{user.get_readable_name()}}</a>
<ul class="horizontal">
<li><a href="{{ url_for("users.settings", username = user.username) }}">Settings</a></li>
<li><a href="{{ url_for("users.inbox", username = user.username) }}">Inbox</a></li>
{% if config.DISABLE_SIGNUP and user.can_invite() %}
<li><a href="{{ url_for('users.invite_links', username=user.username )}}">Invite to {{ config.SITE_NAME }}</a></li>
{% endif %}
{% if not user.is_guest() %}
<li><a href="{{ url_for('users.bookmarks', username=user.username) }}">Bookmarks</a></li>
{% endif %}
{% if user.is_mod() %}
<li><a href="{{ url_for("mod.panel") }}">Moderation</a></li>
{% endif %}
<nav id="header" class="plank top">
<a class="site-title" href="/">Porom</a>
<span>anti-social media</span>
{%- if is_logged_in() -%}
{%- with user = get_active_user() -%}
<ul class="horizontal wrap">
<li class="mobile-fill-flex">Welcome, <a href="{{url_for('users.user_page', username=user.username)}}">{{ user.get_readable_name() }}</a></li>
<li><a class="linkbutton" href="{{url_for('users.settings', username=user.username)}}">Settings</a></li>
<li><a class="linkbutton" href="{{url_for('users.inbox', username=user.username)}}">Inbox</a></li>
<li><a class="linkbutton" href="{{url_for('users.bookmarks', username=user.username)}}">Bookmarks</a></li>
{% if user.is_mod() -%}
<li><a class="linkbutton" href="{{url_for('mod.index')}}">Moderation</a></li>
{%- endif %}
</ul>
{% endwith %}
{% endif %}
</span>
{%- endwith -%}
{%- elif request.path != url_for('users.sign_up') and request.path != url_for('users.log_in') -%}
<form class="horizontal wrap" method="POST" action="{{url_for('users.log_in_post')}}">
<input type="hidden" name="return_to" value="{{request.path}}">
<input type="text" placeholder="Username" name="username" autocomplete="username" required>
<input type="password" placeholder="Password" name="password" autocomplete="current-password" required>
<span><input type="checkbox" name="remember" id="remember"> <label for="remember">Remember me</label></span>
<input type="submit" value="Log in">
<a href="{{url_for('users.sign_up')}}" class="linkbutton alt">Sign up</a>
</form>
{%- endif -%}
</nav>

28
app/templates/components/bookmarks_dropdown.html
View File

@@ -1,28 +0,0 @@
{% set bookmark_url = None %}
{% if type == 'post' %}
{% set bookmark_url = url_for('api.bookmark_post', post_id=id) %}
{% else %}
{% set bookmark_url = url_for('api.bookmark_thread', thread_id=id) %}
{% endif %}
<div class="bookmarks-dropdown" data-bookmark-type="{{type}}" data-receive="saveBookmarks" data-bookmark-endpoint="{{bookmark_url}}" data-originally-contained-in="{{ selected.id if selected else ""}}" data-require-reload={{require_reload | int}} popover=auto>
<div class="bookmarks-dropdown-header">
<span>Bookmark collections</span>
{% if not require_reload %}
<a href="{{ url_for('users.bookmarks', username=get_active_user().username) }}">View bookmarks</a>
{% endif %}
</div>
<div class="bookmark-dropdown-items-container">
{%- for collection in collections -%}
{%- set pc = collection.get_posts_count() -%}
{%- set tc = collection.get_threads_count() -%}
<div class="bookmark-dropdown-item {{ "selected" if selected and (selected.id | int) == (collection.id | int) else ""}}" data-send="selectBookmarkCollection" data-receive="selectBookmarkCollection" data-collection-id="{{collection.id}}">
<span class="bookmark-dropdown-item-name">{{collection.name}}</span>
<span class="bookmark-dropdown-item-stats"><abbr title="{{ pc }} {{('post' | pluralize(pc))}}">{{ pc }}p</abbr>, <abbr title="{{ tc }} {{('thread' | pluralize(tc))}}">{{ tc }}t</abbr></span>
</div>
{%- endfor -%}
</div>
<span>
<input type="text" placeholder="Memo" class="bookmark-memo-input" value="{{memo}}"></input>
<button type="button" data-send="saveBookmarks">Save</button>
</span>
</div>

190
app/templates/guides/babycode.html
View File

@@ -1,190 +0,0 @@
{% extends 'base.html' %}
{% from 'common/macros.html' import guide_sections with context %}
{% block title %}babycode guide{% endblock %}
{% block content %}
<div class=darkbg>
<h1 class="thread-title">Babycode guide</h1>
</div>
{% call() guide_sections() %}
<section class="guide-section">
<h2 id="what-is-babycode">What is babycode?</h2>
<p>You may be familiar with BBCode, a loosely related family of markup languages popular on forums. Babycode is another, simplified, dialect of those languages. It is a way of formatting text by enclosing parts of it in special tags.</p>
<p>A <b>tag</b> is a short name enclosed in square brackets. Tags can be opening tags, like <code class="inline-code">[b]</code> or closing tags, like <code class="inline-code">[/b]</code>. Anything inserted between matching opening and closing tags is known as the tag's content.</p>
<p>Some tags can provide more specific instructions using an <b>attribute</b>. An attribute is added to the opening tag with an equals sign (<code class="inline-code">=</code>). This allows you to specify details like a particular color or a link's address.</p>
</section>
<section class="guide-section">
<h2 id="text-formatting-tags">Text formatting tags</h2>
<ul class='guide-list'>
<li>To make some text <strong>bold</strong>, enclose it in <code class="inline-code">[b][/b]</code>:<br>
[b]Hello World[/b]<br>
Will become<br>
<strong>Hello World</strong>
</li>
</ul>
<ul class='guide-list'>
<li>To <em>italicize</em> text, enclose it in <code class="inline-code">[i][/i]</code>:<br>
[i]Hello World[/i]<br>
Will become<br>
<em>Hello World</em>
</li>
</ul>
<ul class='guide-list'>
<li>To make some text <del>strikethrough</del>, enclose it in <code class="inline-code">[s][/s]</code>:<br>
[s]Hello World[/s]<br>
Will become<br>
<del>Hello World</del>
</li>
</ul>
<ul class='guide-list'>
<li>To <u>underline</u> some text, enclose it in <code class="inline-code">[u][/u]</code>:<br>
[u]Hello World[/u]<br>
Will become<br>
<u>Hello World</u>
</li>
</ul>
<ul class='guide-list'>
<li>To make some text {{ "[big]big[/big]" | babycode | safe }}, enclose it in <code class="inline-code">[big][/big]</code>:<br>
[big]Hello World[/big]<br>
Will become<br>
{{ "[big]Hello World[/big]" | babycode | safe }}
<li>Similarly, you can make text {{ "[small]small[/small]" | babycode | safe }} with <code class="inline-code">[small][/small]</code>:<br>
[small]Hello World[/small]<br>
Will become<br>
{{ "[small]Hello World[/small]" | babycode | safe }}
</li>
</ul>
<ul class='guide-list'>
<li>You can change the text color by using <code class="inline-code">[color][/color]</code>:<br>
[color=red]Red text[/color]<br>
[color=white]White text[/color]<br>
[color=#3b08f0]Blueish text[/color]<br>
Will become<br>
{{ "[color=red]Red text[/color]" | babycode | safe }}<br>
{{ "[color=white]White text[/color]" | babycode | safe }}<br>
{{ "[color=#3b08f0]Blueish text[/color]" | babycode | safe }}<br>
</li>
</ul>
<ul class='guide-list'>
<li>You can center text by enclosing it in <code class="inline-code">[center][/center]</code>:<br>
[center]Hello World[/center]<br>
Will become<br>
{{ "[center]Hello World[/center]" | babycode | safe }}
</li>
<li>You can right-align text by enclosing it in <code class="inline-code">[right][/right]</code>:<br>
[right]Hello World[/right]<br>
Will become<br>
{{ "[right]Hello World[/right]" | babycode | safe }}
</li>
Note: the center and right tags will break the paragraph. See <a href="#paragraph-rules">Paragraph rules</a> for more details.
</ul>
</section>
<section class="guide-section">
<h2 id="emoji">Emoji</h2>
<p>There are a few emoji in the style of old forum emotes:</p>
<table class="emoji-table">
<tr>
<th>Short code</th>
<th>Emoji result</th>
</tr>
{% for emoji in __emoji %}
<tr>
<td>{{ ("[code]:%s:[/code]" % emoji) | babycode | safe }}</td>
<td>{{ __emoji[emoji] | safe }}</td>
</tr>
{% endfor %}
</table>
<p>Special thanks to the <a href="https://gh.vercte.net/forumoji/">Forumoji project</a> and its contributors for these graphics.</p>
</section>
<section class="guide-section">
<h2 id="paragraph-rules">Paragraph rules</h2>
<p>Line breaks in babycode work like Markdown: to start a new paragraph, use two line breaks:</p>
{{ '[code]paragraph 1\n\nparagraph 2[/code]' | babycode | safe }}
Will produce:<br>
{{ 'paragraph 1\n\nparagraph 2' | babycode | safe }}
<p>To break a line without starting a new paragraph, end a line with two spaces:</p>
{{ '[code]paragraph 1 \nstill paragraph 1[/code]' | babycode | safe }}
That will produce:<br>
{{ 'paragraph 1 \nstill paragraph 1' | babycode | safe }}
<p>Additionally, the following tags will break into a new paragraph:</p>
<ul>
<li><code class="inline-code">[code]</code> (code block, not inline);</li>
<li><code class="inline-code">[img]</code>;</li>
<li><code class="inline-code">[center]</code>;</li>
<li><code class="inline-code">[right]</code>;</li>
<li><code class="inline-code">[ul]</code> and <code class="inline-code">[ol]</code>;</li>
<li><code class="inline-code">[quote]</code>.</li>
</ul>
</section>
<section class="guide-section">
<h2 id="links">Links</h2>
<p>Loose links (starting with http:// or https://) will automatically get converted to clickable links. To add a label to a link, use<br><code class="inline-code">[url=https://example.com]Link label[/url]</code>:<br>
<a href="https://example.com">Link label</a></p>
</section>
<section class="guide-section">
<h2 id="attaching-an-image">Attaching an image</h2>
<p>To add an image to your post, use the <code class="inline-code">[img]</code> tag:<br>
<code class="inline-code">[img=https://forum.poto.cafe/avatars/default.webp]the Python logo with a cowboy hat[/img]</code>
{{ '[img=/static/avatars/default.webp]the Python logo with a cowboy hat[/img]' | babycode | safe }}
</p>
<p>The attribute is the image URL. The text inside the tag will become the image's alt text.</p>
<p>Images will always break up a paragraph and will get scaled down to a maximum of 400px. However, consecutive image tags will try to stay in one line, wrapping if necessary. Break the paragraph if you wish to keep images on their own paragraph.</p>
<p>Multiple images attached to a post can be clicked to open a dialog to view them.</p>
</section>
<section class="guide-section">
<h2 id="adding-code-blocks">Adding code blocks</h2>
{% set code = 'func _ready() -> void:\n\tprint("hello world!")' %}
<p>There are two kinds of code blocks recognized by babycode: inline and block. Inline code blocks do not break a paragraph. They can be added with <code class="inline-code">[code]your code here[/code]</code>. As long as there are no line breaks inside the code block, it is considered inline. If there are any, it will produce this:</p>
{{ ('[code]%s[/code]' % code) | babycode | safe }}
<p>Optionally, you can enable syntax highlighting by specifying the language in the attribute like this: <code class="inline-code">[code=gdscript]</code></p>
{{ ('[code=gdscript]%s[/code]' % code) | babycode | safe}}
<p>A full list of languages that can be highlighted is available <a href="https://pygments.org/languages/" target=_blank>here</a> (the short names column).</p>
<p>Inline code tags look like this: {{ '[code]Inline code[/code]' | babycode | safe }}</p>
<p>Babycodes are not parsed inside code blocks.</p>
</section>
<section class="guide-section">
<h2 id="quoting">Quoting</h2>
<p>Text enclosed within <code class="inline-code">[quote][/quote]</code> will look like a quote:</p>
<blockquote>A man provided with paper, pencil, and rubber, and subject to strict discipline, is in effect a universal machine.</blockquote>
</section>
<section class="guide-section">
<h2 id="lists">Lists</h2>
{% set list = '[ul]\nitem 1\n\nitem 2\n\nitem 3 \nstill item 3 (break line without inserting a new item by using two spaces at the end of a line)\n[/ul]' %}
<p>There are two kinds of lists, ordered (1, 2, 3, ...) and unordered (bullet points). Ordered lists are made with <code class="inline-code">[ol][/ol]</code> tags, and unordered with <code class="inline-code">[ul][/ul]</code>. Every new paragraph according to the <a href="#paragraph-rules">usual paragraph rules</a> will create a new list item. For example:</p>
{{ ('[code]%s[/code]' % list) | babycode | safe }}
Will produce the following list:
{{ list | babycode | safe }}
</section>
<section class="guide-section">
<h2 id="spoilers">Spoilers</h2>
{% set spoiler = "[spoiler=Major Metal Gear Spoilers]Snake dies[/spoiler]" %}
<p>You can make a section collapsible by using the <code class="inline-code">[spoiler]</code> tag:</p>
{{ ("[code]\n%s[/code]" % spoiler) | babycode | safe }}
Will produce:
{{ spoiler | babycode | safe }}
All other tags are supported inside spoilers.
</section>
<section class="guide-section">
<h2 id="mentions">Mentioning users</h2>
<p>You can mention users by their username (<em>not</em> their display name) by using <code class="inline-code">@username</code>. A user's username is always shown below their avatar and display name on their posts and their user page.</p>
<p>A mention will show up on your post as a clickable box with the user's display name if they have one set or their username with an <code class="inline-code">@</code> symbol if they don't:</p>
<a class="mention" href="#mentions" title="@user-without-display-name">@user-without-display-name</a>
<a class="mention display" href="#mentions" title="@user-with-display-name">User with display name</a>
<a class="mention display me" href="#mentions" title="@your-username">Your display name</a>
<p>Mentioning a user does not notify them. It is simply a way to link to their profile in your posts.</p>
</section>
<section class="guide-section">
<h2 id="void-tags">Void tags</h2>
<p>The special void tags <code class="inline-code">[lb]</code>, <code class="inline-code">[rb]</code>, and <code class="inline-code">[@]</code> will appear as the literal characters <code class="inline-code">[</code>, <code class="inline-code">]</code>, and <code class="inline-code">@</code> respectively. Unlike other tags, they are self-contained and have no closing equivalent.</p>
<ul class="guide-list">
{% set lbrb = "[color=red]This text will be red[/color]\n\n[lb]color=red[rb]This text won't be red[lb]/color[rb]" %}
<li><code class="inline-code">[lb]</code> and <code class="inline-code">[rb]</code> allow you to use square brackets without them being interpreted as Babycode:
{{ ("[code]" + lbrb + "[/code]") | babycode | safe }}
Will result in:<br>
{{ lbrb | babycode | safe }}
</li>
<li>The <code class="inline-code">[@]</code> tag allows you to use the @ symbol without it being turned into a mention.</li>
</ul>
</section>
{% endcall %}
{% endblock %}

13
app/templates/guides/contact.html
View File

@@ -1,13 +0,0 @@
{% extends 'base.html' %}
{% block title %}contact us{% endblock %}
{% block content %}
<div class="darkbg settings-container">
<h1>Contact</h1>
{% if config.ADMIN_CONTACT_INFO %}
<p>The administrators of {{ config.SITE_NAME }} provide the following contact information:</p>
<div>{{ config.ADMIN_CONTACT_INFO | babycode_strict | safe }}</div>
{% else %}
<p>The administrators of {{ config.SITE_NAME }} did not provide any contact information.</p>
{% endif %}
</div>
{% endblock %}

13
app/templates/mod/edit_topic.html Normal file
View File

@@ -0,0 +1,13 @@
{%- from 'common/macros.html' import subheader -%}
{%- extends 'base.html' -%}
{%- block title -%}editing topic {{topic.name}}{%- endblock -%}
{%- block content -%}
{{subheader('Editing topic %s' % topic.name, 'To preserve history, the URL of the topic can not be changed.')}}
<form class="plank primary-bg full-width" method="POST">
<label for="name">Name</label>
<input type="text" id="name" name="name" required value="{{topic.name}}">
<label for="description">Description</label>
<textarea name="description" id="description" rows="5" required>{{topic.description}}</textarea>
<input type="submit" value="Save">
</form>
{%- endblock -%}

17
app/templates/mod/motd.html
View File

@@ -1,17 +0,0 @@
{% from 'common/macros.html' import babycode_editor_component %}
{% extends 'base.html' %}
{% block title %}editing MOTD{% endblock %}
{% block content %}
<div class="darkbg settings-container">
<h1>Edit Message of the Day</h1>
<p>The Message of the Day will show up on the main page and in every topic.</p>
<form method="POST">
<label for="title">Title</label>
<input name="title" id="title" type="text" required autocomplete="off" placeholder="Required" value="{{ current.title }}"><br>
<label for="body">Body</label>
{{ babycode_editor_component('body', ta_placeholder='MOTD body (required)', banned_tags=MOTD_BANNED_TAGS, prefill=current.body_original_markup) }}
<input type="submit" value="Save">
<input class="critical" type="submit" formaction="{{ url_for('mod.motd_delete') }}" value="Delete MOTD" formnovalidate {{"disabled" if not current else ""}}>
</form>
</div>
{% endblock %}

13
app/templates/mod/new_topic.html Normal file
View File

@@ -0,0 +1,13 @@
{%- from 'common/macros.html' import subheader -%}
{%- extends 'base.html' -%}
{%- block title -%}creating a topic{%- endblock -%}
{%- block content -%}
{{subheader('Create topic', 'The new topic will appear at the bottom of the current topic list. You can sort it later.')}}
<form class="plank primary-bg full-width" method="POST">
<label for="name">Name</label>
<input type="text" id="name" name="name" required>
<label for="description">Description</label>
<textarea name="description" id="description" rows="5" required></textarea>
<input type="submit" value="Create">
</form>
{%- endblock -%}

12
app/templates/mod/panel.html
View File

@@ -1,12 +0,0 @@
{% extends "base.html" %}
{% block title %}moderation{% endblock %}
{% block content %}
<div class="darkbg settings-container">
<h1>Moderation actions</h1>
<ul>
<li><a href="{{ url_for('mod.user_list') }}">User list</a></li>
<li><a href="{{ url_for('mod.sort_topics') }}">Sort topics</a></li>
<li><a href="{{ url_for('mod.motd_editor') }}">Message of the Day</a></li>
</ul>
</div>
{% endblock %}

18
app/templates/mod/sort-topics.html
View File

@@ -1,18 +0,0 @@
{% extends "base.html" %}
{% block content %}
<div class="darkbg settings-container">
<h1>Change topics order</h1>
<p>Drag topic titles to reoder them. Press submit when done. The topics will appear to users in the order set here.</p>
<form method="post" id=topics-container>
{% for topic in topics %}
<div draggable="true" class="draggable-topic" ondragover="dragOver(event)" ondragstart="dragStart(event)" ondragend="dragEnd()">
<div class="thread-title">{{ topic['name'] }}</div>
<div>{{ topic.description }}</div>
<input type="hidden" name="{{ topic['id'] }}" value="{{ topic['sort-order'] }}" class="topic-input">
</div>
{% endfor %}
<input type=submit value="Save order">
</form>
</div>
<script src="{{ "/static/js/sort-topics.js" | cachebust }}"></script>
{% endblock %}

69
app/templates/mod/user-list.html
View File

@@ -1,69 +0,0 @@
{% from "common/macros.html" import timestamp, accordion %}
{% extends "base.html" %}
{% block content %}
<div class="darkbg inbox-container">
{% set guests = (users | selectattr('permission', 'eq', PermissionLevel.GUEST.value) | list) %}
{% set not_guests = (users | selectattr('permission', 'gt', PermissionLevel.GUEST.value) | list) %}
{% call(section) accordion(disabled=(guests | count==0)) %}
{% if section == "header" %}
<span>Unconfirmed guests</span>
{% elif section == "content" %}
<table class="colorful-table">
<thead>
<th>Username</th>
<th class="small">Signed up on</th>
</thead>
{% for user in guests %}
<tr>
<td>
<a href="{{url_for("users.page", username=user['username'])}}">{{user['username']}}
</a>
</td>
<td>
{{ timestamp(user.created_at) }}
</td>
</tr>
{% endfor %}
</table>
{% endif %}
{% endcall %}
{% call(section) accordion() %}
{% if section == "header" %}
<span>Other users</span>
{% elif section == "content" %}
<table class="colorful-table">
<thead>
<th>Username</th>
<th class="small">Permission</th>
<th class="small">Signed up on</th>
{% if active_user.is_admin() %}
<th class="small">Create password reset link</th>
{% endif %}
</thead>
{% for user in not_guests %}
<tr>
<td>
<a href="{{url_for("users.page", username=user['username'])}}">{{user['username']}}
</a>
</td>
<td>
{{ user.permission | permission_string }}
</td>
<td>
{{ timestamp(user.created_at) }}
</td>
{% if active_user.is_admin() %}
<td>
<form method="post" action="{{url_for('mod.create_reset_pass', user_id=user.id)}}">
<input type="submit" class="warn" value="Create password reset link">
</form>
</td>
{% endif %}
</tr>
{% endfor %}
</table>
{% endif %}
{% endcall %}
</div>
{% endblock %}

18
app/templates/posts/edit.html
View File

@@ -1,18 +0,0 @@
{% from 'common/macros.html' import full_post %}
{% extends 'base.html' %}
{% block title %}editing a post{% endblock %}
{% block content %}
{% for post in prev_context | reverse %}
{{ full_post(post=post, no_reply=true, active_user=active_user) }}
{% endfor %}
<span class="context-explain">
<span>&uarr;&uarr;&uarr;</span><i>Context</i><span>&uarr;&uarr;&uarr;</span>
</span>
{{ full_post(post=editing_post, editing=true, no_reply=true, active_user=active_user) }}
<span class="context-explain">
<span>&darr;&darr;&darr;</span><i>Context</i><span>&darr;&darr;&darr;</span>
</span>
{% for post in next_context %}
{{ full_post(post=post, no_reply=true, active_user=active_user) }}
{% endfor %}
{% endblock %}

22
app/templates/threads/create.html
View File

@@ -1,22 +0,0 @@
{% from "common/macros.html" import babycode_editor_component %}
{% extends "base.html" %}
{% block title %}drafting a thread{% endblock %}
{% block content %}
<div class="darkbg settings-container">
<h1>New thread</h1>
<form method="post">
<label for="topic_id">Topic</label>
<select name="topic_id" id="topic_id" autocomplete="off">
{% for topic in all_topics %}
{% set disable_topic = active_user and not active_user.can_post_to_topic(topic) %}
<option value="{{ topic['id'] }}" {{"selected" if (request.args.get('topic_id')) == (topic['id'] | string) else ""}} {{'disabled' if disable_topic else ''}} >{{ topic['name'] }}{{ ' (locked)' if topic.is_locked }}</option>
{% endfor %}
</select><br>
<label for="title">Thread title</label>
<input type="text" id="title" name="title" placeholder="Required" required>
<label for="initial_post">Post body</label><br>
{{ babycode_editor_component("initial_post") }}
<input type="submit" value="Create thread">
</form>
</div>
{% endblock %}

19
app/templates/threads/new_thread.html Normal file
View File

@@ -0,0 +1,19 @@
{%- from 'common/macros.html' import subheader, babycode_editor_component -%}
{%- extends 'base.html' -%}
{%- block title -%}drafting a thread{%- endblock -%}
{%- block content -%}
{{subheader('New thread')}}
<form class="plank primary-bg full-width" method="POST">
<label for="topic">Topic</label>
<select name="topic_id" id="topic" autocomplete="off">
{%- for topic in topics -%}
<option value="{{topic.id}}" {{'selected' if selected_topic == topic.id else ''}} {{'disabled' if not get_active_user().can_post_to_topic(topic) else ''}}>{{topic.name}}{{ ' (locked)' if topic.locked() else ''}}</option>
{%- endfor -%}
</select>
<label for="title">Title</label>
<input type="text" id="title" name="title" required>
<label for="babycode-content">Starting post</label>
{{ babycode_editor_component() }}
<input type="submit" value="Create">
</form>
{%- endblock -%}

161
app/templates/threads/thread.html
View File

@@ -1,94 +1,77 @@
{% from 'common/macros.html' import pager, babycode_editor_form, full_post, bookmark_button %}
{% from 'common/icons.html' import icn_bookmark %}
{% extends "base.html" %}
{% block title %}{{ thread.title }}{% endblock %}
{% block content %}
{% set can_post = false %}
{% set can_lock = false %}
{% set can_subscribe = false %}
{% set can_bookmark = false %}
{% if active_user %}
{% set can_subscribe = true %}
{% set can_bookmark = not active_user.is_guest() %}
{% set can_post = (not thread.is_locked and not active_user.is_guest()) or active_user.is_mod() %}
{% set can_lock = ((active_user.id | int) == (thread.user_id | int)) or active_user.is_mod() %}
{% endif %}
<main>
<nav class="darkbg">
<h1 class="thread-title">{{ thread.title }}{% if unread_count is not none %} ({{ unread_count }} unread){% endif %}</h1>
<span>Posted in <a href="{{ url_for("topics.topic", slug=topic.slug) }}">{{ topic.name }}</a>
{% if thread.is_stickied %}
&bullet; <i>stickied, so it's probably important</i>
{% endif %}
</span>
<div class="thread-actions">
{% if can_subscribe %}
<form class="modform" action="{{ url_for('threads.subscribe', slug=thread.slug) }}" method="post">
<input type='hidden' name='last_visible_post' value='{{posts[-1].id}}'>
<input type='hidden' name='subscribe' value='{{ 'unsubscribe' if is_subscribed else 'subscribe' }}'>
<input type='submit' value='{{ 'Unsubscribe' if is_subscribed else 'Subscribe' }}'>
{%- from 'common/macros.html' import subheader, timestamp, pager, babycode_editor_component -%}
{%- from 'common/macros.html' import full_post with context -%}
{%- extends 'base.html' -%}
{%- block title -%}{{thread.title}}{%- endblock -%}
{%- block content -%}
{%- set td -%}
<ul class="horizontal">
<li>Started by <a href="{{url_for('users.user_page', username=started_by.username)}}">{{started_by.get_readable_name()}}</a> in topic <a href="{{url_for('topics.topic_by_id', topic_id=topic.id)}}">{{topic.name}}</a></li>
{%- if thread.locked() or thread.stickied() -%}
{%- if thread.locked() -%}
<li class="visible">Locked</li>
{%- endif -%}
{%- if thread.stickied() -%}
<li class="visible">Stickied</li>
{%- endif -%}
{%- endif -%}
</ul>
{%- endset -%}
{%- call() subheader(thread.title, td) -%}
<fieldset class="plank even no-shadow minimal thread-actions">
<legend>Actions</legend>
{%- if is_logged_in() -%}
<button>Subscribe</button>
<button disabled title="This feature requires JavaScript to be enabled.">Bookmark&hellip;</button>
{%- endif -%}
<a href="{{url_for('threads.feed', thread_id=thread.id)}}" class="linkbutton rss">Subscribe via RSS</a>
</fieldset>
{%- if is_mod() -%}
<fieldset class="plank even no-shadow minimal thread-actions">
<legend>Moderation actions</legend>
<form method="POST">
<input type="hidden" name="lock" value="{{(not thread.locked()) | int}}">
<input type="hidden" name="sticky" value="{{(not thread.stickied()) | int}}">
<input type="submit" class="warn" value="{{'Unlock' if thread.locked() else 'Lock'}}" formaction="{{url_for('mod.lock_thread', thread_id=thread.id)}}">
<input type="submit" class="warn" value="{{'Unsticky' if thread.stickied() else 'Sticky'}}" formaction="{{url_for('mod.sticky_thread', thread_id=thread.id)}}">
</form>
{% endif %}
{% if can_bookmark %}
{{ bookmark_button(type="thread", id=thread.id) }}
{% endif %}
{% if can_lock %}
<form class="modform" action="{{ url_for("threads.lock", slug=thread.slug) }}" method="post">
<input type=hidden name='target_op' value="{{ (not thread.is_locked) | int }}">
<input class="warn" type="submit" value="{{"Unlock thread" if thread.is_locked else "Lock thread"}}">
</form>
{% endif %}
{% if active_user and active_user.is_mod() %}
<form class="modform" action="{{ url_for("threads.sticky", slug=thread.slug) }}" method="post">
<input type=hidden name='target_op' value="{{ (not thread.is_stickied) | int }}">
<input class="warn" type="submit" value="{{"Unsticky thread" if thread.is_stickied else "Sticky thread"}}">
</form>
<form class="modform" action="{{ url_for("threads.move", slug=thread.slug) }}" method="post">
<label for="new_topic_id">Move to topic:</label>
<select style="width:200px;" id="new_topic_id" name="new_topic_id" autocomplete="off">
{% for topic in topics %}
<option value="{{ topic['id'] }}" {{ "selected disabled" if (thread.topic_id | string) == (topic['id'] | string) else "" }}>{{ topic['name'] }}</option>
{% endfor %}
<form class="horizontal wrap" method="POST" action="{{url_for('mod.move_thread', thread_id=thread.id)}}">
<select name="new_topic_id" id="new-topic-id" autocomplete="off" required>
<option selected disabled value="">Move to topic:</option>
{%- for t in topics -%}
<option value="{{t.id}}" {{'disabled' if t.id==topic.id else ''}}>{{t.name}}</option>
{%- endfor -%}
</select>
<input class="warn" type="submit" value="Move thread">
<input type="submit" value="Move" class="warn">
</form>
{% endif %}
</div>
</nav>
{% for post in posts %}
{{ full_post(post = post, active_user = active_user, is_latest = loop.index == (posts | length), Reactions = Reactions, show_bookmark = can_bookmark) }}
{% endfor %}
</fieldset>
<fieldset class="plank even no-shadow minimal thread-actions">
<legend>Page</legend>
{{- pager(page, page_count) -}}
</fieldset>
{%- endif -%}
{%- endcall -%}
<main>
{%- for post in posts -%}
<article id="post-{{post.id}}" class="post plank">
{{full_post(post)}}
</article>
{%- endfor -%}
</main>
<nav id="bottomnav">
{{ pager(current_page = current_page, page_count = page_count) }}
</nav>
{% if can_post %}
<h1>Respond to "{{ thread.title }}"</h1>
{{ babycode_editor_form(ta_name = "post_content")}}
{% endif %}
<dialog id="delete-dialog">
<div class=delete-dialog-inner>
Are you sure you want to delete the highlighted post?
<span>
<button id=post-delete-dialog-close>Cancel</button>
<button class="critical" form=post-delete-form>Delete</button>
<form id="post-delete-form" method="post"></form>
</span>
</div>
</dialog>
<input type='hidden' id='allowed-reaction-emoji' value='{{ REACTION_EMOJI | join(' ') }}'>
<input type='hidden' id='thread-subscribe-endpoint' value='{{ url_for('api.thread_updates', thread_id=thread.id) }}'>
<div id="new-post-notification" class="new-concept-notification hidden">
<div class="new-notification-content">
<p>New post in thread!</p>
<span class="notification-buttons">
<button id="dismiss-new-post-button">Dismiss</button>
<a class="linkbutton" id="go-to-new-post-button">View post</a>
<button id="unsub-new-post-button">Stop updates</button>
</span>
</div>
<div class="plank secondary-bg">
<fieldset class="plank even no-shadow minimal thread-actions">
<legend>Page</legend>
{{- pager(page, page_count) -}}
</fieldset>
</div>
<script src="{{ "/static/js/thread.js" | cachebust }}"></script>
{% endblock %}
{%- if is_logged_in() -%}
<form action="{{url_for('threads.reply', thread_id=thread.id)}}" method="POST" class="plank post-edit-form">
<h2 class="info">Reply to "{{thread.title}}"</h2>
{{- babycode_editor_component() -}}
<span>
<input type="checkbox" checked name="subscribe" id="subscribe">
<label for="subscribe">Subscribe to thread</label>
</span>
<span><input type="submit" value="Post reply"></span>
</form>
{%- endif -%}
{%- endblock -%}

14
app/templates/topics/create.html
View File

@@ -1,14 +0,0 @@
{% extends "base.html" %}
{% block title %}creating a topic{% endblock %}
{% block content %}
<div class="darkbg settings-container">
<h1>Create topic</h1>
<form method="post">
<label for=name>Name</label>
<input type="text" name="name" id="name" required><br>
<label for="description">Description</label>
<textarea id="description" name="description" required rows=5></textarea><br>
<input type="submit" value="Create topic">
</form>
</div>
{% endblock %}

16
app/templates/topics/edit.html
View File

@@ -1,16 +0,0 @@
{% extends "base.html" %}
{% block title %}creating a topic{% endblock %}
{% block content %}
<div class="darkbg settings-container">
<h1>Editing topic {{ topic['name'] }}</h1>
<form method="post">
<label for=name>Name</label>
<input type="text" name="name" id="name" required value="{{ topic['name'] }}"><br>
<label for="description">Description</label>
<textarea id="description" name="description" required rows=5>{{ topic['description'] }}</textarea><br>
<input type="submit" value="Save changes">
<a class="linkbutton warn" href={{ url_for("topics.topic", slug=topic['slug'] )}}>Cancel</a><br>
<i> Note: to preserve history, you cannot change the topic URL.</i>
</form>
</div>
{% endblock %}

162
app/templates/topics/topic.html
View File

@@ -1,96 +1,70 @@
{% from 'common/macros.html' import pager, timestamp, motd %}
{% from 'common/icons.html' import icn_lock, icn_sticky %}
{% extends "base.html" %}
{% block title %}browsing topic {{ topic['name'] }}{% endblock %}
{% block content %}
<nav class="darkbg">
<h1 class="thread-title">All threads in "{{topic['name']}}"</h1>
<span>{{topic['description']}}</span>
<div>
{% if active_user %}
{% if not (topic['is_locked']) | int or active_user.is_mod() %}
<a class="linkbutton" href="{{ url_for("threads.create", topic_id=topic['id']) }}">New thread</a>
{% endif %}
{% if active_user.is_mod() %}
<a class="linkbutton" href="{{url_for("topics.edit", slug=topic['slug'])}}">Edit topic</a>
<form class="modform" method="post" action="{{url_for("topics.edit", slug=topic['slug']) }}">
<input type="hidden" name="is_locked" value="{{ (not topic.is_locked) | int }}">
<input class="warn" type="submit" id="lock" value="{{"Unlock topic" if topic['is_locked'] else "Lock topic"}}">
</form>
<button type="button" class="critical" id="topic-delete-dialog-open">Delete</button>
{% endif %}
{% endif %}
</div>
</nav>
{% if topic['is_locked'] %}
{{ infobox("This topic is locked.;Only moderators can create new threads.", InfoboxKind.INFO) }}
{% endif %}
{%- with motds = get_motds() -%}
{%- if motds -%}
{%- for motd_obj in motds -%}
{{- motd(motd_obj) -}}
{%- endfor -%}
{% from 'common/macros.html' import timestamp, subheader, pager %}
{%- extends 'base.html' -%}
{%- block title -%}browsing topic {{topic.name}}{%- endblock -%}
{%- block content -%}
{%- set td -%}
<ul class="horizontal">
<li>{{topic.description}}</li>
{%- if topic.locked() -%}
<li class="visible">Locked</li>
{%- endif -%}
</ul>
{%- endset -%}
{%- call() subheader(('Threads in "%s"' % topic.name), td) -%}
<fieldset class="plank even no-shadow minimal thread-actions">
<legend>Actions</legend>
{%- if is_logged_in() and get_active_user().can_post_to_topic(topic) -%}
<a href="{{url_for('threads.new', topic_id=topic.id)}}" class="linkbutton">New thread</a>
{%- endif -%}
<a href="{{url_for('topics.feed', topic_id=topic.id)}}" class="linkbutton rss">Subscribe via RSS</a>
<form method="GET">
<select name="sort_by">
<option value="activity"{% if sort_by == 'activity' %}selected{% endif %}>Sorted by activity</option>
<option value="thread" {% if sort_by == 'thread' %}selected{% endif %}>Sorted by newest</option>
</select>
<input type="submit" value="Sort">
</form>
</fieldset>
{%- if is_mod() -%}
<fieldset class="plank even no-shadow minimal thread-actions">
<legend>Moderation actions</legend>
<a href="{{url_for('mod.edit_topic', topic_id=topic.id)}}" class="linkbutton">Edit</a>
<form action="{{url_for('mod.lock_topic', topic_id=topic.id)}}" method="POST">
<input type="hidden" value="{{(not topic.locked()) | int}}" name="lock">
<input type="submit" class="warn" value="{{'Unlock' if topic.locked() else 'Lock'}}">
</form>
</fieldset>
{%- endif -%}
{%- if threads | length > 0 -%}
<fieldset class="plank even no-shadow minimal thread-actions">
<legend>Page</legend>
{{- pager(page, page_count, args=request.args) -}}
</fieldset>
{%- endif -%}
{%- endcall -%}
{%- if threads | length == 0 -%}
<div class="plank"><p>There are no threads in this topic yet.{%- if is_logged_in() and get_active_user().can_post_to_topic(topic) %} Be the first to start a discussion!{%- endif -%}</p></div>
{%- endif -%}
{%- for thread in threads -%}
<div class="topic-info plank">
<div class="title-container">
<span class="info thread-title-counter"><a href="{{url_for('threads.thread_by_id', thread_id=thread.id)}}">{{thread.title}}</a></span>
<ul class="horizontal"></ul>
{%- if thread.posts_count / 10 > 1 -%}
{{pager(0, (((thread.posts_count / 10) | round(0, 'ceil') )| int), 'flex-last', url=url_for('threads.thread_by_id', thread_id=thread.id))}}
{%- endif -%}
{%- endwith -%}
{% if threads_list | length == 0 %}
<p>There are no threads in this topic.</p>
{% else %}
{% for thread in threads_list %}
<div class="thread">
<div class="thread-sticky-container contain-svg">
{% if thread['is_stickied'] %}
{{ icn_sticky(48) }}
<i>Stickied</i>
{% endif %}
</div>
<div class="thread-info-container">
<span class="thread-info-header">
<span>
<span class="thread-title"><a href="{{ url_for("threads.thread", slug=thread['slug']) }}">{{thread['title']}}</a>
{% if thread['id'] in subscriptions %}
({{ subscriptions[thread['id']] }} unread)
{% endif %}
</span>
&bullet;
<span>
Started by <a href="{{ url_for("users.page", username=thread['started_by']) }}">{{ thread['started_by_display_name'] or thread['started_by'] }}</a> on {{ timestamp(thread['created_at']) }}
</span>
</span>
</span>
<span>
Latest post by <a href="{{ url_for("users.page", username=thread['latest_post_username']) }}">{{ thread['latest_post_display_name'] or thread['latest_post_username'] }}</a>
on <a href="{{ url_for("threads.thread", slug=thread['slug'], after=thread['latest_post_id']) }}">on {{ timestamp(thread['latest_post_created_at']) }}</a>:
</span>
<span class="thread-info-post-preview">
{{ thread['latest_post_content'] | safe }}
</span>
</div>
<div class="thread-locked-container contain-svg">
{% if thread['is_locked'] %}
{{ icn_lock(48) }}
<i>Locked</i>
{% endif %}
</div>
</div>
{% endfor %}
{% endif %}
<nav id="bottomnav">
{{ pager(current_page = current_page, page_count = page_count) }}
</nav>
<dialog id="delete-dialog">
<div class="delete-dialog-inner">
Are you sure you want to delete this topic?
<span>
<button id=topic-delete-dialog-close>Cancel</button>
<button class="critical" form=topic-delete-form>Delete</button>
<form id="topic-delete-form" method="post" action="{{ url_for("topics.delete", slug = topic.slug) }}"></form>
</span>
</div>
</dialog>
<script src="{{ "/static/js/topic.js" | cachebust }}"></script>
{% endblock %}
<span>Started by <a href="{{url_for('users.user_page', username=thread.started_by)}}">{{thread.started_by_display_name if thread.started_by_display_name else thread.started_by}}</a> on {{timestamp(thread.created_at)}}</span>
<span>{{thread.posts_count}} {{'repl' | pluralize(thread.posts_count, 'y', 'ies')}}</span>
<span>Latest post by <a href="{{get_post_url(thread.latest_post_id, _anchor=true)}}">{{thread.latest_post_display_name if thread.latest_post_display_name else thread.latest_post_username}} on {{timestamp(thread.latest_post_created_at)}}</a>{{' (OP)' if thread.posts_count == 1 else ''}}</span>
</div>
{%- endfor -%}
{%- if threads | length > 0 -%}
<div class="plank secondary-bg">
<fieldset class="plank even no-shadow minimal thread-actions">
<legend>Page</legend>
{{- pager(page, page_count, args=request.args) -}}
</fieldset>
</div>
{%- endif -%}
{%- endblock -%}

79
app/templates/topics/topics.html
View File

@@ -1,51 +1,32 @@
{% from 'common/icons.html' import icn_lock %}
{% from 'common/macros.html' import timestamp, motd %}
{% extends "base.html" %}
{% block content %}
<nav class="darkbg">
<h1 class="thread-title">All topics</h1>
{% if active_user and active_user.is_mod() %}
<a class="linkbutton" href={{ url_for("topics.create") }}>Create new topic</a>
<a class="linkbutton" href={{ url_for("mod.sort_topics") }}>Sort topics</a>
{% endif %}
</nav>
{%- with motds = get_motds() -%}
{%- if motds -%}
{%- for motd_obj in motds -%}
{{- motd(motd_obj) -}}
{%- endfor -%}
{% from 'common/macros.html' import timestamp, subheader %}
{%- extends 'base.html' -%}
{%- block content -%}
{%- call() subheader('All topics') -%}
{%- if is_mod() -%}
<fieldset class="plank even no-shadow minimal thread-actions">
<legend>Moderation actions</legend>
<a href="{{url_for('mod.new_topic')}}" class="linkbutton">New topic</a>
<a href="{{url_for('mod.sort_topics')}}" class="linkbutton">Sort topics</a>
</fieldset>
{%- endif -%}
{%- endcall -%}
{%- for topic in topics -%}
<div class="topic-info plank">
<div class="title-container">
<a class="info" href="{{url_for('topics.topic_by_id', topic_id=topic.id)}}">{{topic.name}}</a>
</div>
<div>{{topic.description}}</div>
<ul class="horizontal">
<li>{{topic.threads_count}} {{"thread" | pluralize(topic.threads_count)}}</li>
<li>{{topic.posts_count}} {{"post" | pluralize(topic.posts_count)}}</li>
</ul>
<div>
{%- if topic.latest_post_timestamp -%}
Latest post at: {{timestamp(topic.latest_post_timestamp)}}
{%- else -%}
No posts yet
{%- endif -%}
{%- endwith -%}
{% if topic_list | length == 0 %}
<p>There are no topics.</p>
{% else %}
{% for topic in topic_list %}
<div class="topic">
<div class="topic-info-container">
<a class="thread-title" href="{{ url_for("topics.topic", slug=topic['slug']) }}">{{ topic['name'] }}</a>
{{ topic['description'] }}
{% if topic['latest_thread_username'] %}
<span>
Latest thread: <a href="{{ url_for("threads.thread", slug=topic['latest_thread_slug'])}}">{{topic['latest_thread_title']}}</a> by <a href="{{url_for("users.page", username=topic['latest_thread_username'])}}">{{topic['latest_thread_display_name'] or topic['latest_thread_username']}}</a> on {{ timestamp(topic['latest_thread_created_at']) }}
</span>
{% if topic['id'] in active_threads %}
{% with thread=active_threads[topic['id']] %}
<span>
Latest post in: <a href="{{ url_for("threads.thread", slug=thread['thread_slug'])}}">{{ thread['thread_title'] }}</a> by <a href="{{ url_for("users.page", username=thread['username'])}}">{{ thread['display_name'] or thread['username'] }}</a> at <a href="{{ get_post_url(thread.post_id, _anchor=true) }}">{{ timestamp(thread['post_created_at']) }}</a>
</span>
{% endwith %}
{% endif %}
{% else %}
<i>No threads yet.</i>
{% endif %}
</div>
<div class="topic-locked-container contain-svg">
{% if topic['is_locked'] %}
{{ icn_lock(48) }}
<i>Locked</i>
{% endif %}
</div>
</div>
{% endfor %}
{% endif %}
{% endblock %}
</div>
{%- endfor -%}
{%- endblock -%}

35
app/templates/users/bookmark_collections.html
View File

@@ -1,35 +0,0 @@
{% extends "base.html" %}
{% block title %}managing bookmark collections{% endblock %}
{% block content %}
<div class="darkbg settings-container">
<h1>Manage bookmark collections</h1>
<p>Drag collections to reoder them. You cannot move or remove the default collection, but you can rename it.</p>
<div>
<button type="button" id="add-collection-button">Add new collection</button>
<div id="collections-container">
{% for collection in collections | sort(attribute='sort_order') %}
<div class="draggable-collection {{ "default" if collection.is_default else ""}}"
{% if not collection.is_default %}
draggable="true"
ondragover="dragOver(event)"
ondragstart="dragStart(event)"
ondragend="dragEnd()"
{% else %}
id="default-collection"
{% endif %}
data-collection-id="{{ collection.id }}">
<input type="text" class="collection-name" value="{{ collection.name }}" placeholder="Collection name" required autocomplete="off" maxlength="60"><br>
<div>{{ collection.get_threads_count() }} {{ "thread" | pluralize(num=collection.get_threads_count()) }}, {{ collection.get_posts_count() }} {{ "post" | pluralize(num=collection.get_posts_count()) }}</div>
{% if collection.is_default %}
<i>Default collection</i>
{% else %}
<button type="button" class="delete-button critical">Delete</button>
{% endif %}
</div>
{% endfor %}
</div>
<button type="button" id="save-button" data-submit-href="{{ url_for('api.manage_bookmark_collections', user_id=active_user.id) }}">Save</button>
</div>
</div>
<script src="{{ "/static/js/manage-bookmark-collections.js" | cachebust }}"></script>
{% endblock %}

52
app/templates/users/bookmarks.html
View File

@@ -1,52 +0,0 @@
{% from "common/macros.html" import accordion, full_post, bookmark_button %}
{% from "common/icons.html" import icn_bookmark %}
{% extends "base.html" %}
{% block title %}bookmarks{% endblock %}
{% block content %}
<div class="darkbg inbox-container">
<a class="linkbutton" href="{{ url_for('users.bookmark_collections', username=get_active_user().username) }}">Manage collections</a>
{% for collection in collections | sort(attribute='sort_order') %}
{% call(section) accordion(disabled=collection.is_empty()) %}
{% if section == 'header' %}
<h1 class="thread-title">{{ collection.name }}</h1>{{" (no bookmarks)" if collection.is_empty() else ""}}
{% else %}
{% call(inner_section) accordion(disabled=not collection.has_threads()) %}
{% if inner_section == 'header' %}
Threads{{" (no bookmarks)" if not collection.has_threads() else ""}}
{% else %}
<table class="colorful-table">
<thead>
<th>Title</th>
<th>Memo</th>
<th class="small">Manage</th>
</thead>
{% for thread in collection.get_threads() %}
<tr>
<td>
<a href="{{ url_for('threads.thread', slug=thread.get_thread().slug) }}">{{ thread.get_thread().title }}</a>
</td>
<td>
<i>{{ thread.note }}</i>
</td>
<td>
{{ bookmark_button(type='thread', id=thread.thread_id, message='Manage&hellip;', require_reload=true) }}
</td>
</tr>
{% endfor %}
</table>
{% endif %}
{% endcall %}
{% call(inner_section) accordion(disabled=not collection.has_posts()) %}
{% if inner_section == 'header' %}
Posts{{" (no bookmarks)" if not collection.has_posts() else ""}}
{% else %}
{% for post in collection.get_posts() %}
{{ full_post(post.get_post().get_full_post_view(), no_reply=false, render_sig=false, show_thread_title=true, show_bookmark=true, memo=post.note, bookmark_message="Manage&hellip;", reload_after_bookmark=true) }}
{% endfor %}
{% endif %}
{% endcall %}
{% endif %}
{% endcall %}
{% endfor %}
</div>
{% endblock %}

15
app/templates/users/delete_page.html
View File

@@ -1,15 +0,0 @@
{% extends 'base.html' %}
{% block title %}delete confirmation{% endblock %}
{% block content %}
<div class="darkbg login-container">
<h1>Confirm account deletion</h1>
<p>Are you sure you want to delete your account on {{ config.SITE_NAME }}? <strong>This action is irreversible.</strong> Your posts and threads will remain accessible to preserve history but will be de-personalized, showing up as authored by a system user. Posts that @mention you will also mention the system user instead.</p>
<p>If you wish for any and all content relating to you to be removed, you will have to <a href="{{url_for("guides.contact")}}" target="_blank">contact {{ config.SITE_NAME }}'s administrators separately.</a></p>
<p>If you are sure, please confirm your current password below.</p>
<form method="post">
<label for="password">Confirm password</label>
<input type="password" id="password" name="password" required autocomplete="current-password">
<input class="critical" type="submit" value="Delete account">
</form>
</div>
{% endblock %}

65
app/templates/users/inbox.html
View File

@@ -1,65 +0,0 @@
{% from "common/macros.html" import timestamp, full_post, accordion %}
{% extends "base.html" %}
{% block title %}inbox{% endblock %}
{% block content %}
<div class="darkbg inbox-container">
{% set has_subscriptions = all_subscriptions is not none %}
{% call(section) accordion(disabled=not has_subscriptions) %}
{% if section == "header" %}
{% if not has_subscriptions %}
(You have no subscriptions)
{% else %}
Your subscriptions
{% endif %}
{% elif section == "content" and has_subscriptions %}
<table class="colorful-table">
<thead>
<th>Thread</th>
<th class="small">Unsubscribe</th>
</thead>
{% for sub in all_subscriptions %}
<tr>
<td>
<a href=" {{ url_for("threads.thread", slug=sub.thread_slug) }} ">{{ sub.thread_title }}</a>
</td>
<td>
<form class="modform" method="post" action="{{ url_for("threads.subscribe", slug = sub.thread_slug) }}">
<input type="hidden" name="subscribe" value="unsubscribe">
<input class="warn" type="submit" value="Unsubscribe">
</form>
</td>
</tr>
{% endfor %}
</table>
{% endif %}
{% endcall %}
{% if has_subscriptions %}
{% if not new_posts %}
You have no unread posts.
{% else %}
You have {{ total_unreads_count }} total unread {{("post" | pluralize(num=total_unreads_count))}}:
{% for thread in new_posts %}
{% call(section) accordion() %}
{% if section == "header" %}
{% set latest_post_id = thread.posts[-1].id %}
{% set unread_posts_text = " (" + (thread.unread_count | string) + (" unread post" | pluralize(num=thread.unread_count)) %}
<a class="accordion-title" href="{{ url_for("threads.thread", slug=thread.thread_slug, after=latest_post_id, _anchor="post-" + (latest_post_id | string)) }}" title="Jump to latest post">{{thread.thread_title + unread_posts_text}}, latest at {{ timestamp(thread.newest_post_time) }})</a>
<form class="modform" method="post" action="{{ url_for("threads.subscribe", slug = thread.thread_slug) }}">
<input type="hidden" name="subscribe" value="read">
<input type="submit" value="Mark thread as Read">
</form>
<form class="modform" method="post" action="{{ url_for("threads.subscribe", slug = thread.thread_slug) }}">
<input type="hidden" name="subscribe" value="unsubscribe">
<input class="warn" type="submit" value="Unsubscribe">
</form>
{% elif section == "content" %}
{% for post in thread.posts %}
{{ full_post(post, no_reply = true) }}
{% endfor %}
{% endif %}
{% endcall %}
{% endfor %}
{% endif %}
{% endif %}
</div>
{% endblock %}

36
app/templates/users/invite_links.html
View File

@@ -1,36 +0,0 @@
{% from 'common/macros.html' import accordion %}
{% extends 'base.html' %}
{% block title %}invites{% endblock %}
{% block content %}
<div class="darkbg inbox-container">
<p>To manage growth, {{ config.SITE_NAME }} disallows direct sign ups. Instead, users already with an account may invite people they know. You can create invite links here. Once an invite link is used to sign up, it can no longer be used.</p>
{% call(section) accordion(disabled=invites | length == 0) %}
{% if section == 'header' %}
Your invites
{% else %}
{% if invites %}
<table class="colorful-table">
<thead>
<th class='small'>Link</th>
<th class='small'>Revoke</th>
</thead>
{% for invite in invites %}
<tr>
<td><a href="{{url_for('users.sign_up', key=invite.key)}}">Link</a></td>
<td>
<form method="post" action="{{ url_for('users.revoke_invite_link', username=active_user.username) }}">
<input type=hidden value="{{ invite.key }}" name="key">
<input type=submit class=warn value="Revoke">
</form>
</td>
</tr>
{% endfor %}
</table>
{% endif %}
{% endif %}
{% endcall %}
<form method="post" action="{{ url_for('users.create_invite_link', username=active_user.username) }}">
<input type=submit value="Create new invite">
</form>
</div>
{% endblock %}

34
app/templates/users/log_in.html
View File

@@ -1,14 +1,22 @@
{% extends 'base.html' %}
{% block title %}Log in{% endblock %}
{% block content %}
<div class="darkbg login-container">
<h1>Log in</h1>
<form method="post">
<label for="username">Username</label><br>
<input type="text" id="username" name="username" required autocomplete="username"><br>
<label for="password">Password</label><br>
<input type="password" id="password" name="password" required autocomplete="current-password"><br>
<input type="submit" value="Log in">
</form>
{% from 'common/macros.html' import subheader %}
{%- extends 'base.html' -%}
{%- block title -%}log in{%- endblock -%}
{%- block content -%}
{%- set welcome -%}
Welcome back! No account yet? <a href="{{url_for('users.sign_up')}}">Sign up</a>
{%- endset -%}
{{ subheader('Log in', welcome)}}
{%- if request.args.get('error') -%}
<div class="infobox plank critical">
{{request.args.get('error')}}
</div>
{% endblock %}
{%- endif -%}
<form class="plank primary-bg full-width" method="POST">
<label for="username">Username</label>
<input type="text" id="username" name="username" autocomplete="username" required>
<label for="password">Password</label>
<input type="password" id="password" name="password" autocomplete="current-password" required>
<span><input type="checkbox" name="remember" id="remember"> <label for="remember">Remember me</label></span>
<input type="submit" value="Log in">
</form>
{%- endblock -%}

15
app/templates/users/reset_link_login.html
View File

@@ -1,15 +0,0 @@
{% extends 'base.html' %}
{% block title %}Reset password{% endblock %}
{% block content %}
<div class="darkbg login-container">
<h1>Reset password for {{username}}</h1>
<p>Send this link to {{username}} to allow them to reset their password.</p>
<form method="post">
<label for="password">New password</label><br>
<input type="password" id="password" name="password" autocomplete="new-password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required><br>
<label for="password2">Confirm password</label><br>
<input type="password" id="password2" name="password2" autocomplete="new-password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required><br>
<input type="submit" value="Reset password">
</form>
</div>
{% endblock %}

61
app/templates/users/settings.html
View File

@@ -1,61 +0,0 @@
{% from 'common/macros.html' import babycode_editor_component %}
{% extends 'base.html' %}
{% block title %}settings{% endblock %}
{% block content %}
{% set disable_avatar = not is_logged_in() %}
<div class='darkbg settings-container'>
<h1>User settings</h1>
<div class="settings-grid">
<fieldset class="hfc">
<legend>Set avatar</legend>
<form class='avatar-form' method='post' action='{{ url_for('users.set_avatar', username=active_user.username) }}' enctype='multipart/form-data'>
<img src='{{ active_user.get_avatar_url() }}'>
<input id='file' type='file' name='avatar' accept='image/*' required>
<div>
<input type='submit' value='Save avatar' {{ 'disabled' if disable_avatar else '' }}>
<input type='submit' value='Clear avatar' formaction='{{ url_for('users.clear_avatar', username=active_user.username) }}' formnovalidate {{ 'disabled' if active_user.is_default_avatar() else '' }}>
</div>
<span>1MB maximum size. Avatar will be scaled down to fit a square.</span>
</form>
</fieldset>
<fieldset class="hfc">
<legend>Personalization</legend>
<form method='post'>
<label for='theme'>Theme (beta)</label>
<select autocomplete='off' id='theme' name='theme'>
{% for theme in config.allowed_themes %}
<option value="{{ theme }}" {{ 'selected' if get_prefers_theme() == theme }}>{{ theme | theme_name }}</option>
{% endfor %}
</select>
<label for='topic_sort_by'>Sort threads by:</label>
<select id='topic_sort_by' name='topic_sort_by'>
<option value='activity' {{ 'selected' if session['sort_by'] == 'activity' else '' }}>Latest activity</option>
<option value='thread' {{ 'selected' if session['sort_by'] == 'thread' else '' }}>Thread creation date</option>
</select>
<label for='display_name'>Display name</label>
<input type='text' id='display_name' name='display_name' value='{{ active_user.display_name }}' pattern="(?:[\w!#$%^*\(\)\-_=+\[\]\{\}\|;:,.?\s]{3,50})?" title='3-50 characters, no @, no <>, no &' placeholder='Optional. Will be shown in place of username.' autocomplete='off'></input>
<label for='status'>Status</label>
<input type='text' id='status' name='status' value='{{ active_user.status }}' maxlength=100 placeholder='Will be shown under your name. Max 100 characters.'>
<input autocomplete='off' type='checkbox' id='subscribe_by_default' name='subscribe_by_default' {{ 'checked' if session.get('subscribe_by_default', default=true) else '' }}>
<label for='subscribe_by_default'>Subscribe to thread by default when responding</label><br>
<label for='babycode-content'>Signature</label>
{{ babycode_editor_component(ta_name='signature', prefill=active_user.signature_original_markup, ta_placeholder='Will be shown under each of your posts', optional=true, banned_tags=SIG_BANNED_TAGS) }}
<input type='submit' value='Save settings'>
</form>
</fieldset>
<fieldset class="hfc">
<legend>Change password</legend>
<form method='post' action='{{ url_for('users.change_password', username=active_user.username) }}'>
<label for="new_password">New password</label><br>
<input type="password" id="new_password" name="new_password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<label for="new_password2">Confirm new password</label><br>
<input type="password" id="new_password2" name="new_password2" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<input class="warn" type="submit" value="Change password">
</form>
</fieldset>
</div>
<div>
<a class="linkbutton critical" href="{{ url_for('users.delete_page', username=active_user.username) }}">Delete account</a>
</div>
</div>
{% endblock %}

47
app/templates/users/sign_up.html
View File

@@ -1,25 +1,24 @@
{% extends 'base.html' %}
{% block title %}Sign up{% endblock %}
{% block content %}
<div class="darkbg login-container">
<h1>Sign up</h1>
{% if inviter %}
<p>You have been invited by <a href="{{ url_for('users.page', username=inviter.username) }}">{{ inviter.get_readable_name() }}</a> to join {{ config.SITE_NAME }}. Create an identity below.</p>
{% endif %}
<form method="post">
{% if key %}
<input type="hidden" value={{key}} name="key">
{% endif %}
<label for="username">Username</label><br>
<input type="text" id="username" name="username" pattern="[a-zA-Z0-9_-]{3,20}" title="3-20 characters. Only upper and lowercase letters, digits, hyphens, and underscores" required autocomplete="username"><br>
<label for="password">Password</label>
<input type="password" id="password" name="password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,255}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<label for="password-confirm">Confirm Password</label>
<input type="password" id="password-confirm" name="password-confirm" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,255}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" required autocomplete="new-password"><br>
<input type="submit" value="Sign up">
</form>
{% if not inviter %}
<span>After you sign up, a moderator will need to confirm your account before you will be allowed to post.</span>
{% endif %}
{% from 'common/macros.html' import subheader %}
{%- extends 'base.html' -%}
{%- block title -%}sign up{%- endblock -%}
{%- block content -%}
{%- set welcome -%}
Please read the rules etc. stub
{%- endset -%}
{{ subheader('Sign up', welcome)}}
{%- if request.args.get('error') -%}
<div class="infobox plank critical">
{{request.args.get('error')}}
</div>
{% endblock %}
{%- endif -%}
<form class="plank primary-bg full-width" method="POST">
<label for="username">Username</label>
<input type="text" id="username" name="username" pattern="[a-zA-Z0-9_\-]{3,24}" title="3-24 characters. Only upper and lowercase letters, digits, hyphens, and underscores" autocomplete="username" required>
<label for="password">Create password</label>
<input type="password" id="password" name="password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,255}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" autocomplete="new-password" required>
<label for="password2">Confirm password</label>
<input type="password" id="password2" name="password" pattern="(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[\W_])(?!.*\s).{10,255}" title="10+ chars with: 1 uppercase, 1 lowercase, 1 number, 1 special char, and no spaces" autocomplete="new-password" required>
<span><input type="checkbox" name="remember" id="remember"> <label for="remember">Remember me</label></span>
<input type="submit" value="Sign up">
</form>
{%- endblock -%}

96
app/templates/users/user.html
View File

@@ -1,96 +0,0 @@
{% from 'common/macros.html' import timestamp %}
{% extends 'base.html' %}
{% block title %}{{ target_user.get_readable_name() }}'s profile{% endblock %}
{% block content %}
<div class="darkbg">
<h1 class="thread-title"><i>{{ target_user.get_readable_name() }}</i>'s profile</h1>
{% if active_user.id == target_user.id %}
<div class="user-actions">
<a class="linkbutton" href="{{ url_for("users.settings", username = active_user.username) }}">Settings</a>
<form method="post" action="{{ url_for("users.log_out") }}">
<input class="warn" type="submit" value="Log out">
</form>
</div>
{% if active_user.is_guest() %}
<h2>You are a guest. A Moderator needs to approve your account before you will be able to post.</h2>
{% endif %}
{% endif %}
{% if active_user and active_user.is_mod() and not target_user.is_system() %}
<h1 class="thread-title">Moderation controls</h1>
{% if target_user.is_guest() %}
<p>This user is a guest. They signed up on {{ timestamp(target_user['created_at']) }}</p>
<form class="modform" method="post" action="{{ url_for("users.confirm_user", user_id=target_user.id) }}">
<input type="submit" value="Confirm user">
</form>
{% else %}
<p>This user signed up on {{ timestamp(target_user['created_at']) }} and was confirmed on {{ timestamp(target_user['confirmed_on']) }}</p>
{% if (target_user.permission | int) < (active_user.permission | int) %}
<form class="modform" method="post" action="{{ url_for("users.guest_user", user_id=target_user.id) }}">
<input class="warn" type="submit" value="Demote user to guest (soft ban)">
</form>
{% endif %}
{% if active_user.is_admin() and not target_user.is_mod() %}
<form class="modform" method="post" action="{{ url_for("users.mod_user", user_id=target_user.id) }}">
<input class="warn" type="submit" value="Promote user to moderator">
</form>
{% elif target_user.is_mod() and (target_user.permission | int) < (active_user.permission | int) %}
<form class="modform" method="post" action="{{ url_for("users.demod_user", user_id=target_user.id) }}">
<input class="critical" type="submit" value="Demote user to regular user">
</form>
{% endif %}
{% endif %}
{% endif %}
</div>
<div class="user-info">
<div class="user-page-usercard">
<div class="usercard-inner">
<img class="avatar" src="{{ target_user.get_avatar_url() }}">
<strong class="big">{{ target_user.get_readable_name() }}</strong>
<em><abbr title="Mention">@{{ target_user.username }}</abbr></em>
{% if target_user.status %}
<em class="user-status">{{ target_user.status }}</em>
{% endif %}
{% if target_user.signature_rendered %}
Signature:
<div>{{ target_user.signature_rendered | safe }}</div>
{% endif %}
</div>
</div>
<div class="user-page-stats">
{% with stats = target_user.get_post_stats() %}
<ul class="user-stats-list">
<li>Permission: {{ target_user.permission | permission_string }}</li>
<li>Posts created: {{ stats.post_count }}</li>
<li>Threads started: {{ stats.thread_count }}</li>
{% if stats.latest_thread_title %}
<li>Latest started thread: <a href="{{ url_for("threads.thread", slug = stats.latest_thread_slug) }}">{{ stats.latest_thread_title }}</a>
{% endif %}
{% if stats.inviter_username %}
<li>Invited by <a href="{{ url_for('users.page', username=stats.inviter_username) }}">{{ stats.inviter_display_name or stats.inviter_username }}</a></li>
{% endif %}
</ul>
{% endwith %}
Latest posts:
{% with posts = target_user.get_latest_posts() %}
<div class="user-page-posts">
{% for post in posts %}
<div class="post-content-container">
<div class="post-info">
<a href="{{ url_for("threads.thread", slug=post.thread_slug, after=post.id) }}" title="permalink"><i>
{% if (post.edited_at | int) > (post.created_at | int) %}
Edited on {{ timestamp(post.edited_at) }}
{% else %}
Posted on {{ timestamp(post.edited_at) }}
{% endif %}
</i></a>
</div>
<div class="post-content user-page-post-preview">
<div class="post-inner wider">{{ post.content | safe }}</div>
</div>
</div>
{% endfor %}
</div>
{% endwith %}
</div>
</div>
{% endblock %}

98
app/templates/users/user_page.html Normal file
View File

@@ -0,0 +1,98 @@
{%- from 'common/macros.html' import subheader, timestamp, pager -%}
{%- extends 'base.html' -%}
{%- block title -%}{{ target_user.get_readable_name() }}'s profile{%- endblock -%}
{%- set stats = target_user.get_post_stats() -%}
{%- block content -%}
{%- call() subheader("%s's profile" % target_user.get_readable_name()) -%}
{%- if is_logged_in() -%}
{%- if target_user.id == get_active_user().id -%}
<fieldset class="plank even no-shadow minimal thread-actions">
<legend>Actions</legend>
<form action="{{url_for('users.log_out')}}" method="POST">
<input type="submit" class="warn" value="Log out">
</form>
</fieldset>
{%- endif -%}
{%- if get_active_user().is_mod() and target_user.id != get_active_user().id -%}
<fieldset class="plank even no-shadow minimal thread-actions">
<legend>Moderation actions</legend>
<form method="POST">
{{csrf_input() | safe}}
{%- if target_user.is_guest() -%}
<input class="warn" type="submit" value="Approve user" formaction="{{url_for('mod.make_user_regular', user_id=target_user.id)}}">
{%- else -%}
<input class="warn" type="submit" value="Demote to guest (soft ban)" formaction="{{url_for('mod.make_user_guest', user_id=target_user.id)}}">
{%- if get_active_user().is_admin() -%}
{%- if not target_user.is_mod_only() -%}
<input class="warn" type="submit" value="Promote to moderator" formaction="{{url_for('mod.make_user_mod', user_id=target_user.id)}}">
{%- else -%}
<input class="warn" type="submit" value="Demote from moderator" formaction="{{url_for('mod.make_user_regular', user_id=target_user.id)}}">
{%- endif -%}
{%- endif -%}
{%- endif -%}
</form>
</fieldset>
{%- endif -%}
{%- endif -%}
{%- endcall -%}
<div class="userpage-usercard">
<div class="usercard plank even contrast-bg minimal no-shadow">
<div class="usercard-inner">
<img src="{{target_user.get_avatar_url()}}" class="avatar">
</div>
</div>
<div class="plank even minimal no-shadow user-stats">
<h3 class="info">{{target_user.get_readable_name()}}</h3>
<span>Display name: {{target_user.get_readable_name()}}</span>
<span>Mention: @{{target_user.username}}</span>
<span>Status: <em>{{target_user.status}}</em></span>
<span>Rank: {{target_user.permission | permission_string}}</span>
{%- set time = target_user.created_at -%}
{%- if target_user.approved_at -%}
{%- set time = target_user.approved_at -%}
{%- endif -%}
<span>Joined: {{timestamp(target_user.created_at)}}</span>
{%- if not target_user.is_guest() -%}
<span>Posts: <a href="{{url_for('users.posts', username=target_user.username)}}">{{stats.post_count}}</a></span>
<span>Threads started: <a href="{{url_for('users.threads', username=target_user.username)}}">{{stats.thread_count}}</a></span>
{%- set badges = target_user.get_badges() -%}
{%- if badges -%}
<div class="badges-container nocenter">
Badges:
{%- for badge in badges -%}
{%- if badge.link -%}<a href="{{badge.link}}">{%- endif -%}
<img src="{{badge.get_image_url()}}" alt="{{badge.label}}" title="{{badge.label}}" class="badge-button">
{%- if badge.link -%}</a>{%- endif -%}
{%- endfor -%}
</div>
{%- endif -%}
<fieldset class="plank secondary-bg minimal even no-shadow">
<legend>About me</legend>
<p>stub</p>
</fieldset>
{%- if target_user.signature_rendered -%}
<fieldset class="plank secondary-bg minimal even no-shadow">
<legend>Signature</legend>
{{target_user.signature_rendered | safe}}
</fieldset>
{%- endif -%}
{#
<fieldset class="plank secondary-bg minimal even no-shadow">
<legend>Profile comments</legend>
<fieldset class="plank minimal even no-shadow">
<legend>Page</legend>
{{pager(0, 3, url=url_for('users.log_in'))}}
</fieldset>
<div class="post plank">
<p>stub</p>
</div>
</fieldset>
#}
{%- endif -%}
</div>
</div>
{%- endblock -%}

26
app/util.py Normal file
View File

@@ -0,0 +1,26 @@
from flask import url_for, session
from .models import Posts, Threads
from .auth import is_logged_in
def get_post_url(post_id, _anchor=False, external=False):
post = Posts.find({'id': post_id})
if not post:
return ''
thread = Threads.find({'id': post.thread_id})
anchor = None if not _anchor else f'post-{post_id}'
return url_for('threads.thread_by_id', thread_id=thread.id, after=post_id, _external=external, _anchor=anchor)
def dict_to_query_string(d) -> str:
return '?' + '&'.join([f'{key}={str(value)}' for key, value in d.items()])
def get_csrf_token():
if not is_logged_in():
return ''
return session.get('csrf', '')
def csrf_input():
return f'<input type="hidden" name="csrf" value="{get_csrf_token()}">'

20
build-themes.sh
View File

@@ -1,20 +0,0 @@
#!/bin/bash
set -e
sass_dir="sass"
css_dir="data/static/css"
if [[ "$1" == "--watch" && -n "$2" ]]; then
file="$2"
[[ $(basename "$file") = _* ]] && exit 1
sass --no-source-map --watch "$file" "$css_dir/theme-$(basename "$file" .scss).css"
else
set -u
rm -r "$css_dir/"
#build default first
sass --no-source-map "$sass_dir/_default.scss" "$css_dir/style.css"
for file in "$sass_dir"/*.scss; do
[[ $(basename "$file") = _* ]] && continue
sass --no-source-map "$file" "$css_dir/theme-$(basename "$file" .scss).css"
done
fi

13
config/pyrom_config.toml
View File

@@ -1,13 +0,0 @@
SITE_NAME = "Porom"
DISABLE_SIGNUP = false # if true, no one can sign up.
# if neither of the following two options is true,
# no one can sign up. this may be useful later when/if LDAP is implemented.
MODS_CAN_INVITE = true # if true, allows moderators to create invite links. useless unless DISABLE_SIGNUP to be true.
USERS_CAN_INVITE = false # if true, allows users to create invite links. useless unless DISABLE_SIGNUP to be true.
# contact information, will be shown in /guides/contact
# some babycodes allowed
# forbidden tags: [spoiler], [img], @mention, [big], [small], [center], [right], [color]
ADMIN_CONTACT_INFO = ""

38
config/pyrom_config.toml.example Normal file
View File

@@ -0,0 +1,38 @@
### REQUIRED CONFIGURATION
## the following settings are required.
## the app will not work if they are missing.
# the domain name you will be serving Pyrom from, without the scheme, including the subdomain(s).
# this is overridden by the app in development.
# used for generating URLs.
# the app will not start if this field is missing.
SERVER_NAME = "forum.your.domain"
### OPTIONAL CONFIGURATION
## the following settings are set to their default values.
## you can override any of them.
# your forum's name, shown on the header.
SITE_NAME = "Pyrom"
# if true, users can not sign up manually. see the following two settings.
DISABLE_SIGNUP = false
# if neither of the following two options is true,
# no one can sign up. this may be useful later when/if LDAP is implemented.
# if true, allows moderators to create invite links. useless unless DISABLE_SIGNUP is true.
MODS_CAN_INVITE = true
# if true, allows users to create invite links. useless unless DISABLE_SIGNUP is true.
USERS_CAN_INVITE = false
# contact information, will be shown in /guides/contact
# some babycodes allowed
# forbidden tags: [spoiler], [img], @mention, [big], [small], [center], [right], [color]
ADMIN_CONTACT_INFO = ""
# forum information. shown in the introduction guide at /guides/user/introduction
# some babycodes allowed
# forbidden tags: [spoiler], [img], @mention, [big], [small], [center], [right], [color]
GUIDE_DESCRIPTION = ""

BIN
data/static/badges/link-bsky.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.3 KiB

BIN
data/static/badges/link-itch-io.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.3 KiB

BIN
data/static/badges/link-mastodon.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.2 KiB

BIN
data/static/badges/link-www.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1000 B

BIN
data/static/badges/pride-asexual.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 256 B

BIN
data/static/badges/pride-bisexual.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 366 B

BIN
data/static/badges/pride-intersex.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 682 B

BIN
data/static/badges/pride-lesbian.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 394 B

BIN
data/static/badges/pride-nonbinary.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 274 B

BIN
data/static/badges/pride-progress.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 756 B

BIN
data/static/badges/pride-six.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 478 B

BIN
data/static/badges/pride-trans.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 402 B

BIN
data/static/badges/pronoun-any-all.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 676 B

BIN
data/static/badges/pronoun-fae-faer.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 772 B

BIN
data/static/badges/pronoun-he-him.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 616 B

BIN
data/static/badges/pronoun-it-its.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 582 B

BIN
data/static/badges/pronoun-no-pronouns.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 850 B

BIN
data/static/badges/pronoun-she-her.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 690 B

BIN
data/static/badges/pronoun-they-them.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 842 B

BIN
data/static/badges/pronoun-xe-xem.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 658 B

BIN
data/static/badges/pronoun-xe-xir.webp Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 620 B

223
data/static/css/normalize.css vendored Normal file
View File

@@ -0,0 +1,223 @@
/*! modern-normalize v3.0.1 | MIT License | https://github.com/sindresorhus/modern-normalize */
/*
* Document
* ========
*/
/**
* Use a better box model (opinionated).
*/
*,
::before,
::after {
box-sizing: border-box;
}
/**
* 1. Improve consistency of default fonts in all browsers. (https://github.com/sindresorhus/modern-normalize/issues/3)
* 2. Correct the line height in all browsers.
* 3. Prevent adjustments of font size after orientation changes in iOS.
* 4. Use a more readable tab size (opinionated).
*/
html {
font-family:
system-ui,
'Segoe UI',
Roboto,
Helvetica,
Arial,
sans-serif,
'Apple Color Emoji',
'Segoe UI Emoji'; /* 1 */
line-height: 1.15; /* 2 */
-webkit-text-size-adjust: 100%; /* 3 */
tab-size: 4; /* 4 */
}
/*
* Sections
* ========
*/
/**
* Remove the margin in all browsers.
*/
body {
margin: 0;
}
/*
* Text-level semantics
* ====================
*/
/**
* Add the correct font weight in Chrome and Safari.
*/
b,
strong {
font-weight: bolder;
}
/**
* 1. Improve consistency of default fonts in all browsers. (https://github.com/sindresorhus/modern-normalize/issues/3)
* 2. Correct the odd 'em' font sizing in all browsers.
*/
code,
kbd,
samp,
pre {
font-family:
ui-monospace,
SFMono-Regular,
Consolas,
'Liberation Mono',
Menlo,
monospace; /* 1 */
font-size: 1em; /* 2 */
}
/**
* Add the correct font size in all browsers.
*/
small {
font-size: 80%;
}
/**
* Prevent 'sub' and 'sup' elements from affecting the line height in all browsers.
*/
sub,
sup {
font-size: 75%;
line-height: 0;
position: relative;
vertical-align: baseline;
}
sub {
bottom: -0.25em;
}
sup {
top: -0.5em;
}
/*
* Tabular data
* ============
*/
/**
* Correct table border color inheritance in Chrome and Safari. (https://issues.chromium.org/issues/40615503, https://bugs.webkit.org/show_bug.cgi?id=195016)
*/
table {
border-color: currentcolor;
}
/*
* Forms
* =====
*/
/**
* 1. Change the font styles in all browsers.
* 2. Remove the margin in Firefox and Safari.
*/
button,
input,
optgroup,
select,
textarea {
font-family: inherit; /* 1 */
font-size: 100%; /* 1 */
line-height: normal; /* 1 */
margin: 0; /* 2 */
}
/**
* Correct the inability to style clickable types in iOS and Safari.
*/
button,
[type='button'],
[type='reset'],
[type='submit'] {
-webkit-appearance: button;
}
/**
* Remove the padding so developers are not caught out when they zero out 'fieldset' elements in all browsers.
*/
legend {
padding: 0;
}
/**
* Add the correct vertical alignment in Chrome and Firefox.
*/
progress {
vertical-align: baseline;
}
/**
* Correct the cursor style of increment and decrement buttons in Safari.
*/
::-webkit-inner-spin-button,
::-webkit-outer-spin-button {
height: auto;
}
/**
* 1. Correct the odd appearance in Chrome and Safari.
* 2. Correct the outline style in Safari.
*/
[type='search'] {
-webkit-appearance: textfield; /* 1 */
outline-offset: -2px; /* 2 */
}
/**
* Remove the inner padding in Chrome and Safari on macOS.
*/
::-webkit-search-decoration {
-webkit-appearance: none;
}
/**
* 1. Correct the inability to style clickable types in iOS and Safari.
* 2. Change font properties to 'inherit' in Safari.
*/
::-webkit-file-upload-button {
-webkit-appearance: button; /* 1 */
font: inherit; /* 2 */
}
/*
* Interactive
* ===========
*/
/*
* Add the correct display in Chrome and Safari.
*/
summary {
display: list-item;
}

1998
data/static/css/style.css
View File

File diff suppressed because it is too large Load Diff

1508
data/static/css/theme-otomotone.css
View File

File diff suppressed because it is too large Load Diff

1502
data/static/css/theme-peachy.css
View File

File diff suppressed because it is too large Load Diff

40
data/static/js/babycode-editor.js
View File

@@ -1,40 +0,0 @@
{
let ta = document.getElementById("babycode-content");
ta.addEventListener("keydown", (e) => {
if(e.key === "Enter" && e.ctrlKey) {
if (inThread()) {
localStorage.removeItem(window.location.pathname);
}
e.target.form?.submit();
}
})
const inThread = () => {
const scheme = window.location.pathname.split("/");
return scheme[1] === "threads" && scheme[2] !== "create";
}
ta.addEventListener("input", () => {
if (!inThread()) return;
localStorage.setItem(window.location.pathname, ta.value);
})
if (inThread()) {
const form = ta.closest('.post-edit-form');
console.log(ta.closest('.post-edit-form'));
if (form){
form.addEventListener("submit", () => {
localStorage.removeItem(window.location.pathname);
})
}
}
document.addEventListener("DOMContentLoaded", () => {
if (!inThread()) return;
const prevContent = localStorage.getItem(window.location.pathname);
if (!prevContent) return;
ta.value = prevContent;
})
}

279
data/static/js/bitties/pyrom-bitty.js
View File

@@ -1,279 +0,0 @@
const bookmarkMenuHrefTemplate = '/hyperapi/bookmarks-dropdown';
const previewEndpoint = '/api/babycode-preview';
const userEndpoint = '/api/current-user';
const delay = ms => {return new Promise(resolve => setTimeout(resolve, ms))}
export default class {
async showBookmarkMenu(ev, el) {
if ((ev.sender.dataset.bookmarkId === el.getString('bookmarkId')) && el.childElementCount === 0) {
const searchParams = new URLSearchParams({
'id': ev.sender.dataset.conceptId,
'require_reload': el.dataset.requireReload,
});
const bookmarkMenuHref = `${bookmarkMenuHrefTemplate}/${ev.sender.dataset.bookmarkType}?${searchParams}`;
const res = await this.api.getHTML(bookmarkMenuHref);
if (res.error) {
return;
}
const frag = res.value;
el.appendChild(frag);
const menu = el.childNodes[0];
menu.showPopover();
const bRect = el.getBoundingClientRect();
const menuRect = menu.getBoundingClientRect();
const preferredLeft = bRect.right - menuRect.width;
const preferredRight = bRect.right;
const enoughSpace = preferredLeft >= 0;
const scrollY = window.scrollY || window.pageYOffset;
if (enoughSpace) {
menu.style.left = `${preferredLeft}px`;
} else {
menu.style.left = `${bRect.left}px`;
}
menu.style.top = `${bRect.bottom + scrollY}px`;
menu.addEventListener('beforetoggle', (e) => {
if (e.newState === 'closed') {
// if it's still in the tree, remove it
// the delay is required to make sure its removed instantly when
// clicking the button when the menu is open
setTimeout(() => {menu.remove()}, 100);
};
}, { once: true });
} else if (el.childElementCount > 0) {
el.removeChild(el.childNodes[0]);
}
}
selectBookmarkCollection(ev, el) {
const clicked = ev.sender;
if (ev.sender === el) {
if (clicked.classList.contains('selected')) {
clicked.classList.remove('selected');
} else {
clicked.classList.add('selected');
}
} else {
el.classList.remove('selected');
}
}
async saveBookmarks(ev, el) {
const bookmarkHref = el.getString('bookmarkEndpoint');
const collection = el.querySelector('.bookmark-dropdown-item.selected');
let data = {};
if (collection) {
data['operation'] = 'move';
data['collection_id'] = collection.dataset.collectionId;
data['memo'] = el.querySelector('.bookmark-memo-input').value;
} else {
data['operation'] = 'remove';
data['collection_id'] = el.getString('originallyContainedIn');
}
const options = {
method: 'POST',
body: JSON.stringify(data),
headers: {
'Content-Type': 'application/json',
},
}
const requireReload = el.getInt('requireReload') !== 0;
el.remove();
await fetch(bookmarkHref, options);
if (requireReload) {
window.location.reload();
}
}
async copyCode(ev, el) {
if (!el.isSender) {
return;
}
await navigator.clipboard.writeText(el.value);
el.textContent = 'Copied!'
await delay(1000);
el.textContent = 'Copy';
}
toggleAccordion(ev, el) {
const accordion = el;
const header = accordion.querySelector('.accordion-header');
if (!header.contains(ev.sender)){
return;
}
const btn = ev.sender;
const content = el.querySelector('.accordion-content');
// these are all meant to be in sync
accordion.classList.toggle('hidden');
content.classList.toggle('hidden');
btn.textContent = accordion.classList.contains('hidden') ? '+' : '-';
}
toggleTab(ev, el) {
const tabButtonsContainer = el.querySelector('.tab-buttons');
if (!el.contains(ev.sender)) {
return;
}
if (ev.sender.classList.contains('active')) {
return;
}
const targetId = ev.sender.getString('targetId');
const contents = el.querySelectorAll('.tab-content');
for (let content of contents) {
if (content.id === targetId) {
content.classList.add('active');
} else {
content.classList.remove('active');
}
}
for (let button of tabButtonsContainer.children) {
if (button.dataset.targetId === targetId) {
button.classList.add('active');
} else {
button.classList.remove('active');
}
}
}
#previousMarkup = null;
async babycodePreview(ev, el) {
if (ev.sender.classList.contains('active')) {
return;
}
const previewErrorsContainer = el.querySelector('#babycode-preview-errors-container');
const previewContainer = el.querySelector('#babycode-preview-container');
const ta = document.getElementById('babycode-content');
const markup = ta.value.trim();
if (markup === '') {
previewErrorsContainer.textContent = 'Type something!';
previewContainer.textContent = '';
this.#previousMarkup = '';
return;
}
if (markup === this.#previousMarkup) {
return;
}
const bannedTags = JSON.parse(document.getElementById('babycode-banned-tags').value);
this.#previousMarkup = markup;
const res = await this.api.getJSON(previewEndpoint, [], {
method: 'POST',
headers: {
'Content-Type': 'application/json',
},
body: JSON.stringify({
markup: markup,
banned_tags: bannedTags,
}),
});
if (res.error) {
switch (res.error.status) {
case 429:
previewErrorsContainer.textContent = '(Old preview, try again in a few seconds.)'
this.#previousMarkup = '';
break;
case 400:
previewErrorsContainer.textContent = '(Request got malformed.)'
break;
case 401:
previewErrorsContainer.textContent = '(You are not logged in.)'
break;
default:
previewErrorsContainer.textContent = '(Error. Check console.)'
break;
}
} else {
previewErrorsContainer.textContent = '';
previewContainer.innerHTML = res.value.html;
}
}
insertBabycodeTag(ev, el) {
const tagStart = ev.sender.getString('tag');
const breakLine = 'breakLine' in ev.sender.dataset;
const prefill = 'prefill' in ev.sender.dataset ? ev.sender.dataset.prefill : '';
const hasAttr = tagStart[tagStart.length - 1] === '=';
let tagEnd = tagStart;
let tagInsertStart = `[${tagStart}]${breakLine ? '\n' : ''}`;
if (hasAttr) {
tagEnd = tagEnd.slice(0, -1);
}
const tagInsertEnd = `${breakLine ? '\n' : ''}[/${tagEnd}]`;
const hasSelection = el.selectionStart !== el.selectionEnd;
const text = el.value;
if (hasSelection) {
const realStart = Math.min(el.selectionStart, el.selectionEnd);
const realEnd = Math.max(el.selectionStart, el.selectionEnd);
const selectionLength = realEnd - realStart;
const strStart = text.slice(0, realStart);
const strEnd = text.substring(realEnd);
const frag = `${tagInsertStart}${text.slice(realStart, realEnd)}${tagInsertEnd}`;
const reconst = `${strStart}${frag}${strEnd}`;
el.value = reconst;
if (!hasAttr) {
el.setSelectionRange(realStart + tagInsertStart.length, realStart + tagInsertEnd.length + selectionLength - 1);
} else {
const attrCursor = realStart + tagInsertEnd.length - (1 + (breakLine ? 1 : 0))
el.setSelectionRange(attrCursor, attrCursor); // cursor on attr
}
} else {
if (hasAttr) {
tagInsertStart += prefill;
}
const cursor = el.selectionStart;
const strStart = text.slice(0, cursor);
const strEnd = text.substr(cursor);
let newCursor = strStart.length + tagInsertStart.length;
if (hasAttr) {
newCursor = cursor + tagInsertStart.length - prefill.length - (1 + (breakLine ? 1 : 0)) //cursor on attr
}
const reconst = `${strStart}${tagInsertStart}${tagInsertEnd}${strEnd}`;
el.value = reconst;
el.setSelectionRange(newCursor, newCursor);
}
el.focus();
}
addQuote(ev, el) {
el.value += ev.sender.value;
el.scrollIntoView();
el.focus();
}
convertTimestamps(ev, el) {
const timestamp = el.getInt('utc');
if (!isNaN(timestamp)) {
const date = new Date(timestamp * 1000);
el.textContent = date.toLocaleString();
}
}
#currentUsername = undefined;
async highlightMentions(ev, el) {
if (this.#currentUsername === undefined) {
const userInfo = await this.api.getJSON(userEndpoint);
if (!userInfo.value) {
return;
}
this.#currentUsername = userInfo.value.user.username;
}
if (el.getString('username') === this.#currentUsername) {
el.classList.add('me');
}
}
}

128
data/static/js/manage-bookmark-collections.js
View File

@@ -1,128 +0,0 @@
let removedCollections = [];
document.getElementById("add-collection-button").addEventListener("click", () => {
const container = document.getElementById("collections-container");
const currentCount = container.querySelectorAll(".draggable-collection").length;
const newId = `new-${Date.now()}`
const collectionHtml = `
<div class="draggable-collection"
data-collection-id="${newId}"
draggable="true"
ondragover="dragOver(event)"
ondragstart="dragStart(event)"
ondragend="dragEnd()">
<input type="text" class="collection-name" value="" required placeholder="Enter collection name" autocomplete="off" maxlength="60"><br>
<div>0 threads, 0 posts</div>
<button type="button" class="delete-button critical">Delete</button>
</div>
`;
container.insertAdjacentHTML('beforeend', collectionHtml);
})
document.addEventListener("click", e => {
if (!e.target.classList.contains("delete-button")) {
return;
}
const collectionDiv = e.target.closest(".draggable-collection");
const collectionId = collectionDiv.dataset.collectionId;
if (!collectionId.startsWith("new-")) {
removedCollections.push(collectionId);
}
collectionDiv.remove();
})
document.getElementById("save-button").addEventListener("click", async () => {
const collections = [];
const collectionDivs = document.querySelectorAll(".draggable-collection");
let isValid = true;
collectionDivs.forEach((collection, index) => {
const collectionId = collection.dataset.collectionId;
const nameInput = collection.querySelector(".collection-name");
if (!nameInput.reportValidity()) {
isValid = false;
return;
}
collections.push({
id: collectionId,
name: nameInput.value,
is_new: collectionId.startsWith("new-"),
});
})
if (!isValid) {
return;
}
const data = {
collections: collections,
removed_collections: removedCollections,
};
try {
const saveHref = document.getElementById('save-button').dataset.submitHref;
const response = await fetch(saveHref, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify(data),
});
if (response.ok) {
window.location.reload();
} else {
console.error("Error saving collections");
}
} catch (error) {
console.error("Error saving collections: ", error);
}
})
// drag logic
// https://codepen.io/crouchingtigerhiddenadam/pen/qKXgap
let selected = null;
const container = document.getElementById("collections-container");
function isBefore(el1, el2) {
let cur;
if (el2.parentNode === el1.parentNode) {
for (cur = el1.previousSibling; cur; cur = cur.previousSibling) {
if (cur === el2) return true;
}
}
return false;
}
function dragOver(e) {
let target = e.target.closest(".draggable-collection")
if (!target || target === selected) {
return;
}
if (isBefore(selected, target)) {
container.insertBefore(selected, target)
} else {
container.insertBefore(selected, target.nextSibling)
}
}
function dragEnd() {
if (!selected) return;
selected.classList.remove("dragged")
selected = null;
}
function dragStart(e) {
e.dataTransfer.effectAllowed = 'move'
e.dataTransfer.setData('text/plain', "")
selected = e.target
selected.classList.add("dragged")
}

45
data/static/js/sort-topics.js
View File

@@ -1,45 +0,0 @@
// https://codepen.io/crouchingtigerhiddenadam/pen/qKXgap
let selected = null;
let container = document.getElementById("topics-container")
function isBefore(el1, el2) {
let cur
if (el2.parentNode === el1.parentNode) {
for (cur = el1.previousSibling; cur; cur = cur.previousSibling) {
if (cur === el2) return true
}
}
return false;
}
function dragOver(e) {
let target = e.target.closest(".draggable-topic")
if (!target || target === selected) {
return;
}
if (isBefore(selected, target)) {
container.insertBefore(selected, target)
} else {
container.insertBefore(selected, target.nextSibling)
}
}
function dragEnd() {
if (!selected) return;
selected.classList.remove("dragged")
selected = null;
for (let i = 0; i < container.childElementCount - 1; i++) {
let input = container.children[i].querySelector(".topic-input");
input.value = i + 1;
}
}
function dragStart(e) {
e.dataTransfer.effectAllowed = 'move'
e.dataTransfer.setData('text/plain', null)
selected = e.target
selected.classList.add("dragged")
}

360
data/static/js/thread.js
View File

@@ -1,360 +0,0 @@
{
const ta = document.getElementById("babycode-content");
function supportsPopover() {
return Object.hasOwn(HTMLElement.prototype, "popover");
}
if (supportsPopover()){
let quotedPostContainer = null;
function isQuoteSelectionValid() {
const selection = document.getSelection();
if (!selection || selection.rangeCount === 0 || selection.isCollapsed) {
return false;
}
const range = selection.getRangeAt(0);
const commonAncestor = range.commonAncestorContainer;
const ancestorElement = commonAncestor.nodeType === Node.TEXT_NODE
? commonAncestor.parentNode
: commonAncestor;
const container = ancestorElement.closest(".post-inner");
if (!container) {
return false;
}
const success = container.contains(ancestorElement);
if (success) {
quotedPostContainer = container;
}
return success;
}
let quotePopover = null;
let isSelecting = false;
document.addEventListener("mousedown", () => {
isSelecting = true;
})
document.addEventListener("mouseup", () => {
isSelecting = false;
handlePossibleSelection();
})
document.addEventListener("keyup", (e) => {
if (e.shiftKey && (e.key.startsWith('Arrow') || e.key === 'Home' || e.key === 'End')) {
handlePossibleSelection();
}
})
function handlePossibleSelection() {
setTimeout(() => {
const valid = isQuoteSelectionValid();
if (isSelecting || !valid) {
removeQuotePopover();
return;
}
const selection = document.getSelection();
const selectionStr = selection.toString().trim();
if (selection.isCollapsed || selectionStr === "") {
removeQuotePopover();
return;
}
showQuotePopover();
}, 50)
}
function removeQuotePopover() {
quotePopover?.hidePopover();
}
function createQuotePopover() {
quotePopover = document.createElement("div");
quotePopover.popover = "auto";
quotePopover.className = "quote-popover";
const quoteButton = document.createElement("button");
quoteButton.textContent = "Quote fragment"
quoteButton.className = "reduced"
quotePopover.appendChild(quoteButton);
document.body.appendChild(quotePopover);
return quoteButton;
}
function showQuotePopover() {
if (!quotePopover) {
const quoteButton = createQuotePopover();
quoteButton.addEventListener("click", () => {
console.log("Quoting:", document.getSelection().toString());
const postPermalink = quotedPostContainer.dataset.postPermalink;
const authorUsername = quotedPostContainer.dataset.authorUsername;
console.log(postPermalink, authorUsername);
if (ta.value.trim() !== "") {
ta.value += "\n"
}
ta.value += `@${authorUsername} [url=${postPermalink}]said:[/url]\n[quote]< :scissors: > ${document.getSelection().toString()} < :scissors: >[/quote]\n`;
ta.scrollIntoView()
ta.focus();
document.getSelection().empty();
removeQuotePopover();
})
}
const range = document.getSelection().getRangeAt(0);
const rect = range.getBoundingClientRect();
const scrollY = window.scrollY || window.pageYOffset;
quotePopover.style.setProperty("top", `${rect.top + scrollY - 55}px`)
quotePopover.style.setProperty("left", `${rect.left + rect.width/2}px`)
if (!quotePopover.matches(':popover-open')) {
quotePopover.showPopover();
}
}
}
const deleteDialog = document.getElementById("delete-dialog");
const deleteDialogCloseButton = document.getElementById("post-delete-dialog-close");
let deletionTargetPostContainer;
function closeDeleteDialog() {
deletionTargetPostContainer.style.removeProperty("background-color");
deleteDialog.close();
}
deleteDialogCloseButton.addEventListener("click", (e) => {
closeDeleteDialog();
})
deleteDialog.addEventListener("click", (e) => {
if (e.target === deleteDialog) {
closeDeleteDialog();
}
})
for (let button of document.querySelectorAll(".post-delete-button")) {
button.addEventListener("click", (e) => {
deleteDialog.showModal();
const postId = button.value;
deletionTargetPostContainer = document.getElementById("post-" + postId).querySelector(".post-content-container");
deletionTargetPostContainer.style.setProperty("background-color", "#fff");
const form = document.getElementById("post-delete-form");
form.action = `/post/${postId}/delete`
})
}
const threadEndpoint = document.getElementById("thread-subscribe-endpoint").value;
let now = Math.floor(new Date() / 1000);
function hideNotification() {
const notification = document.getElementById('new-post-notification');
notification.classList.add('hidden');
}
function showNewPostNotification(url) {
const notification = document.getElementById("new-post-notification");
notification.classList.remove("hidden");
document.getElementById("dismiss-new-post-button").onclick = () => {
now = Math.floor(new Date() / 1000);
hideNotification();
tryFetchUpdate();
}
document.getElementById("go-to-new-post-button").href = url;
document.getElementById("unsub-new-post-button").onclick = () => {
hideNotification();
}
}
function tryFetchUpdate() {
if (!threadEndpoint) return;
const body = JSON.stringify({'since': now});
fetch(threadEndpoint, {method: "POST", headers: {"Content-Type": "application/json"}, body: body})
.then(res => res.json())
.then(json => {
if (json.status === "none") {
setTimeout(tryFetchUpdate, 5000);
} else if (json.status === "new_post") {
showNewPostNotification(json.url);
}
})
.catch(error => console.log(error))
}
tryFetchUpdate();
if (supportsPopover()){
const reactionEmoji = document.getElementById("allowed-reaction-emoji").value.split(" ");
let reactionPopover = null;
let reactionTargetPostId = null;
function tryAddReaction(emoji, postId = reactionTargetPostId) {
const body = JSON.stringify({
"emoji": emoji,
});
fetch(`/api/add-reaction/${postId}`, {method: "POST", headers: {"Content-Type": "application/json"}, body: body})
.then(res => res.json())
.then(json => {
if (json.status === "added") {
const post = document.getElementById(`post-${postId}`);
const spans = Array.from(post.querySelectorAll(".reaction-count")).filter((span) => {
return span.dataset.emoji === emoji
});
if (spans.length > 0) {
const currentValue = spans[0].textContent;
spans[0].textContent = `${parseInt(currentValue) + 1}`;
const button = spans[0].closest(".reaction-button");
button.classList.add("active");
} else {
const span = document.createElement("span");
span.classList = "reaction-container";
span.dataset.emoji = emoji;
const button = document.createElement("button");
button.type = "button";
button.className = "reduced reaction-button active";
button.addEventListener("click", () => {
tryAddReaction(emoji, postId);
})
const img = document.createElement("img");
img.src = `/static/emoji/${emoji}.png`;
button.textContent = " x";
const reactionCountSpan = document.createElement("span")
reactionCountSpan.className = "reaction-count"
reactionCountSpan.textContent = "1"
button.insertAdjacentElement("afterbegin", img);
button.appendChild(reactionCountSpan);
span.appendChild(button);
const post = document.getElementById(`post-${postId}`);
post.querySelector(".post-reactions").insertBefore(span, post.querySelector(".add-reaction-button"));
}
} else if (json.error_code === 409) {
console.log("reaction exists, gonna try and remove");
tryRemoveReaction(emoji, postId);
} else {
console.warn(json)
}
})
.catch(error => console.error(error));
}
function tryRemoveReaction(emoji, postId = reactionTargetPostId) {
const body = JSON.stringify({
"emoji": emoji,
});
fetch(`/api/remove-reaction/${postId}`, {method: "POST", headers: {"Content-Type": "application/json"}, body: body})
.then(res => res.json())
.then(json => {
if (json.status === "removed") {
const post = document.getElementById(`post-${postId}`);
const spans = Array.from(post.querySelectorAll(".reaction-container")).filter((span) => {
return span.dataset.emoji === emoji
});
if (spans.length > 0) {
const reactionCountSpan = spans[0].querySelector(".reaction-count");
const currentValue = parseInt(reactionCountSpan.textContent);
if (currentValue - 1 === 0) {
spans[0].remove();
} else {
reactionCountSpan.textContent = `${parseInt(currentValue) - 1}`;
const button = reactionCountSpan.closest(".reaction-button");
button.classList.remove("active");
}
}
} else {
console.warn(json)
}
})
.catch(error => console.error(error));
}
function createReactionPopover() {
reactionPopover = document.createElement("div");
reactionPopover.className = "reaction-popover";
reactionPopover.popover = "auto";
const inner = document.createElement("div");
inner.className = "reaction-popover-inner";
reactionPopover.appendChild(inner);
for (let emoji of reactionEmoji) {
const img = document.createElement("img");
img.src = `/static/emoji/${emoji}.png`;
const button = document.createElement("button");
button.type = "button";
button.className = "reduced";
button.appendChild(img);
button.addEventListener("click", () => {
tryAddReaction(emoji);
})
button.dataset.emojiName = emoji;
inner.appendChild(button);
}
reactionPopover.addEventListener("beforetoggle", (e) => {
if (e.newState === "closed") {
reactionTargetPostId = null;
}
})
document.body.appendChild(reactionPopover);
}
function showReactionPopover() {
if (!reactionPopover) {
createReactionPopover();
}
if (!reactionPopover.matches(':popover-open')) {
reactionPopover.showPopover();
}
}
for (let button of document.querySelectorAll(".add-reaction-button")) {
button.addEventListener("click", (e) => {
showReactionPopover();
reactionTargetPostId = e.target.dataset.postId;
const rect = e.target.getBoundingClientRect();
const popoverRect = reactionPopover.getBoundingClientRect();
const scrollY = window.scrollY || window.pageYOffset;
reactionPopover.style.setProperty("top", `${rect.top + scrollY + rect.height}px`)
reactionPopover.style.setProperty("left", `${rect.left + rect.width/2 - popoverRect.width/2}px`)
})
}
for (let button of document.querySelectorAll(".reaction-button")) {
button.addEventListener("click", () => {
const reactionContainer = button.closest(".reaction-container")
const emoji = reactionContainer.dataset.emoji;
const postId = reactionContainer.dataset.postId;
console.log(reactionContainer);
tryAddReaction(emoji, postId);
})
}
} else {
for (let button of document.querySelectorAll(".add-reaction-button")) {
button.disabled = true;
button.title = "Enable JS to add reactions."
}
}
}

16
data/static/js/topic.js
View File

@@ -1,16 +0,0 @@
{
const deleteDialog = document.getElementById("delete-dialog");
const deleteDialogOpenButton = document.getElementById("topic-delete-dialog-open");
deleteDialogOpenButton.addEventListener("click", (e) => {
deleteDialog.showModal();
});
const deleteDialogCloseButton = document.getElementById("topic-delete-dialog-close");
deleteDialogCloseButton.addEventListener("click", (e) => {
deleteDialog.close();
})
deleteDialog.addEventListener("click", (e) => {
if (e.target === deleteDialog) {
deleteDialog.close();
}
})
}

135
data/static/js/ui.js
View File

@@ -1,135 +0,0 @@
function openLightbox(post, idx) {
lightboxCurrentPost = post;
lightboxCurrentIdx = idx;
lightboxObj.img.src = lightboxImages.get(post)[idx].src;
lightboxObj.openOriginalAnchor.href = lightboxImages.get(post)[idx].src
lightboxObj.prevButton.disabled = lightboxImages.get(post).length === 1
lightboxObj.nextButton.disabled = lightboxImages.get(post).length === 1
lightboxObj.imageCount.textContent = `Image ${idx + 1} of ${lightboxImages.get(post).length}`
if (!lightboxObj.dialog.open) {
lightboxObj.dialog.showModal();
}
}
const modulo = (n, m) => ((n % m) + m) % m
function lightboxNext() {
const l = lightboxImages.get(lightboxCurrentPost).length;
const target = modulo(lightboxCurrentIdx + 1, l);
openLightbox(lightboxCurrentPost, target);
}
function lightboxPrev() {
const l = lightboxImages.get(lightboxCurrentPost).length;
const target = modulo(lightboxCurrentIdx - 1, l);
openLightbox(lightboxCurrentPost, target);
}
function constructLightbox() {
const dialog = document.createElement("dialog");
dialog.classList.add("lightbox-dialog");
dialog.addEventListener("click", (e) => {
if (e.target === dialog) {
dialog.close();
}
})
const dialogInner = document.createElement("div");
dialogInner.classList.add("lightbox-inner");
dialog.appendChild(dialogInner);
const img = document.createElement("img");
img.classList.add("lightbox-image")
dialogInner.appendChild(img);
const openOriginalAnchor = document.createElement("a")
openOriginalAnchor.text = "Open original in new window"
openOriginalAnchor.target = "_blank"
openOriginalAnchor.rel = "noopener noreferrer nofollow"
dialogInner.appendChild(openOriginalAnchor);
const navSpan = document.createElement("span");
navSpan.classList.add("lightbox-nav");
const prevButton = document.createElement("button");
prevButton.type = "button";
prevButton.textContent = "Previous";
prevButton.addEventListener("click", lightboxPrev);
const nextButton = document.createElement("button");
nextButton.type = "button";
nextButton.textContent = "Next";
nextButton.addEventListener("click", lightboxNext);
const imageCount = document.createElement("span");
imageCount.textContent = "Image of ";
navSpan.appendChild(prevButton);
navSpan.appendChild(imageCount);
navSpan.appendChild(nextButton);
dialogInner.appendChild(navSpan);
return {
img: img,
dialog: dialog,
openOriginalAnchor: openOriginalAnchor,
prevButton: prevButton,
nextButton: nextButton,
imageCount: imageCount,
}
}
let lightboxImages = new Map(); //.post-inner : Array<Object>
let lightboxObj = null;
let lightboxCurrentPost = null;
let lightboxCurrentIdx = -1;
document.addEventListener("DOMContentLoaded", () => {
//lightboxes
lightboxObj = constructLightbox();
document.body.appendChild(lightboxObj.dialog);
function setImageMaxSize(img) {
const {
maxWidth: origMaxWidth,
maxHeight: origMaxHeight,
minWidth: origMinWidth,
minHeight: origMinHeight,
} = getComputedStyle(img);
console.log(img, img.naturalWidth, img.naturalHeight, origMinWidth, origMinHeight, origMaxWidth, origMaxHeight)
if (img.naturalWidth < parseInt(origMinWidth)) {
console.log(1)
img.style.minWidth = img.naturalWidth + "px";
}
if (img.naturalHeight < parseInt(origMinHeight)) {
console.log(2)
img.style.minHeight = img.naturalHeight + "px";
}
if (img.naturalWidth < parseInt(origMaxWidth)) {
console.log(3)
img.style.maxWidth = img.naturalWidth + "px";
}
if (img.naturalHeight < parseInt(origMaxHeight)) {
console.log(4)
img.style.maxHeight = img.naturalHeight + "px";
}
}
const postImages = document.querySelectorAll(".post-inner img.post-image");
postImages.forEach(postImage => {
const belongingTo = postImage.closest(".post-inner");
const images = lightboxImages.get(belongingTo) ?? [];
images.push({
src: postImage.src,
alt: postImage.alt,
});
const idx = images.length - 1;
lightboxImages.set(belongingTo, images);
postImage.style.cursor = "pointer";
postImage.addEventListener("click", () => {
openLightbox(belongingTo, idx);
});
});
const postAndSigImages = document.querySelectorAll("img.post-image");
postAndSigImages.forEach(image => {
if (image.complete) {
setImageMaxSize(image);
} else {
image.addEventListener("load", () => setImageMaxSize(image));
}
})
});

1
data/static/js/vnd/bitty-6.0.0-rc3.min.js vendored
View File

File diff suppressed because one or more lines are too long

2
requirements.txt
View File

@@ -1,9 +1,11 @@
argon2-cffi==25.1.0
argon2-cffi-bindings==21.2.0
blinker==1.9.0
cachelib==0.13.0
cffi==1.17.1
click==8.2.1
Flask==3.1.1
Flask-Caching==2.3.1
itsdangerous==2.2.0
Jinja2==3.1.6
MarkupSafe==3.0.2

1455
sass/_default.scss
View File

File diff suppressed because it is too large Load Diff

113
sass/otomotone.scss
View File

@@ -1,113 +0,0 @@
$fc: #e6e6e6;
$fci: black;
$lightish_accent: #503250;
$lightish_accent2: #502d50;
$dark_accent: #231c23;
$warn: #eaea6a;
$crit: #d53232;
$br: 8px;
@use 'default' with (
$ACCENT_COLOR: #9b649b,
$MAIN_BG: #220d16,
$DARK_1: $lightish_accent2,
$DARK_3: #302731,
$LIGHT_2: #ae6bae,
$LIGHT: $lightish_accent,
$DEFAULT_FONT_COLOR: $fc,
$DEFAULT_FONT_COLOR_INVERSE: $fci,
$BUTTON_COLOR: #3c283c,
$BUTTON_COLOR_2: #8a5584,
$BUTTON_FONT_COLOR: $fc,
$BUTTON_COLOR_WARN: $warn,
$BUTTON_WARN_FONT_COLOR: $fci,
$BUTTON_COLOR_CRITICAL: $crit,
$BUTTON_CRITICAL_FONT_COLOR: $fc,
$ACCORDION_COLOR: #7d467d,
$DEFAULT_BORDER_RADIUS: $br,
$bottomnav_color: $dark_accent,
$topic_info_background: $dark_accent,
$topic_locked_background: $lightish_accent,
$thread_locked_background: $lightish_accent,
$thread_locked_border: 2px outset $dark_accent,
$site_title_color: white,
$topnav_color: #303030,
$quote_background_color: #fbafcf0a,
$link_color: #e87fe1,
$link_color_visited: #ed4fb1,
$post_info_background: #412841,
$post_content_background: $dark_accent,
$thread_info_background_color: $dark_accent,
$motd_background_color: $lightish_accent,
$post_reactions_background: $lightish_accent,
$post_accordion_content_background: #2d212d,
$guide_toc_background: #3c233c,
$guide_section_background: $dark_accent,
$text_input_background: #371e37,
$text_input_background_focus: #514151,
$text_input_font_color: $fc,
$colorful_table_th_color: $lightish_accent,
$colorful_table_td_color: $dark_accent,
$lightbox_background: $lightish_accent,
$infobox_info_color: #775891,
$infobox_warn_color: $warn,
$infobox_warn_font_color: $fci,
$infobox_critical_color: $crit,
$tab_content_background: $lightish_accent,
$tab_button_active_color: #8a5584,
$bookmarks_dropdown_background_color: $lightish_accent,
$mention_font_color: $fc,
);
#topnav {
margin-bottom: 10px;
border: 10px solid rgb(40, 40, 40);
}
#bottomnav {
margin-top: 10px;
border: 10px solid rgb(40, 40, 40);
}
footer {
margin-top: 10px;
}
.infobox, .motd {
border-radius: $br;
}
.thread-sticky-container {
border-top-left-radius: $br;
border-bottom-left-radius: $br;
}
.thread-locked-container {
border-top-right-radius: $br;
border-bottom-right-radius: $br;
}

89
sass/peachy.scss
View File

@@ -1,89 +0,0 @@
// $accent: #dd5536;
$accent: #f27a5a;
$br: 16px;
@use 'default' with (
$ACCENT_COLOR: $accent,
$thread_locked_background: $accent,
$topic_locked_background: $accent,
// $DARK_1: #e36286,
$DARK_1: #88486d,
$MAIN_BG: #c85d45,
$usercard_border: none,
$usercard_border_right: none,
$thread_locked_border: 1px solid black,
$motd_border: 1px solid black,
$PAGE_SIDE_MARGIN: 50px,
$link_color: black,
$link_color_visited: black,
$reaction_button_active_font_color: white,
// $DEFAULT_FONT_COLOR: white,
// $DEFAULT_FONT_COLOR_INVERSE: black,
$text_input_font_color: black,
$BUTTON_COLOR: $accent,
$BUTTON_COLOR_2: #b54444,
$BUTTON_COLOR_CRITICAL: #f73030,
$ACCORDION_COLOR: #c6655b,
$BUTTON_WARN_FONT_COLOR: black,
$BUTTON_CRITICAL_FONT_COLOR: white,
$SMALL_PADDING: 3px,
$MEDIUM_PADDING: 6px,
$MEDIUM_BIG_PADDING: 8px,
$BIG_PADDING: 12px,
$BIGGER_PADDING: 16px,
$DEFAULT_BORDER_RADIUS: $br,
$code_border_radius: $br,
$button_padding: 8px 12px,
$reduced_button_padding: 6px,
$post_reactions_border_top: 2px dotted #f7bfdf,
$post_info_min_height: 35px,
$post_reactions_padding: 6px 12px,
$post_reactions_gap: 6px,
$text_input_padding: 8px,
$infobox_info_color: #81a3e6,
$infobox_critical_color: #f73030,
$infobox_warn_color: #fbfb8d,
$infobox_info_font_color: black,
$infobox_critical_font_color: white,
$infobox_warn_font_color: black,
$pagebutton_min_width: 36px,
$quote_background_color: #0002,
);
#topnav {
border-top-left-radius: $br;
border-top-right-radius: $br;
}
#bottomnav {
border-bottom-left-radius: $br;
border-bottom-right-radius: $br;
color: white;
}
textarea {
padding: 12px 16px;
}
footer {
margin-top: 10px;
border-radius: $br;
border: none;
text-align: center;
}

4
uwsgi.ini
View File

@@ -12,3 +12,7 @@ pythonpath = /opt/venv/lib/python3.13/site-packages
uid = www-data
gid = www-data
env = LANG=C.UTF-8
env = LANGUAGE=C.UTF-8
env = LC_ALL=C.UTF-8