indymedia
/
epicyon
mirror of https://gitlab.com/bashrc2/epicyon
7
4
Fork 1
Code Issues 14 Releases Wiki Activity

Merge branch 'main' of ssh://code.freedombone.net:2222/bashrc/epicyon into main

main
Bob Mottram 2020-07-11 23:51:09 +01:00
parent 415c215eb1 e94a580748
commit 64a9867d49
5 changed files with 101 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
daemon.py
View File

@ -1067,19 +1067,18 @@ class PubServer(BaseHTTPRequestHandler):
# to be authorized to use an account you don't own
if '/' + nickname + '/' in self.path:
return True
if '/' + nickname + '?' in self.path:
elif '/' + nickname + '?' in self.path:
return True
if self.path.endswith('/'+nickname):
elif self.path.endswith('/'+nickname):
return True
print('AUTH: nickname ' + nickname +
' was not found in path ' + self.path)
return False
if self.server.debug:
print('AUTH: epicyon cookie ' +
'authorization failed, header=' +
self.headers['Cookie'].replace('epicyon=', '') +
' tokenStr=' + tokenStr + ' tokens=' +
str(self.server.tokensLookup))
print('AUTH: epicyon cookie ' +
'authorization failed, header=' +
self.headers['Cookie'].replace('epicyon=', '') +
' tokenStr=' + tokenStr + ' tokens=' +
str(self.server.tokensLookup))
return False
print('AUTH: Header cookie was not authorized')
return False
@ -1644,7 +1643,8 @@ class PubServer(BaseHTTPRequestHandler):
self.server.domainFull + usersPath
msg = htmlRemoveSharedItem(self.server.translate,
self.server.baseDir,
actor, shareName).encode('utf-8')
actor, shareName,
callingDomain).encode('utf-8')
if not msg:
if callingDomain.endswith('.onion') and \
self.server.onionDomain:
@ -2387,7 +2387,8 @@ class PubServer(BaseHTTPRequestHandler):
self.server.httpPrefix,
self.server.domainFull,
postId, postTime,
postYear, postMonth, postDay)
postYear, postMonth, postDay,
callingDomain)
if not msg:
actor = \
self.server.httpPrefix + '://' + \
@ -3091,6 +3092,11 @@ class PubServer(BaseHTTPRequestHandler):
# delete a post from the web interface icon
if htmlGET and '?delete=' in self.path:
if not cookie:
print('ERROR: no cookie given when deleting')
self._400()
self.server.GETbusy = False
return
pageNumber = 1
if '?page=' in self.path:
pageNumberStr = self.path.split('?page=')[1]
@ -3159,7 +3165,7 @@ class PubServer(BaseHTTPRequestHandler):
self.server.session, self.server.baseDir,
deleteUrl, self.server.httpPrefix,
__version__, self.server.cachedWebfingers,
self.server.personCache)
self.server.personCache, callingDomain)
if deleteStr:
self._set_headers('text/html', len(deleteStr),
cookie, callingDomain)
@ -5787,12 +5793,9 @@ class PubServer(BaseHTTPRequestHandler):
# check authorization
authorized = self._isAuthorized()
if self.server.debug:
if authorized:
print('POST Authorization granted')
else:
print('POST Not authorized')
print(str(self.headers))
if not authorized:
print('POST Not authorized')
print(str(self.headers))
# if this is a POST to the outbox then check authentication
self.outboxAuthenticated = False
@ -7063,7 +7066,7 @@ class PubServer(BaseHTTPRequestHandler):
maxPostsInFeed,
self.server.httpPrefix,
self.server.domainFull,
actorStr)
actorStr, callingDomain)
if sharedItemsStr:
msg = sharedItemsStr.encode('utf-8')
self._login_headers('text/html',
@ -7142,6 +7145,12 @@ class PubServer(BaseHTTPRequestHandler):
self._benchmarkPOSTtimings(POSTstartTime, POSTtimings, 8)
# removes a post
if not authorized and self.path.endswith('/rmpost'):
print('ERROR: attempt to remove post was not authorized. ' +
self.path)
self._400()
self.server.POSTbusy = False
return
if authorized and self.path.endswith('/rmpost'):
pageNumber = 1
usersPath = self.path.split('/rmpost')[0]

3
followingCalendar.py
View File

@ -15,6 +15,9 @@ def receivingCalendarEvents(baseDir: str, nickname: str, domain: str,
"""Returns true if receiving calendar events from the given
account from following.txt
"""
if followingNickname == nickname and followingDomain == domain:
# reminder post
return True
calendarFilename = baseDir + '/accounts/' + \
nickname + '@' + domain + '/followingCalendar.txt'
handle = followingNickname + '@' + followingDomain

10
inbox.py
View File

@ -1913,13 +1913,15 @@ def inboxUpdateCalendar(baseDir: str, handle: str, postJsonObject: {}) -> None:
actor = postJsonObject['actor']
actorNickname = getNicknameFromActor(actor)
actorDomain, actorPort = getDomainFromActor(actor)
handleNickname = handle.split('@')[0]
handleDomain = handle.split('@')[1]
if not receivingCalendarEvents(baseDir,
handle.split('@')[0],
handle.split('@')[1],
actorNickname,
actorDomain):
handleNickname, handleDomain,
actorNickname, actorDomain):
return
for tagDict in postJsonObject['object']['tag']:
if not tagDict.get('type'):
continue
if tagDict['type'] != 'Event':
continue
if not tagDict.get('startTime'):

3
posts.py
View File

@ -1918,8 +1918,7 @@ def addToField(activityType: str, postJsonObject: {},
def sendToNamedAddresses(session, baseDir: str,
nickname: str,
domain: str,
nickname: str, domain: str,
onionDomain: str, i2pDomain: str, port: int,
httpPrefix: str, federationList: [],
sendThreads: [], postLog: [],

79
webinterface.py
View File

@ -79,6 +79,20 @@ from petnames import getPetName
from followingCalendar import receivingCalendarEvents
def getAltPath(actor: str, domainFull: str, callingDomain: str) -> str:
"""Returns alternate path from the actor
eg. https://clearnetdomain/path becomes http://oniondomain/path
"""
postActor = actor
if callingDomain not in actor and domainFull in actor:
if callingDomain.endswith('.onion') or \
callingDomain.endswith('.i2p'):
postActor = \
'http://' + callingDomain + actor.split(domainFull)[1]
print('Changed POST domain from ' + actor + ' to ' + postActor)
return postActor
def getContentWarningButton(postID: str, translate: {},
content: str) -> str:
"""Returns the markup for a content warning button
@ -439,7 +453,8 @@ def htmlSearchSharedItems(translate: {},
pageNumber: int,
resultsPerPage: int,
httpPrefix: str,
domainFull: str, actor: str) -> str:
domainFull: str, actor: str,
callingDomain: str) -> str:
"""Search results for shared items
"""
iconsDir = getIconsDir(baseDir)
@ -536,9 +551,13 @@ def htmlSearchSharedItems(translate: {},
translate['Remove'] + '</button></a>'
sharedItemsForm += '</p></div>'
if not resultsExist and currPage > 1:
postActor = \
getAltPath(actor, domainFull,
callingDomain)
# previous page link, needs to be a POST
sharedItemsForm += \
'<form method="POST" action="' + actor + \
'<form method="POST" action="' + \
postActor + \
'/searchhandle?page=' + \
str(pageNumber - 1) + '">'
sharedItemsForm += \
@ -565,9 +584,13 @@ def htmlSearchSharedItems(translate: {},
if ctr >= resultsPerPage:
currPage += 1
if currPage > pageNumber:
postActor = \
getAltPath(actor, domainFull,
callingDomain)
# next page link, needs to be a POST
sharedItemsForm += \
'<form method="POST" action="' + actor + \
'<form method="POST" action="' + \
postActor + \
'/searchhandle?page=' + \
str(pageNumber + 1) + '">'
sharedItemsForm += \
@ -5047,12 +5070,17 @@ def htmlPostReplies(recentPostsCache: {}, maxRecentPosts: int,
def htmlRemoveSharedItem(translate: {}, baseDir: str,
actor: str, shareName: str) -> str:
actor: str, shareName: str,
callingDomain: str) -> str:
"""Shows a screen asking to confirm the removal of a shared item
"""
itemID = getValidSharedItemID(shareName)
nickname = getNicknameFromActor(actor)
domain, port = getDomainFromActor(actor)
domainFull = domain
if port:
if port != 80 and port != 443:
domainFull = domain + ':' + str(port)
sharesFile = baseDir + '/accounts/' + \
nickname + '@' + domain + '/shares.json'
if not os.path.isfile(sharesFile):
@ -5090,7 +5118,8 @@ def htmlRemoveSharedItem(translate: {}, baseDir: str,
sharesStr += \
' <p class="followText">' + translate['Remove'] + \
' ' + sharedItemDisplayName + ' ?</p>'
sharesStr += ' <form method="POST" action="' + actor + '/rmshare">'
postActor = getAltPath(actor, domainFull, callingDomain)
sharesStr += ' <form method="POST" action="' + postActor + '/rmshare">'
sharesStr += ' <input type="hidden" name="actor" value="' + actor + '">'
sharesStr += ' <input type="hidden" name="shareName" value="' + \
shareName + '">'
@ -5112,7 +5141,8 @@ def htmlDeletePost(recentPostsCache: {}, maxRecentPosts: int,
translate, pageNumber: int,
session, baseDir: str, messageId: str,
httpPrefix: str, projectVersion: str,
wfRequest: {}, personCache: {}) -> str:
wfRequest: {}, personCache: {},
callingDomain: str) -> str:
"""Shows a screen asking to confirm the deletion of a post
"""
if '/statuses/' not in messageId:
@ -5121,6 +5151,10 @@ def htmlDeletePost(recentPostsCache: {}, maxRecentPosts: int,
actor = messageId.split('/statuses/')[0]
nickname = getNicknameFromActor(actor)
domain, port = getDomainFromActor(actor)
domainFull = domain
if port:
if port != 80 and port != 443:
domainFull = domain + ':' + str(port)
postFilename = locatePost(baseDir, nickname, domain, messageId)
if not postFilename:
@ -5157,7 +5191,10 @@ def htmlDeletePost(recentPostsCache: {}, maxRecentPosts: int,
deletePostStr += \
' <p class="followText">' + \
translate['Delete this post?'] + '</p>'
deletePostStr += ' <form method="POST" action="' + actor + '/rmpost">'
postActor = getAltPath(actor, domainFull, callingDomain)
deletePostStr += \
' <form method="POST" action="' + postActor + '/rmpost">'
deletePostStr += \
' <input type="hidden" name="pageNumber" value="' + \
str(pageNumber) + '">'
@ -5180,7 +5217,7 @@ def htmlCalendarDeleteConfirm(translate: {}, baseDir: str,
path: str, httpPrefix: str,
domainFull: str, postId: str, postTime: str,
year: int, monthNumber: int,
dayNumber: int) -> str:
dayNumber: int, callingDomain: str) -> str:
"""Shows a screen asking to confirm the deletion of a calendar event
"""
nickname = getNicknameFromActor(path)
@ -5218,7 +5255,10 @@ def htmlCalendarDeleteConfirm(translate: {}, baseDir: str,
deletePostStr += '<center>'
deletePostStr += ' <p class="followText">' + \
translate['Delete this event'] + '</p>'
deletePostStr += ' <form method="POST" action="' + actor + '/rmpost">'
postActor = getAltPath(actor, domainFull, callingDomain)
deletePostStr += \
' <form method="POST" action="' + postActor + '/rmpost">'
deletePostStr += ' <input type="hidden" name="year" value="' + \
str(year) + '">'
deletePostStr += ' <input type="hidden" name="month" value="' + \
@ -5634,11 +5674,15 @@ def htmlCalendarDay(translate: {},
with open(cssFilename, 'r') as cssFile:
calendarStyle = cssFile.read()
calActor = actor
if '/users/' in actor:
calActor = '/users/' + actor.split('/users/')[1]
calendarStr = htmlHeader(cssFilename, calendarStyle)
calendarStr += '<main><table class="calendar">\n'
calendarStr += '<caption class="calendar__banner--month">\n'
calendarStr += \
' <a href="' + actor + '/calendar?year=' + str(year) + \
' <a href="' + calActor + '/calendar?year=' + str(year) + \
'?month=' + str(monthNumber) + '">'
calendarStr += \
' <h1>' + str(dayNumber) + ' ' + monthName + \
@ -5673,7 +5717,7 @@ def htmlCalendarDay(translate: {},
deleteButtonStr = ''
if postId:
deleteButtonStr = \
'<td class="calendar__day__icons"><a href="' + actor + \
'<td class="calendar__day__icons"><a href="' + calActor + \
'/eventdelete?id=' + postId + '?year=' + str(year) + \
'?month=' + str(monthNumber) + '?day=' + str(dayNumber) + \
'?time=' + eventTime + \
@ -5815,20 +5859,24 @@ def htmlCalendar(translate: {},
with open(cssFilename, 'r') as cssFile:
calendarStyle = cssFile.read()
calActor = actor
if '/users/' in actor:
calActor = '/users/' + actor.split('/users/')[1]
calendarStr = htmlHeader(cssFilename, calendarStyle)
calendarStr += '<main><table class="calendar">\n'
calendarStr += '<caption class="calendar__banner--month">\n'
calendarStr += \
' <a href="' + actor + '/calendar?year=' + str(prevYear) + \
' <a href="' + calActor + '/calendar?year=' + str(prevYear) + \
'?month=' + str(prevMonthNumber) + '">'
calendarStr += \
' <img loading="lazy" alt="' + translate['Previous month'] + \
'" title="' + translate['Previous month'] + '" src="/' + iconsDir + \
'/prev.png" class="buttonprev"/></a>\n'
calendarStr += ' <a href="' + actor + '/inbox">'
calendarStr += ' <a href="' + calActor + '/inbox">'
calendarStr += ' <h1>' + monthName + '</h1></a>\n'
calendarStr += \
' <a href="' + actor + '/calendar?year=' + str(nextYear) + \
' <a href="' + calActor + '/calendar?year=' + str(nextYear) + \
'?month=' + str(nextMonthNumber) + '">'
calendarStr += \
' <img loading="lazy" alt="' + translate['Next month'] + \
@ -5870,7 +5918,8 @@ def htmlCalendar(translate: {},
if dayOfMonth == currDate.day:
isToday = True
if events.get(str(dayOfMonth)):
url = actor + '/calendar?year=' + str(year) + '?month=' + \
url = calActor + '/calendar?year=' + \
str(year) + '?month=' + \
str(monthNumber) + '?day=' + str(dayOfMonth)
dayLink = '<a href="' + url + '">' + \
str(dayOfMonth) + '</a>'