Merge branch 'main' of ssh://code.freedombone.net:2222/bashrc/epicyon

auth.py

@@ -245,7 +245,12 @@ def recordLoginFailure(baseDir: str, ipAddress: str,
     currTime = datetime.datetime.utcnow()
     try:
         with open(failureLog, writeType) as fp:
-            fp.write(currTime.strftime("%Y-%m-%d %H:%M:%SZ") +
-                     ' ' + ipAddress + '\n')
+            # here we use a similar format to an ssh log, so that
+            # systems such as fail2ban can parse it
+            fp.write(currTime.strftime("%Y-%m-%d %H:%M:%SZ") + ' ' +
+                     'ip-127-0-0-1 sshd[20710]: ' +
+                     'Disconnecting invalid user epicyon ' +
+                     ipAddress + ' port 443: ' +
+                     'Too many authentication failures [preauth]\n')
     except BaseException:
         pass

daemon.py

@@ -1267,7 +1267,9 @@ class PubServer(BaseHTTPRequestHandler):
         self.authorizedNickname = None
 
         notAuthPaths = (
-            '/icons/', '/avatars/', '/favicon.ico', '/newswire.xml',
+            '/icons/', '/avatars/',
+            '/accounts/avatars/', '/accounts/headers/',
+            '/favicon.ico', '/newswire.xml',
             '/newswire_favicon.ico', '/categories.xml'
         )
         for notAuthStr in notAuthPaths:
@@ -9902,6 +9904,7 @@ class PubServer(BaseHTTPRequestHandler):
            '/emoji/' not in path and \
            '/tags/' not in path and \
            '/avatars/' not in path and \
+           '/headers/' not in path and \
            '/fonts/' not in path and \
            '/icons/' not in path:
             divertToLoginScreen = True
@@ -10199,10 +10202,17 @@ class PubServer(BaseHTTPRequestHandler):
         """Shows an avatar or banner or profile background image
         """
         if '/users/' not in path:
-            return False
+            if '/accounts/avatars/' not in path:
+                if '/accounts/headers/' not in path:
+                    return False
         if not pathIsImage(path):
             return False
-        avatarStr = path.split('/users/')[1]
+        if '/accounts/avatars/' in path:
+            avatarStr = path.split('/accounts/avatars/')[1]
+        elif '/accounts/headers/' in path:
+            avatarStr = path.split('/accounts/headers/')[1]
+        else:
+            avatarStr = path.split('/users/')[1]
         if not ('/' in avatarStr and '.temp.' not in path):
             return False
         avatarNickname = avatarStr.split('/')[0]

person.py

@@ -162,13 +162,17 @@ def randomizeActorImages(personJson: {}) -> None:
     # NOTE: these files don't need to have cryptographically
     # secure names
     randStr = str(randint(10000000000000, 99999999999999))  # nosec
+    baseUrl = personId.split('/users/')[0]
+    nickname = personJson['preferredUsername']
     personJson['icon']['url'] = \
-        personId + '/avatar' + randStr + '.' + existingExtension
+        baseUrl + '/accounts/avatars/' + nickname + \
+        '/avatar' + randStr + '.' + existingExtension
     lastPartOfFilename = personJson['image']['url'].split('/')[-1]
     existingExtension = lastPartOfFilename.split('.')[1]
     randStr = str(randint(10000000000000, 99999999999999))  # nosec
     personJson['image']['url'] = \
-        personId + '/image' + randStr + '.' + existingExtension
+        baseUrl + '/accounts/headers/' + nickname + \
+        '/image' + randStr + '.' + existingExtension
 
 
 def getDefaultPersonContext() -> str:

utils.py

@@ -1434,7 +1434,8 @@ def _isReservedName(nickname: str) -> bool:
                      'activity', 'undo', 'pinned',
                      'reply', 'replies', 'question', 'like',
                      'likes', 'users', 'statuses', 'tags',
-                     'accounts', 'channels', 'profile', 'u',
+                     'accounts', 'headers',
+                     'channels', 'profile', 'u',
                      'updates', 'repeat', 'announce',
                      'shares', 'fonts', 'icons', 'avatars',
                      'welcome', 'helpimages',