From ef73b044f2ab80b871d2e287842337140017e939 Mon Sep 17 00:00:00 2001
From: Fabio <fabrix.xm@gmail.com>
Date: Tue, 7 Jan 2020 17:33:08 +0100
Subject: [PATCH 1/7] use `yaml.safe_load()`

`yaml.load()` is deprecated and insecure
---
 config.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config.py b/config.py
index 8e93ca9..2d278dd 100644
--- a/config.py
+++ b/config.py
@@ -57,7 +57,7 @@ HEADERS = [
 
 
 with open(os.path.join(KEY_DIR, "me.yml")) as f:
-    conf = yaml.load(f)
+    conf = yaml.safe_load(f)
 
     USERNAME = conf["username"]
     NAME = conf["name"]

From a71bf46af5ef1f577c25f8d7ac32f909fc221d3b Mon Sep 17 00:00:00 2001
From: Fabio <fabrix.xm@gmail.com>
Date: Tue, 7 Jan 2020 17:36:37 +0100
Subject: [PATCH 2/7] Don't overwrite objects 'url' property

---
 core/activitypub.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/core/activitypub.py b/core/activitypub.py
index b09134c..83822af 100644
--- a/core/activitypub.py
+++ b/core/activitypub.py
@@ -327,9 +327,10 @@ def post_to_outbox(activity: ap.BaseActivity) -> str:
         activity._data["object"]["id"] = urljoin(
             BASE_URL, url_for("outbox_activity", item_id=obj_id)
         )
-        activity._data["object"]["url"] = urljoin(
-            BASE_URL, url_for("note_by_id", note_id=obj_id)
-        )
+        if "url" not in activity._data["object"]:
+            activity._data["object"]["url"] = urljoin(
+                BASE_URL, url_for("note_by_id", note_id=obj_id)
+            )
         activity.reset_object_cache()
 
     save(Box.OUTBOX, activity)

From 1f2a8f6da70bbbfb8b11097db913deaa4857ce74 Mon Sep 17 00:00:00 2001
From: Fabio <fabrix.xm@gmail.com>
Date: Tue, 7 Jan 2020 17:39:17 +0100
Subject: [PATCH 3/7] add `get_text` template filter

returns object's `content` or `name`, the first is set, or an empty
string.

some objects don't have `content`, don't let templates rely on it
---
 templates/note.html       | 6 +++---
 templates/utils.html      | 2 +-
 utils/template_filters.py | 8 ++++++++
 3 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/templates/note.html b/templates/note.html
index 4558550..a4b9c73 100644
--- a/templates/note.html
+++ b/templates/note.html
@@ -1,14 +1,14 @@
 {% extends "layout.html" %}
 {% import 'utils.html' as utils %}
-{% block title %}{{ config.NAME }}: "{{ note.activity.object.content | html2plaintext | trim | truncate(50) }}"{% endblock %}
+{% block title %}{{ config.NAME }}{{ note.activity.object | get_text | html2plaintext | trim | truncate(50) }}"{% endblock %}
 {% block header %}
-<meta name="description" content="{{ note.activity.object.content | html2plaintext | trim | truncate(50) }}">
+<meta name="description" content="{{ note.activity.object | get_text | html2plaintext | trim | truncate(50) }}">
 
 <meta content="article" property="og:type" />
 <meta content="{{ note.activity.object.url }}" property="og:url" />
 <meta content="{{ config.USERNAME }} microblog" property="og:site_name" />                                         
 <meta content="{{ config.USERNAME }}" property="og:title" />                                             
-<meta content="{{ note.activity.object.content | html2plaintext | trim | truncate(50) }}" property="og:description" />                                            
+<meta content="{{ note.activity.object | get_text | html2plaintext | trim | truncate(50) }}" property="og:description" />                                            
 <meta content="{{ me.icon.url }}" property="og:image" />                                                 
 <meta content="200" property="og:image:width" />    
 <meta content="200" property="og:image:height" />   
diff --git a/templates/utils.html b/templates/utils.html
index 8952b9d..842422a 100644
--- a/templates/utils.html
+++ b/templates/utils.html
@@ -198,7 +198,7 @@
 
 
     {% else %}
-	{{ obj.content | update_inline_imgs | clean | replace_custom_emojis(obj) | code_highlight | safe }}
+	    {{ obj | get_text | update_inline_imgs | clean | replace_custom_emojis(obj) | code_highlight | safe }}
     {% endif %}
 
     {% if obj | has_place %}
diff --git a/utils/template_filters.py b/utils/template_filters.py
index 302e567..ff8e6db 100644
--- a/utils/template_filters.py
+++ b/utils/template_filters.py
@@ -403,6 +403,14 @@ def get_video_link(data):
         return data
     return None
 
+@filters.app_template_filter()
+def get_text(data):
+    """return first in 'content', 'name' or ''"""
+    for _t in ("content", "name"):
+        if _t in data:
+            return data[_t]
+    return ""
+
 
 @filters.app_template_filter()
 def has_type(doc, _types):

From a327f1f5d78ba5e808c581560c2776dec75a160e Mon Sep 17 00:00:00 2001
From: Fabio <fabrix.xm@gmail.com>
Date: Tue, 7 Jan 2020 17:39:57 +0100
Subject: [PATCH 4/7] `url_or_id` template filter don't return not str `url`

---
 utils/template_filters.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/template_filters.py b/utils/template_filters.py
index ff8e6db..7bbeb00 100644
--- a/utils/template_filters.py
+++ b/utils/template_filters.py
@@ -215,7 +215,7 @@ def format_timeago(val):
 @filters.app_template_filter()
 def url_or_id(d):
     if isinstance(d, dict):
-        if "url" in d:
+        if "url" in d and isinstance(d["url"], str):
             return d["url"]
         else:
             return d["id"]

From 1ab60e399ed577ea502fb2b2bd3b3a6a0622bdac Mon Sep 17 00:00:00 2001
From: Fabio <fabrix.xm@gmail.com>
Date: Tue, 7 Jan 2020 17:40:43 +0100
Subject: [PATCH 5/7] mime type in `Link`s is set in `mediaType` property

---
 utils/template_filters.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/utils/template_filters.py b/utils/template_filters.py
index 7bbeb00..7d8f601 100644
--- a/utils/template_filters.py
+++ b/utils/template_filters.py
@@ -367,7 +367,7 @@ def update_inline_imgs(content):
 def get_video_url(url):
     if isinstance(url, list):
         for link in url:
-            if link.get("mimeType", "").startswith("video/"):
+            if link.get("mediaType", "").startswith("video/"):
                 return _get_file_url(link.get("href"), None, Kind.ATTACHMENT)
     else:
         return _get_file_url(url, None, Kind.ATTACHMENT)

From 173eb15af00e18cf7e783893e76c23389eb98569 Mon Sep 17 00:00:00 2001
From: Fabio <fabrix.xm@gmail.com>
Date: Wed, 8 Jan 2020 17:40:51 +0100
Subject: [PATCH 6/7] add run_dev script

---
 run_dev.sh | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100755 run_dev.sh

diff --git a/run_dev.sh b/run_dev.sh
new file mode 100755
index 0000000..33c6009
--- /dev/null
+++ b/run_dev.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+DEV_POUSSETACHES_AUTH_KEY="1234567890"
+MICROBLOGPUB_INTERNAL_HOST="http://host.docker.internal:5005"
+
+
+env POUSSETACHES_AUTH_KEY=${DEV_POUSSETACHES_AUTH_KEY} docker-compose -f docker-compose-dev.yml up -d
+FLASK_DEBUG=1 MICROBLOGPUB_DEBUG=1 FLASK_APP=app.py POUSSETACHES_AUTH_KEY=${DEV_POUSSETACHES_AUTH_KEY} MICROBLOGPUB_INTERNAL_HOST=${MICROBLOGPUB_INTERNAL_HOST} flask run -p 5005 --with-threads
+docker-compose down

From 12940c284651564473223becfc702c23d4e0789a Mon Sep 17 00:00:00 2001
From: Fabio <fabrix.xm@gmail.com>
Date: Wed, 8 Jan 2020 17:42:16 +0100
Subject: [PATCH 7/7] Document env vars

---
 ENVVARS.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 ENVVARS.md

diff --git a/ENVVARS.md b/ENVVARS.md
new file mode 100644
index 0000000..44ec36b
--- /dev/null
+++ b/ENVVARS.md
@@ -0,0 +1,9 @@
+| var                              | default                 |
+|----------------------------------|-------------------------|
+| POUSSETACHES_AUTH_KEY            |                         |
+| FLASK_DEBUG                      | 0                       |
+| MICROBLOGPUB_DEBUG               | "false"                 |
+| MICROBLOGPUB_INTERNAL_HOST       | "http://localhost:5000" |
+| MICROBLOGPUB_MONGODB_HOST        | "localhost:27017"       |
+| MICROBLOGPUB_POUSSETACHES_HOST   | "http://localhost:7991" |
+| MICROBLOGPUB_WIZARD_PROJECT_NAME | "microblogpub"          |