From ef73b044f2ab80b871d2e287842337140017e939 Mon Sep 17 00:00:00 2001 From: Fabio Date: Tue, 7 Jan 2020 17:33:08 +0100 Subject: [PATCH 1/7] use `yaml.safe_load()` `yaml.load()` is deprecated and insecure --- config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config.py b/config.py index 8e93ca9..2d278dd 100644 --- a/config.py +++ b/config.py @@ -57,7 +57,7 @@ HEADERS = [ with open(os.path.join(KEY_DIR, "me.yml")) as f: - conf = yaml.load(f) + conf = yaml.safe_load(f) USERNAME = conf["username"] NAME = conf["name"] From a71bf46af5ef1f577c25f8d7ac32f909fc221d3b Mon Sep 17 00:00:00 2001 From: Fabio Date: Tue, 7 Jan 2020 17:36:37 +0100 Subject: [PATCH 2/7] Don't overwrite objects 'url' property --- core/activitypub.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/core/activitypub.py b/core/activitypub.py index b09134c..83822af 100644 --- a/core/activitypub.py +++ b/core/activitypub.py @@ -327,9 +327,10 @@ def post_to_outbox(activity: ap.BaseActivity) -> str: activity._data["object"]["id"] = urljoin( BASE_URL, url_for("outbox_activity", item_id=obj_id) ) - activity._data["object"]["url"] = urljoin( - BASE_URL, url_for("note_by_id", note_id=obj_id) - ) + if "url" not in activity._data["object"]: + activity._data["object"]["url"] = urljoin( + BASE_URL, url_for("note_by_id", note_id=obj_id) + ) activity.reset_object_cache() save(Box.OUTBOX, activity) From 1f2a8f6da70bbbfb8b11097db913deaa4857ce74 Mon Sep 17 00:00:00 2001 From: Fabio Date: Tue, 7 Jan 2020 17:39:17 +0100 Subject: [PATCH 3/7] add `get_text` template filter returns object's `content` or `name`, the first is set, or an empty string. some objects don't have `content`, don't let templates rely on it --- templates/note.html | 6 +++--- templates/utils.html | 2 +- utils/template_filters.py | 8 ++++++++ 3 files changed, 12 insertions(+), 4 deletions(-) diff --git a/templates/note.html b/templates/note.html index 4558550..a4b9c73 100644 --- a/templates/note.html +++ b/templates/note.html @@ -1,14 +1,14 @@ {% extends "layout.html" %} {% import 'utils.html' as utils %} -{% block title %}{{ config.NAME }}: "{{ note.activity.object.content | html2plaintext | trim | truncate(50) }}"{% endblock %} +{% block title %}{{ config.NAME }}{{ note.activity.object | get_text | html2plaintext | trim | truncate(50) }}"{% endblock %} {% block header %} - + - + diff --git a/templates/utils.html b/templates/utils.html index 8952b9d..842422a 100644 --- a/templates/utils.html +++ b/templates/utils.html @@ -198,7 +198,7 @@ {% else %} - {{ obj.content | update_inline_imgs | clean | replace_custom_emojis(obj) | code_highlight | safe }} + {{ obj | get_text | update_inline_imgs | clean | replace_custom_emojis(obj) | code_highlight | safe }} {% endif %} {% if obj | has_place %} diff --git a/utils/template_filters.py b/utils/template_filters.py index 302e567..ff8e6db 100644 --- a/utils/template_filters.py +++ b/utils/template_filters.py @@ -403,6 +403,14 @@ def get_video_link(data): return data return None +@filters.app_template_filter() +def get_text(data): + """return first in 'content', 'name' or ''""" + for _t in ("content", "name"): + if _t in data: + return data[_t] + return "" + @filters.app_template_filter() def has_type(doc, _types): From a327f1f5d78ba5e808c581560c2776dec75a160e Mon Sep 17 00:00:00 2001 From: Fabio Date: Tue, 7 Jan 2020 17:39:57 +0100 Subject: [PATCH 4/7] `url_or_id` template filter don't return not str `url` --- utils/template_filters.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/template_filters.py b/utils/template_filters.py index ff8e6db..7bbeb00 100644 --- a/utils/template_filters.py +++ b/utils/template_filters.py @@ -215,7 +215,7 @@ def format_timeago(val): @filters.app_template_filter() def url_or_id(d): if isinstance(d, dict): - if "url" in d: + if "url" in d and isinstance(d["url"], str): return d["url"] else: return d["id"] From 1ab60e399ed577ea502fb2b2bd3b3a6a0622bdac Mon Sep 17 00:00:00 2001 From: Fabio Date: Tue, 7 Jan 2020 17:40:43 +0100 Subject: [PATCH 5/7] mime type in `Link`s is set in `mediaType` property --- utils/template_filters.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/template_filters.py b/utils/template_filters.py index 7bbeb00..7d8f601 100644 --- a/utils/template_filters.py +++ b/utils/template_filters.py @@ -367,7 +367,7 @@ def update_inline_imgs(content): def get_video_url(url): if isinstance(url, list): for link in url: - if link.get("mimeType", "").startswith("video/"): + if link.get("mediaType", "").startswith("video/"): return _get_file_url(link.get("href"), None, Kind.ATTACHMENT) else: return _get_file_url(url, None, Kind.ATTACHMENT) From 173eb15af00e18cf7e783893e76c23389eb98569 Mon Sep 17 00:00:00 2001 From: Fabio Date: Wed, 8 Jan 2020 17:40:51 +0100 Subject: [PATCH 6/7] add run_dev script --- run_dev.sh | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100755 run_dev.sh diff --git a/run_dev.sh b/run_dev.sh new file mode 100755 index 0000000..33c6009 --- /dev/null +++ b/run_dev.sh @@ -0,0 +1,8 @@ +#!/bin/bash +DEV_POUSSETACHES_AUTH_KEY="1234567890" +MICROBLOGPUB_INTERNAL_HOST="http://host.docker.internal:5005" + + +env POUSSETACHES_AUTH_KEY=${DEV_POUSSETACHES_AUTH_KEY} docker-compose -f docker-compose-dev.yml up -d +FLASK_DEBUG=1 MICROBLOGPUB_DEBUG=1 FLASK_APP=app.py POUSSETACHES_AUTH_KEY=${DEV_POUSSETACHES_AUTH_KEY} MICROBLOGPUB_INTERNAL_HOST=${MICROBLOGPUB_INTERNAL_HOST} flask run -p 5005 --with-threads +docker-compose down From 12940c284651564473223becfc702c23d4e0789a Mon Sep 17 00:00:00 2001 From: Fabio Date: Wed, 8 Jan 2020 17:42:16 +0100 Subject: [PATCH 7/7] Document env vars --- ENVVARS.md | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 ENVVARS.md diff --git a/ENVVARS.md b/ENVVARS.md new file mode 100644 index 0000000..44ec36b --- /dev/null +++ b/ENVVARS.md @@ -0,0 +1,9 @@ +| var | default | +|----------------------------------|-------------------------| +| POUSSETACHES_AUTH_KEY | | +| FLASK_DEBUG | 0 | +| MICROBLOGPUB_DEBUG | "false" | +| MICROBLOGPUB_INTERNAL_HOST | "http://localhost:5000" | +| MICROBLOGPUB_MONGODB_HOST | "localhost:27017" | +| MICROBLOGPUB_POUSSETACHES_HOST | "http://localhost:7991" | +| MICROBLOGPUB_WIZARD_PROJECT_NAME | "microblogpub" |