Merge branch 'dev' into feature/signature

2026-04-04 00:00:51 -04:00 · 2021-01-18 06:54:38 +00:00
parent 18e8e88c66 377c4c6554
commit 7f76322377
26 changed files with 597 additions and 298 deletions
--- a/src/handlers/auth_handler.cr
+++ b/src/handlers/auth_handler.cr
@@ -82,7 +82,12 @@ class AuthHandler < Kemal::Handler
      if env.session.string? "token"
        should_reject = !validate_token_admin(env)
      end
-      env.response.status_code = 403 if should_reject
+      if should_reject
+        env.response.status_code = 403
+        send_error_page "HTTP 403: You are not authorized to visit " \
+                        "#{env.request.path}"
+        return
+      end
    end

    call_next env
--- a/src/logger.cr
+++ b/src/logger.cr
@@ -6,26 +6,14 @@ class Logger
  SEVERITY_IDS = [0, 4, 5, 2, 3]
  COLORS       = [:light_cyan, :light_red, :red, :light_yellow, :light_magenta]

+  getter raw_log = Log.for ""
+
  @@severity : Log::Severity = :info

  use_default

  def initialize
-    level = Config.current.log_level
-    {% begin %}
-      case level.downcase
-      when "off"
-        @@severity = :none
-        {% for lvl, i in LEVELS %}
-        when {{lvl}}
-          @@severity = Log::Severity.new SEVERITY_IDS[{{i}}]
-        {% end %}
-      else
-        raise "Unknown log level #{level}"
-      end
-    {% end %}
-
-    @log = Log.for("")
+    @@severity = Logger.get_severity
    @backend = Log::IOBackend.new

    format_proc = ->(entry : Log::Entry, io : IO) do
@@ -49,6 +37,24 @@ class Logger
    Log.setup @@severity, @backend
  end

+  def self.get_severity(level = "") : Log::Severity
+    if level.empty?
+      level = Config.current.log_level
+    end
+    {% begin %}
+      case level.downcase
+      when "off"
+        return Log::Severity::None
+        {% for lvl, i in LEVELS %}
+          when {{lvl}}
+          return Log::Severity.new SEVERITY_IDS[{{i}}]
+        {% end %}
+      else
+        raise "Unknown log level #{level}"
+      end
+    {% end %}
+  end
+
  # Ignores @@severity and always log msg
  def log(msg)
    @backend.write Log::Entry.new "", Log::Severity::None, msg,
@@ -61,7 +67,7 @@ class Logger

  {% for lvl in LEVELS %}
    def {{lvl.id}}(msg)
-      @log.{{lvl.id}} { msg }
+      raw_log.{{lvl.id}} { msg }
    end
    def self.{{lvl.id}}(msg)
      default.not_nil!.{{lvl.id}} msg
--- a/src/mango.cr
+++ b/src/mango.cr
@@ -8,7 +8,7 @@ require "option_parser"
 require "clim"
 require "tallboy"

-MANGO_VERSION = "0.18.3"
+MANGO_VERSION = "0.19.0"

 # From http://www.network-science.de/ascii/
 BANNER = %{
@@ -63,7 +63,12 @@ class CLI < Clim
      Plugin::Downloader.default

      spawn do
-        Server.new.start
+        begin
+          Server.new.start
+        rescue e
+          Logger.fatal e
+          Process.exit 1
+        end
      end

      MainFiber.start_and_block
--- a/src/routes/api.cr
+++ b/src/routes/api.cr
@@ -713,6 +713,24 @@ struct APIRouter
      end
    end

+    Koa.describe "Returns all tags"
+    Koa.response 200, ref: "$tagsResult"
+    get "/api/tags" do |env|
+      begin
+        tags = Storage.default.list_tags
+        send_json env, {
+          "success" => true,
+          "tags"    => tags,
+        }.to_json
+      rescue e
+        Logger.error e
+        send_json env, {
+          "success" => false,
+          "error"   => e.message,
+        }.to_json
+      end
+    end
+
    Koa.describe "Adds a new tag to a title"
    Koa.path "tid", desc: "A title ID"
    Koa.response 200, ref: "$result"
--- a/src/server.cr
+++ b/src/server.cr
@@ -7,10 +7,6 @@ require "./routes/*"

 class Server
  def initialize
-    error 403 do |env|
-      message = "HTTP 403: You are not authorized to visit #{env.request.path}"
-      layout "message"
-    end
    error 404 do |env|
      message = "HTTP 404: Mango cannot find the page #{env.request.path}"
      layout "message"
--- a/src/storage.cr
+++ b/src/storage.cr
@@ -3,6 +3,8 @@ require "crypto/bcrypt"
 require "uuid"
 require "base64"
 require "./util/*"
+require "mg"
+require "../migration/*"

 def hash_password(pw)
  Crypto::Bcrypt::Password.create(pw).to_s
@@ -13,9 +15,10 @@ def verify_password(hash, pw)
 end

 class Storage
+  @@insert_ids = [] of IDTuple
+
  @path : String
  @db : DB::Database?
-  @insert_ids = [] of IDTuple

  alias IDTuple = NamedTuple(path: String,
    id: String,
@@ -35,44 +38,15 @@ class Storage
    MainFiber.run do
      DB.open "sqlite3://#{@path}" do |db|
        begin
-          # v0.18.0
-          db.exec "create table tags (id text, tag text, unique (id, tag))"
-          db.exec "create index tags_id_idx on tags (id)"
-          db.exec "create index tags_tag_idx on tags (tag)"
-
-          # v0.15.0
-          db.exec "create table thumbnails " \
-                  "(id text, data blob, filename text, " \
-                  "mime text, size integer)"
-          db.exec "create unique index tn_index on thumbnails (id)"
-
-          # v0.1.1
-          db.exec "create table ids" \
-                  "(path text, id text, is_title integer)"
-          db.exec "create unique index path_idx on ids (path)"
-          db.exec "create unique index id_idx on ids (id)"
-
-          # v0.1.0
-          db.exec "create table users" \
-                  "(username text, password text, token text, admin integer)"
+          MG::Migration.new(db, log: Logger.default.raw_log).migrate
        rescue e
-          unless e.message.not_nil!.ends_with? "already exists"
-            Logger.fatal "Error when checking tables in DB: #{e}"
-            raise e
-          end
-
-          # If the DB is initialized through CLI but no user is added, we need
-          #   to create the admin user when first starting the app
-          user_count = db.query_one "select count(*) from users", as: Int32
-          init_admin if init_user && user_count == 0
-        else
-          Logger.debug "Creating DB file at #{@path}"
-          db.exec "create unique index username_idx on users (username)"
-          db.exec "create unique index token_idx on users (token)"
-
-          init_admin if init_user
+          Logger.fatal "DB migration failed. #{e}"
+          raise e
        end

+        user_count = db.query_one "select count(*) from users", as: Int32
+        init_admin if init_user && user_count == 0
+
        # Verifies that the default username in config is valid
        if Config.current.disable_login
          username = Config.current.default_username
@@ -99,9 +73,11 @@ class Storage
  private def get_db(&block : DB::Database ->)
    if @db.nil?
      DB.open "sqlite3://#{@path}" do |db|
+        db.exec "PRAGMA foreign_keys = 1"
        yield db
      end
    else
+      @db.not_nil!.exec "PRAGMA foreign_keys = 1"
      yield @db.not_nil!
    end
  end
@@ -258,28 +234,38 @@ class Storage
    id = nil
    MainFiber.run do
      get_db do |db|
-        id = db.query_one? "select id from ids where path = (?)", path,
-          as: {String}
+        if is_title
+          id = db.query_one? "select id from titles where path = (?)", path,
+            as: String
+        else
+          id = db.query_one? "select id from ids where path = (?)", path,
+            as: String
+        end
      end
    end
    id
  end

  def insert_id(tp : IDTuple)
-    @insert_ids << tp
+    @@insert_ids << tp
  end

  def bulk_insert_ids
    MainFiber.run do
      get_db do |db|
-        db.transaction do |tx|
-          @insert_ids.each do |tp|
-            tx.connection.exec "insert into ids values (?, ?, ?)", tp[:path],
-              tp[:id], tp[:is_title] ? 1 : 0
+        db.transaction do |tran|
+          conn = tran.connection
+          @@insert_ids.each do |tp|
+            if tp[:is_title]
+              conn.exec "insert into titles values (?, ?, null)", tp[:id],
+                tp[:path]
+            else
+              conn.exec "insert into ids values (?, ?)", tp[:path], tp[:id]
+            end
          end
        end
      end
-      @insert_ids.clear
+      @@insert_ids.clear
    end
  end

@@ -372,6 +358,7 @@ class Storage
    MainFiber.run do
      Logger.info "Starting DB optimization"
      get_db do |db|
+        # Delete dangling entry IDs
        trash_ids = [] of String
        db.query "select path, id from ids" do |rs|
          rs.each do
@@ -380,29 +367,24 @@ class Storage
          end
        end

-        # Delete dangling IDs
        db.exec "delete from ids where id in " \
                "(#{trash_ids.map { |i| "'#{i}'" }.join ","})"
-        Logger.debug "#{trash_ids.size} dangling IDs deleted" \
+        Logger.debug "#{trash_ids.size} dangling entry IDs deleted" \
           if trash_ids.size > 0

-        # Delete dangling thumbnails
-        trash_thumbnails_count = db.query_one "select count(*) from " \
-                                              "thumbnails where id not in " \
-                                              "(select id from ids)", as: Int32
-        if trash_thumbnails_count > 0
-          db.exec "delete from thumbnails where id not in (select id from ids)"
-          Logger.info "#{trash_thumbnails_count} dangling thumbnails deleted"
+        # Delete dangling title IDs
+        trash_titles = [] of String
+        db.query "select path, id from titles" do |rs|
+          rs.each do
+            path = rs.read String
+            trash_titles << rs.read String unless Dir.exists? path
+          end
        end

-        # Delete dangling tags
-        trash_tags_count = db.query_one "select count(*) from tags " \
-                                        "where id not in " \
-                                        "(select id from ids)", as: Int32
-        if trash_tags_count > 0
-          db.exec "delete from tags where id not in (select id from ids)"
-          Logger.info "#{trash_tags_count} dangling tags deleted"
-        end
+        db.exec "delete from titles where id in " \
+                "(#{trash_titles.map { |i| "'#{i}'" }.join ","})"
+        Logger.debug "#{trash_titles.size} dangling title IDs deleted" \
+           if trash_titles.size > 0
      end
      Logger.info "DB optimization finished"
    end
--- a/src/util/web.cr
+++ b/src/util/web.cr
@@ -1,19 +1,24 @@
 # Web related helper functions/macros

+# This macro defines `is_admin` when used
+macro check_admin_access
+  is_admin = false
+  # The token (if exists) takes precedence over the default user option.
+  #   this is why we check the default username first before checking the
+  #   token.
+  if Config.current.disable_login
+    is_admin = Storage.default.
+      username_is_admin Config.current.default_username
+  end
+  if token = env.session.string? "token"
+    is_admin = Storage.default.verify_admin token
+  end
+end
+
 macro layout(name)
  base_url = Config.current.base_url
+  check_admin_access
  begin
-    is_admin = false
-    # The token (if exists) takes precedence over the default user option.
-    #   this is why we check the default username first before checking the
-    #   token.
-    if Config.current.disable_login
-      is_admin = Storage.default.
-        username_is_admin Config.current.default_username
-    end
-    if token = env.session.string? "token"
-      is_admin = Storage.default.verify_admin token
-    end
    page = {{name}}
    render "src/views/#{{{name}}}.html.ecr", "src/views/layout.html.ecr"
  rescue e
@@ -24,6 +29,15 @@ macro layout(name)
  end
 end

+macro send_error_page(msg)
+  message = {{msg}}
+  base_url = Config.current.base_url
+  check_admin_access
+  page = "Error"
+  html = render "src/views/message.html.ecr", "src/views/layout.html.ecr"
+  send_file env, html.to_slice, "text/html"
+end
+
 macro send_img(env, img)
  send_file {{env}}, {{img}}.data, {{img}}.mime
 end
--- a/src/views/components/tags.html.ecr
+++ b/src/views/components/tags.html.ecr
@@ -1,12 +0,0 @@
-<div class="uk-margin" x-data="tagsComponent()" x-cloak x-init="load(<%= is_admin %>)">
-  <p class="uk-text-meta" @selectstart.prevent>
-  <span style="position:relative; bottom:3px; margin-right:5px;">Tags: </span>
-  <template x-for="tag in tags" :key="tag">
-    <span class="uk-label uk-label-primary" style="padding:2px 5px; margin:0 5px 5px 5px; text-transform:none;">
-      <a class="uk-link-reset" x-show="isAdmin" @click="rm($event)" :id="`${tag}-rm`"><span uk-icon="close" style="margin-right: 5px; position: relative; bottom: 1.5px;"></span></a><a class="uk-link-reset" x-text="tag" :href="`<%= base_url %>tags/${encodeURIComponent(tag)}`"></a>
-    </span>
-  </template>
-  <a class="uk-link-reset" style="position:relative; bottom:3px;" :uk-icon="inputShown ? 'close' : 'plus'" @click="toggleInput($nextTick)" x-show="isAdmin"></a>
-  </p>
-  <input id="tag-input" class="uk-input" type="text" placeholder="Type in a new tag and hit enter" x-model="newTag" @keydown="keydown($event)" x-show="inputShown">
-</div>
--- a/src/views/download-manager.html.ecr
+++ b/src/views/download-manager.html.ecr
@@ -43,7 +43,7 @@
            <template x-if="job.status_message.length > 0">
              <div class="uk-inline">
                <span uk-icon="info"></span>
-                <div uk-dropdown x-text="job.status_message"></div>
+                <div uk-dropdown x-text="job.status_message" style="white-space: pre-line;"></div>
              </div>
            </template>
          </td>
--- a/src/views/layout.html.ecr
+++ b/src/views/layout.html.ecr
@@ -37,7 +37,7 @@
          <div class="uk-navbar-toggle" uk-navbar-toggle-icon="uk-navbar-toggle-icon" uk-toggle="target: #mobile-nav"></div>
        </div>
        <div class="uk-navbar-left uk-visible@s">
-          <a class="uk-navbar-item uk-logo" href="<%= base_url %>"><img src="<%= base_url %>img/icon.png"></a>
+          <a class="uk-navbar-item uk-logo" href="<%= base_url %>"><img src="<%= base_url %>img/icon.png" style="width:90px;height:90px;"></a>
          <ul class="uk-navbar-nav">
            <li><a href="<%= base_url %>">Home</a></li>
            <li><a href="<%= base_url %>library">Library</a></li>
@@ -69,7 +69,7 @@
    </div>
    <div class="uk-section uk-section-small">
    </div>
-    <div class="uk-section uk-section-small" id="main-section">
+    <div class="uk-section uk-section-small" style="position:relative;">
      <div class="uk-container uk-container-small">
        <div id="alert"></div>
        <%= content %>
--- a/src/views/reader.html.ecr
+++ b/src/views/reader.html.ecr
@@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html class="reader-bg">
+<html style="background-color: black;">

  <% page = "Reader" %>
  <%= render_component "head" %>
--- a/src/views/title.html.ecr
+++ b/src/views/title.html.ecr
@@ -34,7 +34,10 @@
 </ul>
 <p class="uk-text-meta"><%= title.content_label %> found</p>

-<%= render_component "tags" %>
+<div class="uk-margin" x-data="tagsComponent()" x-cloak x-init="load(<%= is_admin %>)" x-show="!loading">
+  <select class="tag-select" multiple="multiple" style="width:100%">
+  </select>
+</div>

 <div class="uk-grid-small" uk-grid>
  <div class="uk-margin-bottom uk-width-3-4@s">
@@ -121,6 +124,9 @@

 <% content_for "script" do %>
  <%= render_component "dots-scripts" %>
+  <link href="https://cdn.jsdelivr.net/npm/select2@4.1.0-beta.1/dist/css/select2.min.css" rel="stylesheet" />
+  <link href="/css/tags.css" rel="stylesheet" />
+  <script src="https://cdn.jsdelivr.net/npm/select2@4.1.0-beta.1/dist/js/select2.min.js"></script>
  <script src="<%= base_url %>js/alert.js"></script>
  <script src="<%= base_url %>js/title.js"></script>
  <script src="<%= base_url %>js/search.js"></script>