lichenblankie/tinyweb-forum
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tinyweb-forum/tinyweb_forum/handlers.py

875 lines
38 KiB
Python
Raw Blame History

import json
import secrets
import threading
from datetime import datetime
from urllib.parse import unquote
MAX_TITLE_LENGTH = 200
MAX_BODY_LENGTH = 10000
PER_PAGE = 20
RECENT_SECONDS = 86400 * 7 # "new" = within last 7 days
def esc(s):
import html
return html.escape(str(s))
FORUM_CSS = """
<style>
.forum-form { max-width: 500px; }
.forum-form input:not([type=checkbox]):not([type=radio]), .forum-form textarea {
width: 100%; box-sizing: border-box; padding: 10px 12px; margin-bottom: 12px;
font-size: 0.95rem;
}
.forum-form input:not([type=checkbox]):not([type=radio]):focus, .forum-form textarea:focus {
outline: none;
}
.forum-form input[type=checkbox] { width: auto; margin: 0; }
.forum-form button {
padding: 10px 20px; margin-bottom: 12px;
cursor: pointer;
}
.forum-form textarea { font-family: ui-monospace, 'SF Mono', 'Cascadia Code', 'Segoe UI Mono', Menlo, Consolas, monospace; font-size: 0.85rem; line-height: 1.6; resize: vertical; }
.forum-form label.inline-label input { width: 60px; display: inline; }
.forum-form label:not(.checkbox-label):not(.inline-label) { display: block; margin-bottom: 8px; }
.forum-form label.checkbox-label { display: flex; align-items: center; gap: 6px; margin-bottom: 8px; }
.forum-form label.inline-label { display: inline-flex; align-items: center; gap: 4px; margin-bottom: 8px; white-space: nowrap; }
.forum-form small { display: block; margin-bottom: 8px; }
.forum-toolbar { display: flex; flex-wrap: wrap; gap: 10px; align-items: center; margin: 0.5rem 0; }
.forum-toolbar form { flex: 1; min-width: 160px; }
.forum-toolbar input[name=q] { width: 100%; box-sizing: border-box; padding: 8px 12px; font-size: 0.9rem; }
.forum-toolbar input[name=q]:focus { outline: none; }
.forum-toolbar-actions { display: flex; flex-wrap: wrap; gap: 6px; }
.forum-actions { display: flex; flex-wrap: wrap; gap: 8px; align-items: center; margin: 0.5rem 0; }
a.forum-action, a.forum-action-inline {
text-decoration: none; border-bottom: none; font-size: 0.88rem;
padding: 8px 14px;
transition: background 0.2s, color 0.2s, border-color 0.2s;
}
a.forum-action-inline { padding: 2px 6px; border: none; }
a.forum-action-inline:hover { border: none; }
p.meta { font-size: 0.85rem; }
.forum-list { list-style: none; padding-left: 0; }
.forum-list li { padding: 0.8rem 0; border-bottom: 1px solid; }
.forum-list li:last-child { border-bottom: none; }
.forum-list .thread-title { margin-bottom: 0.15rem; }
.forum-list .thread-meta { font-size: 0.78rem; }
.forum-list a { border-bottom: none; }
</style>"""
class ForumHandlers:
def __init__(self, fdb, sync, identity, reticulum, site_name="me"):
self.fdb = fdb
self.sync = sync
self.identity = identity
self.reticulum = reticulum
self.site_name = site_name
self._request_local = threading.local()
def _get_csrf(self):
return getattr(self._request_local, 'csrf_token', '')
def _csrf_field(self):
token = self._get_csrf()
return f'<input type="hidden" name="_csrf" value="{token}">'
def _check_csrf(self, body):
token = body.get("_csrf", [""])[0]
expected = self._get_csrf()
if not expected or not token:
return False
return secrets.compare_digest(token, expected)
def _is_local(self, instance):
if instance == "local":
return True
if self.identity and instance == self.identity.hash.hex():
return True
return False
def _author_str(self, name, instance):
if self._is_local(instance):
return "me"
return instance[:6]
def _block_link(self, instance):
if self._is_local(instance):
return ""
return f' <a class="forum-action-inline" href="/forum/blockhash/{instance}">[block]</a>'
def _respond(self, body_html, status=200):
return {
"status": status,
"content_type": "text/html; charset=utf-8",
"body": FORUM_CSS + body_html,
"headers": {},
}
def _json(self, data, status=200):
return {
"status": status,
"content_type": "application/json",
"body": json.dumps(data),
"headers": {},
}
def _redirect(self, location):
return {
"status": 302,
"content_type": "text/html; charset=utf-8",
"body": "",
"headers": {"Location": location},
}
def _error(self, status):
return self._respond(f"<h1>{status}</h1>", status)
def _paginate(self, query):
try:
p = int(query.get("p", ["1"])[0])
except (ValueError, IndexError):
p = 1
return max(1, p)
def _page_nav(self, page, total, base_url):
if total <= PER_PAGE:
return ""
total_pages = (total + PER_PAGE - 1) // PER_PAGE
sep = "&" if "?" in base_url else "?"
parts = []
if page > 1:
parts.append(f'<a href="{base_url}{sep}p={page - 1}">&laquo; prev</a>')
parts.append(f"page {page} of {total_pages}")
if page < total_pages:
parts.append(f'<a href="{base_url}{sep}p={page + 1}">next &raquo;</a>')
return f'<p class="pagination">{" | ".join(parts)}</p>'
def _now(self):
return datetime.now().strftime("%Y-%m-%dT%H:%M:%S")
def _time_ago(self, ts):
try:
dt = datetime.strptime(ts, "%Y-%m-%dT%H:%M:%S")
except (ValueError, TypeError):
return ts
delta = datetime.now() - dt
if delta.days > 365:
return f"{delta.days // 365}y ago"
if delta.days > 30:
return f"{delta.days // 30}mo ago"
if delta.days > 0:
return f"{delta.days}d ago"
if delta.seconds >= 3600:
return f"{delta.seconds // 3600}h ago"
if delta.seconds >= 60:
return f"{delta.seconds // 60}m ago"
return "just now"
def _is_new(self, ts):
try:
dt = datetime.strptime(ts, "%Y-%m-%dT%H:%M:%S")
except (ValueError, TypeError):
return False
return (datetime.now() - dt).total_seconds() < RECENT_SECONDS
def _blocked_instances(self):
raw = self.fdb.get_setting("blocked_instances", "")
return set(h.strip() for h in raw.split(",") if h.strip())
def _retracted_threads(self):
t, p = self.fdb.get_retracted_ids()
return t
def _muted_threads(self):
raw = self.fdb.get_setting("muted_threads", "")
return set(h.strip() for h in raw.split(",") if h.strip())
def _keyword_filters(self):
raw = self.fdb.get_setting("keyword_filters", "")
return [k.strip().lower() for k in raw.split(",") if k.strip()]
def _passes_filters(self, thread):
blocked = self._blocked_instances()
if thread["author_instance"] in blocked:
return False
keywords = self._keyword_filters()
if keywords:
text = (thread["title"] + " " + thread["body"]).lower()
if any(k in text for k in keywords):
return False
return True
# --- Routes ---
def handle_list(self, query):
page = self._paginate(query)
tag = unquote(query.get("tag", [""])[0]).strip()
search = query.get("q", [""])[0].strip()
show_muted = query.get("muted", [""])[0].strip() == "1"
rows, total = self.fdb.get_threads(page=page, per_page=PER_PAGE, tag=tag, search=search)
muted = self._muted_threads()
retracted = self._retracted_threads()
new_count = 0
items = ""
for r in rows:
if r["id"] in retracted:
continue
if not self._passes_filters(r):
continue
is_muted = r["id"] in muted
if is_muted and not show_muted:
continue
if self._is_new(r["created_at"]):
new_count += 1
badge = "[share]" if r["url"] else "[request]"
mute_badge = " [muted]" if is_muted else ""
tags_html = ""
if r["tags"]:
tag_links = " ".join(
f'<a href="/forum?tag={esc(t.strip())}" class="tag">[{esc(t.strip())}]</a>'
for t in r["tags"].split(",") if t.strip()
)
tags_html = f' {tag_links}'
reply_label = f"{r['reply_count']} replies" if r['reply_count'] else "no replies"
items += (
f'<li>'
f'<div class="thread-title">'
f'<small>{badge}{mute_badge}</small> '
f'<a href="/forum/t/{esc(r["id"])}">{esc(r["title"])}</a>'
f'{tags_html}'
f'</div>'
f'<div class="thread-meta">'
f'{esc(self._author_str(r["author_name"], r["author_instance"]))}'
f' · {self._time_ago(r["created_at"])}'
f' · {r["score"]} upvotes'
f' · {reply_label}'
f'</div>'
f'</li>'
)
if not items:
items = "<p>No threads yet.</p>"
new_label = f" ({new_count} new)" if new_count else ""
search_form = (
f'<form method="get" action="/forum">'
f'<input name="q" placeholder="search" value="{esc(search)}">'
f'</form>'
)
tag_label = f' — tag: {esc(tag)}' if tag else ""
muted_link = f'<a class="forum-action" href="/forum?muted=1">show muted</a>' if not show_muted else f'<a class="forum-action" href="/forum">show all</a>'
page_url = f'/forum?q={esc(search)}&tag={esc(tag)}&muted=1' if show_muted else (f'/forum?q={esc(search)}&tag={esc(tag)}' if search or tag else '/forum')
return self._respond(
f"<h1>forum{tag_label}</h1>"
f'<div class="forum-toolbar">'
f'{search_form}'
f'<div class="forum-toolbar-actions">'
f'<a class="forum-action" href="/forum/new">+ new</a>'
f'<a class="forum-action" href="/forum/moderation">mod</a>'
f'<a class="forum-action" href="/forum/sync/now">sync now</a>'
f'{muted_link}'
f'</div></div>'
f"<p class=\"meta\">{total} threads{new_label}</p>"
f'<ul class="forum-list">{items}</ul>'
f"{self._page_nav(page, total, page_url)}"
)
def handle_new_form(self, msg=""):
return self._respond(
f"<h1>new thread</h1>"
f'<form class="forum-form" method="post" action="/forum/new">'
f'{self._csrf_field()}'
f'<input name="title" placeholder="title" required>'
f"<small>max {MAX_TITLE_LENGTH} characters</small>"
f'<input name="url" placeholder="URL you want to share (optional)">'
f'<textarea name="body" rows="6" placeholder="details or context (optional)"></textarea>'
f"<small>max {MAX_BODY_LENGTH} characters</small>"
f'<input name="tags" placeholder="tags, comma-separated (optional)">'
f'<button type="submit">post</button>'
f"</form>"
f"<p>{msg}</p>"
f'<a href="/forum">back</a>'
)
def handle_new_submit(self, body):
title = body.get("title", [""])[0].strip()
url = body.get("url", [""])[0].strip()
body_text = body.get("body", [""])[0].strip()
tags = body.get("tags", [""])[0].strip()
if not title:
return self.handle_new_form("Title is required.")
if len(title) > MAX_TITLE_LENGTH:
return self.handle_new_form(f"Title too long (max {MAX_TITLE_LENGTH} characters).")
if len(body_text) > MAX_BODY_LENGTH:
return self.handle_new_form(f"Body too long (max {MAX_BODY_LENGTH} characters).")
thread_id = secrets.token_hex(16)
author_instance = self.identity.hash.hex() if self.identity else "local"
author_name = self.site_name
now = self._now()
self.fdb.create_thread(thread_id, title, url, body_text, tags, author_instance, author_name, now)
return self._redirect(f"/forum/t/{thread_id}")
def handle_thread(self, thread_id, query=None):
thread = self.fdb.get_thread(thread_id)
if not thread or not self._passes_filters(thread):
return self._error(404)
_, retracted_posts = self.fdb.get_retracted_ids()
posts = [p for p in self.fdb.get_posts(thread_id)
if p["author_instance"] not in self._blocked_instances()
and p["id"] not in retracted_posts]
muted = self._muted_threads()
is_muted = thread["id"] in muted
instance_hash = self.identity.hash.hex() if self.identity else "local"
has_upvoted = self.fdb.has_upvoted(thread_id, instance_hash)
badge = "[share]" if thread["url"] else "[request]"
url_html = ""
if thread["url"]:
url_html = (
f'<p><a href="{esc(thread["url"])}" rel="noreferrer noopener">{esc(thread["url"])}</a>'
f' (<a href="/add?url={esc(thread["url"])}">+ save to my index</a>)</p>'
)
tags_html = ""
if thread["tags"]:
tag_links = " ".join(
f'<a href="/forum?tag={esc(t.strip())}" class="tag">[{esc(t.strip())}]</a>'
for t in thread["tags"].split(",") if t.strip()
)
tags_html = f'<p class="tags">{tag_links}</p>'
body_html = f"<p>{esc(thread['body'])}</p>" if thread["body"] else ""
mute_btn = (
f'<a class="forum-action-inline" href="/forum/unmute/{thread["id"]}">unmute</a>'
if is_muted else
f'<a class="forum-action-inline" href="/forum/mute/{thread["id"]}">mute</a>'
)
posts_html = ""
for p in posts:
save_links = ""
for word in p["body"].split():
w = word.strip().strip(",.!?;:")
if w.startswith(("http://", "https://")):
save_links += (
f' <a href="/add?url={esc(w)}">+ save</a>'
)
parent_ref = ""
if p["parent_id"]:
parent_ref = f' <small><a href="#post-{esc(p["parent_id"])}">↪ reply</a></small>'
posts_html += (
f'<div class="post" id="post-{esc(p["id"])}" style="margin-bottom:1rem;padding-left:1rem;border-left:2px solid">'
f'<small><b>{esc(self._author_str(p["author_name"], p["author_instance"]))}</b>'
f'{self._block_link(p["author_instance"])}'
f' · {self._time_ago(p["created_at"])}{parent_ref}'
f'{" · " + self._post_retract_link(thread["id"], p["id"]) if p["author_instance"] == instance_hash else ""}</small>'
f'<p>{esc(p["body"])}</p>'
f'{save_links}'
f'</div>'
)
reply_form = (
f'<form class="forum-form" method="post" action="/forum/t/{thread["id"]}/reply">'
f'{self._csrf_field()}'
f'<textarea name="body" rows="4" placeholder="share a URL or reply..." required></textarea>'
f"<small>max {MAX_BODY_LENGTH} characters</small>"
f'<button type="submit">reply</button>'
f"</form>"
)
return self._respond(
f"<h1>{badge} {esc(thread['title'])}</h1>"
f'<p class="meta">'
f'by {esc(self._author_str(thread["author_name"], thread["author_instance"]))}'
f'{self._block_link(thread["author_instance"])}'
f' · {self._time_ago(thread["created_at"])}'
f' · {thread["score"]} upvotes'
f' · {mute_btn}'
f' · <a class="forum-action-inline" href="/forum/t/{thread["id"]}/upvote">{"-1" if has_upvoted else "+1"}</a>'
f'{self._author_links(thread["id"], thread["author_instance"], instance_hash)}'
f'</p>'
f'{url_html}'
f'{body_html}'
f'{tags_html}'
f"<hr>"
f"{posts_html}<br><br>"
f"{reply_form}<br><br>"
f'<a href="/forum">back to forum</a>'
)
def handle_retract_thread(self, thread_id):
thread = self.fdb.get_thread(thread_id)
if not thread:
return self._error(404)
instance_hash = self.identity.hash.hex() if self.identity else "local"
if thread["author_instance"] != instance_hash:
return self._error(403)
self.fdb.retract_thread(thread_id, instance_hash, self._now())
return self._redirect("/forum")
def handle_retract_post(self, post_id, thread_id):
fdb = self.fdb
posts = fdb.get_posts(thread_id)
post = next((p for p in posts if p["id"] == post_id), None)
if not post:
return self._error(404)
instance_hash = self.identity.hash.hex() if self.identity else "local"
if post["author_instance"] != instance_hash:
return self._error(403)
fdb.retract_post(post_id, instance_hash, self._now())
return self._redirect(f"/forum/t/{thread_id}")
def handle_edit_form(self, thread_id, msg=""):
thread = self.fdb.get_thread(thread_id)
if not thread:
return self._error(404)
instance_hash = self.identity.hash.hex() if self.identity else "local"
if thread["author_instance"] != instance_hash:
return self._error(403)
return self._respond(
f"<h1>edit thread</h1>"
f'<form class="forum-form" method="post" action="/forum/t/{thread_id}/edit">'
f'{self._csrf_field()}'
f'<input name="title" value="{esc(thread["title"])}" required>'
f"<small>max {MAX_TITLE_LENGTH} characters</small>"
f'<input name="url" value="{esc(thread["url"] or "")}" placeholder="URL">'
f'<textarea name="body" rows="6" placeholder="details or context">{esc(thread["body"] or "")}</textarea>'
f"<small>max {MAX_BODY_LENGTH} characters</small>"
f'<input name="tags" value="{esc(thread["tags"] or "")}" placeholder="tags, comma-separated">'
f'<button type="submit">save</button>'
f"</form>"
f"<p>{msg}</p>"
f'<a href="/forum/t/{thread_id}">back</a>'
)
def handle_edit_submit(self, thread_id, body):
thread = self.fdb.get_thread(thread_id)
if not thread:
return self._error(404)
instance_hash = self.identity.hash.hex() if self.identity else "local"
if thread["author_instance"] != instance_hash:
return self._error(403)
title = body.get("title", [""])[0].strip()
if not title:
return self.handle_edit_form(thread_id, "Title is required.")
if len(title) > MAX_TITLE_LENGTH:
return self.handle_edit_form(thread_id, f"Title too long (max {MAX_TITLE_LENGTH} characters).")
url = body.get("url", [""])[0].strip()
body_text = body.get("body", [""])[0].strip()
if len(body_text) > MAX_BODY_LENGTH:
return self.handle_edit_form(thread_id, f"Body too long (max {MAX_BODY_LENGTH} characters).")
tags = body.get("tags", [""])[0].strip()
now = self._now()
self.fdb.update_thread(thread_id, title, url, body_text, tags, now)
return self._redirect(f"/forum/t/{thread_id}")
def handle_reply(self, thread_id, body):
body_text = body.get("body", [""])[0].strip()
if not body_text:
return self._redirect(f"/forum/t/{thread_id}")
if len(body_text) > MAX_BODY_LENGTH:
return self._respond(f"<p>Body too long (max {MAX_BODY_LENGTH} characters). <a href=\"/forum/t/{esc(thread_id)}\">back</a></p>")
parent_id = body.get("parent_id", [""])[0].strip()
author_instance = self.identity.hash.hex() if self.identity else "local"
author_name = self.site_name
post_id = secrets.token_hex(16)
now = self._now()
self.fdb.create_post(post_id, thread_id, parent_id, body_text, author_instance, author_name, now)
return self._redirect(f"/forum/t/{thread_id}")
def handle_upvote(self, thread_id, body):
thread = self.fdb.get_thread(thread_id)
if not thread:
return self._error(404)
instance_hash = self.identity.hash.hex() if self.identity else "local"
self.fdb.toggle_upvote(thread_id, instance_hash)
return self._redirect(f"/forum/t/{thread_id}")
def handle_mute(self, thread_id):
muted = self._muted_threads()
muted.add(thread_id)
self.fdb.set_setting("muted_threads", ",".join(muted))
return self._redirect(f"/forum")
def handle_unmute(self, thread_id):
muted = self._muted_threads()
muted.discard(thread_id)
self.fdb.set_setting("muted_threads", ",".join(muted))
return self._redirect(f"/forum/t/{thread_id}")
def _author_links(self, tid, author_instance, instance_hash):
links = ""
if author_instance == instance_hash:
links += f' · <a class="forum-action-inline" href="/forum/t/{tid}/edit">edit</a>'
links += f' · <a class="forum-action-inline" href="/forum/retract/{tid}">retract</a>'
return links
def _post_retract_link(self, tid, pid):
return f'<a class="forum-action-inline" href="/forum/retract/{tid}/post/{pid}">retract</a>'
def _peer_reports_html(self):
counts = self.fdb.get_peer_block_counts()
if not counts:
return "<p>No peer reports yet.</p>"
auto_blocked = set(h.strip() for h in self.fdb.get_setting("auto_blocked_instances", "").split(",") if h.strip())
blocked = self._blocked_instances()
items = ""
for h, count in sorted(counts.items(), key=lambda x: -x[1]):
status = " (blocked)" if h in blocked else " (pending)"
items += f"<li>{esc(h[:16])}... — {count} reports{status}</li>"
return f"<ul>{items}</ul>"
def handle_moderation(self, msg=""):
blocked = self._blocked_instances()
auto_blocked = set(h.strip() for h in self.fdb.get_setting("auto_blocked_instances", "").split(",") if h.strip())
peer_counts = self.fdb.get_peer_block_counts()
blocked_items = ""
if blocked:
for h in sorted(blocked):
label = "[auto] " if h in auto_blocked else ""
reports = f" ({peer_counts.get(h, 0)} peers)" if h in peer_counts else ""
blocked_items += (
f'<li>{label}{esc(h[:16])}...{reports} '
f'<form method="post" action="/forum/unblock" style="display:inline">'
f'{self._csrf_field()}'
f'<input type="hidden" name="instance" value="{esc(h)}">'
f'<button>unblock</button></form>'
f'</li>'
)
blocked_items = f"<ul>{blocked_items}</ul>"
else:
blocked_items = "<p>No instances blocked.</p>"
filters = self._keyword_filters()
filters_str = ", ".join(filters) if filters else ""
synced = self.fdb.get_synced_instances()
synced_items = ""
for s in synced:
synced_items += (
f'<li>{esc(s["name"] or s["instance_hash"][:16])}... '
f'<form method="post" action="/forum/unsync" style="display:inline">'
f'{self._csrf_field()}'
f'<input type="hidden" name="instance" value="{esc(s["instance_hash"])}">'
f'<button>remove</button></form>'
f'</li>'
)
synced_items = f"<ul>{synced_items}</ul>" if synced_items else "<p>No instances synced yet.</p>"
auto_discover = self.fdb.get_setting("forum_auto_discover", "1")
auto_discover_checked = " checked" if auto_discover == "1" else ""
auto_sync = self.fdb.get_setting("forum_auto_sync", "0")
auto_sync_checked = " checked" if auto_sync == "1" else ""
retention_days = self.fdb.get_setting("forum_retention_days", "30")
return self._respond(
f"<h1>forum moderation</h1>"
f"<p>{msg}</p>"
f'<p><a class="forum-action" href="/forum/sync/now">sync now</a></p>'
f"<h2>auto-discovery</h2>"
f'<form class="forum-form" method="post" action="/forum/auto_discover">'
f'{self._csrf_field()}'
f'<label class="checkbox-label"><input type="checkbox" name="enabled" value="1"{auto_discover_checked}>'
f" automatically discover other forum instances on the mesh</label>"
f'<button>save</button>'
f"</form>"
f"<h2>auto-sync</h2>"
f'<form class="forum-form" method="post" action="/forum/auto_sync">'
f'{self._csrf_field()}'
f'<label class="checkbox-label"><input type="checkbox" name="enabled" value="1"{auto_sync_checked}>'
f" automatically sync content every 5 minutes</label>"
f'<button>save</button>'
f"</form>"
f"<h2>storage</h2>"
f'<form class="forum-form" method="post" action="/forum/storage">'
f'{self._csrf_field()}'
f'<label class="inline-label">Keep threads for '
f'<input name="retention_days" value="{esc(retention_days)}" size="5"> days</label>'
f"<small>Older threads are pruned automatically (default: 30). Set to 0 to keep everything.</small>"
f'<button>save</button>'
f"</form>"
f"<h2>blocked instances</h2>"
f"{blocked_items}"
f'<form class="forum-form" method="post" action="/forum/block">'
f'{self._csrf_field()}'
f'<input name="instance" placeholder="instance hash (32 hex chars)">'
f'<button>block</button>'
f"</form>"
f"<h2>peer reports</h2>"
f"{self._peer_reports_html()}"
f"<h2>keyword filters</h2>"
f'<form class="forum-form" method="post" action="/forum/filters">'
f'{self._csrf_field()}'
f'<input name="keywords" value="{esc(filters_str)}" placeholder="comma-separated keywords">'
f'<button>save</button>'
f"</form>"
f"<h2>synced instances</h2>"
f"{synced_items}"
f"<p><small>Instances are discovered automatically via mesh announces. "
f"You can also manually add a friend's instance hash to bootstrap.</small></p>"
f'<form class="forum-form" method="post" action="/forum/sync/add">'
f'{self._csrf_field()}'
f'<input name="instance" placeholder="instance hash">'
f'<input name="name" placeholder="label (optional)">'
f'<button>add</button>'
f"</form>"
f'<hr>'
f'<a href="/forum">back to forum</a>'
)
def handle_block(self, body):
instance = body.get("instance", [""])[0].strip().replace("<", "").replace(">", "")
if len(instance) != 32:
return self.handle_moderation("Invalid instance hash (must be 32 hex chars).")
blocked = self._blocked_instances()
blocked.add(instance)
self.fdb.set_setting("blocked_instances", ",".join(blocked))
return self.handle_moderation(f"Blocked {instance[:16]}...")
def handle_unblock(self, body):
instance = body.get("instance", [""])[0].strip()
blocked = self._blocked_instances()
blocked.discard(instance)
self.fdb.set_setting("blocked_instances", ",".join(blocked))
auto = set(h.strip() for h in self.fdb.get_setting("auto_blocked_instances", "").split(",") if h.strip())
auto.discard(instance)
self.fdb.set_setting("auto_blocked_instances", ",".join(auto))
self.fdb.clear_peer_block(instance)
return self.handle_moderation(f"Unblocked {instance[:16]}...")
def handle_block_hash(self, instance):
if len(instance) == 32 or len(instance) == 64:
blocked = self._blocked_instances()
if instance in blocked:
blocked.discard(instance)
self.fdb.clear_peer_block(instance)
else:
blocked.add(instance)
self.fdb.set_setting("blocked_instances", ",".join(blocked))
auto = set(h.strip() for h in self.fdb.get_setting("auto_blocked_instances", "").split(",") if h.strip())
auto.discard(instance)
self.fdb.set_setting("auto_blocked_instances", ",".join(auto))
return self._redirect("/forum")
def handle_filters(self, body):
keywords = body.get("keywords", [""])[0].strip()
self.fdb.set_setting("keyword_filters", keywords)
return self.handle_moderation("Filters saved.")
def handle_auto_discover(self, body):
enabled = "1" if body.get("enabled") else "0"
self.fdb.set_setting("forum_auto_discover", enabled)
if self.sync:
self.sync.set_auto_discover(enabled == "1")
return self.handle_moderation(f"Auto-discovery {'enabled' if enabled == '1' else 'disabled'}.")
def handle_storage(self, body):
days = body.get("retention_days", ["30"])[0].strip()
try:
days = max(0, int(days))
except ValueError:
return self.handle_moderation("Invalid retention days.")
self.fdb.set_setting("forum_retention_days", str(days))
return self.handle_moderation(f"Storage retention set to {days} days.")
def handle_auto_sync(self, body):
enabled = "1" if body.get("enabled") else "0"
self.fdb.set_setting("forum_auto_sync", enabled)
if self.sync:
self.sync.set_auto_sync(enabled == "1")
return self.handle_moderation(f"Auto-sync {'enabled' if enabled == '1' else 'disabled'}.")
def handle_sync_now(self):
if not self.sync:
return self._respond("<p>Sync not available.</p>")
count = self.sync.sync_now()
msg = f"Synced with {count} instance{'s' if count != 1 else ''}."
if count == 0:
msg = "No peers to sync with."
return self._respond(f"<p>{msg}</p><p><a href=\"/forum\">back to forum</a></p>")
def handle_sync_add(self, body):
instance = body.get("instance", [""])[0].strip().replace("<", "").replace(">", "")
name = body.get("name", [""])[0].strip()
if len(instance) != 32:
return self.handle_moderation("Invalid instance hash (must be 32 hex chars).")
self.fdb.upsert_synced_instance(instance, name)
return self.handle_moderation(f"Added {name or instance[:16]}... to sync.")
def handle_unsync(self, body):
instance = body.get("instance", [""])[0].strip()
self.fdb.remove_synced_instance(instance)
return self.handle_moderation("Removed.")
# --- Sync endpoint (called over RNS) ---
def handle_sync_request(self, data):
"""Handle incoming sync request from another forum instance."""
since = data.get("query", {}).get("since", [""])[0] if isinstance(data.get("query"), dict) else ""
incoming_threads = data.get("threads", [])
incoming_posts = data.get("posts", [])
incoming_upvotes = data.get("upvotes", [])
blocked = self._blocked_instances()
if incoming_threads:
for t in incoming_threads:
if t.get("author_instance", "") not in blocked:
self.fdb.merge_thread(t)
if incoming_posts:
for p in incoming_posts:
if p.get("author_instance", "") not in blocked:
self.fdb.merge_post(p)
if incoming_upvotes:
for uv in incoming_upvotes:
self.fdb.merge_upvote(uv["thread_id"], uv["instance_hash"])
# Record incoming peer blocks
incoming_blocks = data.get("blocks", {})
peer_hash = data.get("peer_hash", "") or data.get("from_hash", "")
if incoming_blocks and peer_hash:
for h in incoming_blocks.get("mine", []):
if h and h not in blocked:
self.fdb.record_peer_block(peer_hash, h)
for h in incoming_blocks.get("peers", []):
if h and h not in blocked:
self.fdb.record_peer_block(peer_hash, h)
# Merge incoming retractions
for r in data.get("retractions", []):
if r.get("id") and r.get("type") and r.get("author") and r.get("at"):
self.fdb.merge_retraction(r["id"], r["type"], r["author"], r["at"])
# Auto-discover the peer that synced with us and their known peers
from_hash = data.get("from_hash", "")
if from_hash and from_hash not in blocked:
self.fdb.add_known_peer(from_hash)
for peer_hash in data.get("known_peers", []):
if peer_hash and peer_hash != from_hash and peer_hash not in blocked:
self.fdb.add_known_peer(peer_hash)
my_blocks = list(blocked)
my_peer_blocks = self.fdb.get_peer_block_list()
threads, posts, upvote_threads = [], [], []
if since:
ts, posts_list, up_list = self.fdb.get_new_content(since)
threads = [dict(r) for r in ts]
posts = [dict(r) for r in posts_list]
upvote_threads = up_list
retracted = [{"id": cid, "type": ct, "author": ai, "at": ra}
for cid, ct, ai, ra in self.fdb.get_raw_retractions()]
known_peers = [h for h in self.fdb.get_all_known_hashes() if h != from_hash]
return {
"status": 200,
"content_type": "application/json",
"body": json.dumps({
"threads": threads,
"posts": posts,
"upvote_threads": upvote_threads,
"blocks": {"mine": my_blocks, "peers": my_peer_blocks},
"retractions": retracted,
"known_peers": known_peers,
}),
"headers": {},
}
def handle_sync_add_instance(self, body):
"""Add instance for sync (from moderation page action)."""
return self.handle_sync_add(body)
# --- Router ---
def _with_csrf(self, resp, csrf_token):
resp.setdefault("headers", {})
if resp.get("content_type", "").startswith("text/html"):
resp["headers"]["Set-Cookie"] = (
f"_csrf={csrf_token}; SameSite=Strict; HttpOnly; Path=/forum"
)
return resp
def handle(self, method, path, query, body, cookies=None):
csrf_token = (cookies or {}).get("_csrf", "")
if not csrf_token:
csrf_token = secrets.token_hex(32)
self._request_local.csrf_token = csrf_token
if not path.startswith("/forum"):
return self._with_csrf(self._error(404), csrf_token)
sub = path[len("/forum"):]
if method == "GET":
if sub == "" or sub == "/":
return self._with_csrf(self.handle_list(query), csrf_token)
elif sub == "/new":
return self._with_csrf(self.handle_new_form(), csrf_token)
elif sub == "/moderation":
return self._with_csrf(self.handle_moderation(), csrf_token)
elif sub.startswith("/t/"):
tid = sub[3:]
if tid.endswith("/upvote"):
return self._with_csrf(self.handle_upvote(tid[:-7], {}), csrf_token)
elif tid.endswith("/edit"):
return self._with_csrf(self.handle_edit_form(tid[:-5]), csrf_token)
return self._with_csrf(self.handle_thread(tid, query), csrf_token)
elif sub.startswith("/retract/"):
rest = sub[9:]
if "/post/" in rest:
tid, pid = rest.split("/post/", 1)
return self._with_csrf(self.handle_retract_post(pid, tid), csrf_token)
return self._with_csrf(self.handle_retract_thread(rest), csrf_token)
elif sub.startswith("/mute/"):
return self._with_csrf(self.handle_mute(sub[6:]), csrf_token)
elif sub.startswith("/unmute/"):
return self._with_csrf(self.handle_unmute(sub[8:]), csrf_token)
elif sub.startswith("/blockhash/"):
return self._with_csrf(self.handle_block_hash(sub[11:]), csrf_token)
elif sub == "/sync/now":
return self._with_csrf(self.handle_sync_now(), csrf_token)
elif method == "POST":
if not self._check_csrf(body):
return self._with_csrf(
self._respond("<h1>403 Forbidden</h1>", status=403), csrf_token
)
if sub == "/new":
return self._with_csrf(self.handle_new_submit(body), csrf_token)
elif sub.startswith("/t/"):
rest = sub[3:]
if rest.endswith("/edit"):
tid = rest[:-5]
return self._with_csrf(self.handle_edit_submit(tid, body), csrf_token)
if "/reply" in rest:
tid = rest.split("/reply")[0]
return self._with_csrf(self.handle_reply(tid, body), csrf_token)
elif rest.endswith("/upvote"):
tid = rest[:-7]
return self._with_csrf(self.handle_upvote(tid, body), csrf_token)
elif sub.startswith("/mute/"):
return self._with_csrf(self.handle_mute(sub[6:]), csrf_token)
elif sub.startswith("/unmute/"):
return self._with_csrf(self.handle_unmute(sub[8:]), csrf_token)
elif sub == "/block":
return self._with_csrf(self.handle_block(body), csrf_token)
elif sub == "/unblock":
return self._with_csrf(self.handle_unblock(body), csrf_token)
elif sub == "/filters":
return self._with_csrf(self.handle_filters(body), csrf_token)
elif sub == "/sync/add":
return self._with_csrf(self.handle_sync_add(body), csrf_token)
elif sub == "/unsync":
return self._with_csrf(self.handle_unsync(body), csrf_token)
elif sub == "/auto_discover":
return self._with_csrf(self.handle_auto_discover(body), csrf_token)
elif sub == "/storage":
return self._with_csrf(self.handle_storage(body), csrf_token)
elif sub == "/auto_sync":
return self._with_csrf(self.handle_auto_sync(body), csrf_token)
return self._with_csrf(self._error(404), csrf_token)
def handle_sync(self, data):
"""Entry point for incoming RNS sync requests."""
return self.handle_sync_request(data)
Reference in a new issue View git blame Copy permalink