1
0
Fork 0
mirror of https://gitlab.com/SIGBUS/nyaa.git synced 2024-12-22 03:19:59 +00:00
Commit graph

603 commits

Author SHA1 Message Date
nyaadev 2e2e741d0f fix migration, add server_default for boolean 2019-01-24 12:31:48 +01:00
Alex Headley 18ebf134d5 feature: docker development environment (#544)
Add docker support

It's self-contained so should not interfere with anything else and can easily be thrown out if nobody wants it anymore.
2019-01-15 18:02:59 +01:00
Nicolas F a6d800b4ca templates: move icon_dir set outside of the loop
Someone put this inside the loop despite it essentially being
constant. Probably makes immeasurably little difference perf-wise,
but why not fix it anyway.
2019-01-12 20:15:15 +01:00
Anna-Maria Meriniemi 8365894268 config: add anonymous upload/registration limiting (#537) 2019-01-02 03:40:56 -08:00
AC e4780aa47d Replace leechers-paradise with desync (#536) 2018-12-13 18:05:26 -08:00
A nyaa developer 4fea839f51
fix user preferences from #515 (#532) 2018-12-06 15:47:08 +01:00
doge e04bbdfbf9 Replaced spaces with tabs 2018-11-20 13:45:31 +01:00
doge 92ca3a577f Generate database migration script 2018-11-20 13:45:31 +01:00
doge 3190394eea Comment Hiding
This commit adds the ability hide comments on torrent pages, and a user
preferences tab to allow registered users to make this the default
behavior.
2018-11-20 13:45:31 +01:00
Nicolas F 18bdf465f7 requirements: update dependencies for newer python
Apparently, when running things with Python 3.7, these three
dependencies ran into build issues with a renamed struct field.
Upgrading them seems to fix the issue, and hopefully keeps them
working with Python 3.6 as well.
2018-11-11 02:52:33 +01:00
Nalapl3 eabe13e20a Add amount of comments to RSS (#528)
Closes #496.
2018-10-27 17:17:13 +03:00
Nicolas F c967b831c6 backend: blacklist Windows reserved filenames (#527)
Windows has a few special filenames that it does not allow the
explorer.exe and command line to see, but can still be created by
applications. This is due to some jank DOS compatibility.

These filenames can be abused to troll Windows users, so we should
probably blacklist them.
2018-10-27 17:13:44 +03:00
TheAMM b2ddba994c Fix open redirect (#519)
The funny thing is that we don't even use this anywhere, and the
referrer is useless on forms. But hey, maybe someday.
2018-09-16 21:16:35 +03:00
Anna-Maria Meriniemi 8c892f09cc config/forms: allow blacklisting email servers by IP (#518)
Adds a new config entry (EMAIL_SERVER_BLACKLIST, tuple of IPv4 addresses
as strings) and an email validator for registering, which will query all
the MX records for the domain and reject the registration if any of the
A records for any of the MX records are found in the blacklist.
If the query fails, the blacklist is ignored; the email is accepted.
2018-08-20 11:29:30 -07:00
Nicolas F 86b7eb7ccd Revert "Make blue info bubble dismissible, configurable (#508)"
This reverts commit 62ec8a5236.
2018-08-03 04:34:19 +02:00
Nicolas F 62ec8a5236 Make blue info bubble dismissible, configurable (#508)
Infobubble text is now in a separate file, along with a timestamp,
so that changes to it don't result in merge conflicts too often.

We also add some JS to make the bubble dismissible, keeping track
of the last timestamp that was dismissed in localstorage.
2018-08-02 19:16:28 -07:00
TheAMM bf090c0fab torrents: clean up & optimize magnets further
Removes the specialized template ES magnet creator, since create_magnet()
can use both Torrents and ES objects. Search results will get the
properly escaped magnets, now.
Slightly optimizes the tracker adding and string joins.
RIP base32, wonder how many bad clients will break with sha1.
2018-07-21 22:06:58 +03:00
Tadeo Kondrak ef7ff1b9ce Add torrent counter on profile page (#409) (#513) 2018-07-17 14:52:54 +03:00
TheAMM 2bf96196cb torrents: Clean up magnet URI quotation
A cosmetic change.
Swapping quote_via to quote, we don't convert spaces to pluses, keeping
the name intact (which only mattered until peers send the metadata).
2018-07-15 04:40:07 +03:00
Nicolas F bd419c5d39 Add 1 hour cache to magnet URIs (#503)
Using Flask-Caching, we can memoize the magnet_uri method. Here, a
timeout of 1 hour is chosen, though that value can be fiddled with.

The cache is defined in extensions.py, but gets initialised in
__init__.py.
2018-07-10 01:22:49 -07:00
Anna-Maria Meriniemi 5c8b119611 config: Add Elasticsearch hosts (#492) 2018-07-09 22:26:23 -07:00
Nicolas F 56a670977e [Config Change] Various Gravatar-related changes (#467)
* Add config option to enable/disable gravatar

This is useful when running a development instance behind a firewall
or NAT, where gravatar cannot reach you to serve up the default user
avatar.

* Pregenerate Gravatar default image URLs

If possible (i.e. SERVER_NAME is set), we can pregenerate the constant
gravatar default URL once at application startup, and re-use that,
as url_for calls are surprisingly expensive.

Especially on torrent view pages with lots of comments, this cuts down
on url_for calls massively, saving on my system about 0.3 ms per call.
2018-07-09 22:20:26 -07:00
Nicolas F e892f358e8 users: activation button improvements (#506)
Now uses flask.flash to give the person who clicks it feedback
when it's clicked, because caching may make things confusing.

Also only activate a user if they're inactive, as again, caching
can lead to staff pressing the button multiple times in a row,
leading to unnecessary log messages.
2018-07-09 22:15:19 -07:00
Nicolas F 8644472533 Add registration IP (#507)
This will keep track of which IP a user has registered from, to
prevent evading rangebans. It will only be shown to admins.
2018-07-09 22:14:45 -07:00
Nicolas F a38e5d5b53 Implement range bans (#478)
* Implement range bans

People connecting from banned IP ranges are unable to upload
torrents anonymously, and need to manually have their accounts
activated.

This adds a new table "rangebans", and a command line utility,
"rangeban.py", which can be used to add, list and remove rangebans
from the command line.

As an example:

./rangeban.py ban 192.168.0.0/24

This would rangeban anything in this /24.

The temporary_tor column allows automated scripts to clean out and
re-add ever-changing sets of ranges to be banned without affecting
the other ranges.

This has only been tested for IPv4.

* Revise Rangebans

Add an id column, and change "temporary_tor" to "temp". Also
index masked_cidr and mask.

* rangebans: fix enabled and the binary op

kill me

* Add enabling/disabling bans to rangeban.py

* rangebans: fail earlier on garbage arguments

* rangebans: fix linter errors

* rangeban.py: don't shadow builtin keyword 'id'

* rangebans: change temporary ban logic, column

The 'temp' column is now a nullable time column. If the field is
null, the ban is understood to be permanent. If there is a time
in there, it's understood to be the creation time of the ban.

This allows scripts to e.g. delete all temporary bans older than
a certain amount of time.

Also, rename the '_cidr_string' column to 'cidr_string', because
reasons.

* rangeban.py: use ip_address to parse CIDR subnet

* rangebans: fixes to the mask calculation and query

Both were not bugs per-se, but just technically not needed/correct.

* De-meme apparently
2018-06-29 20:15:04 -07:00
Nicolas F f04e0fd2ae comments: fix editing for users with a CAPTCHA (#502)
* comments: fix editing for users with a CAPTCHA

My bad!

* Update help.html
2018-06-16 16:57:14 -07:00
Anna-Maria Meriniemi bc1901baa5 ES: implement real substring matching (#500)
...by splitting input into characters, instead of whitespace delimited
words. This means you can now match partial words, real substrings from
anywhere: "foo ba" will match "Foo Bar Baz", while previously you had to
have full words ("foo bar") to match anything.

My dev setup incurred an 8% increase in storage usage, from ~13MB to
~14MB (for ~40k torrents).
Small change, big improvement. Wonder why I didn't do this at first.
2018-06-08 00:59:19 -07:00
Edward Betts d407f09cab Correct spelling mistakes. (#495) 2018-05-28 04:54:54 -07:00
Kcchouette b999f8d39f Fix availiable → available (#491) 2018-05-14 02:36:26 -07:00
Nicolas F bb9a62f71b user page: add manual activation button for mods (#472)
* user page: add manual activation button for mods

Moderators can press this button on inactive users to manually
activate their accounts.

Furthermore, the admin form code has been refactored a bit, reducing
some code duplication.
2018-05-10 18:57:59 -07:00
Anna-Maria Meriniemi 59db958977 ES: delimit words before ngram, optimize tokens (#487)
Before, long.tokens.with.dots.or.dashes would get edgengrammed up to the
ngram limit, so we'd get to long.tokens.wit which would then be split -
discarding "with.dots.or.dashes" completely. The fullword index would
keep the complete large token, but without any ngramming, so incomplete
searches (like "tokens") would not match it, only the full token.

Now, we split words before ngramming them, so the main index will
properly handle words up to the ngram limit. The fullword index will
still handle the longer words for non-ngram matching.

Also optimized away duplicate tokens from the indices (since we rely on
boolean matching, not scoring) to save a couple megabytes of space.
2018-04-28 18:09:40 -07:00
Alex Ingram 8f4202c098 Improve mobile user experience. 2018-04-24 23:19:14 -05:00
Alex Ingram 8498ff8e62 Fix torrent index on narrow viewports. (#484)
people should get bigger monitors
2018-04-23 15:47:18 -07:00
tohsa 7a494f26de Small changes to README.MD and .gitignore (#476)
* added es_sync_config.json and minified js to .gitignore

* reordered README.md to reflect that MySQL Binlogging must be enabled before running import_to_es.py
2018-04-23 00:27:09 -07:00
Anna-Maria Meriniemi 0cc25c3569
[ES] Improve search term preprocessing to include literal groups (#477)
* Extend ES term preprocessing for OR groups

Implements handling "foo"|"bar" literal OR groups in the Elasticsearch
term preprocessor. Groups can be negated with -, but don't mesh with
precedence (like plain literals).

This is a partial hack, the real solution would be to parse the entire
search terms ourselves, with AND and OR groups, negations etc. But
having that work neatly with the simple_query_string would be bit of a
hassle.

* Update help.html search tips

since search (quoting strings) has changed a bit.
2018-04-15 09:53:36 +03:00
Anna-Maria Meriniemi 0b78428abc [ES Change] Improve Elasticsearch term quoting (#473)
* Optimize Elasticsearch fullword field

Since the main display_name field ngrams words up to 15 characters,
anything to and under that will already be indexed - the fullword field
(which we have for words longer than 15 characters) needs to index only
words longer than that.

* Preprocess ES terms for better literal matching

This commit adds a new .exact subfield to display_name, which holds a
barely-filtered version of the original title we can do "literal"
matching against. This is not real substring matching, but quoting
terms now actually does something!

Implements a simple preprocessor for the search terms to extract quoted
parts from the search terms, optionally prefixed with - to negate them.
The preprocessor will create a query that'll join all three query-types:
the simple_query_string, must-phrases and must-not-phrases.
2018-04-13 17:06:25 -07:00
nyaadev 8f9400bb5f Revert "[Schema change] Torrents flags bitflag column to indexed columns (#471)"
This reverts commit 41a2a32f66.

Performs worse in some cases than what we had before.
2018-04-08 08:36:42 +02:00
A nyaa developer 41a2a32f66 [Schema change] Torrents flags bitflag column to indexed columns (#471)
* convert torrent table flags column from bitflag to independent indexed columns

* elasticsearch integration (untested)

* improve performance
2018-04-07 22:44:53 -07:00
Nicolas F c786bd20f8 Fix nuke button prompt (#469)
Hitting the cancel button does not return "", but null. Therefore
the toLowerCase() fails, and throwing an exception means "sure go
ahead submitting this" to JS for some godforsaken reason.

Just remove the toLowerCase for now, have people type the names
properly.
2018-04-04 23:32:04 +02:00
Nicolas F 291f859a4f Use Flask-Assets to minify self-hosted JS files (#468)
* Use Flask-Assets to minify self-hosted JS files

By having Flask-Assets minify the two JS files we ship, namely
main.js and bootstrap-select.js, we can shave off 28406 bytes.

The minified files are generated on startup. If one wishes to
manually clean them up or build them, they can use the
"flask assets" management command, e.g. "flask assets clean".

* Workaround to fix tests

State carries over in tests, which is the dumbest shit ever. Fix it
by clearing the bundles before setting them.
2018-04-04 16:02:05 +02:00
Arylide 03094b6d36 Commit editing time 2018-04-02 13:18:39 -07:00
nyaadev f1bab93a94 fix two bugs and a minor issue 2018-04-02 22:06:41 +02:00
Nicolas F 60ce4ec3f1 Implement comment locking (#439)
* Implement comment locking

This adds a new flags to torrents, which is only editable by
moderators and admins. If checked, it does not allow unprivileged
users to post, edit or delete comments on that torrent.

* Rename "locked" to "comment_locked".

* Shorter button and additional words on alt text

* Admin log: Change comment locking message

dude I love bikeshedding xd

* Bikeshedding over admin log messages

* >&
Also some bikeshedding
2018-03-25 17:03:49 -07:00
Nicolas F 2b5f9922e9 Add rel="prev"/"next" attribs on pagination (#462) 2018-03-25 16:32:03 -07:00
Nicolas F ad5ea6d91e Use rel attributes on links in the info field (#463) 2018-03-25 16:30:57 -07:00
Nicolas F e9b1f6a6c4 Add some rel attributes to links inside markdown (#461)
I currently don't differentiate between "trusted" markdown and
untrusted, but this should be good enough. Basically tells the
browser not to send a referrer, and (not sure if relevant here)
not to expose a window opener object. Also tells search engines
that the link is not endorsed with "nofollow".
2018-03-25 16:30:07 -07:00
Nicolas F dd4510f371 Fix user page ban list styling for multiple bans (#460)
Change each ban to be a bullet point in an unordered list.
2018-03-25 16:27:28 -07:00
Nicolas F c405f49eb6 Redo nuke functionality (#459)
This started out as a simple rebase, but then I rebased the wrong
branches and it all got confusing, so here it is as a new dank
commit.

We now have an @admin_only decorator, and we ask for confirmation
before we nuke. We can also see the nuke button when users are
banned, and nuking is a separate endpoint with a separate form.

Additionally, it now uses the new tracker API.
2018-03-25 16:24:44 -07:00
TheAMM 81806d7bc9 Pad info_hash in ElasticSearch sync scripts
python-mysql-replication (or PyMySQL) would return less than 20 bytes
for info-hashes that had null bytes near the end, leaving incomplete
hashes in the ES index. Without delving too deep into the real issue
(be it lack of understanding MySQL storing binary data or a bug in
the libraries), thankfully we can just pad the fixed-size info-hashes
to be 20 bytes.

Padding in import_to_es.py may be erring on the side of caution, but
safe is established to be better than sorry.

(SQLAlchemy is unaffected by this bug)

Fixes #456
2018-02-25 15:12:35 +02:00
Arylide 0b98b2454a New help section for IRC and some prod changes I never put in the repo because lazy. 2018-02-22 23:23:53 -08:00