implement permanent deletion, make user profile migration reversible

.gitignore

@@ -18,3 +18,4 @@ config/
 node_modules/
 alembic.ini
 **.egg-info
+.vscode

CHANGELOG.md

@@ -2,9 +2,12 @@
 
 ## 0.10.0
 + Codebase refactor (with breaking changes!)
++ Dropped support for Python<=3.9
 + Move ALL config to .env (config.py is NO MORE supported)
 + Config SITE_NAME replaced with APP_NAME
 + Add CSRF token and flask_WTF
++ Schema changes: biography and website moved to `User`; `UserProfile` table deprecated (and useless fields removed)
++ Posts can now be permanently deleted
 
 ## 0.9.0
 

src/coriplus/__init__.py

@@ -24,7 +24,7 @@ from flask_wtf import CSRFProtect
 import dotenv
 import logging
 
-__version__ = '0.10.0-dev45'
+__version__ = '0.10.0-dev47'
 
 # we want to support Python 3.10+ only.
 # Python 2 has too many caveats.
@@ -63,7 +63,7 @@ def before_request():
     try:
         g.db.connect()
     except OperationalError:
-        logger.error('database connected twice.\n')
+        logger.error('database connected twice')
 
 @app.after_request
 def after_request(response):

src/coriplus/models.py

@@ -23,6 +23,8 @@ from . import BASEDIR
 database = connect(os.environ['DATABASE_URL'])
 
 class BaseModel(Model):
+    id = AutoField(primary_key=True)
+
     class Meta:
         database = database
 

src/coriplus/templates/confirm_delete.html

@@ -16,7 +16,7 @@
   </ul>
 
   <form method="POST">
-  <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+    <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
     <input type="submit" value="Delete">
   </form>
 </div>

src/coriplus/website.py

@@ -239,12 +239,15 @@ def edit(id):
 
 @bp.route('/delete/<int:id>', methods=['GET', 'POST'])
 def confirm_delete(id):
-    user = get_current_user()
+    user: User = current_user
-    message = get_object_or_404(Message, Message.id == id)
+    message: Message  = get_object_or_404(Message, Message.id == id)
     if message.user != user:
         abort(404)
     if request.method == 'POST':
-        abort(501, 'CSRF-Token missing.')
+        if message.user == user:
+            message.delete_instance()
+            flash('Your message has been deleted forever')
+            return redirect(request.args.get('next', '/'))
     return render_template('confirm_delete.html', message=message)
 
 # Workaround for problems related to invalid data.

src/migrations/002_move_columns_from_userprofile.py

@@ -70,6 +70,11 @@ def rollback(migrator: Migrator, database: pw.Database, *, fake=False):
         facebook=pw.TextField(null=True),
         telegram=pw.TextField(null=True))
 
+    migrator.sql("""
+    UPDATE "userprofile" SET biography = (SELECT p.biography FROM user p WHERE p.user_id = id LIMIT 1), 
+    website = (SELECT p.website FROM user p WHERE p.user_id = id LIMIT 1);
+    """)
+
     migrator.remove_fields('user', 'biography', 'website')
 
     migrator.change_fields('user', username=pw.CharField(max_length=255, unique=True))