improved 404 handling, added mod tools page (stub), CSS .warning, outlawed some usernames

2025-07-08 01:01:50 +02:00 · 2025-07-08 01:01:50 +02:00 · b0c815ea0a
commit b0c815ea0a
parent 793c0b6612
17 changed files with 236 additions and 34 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -3,11 +3,12 @@
 ## 0.4.0
 - Added dependency to [SUOU](https://github.com/sakuragasaki46/suou) library
- Added user blocks
+- Users can now block each other
    + Blocking a user prevents them from seeing your comments, posts (standalone or in feed) and profile
 - Added user strikes: a strike logs the content of a removed message for future use
 - Posts may now be deleted by author. If it has comments, comments are not spared
 - Moderators (and admins) have now access to mod tools
 - Implemented guild subscriptions
    + Blocking a user prevents them from seeing your comments, posts (standalone or in feed) and profile
 - Added ✨color themes✨
 - Users can now set their display name, biography and color theme in `/settings`
--- a/README.md
+++ b/README.md
@ -1,3 +1,44 @@
 # Freak
-(´ω\`)
+> \~(´ω\`)\~
 > (Josip Broz Tito, possibly)
 **Freak** (as in extremely interested into something, NOT as in predator) is a in-development FOSS and sovereign alternative to Reddit (and an attempt to revive Ruqqus from scratch). The socio-moral reasons are beyond the scope of this README.
 ## Installation
 * First make sure you have these requirements:
    * Unix-like OS (Docker container, Linux or MacOS are all good).
    * **Python** >=3.10. Recommended to use a virtualenv (unless in Docker lol).
    * **PostgreSQL** at least 16.
    * **Redis**/Valkey (as of 0.4.0 unused in codebase).
    * A server machine with a public IP address and shell access (mandatory for production, optional for development/staging).
    * A reverse proxy listening on ports 80 and 443. Reminder to set `APP_IS_BEHIND_PROXY=1` in `.env` !!!
    * Electricity.
    * Will to not give up.
 * Clone this repository.
 * Fill in `.env` with the necessary information.
    * `DOMAIN_NAME` (you must own it. Don't have? `.xyz` are like $2 or $3 on Namecheap[^1])
    * `APP_NAME`
    * `DATABASE_URL` (hint: `postgresql://username:password@localhost/dbname`)
    * `SECRET_KEY` (you can generate one with the command `cat /dev/random | tr -dc A-Za-z0-9_. | head -c 56`)
    * `PRIVATE_ASSETS` (you must provide the icon stylesheets here. Useful for custom CSS / scripts as well)
    * `APP_IS_BEHIND_PROXY` (mandatory if behind reverse proxy or NAT)
 * ...
 [^1]: Namecheap is an American company. Don't trust American companies.
 ## FAQ
 ...
 ## License
 Licensed under the [Apache License, Version 2.0](LICENSE), a non-copyleft free and open source license.
 This is a hobby project, made available “AS IS”, with __no warranty__ express or implied.
 I (sakuragasaki46) may NOT be held accountable for Your use of my code.
 > It's pointless to file a lawsuit because you feel damaged, and it's only going to turn against you. What a waste of money you could have spent on a vacation or charity, or invested in stocks.
--- a/freak/init.py
+++ b/freak/init.py
@ -5,7 +5,7 @@ from sqlite3 import ProgrammingError
 from typing import Any
 import warnings
 from flask import (
-    Flask, g, render_template,
+    Flask, g, redirect, render_template,
    request, send_from_directory, url_for
 )
 import os
@ -21,7 +21,7 @@ from werkzeug.middleware.proxy_fix import ProxyFix
 from suou.configparse import ConfigOptions, ConfigValue
-from freak.colors import color_themes, theme_classes
+from .colors import color_themes, theme_classes
 __version__ = '0.4.0-dev27'
@ -131,8 +131,18 @@ def error_400(body):
 def error_403(body):
    return render_template('403.html'), 403
 from .search import find_guild_or_user
@app.errorhandler(404)
 def error_404(body):
    try:
        if mo := re.match(r'/([a-z0-9_-]+)/?', request.path):
            alternative = find_guild_or_user(mo.group(1))
            if alternative is not None:
                return redirect(alternative), 302
    except Exception as e:
        warnings.warn(f'Exception in find_guild_or_user: {e}')
        pass
    return render_template('404.html'), 404
@app.errorhandler(405)
--- a/freak/ajax.py
+++ b/freak/ajax.py
@ -8,7 +8,7 @@ AJAX hooks for the website.
 import re
 from flask import Blueprint, abort, flash, redirect, request
 from sqlalchemy import delete, insert, select
-from .models import Guild, Member, UserBlock, db, User, Post, PostUpvote
+from .models import Guild, Member, UserBlock, db, User, Post, PostUpvote, username_is_legal
 from flask_login import current_user, login_required
 current_user: User
@ -18,7 +18,7 @@ bp = Blueprint('ajax', __name__)
@bp.route('/username_availability/<username>')
@bp.route('/ajax/username_availability/<username>')
 def username_availability(username: str):
-    is_valid = re.fullmatch('[a-z0-9_-]+', username) is not None
+    is_valid = username_is_legal(username)
    if is_valid:
        user = db.session.execute(select(User).where(User.username == username)).scalar()
@ -30,7 +30,7 @@ def username_availability(username: str):
    return {
        'status': 'ok',
        'is_valid': is_valid,
-        'is_available': is_available,
+        'is_available': is_available
    }
@bp.route('/guild_name_availability/<username>')
@ -47,7 +47,7 @@ def guild_name_availability(name: str):
    return {
        'status': 'ok',
        'is_valid': is_valid,
-        'is_available': is_available,
+        'is_available': is_available
    }
@bp.route('/comments/<b32l:id>/upvote', methods=['POST'])
--- a/freak/models.py
+++ b/freak/models.py
@ -6,6 +6,7 @@ from collections import namedtuple
 import datetime
 from functools import partial
 from operator import or_
 import re
 from threading import Lock
 from sqlalchemy import Column, Integer, String, ForeignKey, UniqueConstraint, text, \
    CheckConstraint, Date, DateTime, Boolean, func, BigInteger, \
@ -62,6 +63,26 @@ REPORT_UPDATE_COMPLETE = 1
 REPORT_UPDATE_REJECTED = 2
 REPORT_UPDATE_ON_HOLD = 3
 USERNAME_RE = r'[a-z2-9_-][a-z0-9_-]+'
 ILLEGAL_USERNAMES = (
    ## reserved for masspings and administrative claims
    'me', 'everyone', 'here', 'admin', 'mod', 'modteam', 'moderator', 'sysop', 'room', 'all', 'any', 'nobody', 'deleted', 'suspended', 'owner', 'administrator', 'ai',
    ## law enforcement corps and slurs because yes
    'pedo', 'rape', 'rapist', 'nigger', 'retard', 'ncmec', 'police', 'cops', '911', 'childsafety', 'report', 'dmca'
 )
 def username_is_legal(username: str) -> bool:
    if len(username) < 2 or len(username) > 100:
        return False
    if re.fullmatch(USERNAME_RE, username) is None:
        return False
    if username in ILLEGAL_USERNAMES:
        return False
    return True
 ## END constants and enums
 Base = declarative_base(app_config.domain_name, app_config.secret_key, 
@ -259,6 +280,21 @@ class User(Base):
    def strike_count(self) -> int:
        return db.session.execute(select(func.count('*')).select_from(UserStrike).where(UserStrike.user_id == self.id)).scalar()
    def moderates(self, gu: Guild) -> bool:
        ## owner
        if gu.owner_id == self.id:
            return True
        ## admin or global mod
        if self.is_administrator:
            return True
        memb = db.session.execute(select(Member).where(Member.user_id == self.id, Member.guild_id == gu.id)).scalar()
        if memb is None:
            return False
        return memb.is_moderator
        ## TODO check banship?
 # UserBlock table is at the top !!
 ## END User
--- a/freak/search.py
+++ b/freak/search.py
@ -2,8 +2,11 @@
 from typing import Iterable
 from flask import flash, g
 from sqlalchemy import Column, Select, select, or_
 from .models import Guild, User, db
 class SearchQuery:
    keywords: Iterable[str]
@ -23,3 +26,25 @@ class SearchQuery:
            sq = sq.where(or_(*or_cond) if len(or_cond) > 1 else or_cond[0])
        return sq
 def find_guild_or_user(name: str) -> str | None:
    """
    Used in 404 error handler.
    Returns an URL to redirect or None for no redirect.
    """
    if hasattr(g, 'no_user'):
        return None
    gu = db.session.execute(select(Guild).where(Guild.name == name)).scalar()
    if gu is not None:
        flash(f'There is nothing at /{name}. Luckily, a guild with name {gu.handle()} happens to exist. Next time, remember to add + before!')
        return gu.url()
    user = db.session.execute(select(User).where(User.username == name)).scalar()
    if user is not None:
        flash(f'There is nothing at /{name}. Luckily, a user named {user.handle()} happens to exist. Next time, remember to add @ before!')
        return user.url()
    return None
--- a/freak/static/sass/base.sass
+++ b/freak/static/sass/base.sass
@ -26,7 +26,8 @@
    --light-text-alt: #444
    --light-border: #999
    --light-success: #73af00
-    --light-error: #e04433
+    --light-error: #e04830
    --light-warning: #dea800
    --light-canvas: #eaecee
    --light-background: #f9f9f9 
    --light-bg-sharp: #fdfdff
@ -35,7 +36,8 @@
    --dark-text-alt: #c0cad3
    --dark-border: #777
    --dark-success: #93cf00
-    --dark-error: #e04433
+    --dark-error: #e04830
    --dark-warning: #dea800
    --dark-canvas: #0a0a0e
    --dark-background: #181a21 
    --dark-bg-sharp: #080808
@ -51,6 +53,7 @@
    --border: var(--light-border)
    --success: var(--light-success)
    --error: var(--light-error)
    --warning: var(--light-warning)
    --canvas: var(--light-canvas)
    --background: var(--light-background)
    --bg-sharp: var(--light-bg-sharp)
@ -62,6 +65,7 @@
        --border: var(--dark-border)
        --success: var(--dark-success)
        --error: var(--dark-error)
        --warning: var(--dark-warning)
        --canvas: var(--dark-canvas)
        --background: var(--dark-background)
        --bg-sharp: var(--dark-bg-sharp)
@ -72,6 +76,7 @@
    --border: var(--light-border)
    --success: var(--light-success)
    --error: var(--light-error)
    --warning: var(--light-warning)
    --canvas: var(--light-canvas)
    --background: var(--light-background)
    --bg-sharp: var(--light-bg-sharp)
@ -82,6 +87,7 @@
    --border: var(--dark-border)
    --success: var(--dark-success)
    --error: var(--dark-error)
    --warning: var(--dark-warning)
    --canvas: var(--dark-canvas)
    --background: var(--dark-background)
    --bg-sharp: var(--dark-bg-sharp)
@ -186,3 +192,17 @@ img
 .faint
    opacity: .75
    strong &
        font-weight: 400
 .callout
    color: var(--text-alt)
 .success
    color: var(--success)
 .error
    color: var(--error)
 .warning
    color: var(--warning)
--- a/freak/static/sass/content.sass
+++ b/freak/static/sass/content.sass
@ -14,15 +14,6 @@ blockquote
        padding-right: 1em
        border-right: 4px solid var(--border)
 .callout
    color: var(--text-alt)
 .success
    color: var(--success)
 .error
    color: var(--error)
 .message-content
    p
        margin: 4px 0
--- a/freak/static/sass/layout.sass
+++ b/freak/static/sass/layout.sass
@ -378,3 +378,12 @@ button.card
    margin: 12px auto
    font-size: 36px
    text-align: center
 textarea.create_text
    min-height: 8em
    // specificity ew //
    form.boundaryless &
        min-height: 8em
--- a/freak/templates/feed.html
+++ b/freak/templates/feed.html
@ -3,10 +3,6 @@
 {% from "macros/title.html" import title_tag with context %}
 {% from "macros/nav.html" import nav_guild, nav_top_communities with context %}
 {# set feed_title = 'For you' if feed_type == 'foryou' and not feed_title %}
 {% set feed_title = 'Explore' if feed_type == 'explore' and not feed_title #}
 {% block title %}
 {{ title_tag(feed_title) }}
 {% endblock %}
@ -24,7 +20,7 @@
 	{{ nav_guild(guild) }}
  {% endif %}
-  <aside class="card">
+  <aside class="card nomobile">
 	<h3>Don’t miss a post!</h3>
 	<ul>
 	  <li><strong><a id="notificationEnabler" href="#">Enable notifications</a></strong> to continue staying with us 😉</li>
@ -42,13 +38,11 @@
 	{% endfor %}
 	{% if l.has_next %}
-	    {{ stop_scrolling(l.page) }}
+	  {{ stop_scrolling(l.page) }}
 	{% else %}
 		{{ no_more_scrolling(l.page) }}
 	{% endif %}
  </ul>
  {# TODO: pagination #}
 {% endblock %}
 {% block scripts %}
--- a/freak/templates/guildsettings.html
+++ b/freak/templates/guildsettings.html
@ -0,0 +1,29 @@
 {% extends "base.html" %}
 {% from "macros/title.html" import title_tag with context %}
 {% from "macros/create.html" import checked_if with context %}
 {% block title %}{{ title_tag('Settings for ' + gu.handle()) }}{% endblock %}
 {% block heading %}
 <h1><span class="faint">Settings:</span> {{ gu.handle() }}</h1>
 {% endblock %}
 {% block content %}
 <form method="POST">
  <input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
  <section class="card">
    <h2>Community Identity</h2>
    <div>
      <label for="GS__display_name">Display name:</label>
      <input type="text" name="display_name" id="GS__display_name" value="{{ gu.display_name or '' }}" />
    </div>
    <div>
      <label for="GS__description">Description:</label>
      <textarea name="description" id="GS__description">{{ gu.description or '' }}</textarea>
    </div>
    <div>
      <button type="submit" class="primary">Save</button>
    </div>
  </section>
 </form>
 {% endblock %}
--- a/freak/templates/macros/nav.html
+++ b/freak/templates/macros/nav.html
@ -14,6 +14,9 @@
 	</ul>
  </aside>
  {% if current_user.is_authenticated %}
  {% if current_user.moderates(gu) %}
  <a href="{{ gu.url() }}/settings"><button class="card">{{ icon('settings') }} Mod Tools</button></a>
  {% endif %}
  {{ subscribe_button(gu, gu.has_subscriber(current_user)) }}
  {% endif %}
 {% endmacro %}
--- a/freak/templates/singledelete.html
+++ b/freak/templates/singledelete.html
@ -16,7 +16,7 @@
      <p>You are about to delete <u>permanently</u> <a href="{{ p.url() }}">your post on {{ p.topic_or_user().handle() }}</a>.</p>
      {% call callout('spoiler', 'error') %}This action <u><b>cannot be undone</b></u>.{% endcall %}
      {% if (p.comments | count) %}
-      {% call callout('spoiler') %}Your post has <strong>{{ (p.comments | count) }} comments</strong>.  Your post will be deleted <u>along with ALL the comments</u>.{% endcall %}
+      {% call callout('spoiler', 'warning') %}Your post has <strong>{{ (p.comments | count) }} comments</strong>.  Your post will be deleted <u>along with ALL the comments</u>.{% endcall %}
      {% endif %}
    </div>
    <div>
--- a/freak/templates/usersettings.html
+++ b/freak/templates/usersettings.html
@ -15,11 +15,9 @@
  <h2>Identification</h2>
    <div><label for="US__display_name">Full name:</label>
      <input type="text" name="display_name" id="US__display_name" value="{{ current_user.display_name or '' }}" />
    </div>
    <div><label for="US__biography">Bio:</label>
      <textarea name="biography" id="US__biography">{{ current_user.biography or '' }}</textarea>
    </div>
    <div>
      <button type="submit" class="primary">Save</button>
--- a/freak/website/init.py
+++ b/freak/website/init.py
@ -20,6 +20,9 @@ blueprints.append(bp)
 from .delete import bp
 blueprints.append(bp)
 from .moderation import bp
 blueprints.append(bp)
 from .about import bp
 blueprints.append(bp)
--- a/freak/website/accounts.py
+++ b/freak/website/accounts.py
@ -1,3 +1,6 @@
 from __future__ import annotations
 import os, sys
 import re
 import datetime
@ -10,6 +13,8 @@ from ..utils import age_and_days
 from sqlalchemy import select, insert
 from werkzeug.security import generate_password_hash
 current_user: User
 bp = Blueprint('accounts', __name__)
@bp.route('/login', methods=['GET', 'POST'])
@ -112,12 +117,13 @@ COLOR_SCHEMES = {'dark': 2, 'light': 1, 'system': 0, 'unset': 0}
@login_required
 def settings():
    if request.method == 'POST':
-        user: User = current_user
+        changes = False
        user = current_user
        color_scheme = COLOR_SCHEMES[request.form.get('color_scheme')] if 'color_scheme' in request.form else None
        color_theme = int(request.form.get('color_theme')) if 'color_theme' in request.form else None
        biography = request.form.get('biography')
        display_name = request.form.get('display_name')
-        changes = False
+        
        if display_name and display_name != user.display_name:
            changes, user.display_name = True, display_name.strip()
        if biography and biography != user.biography:
--- a/freak/website/moderation.py
+++ b/freak/website/moderation.py
@ -0,0 +1,36 @@
 from flask import Blueprint, abort, flash, render_template, request
 from flask_login import current_user, login_required
 from sqlalchemy import select
 from ..models import db, User, Guild
 current_user: User
 bp = Blueprint('moderation', __name__)
@bp.route('/+<name>/settings', methods=['GET', 'POST'])
@login_required
 def guild_settings(name: str):
    gu = db.session.execute(select(Guild).where(Guild.name == name)).scalar()
    if not current_user.moderates(gu):
        abort(403)
    if request.method == 'POST':
        changes = False
        display_name = request.form.get('display_name')
        description = request.form.get('description')
        if description and description != gu.description:
            changes, gu.description = True, description.strip()
        if display_name and display_name != gu.display_name:
            changes, gu.display_name = True, display_name.strip()
        if changes:
            db.session.add(gu)
            db.session.commit()
        flash('Changes saved!')
    return render_template('guildsettings.html', gu=gu)