def reset_password(code):
if env.request.method != "POST":
if env.request.args("changed"):
return render("/auth/new-password-changed.html")
if env.request.args("fail"):
return render("/auth/new-password-fail.html")
return render("/auth/new-password.html")
errors = []
password = env.request.args("password")
confirm = env.request.args("confirm")
if not password:
errors.append("password")
if password != confirm:
errors.append("confirm")
if errors:
return render("/auth/new-password.html", errors=errors)
if env.user.id:
env.user.logout()
try:
user = users.reset_password(code, password)
except UserNotFound:
return Response(redirect="%s://%s/remember/%s?fail=1" % (env.request.protocol, settings.domain, code))
WebUser(user.id).authenticate()
return Response(redirect="%s://%s/remember/%s?changed=1" % (env.request.protocol, settings.domain, code))
def reset_password(code):
if env.request.method != 'POST':
if env.request.args('changed'):
return render('/auth/new-password-changed.html')
if env.request.args('fail'):
return render('/auth/new-password-fail.html')
return render('/auth/new-password.html')
errors = []
password = env.request.args('password')
confirm = env.request.args('confirm')
if not password:
errors.append('password')
if password != confirm:
errors.append('confirm')
if errors:
return render('/auth/new-password.html', errors=errors)
if env.user.id:
env.user.logout()
try:
user = users.reset_password(code, password)
except UserNotFound:
return Response(redirect='%s://%s/remember/%s?fail=1' % \
(env.request.protocol, settings.domain, code))
WebUser(user.id).authenticate()
return Response(redirect='%s://%s/remember/%s?changed=1' % \
(env.request.protocol, settings.domain, code))
def login():
if env.user.id:
return Response().redirect('%s://%s.%s/' % \
(env.request.protocol,
env.user.login, settings.domain))
referer = get_referer()
if env.request.method == 'GET':
return render('/auth/login.html', referer=referer, fields=ULOGIN_FIELDS)
try:
login = env.request.args('login')
password = env.request.args('password')
if not login or not password:
raise NotAuthorized
env.user.authenticate(login, password)
if env.request.is_xhr:
return Response(json.dumps({'ok': True}),
mimetype='application/json')
else:
return Response(redirect=referer)
except (KeyError, NotAuthorized):
if env.request.is_xhr:
return Response(json.dumps({'error': 'credentials'}),
mimetype='application/json')
else:
return render('/auth/login.html', errors=['credentials'],
referer=referer, fields=ULOGIN_FIELDS)
return Response(redirect=referer)
def reset_password(code):
if env.request.method != 'POST':
if env.request.args('changed'):
return render('/auth/new-password-changed.html')
if env.request.args('fail'):
return render('/auth/new-password-fail.html')
return render('/auth/new-password.html')
errors = []
password = env.request.args('password')
confirm = env.request.args('confirm')
if not password:
errors.append('password')
if password != confirm:
errors.append('confirm')
if errors:
return render('/auth/new-password.html', errors=errors)
if env.user.id:
env.user.logout()
try:
user = users.reset_password(code, password)
except UserNotFound:
return Response(redirect='%s://%s/remember/%s?fail=1' % \
(env.request.protocol, settings.domain, code))
WebUser(user.id).authenticate()
return Response(redirect='%s://%s/remember/%s?changed=1' % \
(env.request.protocol, settings.domain, code))
def search_posts():
search_text = env.request.args('text', '').strip().decode('utf-8')
if not search_text:
return render('/search.html', search_text='', page=1, results=[])
try:
page = int(env.request.args('page', 1))
except ValueError:
page = 1
offset = (page - 1) * settings.page_limit
user = env.owner if env.owner else None
try:
results, has_next, total = search.search_posts(
search_text, user=user, offset=offset, limit=settings.page_limit)
return render('/search.html',
search_text=search_text,
results=results,
page=page,
has_next=has_next,
total=total)
except:
return render('/search-error.html')
def ulogin():
if env.user.id:
raise AlreadyAuthorized
sess = Session()
if env.request.method == "POST":
url = "http://ulogin.ru/token.php?token=%s&host=%s" % (env.request.args("token"), settings.domain)
try:
resp = urllib2.urlopen(url)
data = dict.fromkeys(ULOGIN_FIELDS)
data.update(json.loads(resp.read()))
resp.close()
except urllib2.URLError:
return render("/auth/login.html", fields=ULOGIN_FIELDS, errors=["ulogin-fail"])
try:
env.user.authenticate_ulogin(data["network"], data["uid"])
if env.user.id:
return Response(redirect=referer())
except NotAuthorized:
pass
login = data["nickname"].strip(u" -+.")
if login:
login = re.sub(r"[\._\-\+]+", "-", login)
info = {
"login": login,
"network": data["network"],
"uid": data["uid"],
"name": ("%s %s" % (data["first_name"], data["last_name"])).strip(),
"email": data["email"],
"avatar": data["photo_big"],
"birthdate": data["bdate"],
"gender": True if data["sex"] == "2" else False if data["sex"] == "1" else None,
"location": "%s, %s" % (data["city"], data["country"])
if data["city"] and data["country"]
else data["city"] or data["country"],
"_nickname": data["nickname"],
"_name": ("%s %s" % (data["first_name"], data["last_name"])).strip(),
"_profile": data["profile"],
}
sess["reg_info"] = info
sess.save()
else:
info = sess["reg_info"]
if not info or not "network" in info or not "uid" in info:
return Response(redirect="%s://%s/register" % (env.request.protocol, settings.domain))
info["birthdate"] = parse_date(info["birthdate"]) or datetime.now() - timedelta(days=365 * 16 + 4)
return render("/auth/register_ulogin.html", info=info)
def doc(path):
if path.endswith('/'):
path = path[:-1]
try:
return render('%s.html' % path)
except TemplateNotFound:
try:
return render(os.path.join(path, 'index.html'))
except TemplateNotFound:
raise NotFound
def doc(path):
if path.endswith('/'):
path = path[:-1]
try:
return render('%s.html' % path)
except TemplateNotFound:
try:
return render(os.path.join(path, 'index.html'))
except TemplateNotFound:
raise NotFound
def add_feed():
url = env.request.args('url', '').strip()
try:
if url.index(settings.domain):
return Response(redirect=url)
except ValueError:
pass
if env.request.method == 'GET':
return render('/feeds/add.html',
section='feeds',
feeds=feeds.subscriptions(),
url=url)
errors = env.request.args('errors')
if not errors:
errors = []
elif not isinstance(errors, (list, tuple)):
errors = [errors]
try:
feed = feeds.get_feed(url)
except InvalidFeedUrl:
errors.append('url')
except InvalidFeedType:
errors.append('type')
except FeedFetchError:
errors.append('fetch')
if errors:
return render('/feeds/add.html',
section='feeds',
feeds=feeds.subscriptions(),
url=url,
errors=errors)
if feed.id and feed.check_subscriber(env.user):
return Response(redirect="%s://%s.%s/" % \
(env.request.protocol, feed.login.lower(), settings.domain))
try:
feed.fetch()
except FeedFetchError:
errors.append('fetch')
return render('/feeds/subscribe.html',
section='feeds',
feeds=feeds.subscriptions(),
feed=feed,
url=url)
def ulogin():
if env.request.method == 'GET':
raise Forbidden
url = "http://ulogin.ru/token.php?token=%s&host=%s" % \
(env.request.args('token'), settings.domain)
try:
resp = urllib2.urlopen(url)
data = json.loads(resp.read())
resp.close()
except urllib2.URLError:
return render('/profile/accounts.html', errors=['ulogin-fail'])
if 'error' in data:
raise Forbidden
try:
env.user.bind_ulogin(data['network'], data['uid'],
nickname=data['nickname'],
name=('%s %s' % (data['first_name'], data['last_name'])).strip(),
profile=data['profile'])
except (KeyError, UserExists):
pass
return Response(redirect='%s://%s.%s/profile/accounts?saved=1' % \
(env.request.protocol,
env.user.login, settings.domain))
def confirm_account(code):
if not env.user.id:
referer = '%s://%s/profile/accounts/confirm/%s' % \
(env.request.protocol, settings.domain, code)
return render('/auth/login.html', referer=referer)
if not users.confirm_account(code):
jid_active = env.user.get_active_account('xmpp')
return render('/profile/accounts.html',
jids=env.user.get_accounts('xmpp'),
active_jid=jid_active,
errors=['confirm'])
return Response(redirect='%s://%s.%s/profile/accounts?saved=1' % \
(env.request.protocol,
env.user.login, settings.domain))
def add_post():
text = env.request.args('text', '').strip()
tags = env.request.args('tags', '').strip(' \t*,;')
if isinstance(tags, str):
tags = tags.decode('utf-8')
tags = [t.replace(u"\xa0", " ") for t in re.split(r'\s*[,;*]\s*', tags)]
private = bool(env.request.args('private'))
m = re.search(r'^\s*(?P<to>(?:@[a-z0-9_-]+[,\s]*)+)', text)
to = parse_logins(m.group('to')) if m else []
files = _files([])
sess = Session()
sess['clear_post_input'] = True
sess.save()
try:
id = posts.add_post(text, tags=tags, to=to, private=private, files=files)
except PostTextError:
return render('/post-error.html')
return Response(redirect='%s://%s.%s/%s' % \
(env.request.protocol,
env.user.login, settings.domain, id))
def add_post():
text = env.request.args('text', '').strip()
tags = env.request.args('tags', '').strip(' \t*,;')
if isinstance(tags, str):
tags = tags.decode('utf-8')
tags = [t.replace(u"\xa0", " ") for t in re.split(r'\s*[,;*]\s*', tags)]
private = bool(env.request.args('private'))
m = re.search(r'^\s*(?P<to>(?:@[a-z0-9_-]+[,\s]*)+)', text)
to = parse_logins(m.group('to')) if m else []
files = _files([])
try:
id = posts.add_post(text,
tags=tags,
to=to,
private=private,
files=files)
except PostTextError:
return render('/post-error.html')
return Response(redirect='%s://%s.%s/%s' % \
(env.request.protocol,
env.user.login, settings.domain, id))
def subscribers():
if not env.owner:
raise NotFound
if not env.user.login and env.owner.get_profile('deny_anonymous'):
raise Forbidden
users = env.owner.subscribers()
return render('/subs.html', section='subscribers', users=users)
def comments(page=1, unread=False):
if not env.owner or env.owner.id != env.user.id:
return Response(redirect='%s://%s.%s%s' % \
(env.request.protocol,
env.user.login.lower(), settings.domain,
env.request.path))
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
plist = posts.recent_commented_posts(unread=unread,
offset=offset,
limit=settings.page_limit + 1)
if env.request.is_xhr:
for p in plist:
p['created'] = timestamp(p['created'])
return Response(json.dumps(plist), mimetype='application/json')
return render('/comments.html',
section='comments',
unread=unread,
posts=plist,
page=page)
def subscribers():
if not env.owner:
raise NotFound
if not env.user.login and env.owner.get_profile('deny_anonymous'):
raise Forbidden
users = env.owner.subscribers()
return render('/subs.html', section='subscribers', users=users)
def messages_new(page=1):
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
plist = posts.private_unread(offset=offset, limit=settings.page_limit + 1)
if not plist and page == 1:
return Response(redirect='%s://%s/messages/incoming' % \
(env.request.protocol, settings.domain))
if env.request.is_xhr:
for p in plist:
p['created'] = timestamp(p['created'])
return Response(json.dumps(plist), mimetype='application/json')
return render('/messages/index.html',
section='messages',
posts=plist,
page=page)
def all_posts(page=1):
sess = Session()
if not sess['agree']:
if env.request.args('agree'):
sess['agree'] = True
sess.save()
else:
return all_posts_warning()
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
plist = posts.select_posts(private=False,
author_private=False,
blacklist=True,
limit=settings.page_limit + 1,
offset=offset)
return render('/all_posts.html', section='all', posts=plist, page=page)
def recent_all(page=1, unread=False):
if not env.owner or env.owner.id != env.user.id:
return Response(redirect="%s://%s.%s/recent" % \
(env.request.protocol, env.user.login, settings.domain))
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
unread = bool(unread)
plist = posts.recent_posts(unread=unread,
offset=offset, limit=settings.page_limit+1)
if env.request.is_xhr:
for p in plist:
p['created'] = timestamp(p['created'])
return Response(json.dumps(plist), mimetype='application/json')
return render('/recent.html', section='recent_all', unread=unread,
posts=plist, page=page)
def bookmarks(page=1):
if not env.owner or env.owner.id != env.user.id:
return Response(redirect='%s://%s.%s/%s' % \
(env.request.protocol, env.user.login.lower(),
settings.domain, env.request.path))
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
plist = posts.bookmarks(settings.page_limit+1, offset)
#if env.request.is_xhr:
# for p in plist:
# p['created'] = timestamp(p['created'])
# p['text'] = html(None, p['text'], True)
# return Response(json.dumps(plist), mimetype='application/json')
section = 'bookmarks'
return render('/bookmarks.html', section=section, posts=plist, page=page)
def ulogin():
if env.request.method == 'GET':
raise Forbidden
url = "http://ulogin.ru/token.php?token=%s&host=%s" % \
(env.request.args('token'), settings.domain)
try:
resp = urllib2.urlopen(url)
data = json.loads(resp.read())
resp.close()
except urllib2.URLError:
return render('/profile/accounts.html', errors=['ulogin-fail'])
if 'error' in data:
raise Forbidden
try:
env.user.bind_ulogin(
data['network'],
data['uid'],
nickname=data['nickname'],
name=('%s %s' % (data['first_name'], data['last_name'])).strip(),
profile=data['profile'])
except (KeyError, UserExists):
pass
return Response(redirect='%s://%s.%s/profile/accounts?saved=1' % \
(env.request.protocol,
env.user.login, settings.domain))
def confirm_account(code):
if not env.user.id:
referer = '%s://%s/profile/accounts/confirm/%s' % \
(env.request.protocol, settings.domain, code)
return render('/auth/login.html', referer=referer)
if not users.confirm_account(code):
jid_active = env.user.get_active_account('xmpp')
return render('/profile/accounts.html',
jids=env.user.get_accounts('xmpp'),
active_jid=jid_active,
errors=['confirm'])
return Response(redirect='%s://%s.%s/profile/accounts?saved=1' % \
(env.request.protocol,
env.user.login, settings.domain))
def bookmarks(page=1):
if not env.owner or env.owner.id != env.user.id:
return Response(redirect='%s://%s.%s/%s' % \
(env.request.protocol, env.user.login.lower(),
settings.domain, env.request.path))
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
plist = posts.bookmarks(settings.page_limit + 1, offset)
#if env.request.is_xhr:
# for p in plist:
# p['created'] = timestamp(p['created'])
# p['text'] = html(None, p['text'], True)
# return Response(json.dumps(plist), mimetype='application/json')
section = 'bookmarks'
return render('/bookmarks.html', section=section, posts=plist, page=page)
def show_post(id):
post = posts.show_post(id)
if env.request.method == 'POST':
return add_comment(post.id)
if not env.owner or env.owner.id != post.author.id:
return Response(redirect='%s://%s.%s/%s' % \
(env.request.protocol,
post.author.login.lower(), settings.domain, id))
comments = post.comments(cuser=env.user)
if env.user.is_authorized():
posts.clear_unread_posts(id)
if comments:
posts.clear_unread_comments(id)
errors = []
if env.request.args('expired'):
errors.append('expired')
if env.request.args('commented'):
errors.append('commented')
sess = Session()
tree = env.request.args('tree')
if tree:
if tree.lower() in ('0', 'false', 'f'):
tree = False
else:
tree = True
sess['ctree'] = tree
sess.save()
elif sess['ctree'] is not None:
tree = sess['ctree']
else:
env.user.get_profile('tree')
comments_count = len(comments)
if tree:
cout = {}
for c in comments:
cout[c.id] = c
if c.to_comment_id and c.to_comment_id in cout:
cout[c.to_comment_id].comments.append(c)
else:
c.to_comment_id = None
comments = filter(lambda c: not c.to_comment_id, cout.itervalues())
section = 'messages' if post.private else ''
return render('/post.html',
post=post,
comments=comments,
comments_count=comments_count,
tree=tree,
errors=errors,
section=section)
def edit_post(id):
try:
post = posts.show_post(id)
except PostAuthorError:
raise SubscribeError
if env.request.method == 'GET':
return render('/post-edit.html', post=post)
files = _files(post.files)
@csrf
def save(post):
text = env.request.args('text', '').strip()
tags = env.request.args('tags', '').strip(' \t*,;')
if isinstance(tags, str):
tags = tags.decode('utf-8')
tags = [
t.replace(u"\xa0", " ") for t in re.split(r'\s*[,;*]\s*', tags)
]
private = bool(env.request.args('private'))
posts.edit_post(post,
text=text,
tags=tags,
private=private,
files=files)
return Response(redirect='%s://%s.%s/%s' % \
(env.request.protocol,
env.user.login, settings.domain, post.id))
try:
return save(post)
except PostUpdateError:
return Response(redirect='%s://%s.%s/%s?expired=1' % \
(env.request.protocol,
env.user.login, settings.domain, post.id))
except PostCommentedError:
return Response(redirect='%s://%s.%s/%s?commented=1' % \
(env.request.protocol,
env.user.login, settings.domain, post.id))
except PostDiffError:
return render('/post-edit.html', post=post, errors=['diff'])
def remember():
if env.request.method != 'POST':
if env.request.args('sent'):
return render('/auth/remember-sent.html')
if env.request.args('fail'):
return render('/auth/remember-fail.html')
return render('/auth/remember.html')
errors = []
if env.user.id:
user = env.user
else:
login = env.request.args('login')
if not login:
errors.append('login')
else:
try:
user = User('login', login)
except UserNotFound:
errors.append('login')
if not errors:
try:
text = env.request.args('recaptcha_response_field')
challenge = env.request.args('recaptcha_challenge_field')
resp = captcha.submit(challenge, text,
settings.recaptcha_private_key,
env.request.remote_host)
if resp.is_valid:
users.request_password(user)
return Response(redirect='%s://%s/remember?sent=1' % \
(env.request.protocol, settings.domain))
errors.append('captcha')
except urllib2.URLError:
errors.append('recaptcha-fail')
except AddressNotFound:
return Response(redirect='%s://%s/remember?fail=1' % \
(env.request.protocol, settings.domain))
return render('/auth/remember.html', errors=errors)
def remember():
if env.request.method != 'POST':
if env.request.args('sent'):
return render('/auth/remember-sent.html')
if env.request.args('fail'):
return render('/auth/remember-fail.html')
return render('/auth/remember.html')
errors = []
if env.user.id:
user = env.user
else:
login = env.request.args('login')
if not login:
errors.append('login')
else:
try:
user = User('login', login)
except UserNotFound:
errors.append('login')
if not errors:
try:
text = env.request.args('recaptcha_response_field')
challenge = env.request.args('recaptcha_challenge_field')
resp = captcha.submit(challenge, text,
settings.recaptcha_private_key,
env.request.remote_host)
if resp.is_valid:
users.request_password(user)
return Response(redirect='%s://%s/remember?sent=1' % \
(env.request.protocol, settings.domain))
errors.append('captcha')
except urllib2.URLError:
errors.append('recaptcha-fail')
except AddressNotFound:
return Response(redirect='%s://%s/remember?fail=1' % \
(env.request.protocol, settings.domain))
return render('/auth/remember.html', errors=errors)
def taglist():
if not env.owner:
raise NotFound
sort_by_name = env.request.args('order', '') != 'cnt'
tags = env.owner.tags(all=True, sort_by_name=sort_by_name)
return render('/tags-list.html', tags=tags, sort_by_name=sort_by_name)
def all_posts_warning():
try:
referer = env.request.args('referer')
except KeyError:
referer = env.request.referer
if not referer:
referer = '%s://%s/' % (env.request.protocol, settings.domain)
return render('/all_posts_warning.html', referer=referer)
def taglist():
if not env.user.login and env.owner.get_profile('deny_anonymous'):
raise Forbidden
sort_by_name = env.request.args('order', '') != 'cnt'
tags = env.owner.tags(all=True, sort_by_name=sort_by_name)
return render('/tags-list.html', tags=tags, sort_by_name=sort_by_name)
def taglist():
if not env.owner:
raise NotFound
sort_by_name = env.request.args('order', '') != 'cnt'
tags = env.owner.tags(all=True, sort_by_name=sort_by_name)
return render('/tags-list.html', tags=tags, sort_by_name=sort_by_name)
def all_posts_warning():
try:
referer = env.request.args('referer')
except KeyError:
referer = env.request.referer
if not referer:
referer = '%s://%s/' % (env.request.protocol, settings.domain)
return render('/all_posts_warning.html', referer=referer)
def search_posts():
search_text = env.request.args('text', '').strip().decode('utf-8')
if not search_text:
return render('/search.html', search_text='', page=1, results=[])
try:
page = int(env.request.args('page', 1))
except ValueError:
page = 1
offset = (page - 1) * settings.page_limit
user = env.owner if env.owner else None
results, has_next, total = search.search_posts(search_text, user=user,
offset=offset, limit=settings.page_limit)
return render('/search.html', search_text=search_text, results=results,
page=page, has_next=has_next, total=total)
def show_post(id):
post = posts.show_post(id)
if env.request.method == 'POST':
return add_comment(post.id)
if not env.owner or env.owner.id != post.author.id:
return Response(redirect='%s://%s.%s/%s' % \
(env.request.protocol,
post.author.login.lower(), settings.domain, id))
comments = post.comments(cuser=env.user)
if env.user.is_authorized():
posts.clear_unread_posts(id)
if comments:
posts.clear_unread_comments(id)
errors = []
if env.request.args('expired'):
errors.append('expired')
if env.request.args('commented'):
errors.append('commented')
sess = Session()
tree = env.request.args('tree')
if tree:
if tree.lower() in ('0', 'false', 'f'):
tree = False
else:
tree = True
sess['ctree'] = tree
sess.save()
elif sess['ctree'] is not None:
tree = sess['ctree']
else:
env.user.get_profile('tree')
comments_count = len(comments)
if tree:
cout = {}
for c in comments:
cout[c.id] = c
if c.to_comment_id and c.to_comment_id in cout:
cout[c.to_comment_id].comments.append(c)
else:
c.to_comment_id = None
comments = filter(lambda c: not c.to_comment_id, cout.itervalues())
section = 'messages' if post.private else ''
return render('/post.html', post=post, comments=comments,
comments_count=comments_count, tree=tree,
errors=errors, section=section)
def add_feed():
url = env.request.args('url', '').strip()
try:
if url.index(settings.domain):
return Response(redirect=url)
except ValueError:
pass
if env.request.method == 'GET':
return render('/feeds/add.html', section='feeds',
feeds=feeds.subscriptions(), url=url)
errors = env.request.args('errors')
if not errors:
errors = []
elif not isinstance(errors, (list, tuple)):
errors = [errors]
try:
feed = feeds.get_feed(url)
except InvalidFeedUrl:
errors.append('url')
except InvalidFeedType:
errors.append('type')
except FeedFetchError:
errors.append('fetch')
if errors:
return render('/feeds/add.html', section='feeds',
feeds=feeds.subscriptions(), url=url, errors=errors)
if feed.id and feed.check_subscriber(env.user):
return Response(redirect="%s://%s.%s/" % \
(env.request.protocol, feed.login.lower(), settings.domain))
try:
feed.fetch()
except FeedFetchError:
errors.append('fetch')
return render('/feeds/subscribe.html', section='feeds',
feeds=feeds.subscriptions(), feed=feed, url=url)
def remember():
if env.request.method != "POST":
if env.request.args("sent"):
return render("/auth/remember-sent.html")
if env.request.args("fail"):
return render("/auth/remember-fail.html")
return render("/auth/remember.html")
errors = []
if env.user.id:
user = env.user
else:
login = env.request.args("login")
if not login:
errors.append("login")
else:
try:
user = User("login", login)
except UserNotFound:
errors.append("login")
if not errors:
try:
text = env.request.args("recaptcha_response_field")
challenge = env.request.args("recaptcha_challenge_field")
resp = captcha.submit(challenge, text, settings.recaptcha_private_key, env.request.remote_host)
if resp.is_valid:
users.request_password(user)
return Response(redirect="%s://%s/remember?sent=1" % (env.request.protocol, settings.domain))
errors.append("captcha")
except urllib2.URLError:
errors.append("recaptcha-fail")
except AddressNotFound:
return Response(redirect="%s://%s/remember?fail=1" % (env.request.protocol, settings.domain))
return render("/auth/remember.html", errors=errors)
def taglist():
if not env.owner or not env.owner.id:
raise UserNotFound
if not env.user.login and env.owner.get_profile('deny_anonymous'):
raise Forbidden
sort_by_name = env.request.args('order', '') != 'cnt'
tags = env.owner.tags(all=True, sort_by_name=sort_by_name)
return render('/tags-list.html', tags=tags, sort_by_name=sort_by_name)
def edit_post(id):
try:
post = posts.show_post(id)
except PostAuthorError:
raise SubscribeError
if env.request.method == 'GET':
return render('/post-edit.html', post=post)
files = _files(post.files)
@csrf
def save(post):
text = env.request.args('text', '').strip()
tags = env.request.args('tags', '').strip(' \t*,;')
if isinstance(tags, str):
tags = tags.decode('utf-8')
tags = [t.replace(u"\xa0", " ") for t in re.split(r'\s*[,;*]\s*', tags)]
private = bool(env.request.args('private'))
posts.edit_post(post, text=text, tags=tags, private=private, files=files)
return Response(redirect='%s://%s.%s/%s' % \
(env.request.protocol,
env.user.login, settings.domain, post.id))
try:
return save(post)
except PostUpdateError:
return Response(redirect='%s://%s.%s/%s?expired=1' % \
(env.request.protocol,
env.user.login, settings.domain, post.id))
except PostCommentedError:
return Response(redirect='%s://%s.%s/%s?commented=1' % \
(env.request.protocol,
env.user.login, settings.domain, post.id))
except PostDiffError:
return render('/post-edit.html', post=post, errors=['diff'])
def index(page=1):
tag = env.request.args('tag')
if tag:
return blog.tag_posts(tag, page)
if not env.request.host or env.request.host == settings.domain:
try:
return Response(redirect='%s://%s/recent' % \
(env.request.protocol, domain(env.user)))
except NotAuthorized:
return render('/auth/login.html')
return blog.blog(page)
def index(page=1):
tag = env.request.args('tag')
if tag:
return blog.tag_posts(tag, page)
if not env.request.host or env.request.host == settings.domain:
try:
return Response(redirect='%s://%s/recent' % \
(env.request.protocol, domain(env.user)))
except NotAuthorized:
return render('/auth/login.html')
return blog.blog(page)
def tag_posts(tag, page=1):
if env.request.host != settings.domain and (not env.owner
or not env.owner.id):
raise UserNotFound
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
if env.owner and env.owner.id:
author = env.owner
else:
author = None
if env.owner and env.owner.id == env.user.id:
private = None
else:
private = False
# variable deny_anonymous is for corresponding value of 'deny_anonymous'
# field in 'users.profile' table
deny_anonymous = False if not env.user.is_authorized() else None
if not isinstance(tag, (list, tuple)):
tag = [tag]
tag = [t.decode('utf-8', 'ignore').replace(u"\xa0", " ") for t in tag]
plist = posts.select_posts(author=author,
private=private,
deny_anonymous=deny_anonymous,
tags=tag,
offset=offset,
limit=settings.page_limit + 1)
if env.request.is_xhr:
for p in plist:
p['created'] = timestamp(p['created'])
return Response(json.dumps(plist), mimetype='application/json')
section = 'blog' if env.owner and env.user.id == env.owner.id else ''
return render('/tags.html',
section=section,
posts=plist,
page=page,
tags=tag)
def mdoc(path):
if path.find('..') > -1:
raise NotFound
docpath = os.path.join(settings.doc_path, '%s.md' % path.strip('/ '))
try:
fd = open(docpath)
except IOError:
raise NotFound
text = fd.read().decode('utf8')
fd.close()
return render('/doc.html', prefix='', path=path, text=text)
def mdoc(path):
if path.find('..') > -1:
raise NotFound
docpath = os.path.join(settings.doc_path, '%s.md' % path.strip('/ '))
try:
fd = open(docpath)
except IOError:
raise NotFound
text = fd.read().decode('utf8')
fd.close()
return render('/doc.html', prefix='', path=path, text=text)
def subscribe():
url = env.request.args('url', '').strip()
if not url:
return Response(redirect="%s://%s.%s/feeds/add" % \
(env.request.protocol, env.user.login.lower(),
settings.domain))
try:
if url.index(settings.domain):
return Response(redirect=url)
except ValueError:
pass
errors = []
try:
feed = feeds.get_feed(url)
feed.fetch()
except InvalidFeedUrl:
errors.append('url')
except InvalidFeedType:
errors.append('type')
except FeedFetchError:
errors.append('fetch')
if errors:
return Response(redirect="%s://%s.%s/feeds/add?url=%s&%s" % \
(env.request.protocol, env.user.login.lower(),
settings.domain, urlencode(url),
'&'.join(["errors=%s" % e for e in errors])))
if not feed.id:
feed.save()
try:
env.user.subscribe(feed)
except AlreadySubscribed:
pass
return Response(redirect="%s://%s.%s/" % \
(env.request.protocol, feed.login.lower(), settings.domain))
if env.request.method == 'GET':
return render('/feeds/subscribe.html',
feeds=feeds.subscriptions(),
feed=feed)
def subscribe():
url = env.request.args('url', '').strip()
if not url:
return Response(redirect="%s://%s.%s/feeds/add" % \
(env.request.protocol, env.user.login.lower(),
settings.domain))
try:
if url.index(settings.domain):
return Response(redirect=url)
except ValueError:
pass
errors = []
try:
feed = feeds.get_feed(url)
feed.fetch()
except InvalidFeedUrl:
errors.append('url')
except InvalidFeedType:
errors.append('type')
except FeedFetchError:
errors.append('fetch')
if errors:
return Response(redirect="%s://%s.%s/feeds/add?url=%s&%s" % \
(env.request.protocol, env.user.login.lower(),
settings.domain, urlencode(url),
'&'.join(["errors=%s" % e for e in errors])))
if not feed.id:
feed.save()
try:
env.user.subscribe(feed)
except AlreadySubscribed:
pass
return Response(redirect="%s://%s.%s/" % \
(env.request.protocol, feed.login.lower(), settings.domain))
if env.request.method == 'GET':
return render('/feeds/subscribe.html', feeds=feeds.subscriptions(),
feed=feed)
def edit_comment(post_id, comment_id):
if comment_id == '0':
raise NotFound
else:
try:
posts.edit_comment(post_id, comment_id,
env.request.args('text', ''), editor=env.user)
except PostTextError:
return render('/comment-error.html')
if env.owner and env.owner.login:
login = env.owner.login.lower()
else:
post = Post(post_id)
login = post.author.login.lower()
return Response(redirect='%s://%s.%s/%s#%s' % \
(env.request.protocol, login, settings.domain, post_id, comment_id))
def edit_comment(post_id, comment_id):
if comment_id == '0':
raise NotFound
else:
try:
posts.edit_comment(post_id, comment_id,
env.request.args('text', ''), editor=env.user)
except PostTextError:
return render('/comment-error.html')
if env.owner and env.owner.login:
login = env.owner.login.lower()
else:
post = Post(post_id)
login = post.author.login.lower()
return Response(redirect='%s://%s.%s/%s#%s' % \
(env.request.protocol, login, settings.domain, post_id, comment_id))
def messages_outgoing(page=1):
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
plist = posts.private_outgoing(offset=offset, limit=settings.page_limit+1)
if env.request.is_xhr:
for p in plist:
p['created'] = timestamp(p['created'])
return Response(json.dumps(plist), mimetype='application/json')
return render('/messages/outgoing.html', section='messages/outgoing', posts=plist, page=page)
def messages_outgoing(page=1):
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
plist = posts.private_outgoing(offset=offset, limit=settings.page_limit+1)
if env.request.is_xhr:
for p in plist:
p['created'] = timestamp(p['created'])
return Response(json.dumps(plist), mimetype='application/json')
return render('/messages/outgoing.html', section='messages/outgoing', posts=plist, page=page)
def tag_posts(tag, page=1):
if env.request.host != settings.domain and (not env.owner or not env.owner.id):
raise UserNotFound
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
if env.owner and env.owner.id:
author = env.owner
else:
author = None
if env.owner and env.owner.id == env.user.id:
private = None
else:
private = False
# variable deny_anonymous is for corresponding value of 'deny_anonymous'
# field in 'users.profile' table
deny_anonymous = False if not env.user.is_authorized() else None
if not isinstance(tag, (list, tuple)):
tag = [tag]
tag = [t.decode('utf-8', 'ignore').replace(u"\xa0", " ") for t in tag]
plist = posts.select_posts(author=author, private=private,
deny_anonymous=deny_anonymous, tags=tag,
offset=offset, limit=settings.page_limit+1)
if env.request.is_xhr:
for p in plist:
p['created'] = timestamp(p['created'])
return Response(json.dumps(plist), mimetype='application/json')
section = 'blog' if env.owner and env.user.id == env.owner.id else ''
return render('/tags.html', section=section, posts=plist, page=page,
tags=tag)
def add_comment(id):
to_comment_id = env.request.args('comment_id')
text = env.request.args('text', '').strip()
files = _files([])
try:
comment_id = posts.add_comment(id, to_comment_id, text, files=files)
except PostTextError:
return render('/comment-error.html')
if env.owner and env.owner.login:
login = env.owner.login.lower()
else:
post = Post(id)
login = post.author.login.lower()
return Response(redirect='%s://%s.%s/%s#%s' % \
(env.request.protocol,
login, settings.domain, id, comment_id))
def register_get():
if env.user.id:
raise AlreadyAuthorized
sess = Session()
info = sess["reg_info"] or {}
try:
del info["network"]
del info["uid"]
except (KeyError, TypeError):
pass
try:
info["birthdate"] = parse_date(info["birthdate"]) or datetime.now() - timedelta(days=365 * 16 + 4)
except (KeyError, TypeError):
info["birthdate"] = None
return render("/auth/register.html", fields=ULOGIN_FIELDS, info=info)
def add_comment(id):
to_comment_id = env.request.args('comment_id')
text = env.request.args('text', '').strip()
files = _files([])
try:
comment_id = posts.add_comment(id, to_comment_id, text, files=files)
except PostTextError:
return render('/comment-error.html')
if env.owner and env.owner.login:
login = env.owner.login.lower()
else:
post = Post(id)
login = post.author.login.lower()
return Response(redirect='%s://%s.%s/%s#%s' % \
(env.request.protocol,
login, settings.domain, id, comment_id))
def index(page=1):
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
plist = posts.recent_posts(type='feed',
offset=offset, limit=settings.page_limit+1)
if env.request.is_xhr:
for p in plist:
p['created'] = timestamp(p['created'])
return Response(json.dumps(plist), mimetype='application/json')
return render('/feeds/index.html', feeds=feeds.subscriptions(),
posts=plist, page=page, section='feeds')
def blog(page=1):
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
if not env.owner or not env.owner.id:
raise UserNotFound
offset = (page - 1) * settings.page_limit
plist = posts.recent_blog_posts(env.owner, settings.page_limit + 1, offset)
if env.request.is_xhr:
for p in plist:
p['created'] = timestamp(p['created'])
p['text'] = markdown_filter(None, p['text'])
return Response(json.dumps(plist), mimetype='application/json')
return render('/blog.html', section='blog', posts=plist, page=page)
def blog(page=1):
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
if not env.owner or not env.owner.id:
raise UserNotFound
offset = (page - 1) * settings.page_limit
plist = posts.recent_blog_posts(env.owner, settings.page_limit+1, offset)
if env.request.is_xhr:
for p in plist:
p['created'] = timestamp(p['created'])
p['text'] = markdown_filter(None, p['text'])
return Response(json.dumps(plist), mimetype='application/json')
return render('/blog.html', section='blog', posts=plist, page=page)
def index(page=1):
try:
page = int(page)
except (TypeError, ValueError):
page = 1
if not page:
page = 1
offset = (page - 1) * settings.page_limit
plist = posts.recent_posts(type='feed',
offset=offset,
limit=settings.page_limit + 1)
if env.request.is_xhr:
for p in plist:
p['created'] = timestamp(p['created'])
return Response(json.dumps(plist), mimetype='application/json')
return render('/feeds/index.html',
feeds=feeds.subscriptions(),
posts=plist,
page=page,
section='feeds')
def ulogin():
if env.user.id:
raise AlreadyAuthorized
sess = Session()
if env.request.method == 'POST':
url = "http://ulogin.ru/token.php?token=%s&host=%s" % \
(env.request.args('token'), settings.domain)
try:
resp = urllib2.urlopen(url)
data = dict.fromkeys(ULOGIN_FIELDS)
data.update(json.loads(resp.read()))
resp.close()
except urllib2.URLError:
return render('/auth/login.html',
fields=ULOGIN_FIELDS,
errors=['ulogin-fail'])
try:
env.user.authenticate_ulogin(data['network'], data['uid'])
if env.user.id:
return Response(redirect=referer())
except NotAuthorized:
pass
login = data['nickname'].strip(u' -+.')
if login:
login = re.sub(r'[\._\-\+]+', '-', login)
info = {
'login': login,
'network': data['network'],
'uid': data['uid'],
'name': ('%s %s' % (data['first_name'], data['last_name'])).strip(),
'email': data['email'],
'avatar': data['photo_big'],
'birthdate': data['bdate'],
'gender': True if data['sex'] == '2' else False if data['sex'] == '1' else None,
'location': "%s, %s" % (data['city'], data['country']) \
if data['city'] and data['country'] else \
data['city'] or data['country'],
'_nickname': data['nickname'],
'_name': ('%s %s' % (data['first_name'], data['last_name'])).strip(),
'_profile': data['profile'],
}
sess['reg_info'] = info
sess.save()
else:
info = sess['reg_info']
if not info or not 'network' in info or not 'uid' in info:
return Response(redirect='%s://%s/register' % \
(env.request.protocol, settings.domain))
info['birthdate'] = parse_date(info['birthdate']) \
or datetime.now() - timedelta(days=365*16+4)
return render('/auth/register_ulogin.html', info=info)
def register():
#raise Forbidden
if env.user.id:
raise AlreadyAuthorized
sess = Session()
info = sess['reg_info'] or {}
print 'INFO', info
if env.request.method == 'GET':
try:
del info['network']
del info['uid']
except (KeyError, TypeError):
pass
sess['reg_info'] = info
sess.save()
try:
info['birthdate'] = parse_date(info['birthdate']) \
or datetime.now() - timedelta(days=365*16+4)
except (KeyError, TypeError):
info['birthdate'] = None
return render('/auth/register.html', fields=ULOGIN_FIELDS, info=info)
try:
network = info['network'] if 'network' in info else None
uid = info['uid'] if 'uid' in info else None
except TypeError:
network = None
uid = None
errors = []
for p in [
'login', 'name', 'email', 'birthdate', 'location', 'about',
'homepage'
]:
info[p] = env.request.args(p, '').decode('utf-8')
info['gender'] = _gender(env.request.args('gender'))
login = env.request.args('login', '').strip()
if login and validate_nickname(login):
try:
u = User('login', login)
if u.id:
errors.append('login-in-use')
except UserNotFound:
pass
elif login:
errors.append('login-invalid')
else:
errors.append('login-empty')
password = env.request.args('password')
confirm = env.request.args('confirm')
if not (network and uid):
if not password:
errors.append('password')
elif password != confirm:
errors.append('confirm')
info['birthdate'] = parse_date(info['birthdate']) \
or datetime.now() - timedelta(days=365*16+4)
if not network and not errors:
try:
text = env.request.args('recaptcha_response_field')
challenge = env.request.args('recaptcha_challenge_field')
resp = captcha.submit(challenge, text,
settings.recaptcha_private_key,
env.request.remote_host)
if not resp.is_valid:
errors.append('captcha')
except urllib2.URLError:
errors.append('recaptcha-fail')
except AddressNotFound:
return Response(redirect='%s://%s/remember?fail=1' % \
(env.request.protocol, settings.domain))
if errors:
if network and uid:
tmpl = '/auth/register_ulogin.html'
else:
tmpl = '/auth/register.html'
return render(tmpl, fields=ULOGIN_FIELDS, info=info, errors=errors)
users.register(login)
for p in [
'name', 'email', 'birthdate', 'gender', 'location', 'about',
'homepage'
]:
env.user.set_info(p, info[p])
if password:
env.user.set_password(password)
if network and uid:
_nickname = info['_nickname'] if '_nickname' in info else None
_name = info['_name'] if '_name' in info else None
_profile = info['_profile'] if '_profile' in info else None
try:
env.user.bind_ulogin(network, uid, _nickname, _name, _profile)
except UserExists:
raise Forbidden
if env.request.args('avatar'):
ext = env.request.args('avatar', '').split('.').pop().lower()
if ext not in ['jpg', 'gif', 'png']:
errors.append('filetype')
else:
filename = ('%s.%s' % (env.user.login, ext)).lower()
make_avatar(env.request.files('avatar'), filename)
env.user.set_info('avatar',
'%s?r=%d' % (filename, randint(1000, 9999)))
elif 'avatar' in info and info['avatar']:
filename = ('%s.%s' % (env.user.login, 'jpg')).lower()
make_avatar(info['avatar'], filename)
env.user.set_info('avatar',
'%s?r=%d' % (filename, randint(1000, 9999)))
env.user.save()
env.user.authenticate()
return Response(redirect=get_referer())
