mid/ikibooru
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: mid:aa95418b7074effb4ea000dc5eb862a887fa2707
Branches Tags
mid:master
..
compare: mid:master
Branches Tags
mid:master

5 Commits
aa95418b70 ... master

Author SHA1 Message Date
mid
d04017ff58 Syntax error 2024-09-29 21:05:57 +03:00
mid
72886e5676 Better error resistance (don't fail if user already exists) 2024-09-29 20:59:32 +03:00
mid
d2836b92eb Finish e-mail sending; clickable tags 2024-09-29 16:30:33 +03:00
mid
f67346231d Fix security vulnerability 2024-09-07 09:53:51 +03:00
mid
d368fb8bc0 QoL frontend fixes 2024-09-07 09:53:39 +03:00
8 changed files with 61 additions and 35 deletions
Expand all files Collapse all files

2
base.inc
View File

@@ -50,7 +50,7 @@
</header>
<main>{% content() %}</main>
<footer>
<p>Running Ikibooru v0.1</p>
<p>Running <a href="https://mid.net.ua/ikibooru.html">Ikibooru</a> v0.0.0.1</p>
</footer>
<script defer src="/static/datetimes.js"></script>
</body>

4
core.lua
View File

@@ -192,9 +192,9 @@ local handler = function(req, res)
local succ, val
if _ENV then
succ, val = xpcall(Lyre.render, debug.traceback, tmpl, env)
succ, val = xpcall(Lyre.render, debug.traceback, tmpl, env, true)
else
succ, val = pcall(Lyre.render, tmpl, env)
succ, val = pcall(Lyre.render, tmpl, env, true)
end
if succ then

13
index.html.l
View File

@@ -67,16 +67,25 @@
var box = document.getElementById("alltags")
var datags = []
ajax.responseText.split("\n").slice(0, -1).forEach(function(line) {
var tagID = line.split(",")[0]
var newtag = document.createElement("div")
newtag.classList.toggle("tag")
newtag.classList.toggle("tc" + line.split(",")[2])
newtag.setAttribute("data-tagid", line.split(",")[0])
newtag.setAttribute("data-tagid", tagID)
newtag.setAttribute("data-tc", line.split(",")[2])
newtag.innerText = line.split(",")[1]
datags.push(newtag)
})
datags.sort(function(a, b) {return a.getAttribute("data-tc") - b.getAttribute("data-tc")})
datags.forEach(function(x) { box.insertBefore(x, null) })
datags.forEach(function(x) {
var newa = document.createElement("a")
newa.setAttribute("href", "/search?n=&t=" + x.getAttribute("data-tagid") + "&h");
newa.appendChild(x);
box.insertBefore(newa, null)
})
}
}
ajax.send()

18
install.lua
View File

@@ -75,9 +75,23 @@ if baad then
return
end
if not os.execute"adduser --shell /bin/sh --disabled-password ikibooru" then
if select(3, os.execute"id ikibooru") == 0 then
while true do
io.stdout:write"User ikibooru already exists. Can use? (y/n): "
local o = io.read"*l":lower()
if o == "y" then
break
elseif o == "n" then
print"Exiting."
return
end
print"Try again."
end
else
if not os.execute"useradd -U -m -s /bin/sh ikibooru" then
print"Failed to create user ikibooru."
return
end
end
io.stdout:write"MySQL host: "
@@ -301,4 +315,4 @@ end
print""
print"Installation complete. Remember: Ikibooru is only an HTTP server. It must be used together with a relay or reverse proxy."
print"Installation complete. Reminder: Ikibooru is only an HTTP server. It must be used together with a relay or reverse proxy."

2
obj.html.l
View File

@@ -55,7 +55,7 @@
</ul>
<div>
{% for _,tag in pairs(DB.getobjtags(obj.id)) do %}
<div class="tag tc{{ tag.category }}" data-tagid="{{ tag.id }}">{{ Escapes.htmlescape(tag.name) }}</div>
<a href="/search?n=&t={{ tag.id }}&o"><div class="tag tc{{ tag.category }}" data-tagid="{{ tag.id }}">{{ Escapes.htmlescape(tag.name) }}</div></a>
{% end %}
</div>
{% if verified and verified.privs >= DB.USER_PRIVS_APPROVED then %}

12
smtpauth.lua
View File

@@ -9,21 +9,19 @@ assert(Rand.ready())
local DB = require"db"
local function sendeml(raw)
--[[local fn = "/tmp/ikibooru" .. DB.b256toreadable(Rand.bytes(16)) .. ".eml"
local fn = "/tmp/ikibooru" .. DB.b256toreadable(Rand.bytes(16)) .. ".eml"
local f = io.open(fn, "wb")
f:write(raw)
f:close()
-- Send e-mail. Yes, this is crude.
io.popen("{ sendmail -t < " .. fn .. "; rm " .. fn .. "; } &", "r")]]
-- Send e-mail. Yes, this is crude, but we have one thread.
io.popen("{ sendmail -t < " .. fn .. "; rm " .. fn .. "; } &", "r")
end
return {
sendauthinfo = function(user)
local url = BigGlobe.cfg.domain .."/verif?q=" .. Escapes.urlescape(DB.userauth(user))
-- print(url)
if BigGlobe.cfg.anarchy == "ANARCHY" then
return url
else
@@ -42,8 +40,6 @@ MIME-Version: 1.0
sendregisterinfo = function(user)
local url = BigGlobe.cfg.domain .."/reg?q=" .. Escapes.urlescape(DB.userregcode(user))
print(url)
if BigGlobe.cfg.anarchy == "ANARCHY" then
return url
else
@@ -53,7 +49,7 @@ Content-Type: text/html; charset=UTF-8
MIME-Version: 1.0
<!DOCTYPE html>
<html><body style="font-family:sans-serif;"><p>You have either registered or been invited to register at %s. Click on the below link to complete your registration.</p><p>If you have no idea what this is, consider whether your e-mail account has been compromised.</p><a href="%s"><div style="display:inline-block;font-size:1.2em;padding:0.5em 1em 0.5em 1em;border:1px solid gray;color:#C0C0C0;border-radius:6px;"><span>Complete</span></div></a></body></html>]], user.email, BigGlobe.cfg.sitename, BigGlobe.cfg.sitename, url))
<html><body style="font-family:sans-serif;"><p>You have either registered or been invited to register at %s. Click on the below link to complete your registration.</p><p>If you had not initiated a registration request, consider whether your e-mail account has been compromised.</p><a href="%s"><div style="display:inline-block;font-size:1.2em;padding:0.5em 1em 0.5em 1em;border:1px solid gray;color:#C0C0C0;border-radius:6px;"><span>Complete</span></div></a></body></html>]], user.email, BigGlobe.cfg.sitename, BigGlobe.cfg.sitename, url))
return true
end

1
static/style.css
View File

@@ -22,6 +22,7 @@ div.tag {
border: 1px solid blue;
padding: 0.1em;
margin: 0.1em;
color: black;
}
div.tag.selected {
border-width: 2px;

38
static/tagbox.js
View File

@@ -47,25 +47,22 @@ document.querySelector("div.tagbox span").onkeydown = function(ev) {
}
} else if(ev.keyCode == 40) {
ev.preventDefault()
var sel = document.querySelector("div.autocomplete > div.tag.selected")
if(sel) {
sel.classList.toggle("selected")
sel = sel.nextElementSibling
} else {
sel = document.querySelectorAll("div.autocomplete > div.tag")[0]
}
if(sel) sel.classList.toggle("selected")
var alltags = Array.from(document.querySelectorAll("div.autocomplete div.tag"))
var sel = alltags.findIndex(function(x) { return x.classList.contains("selected") })
if(sel != -1) alltags[sel].classList.toggle("selected")
sel = (sel + 1) % alltags.length
alltags[sel].classList.toggle("selected")
} else if(ev.keyCode == 38) {
ev.preventDefault()
var sel = document.querySelector("div.autocomplete > div.tag.selected")
if(sel) {
sel.classList.toggle("selected")
sel = sel.previousElementSibling
var alltags = Array.from(document.querySelectorAll("div.autocomplete div.tag"))
var sel = alltags.findIndex(function(x) { return x.classList.contains("selected") })
if(sel != -1) {
alltags[sel].classList.toggle("selected")
sel = (sel + alltags.length - 1) % alltags.length
} else {
var asdf = document.querySelectorAll("div.autocomplete > div.tag")
sel = asdf[asdf.length - 1]
sel = alltags.length - 1
}
if(sel) sel.classList.toggle("selected")
alltags[sel].classList.toggle("selected")
} else if(ev.keyCode == 8 && !document.querySelector("div.tagbox span").innerText.length) {
ev.preventDefault()
@@ -96,7 +93,16 @@ document.querySelector("div.tagbox span").oninput = function(ev) {
ac.innerText = "No such tags found"
} else {
ajax.responseText.split("\n").slice(0, -1).forEach(function(line) {
ac.insertBefore(createtag(line.split(",")[1], line.split(",")[2], line.split(",")[0]), null)
var tag = createtag(line.split(",")[1], line.split(",")[2], line.split(",")[0])
tag.onclick = function() {
var sel = document.querySelector("div.tag.selected")
if(sel) sel.classList.toggle("selected")
this.classList.toggle("selected")
var span = document.querySelector("div.tagbox span")
span.focus()
span.dispatchEvent(new KeyboardEvent('keydown', {bubbles: true, cancelable: true, keyCode: 13}))
}
ac.insertBefore(tag, null)
})
if(UnknownTagsMode) {