New configuration options:
- `[ratelimit] cache`
- A boolean indicating whether we should use configured cache (1)
or database (0) for ratelimiting.
Signed-off-by: Kevin Morris <kevr@0cost.org>
With this change, we provide a wrapper to `logging.getLogger`
in the `aurweb.logging` module. Modules wishing to log using
logging.conf should get their module-local loggers by calling
`aurweb.logging.getLogger(__name__)`, similar to `logging.getLogger`,
this way initialization with logging.conf is guaranteed.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This reworks the base implementation of the RPC to use a
class called RPC for handling of requests. Took a bit of
a different approach than PHP in terms of exposed methods,
but it does end up achieving the same goal, with one additional
error: "Request type '{type}' is not yet implemented."
For FastAPI development, we'll stick with:
- If the supplied 'type' argument has an alias mapping in
RPC.ALIASES, we convert the type argument over to its alias
before doing anything. Example: 'info' is aliased to 'multiinfo',
so when a user requests type=info, it is converted to type=multiinfo.
- If the type does not exist in RPC.EXPOSED_TYPES, the following
error is produced: "No request type/data specified."
- If the type **does** exist in RPC.EXPOSED_TYPES, but does not
have an implemented `RPC._handle_{type}_type` function, the
following error is produced: "Request type '{type}' is not yet
implemented."
Signed-off-by: Kevin Morris <kevr@0cost.org>
This is in addition to the current recipients. Co-maintainers should
also be made aware when their package has pending requests.
NOTE: This commit was slightly modified to resolve cherry-pick
conflicts in `pu`.
With our FastAPI server, trailing slashes causes a 307 redirect
which ends up redirecting users to routes which do not contain
trailing slashes. This removes trailing slashes from our templates
where FastAPI is concerned to avoid unnecessary redirects.
There may still be links or usages around which have unnecessary
usages of a trailing slash; please keep a look out for these and
remove them where possible.
Signed-off-by: Kevin Morris <kevr@0cost.org>
The POST /packages route takes an `action`, `merge_into` and `confirm`
form data arguments. It then routes over to `action`'s callback provided
by `PACKAGE_ACTIONS`. This commit does not implement actions, but
mocks out the flow we would expect from the POST route.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Usage of EXPECTATION_FAILED in these cases is totally wrong.
EXPECTATION_FAILED is a failure in terms of the HTTP protocol,
not user input. Change all usage of EXPECTATION_FAILED to BAD_REQUEST.
Signed-off-by: Kevin Morris <kevr@0cost.org>
The `aurweb.scripts.popupdate` script is used to maintain
the NumVotes and Popularity field. We could do the NumVotes
change more simply; however, since this is already a long-term
implementation, we're going to use it until we move scripts
over to ORM.
Signed-off-by: Kevin Morris <kevr@0cost.org>
In addition, we've had to add cascade arguments to backref so
sqlalchemy treats the relationships as proper cascades.
Furthermore, our pkgbase actions template was not rendering
actions properly based on TU credentials.
Signed-off-by: Kevin Morris <kevr@0cost.org>
We pretty much want @auth_required to send users to login
if we enforce auth requirements but don't otherwise specify
a way to deal with it.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Currently, the config parser converts all keys to lowercase which is
inconsistent with the old PHP behavior. This has been fixed and relevant
fingerprint-getting functions have been simplified without changes in
behavior.
Signed-off-by: Steven Guikal <void@fluix.one>
This commit adds a new Arch dependency: `libeatmydata`, which
provides the `eatmydata` executable that stubs out fsync() operations.
We use `eatmydata` to run our sharness and pytests in Docker now.
With `autocommit=True`, required by SQLAlchemy to keep the
session up to date with external DB modifications, many fsync
calls are used in the SQLite backend; especially because we're wiping
and creating records in every DB-bound test.
**Before:**
- mysql: 1m42s (elapsed during pytest run)
- sqlite: 3m06s (elapsed during pytest run)
**After:**
- mysql: 1m40s (elapsed during pytest run)
- sqlite: 1m50s (elapsed during pytest run)
Shout out to @klausenbusk, who suggested this as a possible fix,
and it was. Thanks, Kristian!
Closes#120
Signed-off-by: Kevin Morris <kevr@0cost.org>
Changes from PHP:
- If a user submits a POST request with an invalid reason,
they are returned back to the closure form with a BAD_REQUEST status.
- Now, users which created a PackageRequest have the ability to close
their own.
- Form action has been changed to `/requests/{id}/close`.
Closes https://gitlab.archlinux.org/archlinux/aurweb/-/issues/20
Signed-off-by: Kevin Morris <kevr@0cost.org>
This change implements the FastAPI version of the
/pkgbase/{name}/request form's action.
Changes from PHP:
- Additional errors are now displayed for the **merge_into** field,
which are only displayed when the Merge type is selected.
- If the **merge_into** field is empty, a new error is displayed:
'The "Merge into" field must not be empty.'
- If the **merge_into** field is given the name of a package base
which does not exist, a new error is displayed:
"The package base you want to merge into does not exist."
- If the **merge_into** field is given the name of the package
base that a request is being created for, a new error is
displayed: "You cannot merge a package base into itself."
- When an error is encountered, users are now brought back to
the request form which they submitted and an error is displayed
at the top of the page.
- If an invalid type is provided, users are returned to a BAD_REQUEST
status rendering of the request form.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This change required a slight modification of how we handle
the Requests page. It is now available to all users.
This commit provides 1/2 of the implementation which actually
satisfies this feature. 2/2 will contain the actual implementation
of closures of requests, which will also allow users who created
the request to decide to close it.
Issue: https://gitlab.archlinux.org/archlinux/aurweb/-/issues/20
Signed-off-by: Kevin Morris <kevr@0cost.org>
Introduces `aurweb.defaults` and `aurweb.filters`.
`aurweb.filters` is a location developers can put their additional
Jinja2 filters and/or functions. We should slowly move all of our
filters over here, where it makes sense.
`aurweb.defaults` is a new module which hosts some default constants
and utility functions, starting with offsets (O) and per page values
(PP).
As far as the new GET /requests is concerned, we match up here to
PHP's implementation, with some minor improvements:
Improvements:
* PP on this page is now configurable: 50 (default), 100, or 250.
* Example: `https://localhost:8444/requests?PP=250`
Modifications:
* The pagination is a bit different, but serves the exact same purpose.
* "Last" no longer goes to an empty page.
* Closes: https://gitlab.archlinux.org/archlinux/aurweb/-/issues/14
Signed-off-by: Kevin Morris <kevr@0cost.org>
Along with this, created a new test suite at test/test_html.py,
which has the responsibility of testing various HTML things
that are not suitable for another test suite.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Changes from PHP:
- Form action now points to `/pkgbase/{name}/comaintainers`.
- When an error occurs, users are sent back to
`/pkgbase/{name}/comaintainers` with an error at the top of the page.
(PHP used to send people to /pkgbase/, which ended up at a blank
search page).
Closes: https://gitlab.archlinux.org/archlinux/aurweb/-/issues/51
Signed-off-by: Kevin Morris <kevr@0cost.org>
In addition, fix up some templates to display pinned comments,
and include the unpin form input for pinned comments, which is
not yet implemented.
Signed-off-by: Kevin Morris <kevr@0cost.org>
In PHP, this was implemented using an /rpc type 'get-comment-form'.
With FastAPI, we've decided to reorganize this into a non-RPC route:
`/pkgbase/{name}/comments/{id}/form`, rendered via the new
`templates/partials/packages/comment_form.html` template.
When the comment_form.html template is provided a `comment` object,
it will produce an edit comment form. Otherwise, it will produce a new
comment form.
A few new FastAPI routes have been introduced:
- GET `/pkgbase/{name}/comments/{id}/form`
- Produces a JSON response based on {"form": "<form_markup>"}.
- POST `/pkgbase/{name}/comments'
- Creates a new comment.
- POST `/pkgbase/{name}/comments/{id}`
- Edits an existing comment.
In addition, some Javascript has been modified for our new routes.
Signed-off-by: Kevin Morris <kevr@0cost.org>
In terms of performance, most queries on this page win over
PHP in query times, with the exception of sorting by Voted or
Notify (https://gitlab.archlinux.org/archlinux/aurweb/-/issues/102).
Otherwise, there are a few modifications: described below.
* Pagination
* The `paginate` Python module has been used in the FastAPI
project
here to implement paging on the packages search page. This
changes how pagination is displayed, however it serves the
same purpose. We'll take advantage of this module in other
places as well.
* Form action
* The form action for actions now use `POST /packages` to
perform. This is currently implemented and will be
addressed in a follow-up commit.
* Input names and values
* Input names and values have been modified to satisfy the
snake_case naming convention we'd like to use as much as
possible.
* Some input names and values were modified to comply with
FastAPI Forms: (IDs[<id>]) -> (IDs, <id>).
Signed-off-by: Kevin Morris <kevr@0cost.org>
Previously, we were running a single ORM query for every single package
to check for its voted or notified states. Now, we perform a single
ORM query for each of the set of voted or notified packages in
relation with the request user.
This improves performance drastically at the expense of some
manual code additions and set-dependency; i.e. we add a bit
more complexity and roundabout way of getting our data.
Closes: https://gitlab.archlinux.org/archlinux/aurweb/-/issues/102
Signed-off-by: Kevin Morris <kevr@0cost.org>
