This commit does quite a bit:
- Catches unhandled exceptions raised in the route handler and
produces a 500 Internal Server Error Arch-themed response.
- Each unhandled exception causes a notification to be sent to new
`notifications.postmaster` email with a "Traceback ID."
- Traceback ID is logged to the server along with the traceback which
caused the 500: `docker-compose logs fastapi | grep '<traceback_id>'`
- If `options.traceback` is set to `1`, traceback is displayed in
the new 500.html template.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Originally left at util/adduser.py, this script allows administrators
to simply add a user to the configured aurweb database.
See --help for options.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This gets raised when a client closes a connection before receiving
a valid response; this is not controllable from our side.
Signed-off-by: Kevin Morris <kevr@0cost.org>
These new decorators are meant to be used without any arguments
and provide aliases to auth_required:
- `auth_required(True) -> requires_auth`
- `auth_required(False) -> requires_guest`
These decorators should be used without arguments, e.g.:
@router.get("/")
@requires_guest
async def my_route(request: Request):
return HTMLResponse()
Signed-off-by: Kevin Morris <kevr@0cost.org>
Move package request routes and related routes to their
respective routers. In addition, move some utility used
for requests over from `aurweb.packages`.
Introduced routers:
- `aurweb.routers.requests`
Introduced package:
- `aurweb.requests`
Introduced module:
- `aurweb.requests.util`
Changes:
- Moved `aurweb.packages.validate` to `aurweb.pkgbase.validate`
- Moved requests listing & request closure routes to
`aurweb.routers.requests`
- Moved pkgbase request creation route to `aurweb.routers.pkgbase`
- Moved `get_pkgreq_by_id` from `aurweb.packages.util` to
`aurweb.requests.util` and fixed its return type hint.
Signed-off-by: Kevin Morris <kevr@0cost.org>
`delete_package` was processing package deletions through `Package`
instances. This doesn't make sense; if we delete a package, we want
to target its package base.
This new function vastly simplifies the previous.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Previously, when the relationship was None, an <a> would still
wrap the None value erroneously. This addresses that for all
three user fields.
In addition, this commit adds direct testing for the
`templates/partials/packages/details.html` template.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit centralizes comaintainer management with a few new
functions and uses them more appropriately within routes:
- aurweb.packages.util.latest_priority
- aurweb.packages.util.remove_comaintainer
- aurweb.packages.util.remove_comaintainers
- aurweb.packages.util.add_comaintainer
- aurweb.packages.util.add_comaintainers
- aurweb.packages.util.rotate_comaintainers
Closes#117
Signed-off-by: Kevin Morris <kevr@0cost.org>
While this does make more sense to me personally, there is no need
to change how the AUR treats its users; it has been accepted for
ages and not found to be ridden with flaws. Stay with the tried
and true method.
Signed-off-by: Kevin Morris <kevr@0cost.org>
- Use queries more closely aligned to PHP's implementation; removes
the need for separate vote/notification queries.
- Default sort by popularity
Closes#214
Signed-off-by: Kevin Morris <kevr@0cost.org>
Instead of allowing an exception to propogate through the framework
routes, catch it and log out an error about notifications not being
sent.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit also decouples testing regarding this feature
into several test functions.
Signed-off-by: Kevin Morris <kevr@0cost.org>
bump
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit changes several things about how we were handling
package requests.
Modifications (requests):
-------------
- `/requests/{id}/close` no longer provides an Accepted selection.
All manual request closures will cause a rejection.
- Relevent `pkgbase` actions now trigger request closures:
`/pkgbase/{name}/delete` (deletion), `/pkgbase/{name}/merge` (merge)
and `/pkgbase/{name}/disown` (orphan).
- Comment fields have been added to
`/pkgbase/{name}/{delete,merge,disown}`, which is used to set the
`PackageRequest.ClosureComment` on pending requests. If the comment
field is left blank, a closure comment is autogenerated.
- Autogenerated request notifications are only sent out once
as a closure notification.
- Some markup has been fixed.
Modifications (disown/orphan):
-----------------------------
- Orphan requests are now handled through the same path as
deletion/merge.
- We now check for due date when disowning as non-maintainer;
previously, this was only done for display and not functionally.
This check applies to Trusted Users' disowning of a package.
This style of notification flow does reduce our visibility, but
accounting can still be done via the close request; it includes
the action, pkgbase name and the user who accepted it.
Closes#204
Signed-off-by: Kevin Morris <kevr@0cost.org>
Previously, we were just relying on the cookie expiration
for sessions to expire. We were not cleaning up Session
records either.
Rework timing to depend on an AURREMEMBER cookie which is
now emitted on login during BasicAuthBackend processing.
If the SID does still have a session but it's expired,
we now delete the session record before returning.
Otherwise, we update the session's LastUpdateTS to
the current time.
In addition, stored the unauthenticated result value
in a variable to reduce redundancy.
Signed-off-by: Kevin Morris <kevr@0cost.org>
We've seen a bug in the past where unique SID generation fails and
still ends up raising an exception.
This commit reworks how we deal with database exceptions internally,
tries for 36 iterations to set a fresh unique SID, and raises a 500
HTTPException if we were unable to.
Signed-off-by: Kevin Morris <kevr@0cost.org>
