From b637767fba6dbf2be36cd193075c8e4438a6441e Mon Sep 17 00:00:00 2001 From: sose Date: Thu, 24 Dec 2020 03:11:45 +0000 Subject: [PATCH] first commit --- .gitignore | 6 + auth.py | 268 ++++++++++ certs/.gitkeep | 0 cli.py | 121 +++++ config/settings.json | 104 ++++ config/templates/board.template | 11 + config/templates/board_entry.template | 1 + config/templates/index.template | 3 + config/templates/op_post.template | 9 + config/templates/op_post_entry.template | 5 + config/templates/reply.template | 3 + db.py | 332 ++++++++++++ license | 674 ++++++++++++++++++++++++ motm.cgi | 6 + motm.py | 242 +++++++++ post.py | 124 +++++ readme.md | 121 +++++ 17 files changed, 2030 insertions(+) create mode 100644 .gitignore create mode 100644 auth.py create mode 100644 certs/.gitkeep create mode 100755 cli.py create mode 100644 config/settings.json create mode 100644 config/templates/board.template create mode 100644 config/templates/board_entry.template create mode 100644 config/templates/index.template create mode 100644 config/templates/op_post.template create mode 100644 config/templates/op_post_entry.template create mode 100644 config/templates/reply.template create mode 100644 db.py create mode 100644 license create mode 100755 motm.cgi create mode 100644 motm.py create mode 100644 post.py create mode 100644 readme.md diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..eb890a3 --- /dev/null +++ b/.gitignore @@ -0,0 +1,6 @@ +*.swp +__pycache__/ +usercerts/ +tests/ +.mypy_cache/ +motm.sqlite3 diff --git a/auth.py b/auth.py new file mode 100644 index 0000000..df946bf --- /dev/null +++ b/auth.py @@ -0,0 +1,268 @@ +#!/usr/bin/env python3 +from __future__ import annotations + +import datetime +import base64 + +from typing import Union, Optional, Callable +from cryptography.hazmat.primitives import serialization, hashes +from cryptography.hazmat.primitives.asymmetric import rsa +from cryptography import x509 +from cryptography.x509.oid import NameOID + +class CA: + hostname: str + cert: x509.Certificate + key: rsa.RSAPrivateKey + crl_path: str + + def __init__( + self, + hostname: str, + cert_path: str, + key_path: str, + crl_path: str, + password: Optional[str] = None, + ) -> None: + + self.hostname = hostname + + with open(cert_path, "rb") as cert_file: + self.cert = x509.load_pem_x509_certificate(cert_file.read()) + + with open(key_path, "rb") as key_file: + if password is not None: + self.key = serialization.load_pem_private_key( + key_file.read(), password=bytes(password, "utf-8") + ) + else: + self.key = serialization.load_pem_private_key( + key_file.read(), password=None + ) + + self.crl_path = crl_path + + def verify_cert(self, cert_str: str) -> bool: + # certificate expiration is checked by the server, so we only need to + # check to see if the cert has been revoked + crl: x509.CertificateRevocationList + cert: x509.Certificate = x509.load_pem_x509_certificate(bytes(cert_str, "utf-8")) + + with open(self.crl_path, "rb") as crl_file: + crl = x509.load_pem_x509_crl(crl_file.read()) + + for revoked_cert in crl: + if revoked_cert.serial_number == cert.serial_number: + return False + + return True + + def revoke_cert(self, cert_str: str) -> None: + crl: x509.CertificateRevocationList + + cert = x509.load_pem_x509_certificate(bytes(cert_str, "utf-8")) + + revoked_cert_builder: x509.RevokedCertificateBuilder = x509.RevokedCertificateBuilder() + revoked_cert_builder = revoked_cert_builder.revocation_date(datetime.datetime.today()) + revoked_cert_builder = revoked_cert_builder.serial_number(cert.serial_number) + revoked_cert: x509.RevokedCertificate = revoked_cert_builder.build() + + one_day: datetime.timedelta = datetime.timedelta(days=1) + + with open(self.crl_path, "rb") as crl_file: + crl = x509.load_pem_x509_crl(crl_file.read()) + + new_crl_builder: x509.CertificateRevocationListBuilder = ( + x509.CertificateRevocationListBuilder() + ) + + new_crl_builder = new_crl_builder.issuer_name( + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, self.hostname)]) + ) + + new_crl_builder = new_crl_builder.last_update(datetime.datetime.today()) + new_crl_builder = new_crl_builder.next_update( + datetime.datetime.today() + (one_day * 99999) + ) + + # add the existing revoked certs to the new crl + for existing_cert in crl: + new_crl_builder = new_crl_builder.add_revoked_certificate(existing_cert) + + # add the new revoked cert to the crl + new_crl_builder = new_crl_builder.add_revoked_certificate(revoked_cert) + + new_crl = new_crl_builder.sign(private_key=self.key, algorithm=hashes.SHA256()) + + with open(self.crl_path, "wb") as crl_file: + crl_file.write(new_crl.public_bytes(serialization.Encoding.PEM)) + + def unrevoke_cert (self, cert_str: str) -> None: + crl: x509.CertificateRevocationList + + cert: x509.Certificate = x509.load_pem_x509_certificate(bytes(cert_str, "utf-8")) + + one_day: datetime.timedelta = datetime.timedelta(days=1) + + with open(self.crl_path, "rb") as crl_file: + crl = x509.load_pem_x509_crl(crl_file.read()) + + new_crl_builder: x509.CertificateRevocationListBuilder = ( + x509.CertificateRevocationListBuilder() + ) + + new_crl_builder = new_crl_builder.issuer_name( + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, self.hostname)]) + ) + + new_crl_builder = new_crl_builder.last_update(datetime.datetime.today()) + new_crl_builder = new_crl_builder.next_update( + datetime.datetime.today() + (one_day * 99999) + ) + + # create a new crl without the cert that has been un-revoked + for existing_cert in crl: + if existing_cert.serial_number != cert.serial_number: + new_crl_builder = new_crl_builder.add_revoked_certificate(existing_cert) + + new_crl = new_crl_builder.sign(private_key=self.key, algorithm=hashes.SHA256()) + + with open(self.crl_path, "wb") as crl_file: + crl_file.write(new_crl.public_bytes(serialization.Encoding.PEM)) + + @classmethod + def new_ca( + cls, cert_dir: str, hostname: str, password: Optional[str] = None + ) -> CA: + cert: x509.Certificate + + key = rsa.generate_private_key( + public_exponent=65537, + key_size=4096, + ) + + crl: x509.CertificateRevocationList + + cert_path: str = cert_dir + "/ca.cert.pem" + key_path: str = cert_dir + "/ca.key" + crl_path: str = cert_dir + "/ca.crl" + + pubkey: rsa.RSAPublicKey = key.public_key() + + one_day: datetime.timedelta = datetime.timedelta(days=1) + + cert_builder: x509.CertificateBuilder = x509.CertificateBuilder() + + cert_builder = cert_builder.subject_name( + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, hostname)]) + ) + cert_builder = cert_builder.issuer_name( + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, hostname)]) + ) + cert_builder = cert_builder.not_valid_before( + datetime.datetime.today() - one_day + ) + cert_builder = cert_builder.not_valid_after( + datetime.datetime.today() + (one_day * 99999) + ) + cert_builder = cert_builder.serial_number(x509.random_serial_number()) + cert_builder = cert_builder.public_key(pubkey) + cert_builder = cert_builder.add_extension( + x509.BasicConstraints(ca=True, path_length=1), critical=True + ) + + cert = cert_builder.sign(private_key=key, algorithm=hashes.SHA256()) + + crl_builder: x509.CertificateRevocationListBuilder = ( + x509.CertificateRevocationListBuilder() + ) + + crl_builder = crl_builder.issuer_name( + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, hostname)]) + ) + + crl_builder = crl_builder.last_update(datetime.datetime.today()) + crl_builder = crl_builder.next_update( + datetime.datetime.today() + (one_day * 99999) + ) + + crl = crl_builder.sign(private_key=key, algorithm=hashes.SHA256()) + + with open(key_path, "wb") as key_file: + if password is not None: + key_file.write( + key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.BestAvailableEncryption( + bytes(password, "utf-8") + ), + ) + ) + else: + key_file.write( + key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption(), + ), + ) + with open(cert_path, "wb") as cert_file: + cert_file.write(cert.public_bytes(serialization.Encoding.PEM)) + + with open(crl_path, "wb") as crl_file: + crl_file.write(crl.public_bytes(serialization.Encoding.PEM)) + + return cls( + hostname=hostname, + cert_path=cert_path, + key_path=key_path, + crl_path=crl_path, + password=password, + ) + + def generate_user_cert(self, username: str) -> tuple: + cert: x509.Certificate + + key = rsa.generate_private_key( + public_exponent=65537, + key_size=4096, + ) + + key_str: str + cert_str: str + cert_hash: str + + pubkey: rsa.RSAPublicKey = key.public_key() + + one_day: datetime.timedelta = datetime.timedelta(days=1) + + builder: x509.CertificateBuilder = x509.CertificateBuilder() + + builder = builder.subject_name( + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, username)]) + ) + builder = builder.issuer_name( + x509.Name([x509.NameAttribute(NameOID.COMMON_NAME, self.hostname)]) + ) + builder = builder.not_valid_before(datetime.datetime.today() - one_day) + builder = builder.not_valid_after(datetime.datetime.today() + (one_day * 99999)) + builder = builder.serial_number(x509.random_serial_number()) + builder = builder.public_key(pubkey) + + cert = builder.sign(private_key=self.key, algorithm=hashes.SHA256()) + + if not isinstance(cert, x509.Certificate): + return () + + key_str = key.private_bytes( + encoding=serialization.Encoding.PEM, + format=serialization.PrivateFormat.TraditionalOpenSSL, + encryption_algorithm=serialization.NoEncryption(), + ).decode() + + cert_str = cert.public_bytes(serialization.Encoding.PEM).decode() + cert_hash = cert.fingerprint(hashes.SHA256()).hex().upper() + cert_hash = "SHA256:" + cert_hash + + return (key_str, cert_str, cert_hash) diff --git a/certs/.gitkeep b/certs/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/cli.py b/cli.py new file mode 100755 index 0000000..a897aea --- /dev/null +++ b/cli.py @@ -0,0 +1,121 @@ +#!/usr/bin/env python3 +import json +import time +import os +import cmd +import argparse +import threading + +from typing import Optional, Union +from getpass import getpass +from auth import CA +from db import DB +from post import Post + + +class CommandLine(cmd.Cmd): + def __init__(self, ca: CA, db: DB) -> None: + super().__init__() + self.intro: str = "hi." + self.prompt: str = "motm> " + self.ca = ca + self.db = db + + def do_get_post(self, arg) -> None: + post_id: int + if not arg.isnumeric(): + print("Please supply an integer post id") + return + + post_id = int(arg) + + post = self.db.get_post_by_id(post_id) + if post is None: + print("Post with id", post_id, "not found") + return + + print(post.render()) + + def do_del_post(self, arg) -> None: + post_id: int + if not arg.isnumeric(): + print("Please supply an integer post id") + return + post_id = int(arg) + self.db.del_post_by_id(post_id) + print("Deleted post", post_id) + + def do_ban(self, arg) -> None: + username: str = arg + user_cert: Optional[str] = self.db.get_user_cert(username) + if user_cert is None: + print("User", username, "not found") + return + + self.ca.revoke_cert(user_cert) + self.db.set_user_status("banned", username) + print("Banned user", username) + + def do_unban(self, arg) -> None: + username: str = arg + user_cert = self.db.get_user_cert(username) + if user_cert is None: + print("User", username, "not found") + return + + self.ca.unrevoke_cert(user_cert) + self.db.set_user_status("registered", username) + print("Unbanned user", username) + + def end(self) -> None: + print("bye.") + return + + +def main(): + settings_path: str = "config/settings.json" + settings: dict + ca_password: str = None + ca: CA + db: DB + command_line: CommandLine + + with open(settings_path, "r") as settings_file: + settings = json.load(settings_file) + + if ( + os.path.exists(settings["auth"]["caCert"]) + and os.path.exists(settings["auth"]["caKey"]) + and os.path.exists(settings["auth"]["caCRL"]) + ): + ca = CA( + settings["server"]["hostname"], + settings["auth"]["caCert"], + settings["auth"]["caKey"], + settings["auth"]["caCRL"], + ca_password, + ) + else: + print("Some or all of the CA files are missing. Create a new CA?", + "\n(this will overwrite any existing CA files) [y/n]") + + if input().lower() != "y": + return + + ca = CA.new_ca( + cert_dir=settings["auth"]["certDir"], + hostname=settings["server"]["hostname"], + password=ca_password, + ) + + db = DB(settings) + command_line = CommandLine(ca, db) + + try: + command_line.cmdloop() + except KeyboardInterrupt: + command_line.end() + + +if __name__ == "__main__": + main() diff --git a/config/settings.json b/config/settings.json new file mode 100644 index 0000000..06a5aa8 --- /dev/null +++ b/config/settings.json @@ -0,0 +1,104 @@ +{ + "templateDir": "config/templates", + "auth": { + "certDir": "certs", + "caCert": "certs/ca.cert.pem", + "caKey": "certs/ca.key", + "caCRL": "certs/ca.crl" + }, + "server": { + "hostname": "localhost" + }, + "db": { + "path": "motm.sqlite3", + "host": "localhost" + }, + "postTypes": { + "board_index": { + "childType": "board", + "template": "index", + "miniTemplate": null, + "paginated": false, + "maxChildren": 10, + "allowAppend": false, + "allowSubmission": false, + "titled": true, + "scored": false, + "sorting": "title" + }, + "board": { + "childType": "op_post", + "template": "board", + "miniTemplate": "board_entry", + "paginated": true, + "maxChildren": 10, + "allowAppend": false, + "allowSubmission": true, + "titled": true, + "scored": false, + "sorting": "score" + }, + "op_post": { + "childType": "reply", + "template": "op_post", + "miniTemplate": "op_post_entry", + "paginated": false, + "maxChildren": 0, + "allowAppend": true, + "allowSubmission": true, + "titled": true, + "scored": true, + "sorting": "timestamp" + }, + "reply": { + "childType": "reply", + "template": "reply", + "miniTemplate": "reply", + "paginated": false, + "maxChildren": 0, + "allowAppend": true, + "allowSubmission": false, + "titled": false, + "scored": false, + "sorting": "timestamp" + } + }, + "defaultPosts": { + "motm": { + "postType": "board_index", + "path": "boards", + "parent": null, + "text": "The messageboard on the moon.", + "template": "index", + "miniTemplate": null, + "allowAppend": false + }, + "one": { + "postType": "board", + "path": "one", + "text": "The first board.", + "parent": 1, + "template": "board", + "miniTemplate": "board_entry", + "allowAppend": false + }, + "two": { + "postType": "board", + "path": "two", + "text": "The second board.", + "parent": 1, + "template": "board", + "miniTemplate": "board_entry", + "allowAppend": false + }, + "three": { + "postType": "board", + "path": "three", + "text": "The third board.", + "parent": 1, + "template": "board", + "miniTemplate": "board_entry", + "allowAppend": false + } + } +} diff --git a/config/templates/board.template b/config/templates/board.template new file mode 100644 index 0000000..3649ee2 --- /dev/null +++ b/config/templates/board.template @@ -0,0 +1,11 @@ +# [{title}] +{text} + +=> {basename}/submit Create a new post + +=> ?page={next_page} Next Page +=> ?page={previous_page} Previous Page +---- +Page {current_page} + +{children} diff --git a/config/templates/board_entry.template b/config/templates/board_entry.template new file mode 100644 index 0000000..abdb679 --- /dev/null +++ b/config/templates/board_entry.template @@ -0,0 +1 @@ +=> {path} < {title} > diff --git a/config/templates/index.template b/config/templates/index.template new file mode 100644 index 0000000..df990cd --- /dev/null +++ b/config/templates/index.template @@ -0,0 +1,3 @@ +Welcome to ~~{title}~~ +---- +{children} diff --git a/config/templates/op_post.template b/config/templates/op_post.template new file mode 100644 index 0000000..941f7ca --- /dev/null +++ b/config/templates/op_post.template @@ -0,0 +1,9 @@ +# {title} +By {username} on {timestamp} + +{text} + +=> {basename}/submit Reply +=> {basename}/append Append +---- +{children} diff --git a/config/templates/op_post_entry.template b/config/templates/op_post_entry.template new file mode 100644 index 0000000..fb2f639 --- /dev/null +++ b/config/templates/op_post_entry.template @@ -0,0 +1,5 @@ +## {title} +By {username} on {timestamp} +{num_children} replies +=> {path} Expand +---- diff --git a/config/templates/reply.template b/config/templates/reply.template new file mode 100644 index 0000000..d9f603d --- /dev/null +++ b/config/templates/reply.template @@ -0,0 +1,3 @@ +{text} +By {username} on {timestamp} +---- diff --git a/db.py b/db.py new file mode 100644 index 0000000..1cefdcb --- /dev/null +++ b/db.py @@ -0,0 +1,332 @@ +import sqlite3 +import time +import os +from typing import Optional, List, Tuple +from post import Post + + +class DB: + settings: dict + name: str + connection: sqlite3.Connection + cursor: sqlite3.Cursor + + def __init__(self, settings: dict) -> None: + self.settings = settings + db_file_path: str = self.settings["db"]["path"] + + if os.path.exists(db_file_path): + self.connection = sqlite3.connect(db_file_path) + self.cursor = self.connection.cursor() + else: + self.connection = sqlite3.connect(db_file_path) + self.cursor = self.connection.cursor() + self.init_post_table() + self.create_default_posts() + + def init_post_table(self) -> None: + self.cursor.executescript( + """CREATE TABLE IF NOT EXISTS posts + (ip_address TEXT, + post_type TEXT, + post_id INTEGER, + timestamp INTEGER, + path TEXT, + title TEXT, + text TEXT, + options TEXT, + username TEXT, + cert_hash TEXT, + parent INTEGER, + num_children INTEGER, + score INTEGER); + + CREATE TABLE IF NOT EXISTS users (username TEXT, client_cert TEXT, cert_hash TEXT, status TEXT);""" + ) + + self.connection.commit() + + def latest_post_id(self) -> int: + latest_post: int = self.connection.execute( + """SELECT MAX(post_id) FROM posts""" + ).fetchone()[0] + return 0 if latest_post is None else latest_post + + def create_default_posts(self) -> None: + for post in self.settings["defaultPosts"]: + post_settings: dict = self.settings["defaultPosts"][post] + self.add_post( + ip_address="localhost", + post_type=post_settings["postType"], + post_id=(self.latest_post_id() + 1), + timestamp=time.time_ns(), + path=post_settings["path"], + text=post_settings["text"], + title=post, + parent=post_settings["parent"], + ) + + def hash_to_cert(self, cert_hash: str) -> Optional[str]: + client_cert: Tuple[str] = self.cursor.execute("""SELECT client_cert FROM users WHERE cert_hash=?""", (cert_hash,)).fetchone() + return None if client_cert is None else client_cert[0] + + def path_to_id(self, path: str) -> Optional[int]: + post_id: Tuple[int] = self.cursor.execute( + """SELECT post_id FROM posts WHERE path=?""", (path,) + ).fetchone() + + return None if post_id is None else post_id[0] + + def set_user_status(self, status: str, username: str) -> None: + self.cursor.execute( + """UPDATE users SET status = ? WHERE username=?""", (status, username) + ) + self.connection.commit() + + def append_to_post(self, post_id: int, text: str) -> None: + current_text: str = self.cursor.execute( + """SELECT text FROM posts WHERE post_id=?""", (post_id,) + ).fetchone()[0] + if current_text is None: + self.cursor.execute( + """UPDATE posts SET text = ? WHERE post_id=?""", (text, post_id) + ) + else: + self.cursor.execute( + """UPDATE posts SET text = text || ? WHERE post_id=?""", (text, post_id) + ) + + self.connection.commit() + + def add_user(self, username: str, user_cert: str, cert_hash: str) -> bool: + user_exists: bool = bool( + self.cursor.execute( + """SELECT * FROM users WHERE username=?""", (username,) + ).fetchone() + ) + if user_exists: + return False + else: + self.cursor.execute( + """INSERT INTO users VALUES (?,?,?,?)""", + (username, user_cert, cert_hash, "registered"), + ) + self.connection.commit() + return True + + def get_user_cert(self, username: str) -> Optional[str]: + user_cert: Tuple[str] = self.cursor.execute( + """SELECT client_cert FROM users WHERE username=?""", (username,) + ).fetchone() + return None if user_cert is None else user_cert[0] + + def del_post_by_id(self, post_id: int, children: Optional[bool] = True): + self.cursor.execute("""DELETE FROM posts WHERE post_id=?""", (post_id,)) + + if children: + self.cursor.execute("""DELETE FROM posts WHERE parent=?""", (post_id,)) + + self.connection.commit() + + def update_post_score(self, post_id: int) -> None: + score: int = self.cursor.execute( + """SELECT timestamp FROM posts WHERE post_id=?""", (post_id,) + ).fetchone()[0] + + parent_id: int = self.cursor.execute( + """SELECT parent FROM posts WHERE post_id=?""", (post_id,) + ).fetchone()[0] + + child_ids: List[Tuple[int]] = self.cursor.execute( + """SELECT post_id FROM posts WHERE parent=?""", (post_id,) + ).fetchall() + + num_children: int = int(len(child_ids)) + if num_children != 0: + for child_id_tuple in child_ids: + child_id = child_id_tuple[0] + child_score: int = self.cursor.execute( + """SELECT timestamp FROM posts WHERE post_id=?""", (child_id,) + ).fetchone()[0] + score += child_score + score = score // (num_children + 1) + + self.cursor.execute( + """UPDATE posts SET score = ? WHERE post_id=?""", (score, post_id) + ) + self.connection.commit() + + def add_post( + self, + ip_address: str, + post_type: str, + post_id: int, + timestamp: int, + path: Optional[str] = None, + title: Optional[str] = None, + text: Optional[str] = None, + options: Optional[str] = None, + username: Optional[str] = None, + cert_hash: Optional[str] = None, + parent: Optional[int] = None, + ) -> None: + parent_path: str + parent_type: str + num_children: int = 0 + score: int = 0 + + if path is None: + path = str(post_id) + + if parent is not None: + parent_path = self.cursor.execute( + """SELECT path FROM posts WHERE post_id=?""", (parent,) + ).fetchone()[0] + + parent_type = self.cursor.execute( + """SELECT post_type FROM posts WHERE post_id=?""", (parent,) + ).fetchone()[0] + + path = "{}/{}".format(parent_path, path) + + + post_tuple: tuple = ( + ip_address, + post_type, + post_id, + timestamp, + path, + title, + text, + options, + username, + cert_hash, + parent, + num_children, + score, + ) + self.cursor.execute( + """INSERT INTO posts VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?)""", post_tuple + ) + + self.cursor.execute( + """UPDATE posts SET num_children = num_children + 1 WHERE post_id=?""", + (parent,), + ) + + self.connection.commit() + if self.settings["postTypes"][post_type]["scored"]: + self.update_post_score(post_id) + + if parent is not None and self.settings["postTypes"][parent_type]["scored"]: + self.update_post_score(parent) + + + def get_post_by_id( + self, + post_id: int, + page_num: Optional[int] = None, + ) -> Optional[Post]: + post_data: tuple + post_type: str + max_children: int + paginated: bool = False + sorting: str + children: list = [] + child_data: Optional[list] = None + num_children: int = 1 + + post_data = self.cursor.execute( + """SELECT * FROM posts WHERE post_id=?""", (post_id,) + ).fetchone() + + if post_data is None: + return None + + post_type = post_data[1] + + sorting = self.settings["postTypes"][post_type]["sorting"] + + num_children = self.cursor.execute( + """SELECT COUNT (*) FROM posts WHERE parent=?""", + (post_id,), + ).fetchone()[0] + + max_children = self.settings["postTypes"][post_type]["maxChildren"] + paginated = self.settings["postTypes"][post_type]["paginated"] + + if max_children is None: + child_data = self.cursor.execute( + """SELECT * FROM posts WHERE parent=? ORDER BY %s DESC""" % sorting, + (post_id,), + ).fetchall() + elif paginated: + max_page: int = int(num_children / max_children) + ( + num_children % max_children > 0 + ) # math.ceil alternative + page_num = 1 if page_num is None or page_num < 1 else page_num + page_num = max_page if page_num > max_page else page_num + + offset: int = (page_num * max_children) - max_children + + child_data = self.cursor.execute( + """SELECT * FROM posts WHERE parent=? ORDER BY %s DESC LIMIT ?, ?""" % sorting, + (post_id, offset, max_children), + ).fetchall() + + else: + child_data = self.cursor.execute( + """SELECT * FROM posts WHERE parent=? ORDER BY %s DESC""" % sorting, + (post_id,), + ).fetchmany(max_children) + + if child_data is not None: + for child_datum in child_data: + children.append( + Post( + settings=self.settings, + post_type=child_datum[1], + post_id=child_datum[2], + timestamp=child_datum[3], + path=child_datum[4], + title=child_datum[5], + text=child_datum[6], + username=child_datum[8], + cert_hash=child_datum[9], + parent=child_datum[10], + num_children=child_datum[11], + ) + ) + else: + children = None + + return Post( + settings=self.settings, + post_type=post_data[1], + post_id=post_data[2], + timestamp=post_data[3], + path=post_data[4], + title=post_data[5], + text=post_data[6], + username=post_data[8], + cert_hash=post_data[9], + parent=post_data[10], + num_children=post_data[11], + children=children, + current_page=page_num, + ) + + def get_post_by_path( + self, + path: str, + page_num: Optional[int] = None, + ) -> Optional[Post]: + post_id: Optional[int] = self.path_to_id(path) + + if post_id is None: + return None + else: + return self.get_post_by_id( + post_id=post_id, + page_num=page_num, + ) diff --git a/license b/license new file mode 100644 index 0000000..f288702 --- /dev/null +++ b/license @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + Copyright (C) + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/motm.cgi b/motm.cgi new file mode 100755 index 0000000..cf7e616 --- /dev/null +++ b/motm.cgi @@ -0,0 +1,6 @@ +#!/usr/bin/env python3 +import sys +sys.path.append("/path/to/motm") +import motm + +motm.main() diff --git a/motm.py b/motm.py new file mode 100644 index 0000000..8c7acb2 --- /dev/null +++ b/motm.py @@ -0,0 +1,242 @@ +#!/usr/bin/env python3 +import os +import json +import time +from typing import Optional +from db import DB +from post import Post +from auth import CA +from urllib.parse import unquote, urlparse + +class MessageBoard: + + def __init__(self, settings_path: str, env: dict) -> None: + self.env: dict = env + + self.request_query: str = unquote(urlparse(env["GEMINI_URL"]).query) + self.request_path: str = self.env["PATH_INFO"] + + with open(settings_path, "r") as settings_file: + self.settings: dict = json.load(settings_file) + + self.ca: CA = CA( + self.settings["server"]["hostname"], + self.settings["auth"]["caCert"], + self.settings["auth"]["caKey"], + self.settings["auth"]["caCRL"], + None, + ) + + self.db: DB = DB(self.settings) + + def register_user(self) -> None: + response_body: str + user_key: str + user_cert: str + new_username: str = self.request_query + user_data: tuple + + if new_username == "": + print("10", "Enter the username you would like to register (please read the instructions first)") + return None + + user_data = self.ca.generate_user_cert(new_username) + + if user_data == (): + response_body = "Could not create user: an error occured while generating the certificate" + else: + user_key = user_data[0] + user_cert = user_data[1] + user_cert_hash = user_data[2] + + if self.db.add_user(username=new_username, user_cert=user_cert, cert_hash=user_cert_hash): + response_body = "CLIENT CERT:\n{}\n\nKEY:\n{}".format( + user_cert, user_key + ) + else: + response_body = "Could not create user: user already exists\n" + + print("20", "text/plain") + print(response_body) + return None + + def auth_user(self, post: Optional[Post] = None) -> bool: + client_hash: str + client_cert: Optional[str] + is_authorized: bool = False + try: + is_authorized = bool(self.env["TLS_CLIENT_AUTHORISED"]) + except KeyError: + print("60", "You need a certificate in order to do that.") + return False + + if not is_authorized: + print("61", "You are not using a registered certificate.") + return False + + client_hash = self.env["TLS_CLIENT_HASH"] + if post is not None and post.cert_hash != client_hash: + print("60", "You are not authorized to modify this post.") + return False + + client_cert = self.db.hash_to_cert(client_hash) + if client_cert is None: + print("60", "Cert hash not in db.") + return False + if self.ca.verify_cert(client_cert) != True: + print("60", "You are banned.") + return False + + return True + + def fetch_post(self) -> None: + body: str + post: Optional[Post] + + post_path = self.request_path.strip("/") + + if self.request_query.split("=")[0] == "page": + page_query: str = self.request_query.split("=")[1] + page_num: Optional[int] = int(page_query) if page_query.isnumeric() else None + post = self.db.get_post_by_path( + path=post_path, page_num=page_num + ) + else: + post = self.db.get_post_by_path(path=post_path) + + if post is None: + print("51", 'Could not find post "{}"'.format(post_path)) + return None + else: + body = post.render() + + print("20", "text/gemini") + print(body) + + def handle_submission(self) -> None: + post_settings: dict + child_settings: dict + username: str + post_path: str = "/".join(self.request_path.strip("/").split("/")[:-1]) + + post: Optional[Post] = self.db.get_post_by_path( + path=post_path + ) + + if post is None: + print("51", 'Could not submit: Could not find post "{}"'.format(post_path)) + return None + else: + post_settings = self.settings["postTypes"][post.post_type] + child_settings = self.settings["postTypes"][post_settings["childType"]] + + if post_settings["allowSubmission"] != True: + print("20", "text/plain") + print("That post cannot be submitted to.") + return None + + if self.request_query != "": + new_post_id = self.db.latest_post_id() + 1 + + if child_settings["titled"]: + self.db.add_post( + ip_address=self.env["REMOTE_ADDR"], + post_type=post_settings["childType"], + post_id=new_post_id, + timestamp=time.time_ns(), + path=str(new_post_id), + title=self.request_query, + username=self.env["REMOTE_USER"], + cert_hash=self.env["TLS_CLIENT_HASH"], + parent=post.post_id, + ) + else: + self.db.add_post( + ip_address=self.env["REMOTE_ADDR"], + post_type=post_settings["childType"], + post_id=new_post_id, + timestamp=time.time_ns(), + path=str(new_post_id), + title=str(new_post_id), + text=self.request_query, + username=self.env["REMOTE_USER"], + cert_hash=self.env["TLS_CLIENT_HASH"], + parent=post.post_id, + ) + print("30", "/".join(self.env["GEMINI_URL"].split("/")[:-1])) + return None + else: + if child_settings["titled"]: + print("10", "Enter the title for your post: ") + return None + else: + print("10", "Enter the text for your post: ") + return None + + def handle_append(self) -> Optional[bool]: + auth_status: bool + post_settings: dict + post_path: str = "/".join(self.request_path.strip("/").split("/")[:-1]) + + post: Optional[Post] = self.db.get_post_by_path( + path=post_path + ) + + if post is None: + print("51", 'Could not append: Could not find post "{}"'.format(post_path)) + return None + + else: + auth_status = self.auth_user(post) + if auth_status != True: + return auth_status + + post_settings = self.settings["postTypes"][post.post_type] + if self.request_query != "": + self.db.append_to_post( + post_id=post.post_id, + text=self.request_query.replace(r"\n", "\n"), + ) + print("30", "/".join(self.env["GEMINI_URL"].split("/")[:-1])) + return None + else: + if post_settings["allowAppend"] == False: + print("20", "text/plain") + print("This post cannot be appended to.") + return None + else: + print("10", "Enter the text to append to your post: ") + return None + + def handle_request(self) -> Optional[bool]: + basename: str + + if self.request_path == "": + print("30", "{}/boards\r\n".format(self.env["GEMINI_URL"])) + return None + + if self.request_path == "/register": + self.register_user() + return None + + basename = self.request_path.split("/")[-1] + + if basename == "submit": + auth_status = self.auth_user() + if auth_status == True: + self.handle_submission() + return None + + elif basename == "append": + auth_status = self.auth_user() + if auth_status == True: + self.handle_append() + return None + else: + self.fetch_post() + return None + +def main() -> None: + os.chdir(os.path.dirname(os.path.realpath(__file__))) + motm = MessageBoard("config/settings.json", dict(os.environ)) + motm.handle_request() diff --git a/post.py b/post.py new file mode 100644 index 0000000..427dfde --- /dev/null +++ b/post.py @@ -0,0 +1,124 @@ +import time +from typing import Union, Optional + + +class Post: + def __init__( + self, + settings: dict, + post_type: str, + post_id: int, + timestamp: int, + path: str, + title: str, + text: str, + username: str, + cert_hash: str, + parent: str, + num_children: int, + children: Optional[list] = None, + current_page: Optional[int] = None, + ) -> None: + + self.settings: dict = settings + self.post_type: str = post_type + self.post_id: int = post_id + self.timestamp: int = timestamp + self.path: str = path + self.title: str = title + self.text: str = text + self.username: str = username + self.cert_hash: str = cert_hash + self.parent: str = parent + self.num_children: int = num_children + self.children: Optional[list] = children + self.current_page: Optional[int] = current_page + + template_dir: str = self.settings["templateDir"] + template_name: str = self.settings["postTypes"][self.post_type]["template"] + mini_template_name: str = self.settings["postTypes"][self.post_type]["miniTemplate"] + + with open( + "{}/{}.template".format(template_dir, template_name), "r" + ) as template_file: + self.template = template_file.read() + + if mini_template_name is not None: + with open( + "{}/{}.template".format(template_dir, mini_template_name), "r" + ) as template_file: + self.mini_template = template_file.read() + + def render_children(self) -> str: + rendered_children: str = "" + if self.children is None: + return "" + + for child in self.children: + rendered_children += child.render(mini=True) + return rendered_children + + def render(self, mini: bool = False) -> str: + + hr_timestamp: str = time.strftime( + "%a, %d %b %Y %H:%M:%S +0000", + time.gmtime(int(self.timestamp) // 1000000000), + ) # convert unix time in nanoseconds to human-readable utc time + + basename: str = self.path.split("/")[-1] + cgi_safe_path: Union[list, str] = self.path.split("/") + + if len(cgi_safe_path) > 2: + cgi_safe_path = cgi_safe_path[-2:] + + cgi_safe_path = "/".join(cgi_safe_path) + + if self.username is None: + self.username = "[no username]" + if self.text is None: + self.text = "" + + if mini: + return self.mini_template.format( + post_id=self.post_id, + timestamp=hr_timestamp, + path=cgi_safe_path, + basename=basename, + title=self.title, + text=self.text, + username=self.username, + children=self.render_children(), + num_children=self.num_children, + ) + elif self.current_page is not None: + next_page: int = self.current_page + 1 + previous_page: int = (self.current_page - 1) if self.current_page > 1 else 1 + return self.template.format( + post_id=self.post_id, + timestamp=hr_timestamp, + path=cgi_safe_path, + basename=basename, + title=self.title, + text=self.text, + username=self.username, + children=self.render_children(), + num_children=self.num_children, + current_page=self.current_page, + previous_page=previous_page, + next_page=next_page, + ) + else: + return self.template.format( + post_id=self.post_id, + timestamp=hr_timestamp, + path=cgi_safe_path, + basename=basename, + title=self.title, + username=self.username, + text=self.text, + children=self.render_children(), + num_children=self.num_children, + current_page=1, + previous_page=1, + next_page=1, + ) diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..b3c2e40 --- /dev/null +++ b/readme.md @@ -0,0 +1,121 @@ +# motm - the messageboard on the moon a flexible messageboard for the gemini +protocol + +live @ gemini://illegaldrugs.net/motm + +### features +- account registration with client certs +- unlimited length post creation +- basic moderation +- bans and unbans +- customizable templates for each page +- flexible messageboard creation + +### prerequisites +- python >= 3.7.3 +- cryptography >= 3.1 +- sqlite3 +- a gemini server fully compatible with jetforce's cgi implementation + +### using motm (end user) +- **navigation** + - navigating motm is fairly straightforward, select a board to view its + posts, select a post to view its replies. +- **registration** + - if you try to post to a board you will get an error + - this is because you are not registered + - registration is a simple process, but it is easy to mess up and lose your + username, read this fully before attempting to register + - in order to register, go to gemini://[path to motm]/register, e.g. + gemini://illegaldrugs.net/cgi-bin/motm/register for the messageboard +hosted at gemini://illegaldrugs.net/cgi-bin/motm + - you will be prompted for a username + - input your username + - if it is not taken, you will be given a client cert, as well as a key + - **DO NOT SHARE THIS KEY.** + - save this page, it will not be regenerated + - copy the key and cert into separate files, you should probably name them + something like "[username].cert" and "[username].key" respectively + - now, restart your client, this time supplying the respective certificate + and key files + - for example, with av98 i would run `av98 --tls-cert [username].cert + --tls-key [username].key` +- **posting** + - once you have registered, you can create a new post by selecting the + 'Create new post' option + - input the title you would like to use for your post + - now the post has been created + - in order to add text to the post, navigate to it and select the 'Append' + option + - you may repeat this process as much as you like, the post is automatically + updated on each append + - no spaces or newlines are added for you when appending to a post, however + a newline can be inserted by using the string "\n" in your text + +### hosting motm +- make sure you are not root +- clone this repo somewhere onto your computer +- open the 'config/settings.json' file + - edit the `hostname` entry in the `server` section to reflect the hostname + or ip of your server + - edit the names and settings for the **3** default boards, under + `defaultPosts` adding more boards if you like + - `motm` is not a board, leave that alone +- run `./cli.py` once to generate the necessary files + - once you're done, `^C` to exit +- copy the 'motm.cgi' file to your cgi-bin +- edit the 'motm.cgi' file so that it points to the repo you cloned earlier +- start your server + +### moderating motm +- moderating your messageboard is done through the 'cli.py' script +- motm provides a few commands for moderation + - `del_post [post id]` + - deletes a post + - `ban [username]` + - bans a user + - `unban [username]` + - unbans a user + +### customizing motm +- basic customization is done by editing the templates in the 'config/templates' + dir +- further customization can be done by editing the settings.json file, though + this file is fragile and improper editing can easily break the script + +### notes/bugs +- this software was tested with + [jetforce's](https://github.com/michael-lazar/jetforce) cgi implementation, it +should work with other servers provided they implement the necessary cgi vars for +verifying tls certificates +- password protected CAs are not supported right now, if you create your ca with + a password motm will break +- the scoring system might be broken, or it might just be very inefficient +- the code is a bit weird because i hastily switched from building off of + jetforce to writing a purely cgi app. there are also probably some bugs +because of that + +### q&a + +*q: why did you write this?* + +a: bored. + +*q: wait, what is this gemini thing anyway?* + +a: gemini is a protocol. https://gemini.circumlunar.space/ + +*q: how do i pronounce 'motm'* + +a: one word like "bottom", or 4 letters like "em-oh-tee-em" + +*q: is motm named after the kid cudi album or the counter-strike player?* + +a: the [counter-strike player](https://www.hltv.org/player/13230/motm), though +[those +albums](https://en.wikipedia.org/wiki/Kid_Cudi#2009%E2%80%9310:_Man_on_the_Moon_series) +are fantastic, and you should check them out + +the first project. + +(c) 2020 oneseveneight/sose