microblog.pub/app/admin.py

287 lines
7.8 KiB
Python
Raw Normal View History

2022-06-22 13:11:22 -05:00
from fastapi import APIRouter
from fastapi import Cookie
from fastapi import Depends
from fastapi import Form
from fastapi import Request
from fastapi import UploadFile
from fastapi.exceptions import HTTPException
from fastapi.responses import RedirectResponse
from sqlalchemy.orm import Session
from sqlalchemy.orm import joinedload
from app import activitypub as ap
from app import boxes
from app import models
from app import templates
from app.actor import get_actors_metadata
from app.boxes import get_inbox_object_by_ap_id
from app.boxes import send_follow
from app.config import generate_csrf_token
from app.config import session_serializer
from app.config import verify_csrf_token
from app.config import verify_password
from app.database import get_db
from app.lookup import lookup
def user_session_or_redirect(
request: Request,
session: str | None = Cookie(default=None),
) -> None:
_RedirectToLoginPage = HTTPException(
status_code=302,
headers={"Location": request.url_for("login")},
)
if not session:
raise _RedirectToLoginPage
try:
loaded_session = session_serializer.loads(session, max_age=3600 * 12)
except Exception:
raise _RedirectToLoginPage
if not loaded_session.get("is_logged_in"):
raise _RedirectToLoginPage
return None
router = APIRouter(
dependencies=[Depends(user_session_or_redirect)],
)
unauthenticated_router = APIRouter()
@router.get("/")
def admin_index(
request: Request,
db: Session = Depends(get_db),
) -> templates.TemplateResponse:
return templates.render_template(db, request, "index.html", {"request": request})
@router.get("/lookup")
def get_lookup(
request: Request,
query: str | None = None,
db: Session = Depends(get_db),
) -> templates.TemplateResponse:
ap_object = None
actors_metadata = {}
if query:
ap_object = lookup(db, query)
if ap_object.ap_type in ap.ACTOR_TYPES:
2022-06-22 14:15:07 -05:00
actors_metadata = get_actors_metadata(db, [ap_object]) # type: ignore
2022-06-22 13:11:22 -05:00
else:
2022-06-22 14:15:07 -05:00
actors_metadata = get_actors_metadata(db, [ap_object.actor]) # type: ignore
2022-06-22 13:11:22 -05:00
print(ap_object)
return templates.render_template(
db,
request,
"lookup.html",
{
"query": query,
"ap_object": ap_object,
"actors_metadata": actors_metadata,
},
)
@router.get("/new")
def admin_new(
request: Request,
query: str | None = None,
db: Session = Depends(get_db),
) -> templates.TemplateResponse:
return templates.render_template(
db,
request,
"admin_new.html",
{},
)
@router.get("/stream")
def stream(
request: Request,
db: Session = Depends(get_db),
) -> templates.TemplateResponse:
stream = (
db.query(models.InboxObject)
.filter(
models.InboxObject.ap_type.in_(["Note", "Article", "Video", "Announce"]),
models.InboxObject.is_hidden_from_stream.is_(False),
models.InboxObject.undone_by_inbox_object_id.is_(None),
)
.options(
# joinedload(models.InboxObject.relates_to_inbox_object),
joinedload(models.InboxObject.relates_to_outbox_object),
)
.order_by(models.InboxObject.ap_published_at.desc())
.limit(20)
.all()
)
return templates.render_template(
db,
request,
"admin_stream.html",
{
"stream": stream,
},
)
@router.get("/notifications")
def get_notifications(
request: Request, db: Session = Depends(get_db)
) -> templates.TemplateResponse:
notifications = (
db.query(models.Notification)
.options(
joinedload(models.Notification.actor),
joinedload(models.Notification.inbox_object),
joinedload(models.Notification.outbox_object),
)
.order_by(models.Notification.created_at.desc())
.all()
)
actors_metadata = get_actors_metadata(
db, [notif.actor for notif in notifications if notif.actor]
)
for notif in notifications:
notif.is_new = False
db.commit()
return templates.render_template(
db,
request,
"notifications.html",
{
"notifications": notifications,
"actors_metadata": actors_metadata,
},
)
@router.post("/actions/follow")
def admin_actions_follow(
request: Request,
ap_actor_id: str = Form(),
redirect_url: str = Form(),
csrf_check: None = Depends(verify_csrf_token),
db: Session = Depends(get_db),
) -> RedirectResponse:
print(f"Following {ap_actor_id}")
send_follow(db, ap_actor_id)
return RedirectResponse(redirect_url, status_code=302)
@router.post("/actions/like")
def admin_actions_like(
request: Request,
ap_object_id: str = Form(),
redirect_url: str = Form(),
csrf_check: None = Depends(verify_csrf_token),
db: Session = Depends(get_db),
) -> RedirectResponse:
boxes.send_like(db, ap_object_id)
return RedirectResponse(redirect_url, status_code=302)
@router.post("/actions/undo")
def admin_actions_undo(
request: Request,
ap_object_id: str = Form(),
redirect_url: str = Form(),
csrf_check: None = Depends(verify_csrf_token),
db: Session = Depends(get_db),
) -> RedirectResponse:
boxes.send_undo(db, ap_object_id)
return RedirectResponse(redirect_url, status_code=302)
@router.post("/actions/announce")
def admin_actions_announce(
request: Request,
ap_object_id: str = Form(),
redirect_url: str = Form(),
csrf_check: None = Depends(verify_csrf_token),
db: Session = Depends(get_db),
) -> RedirectResponse:
boxes.send_announce(db, ap_object_id)
return RedirectResponse(redirect_url, status_code=302)
@router.post("/actions/bookmark")
def admin_actions_bookmark(
request: Request,
ap_object_id: str = Form(),
redirect_url: str = Form(),
csrf_check: None = Depends(verify_csrf_token),
db: Session = Depends(get_db),
) -> RedirectResponse:
inbox_object = get_inbox_object_by_ap_id(db, ap_object_id)
if not inbox_object:
raise ValueError("Should never happen")
inbox_object.is_bookmarked = True
db.commit()
return RedirectResponse(redirect_url, status_code=302)
@router.post("/actions/new")
async def admin_actions_new(
request: Request,
files: list[UploadFile],
content: str = Form(),
redirect_url: str = Form(),
csrf_check: None = Depends(verify_csrf_token),
db: Session = Depends(get_db),
) -> RedirectResponse:
# XXX: for some reason, no files restuls in an empty single file
if len(files) >= 1 and files[0].filename:
print("Got files")
public_id = boxes.send_create(db, content)
return RedirectResponse(
request.url_for("outbox_by_public_id", public_id=public_id),
status_code=302,
)
@unauthenticated_router.get("/login")
def login(
request: Request,
db: Session = Depends(get_db),
) -> templates.TemplateResponse:
return templates.render_template(
db,
request,
"login.html",
{"csrf_token": generate_csrf_token()},
)
@unauthenticated_router.post("/login")
def login_validation(
request: Request,
password: str = Form(),
csrf_check: None = Depends(verify_csrf_token),
) -> RedirectResponse:
if not verify_password(password):
raise HTTPException(status_code=401)
resp = RedirectResponse("/admin", status_code=302)
resp.set_cookie("session", session_serializer.dumps({"is_logged_in": True})) # type: ignore # noqa: E501
return resp
@router.get("/logout")
def logout(
request: Request,
) -> RedirectResponse:
resp = RedirectResponse(request.url_for("index"), status_code=302)
resp.set_cookie("session", session_serializer.dumps({"is_logged_in": False})) # type: ignore # noqa: E501
return resp