zydronium/neocities
1
0
Fork 0
mirror of https://github.com/neocities/neocities.git synced 2025-04-28 11:12:30 +02:00
Code Issues Projects Releases Packages Wiki Activity

Folders.

Browse source
This commit is contained in:
Kyle Drake 2014-08-19 13:44:15 -07:00
parent 605fdce9be
commit 2f73732daa
17 changed files with 508 additions and 288 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
Gemfile
View file

@ -7,7 +7,6 @@ gem 'bcrypt'
gem 'sinatra-flash', require: 'sinatra/flash' gem 'sinatra-flash', require: 'sinatra/flash'
gem 'sinatra-xsendfile', require: 'sinatra/xsendfile' gem 'sinatra-xsendfile', require: 'sinatra/xsendfile'
gem 'puma', require: nil gem 'puma', require: nil
gem 'rubyzip', require: 'zip'
gem 'rack-recaptcha', require: 'rack/recaptcha' gem 'rack-recaptcha', require: 'rack/recaptcha'
gem 'rmagick', require: nil gem 'rmagick', require: nil
gem 'sidekiq' gem 'sidekiq'
@ -19,6 +18,8 @@ gem 'erubis'
gem 'stripe', :git => 'https://github.com/stripe/stripe-ruby' gem 'stripe', :git => 'https://github.com/stripe/stripe-ruby'
gem 'screencap' gem 'screencap'
gem 'cocaine' gem 'cocaine'
gem 'zipruby'
gem 'always_verify_ssl_certificates'
platform :mri do platform :mri do
gem 'magic' # sudo apt-get install file, For OSX: brew install libmagic gem 'magic' # sudo apt-get install file, For OSX: brew install libmagic
@ -54,13 +55,12 @@ group :test do
gem 'minitest' gem 'minitest'
gem 'minitest-reporters', require: 'minitest/reporters' gem 'minitest-reporters', require: 'minitest/reporters'
gem 'rack-test', require: 'rack/test' gem 'rack-test', require: 'rack/test'
gem 'webmock'
gem 'mocha', require: nil gem 'mocha', require: nil
gem 'rake', require: nil gem 'rake', require: nil
gem 'poltergeist' gem 'poltergeist'
gem 'phantomjs', require: 'phantomjs/poltergeist' gem 'phantomjs', require: 'phantomjs/poltergeist'
gem 'capybara'
gem 'capybara_minitest_spec' gem 'capybara_minitest_spec'
gem 'rack_session_access', require: nil
platform :mri do platform :mri do
gem 'simplecov', require: nil gem 'simplecov', require: nil

32
Gemfile.lock
View file

@ -18,6 +18,7 @@ GEM
tzinfo (~> 1.1) tzinfo (~> 1.1)
addressable (2.3.6) addressable (2.3.6)
ago (0.1.5) ago (0.1.5)
always_verify_ssl_certificates (0.3.0)
ansi (1.4.3) ansi (1.4.3)
autoparse (0.3.3) autoparse (0.3.3)
addressable (>= 2.3.1) addressable (>= 2.3.1)
@ -25,7 +26,7 @@ GEM
multi_json (>= 1.0.0) multi_json (>= 1.0.0)
bcrypt (3.1.7) bcrypt (3.1.7)
builder (3.2.2) builder (3.2.2)
capybara (2.2.1) capybara (2.4.1)
mime-types (>= 1.16) mime-types (>= 1.16)
nokogiri (>= 1.3.3) nokogiri (>= 1.3.3)
rack (>= 1.0.0) rack (>= 1.0.0)
@ -44,8 +45,6 @@ GEM
coderay (1.1.0) coderay (1.1.0)
columnize (0.3.6) columnize (0.3.6)
connection_pool (2.0.0) connection_pool (2.0.0)
crack (0.4.2)
safe_yaml (~> 1.0.0)
debugger (1.6.6) debugger (1.6.6)
columnize (>= 0.3.1) columnize (>= 0.3.1)
debugger-linecache (~> 1.2.0) debugger-linecache (~> 1.2.0)
@ -89,7 +88,7 @@ GEM
metaclass (0.0.4) metaclass (0.0.4)
method_source (0.8.2) method_source (0.8.2)
mime-types (1.25.1) mime-types (1.25.1)
mini_portile (0.5.3) mini_portile (0.6.0)
minitest (5.3.1) minitest (5.3.1)
minitest-reporters (1.0.2) minitest-reporters (1.0.2)
ansi ansi
@ -98,13 +97,13 @@ GEM
powerbar powerbar
mocha (1.0.0) mocha (1.0.0)
metaclass (~> 0.0.1) metaclass (~> 0.0.1)
multi_json (1.9.2) multi_json (1.10.1)
multipart-post (2.0.0) multipart-post (2.0.0)
nokogiri (1.6.1) nokogiri (1.6.3.1)
mini_portile (~> 0.5.0) mini_portile (= 0.6.0)
pg (0.17.1) pg (0.17.1)
phantomjs (1.9.7.0) phantomjs (1.9.7.0)
poltergeist (1.5.0) poltergeist (1.5.1)
capybara (~> 2.1) capybara (~> 2.1)
cliver (~> 0.3.1) cliver (~> 0.3.1)
multi_json (~> 1.0) multi_json (~> 1.0)
@ -129,6 +128,9 @@ GEM
json json
rack-test (0.6.2) rack-test (0.6.2)
rack (>= 1.0) rack (>= 1.0)
rack_session_access (0.1.1)
builder (>= 2.0.0)
rack (>= 1.0.0)
rainbows (4.6.1) rainbows (4.6.1)
kgio (~> 2.5) kgio (~> 2.5)
rack (~> 1.1) rack (~> 1.1)
@ -142,8 +144,6 @@ GEM
mime-types (>= 1.16) mime-types (>= 1.16)
retriable (1.4.1) retriable (1.4.1)
rmagick (2.13.2) rmagick (2.13.2)
rubyzip (1.1.2)
safe_yaml (1.0.1)
sass (3.3.8) sass (3.3.8)
screencap (0.1.1) screencap (0.1.1)
phantomjs phantomjs
@ -191,20 +191,18 @@ GEM
rack rack
raindrops (~> 0.7) raindrops (~> 0.7)
uuidtools (2.1.4) uuidtools (2.1.4)
webmock (1.17.4) websocket-driver (0.3.4)
addressable (>= 2.2.7)
crack (>= 0.3.2)
websocket-driver (0.3.2)
xpath (2.0.0) xpath (2.0.0)
nokogiri (~> 1.3) nokogiri (~> 1.3)
zipruby (0.3.6)
PLATFORMS PLATFORMS
ruby ruby
DEPENDENCIES DEPENDENCIES
ago ago
always_verify_ssl_certificates
bcrypt bcrypt
capybara
capybara_minitest_spec capybara_minitest_spec
cocaine cocaine
erubis erubis
@ -228,12 +226,12 @@ DEPENDENCIES
puma puma
rack-recaptcha rack-recaptcha
rack-test rack-test
rack_session_access
rainbows rainbows
rake rake
redis redis
rmagick rmagick
ruby-debug ruby-debug
rubyzip
sass sass
screencap screencap
sequel (= 4.8.0) sequel (= 4.8.0)
@ -246,4 +244,4 @@ DEPENDENCIES
sinatra-xsendfile sinatra-xsendfile
stripe! stripe!
tilt tilt
webmock zipruby

2
Rakefile
View file

@ -7,7 +7,7 @@ end
desc "Run all tests" desc "Run all tests"
Rake::TestTask.new do |t| Rake::TestTask.new do |t|
t.libs << "spec" t.libs << "spec"
t.test_files = FileList['tests/*_tests.rb'] t.test_files = FileList['tests/**/*_tests.rb']
t.verbose = true t.verbose = true
end end

82
app.rb
View file

@ -452,6 +452,13 @@ end
get '/dashboard' do get '/dashboard' do
require_login require_login
if params[:dir] && params[:dir][0] != '/'
params[:dir] = '/'+params[:dir]
end
@dir = params[:dir]
@file_list = current_site.file_list @dir
erb :'dashboard' erb :'dashboard'
end end
@ -562,7 +569,7 @@ post '/change_name' do
end end
old_host = current_site.host old_host = current_site.host
old_file_paths = current_site.file_list.collect {|f| f.filename} old_file_paths = current_site.file_list.collect {|f| f[:path]}
current_site.username = params[:name] current_site.username = params[:name]
@ -629,7 +636,8 @@ def file_upload_response(error=nil)
@error = error @error = error
halt 200, erb(:'dashboard') halt 200, erb(:'dashboard')
else else
redirect '/dashboard' query_string = params[:dir] ? "?"+Rack::Utils.build_query(dir: params[:dir]) : ''
redirect "/dashboard#{query_string}"
end end
else else
halt http_error_code, error if error halt http_error_code, error if error
@ -637,6 +645,20 @@ def file_upload_response(error=nil)
end end
end end
post '/site/create_directory' do
require_login
path = "#{params[:dir] || ''}/#{params[:name]}"
result = current_site.create_directory path
if result != true
flash[:error] = e.message
end
redirect "/dashboard?dir=#{Rack::Utils.escape params[:dir]}"
end
post '/site_files/upload' do post '/site_files/upload' do
require_login require_login
@errors = [] @errors = []
@ -647,12 +669,12 @@ post '/site_files/upload' do
end end
params[:files].each do |file| params[:files].each do |file|
file[:filename] = "#{params[:dir]}/#{file[:filename]}" if params[:dir]
if current_site.file_size_too_large? file[:tempfile].size if current_site.file_size_too_large? file[:tempfile].size
file_upload_response "#{file[:filename]} is too large, upload cancelled." file_upload_response "#{params[:dir]}/#{file[:filename]} is too large, upload cancelled."
end end
if !Site.valid_file_type? file if !Site.valid_file_type? file
file_upload_response "#{file[:filename]}: file type (or content in file) is not allowed on Neocities, upload cancelled." file_upload_response "#{params[:dir]}/#{file[:filename]}: file type (or content in file) is not allowed on Neocities, upload cancelled."
end end
end end
@ -664,7 +686,7 @@ post '/site_files/upload' do
results = [] results = []
params[:files].each do |file| params[:files].each do |file|
results << current_site.store_file(Site.sanitize_filename(file[:filename]), file[:tempfile]) results << current_site.store_file(file[:filename], file[:tempfile])
end end
current_site.increment_changed_count if results.include?(true) current_site.increment_changed_count if results.include?(true)
@ -674,20 +696,18 @@ end
post '/site_files/delete' do post '/site_files/delete' do
require_login require_login
sanitized_filename = Site.sanitize_filename params[:filename] current_site.delete_file params[:filename]
current_site.delete_file(sanitized_filename) flash[:success] = "Deleted #{params[:filename]}."
flash[:success] = "Deleted file #{params[:filename]}."
redirect '/dashboard' redirect '/dashboard'
end end
get '/site_files/:username.zip' do |username| get '/site_files/:username.zip' do |username|
require_login require_login
zipfile = current_site.files_zip zipfile_path = current_site.files_zip
content_type 'application/octet-stream' content_type 'application/octet-stream'
attachment "#{current_site.username}.zip" attachment "neocities-#{current_site.username}.zip"
zipfile send_file zipfile_path
end end
get '/site_files/download/:filename' do |filename| get '/site_files/download/:filename' do |filename|
@ -722,9 +742,7 @@ post '/site_files/save/:filename' do |filename|
halt 'File is too large to fit in your space, it has NOT been saved. Please make a local copy and then try to reduce the size.' halt 'File is too large to fit in your space, it has NOT been saved. Please make a local copy and then try to reduce the size.'
end end
sanitized_filename = Site.sanitize_filename filename current_site.store_file filename, tempfile
current_site.store_file sanitized_filename, tempfile
'ok' 'ok'
end end
@ -937,14 +955,11 @@ end
post '/api/upload' do post '/api/upload' do
require_api_credentials require_api_credentials
files = [] files = []
params.each do |k,v| params.each do |k,v|
next unless v.is_a?(Hash) && v[:tempfile] next unless v.is_a?(Hash) && v[:tempfile]
filename = k.to_s path = k.to_s
api_error(400, 'bad_filename', "#{filename} is not a valid filename, files not uploaded") unless Site.valid_filename? filename files << {filename: k || v[:filename], tempfile: v[:tempfile]}
files << {filename: filename, tempfile: v[:tempfile]}
end end
api_error 400, 'missing_files', 'you must provide files to upload' if files.empty? api_error 400, 'missing_files', 'you must provide files to upload' if files.empty?
@ -959,6 +974,10 @@ post '/api/upload' do
if !Site.valid_file_type?(file) if !Site.valid_file_type?(file)
api_error 400, 'invalid_file_type', "#{file[:filename]} is not a valid file type (or contains not allowed content), files have not been uploaded" api_error 400, 'invalid_file_type', "#{file[:filename]} is not a valid file type (or contains not allowed content), files have not been uploaded"
end end
if File.directory? file[:filename]
api_error 400, 'directory_exists', 'this name is being used by a directory, cannot continue'
end
end end
results = [] results = []
@ -976,26 +995,25 @@ post '/api/delete' do
api_error 400, 'missing_filenames', 'you must provide files to delete' if params[:filenames].nil? || params[:filenames].empty? api_error 400, 'missing_filenames', 'you must provide files to delete' if params[:filenames].nil? || params[:filenames].empty?
filenames = [] paths = []
params[:filenames].each do |path|
params[:filenames].each do |filename| unless path.is_a?(String) && Site.valid_path?(path)
unless filename.is_a?(String) && Site.valid_filename?(filename) api_error 400, 'bad_filename', "#{path} is not a valid filename, canceled deleting"
api_error 400, 'bad_filename', "#{filename} is not a valid filename, canceled deleting"
end end
if !current_site.file_exists?(filename) if !current_site.file_exists?(path)
api_error 400, 'missing_files', "#{filename} was not found on your site, canceled deleting" api_error 400, 'missing_files', "#{path} was not found on your site, canceled deleting"
end end
if filename == 'index.html' if path == 'index.html'
api_error 400, 'cannot_delete_index', 'you cannot delete your index.html file, canceled deleting' api_error 400, 'cannot_delete_index', 'you cannot delete your index.html file, canceled deleting'
end end
filenames << filename paths << path
end end
filenames.each do |filename| paths.each do |path|
current_site.delete_file(filename) current_site.delete_file(path)
end end
api_success 'file(s) have been deleted' api_success 'file(s) have been deleted'

1
environment.rb
View file

@ -7,7 +7,6 @@ Encoding.default_external = 'UTF-8'
require 'yaml' require 'yaml'
require 'json' require 'json'
require 'logger' require 'logger'
require 'zip'
Bundler.require Bundler.require
Bundler.require :development if ENV['RACK_ENV'] == 'development' Bundler.require :development if ENV['RACK_ENV'] == 'development'

218
models/site.rb
View file

@ -1,6 +1,7 @@
require 'tilt' require 'tilt'
require 'rss' require 'rss'
require 'nokogiri' require 'nokogiri'
require 'pathname'
class Site < Sequel::Model class Site < Sequel::Model
include Sequel::ParanoidDelete include Sequel::ParanoidDelete
@ -23,6 +24,7 @@ class Site < Sequel::Model
image/x-icon image/x-icon
application/pdf application/pdf
application/pgp-keys application/pgp-keys
application/pgp
text/xml text/xml
application/xml application/xml
audio/midi audio/midi
@ -70,6 +72,8 @@ class Site < Sequel::Model
EMAIL_SANITY_REGEX = /.+@.+\..+/i EMAIL_SANITY_REGEX = /.+@.+\..+/i
EDITABLE_FILE_EXT = /html|htm|txt|js|css|md/i
BANNED_TIME = 2592000 # 30 days in seconds BANNED_TIME = 2592000 # 30 days in seconds
TITLE_MAX = 100 TITLE_MAX = 100
@ -197,16 +201,16 @@ class Site < Sequel::Model
FileUtils.mkdir_p files_path FileUtils.mkdir_p files_path
%w{index not_found}.each do |name| %w{index not_found}.each do |name|
File.write file_path("#{name}.html"), render_template("#{name}.erb") File.write files_path("#{name}.html"), render_template("#{name}.erb")
purge_cache "#{name}.html" purge_cache "#{name}.html"
ScreenshotWorker.perform_async values[:username], "#{name}.html" ScreenshotWorker.perform_async values[:username], "#{name}.html"
end end
FileUtils.cp template_file_path('cat.png'), file_path('cat.png') FileUtils.cp template_file_path('cat.png'), files_path('cat.png')
end end
def get_file(filename) def get_file(path)
File.read file_path(filename) File.read files_path(path)
end end
def before_destroy def before_destroy
@ -252,8 +256,8 @@ class Site < Sequel::Model
FileUtils.mv files_path, File.join(PUBLIC_ROOT, 'banned_sites', username) FileUtils.mv files_path, File.join(PUBLIC_ROOT, 'banned_sites', username)
} }
site_files.file_list.collect {|f| f.filename}.each do |f| file_list.each do |path|
purge_cache f purge_cache path
end end
end end
@ -290,15 +294,11 @@ class Site < Sequel::Model
!@blockings.select {|b| b.site_id == site.id}.empty? !@blockings.select {|b| b.site_id == site.id}.empty?
end end
def self.valid_filename?(filename) def self.valid_path?(path)
return false if sanitize_filename(filename) != filename puts 'ditto restrictions scrub'
true true
end end
def self.sanitize_filename(filename)
filename.gsub(/[^a-zA-Z0-9_\-.]/, '')
end
def self.valid_username?(username) def self.valid_username?(username)
!username.empty? && username.match(/^[a-zA-Z0-9_\-]+$/i) !username.empty? && username.match(/^[a-zA-Z0-9_\-]+$/i)
end end
@ -331,19 +331,21 @@ class Site < Sequel::Model
true true
end end
def purge_cache(filename) def purge_cache(path)
payload = {site: username, path: filename} payload = {site: username, path: path}
payload[:domain] = domain if !domain.empty? payload[:domain] = domain if !domain.empty?
PurgeCacheWorker.perform_async payload PurgeCacheWorker.perform_async payload
end end
def store_file(filename, uploaded) def store_file(path, uploaded)
if File.exist?(file_path(filename)) && path = files_path(path)
Digest::SHA2.file(file_path(filename)).digest == Digest::SHA2.file(uploaded.path).digest if File.exist?(path) &&
Digest::SHA2.file(path).digest == Digest::SHA2.file(uploaded.path).digest
return false return false
end end
if filename == 'index.html' pathname = Pathname(path)
if pathname.basename.to_s == 'index.html'
new_title = Nokogiri::HTML(File.read(uploaded.path)).css('title').first.text new_title = Nokogiri::HTML(File.read(uploaded.path)).css('title').first.text
if new_title.length < TITLE_MAX if new_title.length < TITLE_MAX
@ -352,20 +354,26 @@ class Site < Sequel::Model
end end
end end
FileUtils.mv uploaded.path, file_path(filename) dirname = pathname.dirname.to_s
File.chmod(0640, file_path(filename))
purge_cache filename if !File.exists? dirname
FileUtils.mkdir_p dirname
ext = File.extname(filename).gsub(/^./, '')
if ext.match HTML_REGEX
ScreenshotWorker.perform_async values[:username], filename
elsif ext.match IMAGE_REGEX
ThumbnailWorker.perform_async values[:username], filename
end end
SiteChange.record self, filename FileUtils.mv uploaded.path, path
File.chmod 0640, path
purge_cache path
ext = File.extname(path).gsub(/^./, '')
if ext.match HTML_REGEX
ScreenshotWorker.perform_async values[:username], path
elsif ext.match IMAGE_REGEX
ThumbnailWorker.perform_async values[:username], path
end
SiteChange.record self, path
if self.site_changed != true if self.site_changed != true
self.site_changed = true self.site_changed = true
@ -375,6 +383,20 @@ class Site < Sequel::Model
true true
end end
def is_directory?(path)
File.directory? files_path(path)
end
def create_directory(path)
relative_path = files_path path
if Dir.exists?(relative_path) || File.exist?(relative_path)
return 'Directory (or file) already exists.'
end
FileUtils.mkdir_p relative_path
true
end
def increment_changed_count def increment_changed_count
self.changed_count += 1 self.changed_count += 1
self.updated_at = Time.now self.updated_at = Time.now
@ -382,49 +404,59 @@ class Site < Sequel::Model
end end
def files_zip def files_zip
file_path = "/tmp/neocities-site-#{username}.zip" zip_name = "neocities-#{username}"
Zip::File.open(file_path, Zip::File::CREATE) do |zipfile| tmpfile = Tempfile.new 'neocities-site-zip'
file_list.collect {|f| f.filename}.each do |filename| tmpfile.close
zipfile.add filename, file_path(filename)
Zip::Archive.open(tmpfile.path, Zip::CREATE) do |ar|
ar.add_dir(zip_name)
Dir.glob("#{base_files_path}/**/*").each do |path|
relative_path = path.gsub(base_files_path+'/', '')
if File.directory?(path)
ar.add_dir(zip_name+'/'+relative_path)
else
ar.add_file(zip_name+'/'+relative_path, path) # add_file(<entry name>, <source path>)
end
end end
end end
# TODO Don't dump the zipfile into memory tmpfile.path
zipfile = File.read file_path
File.delete file_path
zipfile
end end
def delete_file(filename) def delete_file(path)
begin begin
FileUtils.rm file_path(filename) FileUtils.rm files_path(path)
rescue Errno::EISDIR
FileUtils.remove_dir files_path(path), true
rescue Errno::ENOENT rescue Errno::ENOENT
end end
purge_cache filename purge_cache path
ext = File.extname(filename).gsub(/^./, '') ext = File.extname(path).gsub(/^./, '')
screenshots_delete(filename) if ext.match HTML_REGEX screenshots_delete(path) if ext.match HTML_REGEX
thumbnails_delete(filename) if ext.match IMAGE_REGEX thumbnails_delete(path) if ext.match IMAGE_REGEX
SiteChangeFile.filter(site_id: self.id, filename: filename).delete SiteChangeFile.filter(site_id: self.id, filename: path).delete
true true
end end
def move_files_from(oldusername) def move_files_from(oldusername)
FileUtils.mv files_path(oldusername), files_path FileUtils.mv base_files_path(oldusername), base_files_path
end end
def install_new_html_file(name) def install_new_html_file(path)
File.write file_path(name), render_template('index.erb') File.write files_path(path), render_template('index.erb')
purge_cache name purge_cache path
end end
def file_exists?(filename) def file_exists?(path)
File.exist? file_path(filename) File.exist? files_path(path)
end end
def after_save def after_save
@ -453,7 +485,7 @@ class Site < Sequel::Model
end end
# def after_destroy # def after_destroy
# FileUtils.rm_rf file_path # FileUtils.rm_rf files_path
# super # super
# end # end
@ -568,16 +600,48 @@ class Site < Sequel::Model
File.join TEMPLATE_ROOT, name File.join TEMPLATE_ROOT, name
end end
def files_path(name=nil) def base_files_path(name=username)
File.join SITE_FILES_ROOT, (name || username) raise 'username missing' if name.nil? || name.empty?
File.join SITE_FILES_ROOT, name
end end
def file_path(filename) # https://practicingruby.com/articles/implementing-an-http-file-server?u=dc2ab0f9bb
File.join files_path, filename def scrubbed_path(path='')
path ||= ''
clean = []
parts = path.split '/'
parts.each do |part|
next if part.empty? || part == '.'
clean << part if part != '..'
end
clean
end end
def file_list def files_path(path='')
Dir.glob(File.join(files_path, '*')).collect {|p| File.basename(p)}.sort.collect {|sitename| SiteFile.new sitename} File.join base_files_path, scrubbed_path(path)
end
def file_list(path='')
list = Dir.glob(File.join(files_path(path), '*')).collect do |file_path|
file = {
path: file_path.gsub(base_files_path, ''),
name: File.basename(file_path),
ext: File.extname(file_path).gsub('.', ''),
is_directory: File.directory?(file_path),
is_root_index: file_path == "#{base_files_path}/index.html"
}
file[:is_html] = !(file[:ext].match HTML_REGEX).nil?
file[:is_image] = !(file[:ext].match IMAGE_REGEX).nil?
file[:is_editable] = !(file[:ext].match EDITABLE_FILE_EXT).nil?
file
end
list.select {|f| f[:is_directory]}.sort_by {|f| f[:name]} +
list.select {|f| f[:is_directory] == false}.sort_by{|f| f[:name]}
end end
def file_size_too_large?(size_in_bytes) def file_size_too_large?(size_in_bytes)
@ -658,19 +722,19 @@ class Site < Sequel::Model
values[:hits].to_s.reverse.gsub(/...(?=.)/,'\&,').reverse values[:hits].to_s.reverse.gsub(/...(?=.)/,'\&,').reverse
end end
def screenshots_delete(filename) def screenshots_delete(path)
SCREENSHOT_RESOLUTIONS.each do |res| SCREENSHOT_RESOLUTIONS.each do |res|
begin begin
FileUtils.rm screenshot_path(filename, res) FileUtils.rm screenshot_path(path, res)
rescue Errno::ENOENT rescue Errno::ENOENT
end end
end end
end end
def thumbnails_delete(filename) def thumbnails_delete(path)
THUMBNAIL_RESOLUTIONS.each do |res| THUMBNAIL_RESOLUTIONS.each do |res|
begin begin
FileUtils.rm thumbnail_path(filename, res) FileUtils.rm thumbnail_path(path, res)
rescue Errno::ENOENT rescue Errno::ENOENT
end end
end end
@ -680,34 +744,34 @@ class Site < Sequel::Model
Site.where(tags: tags).limit(limit, offset).order(:updated_at.desc).all Site.where(tags: tags).limit(limit, offset).order(:updated_at.desc).all
end end
def screenshot_path(filename, resolution) def screenshot_path(path, resolution)
File.join(SCREENSHOTS_ROOT, values[:username], "#{filename}.#{resolution}.jpg") File.join(SCREENSHOTS_ROOT, values[:username], "#{path}.#{resolution}.jpg")
end end
def screenshot_exists?(filename, resolution) def screenshot_exists?(path, resolution)
File.exist? File.join(SCREENSHOTS_ROOT, values[:username], "#{filename}.#{resolution}.jpg") File.exist? File.join(SCREENSHOTS_ROOT, values[:username], "#{path}.#{resolution}.jpg")
end end
def screenshot_url(filename, resolution) def screenshot_url(path, resolution)
"#{SCREENSHOTS_URL_ROOT}/#{values[:username]}/#{filename}.#{resolution}.jpg" "#{SCREENSHOTS_URL_ROOT}/#{values[:username]}/#{path}.#{resolution}.jpg"
end end
def thumbnail_path(filename, resolution) def thumbnail_path(path, resolution)
ext = File.extname(filename).gsub('.', '').match(LOSSY_IMAGE_REGEX) ? 'jpg' : 'png' ext = File.extname(path).gsub('.', '').match(LOSSY_IMAGE_REGEX) ? 'jpg' : 'png'
File.join THUMBNAILS_ROOT, values[:username], "#{filename}.#{resolution}.#{ext}" File.join THUMBNAILS_ROOT, values[:username], "#{path}.#{resolution}.#{ext}"
end end
def thumbnail_exists?(filename, resolution) def thumbnail_exists?(path, resolution)
File.exist? thumbnail_path(filename, resolution) File.exist? thumbnail_path(path, resolution)
end end
def thumbnail_delete(filename, resolution) def thumbnail_delete(path, resolution)
File.rm thumbnail_path(filename, resolution) File.rm thumbnail_path(path, resolution)
end end
def thumbnail_url(filename, resolution) def thumbnail_url(path, resolution)
ext = File.extname(filename).gsub('.', '').match(LOSSY_IMAGE_REGEX) ? 'jpg' : 'png' ext = File.extname(path).gsub('.', '').match(LOSSY_IMAGE_REGEX) ? 'jpg' : 'png'
"#{THUMBNAILS_URL_ROOT}/#{values[:username]}/#{filename}.#{resolution}.#{ext}" "#{THUMBNAILS_URL_ROOT}/#{values[:username]}/#{path}.#{resolution}.#{ext}"
end end
def to_rss def to_rss

8
models/site_file.rb
View file

@ -1,8 +0,0 @@
class SiteFile
attr_reader :filename, :ext
def initialize(filename)
@filename = filename
@ext = File.extname(@filename).sub(/^./, '')
end
end

26
tests/acceptance/dashboard_tests.rb Normal file
View file

@ -0,0 +1,26 @@
require_relative './environment.rb'
describe 'dashboard' do
describe 'create directory' do
describe 'logged in' do
include Capybara::DSL
before do
Capybara.reset_sessions!
@site = Fabricate :site
page.set_rack_session id: @site.id
end
it 'creates a base directory' do
visit '/dashboard'
click_link 'New Folder'
fill_in 'name', with: 'testimages'
click_button 'Create'
page.must_have_content /testimages/
File.directory?(@site.files_path('testimages')).must_equal true
end
end
end
end

7
tests/acceptance/environment.rb Normal file
View file

@ -0,0 +1,7 @@
require_relative '../environment'
Capybara.app = Sinatra::Application
def teardown
Capybara.reset_sessions!
end

11
tests/acceptance/index_tests.rb Normal file
View file

@ -0,0 +1,11 @@
require_relative './environment.rb'
describe 'index' do
include Capybara::DSL
it 'goes to signup' do
Capybara.reset_sessions!
visit '/'
click_button 'Create My Website'
page.must_have_content('Create a New Website')
end
end

44
tests/acceptance/settings_tests.rb Normal file
View file

@ -0,0 +1,44 @@
require_relative './environment.rb'
describe 'site/settings' do
describe 'change username' do
include Capybara::DSL
def visit_signup
visit '/'
click_button 'Create My Website'
end
def fill_in_valid
@site = Fabricate.attributes_for(:site)
fill_in 'username', with: @site[:username]
fill_in 'password', with: @site[:password]
fill_in 'email', with: @site[:email]
end
before do
Capybara.reset_sessions!
visit_signup
end
it 'does not allow bad usernames' do
visit '/'
click_button 'Create My Website'
fill_in_valid
click_button 'Create Home Page'
visit '/settings'
fill_in 'name', with: ''
click_button 'Change Name'
fill_in 'name', with: '../hack'
click_button 'Change Name'
fill_in 'name', with: 'derp../hack'
click_button 'Change Name'
## TODO fix this without screwing up legacy sites
#fill_in 'name', with: '-'
#click_button 'Change Name'
page.must_have_content /valid.+name.+required/i
Site[username: @site[:username]].wont_equal nil
Site[username: ''].must_equal nil
end
end
end

53
tests/acceptance/signin_tests.rb Normal file
View file

@ -0,0 +1,53 @@
require_relative './environment.rb'
describe 'signin' do
include Capybara::DSL
def fill_in_valid
@site = Fabricate.attributes_for :site
fill_in 'username', with: @site[:username]
fill_in 'password', with: @site[:password]
end
def fill_in_valid_signup
fill_in_valid
fill_in 'email', with: @site[:email]
end
before do
Capybara.reset_sessions!
end
it 'fails for invalid login' do
visit '/'
click_link 'Sign In'
page.must_have_content 'Welcome Back'
fill_in_valid
click_button 'Sign In'
page.must_have_content 'Invalid login'
end
it 'fails for missing login' do
visit '/'
click_link 'Sign In'
auth = {username: SecureRandom.hex, password: Faker::Internet.password}
fill_in 'username', with: auth[:username]
fill_in 'password', with: auth[:password]
click_button 'Sign In'
page.must_have_content 'Invalid login'
end
it 'logs in with proper credentials' do
visit '/'
click_button 'Create My Website'
fill_in_valid_signup
click_button 'Create Home Page'
Capybara.reset_sessions!
visit '/'
click_link 'Sign In'
fill_in 'username', with: @site[:username]
fill_in 'password', with: @site[:password]
click_button 'Sign In'
page.must_have_content 'Your Feed'
end
end

111
tests/acceptance_tests.rb → tests/acceptance/signup_tests.rb
View file

@ -1,61 +1,4 @@
require_relative './environment' require_relative './environment.rb'
Capybara.app = Sinatra::Application
def teardown
Capybara.reset_sessions!
Capybara.use_default_driver
end
describe 'index' do
include Capybara::DSL
it 'goes to signup' do
visit '/'
click_button 'Create My Website'
page.must_have_content('Create a New Website')
end
end
describe 'change username' do
include Capybara::DSL
def visit_signup
visit '/'
click_button 'Create My Website'
end
def fill_in_valid
@site = Fabricate.attributes_for(:site)
fill_in 'username', with: @site[:username]
fill_in 'password', with: @site[:password]
fill_in 'email', with: @site[:email]
end
before do
Capybara.reset_sessions!
visit_signup
end
it 'does not allow bad usernames' do
visit '/'
click_button 'Create My Website'
fill_in_valid
click_button 'Create Home Page'
visit '/settings'
fill_in 'name', with: ''
click_button 'Change Name'
fill_in 'name', with: '../hack'
click_button 'Change Name'
fill_in 'name', with: 'derp../hack'
click_button 'Change Name'
## TODO fix this without screwing up legacy sites
#fill_in 'name', with: '-'
#click_button 'Change Name'
page.must_have_content /valid.+name.+required/i
Site[username: @site[:username]].wont_equal nil
Site[username: ''].must_equal nil
end
end
describe 'signup' do describe 'signup' do
include Capybara::DSL include Capybara::DSL
@ -216,55 +159,3 @@ describe 'signup' do
Site.last.tags.collect {|t| t.name}.must_equal ['derpie', 'shoujo'] Site.last.tags.collect {|t| t.name}.must_equal ['derpie', 'shoujo']
end end
end end
describe 'signin' do
include Capybara::DSL
def fill_in_valid
@site = Fabricate.attributes_for :site
fill_in 'username', with: @site[:username]
fill_in 'password', with: @site[:password]
end
def fill_in_valid_signup
fill_in_valid
fill_in 'email', with: @site[:email]
end
before do
Capybara.reset_sessions!
end
it 'fails for invalid login' do
visit '/'
click_link 'Sign In'
page.must_have_content 'Welcome Back'
fill_in_valid
click_button 'Sign In'
page.must_have_content 'Invalid login'
end
it 'fails for missing login' do
visit '/'
click_link 'Sign In'
auth = {username: SecureRandom.hex, password: Faker::Internet.password}
fill_in 'username', with: auth[:username]
fill_in 'password', with: auth[:password]
click_button 'Sign In'
page.must_have_content 'Invalid login'
end
it 'logs in with proper credentials' do
visit '/'
click_button 'Create My Website'
fill_in_valid_signup
click_button 'Create Home Page'
Capybara.reset_sessions!
visit '/'
click_link 'Sign In'
fill_in 'username', with: @site[:username]
fill_in 'password', with: @site[:password]
click_button 'Sign In'
page.must_have_content 'Your Feed'
end
end

58
tests/api_tests.rb
View file

@ -84,17 +84,17 @@ describe 'api delete' do
res[:error_type].must_equal 'cannot_delete_index' res[:error_type].must_equal 'cannot_delete_index'
end end
it 'fails with bad filename' do it 'succeeds with weird filenames' do
create_site create_site
basic_authorize @user, @pass basic_authorize @user, @pass
@site.store_file 't$st.jpg', Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg') @site.store_file 't$st.jpg', Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
post '/api/delete', filenames: ['t$st.jpg'] post '/api/delete', filenames: ['t$st.jpg']
res[:error_type].must_equal 'bad_filename' res[:result].must_equal 'success'
create_site create_site
basic_authorize @user, @pass basic_authorize @user, @pass
post '/api/delete', filenames: ['./config.yml'] post '/api/delete', filenames: ['./config.yml']
res[:error_type].must_equal 'bad_filename' res[:error_type].must_equal 'missing_files'
end end
it 'fails with missing files' do it 'fails with missing files' do
@ -137,13 +137,59 @@ describe 'api upload' do
res[:error_type].must_equal 'missing_files' res[:error_type].must_equal 'missing_files'
end end
it 'fails for invalid filenames' do it 'resists directory traversal attack' do
create_site create_site
basic_authorize @user, @pass basic_authorize @user, @pass
post '/api/upload', { post '/api/upload', {
'../lol.jpg' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg') '../lol.jpg' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
} }
res[:error_type].must_equal 'bad_filename' res[:result].must_equal 'success'
File.exist?(File.join(Site::SITE_FILES_ROOT, @site.username, 'lol.jpg')).must_equal true
end
it 'scrubs root path slash' do
create_site
basic_authorize @user, @pass
post '/api/upload', {
'/lol.jpg' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
}
res[:result].must_equal 'success'
File.exist?(File.join(Site::SITE_FILES_ROOT, @site.username, 'lol.jpg')).must_equal true
end
it 'fails for missing file name' do
create_site
basic_authorize @user, @pass
post '/api/upload', {
'/' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
}
res[:error_type].must_equal 'invalid_file_type'
create_site
basic_authorize @user, @pass
post '/api/upload', {
'' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
}
res[:error_type].must_equal 'missing_files'
end
it 'fails for file with no extension' do
create_site
basic_authorize @user, @pass
post '/api/upload', {
'derpie' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
}
res[:error_type].must_equal 'invalid_file_type'
end
it 'creates path for file uploads' do
create_site
basic_authorize @user, @pass
post '/api/upload', {
'derpie/derpingtons/lol.jpg' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg')
}
res[:result].must_equal 'success'
File.exist?(@site.files_path('derpie/derpingtons/lol.jpg')).must_equal true
end end
it 'fails for invalid files' do it 'fails for invalid files' do
@ -180,7 +226,7 @@ describe 'api upload' do
end end
def site_file_exists?(file) def site_file_exists?(file)
File.exist?(@site.file_path('test.jpg')) File.exist?(@site.files_path('test.jpg'))
end end
def res def res

11
tests/environment.rb
View file

@ -9,18 +9,23 @@ end
SimpleCov.command_name 'minitest' SimpleCov.command_name 'minitest'
require 'rack_session_access'
require './environment' require './environment'
require 'webmock'
include WebMock::API
require './app' require './app'
Bundler.require :test Bundler.require :test
#require 'minitest/pride' #require 'minitest/pride'
require 'minitest/autorun' require 'minitest/autorun'
require 'sidekiq/testing' require 'sidekiq/testing'
Sinatra::Application.configure do |app|
app.use RackSessionAccess::Middleware
end
require 'capybara/poltergeist'
require 'rack_session_access/capybara'
Site.bcrypt_cost = BCrypt::Engine::MIN_COST Site.bcrypt_cost = BCrypt::Engine::MIN_COST
MiniTest::Reporters.use! MiniTest::Reporters::SpecReporter.new MiniTest::Reporters.use! MiniTest::Reporters::SpecReporter.new

33
tests/site_file_tests.rb Normal file
View file

@ -0,0 +1,33 @@
require_relative './environment.rb'
require 'rack/test'
include Rack::Test::Methods
def app
Sinatra::Application
end
describe 'site_files' do
describe 'upload' do
it 'succeeds with valid file' do
site = Fabricate :site
post '/site_files/upload', {
'files[]' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg'),
'csrf_token' => 'abcd'
}, {'rack.session' => { 'id' => site.id, '_csrf_token' => 'abcd' }}
last_response.body.must_match /successfully uploaded/i
File.exists?(site.files_path('test.jpg')).must_equal true
end
it 'works with directory path' do
site = Fabricate :site
post '/site_files/upload', {
'dir' => 'derpie/derptest',
'files[]' => Rack::Test::UploadedFile.new('./tests/files/test.jpg', 'image/jpeg'),
'csrf_token' => 'abcd'
}, {'rack.session' => { 'id' => site.id, '_csrf_token' => 'abcd' }}
last_response.body.must_match /successfully uploaded/i
File.exists?(site.files_path('derpie/derptest/test.jpg')).must_equal true
end
end
end

91
views/dashboard.erb
View file

@ -15,14 +15,6 @@
display: none; display: none;
} }
</style> </style>
<!--
<form action="/site_files/upload" class="dropzone" id="uploads">
<input name="csrf_token" type="hidden" value="#{csrf_token}">
</form>
<div id="upload_status" style="font-size: 16pt"></div>
-->
<div class="header-Outro with-site-image"> <div class="header-Outro with-site-image">
<div class="row content wide"> <div class="row content wide">
@ -88,10 +80,27 @@
</div> </div>
</div> </div>
<div class="header"> <div class="header">
<div class="breadcrumbs">Home</div> <div class="breadcrumbs">
<% if params[:dir].nil? %>
Home
<% else %>
<a href="?">Home</a>
<% end %>
<% if @dir %>
<% dir_array = @dir.split '/' %>
<% dir_array.each_with_index do |dir,i| %>
<% if i+1 < dir_array.length %>
<a href="/dashboard?dir=<%= Rack::Utils.escape dir %>"><%= dir %></a> /
<% else %>
<%= dir %>
<% end %>
<% end %>
<% end %>
</div>
<div class="actions"> <div class="actions">
<a href="/site_files/new_page" class="btn-Action new-Page"><span>New Page</span></a> <a href="/site_files/new_page" class="btn-Action new-Page"><span>New Page</span></a>
<a href="" class="btn-Action new-Folder"><span>New Folder</span></a> <a href="#createDir" class="btn-Action new-Folder" data-toggle="modal"><span>New Folder</span></a>
<a href="#" class="btn-Action upload" onclick="clickUploadFiles(); return false"><span>Upload</span></a> <a href="#" class="btn-Action upload" onclick="clickUploadFiles(); return false"><span>Upload</span></a>
</div> </div>
</div> </div>
@ -99,47 +108,49 @@
<form action="/site_files/upload" class="dropzone" id="uploads"> <form action="/site_files/upload" class="dropzone" id="uploads">
<div class="dz-message" style="display: none"></div> <div class="dz-message" style="display: none"></div>
<input name="csrf_token" type="hidden" value="<%= csrf_token %>"> <input name="csrf_token" type="hidden" value="<%= csrf_token %>">
<div class="upload-Boundary <%= current_site.file_list.length <= 5 ? 'with-instruction' : '' %>"> <div class="upload-Boundary <%= @file_list.length <= 5 ? 'with-instruction' : '' %>">
<% current_site.file_list.each do |file| %> <% @file_list.each do |file| %>
<div class="file filehover"> <div class="file filehover">
<% if file.ext.match(Site::HTML_REGEX) && current_site.screenshot_exists?(file.filename, '105x63') %> <% if file[:is_html] && current_site.screenshot_exists?(file[:path], '105x63') %>
<div class="html-thumbnail html fileimagehover"> <div class="html-thumbnail html fileimagehover">
<img src="<%= current_site.screenshot_url(file.filename, '105x63') %>"> <img src="<%= current_site.screenshot_url(file[:path], '105x63') %>">
<div class="overlay"></div> <div class="overlay"></div>
</div> </div>
<% elsif file.ext.match(Site::IMAGE_REGEX) && current_site.thumbnail_exists?(file.filename, '105x63') %> <% elsif file[:is_image] && current_site.thumbnail_exists?(file[:path], '105x63') %>
<div class="html-thumbnail image fileimagehover"> <div class="html-thumbnail image fileimagehover">
<img src="<%= current_site.thumbnail_url(file.filename, '105x63') %>" style=""> <img src="<%= current_site.thumbnail_url(file[:path], '105x63') %>" style="">
<div class="overlay"></div> <div class="overlay"></div>
</div> </div>
<!-- if folder <% elsif file[:is_directory] %>
<div class="html-thumbnail folder fileimagehover"> <div class="html-thumbnail folder fileimagehover">
<div class="folder-icon"></div> <div class="folder-icon"></div>
<div class="overlay"></div> <div class="overlay"></div>
</div> </div>
-->
<% else %> <% else %>
<div class="html-thumbnail misc fileimagehover"> <div class="html-thumbnail misc fileimagehover">
<div class="misc-icon"><%= file.ext %></div> <div class="misc-icon"><%= file[:ext] %></div>
<div class="overlay"></div> <div class="overlay"></div>
</div> </div>
<% end %> <% end %>
<a class="title"> <a class="title">
<% if file.filename.length > 14 %> <% if file[:name].length > 15 %>
<%= file.filename.slice(0..14) %>&hellip; <%= file[:name].slice(0..14) %>&hellip;
<% else %> <% else %>
<%= file.filename %> <%= file[:name] %>
<% end %> <% end %>
</a> </a>
<div class="overlay"> <div class="overlay">
<% if file.ext.match(/html|htm|txt|js|css|md/) %> <% if file[:is_editable] %>
<a href="/site_files/text_editor/<%= file.filename %>"><i class="icon-edit" title="Edit"> Edit</i></a> <a href="/site_files/text_editor<%= file[:path] %>"><i class="icon-edit" title="Edit"> Edit</i></a>
<% end %> <% end %>
<% if file.filename != 'index.html' %> <% if file[:is_directory] %>
<a href="#" onclick="confirmFileDelete('<%= file.filename %>')"><i class="icon-trash" title="Delete"> Delete</i></a> <a href="?dir=<%= Rack::Utils.escape file[:path] %>"><i class="icon-edit" title="Manage"> Manage</i></a>
<% end %> <% end %>
<a class="link-overlay" href="http://<%= current_site.username %>.neocities.org/<%= file.filename %>" title="View <%= file.filename %>" target="_blank"></a> <% if !file[:is_root_index] %>
<a href="#" onclick="confirmFileDelete('<%= file[:path] %>')"><i class="icon-trash" title="Delete"> Delete</i></a>
<% end %>
<a class="link-overlay" href="http://<%= current_site.username %>.neocities.org<%= file[:path] %>" title="View <%= file[:path] %>" target="_blank"></a>
</div> </div>
</div> </div>
<% end %> <% end %>
@ -158,7 +169,7 @@
<h3 id="deleteConfirmModalLabel">Confirm deletion</h3> <h3 id="deleteConfirmModalLabel">Confirm deletion</h3>
</div> </div>
<div class="modal-body"> <div class="modal-body">
<p>You are about to delete the file <span id="deleteFileName"></span>. Are you sure?</p> <p>You are about to delete "<span id="deleteFileName"></span>". Are you sure?</p>
</div> </div>
<div class="modal-footer"> <div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true">Cancel</button> <button class="btn" data-dismiss="modal" aria-hidden="true">Cancel</button>
@ -174,9 +185,10 @@
</div> </div>
</main> </main>
<form id="uploadFilesButtonForm" method="POST" action="/site_files/upload" enctype=multipart/form-data style="display: none" onsubmit="showUploadProgress()"> <form id="uploadFilesButtonForm" method="POST" action="/site_files/upload" enctype="multipart/form-data" style="display: none" onsubmit="showUploadProgress()">
<input name="csrf_token" type="hidden" value="<%= csrf_token %>"> <input name="csrf_token" type="hidden" value="<%= csrf_token %>">
<input name="from_button" type="hidden" value="true"> <input name="from_button" type="hidden" value="true">
<input name="dir" type="hidden" value="<%= @dir %>">
<input id="uploadFiles" type="file" name="files[]" multiple onchange="$('#uploadFilesButtonForm').submit()"> <input id="uploadFiles" type="file" name="files[]" multiple onchange="$('#uploadFilesButtonForm').submit()">
</form> </form>
@ -231,3 +243,24 @@
} }
} }
</script> </script>
<div class="modal hide fade" id="createDir" tabindex="-1" role="dialog" aria-labelledby="createDirLabel" aria-hidden="true">
<form method="POST" action="/site/create_directory">
<input type="hidden" value="<%= csrf_token %>" name="csrf_token">
<input type="hidden" value="<%= @dir %>" name="dir">
<div class="modal-header">
<button class="close" type="button" data-dismiss="modal" aria-hidden="true">x</button>
<h3 id="createDirLabel">Create Folder</h3>
</div>
<div class="modal-body">
<p>
Folder name:
</p>
<input name="name" type="text" placeholder="images">
</div>
<div class="modal-footer">
<button type="submit" class="btn btn-Action">Create</button>
<button class="btn" data-dismiss="modal" aria-hidden="true">Cancel</button>
</div>
</form>
</div>