Merge remote-tracking branch 'refs/remotes/origin/dev' into xhr-torrent-refresh

2017-05-30 14:19:13 +02:00 · 2017-05-30 14:19:13 +02:00 · b5476c7d66
Parent b0cf17c77c e3c8e6a3b1
--- a/common/torrent.go
+++ b/common/torrent.go
@ -118,7 +118,14 @@ func (p *TorrentParam) ToFilterQuery() string {
 	}

 	if p.Status != ShowAll {
-		query += " status:" + p.Status.ToString()
+		if p.Status != FilterRemakes {
+			query += " status:" + p.Status.ToString()
+		} else {
+			/* From the old nyaa behavior, FilterRemake means everything BUT
+			 * remakes
+			 */
+			query += " !status:" + p.Status.ToString()
+		}
 	}

 	if p.FromID != 0 {
--- a/main.go
+++ b/main.go
@ -21,7 +21,6 @@ import (
 	"github.com/NyaaPantsu/nyaa/util/publicSettings"
 	"github.com/NyaaPantsu/nyaa/util/search"
 	"github.com/NyaaPantsu/nyaa/util/signals"
-	"github.com/gorilla/csrf"
 )

 // RunServer runs webapp mainloop
@ -31,12 +30,8 @@ func RunServer(conf *config.Config) {
 	// TODO Use config from cli
 	os.Mkdir(router.GPGPublicKeyPath, 700)

-	// Please make EnableSecureCSRF to false when testing locally
-	if config.EnableSecureCSRF {
-		http.Handle("/", csrf.Protect(config.CSRFTokenHashKey)(router.Router))
-	} else {
-		http.Handle("/", csrf.Protect(config.CSRFTokenHashKey, csrf.Secure(false))(router.Router))
-	}
+	http.Handle("/", router.Router)
+
 	// Set up server,
 	srv := &http.Server{
 		WriteTimeout: 30 * time.Second,
--- a/router/router.go
+++ b/router/router.go
@ -3,7 +3,9 @@ package router
 import (
 	"net/http"

+	"github.com/NyaaPantsu/nyaa/config"
 	"github.com/NyaaPantsu/nyaa/service/captcha"
+	"github.com/gorilla/csrf"
 	"github.com/gorilla/handlers"
 	"github.com/gorilla/mux"
 )
@ -42,48 +44,74 @@ func init() {
 	http.Handle("/img/", http.StripPrefix("/img/", imgHandler))
 	http.Handle("/dbdumps/", http.StripPrefix("/dbdumps/", wrapHandler(gzipDumpsHandler)))
 	http.Handle("/gpg/", http.StripPrefix("/gpg/", wrapHandler(gzipGpgKeyHandler)))
+
+	// We don't need CSRF here
 	Router.Handle("/", gzipHomeHandler).Name("home")
 	Router.Handle("/page/{page:[0-9]+}", wrapHandler(gzipHomeHandler)).Name("home_page")
 	Router.HandleFunc("/search", SearchHandler).Name("search")
 	Router.HandleFunc("/search/{page}", SearchHandler).Name("search_page")
-	Router.Handle("/api", wrapHandler(gzipAPIHandler)).Methods("GET")
-	Router.Handle("/api/{page:[0-9]*}", wrapHandler(gzipAPIHandler)).Methods("GET")
-	Router.Handle("/api/view/{id}", wrapHandler(gzipAPIViewHandler)).Methods("GET")
-	Router.HandleFunc("/api/view/{id}", APIViewHeadHandler).Methods("HEAD")
-	Router.HandleFunc("/api/upload", APIUploadHandler).Methods("POST")
-	Router.HandleFunc("/api/search", APISearchHandler)
-	Router.HandleFunc("/api/search/{page}", APISearchHandler)
-	Router.HandleFunc("/api/update", APIUpdateHandler).Methods("PUT")
+	Router.HandleFunc("/verify/email/{token}", UserVerifyEmailHandler).Name("user_verify").Methods("GET")
 	Router.HandleFunc("/faq", FaqHandler).Name("faq")
 	Router.HandleFunc("/feed", RSSHandler).Name("feed")
 	Router.HandleFunc("/feed/{page}", RSSHandler).Name("feed_page")
-	Router.Handle("/view/{id}", wrapHandler(gzipViewHandler)).Methods("GET").Name("view_torrent")
-	Router.HandleFunc("/view/{id}", ViewHeadHandler).Methods("HEAD")
-	Router.HandleFunc("/view/{id}", PostCommentHandler).Methods("POST").Name("post_comment")
-	Router.HandleFunc("/torrent/", TorrentEditUserPanel).Methods("GET").Name("user_torrent_edit")
-	Router.HandleFunc("/torrent/", TorrentPostEditUserPanel).Methods("POST").Name("user_torrent_edit")
-	Router.HandleFunc("/torrent/delete", TorrentDeleteUserPanel).Methods("GET").Name("user_torrent_delete")
-	Router.HandleFunc("/upload", UploadHandler).Name("upload")
-	Router.HandleFunc("/user/register", UserRegisterFormHandler).Name("user_register").Methods("GET")
-	Router.HandleFunc("/user/login", UserLoginFormHandler).Name("user_login").Methods("GET")
-	Router.HandleFunc("/verify/email/{token}", UserVerifyEmailHandler).Name("user_verify").Methods("GET")
-	Router.HandleFunc("/user/register", UserRegisterPostHandler).Name("user_register").Methods("POST")
-	Router.HandleFunc("/user/login", UserLoginPostHandler).Name("user_login").Methods("POST")
-	Router.HandleFunc("/user/logout", UserLogoutHandler).Name("user_logout")
-	Router.Handle("/user/{id}/{username}", wrapHandler(gzipUserProfileHandler)).Name("user_profile").Methods("GET")
-	Router.HandleFunc("/user/{id}/{username}/follow", UserFollowHandler).Name("user_follow").Methods("GET")
-	Router.Handle("/user/{id}/{username}/edit", wrapHandler(gzipUserDetailsHandler)).Name("user_profile_details").Methods("GET")
-	Router.Handle("/user/{id}/{username}/edit", wrapHandler(gzipUserProfileFormHandler)).Name("user_profile_edit").Methods("POST")
-	Router.Handle("/user/{id}/{username}/apireset", wrapHandler(gzipUserAPIKeyResetHandler)).Name("user_profile_apireset").Methods("GET")
-	Router.Handle("/user/notifications", wrapHandler(gzipUserNotificationsHandler)).Name("user_notifications")
-	Router.HandleFunc("/user/{id}/{username}/feed", RSSHandler).Name("feed_user")
-	Router.HandleFunc("/user/{id}/{username}/feed/{page}", RSSHandler).Name("feed_user_page")

 	// !!! This line need to have the same download location as the one define in config.TorrentStorageLink !!!
 	Router.Handle("/download/{hash}", wrapHandler(downloadTorrentHandler)).Name("torrent_download")

+	// For now, no CSRF protection here, as API is not usable for uploads
+	Router.HandleFunc("/upload", UploadHandler).Name("upload")
+	Router.HandleFunc("/user/login", UserLoginPostHandler).Name("user_login").Methods("POST")
+
+	torrentViewRoutes := Router.PathPrefix("/view").Subrouter()
+	torrentViewRoutes.Handle("/{id}", wrapHandler(gzipViewHandler)).Methods("GET").Name("view_torrent")
+	torrentViewRoutes.HandleFunc("/{id}", ViewHeadHandler).Methods("HEAD")
+	torrentViewRoutes.HandleFunc("/{id}", PostCommentHandler).Methods("POST").Name("post_comment")
+
+	torrentRoutes := Router.PathPrefix("/torrent").Subrouter()
+	torrentRoutes.HandleFunc("/", TorrentEditUserPanel).Methods("GET").Name("user_torrent_edit")
+	torrentRoutes.HandleFunc("/", TorrentPostEditUserPanel).Methods("POST").Name("user_torrent_edit")
+	torrentRoutes.HandleFunc("/delete", TorrentDeleteUserPanel).Methods("GET").Name("user_torrent_delete")
+
+	userRoutes := Router.PathPrefix("/user").Subrouter()
+	userRoutes.HandleFunc("/register", UserRegisterFormHandler).Name("user_register").Methods("GET")
+	userRoutes.HandleFunc("/login", UserLoginFormHandler).Name("user_login").Methods("GET")
+	userRoutes.HandleFunc("/register", UserRegisterPostHandler).Name("user_register").Methods("POST")
+	userRoutes.HandleFunc("/logout", UserLogoutHandler).Name("user_logout")
+	userRoutes.Handle("/{id}/{username}", wrapHandler(gzipUserProfileHandler)).Name("user_profile").Methods("GET")
+	userRoutes.HandleFunc("/{id}/{username}/follow", UserFollowHandler).Name("user_follow").Methods("GET")
+	userRoutes.Handle("/{id}/{username}/edit", wrapHandler(gzipUserDetailsHandler)).Name("user_profile_details").Methods("GET")
+	userRoutes.Handle("/{id}/{username}/edit", wrapHandler(gzipUserProfileFormHandler)).Name("user_profile_edit").Methods("POST")
+	userRoutes.Handle("/{id}/{username}/apireset", wrapHandler(gzipUserAPIKeyResetHandler)).Name("user_profile_apireset").Methods("GET")
+	userRoutes.Handle("/notifications", wrapHandler(gzipUserNotificationsHandler)).Name("user_notifications")
+	userRoutes.HandleFunc("/{id}/{username}/feed", RSSHandler).Name("feed_user")
+	userRoutes.HandleFunc("/{id}/{username}/feed/{page}", RSSHandler).Name("feed_user_page")
+
+	// Please make EnableSecureCSRF to false when testing locally
+	if config.EnableSecureCSRF {
+		userRoutes.Handle("/", csrf.Protect(config.CSRFTokenHashKey)(userRoutes))
+		torrentRoutes.Handle("/", csrf.Protect(config.CSRFTokenHashKey)(torrentRoutes))
+		torrentViewRoutes.Handle("/", csrf.Protect(config.CSRFTokenHashKey)(torrentViewRoutes))
+	} else {
+		userRoutes.Handle("/", csrf.Protect(config.CSRFTokenHashKey, csrf.Secure(false))(userRoutes))
+		torrentRoutes.Handle("/", csrf.Protect(config.CSRFTokenHashKey, csrf.Secure(false))(torrentRoutes))
+		torrentViewRoutes.Handle("/", csrf.Protect(config.CSRFTokenHashKey, csrf.Secure(false))(torrentViewRoutes))
+	}
+
+	// We don't need CSRF here
+	api := Router.PathPrefix("/api").Subrouter()
+	api.Handle("", wrapHandler(gzipAPIHandler)).Methods("GET")
+	api.Handle("/", wrapHandler(gzipAPIHandler)).Methods("GET")
+	api.Handle("/{page:[0-9]*}", wrapHandler(gzipAPIHandler)).Methods("GET")
+	api.Handle("/view/{id}", wrapHandler(gzipAPIViewHandler)).Methods("GET")
+	api.HandleFunc("/view/{id}", APIViewHeadHandler).Methods("HEAD")
+	api.HandleFunc("/upload", APIUploadHandler).Methods("POST")
+	api.HandleFunc("/search", APISearchHandler)
+	api.HandleFunc("/search/{page}", APISearchHandler)
+	api.HandleFunc("/update", APIUpdateHandler).Methods("PUT")
+
 	// INFO Everything under /mod should be wrapped by wrapModHandler. This make
 	// sure the page is only accessible by moderators
+	// We don't need CSRF here
 	// TODO Find a native mux way to add a 'prehook' for route /mod
 	Router.HandleFunc("/mod", wrapModHandler(IndexModPanel)).Name("mod_index")
 	Router.HandleFunc("/mod/torrents", wrapModHandler(TorrentsListPanel)).Name("mod_tlist").Methods("GET")
@ -109,7 +137,9 @@ func init() {
 	Router.HandleFunc("/mod/comment/delete", wrapModHandler(CommentDeleteModPanel)).Name("mod_cdelete")
 	Router.HandleFunc("/mod/reassign", wrapModHandler(TorrentReassignModPanel)).Name("mod_treassign").Methods("GET")
 	Router.HandleFunc("/mod/reassign", wrapModHandler(TorrentPostReassignModPanel)).Name("mod_treassign").Methods("POST")
-	Router.HandleFunc("/mod/api/torrents", wrapModHandler(APIMassMod)).Name("mod_tapi").Methods("POST")
+
+	apiMod := Router.PathPrefix("/mod/api").Subrouter()
+	apiMod.HandleFunc("/torrents", wrapModHandler(APIMassMod)).Name("mod_tapi").Methods("POST")

 	//reporting a torrent
 	Router.HandleFunc("/report/{id}", ReportTorrentHandler).Methods("POST").Name("torrent_report")
--- a/service/user/cookie_helper.go
+++ b/service/user/cookie_helper.go
@ -22,6 +22,10 @@ const (
 	CookieName = "session"
 	// UserContextKey : key for user context
 	UserContextKey = "nyaapantsu.user"
+	// Domain name : The host domain so these can be shared across sukebei and nyaa
+	DomainName = "pantsu.cat"
+
+
 )

 // If you want to keep login cookies between restarts you need to make these permanent
@ -58,6 +62,7 @@ func EncodeCookie(userID uint) (string, error) {
 func ClearCookie(w http.ResponseWriter) (int, error) {
 	cookie := &http.Cookie{
 		Name:     CookieName,
+		Domain:   DomainName,
 		Value:    "",
 		Path:     "/",
 		HttpOnly: true,
@ -100,6 +105,7 @@ func SetCookieHandler(w http.ResponseWriter, r *http.Request, email string, pass
 	}
 	cookie := &http.Cookie{
 		Name:     CookieName,
+		Domain:   DomainName,
 		Value:    encoded,
 		Path:     "/",
 		HttpOnly: true,
--- a/templates/view.html
+++ b/templates/view.html
@ -88,6 +88,10 @@
  </script>
  <a onclick="reportPopup();" class="form-input">{{ call $.T "report_btn" }}</a>
  {{end}}
+    {{ if HasAdmin $.User}}
+    <a href="{{ genRoute "mod_tdelete" }}?id={{ .ID }}" class="form-input" onclick="if (!confirm('{{ call $.T "are_you_sure" }}')) return false;">Delete</a>
+    <a href="{{ genRoute "mod_tedit" }}?id={{ .ID }}" class="form-input">Edit</a>
+    {{end}}
  </div>
  <p class="torrent-hr">{{call $.T "description"}}</p>
  {{ if ne .Description ""}}
--- a/translations/pt-br.all.json
+++ b/translations/pt-br.all.json
@ -543,6 +543,10 @@
    "id": "description",
    "translation": "Descrição"
  },
+  {
+    "id": "no_description",
+    "translation": "Nenhuma descrição foi fornecida!"
+  },
  {
    "id": "comments",
    "translation": "Comentários"
@ -690,8 +694,12 @@
  {    
    "id": "files",
    "translation": "Arquivos"  
-  },  
-  {    
+  },
+  {
+    "id": "no_files",
+    "translation": "Nenhum arquivo encontrado? Isto sequer faz sentido!"
+  },
+  {
    "id": "filename",
    "translation": "Nome do arquivo"
  },
@ -838,5 +846,145 @@
  {    
    "id": "new_comment_on_torrent",    
    "translation": "Novo comentário no torrent: \"%s\""
+  },
+  {
+    "id": "no_action_selected",
+    "translation": "Você deve dizer o que quer fazer com a seleção!"
+  },
+  {
+    "id": "no_move_location_selected",
+    "translation": "Tu deves dizer para onde mover a seleção!"
+  },
+  {
+    "id": "select_one_element",
+    "translation": "Você precisa selecionar algum elemento!"
+  },
+  {
+    "id": "torrent_moved",
+    "translation": "Torrent %s movido!"
+  },
+  {
+    "id": "no_status_exist",
+    "translation": "O status %d não existe!"
+  },
+  {
+    "id": "torrent_deleted",
+    "translation": "Torrent %s excluído!"
+  },
+  {
+    "id": "no_action_exist",
+    "translation": "A ação %s não existe!"
+  },
+  {
+    "id": "torrent_not_exist",
+    "translation": "O torrent de ID %s não existe!"
+  },
+  {
+    "id": "something_went_wrong",
+    "translation": "Algo deu errado"
+  },
+  {
+    "id": "nb_torrents_updated",
+    "translation": "%d torrents atualizados."
+  },
+  {
+    "id": "torrent_updated",
+    "translation": "As informações do torrent foram atualizadas."
+  },
+  {
+    "id": "fail_torrent_update",
+    "translation": "Falha ao atualizar o torrent!"
+  },
+  {
+    "id": "bad_captcha",
+    "translation": "Captcha incorreto!"
+  },
+  {
+    "id": "comment_empty",
+    "translation": "Comentário vazio!"
+  },
+  {
+    "id": "no_owner_selected",
+    "translation": "Você deve informar o novo dono do torrent!"
+  },
+  {
+    "id": "no_category_selected",
+    "translation": "Nenhuma categoria selecionada!"
+  },
+  {
+    "id": "no_user_found_id",
+    "translation": "O usuário de ID %d não está na database!"
+  },
+  {
+    "id": "invalid_torrent_category",
+    "translation": "Esta categoria de torrents não existe!"
+  },
+  {
+    "id": "torrent_owner_changed",
+    "translation": "O dono do torrent \"%s\" foi alterado com sucesso!"
+  },
+  {
+    "id": "torrent_category_changed",
+    "translation": "A categoria do torrent \"%s\" foi alterada com sucesso!"
+  },
+  {
+    "id": "torrent_reports_deleted",
+    "translation": "As denúncias do torrent \"%s\" foram excluídas!"
+  },
+  {
+    "id": "edit",
+    "translation": "Editar"
+  },
+  {
+    "id": "delete_definitely_torrent_warning",
+    "translation": "Você não poderá recuperar este arquivo, nem impedir alguém de enviá-lo novamente."
+  },
+  {
+    "id": "delete_definitely",
+    "translation": "Excluir definitivamente"
+  },
+  {
+    "id": "torrent_unblock",
+    "translation": "Desbloquear"
+  },
+  {
+    "id": "torrent_block",
+    "translation": "Bloquear"
+  },
+  {
+    "id": "torrent_deleted_definitely",
+    "translation": "O torrent foi excluído do banco de dados!"
+  },
+  {
+    "id": "torrent_unblocked",
+    "translation": "O torrent foi desbloqueado!"
+  },
+  {
+    "id": "torrent_blocked",
+    "translation": "O torrent foi bloqueado!"
+  },
+  {
+    "id": "torrent_nav_notdeleted",
+    "translation": "Os torrents não foram deletados"
+  },
+  {
+    "id": "torrent_nav_deleted",
+    "translation": "Torrents deletados"
+  },
+  {
+    "id": "theme",
+    "translation": "Tema"
+  },
+  {
+    "id": "theme_select",
+    "translation": "Selecione um tema"
+  },
+  {
+    "id": "theme_none",
+    "translation": "Nenhum"
+  },
+  {
+    "id": "mark_as_hidden",
+    "translation": "Marcar como oculto"
  }
 ]