From 8a7c2f011064ef2a8f8cfb99f405fdb6ab2cc2f4 Mon Sep 17 00:00:00 2001
From: b3yond <b3yond@riseup.net>
Date: Fri, 16 Mar 2018 17:55:27 +0100
Subject: [PATCH] writing good/blacklist to db. Cookies don't work yet

---
 frontend/website.py    |  83 +++++++++++++++++---------
 static/bot.html        | 130 +++++++++++++++++++++--------------------
 static/js/functions.js |   7 +++
 3 files changed, 130 insertions(+), 90 deletions(-)

diff --git a/frontend/website.py b/frontend/website.py
index a58d4f2..e29a607 100644
--- a/frontend/website.py
+++ b/frontend/website.py
@@ -9,7 +9,7 @@ import pytoml as toml
 import jwt
 import pylibscrypt
 import smtplib
-from bottle_auth import AuthPlugin
+# from bottle_auth import AuthPlugin
 
 
 class Datagetter(object):
@@ -42,16 +42,16 @@ def login():
 
     :return: bot.py Session Cookie
     """
-    uname = bottle.request.forms.get('uname')
+    email = bottle.request.forms.get('uname')
     psw = bottle.request.forms.get('psw')
     psw = psw.encode("utf-8")
-    db.cur.execute("SELECT pass_hashed FROM user WHERE email=?;", (uname, ))
+    db.cur.execute("SELECT pass_hashed FROM user WHERE email=?;", (email, ))
     try:
         pass_hashed = db.cur.fetchone()[0]
     except TypeError:
         return "Wrong Credentials."  # no user with this email
     if pylibscrypt.scrypt_mcf_check(pass_hashed, psw):
-        bottle.response.set_cookie("account", uname, secret)
+        bottle.response.set_cookie("account", email, secret)
         return bottle.redirect("/settings")
     else:
         return "Wrong Credentials."  # passphrase is wrong
@@ -105,13 +105,20 @@ def confirm_account(encoded_jwt):
     payload = jwt.decode(encoded_jwt, secret)
     email = payload["email"]
     pass_hashed = base64.b64decode(payload["pass_hashed"])
-    print(email, pass_hashed)
 
     # create db entry
     db.cur.execute("INSERT INTO user(email, pass_hashed, enabled) VALUES(?, ?, ?);", (email, pass_hashed, 1))
+    # insert default good- & blacklist into db
+    with open(os.path.join(os.path.dirname(os.path.dirname(os.path.abspath(__file__))), "goodlists", "nbg_goodlist"),
+              "r") as f:
+        default_goodlist = f.read()
+    db.cur.execute("INSERT INTO trigger_good(user_id, words) VALUES(?, ?);", (get_user_id(email), default_goodlist))
+    with open(os.path.join(os.path.dirname(os.path.dirname(os.path.abspath(__file__))), "blacklists", "nbg_blacklist"),
+              "r") as f:
+        default_blacklist = f.read()
+    db.cur.execute("INSERT INTO trigger_bad(user_id, words) VALUES(?, ?);", (get_user_id(email), default_blacklist))
     db.conn.commit()
-    bottle.response.set_cookie("account", email, secret)
-    bottle.response.set_cookie("enabled", "True")
+    bottle.response.set_cookie("account", email, secret, path="/")
     return bottle.redirect("/settings")
 
 
@@ -119,23 +126,46 @@ def confirm_account(encoded_jwt):
 def manage_bot():
     """
     Restricted area. Deliver the bot settings page.
-    :return:
+    Deliver user settings with Cookies.
+    :return: If it returns something, it just refreshes the page.
     """
-    uname = bottle.request.get_cookie("account", secret=secret)
-    if uname is not None:
-        db.cur.execute("SELECT enabled FROM user WHERE email=?;", (uname,))
-        try:
-            enabled = db.cur.fetchone()[0]
-        except TypeError:
-            return "Wrong Credentials."  # no user with this email
+    email = bottle.request.get_cookie("account", secret=secret)
+    print(email)  # debug
+    if email is not None:
+        user_id = get_user_id(email)
+        # get Enable Status from db
+        db.cur.execute("SELECT enabled FROM user WHERE email = ?;", (email,))
+        enabled = db.cur.fetchone()[0]
         # Set Enable Status with a Cookie
         if enabled:
             bottle.response.set_cookie("enabled", "True")
         else:
             bottle.response.set_cookie("enabled", "False")
+
+        # Get goodlist from db
+        db.cur.execute("SELECT words FROM trigger_good WHERE user_id=?;", (user_id,))
+        words = db.cur.fetchone()[0]
+        # Deliver goodlist with a Cookie
+        print("setting goodlist cookies?")
+        bottle.response.set_cookie("goodlist", words, path="/settings")
+
+        # Get blacklist from db
+        db.cur.execute("SELECT words FROM trigger_bad WHERE user_id=?;", (user_id,))
+        words = db.cur.fetchone()[0]
+        # Deliver badlist with a Cookie
+        print("setting blacklist cookies?")
+        bottle.response.set_cookie("blacklist", words, path="/settings")
+
         return bottle.static_file("../static/bot.html", root='../static')
     else:
-        bottle.abort(401, "Sorry, access denied.")
+        bottle.abort(401, "Wrong username or passphrase. Try again!")
+
+
+def get_user_id(email):
+    # get user_id from email
+    db.cur.execute("SELECT id FROM user WHERE email = ?", (email, ))
+    return db.cur.fetchone()[0]
+
 
 @app.route('/settings/goodlist', method="POST")
 def update_goodlist():
@@ -146,12 +176,10 @@ def update_goodlist():
     """
     # get new goodlist
     words = bottle.request.forms.get("goodlist")
-    # get user.id
-    email = bottle.cookie_decode("account", secret)
-    db.cur.execute("SELECT id FROM user WHERE email = ?", (email, ))
-    user_id = db.cur.fetchone()
+    user_id = get_user_id(bottle.cookie_decode("account", secret))
     # write new goodlist to db
-    db.cur.execute("UPDATE trigger_good SET ? WHERE user.id = ?", (words, user_id, ))
+    db.cur.execute("UPDATE trigger_good SET words = ? WHERE user_id = ?;", (words, user_id, ))
+    db.conn.commit()
     return bottle.redirect("/settings")
 
 
@@ -164,12 +192,13 @@ def update_blacklist():
     """
     # get new blacklist
     words = bottle.request.forms.get("blacklist")
-    # get user.id
+    # get user_id
     email = bottle.cookie_decode("account", secret)
     db.cur.execute("SELECT id FROM user WHERE email = ?", (email, ))
     user_id = db.cur.fetchone()
     # write new goodlist to db
-    db.cur.execute("UPDATE trigger_bad SET ? WHERE user.id = ?", (words, user_id, ))
+    db.cur.execute("UPDATE trigger_bad SET words = ? WHERE user_id = ?;", (words, user_id, ))
+    db.conn.commit()
     return bottle.redirect("/settings")
 
 
@@ -272,10 +301,10 @@ if __name__ == "__main__":
     db = Datagetter()
     host = '0.0.0.0'
 
-    from bottle_auth.social import twitter as twitterplugin
-    callback_url = host + '/login/twitter/callback'
-    twitter = twitterplugin.Twitter(config['tapp']['consumer_key'], config['tapp']['consumer_secret'], callback_url)
-    bottle.install(AuthPlugin(twitter))
+    # from bottle_auth.social import twitter as twitterplugin
+    # callback_url = host + '/login/twitter/callback'
+    # twitter = twitterplugin.Twitter(config['tapp']['consumer_key'], config['tapp']['consumer_secret'], callback_url)
+    # bottle.install(AuthPlugin(twitter))
 
     try:
         bottle.run(app=StripPathMiddleware(app), host=host, port=8080)
diff --git a/static/bot.html b/static/bot.html
index 613ca52..ad2cf21 100644
--- a/static/bot.html
+++ b/static/bot.html
@@ -13,85 +13,89 @@
 
         <div id="enablebutton" style="float: right; padding: 2em;">asdf</div>
 
-        <a class='button' href="/login/twitter">
+        <a class='button' style="padding: 1.5em;" href="/login/twitter">
             <picture>
                 <source type='image/webp' sizes='20px' srcset="/static-cb/1517673283/twitter-20.webp 20w,/static-cb/1517673283/twitter-40.webp 40w,/static-cb/1517673283/twitter-80.webp 80w,"/>
                 <source type='image/png' sizes='20px' srcset="/static-cb/1517673283/twitter-20.png 20w,/static-cb/1517673283/twitter-40.png 40w,/static-cb/1517673283/twitter-80.png 80w,"/>
-                <img src="/static-cb/1517673283/twitter-20.png" alt="" />
+                <img src="https://codl.forget.fr/static-cb/1517673283/twitter-20.png" alt="" />
             </picture>
             Log in with Twitter
         </a>
 
-        <section>
+        <section style="padding: 1.5em;">
             <h2>Log in with Mastodon</h2>
-            <form action="/login/mastodon" method='post'>
-                <label>Mastodon instance:
-                    <input type='text' name='instance_url' list='instances' placeholder='social.example.net'/>
-                </label>
-                <datalist id='instances'>
-                    <option value=''>
-                    <option value='anticapitalist.party'>
-                    <option value='awoo.space'>
-                    <option value='cybre.space'>
-                    <option value='mastodon.social'>
-                    <option value='glitch.social'>
-                    <option value='botsin.space'>
-                    <option value='witches.town'>
-                    <option value='social.wxcafe.net'>
-                    <option value='monsterpit.net'>
-                    <option value='mastodon.xyz'>
-                    <option value='a.weirder.earth'>
-                    <option value='chitter.xyz'>
-                    <option value='sins.center'>
-                    <option value='dev.glitch.social'>
-                    <option value='computerfairi.es'>
-                    <option value='niu.moe'>
-                    <option value='icosahedron.website'>
-                    <option value='hostux.social'>
-                    <option value='hyenas.space'>
-                    <option value='instance.business'>
-                    <option value='mastodon.sdf.org'>
-                    <option value='pawoo.net'>
-                    <option value='pouet.it'>
-                    <option value='scalie.business'>
-                    <option value='sleeping.town'>
-                    <option value='social.koyu.space'>
-                    <option value='sunshinegardens.org'>
-                    <option value='vcity.network'>
-                    <option value='octodon.social'>
-                    <option value='soc.ialis.me'>
-                </datalist>
-                <input name='confirm' value='Log in' type='submit'/>
-            </form>
+            <p>
+                <form action="/login/mastodon" method='post'>
+                    <label>Mastodon instance:
+                        <input type='text' name='instance_url' list='instances' placeholder='social.example.net'/>
+                    </label>
+                    <datalist id='instances'>
+                        <option value=''>
+                        <option value='anticapitalist.party'>
+                        <option value='awoo.space'>
+                        <option value='cybre.space'>
+                        <option value='mastodon.social'>
+                        <option value='glitch.social'>
+                        <option value='botsin.space'>
+                        <option value='witches.town'>
+                        <option value='social.wxcafe.net'>
+                        <option value='monsterpit.net'>
+                        <option value='mastodon.xyz'>
+                        <option value='a.weirder.earth'>
+                        <option value='chitter.xyz'>
+                        <option value='sins.center'>
+                        <option value='dev.glitch.social'>
+                        <option value='computerfairi.es'>
+                        <option value='niu.moe'>
+                        <option value='icosahedron.website'>
+                        <option value='hostux.social'>
+                        <option value='hyenas.space'>
+                        <option value='instance.business'>
+                        <option value='mastodon.sdf.org'>
+                        <option value='pawoo.net'>
+                        <option value='pouet.it'>
+                        <option value='scalie.business'>
+                        <option value='sleeping.town'>
+                        <option value='social.koyu.space'>
+                        <option value='sunshinegardens.org'>
+                        <option value='vcity.network'>
+                        <option value='octodon.social'>
+                        <option value='soc.ialis.me'>
+                    </datalist>
+                    <input name='confirm' value='Log in' type='submit'/>
+                </form>
+            </p>
         </section>
 
         <!-- offer mailing list creation button -->
 
-        <!-- good list entry field -->
-        <p>
-            Those words have to be contained in a report.
-            If none of these expressions is in the report, it will be ignored by the bot.
-            You can use the defaults, or enter some expressions specific to your city and language.
-        </p>
-        <form action="/settings/goodlist" method="post">
-            <textarea name="goodlist" wrap="physical">
+        <div style="float: left; padding: 1.5em;">
+            <!-- good list entry field -->
+            <p>
+                These words have to be contained in a report.
+                If none of these expressions is in the report, it will be ignored by the bot.
+                You can use the defaults, or enter some expressions specific to your city and language.
+            </p>
+            <form action="/settings/goodlist" method="post">
                 <!-- find a way to display current good list. js which reads from a cookie? template? -->
-            </textarea>
-            <button type="submit">Submit trigger words</button>
-        </form>
+                <textarea id="goodlist" rows="8" cols="70" name="goodlist" wrap="physical"></textarea>
+                <input name='confirm' value='Submit' type='submit'/>
+            </form>
+        </div>
 
         <!-- blacklist entry field -->
-        <p>
-            Those words are not allowed in reports.
-            If you encounter spam, you can add more here - the bot will ignore reports which use such words.
-            <!-- There are words which you can't exclude from the blacklist, e.g. certain racist, sexist, or antisemitic slurs. (to be implemented) -->
-        </p>
-        <form action="/settings/blacklist" method="post">
-            <textarea name="blacklist" wrap="physical">
+        <div style="float:right; padding: 1.5em;">
+            <p>
+                These words are not allowed in reports.
+                If you encounter spam, 40you can add more here - the bot will ignore reports which use such words.
+                <!-- There are words which you can't exclude from the blacklist, e.g. certain racist, sexist, or antisemitic slurs. (to be implemented) -->
+            </p>
+            <form action="/settings/blacklist" method="post">
                 <!-- find a way to display current blacklist. js which reads from a cookie? template? -->
-            </textarea>
-            <button type="submit">Submit blacklist</button>
-        </form>
+                <textarea id="blacklist" rows="8" cols="70" name="blacklist" wrap="physical"></textarea>
+                <input name='confirm' value='Submit' type='submit'/>
+            </form>
+        </div>
 
         <script src="/static/js/functions.js"></script>
 
diff --git a/static/js/functions.js b/static/js/functions.js
index 8e16897..2eb45a3 100644
--- a/static/js/functions.js
+++ b/static/js/functions.js
@@ -26,3 +26,10 @@ function getCookie(cname) {
 }
 
 document.getElementById("enablebutton").innerHTML = enableButton();
+
+// document.getElementById("goodlist").innerHTML = getCookie("goodlist");
+
+alert(getCookie("goodlist"))
+alert(getCookie("blacklist"))
+
+// document.getElementById("blacklist").innerHTML = getCookie("blacklist");
\ No newline at end of file