diff --git a/.gitignore b/.gitignore index b783f8b..fde1ef4 100644 --- a/.gitignore +++ b/.gitignore @@ -108,3 +108,6 @@ venv.bak/ # Databases *.db + +# Configuration files +config.yml diff --git a/LICENSE b/LICENSE index 46908db..77ba444 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,4 @@ -Copyright 2019 Steven Spangler +Copyright 2019 Steven Spangler, Kevin Alberts, I.C.T.S.V. Inter-Actief Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: diff --git a/config.default.yml b/config.default.yml new file mode 100644 index 0000000..c2acbff --- /dev/null +++ b/config.default.yml @@ -0,0 +1,69 @@ +# String: Username to make admin API requests +# Default: 'admin' +admin_username: 'admin' + +# String: Plaintext password to make admin API requests +# Safe to remove if admin_hashed_password is set +# Default: unset +#admin_password: + +# String: Hashed password (bcrypt) to make admin API requests - Preferred over plaintext, use securepass.sh to generate +# Please note that authentication takes noticeably longer than using plaintext password +# Don't include the : segment, just the hash +# Default: unset (required to start application) +admin_hashed_password: '' + +# Boolean: Disables API. If set to true, admin_password/admin_hashed_password do not need to be set. +# Default: false +disable_api: false + +# String: Secret key used for cookies (used for storage of messages) +# This should be a 12-16 character randomized string with letters, numbers, and symbols +# Default: unset (required to start application) +secret_key: '' + +# String: Filename of the URL database without extension +# Default: 'urls' +database_name: 'urls' + +# Integer: Length of random short URLs by default +# Default: 4 +random_length: 5 + +# String: Allowed URL characters +# Default: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_ +allowed_chars: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_©®‍‼⁉⃣™ℹ↔↕↖↗↘↙↩↪⌚⌛⌨⏏⏩⏪⏫⏬⏭⏮⏯⏰⏱⏲⏳⏸⏹⏺Ⓜ▪▫▶◀◻◼◽◾☀☁☂☃☄☎☑☔☕☘☝☠☢☣☦☪☮☯☸☹☺♀♂♈♉♊♋♌♍♎♏♐♑♒♓♟♠♣♥♦♨♻♾♿⚒⚓⚔⚕⚖⚗⚙⚛⚜⚠⚡⚪⚫⚰⚱⚽⚾⛄⛅⛈⛎⛏⛑⛓⛔⛩⛪⛰⛱⛲⛳⛴⛵⛷⛸⛹⛺⛽✂✅✈✉✊✋✌✍✏✒✔✖✝✡✨✳✴❄❇❌❎❓❔❕❗❣❤➕➖➗➡➰➿⤴⤵⬅⬆⬇⬛⬜⭐⭕〰〽㊗㊙️🀄🃏🅰🅱🅾🅿🆎🆑🆒🆓🆔🆕🆖🆗🆘🆙🆚🇦🇧🇨🇩🇪🇫🇬🇭🇮🇯🇰🇱🇲🇳🇴🇵🇶🇷🇸🇹🇺🇻🇼🇽🇾🇿🈁🈂🈚🈯🈲🈳🈴🈵🈶🈷🈸🈹🈺🉐🉑🌀🌁🌂🌃🌄🌅🌆🌇🌈🌉🌊🌋🌌🌍🌎🌏🌐🌑🌒🌓🌔🌕🌖🌗🌘🌙🌚🌛🌜🌝🌞🌟🌠🌡🌤🌥🌦🌧🌨🌩🌪🌫🌬🌭🌮🌯🌰🌱🌲🌳🌴🌵🌶🌷🌸🌹🌺🌻🌼🌽🌾🌿🍀🍁🍂🍃🍄🍅🍆🍇🍈🍉🍊🍋🍌🍍🍎🍏🍐🍑🍒🍓🍔🍕🍖🍗🍘🍙🍚🍛🍜🍝🍞🍟🍠🍡🍢🍣🍤🍥🍦🍧🍨🍩🍪🍫🍬🍭🍮🍯🍰🍱🍲🍳🍴🍵🍶🍷🍸🍹🍺🍻🍼🍽🍾🍿🎀🎁🎂🎄🎅🎆🎇🎈🎉🎊🎋🎌🎍🎎🎏🎐🎑🎒🎓🎖🎗🎙🎚🎛🎞🎟🎠🎡🎢🎣🎤🎥🎦🎧🎨🎩🎪🎫🎬🎭🎮🎯🎰🎱🎲🎳🎴🎵🎶🎷🎸🎹🎺🎻🎼🎽🎾🎿🏀🏁🏂🏃🏄🏅🏆🏇🏈🏉🏊🏋🏌🏍🏎🏏🏐🏑🏒🏓🏔🏕🏖🏗🏘🏙🏚🏛🏜🏝🏞🏟🏠🏡🏢🏣🏤🏥🏦🏧🏨🏩🏪🏫🏬🏭🏮🏯🏰🏳🏴🏵🏷🏸🏹🏺🏻🏼🏽🏾🏿🐀🐁🐂🐃🐄🐅🐆🐇🐈🐉🐊🐋🐌🐍🐎🐏🐐🐑🐒🐓🐔🐕🐖🐗🐘🐙🐚🐛🐜🐝🐞🐟🐠🐡🐢🐣🐤🐥🐦🐧🐨🐩🐪🐫🐬🐭🐮🐯🐰🐱🐲🐳🐴🐵🐶🐷🐸🐹🐺🐻🐼🐽🐾🐿👀👁👂👃👄👅👆👇👈👉👊👋👌👍👎👏👐👑👒👓👔👕👖👗👘👙👚👛👜👝👞👟👠👡👢👣👤👥👦👧👨👩👪👫👬👭👮👯👰👱👲👳👴👵👶👷👸👹👺👻👼👽👿💀💁💂💃💄💅💆💇💈💉💊💋💌💍💎💏💐💑💒💓💔💕💖💗💘💙💚💛💜💝💞💟💠💡💢💣💤💥💦💧💨💩💪💫💬💭💮💯💰💱💲💳💴💵💶💷💸💹💺💻💼💽💾💿📀📁📂📃📄📅📆📇📈📉📊📋📌📍📎📏📐📑📒📓📔📕📖📗📘📙📚📛📜📝📞📟📠📡📢📣📤📥📦📧📨📩📪📫📬📭📮📯📰📱📲📳📴📵📶📷📸📹📺📻📼📽📿🔀🔁🔂🔃🔄🔅🔆🔇🔈🔉🔊🔋🔌🔍🔎🔏🔐🔑🔒🔓🔔🔕🔖🔗🔘🔙🔚🔛🔜🔝🔞🔟🔠🔡🔢🔣🔤🔥🔦🔧🔨🔩🔪🔫🔬🔭🔮🔯🔰🔱🔲🔳🔴🔵🔶🔷🔸🔹🔺🔻🔼🔽🕉🕊🕋🕌🕍🕎🕐🕑🕒🕓🕔🕕🕖🕗🕘🕙🕚🕛🕜🕝🕞🕟🕠🕡🕢🕣🕤🕥🕦🕧🕯🕰🕳🕴🕵🕶🕷🕸🕹🕺🖇🖊🖋🖌🖍🖐🖕🖖🖤🖥🖨🖱🖲🖼🗂🗃🗄🗑🗒🗓🗜🗝🗞🗡🗣🗨🗯🗳🗺🗻🗼🗽🗾🗿😀😁😂😃😄😅😆😇😈😉😊😋😌😍😎😏😐😑😒😓😔😕😖😗😘😙😚😛😜😝😞😟😠😡😢😣😤😥😦😧😨😩😪😫😬😭😮😯😰😱😲😳😴😵😶😷😸😹😺😻😼😽😾😿🙀🙁🙂🙃🙄🙅🙆🙇🙈🙉🙊🙋🙌🙍🙎🙏🚀🚁🚂🚃🚄🚅🚆🚇🚈🚉🚊🚋🚌🚍🚎🚏🚐🚑🚒🚓🚔🚕🚖🚗🚘🚙🚚🚛🚜🚝🚞🚟🚠🚡🚢🚣🚤🚥🚦🚧🚨🚩🚪🚫🚬🚭🚮🚯🚰🚱🚲🚳🚴🚵🚶🚷🚸🚹🚺🚻🚼🚽🚾🚿🛀🛁🛂🛃🛄🛅🛋🛌🛍🛎🛏🛐🛑🛒🛠🛡🛢🛣🛤🛥🛩🛫🛬🛰🛳🛴🛵🛶🛷🛸🛹🤐🤑🤒🤓🤔🤕🤖🤗🤘🤙🤚🤛🤜🤝🤞🤟🤠🤡🤢🤣🤤🤥🤦🤧🤨🤩🤪🤫🤬🤭🤮🤯🤰🤱🤲🤳🤴🤵🤶🤷🤸🤹🤺🤼🤽🤾🥀🥁🥂🥃🥄🥅🥇🥈🥉🥊🥋🥌🥍🥎🥏🥐🥑🥒🥓🥔🥕🥖🥗🥘🥙🥚🥛🥜🥝🥞🥟🥠🥡🥢🥣🥤🥥🥦🥧🥨🥩🥪🥫🥬🥭🥮🥯🥰🥳🥴🥵🥶🥺🥼🥽🥾🥿🦀🦁🦂🦃🦄🦅🦆🦇🦈🦉🦊🦋🦌🦍🦎🦏🦐🦑🦒🦓🦔🦕🦖🦗🦘🦙🦚🦛🦜🦝🦞🦟🦠🦡🦢🦰🦱🦲🦳🦴🦵🦶🦷🦸🦹🧀🧁🧂🧐🧑🧒🧓🧔🧕🧖🧗🧘🧙🧚🧛🧜🧝🧞🧟🧠🧡🧢🧣🧤🧥🧦🧧🧨🧩🧪🧫🧬🧭🧮🧯🧰🧱🧲🧳🧴🧵🧶🧷🧸🧹🧺🧻🧼🧽🧾🧿󠁢󠁣󠁥󠁧󠁬󠁮󠁳󠁴󠁷󠁿' + + +# Amount of time in seconds to spend generating random short URLs until timeout +# Default: 5 +random_gen_timeout: 5 + +# String: Name shown on tab while on site and on page header +# Default: 'liteshort' +site_name: 'I.C.T.S.V. Inter-/Actief/ URL Shortener' + +# String: Domain where the shortlinks will be served from. Useful if using the web interface on a subdomain. +# If not set, it is automatically taken from the URL the shorten request is sent to. +# If you don't know, leave unset +# Default: unset +site_domain: + +# String: Subdomain to host the web interface on. +# Useful if you want the shorturls on the short domain but the web interface on a subdomain. +# If you don't know, leave unset +# Default: unset +subdomain: + +# String: URL which takes you to the most recent short URL's destination +# Short URLs cannot be created with this string if set +# Default: l +latest: 'l' + +# Boolean: Show link to project repository on GitHub at bottom right corner of page +# Default: true +show_github_link: false + +# Integer: How many items to show per page in the admin interface +# Default: 20 +admin_links_per_page: 20 diff --git a/config.yml b/config.yml deleted file mode 100644 index bc83ccd..0000000 --- a/config.yml +++ /dev/null @@ -1,65 +0,0 @@ -# String: Username to make admin API requests -# Default: 'admin' -admin_username: 'admin' - -# String: Plaintext password to make admin API requests -# Safe to remove if admin_hashed_password is set -# Default: unset -#admin_password: - -# String: Hashed password (bcrypt) to make admin API requests - Preferred over plaintext, use securepass.sh to generate -# Please note that authentication takes noticeably longer than using plaintext password -# Don't include the : segment, just the hash -# Default: unset (required to start application) -admin_hashed_password: - -# Boolean: Disables API. If set to true, admin_password/admin_hashed_password do not need to be set. -# Default: false -disable_api: false - -# String: Secret key used for cookies (used for storage of messages) -# This should be a 12-16 character randomized string with letters, numbers, and symbols -# Default: unset (required to start application) -secret_key: - -# String: Filename of the URL database without extension -# Default: 'urls' -database_name: 'urls' - -# Integer: Length of random short URLs by default -# Default: 4 -random_length: 4 - -# String: Allowed URL characters -# Default: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_ -allowed_chars: 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_' - -# Amount of time in seconds to spend generating random short URLs until timeout -# Default: 5 -random_gen_timeout: 5 - -# String: Name shown on tab while on site and on page header -# Default: 'liteshort' -site_name: 'liteshort' - -# String: Domain where the shortlinks will be served from. Useful if using the web interface on a subdomain. -# If not set, it is automatically taken from the URL the shorten request is sent to. -# If you don't know, leave unset -# Default: unset -site_domain: - -# String: Subdomain to host the web interface on. -# Useful if you want the shorturls on the short domain but the web interface on a subdomain. -# If you don't know, leave unset -# Default: unset -subdomain: - -# String: URL which takes you to the most recent short URL's destination -# Short URLs cannot be created with this string if set -# Default: l -latest: 'l' - -# Boolean: Show link to project repository on GitHub at bottom right corner of page -# Default: true -show_github_link: true - diff --git a/liteshort.py b/liteshort.py index c57d590..833350d 100644 --- a/liteshort.py +++ b/liteshort.py @@ -1,9 +1,10 @@ -# Copyright (c) 2019 Steven Spangler <132@ikl.sh> +# Copyright (c) 2019 Steven Spangler <132@ikl.sh>, Kevin Alberts # This file is part of liteshort by 132ikl # This software is license under the MIT license. It should be included in your copy of this software. # A copy of the MIT license can be obtained at https://mit-license.org/ -from flask import Flask, current_app, flash, g, jsonify, make_response, redirect, render_template, request, send_from_directory, url_for +from flask import Flask, current_app, flash, g, jsonify, make_response, redirect, render_template, request, \ + send_from_directory, url_for, session import bcrypt import os import random @@ -22,13 +23,14 @@ def load_config(): req_options = {'admin_username': 'admin', 'database_name': "urls", 'random_length': 4, 'allowed_chars': 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_', 'random_gen_timeout': 5, 'site_name': 'liteshort', 'site_domain': None, 'show_github_link': True, - 'secret_key': None, 'disable_api': False, 'subdomain': '', 'latest': 'l' + 'secret_key': None, 'disable_api': False, 'subdomain': '', 'latest': 'l', 'admin_links_per_page': 20 } config_types = {'admin_username': str, 'database_name': str, 'random_length': int, 'allowed_chars': str, 'random_gen_timeout': int, 'site_name': str, 'site_domain': (str, type(None)), 'show_github_link': bool, 'secret_key': str, - 'disable_api': bool, 'subdomain': (str, type(None)), 'latest': (str, type(None)) + 'disable_api': bool, 'subdomain': (str, type(None)), 'latest': (str, type(None)), + 'admin_links_per_page': int } for option in req_options.keys(): @@ -128,6 +130,26 @@ def list_shortlinks(): return result +def list_shortlinks_page(page, limit=50): + assert page >= 1 + assert type(page) == int + assert type(limit) == int + start_index = (page - 1) * limit + result = query_db('SELECT * FROM urls ORDER BY short LIMIT ? OFFSET ?', (limit, start_index), False, None) + result = nested_list_to_dict(result) + return result + + +def get_num_pages(limit=50): + assert type(limit) == int + result = query_db('SELECT COUNT(*) FROM urls', (), False, None) + items = result[0][0] + page_count = result[0][0] // limit + if page_count * limit < items: + page_count += 1 + return page_count, items + + def nested_list_to_dict(l): d = {} for nl in l: @@ -300,5 +322,58 @@ def main_post(): return response(request, None, 'Long URL required') +@app.route('/login', methods=['POST']) +def login(): + if 'admin_hashed_password' not in app.config or app.config['admin_hashed_password'] is None: + raise AssertionError("Login is disabled.") + + if authenticate(request.form['username'], request.form['password']): + session['logged_in'] = True + else: + flash('Wrong password!', 'error') + return make_response(redirect(url_for('admin'))) + + +@app.route('/logout') +def logout(): + if 'logged_in' in session and session['logged_in']: + session['logged_in'] = False + return make_response(redirect(url_for('admin'))) + + +@app.route('/delete/') +def delete(short): + if 'logged_in' in session and session['logged_in']: + success = delete_url(short) + if success: + flash("Link '/{}' deleted.".format(short), "success") + else: + flash("Failed to delete URL.".format(short), "error") + page = request.args.get('page', '1') + return make_response(redirect(url_for('admin')+"?page="+page)) + else: + return make_response(redirect(url_for('admin'))) + + +@app.route('/admin') +def admin(): + if 'logged_in' in session and session['logged_in']: + page_count, num_items = get_num_pages(app.config['admin_links_per_page']) + page = request.args.get('page', '1') + try: + page = int(page) + if page > page_count: + return make_response(redirect(url_for('admin')+"?page="+str(page_count))) + if page < 1: + return make_response(redirect(url_for('admin')+"?page=1")) + except ValueError: + page = 1 + + urls = list_shortlinks_page(page, app.config['admin_links_per_page']) + return render_template('admin.html', urls=urls, page=page, page_count=page_count, num_items=num_items) + else: + return render_template('login.html') + + if __name__ == '__main__': app.run() diff --git a/static/admin.css b/static/admin.css new file mode 100644 index 0000000..7330810 --- /dev/null +++ b/static/admin.css @@ -0,0 +1,74 @@ +/* +Copyright (c) 2019 Kevin Alberts +This software is license under the MIT license. It should be included in your copy of this software. +A copy of the MIT license can be obtained at https://mit-license.org/ +*/ +.paginator-link { + display: inline-block; + padding: 8px; + margin: 2px; + background: #1D428A; + border: 1px solid #1D428A; + color: white; +} + +.paginator-link { + text-decoration: none; +} + +.paginator-link:hover { + border: 1px solid #1D428A; + color: white; + background: #2450A8; +} + +.paginator-current { + display: inline-block; + padding: 8px; + margin: 2px; + border: 1px solid #1D428A; + background: white; + color: #1D428A; +} + +#box-title .small { + font-size: 2rem +} + +#content_admin { + width: 1200px; +} + +#link-table { + border-collapse: separate; + border-spacing: 0; + margin-top: 1rem; + margin-bottom: 2rem; +} + +#link-table .link-table-header { + background-color: #1D428A; + color: white; +} + +#link-table .link-table-center { + text-align: center; +} + +#link-table tr:hover { + background-color: rgba(0, 0, 0, 0.1); +} +#link-table tr.link-table-header:hover { + background-color: #1D428A; + color: white; +} + +#link-table .link-table-header th { + text-align: left; + font-size: 1.1rem; + padding: 0.5rem 1rem; +} + +#link-table th, #link-table td { + padding: 0.2rem 1rem; +} diff --git a/static/ia.css b/static/ia.css index cfa200e..188e5ef 100644 --- a/static/ia.css +++ b/static/ia.css @@ -1,3 +1,8 @@ +/* +Copyright (c) 2019 Kevin Alberts +This software is license under the MIT license. It should be included in your copy of this software. +A copy of the MIT license can be obtained at https://mit-license.org/ +*/ body{ margin: 0 0 2rem; background-color: #f4f4f4; @@ -34,6 +39,11 @@ body{ line-height: 2.75rem; } +#title a { + color: white; + text-decoration: none; +} + #middle { width: 100%; display: flex; @@ -103,6 +113,21 @@ body{ border-bottom: 1px solid rgba(0, 0, 0, 0.5); } +#username, #password { + /*width: 1%;*/ + min-width: 40px; + flex: 1 1 auto; + font-size: 1.75rem; + color: black; + position: relative; + padding: 0.5rem; + + margin-top: 1rem; + margin-bottom: 1rem; + + border: 1px solid rgba(0, 0, 0, 0.5); +} + #submit { background-color: #077821; color: white; @@ -194,3 +219,13 @@ body{ color: #2450A8; text-decoration: underline; } + +#copyright { + margin-top: 2rem; + font-size: 0.9rem; +} + +#copyright span { + text-align: center; + display: block; +} diff --git a/static/styles.css b/static/styles.css index 25ebdef..498bfe2 100644 --- a/static/styles.css +++ b/static/styles.css @@ -1,5 +1,5 @@ /* -Copyright (c) 2019 Steven Spangler <132@ikl.sh> +Copyright (c) 2019 Steven Spangler <132@ikl.sh>, Kevin Alberts This file is part of liteshort by 132ikl This software is license under the MIT license. It should be included in your copy of this software. A copy of the MIT license can be obtained at https://mit-license.org/ @@ -67,4 +67,4 @@ div.github { div.github:hover { opacity: 1; -} \ No newline at end of file +} diff --git a/templates/admin.html b/templates/admin.html new file mode 100644 index 0000000..b223f97 --- /dev/null +++ b/templates/admin.html @@ -0,0 +1,100 @@ + + + + + + URL Admin - {{ config.site_name }} + + + + + + + +
+
+
+
+

URL Admin (Logout)

+ + {% with messages = get_flashed_messages(with_categories=true) %} + {% if messages %} + {% for category, message in messages %} + {% if category == 'success' %} +
+ ✓ {{ message }} +
+ {% elif category == 'error' %} +
+ ✖ {{ message }} +
+ {% endif %} + {% endfor %} + {% endif %} + {% endwith %} + +

There are {{ num_items }} links in the database.

+ +
+ {% for i in range(1, page_count + 1) %} + {% if i == page %} + {{ i }} + {% else %} + {{ i }} + {% endif %} + {% endfor %} +
+ + + + + + + + {% for long, short in urls.items() %} + + + + + + {% else %} + + + + {% endfor %} + + +
+ {% for i in range(1, page_count + 1) %} + {% if i == page %} + {{ i }} + {% else %} + {{ i }} + {% endif %} + {% endfor %} +
+
+
+
+ + diff --git a/templates/login.html b/templates/login.html new file mode 100644 index 0000000..ef75138 --- /dev/null +++ b/templates/login.html @@ -0,0 +1,67 @@ + + + + + + Admin Login - {{ config.site_name }} + + + + + + +
+
+
+
+
+

Admin Login

+
+
+ +
+
+ +
+ +
+
+ + {% with messages = get_flashed_messages(with_categories=true) %} + {% if messages %} + {% for category, message in messages %} + {% if category == 'success' %} +
+ ✓ {{ message }} +
+ {% elif category == 'error' %} +
+ ✖ {{ message }} +
+ {% endif %} + {% endfor %} + {% endif %} + {% endwith %} +
+
+
+ + diff --git a/templates/main.html b/templates/main.html index 08daf1a..210ccce 100644 --- a/templates/main.html +++ b/templates/main.html @@ -1,5 +1,5 @@