From 2e1808b00fb3425bc87979189b813f2daf4d317d Mon Sep 17 00:00:00 2001 From: Liam Date: Thu, 15 Aug 2024 23:01:34 -0400 Subject: [PATCH 1/7] Fix case match --- lib/philomena_web/controllers/admin/advert_controller.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/philomena_web/controllers/admin/advert_controller.ex b/lib/philomena_web/controllers/admin/advert_controller.ex index e058ce26f..12b1dfbe9 100644 --- a/lib/philomena_web/controllers/admin/advert_controller.ex +++ b/lib/philomena_web/controllers/admin/advert_controller.ex @@ -34,7 +34,7 @@ defmodule PhilomenaWeb.Admin.AdvertController do |> put_flash(:info, "Advert was successfully created.") |> redirect(to: ~p"/admin/adverts") - {:error, :advert, changeset, _changes} -> + {:error, changeset} -> render(conn, "new.html", changeset: changeset) end end From 967cbf7b24d456e615e4737400fae424def5ba08 Mon Sep 17 00:00:00 2001 From: Liam Date: Fri, 16 Aug 2024 13:42:02 -0400 Subject: [PATCH 2/7] Remove transport_opts workaround for SSL hosts due to upstream fix Available in 27.0.1+ by https://github.com/erlang/otp/issues/8588 --- lib/philomena_proxy/http.ex | 43 ++++++++----------------------------- 1 file changed, 9 insertions(+), 34 deletions(-) diff --git a/lib/philomena_proxy/http.ex b/lib/philomena_proxy/http.ex index 5558f6976..a9c03e69d 100644 --- a/lib/philomena_proxy/http.ex +++ b/lib/philomena_proxy/http.ex @@ -84,7 +84,7 @@ defmodule PhilomenaProxy.Http do body: body, headers: [{:user_agent, @user_agent} | headers], max_redirects: 1, - connect_options: connect_options(url), + connect_options: connect_options(), inet6: true, into: &stream_response_callback/2, decode_body: false @@ -93,39 +93,14 @@ defmodule PhilomenaProxy.Http do |> Req.request() end - defp connect_options(url) do - transport_opts = - case URI.parse(url) do - %{scheme: "https"} -> - # SSL defaults validate SHA-1 on root certificates but this is unnecessary because many - # many roots are still signed with SHA-1 and it isn't relevant for security. Relax to - # allow validation of SHA-1, even though this creates a less secure client. - # https://github.com/erlang/otp/issues/8601 - [ - transport_opts: [ - customize_hostname_check: [ - match_fun: :public_key.pkix_verify_hostname_match_fun(:https) - ], - signature_algs_cert: :ssl.signature_algs(:default, :"tlsv1.3") ++ [sha: :rsa] - ] - ] - - _ -> - # Do not pass any options for non-HTTPS schemes. Finch will raise badarg if the above - # options are passed. - [] - end - - proxy_opts = - case Application.get_env(:philomena, :proxy_host) do - nil -> - [] - - url -> - [proxy: proxy_opts(URI.parse(url))] - end - - transport_opts ++ proxy_opts + defp connect_options do + case Application.get_env(:philomena, :proxy_host) do + nil -> + [] + + proxy_url -> + [proxy: proxy_opts(URI.parse(proxy_url))] + end end defp proxy_opts(%{host: host, port: port, scheme: "https"}), From 25748dc8ff03a0a1f5e3b4c7d9a1851b2a29e887 Mon Sep 17 00:00:00 2001 From: Liam Date: Sat, 17 Aug 2024 17:28:56 -0400 Subject: [PATCH 3/7] Fix HEAD requests to s3proxy --- docker/web/aws-signature.lua | 2 +- docker/web/nginx.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docker/web/aws-signature.lua b/docker/web/aws-signature.lua index fae289927..c204cbb67 100644 --- a/docker/web/aws-signature.lua +++ b/docker/web/aws-signature.lua @@ -76,7 +76,7 @@ end local function get_hashed_canonical_request(timestamp, host, uri) local digest = get_sha256_digest(ngx.var.request_body) - local canonical_request = ngx.var.request_method .. '\n' + local canonical_request = ngx.req.get_method() .. '\n' .. uri .. '\n' .. '\n' .. 'host:' .. host .. '\n' diff --git a/docker/web/nginx.conf b/docker/web/nginx.conf index 218fe896f..73bd5aea6 100644 --- a/docker/web/nginx.conf +++ b/docker/web/nginx.conf @@ -34,7 +34,7 @@ init_by_lua_block { function sign_aws_request() -- The API token used should not allow writing, but -- sanitize this anyway to stop an upstream error - if ngx.req.get_method() ~= 'GET' then + if ngx.req.get_method() ~= 'GET' and ngx.req.get_method() ~= 'HEAD' then ngx.status = ngx.HTTP_UNAUTHORIZED ngx.say('Unauthorized') return ngx.exit(ngx.HTTP_UNAUTHORIZED) From d78201d05fac14d5529bb693255123214265c382 Mon Sep 17 00:00:00 2001 From: Liam Date: Sat, 17 Aug 2024 17:38:34 -0400 Subject: [PATCH 4/7] Only allow GET The proxy_cache module will always internally convert HEAD to GET (which is desired). This does not update the request method variables exposed to Lua, so hardcode GET. --- docker/web/aws-signature.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker/web/aws-signature.lua b/docker/web/aws-signature.lua index c204cbb67..31a46f584 100644 --- a/docker/web/aws-signature.lua +++ b/docker/web/aws-signature.lua @@ -76,7 +76,7 @@ end local function get_hashed_canonical_request(timestamp, host, uri) local digest = get_sha256_digest(ngx.var.request_body) - local canonical_request = ngx.req.get_method() .. '\n' + local canonical_request = 'GET' .. '\n' .. uri .. '\n' .. '\n' .. 'host:' .. host .. '\n' From 5da5d086c8a8273e5ad380a390da95a6f473eda0 Mon Sep 17 00:00:00 2001 From: Liam Date: Sun, 25 Aug 2024 21:10:34 -0400 Subject: [PATCH 5/7] Fix preloads --- .../controllers/admin/user/erase_controller.ex | 12 ++++++++++++ lib/philomena_web/controllers/profile_controller.ex | 8 ++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/philomena_web/controllers/admin/user/erase_controller.ex b/lib/philomena_web/controllers/admin/user/erase_controller.ex index b481068e2..f0a926df3 100644 --- a/lib/philomena_web/controllers/admin/user/erase_controller.ex +++ b/lib/philomena_web/controllers/admin/user/erase_controller.ex @@ -13,6 +13,7 @@ defmodule PhilomenaWeb.Admin.User.EraseController do persisted: true, preload: [:roles] + plug :prevent_deleting_nonexistent_users plug :prevent_deleting_privileged_users plug :prevent_deleting_verified_users @@ -35,6 +36,17 @@ defmodule PhilomenaWeb.Admin.User.EraseController do end end + defp prevent_deleting_nonexistent_users(conn, _opts) do + if is_nil(conn.assigns.user) do + conn + |> put_flash(:error, "Couldn't find that username. Was it already erased?") + |> redirect(to: ~p"/admin/users") + |> Plug.Conn.halt() + else + conn + end + end + defp prevent_deleting_privileged_users(conn, _opts) do if conn.assigns.user.role != "user" do conn diff --git a/lib/philomena_web/controllers/profile_controller.ex b/lib/philomena_web/controllers/profile_controller.ex index af5b0ac30..d3e375f49 100644 --- a/lib/philomena_web/controllers/profile_controller.ex +++ b/lib/philomena_web/controllers/profile_controller.ex @@ -125,8 +125,12 @@ defmodule PhilomenaWeb.ProfileController do preload(Image, [:sources, tags: :aliases]), preload(Image, [:sources, tags: :aliases]), preload(Image, [:sources, tags: :aliases]), - preload(Comment, user: [awards: :badge], image: [:sources, tags: :aliases]), - preload(Post, user: [awards: :badge], topic: :forum) + preload(Comment, [ + :deleted_by, + user: [awards: :badge], + image: [:sources, tags: :aliases] + ]), + preload(Post, [:deleted_by, user: [awards: :badge], topic: :forum]) ] ) From c81b991b8832039646d3f46a54e4160648707263 Mon Sep 17 00:00:00 2001 From: Liam Date: Sun, 25 Aug 2024 23:50:33 -0400 Subject: [PATCH 6/7] Use image list layout in reverse search --- lib/philomena/duplicate_reports.ex | 2 +- .../controllers/search/reverse_controller.ex | 23 ++++++- .../templates/search/reverse/index.html.slime | 61 ++++++++----------- 3 files changed, 45 insertions(+), 41 deletions(-) diff --git a/lib/philomena/duplicate_reports.ex b/lib/philomena/duplicate_reports.ex index c6cb2c55d..a9cad67ba 100644 --- a/lib/philomena/duplicate_reports.ex +++ b/lib/philomena/duplicate_reports.ex @@ -87,7 +87,7 @@ defmodule Philomena.DuplicateReports do {intensities, aspect} |> find_duplicates(dist: dist, aspect_dist: dist, limit: limit) |> preload([:user, :intensity, [:sources, tags: :aliases]]) - |> Repo.all() + |> Repo.paginate(page_size: 50) {:ok, images} diff --git a/lib/philomena_web/controllers/search/reverse_controller.ex b/lib/philomena_web/controllers/search/reverse_controller.ex index 967b968ac..ef4fa8367 100644 --- a/lib/philomena_web/controllers/search/reverse_controller.ex +++ b/lib/philomena_web/controllers/search/reverse_controller.ex @@ -16,15 +16,32 @@ defmodule PhilomenaWeb.Search.ReverseController do case DuplicateReports.execute_search_query(image_params) do {:ok, images} -> changeset = DuplicateReports.change_search_query(%SearchQuery{}) - render(conn, "index.html", title: "Reverse Search", images: images, changeset: changeset) + + render(conn, "index.html", + title: "Reverse Search", + layout_class: "layout--wide", + images: images, + changeset: changeset + ) {:error, changeset} -> - render(conn, "index.html", title: "Reverse Search", images: nil, changeset: changeset) + render(conn, "index.html", + title: "Reverse Search", + layout_class: "layout--wide", + images: nil, + changeset: changeset + ) end end def create(conn, _params) do changeset = DuplicateReports.change_search_query(%SearchQuery{}) - render(conn, "index.html", title: "Reverse Search", images: nil, changeset: changeset) + + render(conn, "index.html", + title: "Reverse Search", + layout_class: "layout--wide", + images: nil, + changeset: changeset + ) end end diff --git a/lib/philomena_web/templates/search/reverse/index.html.slime b/lib/philomena_web/templates/search/reverse/index.html.slime index 97d886864..7e7146003 100644 --- a/lib/philomena_web/templates/search/reverse/index.html.slime +++ b/lib/philomena_web/templates/search/reverse/index.html.slime @@ -1,12 +1,13 @@ h1 Reverse Search = form_for @changeset, ~p"/search/reverse", [multipart: true, as: :image], fn f -> - p - ' Basic image similarity search. Finds uploaded images similar to the one - ' provided based on simple intensities and uses the median frame of - ' animations; very low contrast images (such as sketches) will produce - ' poor results and, regardless of contrast, results may include seemingly - ' random images that look very different. + .walloftext + p + ' Basic image similarity search. Finds uploaded images similar to the one + ' provided based on simple intensities and uses the median frame of + ' animations; very low contrast images (such as sketches) will produce + ' poor results and, regardless of contrast, results may include seemingly + ' random images that look very different. .image-other #js-image-upload-previews @@ -40,42 +41,28 @@ h1 Reverse Search = cond do - is_nil(@images) -> + / Don't render anything. - Enum.any?(@images) -> - h2 Results - - table - tr - th   - th Image - th   - - = for match <- @images do - tr - th - h3 = link "##{match.id}", to: ~p"/images/#{match}" - p - = if image_has_sources(match) do - span.source_url - = link "Source", to: image_first_source(match) - - else - ' Unknown source + .block#imagelist-container + section.block__header.page__header.flex + span.block__header__title.page__title.hide-mobile + ' Search by uploaded image - th - = render PhilomenaWeb.ImageView, "_image_container.html", image: match, size: :thumb, conn: @conn + .block__content.js-resizable-media-container + = for image <- @images do + = render PhilomenaWeb.ImageView, "_image_box.html", image: image, link: ~p"/images/#{image}", size: :thumb, conn: @conn - th - h3 - = match.image_width - | x - => match.image_height - ' - - => round(match.image_size / 1024) - ' KiB + .block__header.block__header--light.page__header.flex + span.block__header__title.page__info + = render PhilomenaWeb.PaginationView, "_pagination_info.html", page: @images - = render PhilomenaWeb.TagView, "_tag_list.html", tags: Tag.display_order(match.tags), conn: @conn + .flex__right.page__options + a href="/settings/edit" title="Display Settings" + i.fa.fa-cog + span.hide-mobile.hide-limited-desktop<> + ' Display Settings - true -> - h2 Results p - ' We couldn't find any images matching this in our image database. + ' No images found! From 4dd0c8c11b4e46ca3e72e724a78a5155bf9cafdc Mon Sep 17 00:00:00 2001 From: Liam Date: Tue, 27 Aug 2024 08:15:19 -0400 Subject: [PATCH 7/7] Fix warning --- lib/philomena_web/views/search/reverse_view.ex | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/philomena_web/views/search/reverse_view.ex b/lib/philomena_web/views/search/reverse_view.ex index 498deefa5..7cb4704f9 100644 --- a/lib/philomena_web/views/search/reverse_view.ex +++ b/lib/philomena_web/views/search/reverse_view.ex @@ -1,5 +1,3 @@ defmodule PhilomenaWeb.Search.ReverseView do use PhilomenaWeb, :view - - alias Philomena.Tags.Tag end