sourcehut
/
hub.sr.ht
mirror of https://git.sr.ht/~sircmpwn/hub.sr.ht
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
261 Commits 1 Branch 170 Tags 502 KiB
Commit Graph

232 Commits

Author SHA1 Message Date
Drew DeVault 7c9bff2e86 Prohibit projects named . or .. 2021-06-12 11:54:06 -04:00
Sol Fisher Romanoff 4e7364de57 Update placement of "Markdown supported" 2021-05-19 09:47:55 -04:00
Drew DeVault 6b0a06ba73 webhooks: HTML escape user content 
This sounds like an XSS vulnerability, but really the only thing you can
exploit prior to this is silly things like putting an <h1> into commit
messages. These details were already sanitized at a later part of the
code.
 2021-05-17 09:48:02 -04:00
Drew DeVault 2ed2460598 project-nav.html: fix link macro for jinja2 3.0.0 2021-05-16 16:35:25 -04:00
Drew DeVault af11d9ae79 Don't append to search for popular tags 2021-03-03 16:43:31 -05:00
Drew DeVault 610accc580 Add list of popular tags to project index 2021-03-03 14:48:58 -05:00
Drew DeVault 27b0dba424 blueprints.trackers: import abort from flask 2021-02-21 19:32:23 -05:00
Drew DeVault dba925cf4d webhooks: fix oversight in payload verification 2021-02-20 09:58:27 -05:00
Drew DeVault 641cd03056 Ignore webhooks from someone else's build 2021-02-20 09:53:43 -05:00
Drew DeVault f1fbf3bddb builds: correct name of env variable 2021-02-03 14:35:03 -05:00
Alexey Yerin d8bac6c67c Export some env variables when submitting a build 
This allows to detect if the build was started from a patch and for
example, skip deployment.

Example:
  BUILD_SUBMITTER=hub.sr.ht
  BUILD_REASON=patchset
  PATCHSET_ID=19897
  PATCHSET_URL=https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/19897

Ticket: ~sircmpwn/hub.sr.ht#70
 2021-02-02 10:24:17 -05:00
Alexey Yerin c86e3280d7 Show last five repos when trying to clone project 
Repositories are sorted by latest update time, like on "sources" tab.

Ticket: https://todo.sr.ht/~sircmpwn/hub.sr.ht/61
 2021-01-29 10:35:00 -05:00
Drew DeVault 945967d390 services: fix custom HTML readme display 2021-01-26 09:01:19 -05:00
Drew DeVault b75ac04029 Tolerate # symbol in tag entry 2021-01-18 15:29:02 -05:00
Drew DeVault 31854be734 Syncronize nullable constraints with service policy 2021-01-18 15:24:59 -05:00
Drew DeVault 89738ae198 Forward errors from GQL to the UI 2021-01-11 09:32:08 -05:00
Drew DeVault eb326ae6fb todo.sr.ht: description is required 2021-01-11 09:29:38 -05:00
Denis Laxalde 4e5be22783 Make source repo unique by project 
We add a unique constraint on source_repo table to prevent multiple
links of the same remote repository to a given project.

The UI already prevents duplicates (from ef585b6e) but it seems better
to enforce this in the database model.
 2021-01-11 09:10:59 -05:00
Drew DeVault 84e0598f4d Raise exception on unexpected git.sr.ht response 2020-12-19 18:04:03 -05:00
Nolan Prescott 64cd1e0443 Prefix README links to rendered pages 
Relative links from project summaries resulted in raw pages rather
than rendered pages for both mercurial and git repositories.

This patch is intended to match the behavior of git.sr.ht and hg.sr.ht
README rendering by passing the previous raw links as secondary link
prefixes (for rendering images) but otherwise link to rendered
resources.

related ticket: todo.sr.ht/~sircmpwn/hub.sr.ht/67
 2020-12-08 08:49:05 -05:00
Drew DeVault 5c97b72d51 Replace more git.sr.ht requests with GraphQL 2020-12-03 11:46:55 -05:00
Drew DeVault bd37e09523 Use GraphQL to fetch readmes from git.sr.ht 2020-12-03 08:33:47 -05:00
Drew DeVault 656739112e Expand detail in get_manifests exception 2020-11-28 13:17:48 -05:00
Drew DeVault de0182c2c1 services.py: check for missing repositories 2020-11-28 09:59:36 -05:00
Drew DeVault 9154800871 Make plaintext project summary transparent 2020-11-25 13:15:49 -05:00
Drew DeVault 074810fba5 Update wording on dashboard page 
To encourage users to feel like a part of sr.ht
 2020-11-20 11:35:01 -05:00
Thorben Günther 643ed4c9f8 Only show projects on first page of events 2020-11-17 10:03:40 -05:00
Drew DeVault 2220ddf633 Don't hide projects which didn't complete checklist 
The UX here is pretty bad and at least a third of users are unaware that
they need to complete the checklist to publish their project.
 2020-11-15 14:19:35 -05:00
Thorben Günther 502afdd0e1 Delete second declaration of create_tracker 2020-10-31 10:55:40 -04:00
Thorben Günther 8c5aef62b0 Fix subfolders in ".builds" breaking CI 
Currently the gql API request will return an empty object for subfoders.
 2020-10-31 10:53:22 -04:00
Antoine Kalmbach 1346dd4f34 Use -sS instead of --no-progress-meter when curling mbox downloads 
Seems like curl in Debian images is too old to have support for
--no-progress-meter introduced in curl 7.67. This can be done in a
forward compatible way by using -sS.

-s will silence output in general, but -S (--show-error) will unsilence any errors.
 2020-10-25 16:47:23 -04:00
Thorben Günther ba9573e7da Add `Edit account profile` button to hub profile 
Also adds a link to /projects/create
 2020-10-24 13:04:09 -04:00
Drew DeVault a6579ef7f5 README: don't add empty pre tag for empty readme 2020-09-22 13:02:15 -04:00
Drew DeVault 3744bd5d47 Add link to tag best practices 2020-09-12 10:49:17 -04:00
Drew DeVault 8737b4881d Make project tags optional 
Didn't notice this in the original patchset
 2020-09-12 09:57:41 -04:00
Drew DeVault 5b3555567f Correct oversight on index page 2020-09-12 09:16:36 -04:00
наб dc078f279f Add project tags 
Ref: ~sircmpwn/hub.sr.ht#19
 2020-09-12 09:10:26 -04:00
наб df5ddcc3cb Test for & display invalid search errors on profile page, too 
I was there indeed
 2020-09-11 09:56:57 -04:00
Drew DeVault 134c1f27d6 Test for & display invalid search errors 
Hi nab-was-here
 2020-09-10 10:09:03 -04:00
наб c212995eef Allow project slugs to break 
Ref: ~sircmpwn/sr.ht#245
 2020-09-10 10:04:48 -04:00
наб ff01082c30 Move {git,hg}_new_GET into common handler; use correct origin for /~u/p/{git,hg}/new 
Ref: ~sircmpwn/hg.sr.ht/39
 2020-09-07 11:35:05 -04:00
наб 9fc47d0bb4 Link resources directly if there's one of a kind 
Ref: ~sircmpwn/hub.sr.ht#23
 2020-09-07 10:36:23 -04:00
Drew DeVault b1ff1910a3 Fix git.ensure_user_webhooks 
Typo had the unensure function overwrite the ensure function, the end
result being that everyone's webhooks were removed -_-
 2020-09-03 11:47:28 -04:00
Drew DeVault 29e04b2105 sources: import abort 2020-08-30 16:04:24 -04:00
Drew DeVault 6b9d2e6d96 Use random selection of build manifests 2020-08-28 12:09:20 -04:00
Drew DeVault 319f690c9d Fix issue with submitting excessive build manifests 
This is a dict, and cannot be sub-sliced in this manner.
 2020-08-28 12:03:17 -04:00
Drew DeVault 55b4da42af Prevent 500 on invalid build manifests 2020-08-26 09:42:15 -04:00
наб 1254d8a222 Properly fill in description in project create page 2020-08-26 09:37:30 -04:00
наб db873e2cab Use HTML override for project README, if any 2020-08-25 16:04:15 -04:00
наб adee08b766 Spec search_keys=sort for /projects 2020-08-24 10:04:54 -04:00
Drew DeVault fb3b4999fc builds: refuse to submit >4 builds at once 2020-08-21 09:34:10 -04:00
Gregory Anders 10453628e7 Fix typo in error message 2020-08-20 12:37:36 -04:00
наб 39eafa9bbf Show helpful error on Mercurial clones as well 
Unfortunately "hg clone" seems to have issues with the redirect to the
version with the trailing slash, but it's better than the raw HTML dump
from before

-- >8 --
nabijaczleweli@tarta:~/uwu$ hg clone http://127.0.0.1:5014/~nabijaczleweli/projeq wellb
abort: HTTP Error 308: PERMANENT REDIRECT
nabijaczleweli@tarta:~/uwu$ hg clone http://127.0.0.1:5014/~nabijaczleweli/projeq/ wellb
abort: 'http://127.0.0.1:5014/~nabijaczleweli/projeq/' does not appear to be an hg repository:
---%<--- (text/plain; charset=utf-8)

You have tried to clone a project from sourcehat, but you probably meant to
clone a specific hg repository for this project instead. A single project on
sourcehat often has more than one hg repository.

You can visit the following URL:

  http://127.0.0.1:5014/~nabijaczleweli/projeq/sources

To the browse source repositories for this project.

---%<---
!
nabijaczleweli@tarta:~/uwu$
-- >8 --
 2020-08-20 12:37:35 -04:00
наб b2f59c803b Return an error when trying to clone a project 
-- >8 --
nabijaczleweli@tarta:~/uwu/git$ strace -f -o ss git clone http://127.0.0.1:5014/~nabijaczleweli/projeq
Cloning into 'projeq'...
fatal: remote error:

This is a sourcehat project, which amalgamates multiple source repositories,
issue trackers, and mailing lists.

You can visit
  http://127.0.0.1:5014/~nabijaczleweli/projeq/sources
to pick a specific source.

nabijaczleweli@tarta:~/uwu/git$
-- >8 --

Returning a non-ERR here and going down to a pack is possible
(confer https://twitter.com/nabijaczleweli/status/1296062752516079617)
but errors later down the line are either more verbose and hint at
implementation errors, or leave repositories in a sticky state.

Ref: ~sircmpwn/hub.sr.ht#49
 2020-08-20 10:21:26 -04:00
наб 4d009f9c9a Use format-agnostic README nomenclature instead of hinting at README.md 
Also fixes "Head's up!" – the heads are to be up, rather than some head
being up excitingly

Fixes d24e508cd4
 2020-08-18 10:12:44 -04:00
наб dff8093560 Use default branch for querying README blobs 
GETting "{_gitsrht}/api/repos/{repo_name}/refdb/HEAD" would also have
worked, but it's hardly necessary

Ref: ~sircmpwn/hub.sr.ht#50
 2020-08-18 10:12:43 -04:00
Drew DeVault de106cf291 Improvements to home page feature list 2020-08-14 10:28:15 -04:00
наб 96c0147db1 List the featured projects on the anonymous index page 
This improves discovery by not making the hub feels like it requires an
account just to browse

Ref: ~sircmpwn/hub.sr.ht#42
 2020-08-14 10:22:19 -04:00
Drew DeVault 981622c92f Add page listing all featured projects 2020-08-01 12:34:32 -04:00
Drew DeVault b72c7c7feb Run build submissions in a job group 2020-07-23 12:58:38 -04:00
Drew DeVault 7b76b9d5eb Add confirmation page for project deletion 2020-07-20 10:04:29 -04:00
Drew DeVault 5c742bcfe3 build submission: respect reply-to header 2020-07-16 10:05:15 -04:00
Drew DeVault e86c126220 Fix title on manage trackers page 2020-07-14 08:05:34 -04:00
Drew DeVault 33ea654ac3 Support multiple manifests 2020-07-13 16:31:44 -04:00
Drew DeVault 581af620f0 Rig up build status to lists.sr.ht tool status 2020-07-13 16:14:59 -04:00
Drew DeVault 8f14fd4776 Gracefully handle missing patch prefix 2020-07-13 14:16:19 -04:00
Drew DeVault 271e6350b0 build submission: handle missing repo 2020-07-13 13:39:26 -04:00
Drew DeVault a1c9c80b29 Submit patches to builds.sr.ht 2020-07-13 13:30:28 -04:00
Drew DeVault a83d6a2cfd Copy visibility of project to new repos 2020-07-11 10:33:42 -04:00
Drew DeVault a9fa9ef580 Fix notice for users with zero projects 2020-07-09 18:13:00 -04:00
Drew DeVault 1e3e641abc projects.py: import session from flask 2020-07-09 12:29:16 -04:00
ARaspiK 54e1c5169a Replace misaka (hoedown) with mistletoe 
It looked like using hoedown (through misaka), which is very
unmaintained, was leading to a lot of issues (see [0]). This replaces
misaka by mistletoe [1], without losing any functionality (I hope).

This affects the call to 'markdown()', removing the now-redundant
argument for the tag whitelist.

[0]: https://todo.sr.ht/~sircmpwn/sr.ht/20
[1]: https://github.com/miyuchina/mistletoe
 2020-07-09 11:47:04 -04:00
Drew DeVault 3c6f828df2 Fix project deletion 
SQLAlchemy's internal cascade handling is the most miserable, broken
piece of shit I have ever had the displeasure of using. So we circumvent
it entirely and let the SQL server do the right thing.

A word of advice: don't use SQLAlchemy for new projects.
 2020-07-09 09:56:20 -04:00
Drew DeVault 47d6ec09a1 Implement mailing list removal 2020-07-08 12:19:54 -04:00
Drew DeVault 1880cef710 Remove non-null constraint from repo description 2020-06-18 09:47:59 -04:00
Michał Sidor (Michcioperz) d24e508cd4 Add support for different named READMEs 2020-05-25 10:10:57 -04:00
Drew DeVault 0aeb98fab8 project summary: correct hg readme URLs 2020-05-18 09:38:26 -04:00
Drew DeVault d277771ca8 profile: remove redundant link 2020-05-11 09:54:25 -04:00
Drew DeVault 8f238adc82 Improve UI on project checklist 2020-05-08 11:17:58 -04:00
Alex Bierwagen 74c9124619 add user's name to placeholder in "projects.html" template 2020-05-06 10:28:10 -04:00
Drew DeVault a34ed9df1b services: consider 404 a successful deletion 2020-05-04 12:00:06 -04:00
Drew DeVault f6861ae2f5 webhooks: correct lists.sr.ht sender URL 2020-05-04 11:55:14 -04:00
Drew DeVault 1b21391014 Swallow errors when unensuring webhooks 2020-05-04 11:20:23 -04:00
Drew DeVault 546f0e47be webhooks: return response from unimplemented path 2020-05-04 11:08:08 -04:00
Drew DeVault 5fc74fec4c Remove length limit on resource descriptions 
The upstream services are the authority on these
 2020-04-30 15:37:26 -04:00
Drew DeVault 9765707eb7 Fix visibility updates in project settings 2020-04-30 14:02:08 -04:00
Drew DeVault b821833d07 index search tools: d-none by default 2020-04-30 13:16:11 -04:00
Drew DeVault 9362b96441 project-index: hide search tools on xs 2020-04-30 13:13:58 -04:00
Drew DeVault 5151bb11ba Improve layout of resource lists 2020-04-30 12:18:32 -04:00
Drew DeVault 86f3f3351b Better webhook validation 2020-04-30 11:02:33 -04:00
Drew DeVault e8d313356c webhooks: verify payload signature 2020-04-30 10:27:09 -04:00
Drew DeVault a32c72e135 Revert "Fix circular dependency on project deletion" 
This reverts commit 8aa3a33e9b.
 2020-04-30 10:11:00 -04:00
Drew DeVault 8aa3a33e9b Fix circular dependency on project deletion 2020-04-30 10:04:14 -04:00
Drew DeVault f947f831ab Repo description is required 2020-04-30 09:59:51 -04:00
Drew DeVault 81369a172c Improve user profiles for users with little activity 2020-04-30 09:58:42 -04:00
Drew DeVault 08620422f2 Improve appearance of featured projects 2020-04-30 09:42:52 -04:00
Drew DeVault b90812f934 Fix URLs for embedded images in project summaries 2020-04-30 08:46:07 -04:00
Drew DeVault 34e5c1c7c1 project-index: hide form on mobile 2020-04-30 08:22:19 -04:00
Drew DeVault 5f1523bdfb Same fix for git repos 2020-04-29 13:59:57 -04:00
Drew DeVault 688195adb4 Fix Hg repository creation visibility assignment 2020-04-29 13:55:04 -04:00