microblog.pub/app/config.py

import hashlib
import os
import secrets
from pathlib import Path

import bcrypt
import itsdangerous
import pydantic
import tomli
from fastapi import Form
from fastapi import HTTPException
from fastapi import Request
from itsdangerous import URLSafeTimedSerializer
from loguru import logger
from markdown import markdown

from app.utils.emoji import _load_emojis
from app.utils.version import get_version_commit

ROOT_DIR = Path().parent.resolve()

_CONFIG_FILE = os.getenv("MICROBLOGPUB_CONFIG_FILE", "profile.toml")

VERSION_COMMIT = "dev"

try:
    from app._version import VERSION_COMMIT  # type: ignore
except ImportError:
    VERSION_COMMIT = get_version_commit()

# Force reloading cache when the CSS is updated
CSS_HASH = "none"
try:
    css_data = (ROOT_DIR / "app" / "static" / "css" / "main.css").read_bytes()
    CSS_HASH = hashlib.md5(css_data, usedforsecurity=False).hexdigest()
except FileNotFoundError:
    pass


VERSION = f"2.0.0+{VERSION_COMMIT}"
USER_AGENT = f"microblogpub/{VERSION}"
AP_CONTENT_TYPE = "application/activity+json"


class _PrivacyReplace(pydantic.BaseModel):
    domain: str
    replace_by: str


class _ProfileMetadata(pydantic.BaseModel):
    key: str
    value: str


class _BlockedServer(pydantic.BaseModel):
    hostname: str
    reason: str | None = None


class Config(pydantic.BaseModel):
    domain: str
    username: str
    admin_password: bytes
    name: str
    summary: str
    https: bool
    icon_url: str
    secret: str
    debug: bool = False
    trusted_hosts: list[str] = ["127.0.0.1"]
    manually_approves_followers: bool = False
    privacy_replace: list[_PrivacyReplace] | None = None
    metadata: list[_ProfileMetadata] | None = None
    code_highlighting_theme = "friendly_grayscale"
    blocked_servers: list[_BlockedServer] = []
    custom_footer: str | None = None

    inbox_retention_days: int = 15

    # Config items to make tests easier
    sqlalchemy_database: str | None = None
    key_path: str | None = None


def load_config() -> Config:
    try:
        return Config.parse_obj(
            tomli.loads((ROOT_DIR / "data" / _CONFIG_FILE).read_text())
        )
    except FileNotFoundError:
        raise ValueError(
            f"Please run the configuration wizard, {_CONFIG_FILE} is missing"
        )


def is_activitypub_requested(req: Request) -> bool:
    accept_value = req.headers.get("accept")
    if not accept_value:
        return False
    for val in {
        "application/ld+json",
        "application/activity+json",
    }:
        if accept_value.startswith(val):
            return True

    return False


def verify_password(pwd: str) -> bool:
    return bcrypt.checkpw(pwd.encode(), CONFIG.admin_password)


CONFIG = load_config()
DOMAIN = CONFIG.domain
_SCHEME = "https" if CONFIG.https else "http"
ID = f"{_SCHEME}://{DOMAIN}"
USERNAME = CONFIG.username
MANUALLY_APPROVES_FOLLOWERS = CONFIG.manually_approves_followers
PRIVACY_REPLACE = None
if CONFIG.privacy_replace:
    PRIVACY_REPLACE = {pr.domain: pr.replace_by for pr in CONFIG.privacy_replace}

BLOCKED_SERVERS = {blocked_server.hostname for blocked_server in CONFIG.blocked_servers}

INBOX_RETENTION_DAYS = CONFIG.inbox_retention_days
CUSTOM_FOOTER = (
    markdown(
        CONFIG.custom_footer.replace("{version}", VERSION), extensions=["mdx_linkify"]
    )
    if CONFIG.custom_footer
    else None
)

BASE_URL = ID
DEBUG = CONFIG.debug
DB_PATH = CONFIG.sqlalchemy_database or ROOT_DIR / "data" / "microblogpub.db"
SQLALCHEMY_DATABASE_URL = f"sqlite:///{DB_PATH}"
KEY_PATH = (
    (ROOT_DIR / CONFIG.key_path) if CONFIG.key_path else ROOT_DIR / "data" / "key.pem"
)
EMOJIS = "😺 😸 😹 😻 😼 😽 🙀 😿 😾"
# Emoji template for the FE
EMOJI_TPL = '<img src="/static/twemoji/{filename}.svg" alt="{raw}" class="emoji">'

_load_emojis(ROOT_DIR, BASE_URL)

CODE_HIGHLIGHTING_THEME = CONFIG.code_highlighting_theme


session_serializer = URLSafeTimedSerializer(
    CONFIG.secret,
    salt=f"{ID}.session",
)
csrf_serializer = URLSafeTimedSerializer(
    CONFIG.secret,
    salt=f"{ID}.csrf",
)


def generate_csrf_token() -> str:
    return csrf_serializer.dumps(secrets.token_hex(16))  # type: ignore


def verify_csrf_token(csrf_token: str = Form()) -> None:
    try:
        csrf_serializer.loads(csrf_token, max_age=1800)
    except (itsdangerous.BadData, itsdangerous.SignatureExpired):
        logger.exception("Failed to verify CSRF token")
        raise HTTPException(status_code=403, detail="CSRF error")
    return None
Invalidate CSS cache when updated 2022-08-13 15:35:39 +02:00			`import hashlib`
Initial commit for new v2 2022-06-22 20:11:22 +02:00			`import os`
Tweak CSRF token handling 2022-07-11 09:34:06 +02:00			`import secrets`
Initial commit for new v2 2022-06-22 20:11:22 +02:00			`from pathlib import Path`

			`import bcrypt`
Tweak CSRF token handling 2022-07-11 09:34:06 +02:00			`import itsdangerous`
Initial commit for new v2 2022-06-22 20:11:22 +02:00			`import pydantic`
			`import tomli`
			`from fastapi import Form`
			`from fastapi import HTTPException`
			`from fastapi import Request`
Tweak CSRF token handling 2022-07-11 09:34:06 +02:00			`from itsdangerous import URLSafeTimedSerializer`
			`from loguru import logger`
Custom footer support 2022-08-24 21:18:30 +02:00			`from markdown import markdown`
Initial commit for new v2 2022-06-22 20:11:22 +02:00
Custom emoji support 2022-06-27 20:55:44 +02:00			`from app.utils.emoji import _load_emojis`
Improve version handling 2022-08-24 09:02:20 +02:00			`from app.utils.version import get_version_commit`
Custom emoji support 2022-06-27 20:55:44 +02:00
Initial commit for new v2 2022-06-22 20:11:22 +02:00			`ROOT_DIR = Path().parent.resolve()`

Bugfixes and cleanup 2022-07-07 20:37:16 +02:00			`_CONFIG_FILE = os.getenv("MICROBLOGPUB_CONFIG_FILE", "profile.toml")`
Initial commit for new v2 2022-06-22 20:11:22 +02:00
Docker + docker compose support 2022-07-18 20:44:55 +02:00			`VERSION_COMMIT = "dev"`

			`try:`
			`from app._version import VERSION_COMMIT # type: ignore`
			`except ImportError:`
Improve version handling 2022-08-24 09:02:20 +02:00			`VERSION_COMMIT = get_version_commit()`
Docker + docker compose support 2022-07-18 20:44:55 +02:00
Invalidate CSS cache when updated 2022-08-13 15:35:39 +02:00			`# Force reloading cache when the CSS is updated`
			`CSS_HASH = "none"`
			`try:`
			`css_data = (ROOT_DIR / "app" / "static" / "css" / "main.css").read_bytes()`
			`CSS_HASH = hashlib.md5(css_data, usedforsecurity=False).hexdigest()`
			`except FileNotFoundError:`
			`pass`

Use semver 2022-07-04 21:45:23 +02:00
			`VERSION = f"2.0.0+{VERSION_COMMIT}"`
Initial commit for new v2 2022-06-22 20:11:22 +02:00			`USER_AGENT = f"microblogpub/{VERSION}"`
			`AP_CONTENT_TYPE = "application/activity+json"`


Allow to replace URL dynamically (for Nitter, Teddit...) 2022-08-04 07:31:18 +02:00			`class _PrivacyReplace(pydantic.BaseModel):`
			`domain: str`
			`replace_by: str`


Add support for profile metadata 2022-08-10 08:58:18 +02:00			`class _ProfileMetadata(pydantic.BaseModel):`
			`key: str`
			`value: str`


Start supporting a server blocklist 2022-08-15 10:15:00 +02:00			`class _BlockedServer(pydantic.BaseModel):`
			`hostname: str`
			`reason: str \| None = None`


Initial commit for new v2 2022-06-22 20:11:22 +02:00			`class Config(pydantic.BaseModel):`
			`domain: str`
			`username: str`
			`admin_password: bytes`
			`name: str`
			`summary: str`
			`https: bool`
			`icon_url: str`
			`secret: str`
			`debug: bool = False`
Better Docker support 2022-07-30 08:46:29 +02:00			`trusted_hosts: list[str] = ["127.0.0.1"]`
Start support for manually approving followers 2022-08-02 20:14:40 +02:00			`manually_approves_followers: bool = False`
Allow to replace URL dynamically (for Nitter, Teddit...) 2022-08-04 07:31:18 +02:00			`privacy_replace: list[_PrivacyReplace] \| None = None`
Add support for profile metadata 2022-08-10 08:58:18 +02:00			`metadata: list[_ProfileMetadata] \| None = None`
Improve theming support 2022-08-04 19:10:57 +02:00			`code_highlighting_theme = "friendly_grayscale"`
Start supporting a server blocklist 2022-08-15 10:15:00 +02:00			`blocked_servers: list[_BlockedServer] = []`
Custom footer support 2022-08-24 21:18:30 +02:00			`custom_footer: str \| None = None`
Initial commit for new v2 2022-06-22 20:11:22 +02:00
Start support for pruning old inbox data 2022-08-18 23:48:00 +02:00			`inbox_retention_days: int = 15`

Initial commit for new v2 2022-06-22 20:11:22 +02:00			`# Config items to make tests easier`
Switch to aiosqlite 2022-06-29 20:43:17 +02:00			`sqlalchemy_database: str \| None = None`
Initial commit for new v2 2022-06-22 20:11:22 +02:00			`key_path: str \| None = None`


			`def load_config() -> Config:`
			`try:`
			`return Config.parse_obj(`
			`tomli.loads((ROOT_DIR / "data" / _CONFIG_FILE).read_text())`
			`)`
			`except FileNotFoundError:`
Fix CI 2022-06-22 20:48:48 +02:00			`raise ValueError(`
			`f"Please run the configuration wizard, {_CONFIG_FILE} is missing"`
			`)`
Initial commit for new v2 2022-06-22 20:11:22 +02:00

			`def is_activitypub_requested(req: Request) -> bool:`
			`accept_value = req.headers.get("accept")`
			`if not accept_value:`
			`return False`
			`for val in {`
			`"application/ld+json",`
			`"application/activity+json",`
			`}:`
			`if accept_value.startswith(val):`
			`return True`

			`return False`


			`def verify_password(pwd: str) -> bool:`
			`return bcrypt.checkpw(pwd.encode(), CONFIG.admin_password)`


			`CONFIG = load_config()`
			`DOMAIN = CONFIG.domain`
			`_SCHEME = "https" if CONFIG.https else "http"`
			`ID = f"{_SCHEME}://{DOMAIN}"`
			`USERNAME = CONFIG.username`
Start support for manually approving followers 2022-08-02 20:14:40 +02:00			`MANUALLY_APPROVES_FOLLOWERS = CONFIG.manually_approves_followers`
Allow to replace URL dynamically (for Nitter, Teddit...) 2022-08-04 07:31:18 +02:00			`PRIVACY_REPLACE = None`
			`if CONFIG.privacy_replace:`
			`PRIVACY_REPLACE = {pr.domain: pr.replace_by for pr in CONFIG.privacy_replace}`
Start supporting a server blocklist 2022-08-15 10:15:00 +02:00
			`BLOCKED_SERVERS = {blocked_server.hostname for blocked_server in CONFIG.blocked_servers}`

Start support for pruning old inbox data 2022-08-18 23:48:00 +02:00			`INBOX_RETENTION_DAYS = CONFIG.inbox_retention_days`
Custom footer support 2022-08-24 21:18:30 +02:00			`CUSTOM_FOOTER = (`
			`markdown(`
			`CONFIG.custom_footer.replace("{version}", VERSION), extensions=["mdx_linkify"]`
			`)`
			`if CONFIG.custom_footer`
			`else None`
			`)`
Start support for pruning old inbox data 2022-08-18 23:48:00 +02:00
Initial commit for new v2 2022-06-22 20:11:22 +02:00			`BASE_URL = ID`
			`DEBUG = CONFIG.debug`
Switch to aiosqlite 2022-06-29 20:43:17 +02:00			`DB_PATH = CONFIG.sqlalchemy_database or ROOT_DIR / "data" / "microblogpub.db"`
			`SQLALCHEMY_DATABASE_URL = f"sqlite:///{DB_PATH}"`
Initial commit for new v2 2022-06-22 20:11:22 +02:00			`KEY_PATH = (`
			`(ROOT_DIR / CONFIG.key_path) if CONFIG.key_path else ROOT_DIR / "data" / "key.pem"`
			`)`
Custom emoji support 2022-06-27 20:55:44 +02:00			`EMOJIS = "😺 😸 😹 😻 😼 😽 🙀 😿 😾"`
			`# Emoji template for the FE`
			`EMOJI_TPL = '<img src="/static/twemoji/{filename}.svg" alt="{raw}" class="emoji">'`

			`_load_emojis(ROOT_DIR, BASE_URL)`
Initial commit for new v2 2022-06-22 20:11:22 +02:00
Improve theming support 2022-08-04 19:10:57 +02:00			`CODE_HIGHLIGHTING_THEME = CONFIG.code_highlighting_theme`
Tweak the default code highlighting theme 2022-07-12 19:50:11 +02:00
Initial commit for new v2 2022-06-22 20:11:22 +02:00
More CSRF tweaks 2022-07-11 09:42:39 +02:00			`session_serializer = URLSafeTimedSerializer(`
			`CONFIG.secret,`
			`salt=f"{ID}.session",`
			`)`
Tweak CSRF token handling 2022-07-11 09:34:06 +02:00			`csrf_serializer = URLSafeTimedSerializer(`
More CSRF tweaks 2022-07-11 09:42:39 +02:00			`CONFIG.secret,`
			`salt=f"{ID}.csrf",`
Initial commit for new v2 2022-06-22 20:11:22 +02:00			`)`


			`def generate_csrf_token() -> str:`
Tweak CSRF token handling 2022-07-11 09:34:06 +02:00			`return csrf_serializer.dumps(secrets.token_hex(16)) # type: ignore`
Initial commit for new v2 2022-06-22 20:11:22 +02:00

			`def verify_csrf_token(csrf_token: str = Form()) -> None:`
Tweak CSRF token handling 2022-07-11 09:34:06 +02:00			`try:`
More CSRF tweaks 2022-07-11 09:42:39 +02:00			`csrf_serializer.loads(csrf_token, max_age=1800)`
Tweak CSRF token handling 2022-07-11 09:34:06 +02:00			`except (itsdangerous.BadData, itsdangerous.SignatureExpired):`
			`logger.exception("Failed to verify CSRF token")`
Initial commit for new v2 2022-06-22 20:11:22 +02:00			`raise HTTPException(status_code=403, detail="CSRF error")`
			`return None`