diff --git a/.gitignore b/.gitignore index f495e75..8a0f821 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,4 @@ smr.so assets.h cert +kore_chroot/* diff --git a/README.md b/README.md index 87a7265..dc2357c 100644 --- a/README.md +++ b/README.md @@ -7,7 +7,7 @@ concerns with pastebin.com taking down certain kinds of content. SMR aims to be small, fast, and secure. It is built on top of [Kore](https://kore.io), using [luajit](https://luajit.org) to expose a Lua programming environment. It uses [sqlite3](https://sqlite.org) as it's database. SMR is implemented in just over -1.5k SLOC and is expected to never exceed 5k SLOC. Contributions welcome. +2k SLOC and is expected to never exceed 5k SLOC. Contributions welcome. ## Roadmap @@ -16,9 +16,18 @@ be small, fast, and secure. It is built on top of [Kore](https://kore.io), using * Tags (complete) * Author biographies +## Hacking + +If you want to contribute to this repository: +1. Install the [kore webserver](https://kore.io) Documentation -> installation + ## Misc notes. SMR requires a slightly modified version of Kore to run. See [my kore patches](https://git.fuwafuwa.moe/rmalley/kore_patches) for the changes I needed to make to get the JIT compiler playing nice with Kore's seccomp restrictions. There are a few other changes, like modified kore to accept any text as input for things like file upload. +**UPDATE (12/18/2020)** +Kore 4.0 no longer needs the seccomp changes, as those have been exposed to +library users, and smr has been updated appropriately. It still needs the +allow-multiline-input patch though. diff --git a/assets/style.css b/assets/style.css index d8cafd2..1c42170 100644 --- a/assets/style.css +++ b/assets/style.css @@ -13,9 +13,14 @@ p,.tag-list{margin-bottom:0px} .greentext{color:#282} .pinktext{color:#928} .tag-list{list-style-type:none} +.tag-list>*{display:inline} .tag{ line-height:1.5em; height:1.5em; padding: 0 1em 0 1em; margin: 0 1px 0 1px; } + +@media (prefers-color-scheme: dark){ + @import "css/style_dark.css"; +} diff --git a/conf/smr.conf b/conf/smr.conf index b6948ab..60addbd 100644 --- a/conf/smr.conf +++ b/conf/smr.conf @@ -16,7 +16,7 @@ http_body_max 8388608 tls_dhparam dh2048.pem -validator v_any regex .* +validator v_any regex [\s\S]* validator v_storyid regex [a-zA-Z0-9]+ validator v_subdomain regex [a-z0-9]{1,30} validator v_markup regex (plain|imageboard) @@ -35,12 +35,13 @@ domain * { route /_css/style.css asset_serve_style_css route /_css/milligram.css asset_serve_milligram_css route /_css/milligram.min.css.map asset_serve_milligram_min_css_map + route /_css/style_dark.css asset_serve_style_dark_css route /favicon.ico asset_serve_favicon_ico route /_paste post_story route /_edit edit_story route /_bio edit_bio route /_login login - route /_claim claim + route ^/_claim claim route /_download download route /_preview preview route /_search search @@ -80,7 +81,6 @@ domain * { } params get ^/[^_].* { validate comments v_bool - #validate story v_storyid } params post ^/[^_].* { validate text v_any @@ -90,7 +90,7 @@ domain * { validate user v_subdomain validate pass v_any } - params post /_claim { + params post ^/_claim { validate user v_subdomain } diff --git a/src/lua/db.lua b/src/lua/db.lua new file mode 100644 index 0000000..409dfcb --- /dev/null +++ b/src/lua/db.lua @@ -0,0 +1,51 @@ +--[[ +Does most of the database interaction. +Notably, holds a connection to the open sqlite3 database in .conn +]] +local sql = require("lsqlite3") + +local queries = require("queries") +local util = require("util") + +local db = {} +local oldconfigure = configure +db.conn = util.sqlassert(sql.open("data/posts.db")) +function configure(...) + + --Create sql tables + assert(db.conn:exec(queries.create_table_authors)) + --Create a fake "anonymous" user, so we don't run into trouble + --so that no one runs into trouble being able to paste under this account. + assert(db.conn:exec(queries.insert_anon_author)) + --If/when an author deletes their account, all posts + --and comments by that author are also deleted (on + --delete cascade) this is intentional. This also + --means that all comments by other users on a post + --an author makes will also be deleted. + -- + --Post text uses zlib compression + assert(db.conn:exec(queries.create_table_posts)) + --Store the raw text so people can download it later, maybe + --we can use it for "download as image" or "download as pdf" + --in the future too. Stil stored zlib compressed + assert(db.conn:exec(queries.create_table_raw_text)) + --Maybe we want to store images one day? + assert(db.conn:exec(queries.create_table_images)) + --Comments on a post + assert(db.conn:exec(queries.create_table_comments)) + --Tags for a post + assert(db.conn:exec(queries.create_table_tags)) + --Index for tags + assert(db.conn:exec(queries.create_index_tags)) + --Store a cookie for logged in users. Logged in users can edit + --their own posts, and edit their biographies. + assert(db.conn:exec(queries.create_table_session)) + return oldconfigure(...) +end + +function db.close() + db.conn:close() +end + + +return db diff --git a/src/lua/pages.lua b/src/lua/pages.lua new file mode 100644 index 0000000..099e07b --- /dev/null +++ b/src/lua/pages.lua @@ -0,0 +1,28 @@ +--[[ +Compiles all the pages under src/pages/ with etlua. See the etlua documentation +for more info (https://github.com/leafo/etlua) +]] +local et = require("etlua") +local pagenames = { + "index", + "author_index", + "claim", + "paste", + "edit", + "read", + "nostory", + "cantedit", + "noauthor", + "login", + "author_paste", + "author_edit", + "search", +} +local pages = {} +for k,v in pairs(pagenames) do + local f = assert(io.open("pages/" .. v .. ".etlua","r")) + pages[v] = assert(et.compile(f:read("*a"))) + f:close() +end + +return pages diff --git a/src/lua/parser_search.lua b/src/lua/parser_search.lua new file mode 100644 index 0000000..69a26a3 --- /dev/null +++ b/src/lua/parser_search.lua @@ -0,0 +1,10 @@ + +--Grammar +--Transpile a sting with + and - into an sql query that searches tags +local function transpile(str) + for chunk in str:gmatch("([+-])([^+-])") do + print("found chunk:",chunk) + end +end + +return transpile