Bringing the feb29 branch up to date with upstream (#40)

* fix multiple issues from user exports config changes

- improve nginx config
- fix DATA_UPLOAD_MAX_MEMORY_SIZE default not being an int
- translate fallback value in id_to_username template tag
- make location of setting to turn on user exports easier to locate for admins

fixes bookwyrm-social#3227
fixes bookwyrm-social#3231
fixes bookwyrm-social#3232
fixes bookwyrm-social#3236

* fix comment in env example

* Fixes translation tags

* Add search for author

* Support DATA_UPLOAD_MAX_MEMORY_MiB, only, in .env

Since arithmetic is not allowed in .env files, a change in unit for
the variable seems most usable.

* Adds production.conf security configuration missing in version 0.7.2

---------

Co-authored-by: Hugh Rundle <hugh@hughrundle.net>
Co-authored-by: Mouse Reeve <mousereeve@riseup.net>
Co-authored-by: Bart Schuurmans <bart@minnozz.com>
Co-authored-by: Adeodato Simó <dato@users.noreply.github.com>
Co-authored-by: Hugh Rundle <github@hughr.me>
Co-authored-by: FoW <fow@netspheres.org>

.env.example

@@ -138,9 +138,9 @@ TWO_FACTOR_LOGIN_MAX_SECONDS=60
 # Value should be a comma-separated list of host names.
 CSP_ADDITIONAL_HOSTS=
 
-# The last number here means "megabytes"
-# Increase if users are having trouble uploading BookWyrm export files.
-DATA_UPLOAD_MAX_MEMORY_SIZE = (1024**2 * 100)
-
 # Time before being logged out (in seconds)
 # SESSION_COOKIE_AGE=2592000   # current default: 30 days
+
+# Maximum allowed memory for file uploads (increase if users are having trouble
+# uploading BookWyrm export files).
+# DATA_UPLOAD_MAX_MEMORY_MiB=100

bookwyrm/settings.py

@@ -446,4 +446,6 @@
 # user with the same username - in which case you should change it!
 INSTANCE_ACTOR_USERNAME = "bookwyrm.instance.actor"
 
-DATA_UPLOAD_MAX_MEMORY_SIZE = env.int("DATA_UPLOAD_MAX_MEMORY_SIZE", (1024**2 * 100))
+# We only allow specifying DATA_UPLOAD_MAX_MEMORY_SIZE in MiB from .env
+# (note the difference in variable names).
+DATA_UPLOAD_MAX_MEMORY_SIZE = env.int("DATA_UPLOAD_MAX_MEMORY_MiB", 100) << 20

bookwyrm/templates/layout.html

@@ -36,7 +36,7 @@
                 <div class="field has-addons">
                     <div class="control">
                         {% if request.user.is_authenticated %}
-                            {% trans "Search for a book, user, or list" as search_placeholder %}
+                            {% trans "Search for a book, author, user, or list" as search_placeholder %}
                         {% else %}
                             {% trans "Search for a book" as search_placeholder %}
                         {% endif %}

bookwyrm/templates/preferences/export-user.html

@@ -14,31 +14,29 @@
         <p> {% trans "You can create an export file here. This will allow you to migrate your data to another BookWyrm account." %}</p>
     </div>
         <div class="block mx-5 columns">
-            {% blocktrans trimmed %}
             <div class="column is-half">
-                <h2 class="is-size-5">Your file will include:</h2>
+                <h2 class="is-size-5">{% trans "Your file will include:" %}</h2>
                 <ul>
-                    <li>User profile</li>
-                    <li>Most user settings</li>
-                    <li>Reading goals</li>
-                    <li>Shelves</li>
-                    <li>Reading history</li>
-                    <li>Book reviews</li>
-                    <li>Statuses</li>
-                    <li>Your own lists and saved lists</li>
-                    <li>Which users you follow and block</li>
+                    <li>{% trans "User profile" %}</li>
+                    <li>{% trans "Most user settings" %}</li>
+                    <li>{% trans "Reading goals" %}</li>
+                    <li>{% trans "Shelves" %}</li>
+                    <li>{% trans "Reading history" %}</li>
+                    <li>{% trans "Book reviews" %}</li>
+                    <li>{% trans "Statuses" %}</li>
+                    <li>{% trans "Your own lists and saved lists" %}</li>
+                    <li>{% trans "Which users you follow and block" %}</li>
                 </ul>
             </div>
             <div class="column is-half">
-                <h2 class="is-size-5">Your file will not include:</h2>
+                <h2 class="is-size-5">{% trans "Your file will not include:" %}</h2>
                 <ul>
-                    <li>Direct messages</li>
-                    <li>Replies to your statuses</li>
-                    <li>Groups</li>
-                    <li>Favorites</li>
+                    <li>{% trans "Direct messages" %}</li>
+                    <li>{% trans "Replies to your statuses" %}</li>
+                    <li>{% trans "Groups" %}</li>
+                    <li>{% trans "Favorites" %}</li>
                 </ul>
             </div>
-            {% endblocktrans %}
         </div>
         <p class="block">{% trans "In your new BookWyrm account can choose what to import: you will not have to import everything that is exported." %}</p>
         <p class="notification is-warning">
@@ -49,6 +47,13 @@ <h2 class="is-size-5">Your file will not include:</h2>
     {% if not site.user_exports_enabled %}
     <p class="notification is-danger">
         {% trans "New user exports are currently disabled." %}
+        {% if perms.bookwyrm.edit_instance_settings %}
+        <br/>
+        {% url 'settings-imports' as url %}
+        {% blocktrans trimmed %}
+            User exports settings can be changed from <a href="{{ url }}">the Imports page</a> in the Admin dashboard.
+        {% endblocktrans %}
+    {% endif%}
     </p>
     {% elif next_available %}
     <p class="notification is-warning">

bookwyrm/templates/search/author.html

@@ -0,0 +1,17 @@
+{% extends 'search/layout.html' %}
+
+{% block panel %}
+
+{% if results %}
+<ul class="block">
+{% for author in results %}
+    <li class="">
+        <a href="{{ author.local_path }}" class="author" itemprop="author" itemscope itemtype="https://schema.org/Thing">
+            <span itemprop="name">{{ author.name }}</span>
+        </a>
+    </li>
+{% endfor %}
+</ul>
+{% endif %}
+
+{% endblock %}

bookwyrm/templates/search/layout.html

@@ -20,6 +20,7 @@ <h1 class="title">
             <div class="select" aria-label="{% trans 'Search type' %}">
                 <select name="type">
                     <option value="book" {% if type == "book" %}selected{% endif %}>{% trans "Books" %}</option>
+                    <option value="author" {% if type == "author" %}selected{% endif %}>{% trans "Authors" %}</option>
                     {% if request.user.is_authenticated %}
                     <option value="user" {% if type == "user" %}selected{% endif %}>{% trans "Users" %}</option>
                     {% endif %}
@@ -42,6 +43,9 @@ <h1 class="title">
         <li{% if type == "book" %} class="is-active"{% endif %}>
             <a href="{% url 'search' %}?q={{ query }}&type=book">{% trans "Books" %}</a>
         </li>
+        <li{% if type == "author" %} class="is-active"{% endif %}>
+            <a href="{% url 'search' %}?q={{ query }}&type=author">{% trans "Authors" %}</a>
+        </li>
         {% if request.user.is_authenticated %}
         <li{% if type == "user" %} class="is-active"{% endif %}>
             <a href="{% url 'search' %}?q={{ query }}&type=user">{% trans "Users" %}</a>

bookwyrm/templatetags/utilities.py

@@ -126,7 +126,7 @@ def id_to_username(user_id):
         value = f"{name}@{domain}"
 
         return value
-    return "a new user account"
+    return _("a new user account")
 
 
 @register.filter(name="get_file_size")

bookwyrm/views/search.py

@@ -1,4 +1,5 @@
 """ search views"""
+
 import re
 
 from django.contrib.postgres.search import TrigramSimilarity
@@ -39,6 +40,7 @@ def get(self, request):
 
         endpoints = {
             "book": book_search,
+            "author": author_search,
             "user": user_search,
             "list": list_search,
         }
@@ -90,6 +92,31 @@ def book_search(request):
     return TemplateResponse(request, "search/book.html", data)
 
 
+def author_search(request):
+    """search for an author"""
+    query = request.GET.get("q")
+    query = query.strip()
+    data = {"type": "author", "query": query}
+
+    results = (
+        models.Author.objects.annotate(
+            similarity=TrigramSimilarity("name", query),
+        )
+        .filter(
+            similarity__gt=0.1,
+        )
+        .order_by("-similarity")
+    )
+
+    paginated = Paginator(results, PAGE_LENGTH)
+    page = paginated.get_page(request.GET.get("page"))
+    data["results"] = page
+    data["page_range"] = paginated.get_elided_page_range(
+        page.number, on_each_side=2, on_ends=1
+    )
+    return TemplateResponse(request, "search/author.html", data)
+
+
 def user_search(request):
     """user search: search for a user"""
     viewer = request.user

nginx/development

@@ -61,17 +61,25 @@ server {
         proxy_pass http://web;
     }
 
-    # directly serve images and static files from the
+    # directly serve static files from the
     # bookwyrm filesystem using sendfile.
     # make the logs quieter by not reporting these requests
-    location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|ttf|webp|css|js)$ {
+    location ~ ^/static/ {
         root /app;
         try_files $uri =404;
         add_header X-Cache-Status STATIC;
         access_log off;
     }
 
-    # block access to any non-image files from images or static
+    # same with image files not in static folder
+    location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
+        root /app;
+        try_files $uri =404;
+        add_header X-Cache-Status STATIC;
+        access_log off;
+    }
+
+    # block access to any non-image files from images
     location ~ ^/images/ {
         return 403;
     }

nginx/production

@@ -93,19 +93,27 @@ server {
 #         proxy_pass http://web;
 #     }
 #
-#     # directly serve images and static files from the
+#     # directly serve static files from the
 #     # bookwyrm filesystem using sendfile.
 #     # make the logs quieter by not reporting these requests
-#     location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|ttf|webp|css|js)$ {
+#     location ~ ^/static/ {
 #         root /app;
 #         try_files $uri =404;
 #         add_header X-Cache-Status STATIC;
 #         access_log off;
 #     }
 
-#     # block access to any non-image files from images or static
+#     # same with image files not in static folder
+#     location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
+#         root /app;
+#         try_files $uri =404;
+#         add_header X-Cache-Status STATIC;
+#         access_log off;
+#     }
+
+#     # block access to any non-image files from images
 #     location ~ ^/images/ {
-#          return 403;
+#         return 403;
 #     }
 #
 #     # monitor the celery queues with flower, no caching enabled