New features:

* Discount 1.6.1 * Lines beginning with spaces are considered code. I don't know why markdown.py didn't trigger this. * tables in mark down: why not? * validation of resulting HTML vial libxml to prevent hax. * private RSS and JSON feeds * optional whitelists for subreddits * Moderator messaging Additions: * destination sanitization to cut down on XSRF * cosmetic fix to spam and reported listing * make the rss feeds on messages useful * /admin/errors * Of the types of listings hitting the precomputers (top/controversy by hour/day/week/month/year), the ones over long periods of time don't change often. So we can try to run them at most once per day, and then merge in the day's listings. * google analytics * logging queue * Created empty commentspanel.xml, errorpage.xml, login.xml * add subreddit rules/info box to submit page * add 'via' link on messages in moderator inbox * add a show=all get parameter to link listings to optionally ignore hiding preferences. * Raise edited timelimit to three mins * Remove UI that makes it look like you can edit deleted selftexts * Make it clearer to admins when a link is deleted * Fix [S] leak on deleted comments * Fix /user/[deleted] misrendering * New house ads system * updated so that minimalcontrollers actually can use the page cache. * Added /admin/usage Bugfixes: * Reduce the number of results that we request from Solr and simplify that caching a bit * Require a secret key to shut down app-servers * Make get_title a little more resilient to malformed documents and slow remote servers * Cause the SearchBuilder to only byID the results that it's going to render instead of all 1000 * Remove ability for an author to XSS himself * fix spam listings and an xsrf * More verbose VDestination * Fixing the famous ?limit=0.1 error, and one last password-validation one * distinguish deleted comments' and deleted links' error messages * Don't allow ridiculously long log lines to widen the page * Bug with HardCache.add() when existing key is expired * Add adminbox next to domain
ybrs · May 17, 2010 · a402d48 · a402d48
1 parent 2869eaf
commit a402d48
Show file tree

Hide file tree

Showing 204 changed files with 18,568 additions and 1,422 deletions.
diff --git a/.gitignore b/.gitignore
@@ -30,3 +30,4 @@ r2/srcount.pickle
 r2/myproduction.ini
 .DS_Store
 r2/r2.egg-info/**
+r2/r2/public/static/sprite.png
diff --git a/r2/example.ini b/r2/example.ini
@@ -9,7 +9,7 @@ template_debug = true
 uncompressedJS = true
 translator = true
 sqlprinting = false
-
+exception_logging = false
 log_start = true
 
 proxy_addr = 
@@ -30,6 +30,9 @@ adframetracker_url =
 clicktracker_url = 
 traffic_url = 
 
+# Just a list of words. Used by errlog.py to make up names for new errors.
+words_file = /usr/dict/words
+
 # for sponsored links:
 payment_domain = https://pay.localhost/
 authorizenetname = 
@@ -93,6 +96,9 @@ db_table_report_account_subreddit = relation, account, subreddit, main
 db_table_award = thing, award
 db_table_trophy = relation, account, award, award
 
+db_table_ad = thing, main
+db_table_adsr = relation, ad, subreddit, main
+
 disallow_db_writes = False
 
 ###
@@ -103,6 +109,8 @@ timezone = UTC
 lang = en
 monitored_servers = localhost
 
+enable_usage_stats = false
+
 #query cache settings
 num_query_queue_workers = 0
 query_queue_worker = 
@@ -174,6 +182,10 @@ sr_dropdown_threshold = 15
 
 smtp_server = localhost
 new_link_share_delay = 5 minutes
+
+# email address of the person / people running your site
+nerds_email = root@localhost
+
 share_reply = noreply@yourdomain.com
 
 #user-agents to limit

diff --git a/r2/r2/config/middleware.py b/r2/r2/config/middleware.py
@@ -33,7 +33,7 @@
 
 from r2.config.environment import load_environment
 from r2.config.rewrites import rewrites
-from r2.lib.utils import rstrips
+from r2.lib.utils import rstrips, is_authorized_cname
 from r2.lib.jsontemplates import api_type
 
 #middleware stuff
@@ -245,11 +245,10 @@ def __init__(self, app):
         auth_cnames = [x.strip() for x in auth_cnames.split(',')]
         # we are going to be matching with endswith, so make sure there
         # are no empty strings that have snuck in
-        self.auth_cnames = [x for x in auth_cnames if x]
+        self.auth_cnames = filter(None, auth_cnames)
 
     def is_auth_cname(self, domain):
-        return any((domain == cname or domain.endswith('.' + cname))
-                   for cname in self.auth_cnames)
+        return is_authorized_cname(domain, self.auth_cnames)
 
     def __call__(self, environ, start_response):
         # get base domain as defined in INI file

diff --git a/r2/r2/config/routing.py b/r2/r2/config/routing.py
@@ -31,7 +31,7 @@ def make_map(global_conf={}, app_conf={}):
     mc = map.connect
 
     admin_routes.add(mc)
-    
+
     mc('/login',    controller='front', action='login')
     mc('/logout',   controller='front', action='logout')
     mc('/verify',    controller='front', action='verify')
@@ -41,15 +41,16 @@ def make_map(global_conf={}, app_conf={}):
     mc('/validuser',   controller='front', action='validuser')
 
     mc('/over18',   controller='post', action='over18')
-    
+
     mc('/search', controller='front', action='search')
 
     mc('/sup', controller='front', action='sup')
     mc('/traffic', controller='front', action='site_traffic')
-
+
+    mc('/about/message/:where', controller='message', action='listing')
     mc('/about/:location', controller='front', 
        action='editreddit', location = 'about')
-    
+
     mc('/reddits/create', controller='front', action='newreddit')
     mc('/reddits/search', controller='front', action='search_reddits')
     mc('/reddits/login', controller='front', action='login')
@@ -60,42 +61,51 @@ def make_map(global_conf={}, app_conf={}):
     mc('/reddits/mine/:where', controller='myreddits', action='listing',
        where='subscriber',
        requirements=dict(where='subscriber|contributor|moderator'))
-    
+
     mc('/buttons', controller='buttons', action='button_demo_page')
     #the frame
     mc('/button_content', controller='buttons', action='button_content')
     #/button.js and buttonlite.js - the embeds
-    mc('/button', controller='buttons', action='button_embed')
+    mc('/button', controller='buttonjs', action='button_embed')
     mc('/buttonlite', controller='buttons', action='button_lite')
-    
+
     mc('/widget', controller='buttons', action='widget_demo_page')
     mc('/bookmarklets', controller='buttons', action='bookmarklets')
-    
+
     mc('/awards', controller='front', action='awards')
-    
+
     mc('/i18n', controller='feedback', action='i18n')
     mc('/feedback', controller='feedback', action='feedback')
     mc('/ad_inq',   controller='feedback', action='ad_inq')
-    
+
 
     mc('/admin/i18n', controller='i18n', action='list')
     mc('/admin/i18n/:action', controller='i18n')
     mc('/admin/i18n/:action/:lang', controller='i18n')
 
+    mc('/admin/usage', controller='usage')
+
+    # Used for editing ads
+    mc('/admin/ads', controller='ads')
+    mc('/admin/ads/:adcn/:action', controller='ads',
+       requirements=dict(action="assign|srs"))
+
     mc('/admin/awards', controller='awards')
     mc('/admin/awards/:awardcn/:action', controller='awards',
        requirements=dict(action="give|winners"))
 
+    mc('/admin/errors', controller='errorlog')
+
     mc('/admin/:action', controller='admin')
-    
+
     mc('/user/:username/about', controller='user', action='about',
        where='overview')
     mc('/user/:username/:where', controller='user', action='listing',
        where='overview')
-    
+
     mc('/prefs/:location', controller='front',
        action='prefs', location='options')
-    
+
     mc('/info/0:article/*rest', controller = 'front', 
        action='oldinfo', dest='comments', type='ancient')
     mc('/info/:article/:dest/:comment', controller='front',
@@ -113,7 +123,7 @@ def make_map(global_conf={}, app_conf={}):
        action = 'comments', title=None, comment = None)
     mc('/duplicates/:article/:title', controller = 'front',
        action = 'duplicates', title=None)
-    
+
     mc('/mail/optout', controller='front', action = 'optout')
     mc('/mail/optin',  controller='front', action = 'optin')
     mc('/stylesheet', controller = 'front', action = 'stylesheet')
@@ -138,8 +148,8 @@ def make_map(global_conf={}, app_conf={}):
     mc('/shutdown', controller='health', action='shutdown')
 
     mc('/', controller='hot', action='listing')
-    
-    listing_controllers = "hot|saved|toplinks|new|recommended|randomrising|comments"
+
+    listing_controllers = "hot|saved|new|recommended|randomrising|comments"
 
     mc('/:controller', action='listing',
        requirements=dict(controller=listing_controllers))
@@ -148,18 +158,20 @@ def make_map(global_conf={}, app_conf={}):
 
     mc('/:sort', controller='browse', sort='top', action = 'listing',
        requirements = dict(sort = 'top|controversial'))
-    
+
     mc('/message/compose', controller='message', action='compose')
     mc('/message/messages/:mid', controller='message', action='listing',
        where = "messages")
     mc('/message/:where', controller='message', action='listing')
-
+    mc('/message/moderator/:subwhere', controller='message', action='listing',
+       where = 'moderator')
+
     mc('/:action', controller='front',
        requirements=dict(action="password|random|framebuster"))
     mc('/:action', controller='embed',
        requirements=dict(action="help|blog"))
     mc('/help/*anything', controller='embed', action='help')
-    
+
     mc('/goto', controller='toolbar', action='goto')
     mc('/tb/:id', controller='toolbar', action='tb')
     mc('/toolbar/:action', controller='toolbar',
@@ -172,7 +184,7 @@ def make_map(global_conf={}, app_conf={}):
     # additional toolbar-related rules just above the catchall
 
     mc('/d/:what', controller='api', action='bookmarklet')
-    
+
     mc('/resetpassword/:key', controller='front',
        action='resetpassword')
     mc('/verification/:key', controller='front',
@@ -184,7 +196,7 @@ def make_map(global_conf={}, app_conf={}):
        requirements=dict(action="login|reg"))
     mc('/post/:action', controller='post',
        requirements=dict(action="options|over18|unlogged_options|optout|optin|login|reg"))
-    
+
     mc('/api/distinguish/:how', controller='api', action="distinguish")
     mc('/api/:action/:url_user', controller='api',
        requirements=dict(action="login|register"))
@@ -193,7 +205,7 @@ def make_map(global_conf={}, app_conf={}):
     mc('/api/:action', controller='promote',
        requirements=dict(action="promote|unpromote|new_promo|link_thumb|freebie|promote_note|update_pay|refund|traffic_viewer|rm_traffic_viewer"))
     mc('/api/:action', controller='api')
-    
+
     mc('/captcha/:iden', controller='captcha', action='captchaimg')
 
     mc('/mediaembed/:link', controller="mediaembed", action="mediaembed")
@@ -202,17 +214,23 @@ def make_map(global_conf={}, app_conf={}):
 
     mc('/store', controller='redirect', action='redirect',
        dest='http://store.reddit.com/index.html')
-    
+
     mc('/code', controller='redirect', action='redirect',
        dest='http://code.reddit.com/')
-    
+
     mc('/mobile', controller='redirect', action='redirect',
        dest='http://m.reddit.com/')
 
     mc('/authorize_embed', controller = 'front', action = 'authorize_embed')
-
-    mc("/ads/", controller = "front", action = "ad")
-    mc("/ads/:reddit", controller = "front", action = "ad")
+
+    # Used for showing ads
+    mc("/ads/", controller = "mediaembed", action = "ad")
+    mc("/ads/r/:reddit_name", controller = "mediaembed", action = "ad")
+    mc("/ads/:codename", controller = "mediaembed", action = "ad_by_codename")
+
+    mc('/comscore-iframe/', controller='mediaembed', action='comscore')
+    mc('/comscore-iframe/*url', controller='mediaembed', action='comscore')
+
     # This route handles displaying the error page and 
     # graphics used in the 404/500
     # error pages. It should likely stay at the top 

diff --git a/r2/r2/controllers/__init__.py b/r2/r2/controllers/__init__.py
@@ -22,7 +22,6 @@
 from listingcontroller import ListingController
 from listingcontroller import HotController
 from listingcontroller import SavedController
-from listingcontroller import ToplinksController
 from listingcontroller import NewController
 from listingcontroller import BrowseController
 from listingcontroller import RecommendedController
@@ -39,13 +38,17 @@
 from front import FrontController
 from health import HealthController
 from buttons import ButtonsController
+from buttons import ButtonjsController
 from captcha import CaptchaController
 from embed import EmbedController
 from error import ErrorController
 from post import PostController
 from toolbar import ToolbarController
 from i18n import I18nController
 from awards import AwardsController
+from ads import AdsController
+from usage import UsageController
+from errorlog import ErrorlogController
 from promotecontroller import PromoteController
 from mediaembed import MediaembedController
 

diff --git a/r2/r2/controllers/ads.py b/r2/r2/controllers/ads.py
@@ -0,0 +1,56 @@
+# The contents of this file are subject to the Common Public Attribution
+# License Version 1.0. (the "License"); you may not use this file except in
+# compliance with the License. You may obtain a copy of the License at
+# http://code.reddit.com/LICENSE. The License is based on the Mozilla Public
+# License Version 1.1, but Sections 14 and 15 have been added to cover use of
+# software over a computer network and provide for limited attribution for the
+# Original Developer. In addition, Exhibit A has been modified to be consistent
+# with Exhibit B.
+#
+# Software distributed under the License is distributed on an "AS IS" basis,
+# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
+# the specific language governing rights and limitations under the License.
+#
+# The Original Code is Reddit.
+#
+# The Original Developer is the Initial Developer.  The Initial Developer of the
+# Original Code is CondeNet, Inc.
+#
+# All portions of the code written by CondeNet are Copyright (c) 2006-2010
+# CondeNet, Inc. All Rights Reserved.
+################################################################################
+from pylons import request, g
+from reddit_base import RedditController
+from r2.lib.pages import AdminPage, AdminAds, AdminAdAssign, AdminAdSRs
+from validator import *
+
+class AdsController(RedditController):
+
+    @validate(VSponsor())
+    def GET_index(self):
+        res = AdminPage(content = AdminAds(),
+                        show_sidebar = False,
+                        title = 'ads').render()
+        return res
+
+    @validate(VSponsor(),
+              ad = VAdByCodename('adcn'))
+    def GET_assign(self, ad):
+        if ad is None:
+            abort(404, 'page not found')
+
+        res = AdminPage(content = AdminAdAssign(ad),
+                        show_sidebar = False,
+                        title='assign an ad to a community').render()
+        return res
+
+    @validate(VSponsor(),
+              ad = VAdByCodename('adcn'))
+    def GET_srs(self, ad):
+        if ad is None:
+            abort(404, 'page not found')
+
+        res = AdminPage(content = AdminAdSRs(ad),
+                        show_sidebar = False,
+                        title='ad srs').render()
+        return res