avatar fix for phone number, continue GlitchTip fix

requirements.txt

@@ -1,4 +1,4 @@
-requests==2.28.2
+requests==2.29.0
 pytelegrambotapi==4.11.0
 beautifulsoup4==4.12.2
 tgbot-ping==1.0.7

yyetsweb/common/utils.py

@@ -12,12 +12,14 @@
 import logging
 import os
 import pathlib
+import re
 import smtplib
 import time
 from datetime import datetime
 from email.header import Header
 from email.mime.text import MIMEText
 from email.utils import formataddr, parseaddr
+from hashlib import sha256
 
 import coloredlogs
 import pytz
@@ -36,6 +38,18 @@ def setup_logger():
     )
 
 
+def hide_phone(data: list):
+    for item in data:
+        if item["username"].isdigit() and len(item["username"]) == 11:
+            item["hash"] = sha256(item["username"].encode("u8")).hexdigest()
+            item["username"] = mask_phone(item["username"])
+    return data
+
+
+def mask_phone(num):
+    return re.sub(r"(\d{3})\d{4}(\d{4})", r"\g<1>****\g<2>", num)
+
+
 def ts_date(ts=None):
     # Let's always set the timezone to CST
     timestamp = ts or time.time()

yyetsweb/databases/base.py

@@ -116,7 +116,7 @@ class SearchEngine(Mongo):
         "comment": "$content",
         "commentID": {"$toString": "$_id"},
         "origin": "comment",
-        "hasAvatar": {"$toBool": "$avatar"},
+        "hasAvatar": "yes",
         "resourceID": "$resource_id",
         "resourceName": {"$first": "$resource.data.info.cnname"},
         "_id": {"$toString": "$_id"},

yyetsweb/databases/comment.py

@@ -74,16 +74,11 @@ def add_reactions(self, data):
             cid = comment.get("id") or comment.get("_id")
             cid = str(cid)
             reactions = (
-                self.db["reactions"].find_one(
-                    {"comment_id": cid}, projection={"_id": False, "comment_id": False}
-                )
-                or {}
+                self.db["reactions"].find_one({"comment_id": cid}, projection={"_id": False, "comment_id": False}) or {}
             )
             for verb, users in reactions.items():
                 if users:
-                    comment.setdefault("reactions", []).append(
-                        {"verb": verb, "users": users}
-                    )
+                    comment.setdefault("reactions", []).append({"verb": verb, "users": users})
 
     def get_comment(self, resource_id: int, page: int, size: int, **kwargs) -> dict:
         self.inner_page = kwargs.get("inner_page", 1)
@@ -136,10 +131,7 @@ def add_comment(
     ) -> dict:
         user_data = self.db["users"].find_one({"username": username})
         # old user is allowed to comment without verification
-        if (
-            not self.is_old_user(username)
-            and user_data.get("email", {}).get("verified", False) is False
-        ):
+        if not self.is_old_user(username) and user_data.get("email", {}).get("verified", False) is False:
             return {
                 "status_code": HTTPStatus.TEMPORARY_REDIRECT,
                 "message": "你需要验证邮箱才能评论，请到个人中心进行验证",
@@ -228,16 +220,12 @@ def add_comment(
                 upsert=True,
             )
             # send email
-            parent_comment = self.db["comment"].find_one(
-                {"_id": ObjectId(parent_comment_id)}
-            )
+            parent_comment = self.db["comment"].find_one({"_id": ObjectId(parent_comment_id)})
             if resource_id == 233:
                 link = f"https://yyets.dmesg.app/discuss#{parent_comment_id}"
             else:
                 link = f"https://yyets.dmesg.app/resource?id={resource_id}#{parent_comment_id}"
-            user_info = self.db["users"].find_one(
-                {"username": parent_comment["username"], "email.verified": True}
-            )
+            user_info = self.db["users"].find_one({"username": parent_comment["username"], "email.verified": True})
             if user_info:
                 subject = "[人人影视下载分享站] 你的评论有了新的回复"
                 pt_content = content.split("</reply>")[-1]
@@ -299,14 +287,10 @@ def react_comment(self, username, data):
             }
 
         if method == "POST":
-            self.db["reactions"].update_one(
-                {"comment_id": comment_id}, {"$addToSet": {verb: username}}, upsert=True
-            )
+            self.db["reactions"].update_one({"comment_id": comment_id}, {"$addToSet": {verb: username}}, upsert=True)
             code = HTTPStatus.CREATED
         elif method == "DELETE":
-            self.db["reactions"].update_one(
-                {"comment_id": comment_id}, {"$pull": {verb: username}}
-            )
+            self.db["reactions"].update_one({"comment_id": comment_id}, {"$pull": {verb: username}})
             code = HTTPStatus.ACCEPTED
         else:
             code = HTTPStatus.BAD_REQUEST
@@ -405,9 +389,7 @@ def fill_children(self, data):
         for item in data:
             child_id: "list" = item.get("children", [])
             children = list(
-                self.db["comment"]
-                .find({"_id": {"$in": child_id}}, self.projection)
-                .sort("_id", pymongo.DESCENDING)
+                self.db["comment"].find({"_id": {"$in": child_id}}, self.projection).sort("_id", pymongo.DESCENDING)
             )
             self.convert_objectid(children)
             self.get_user_group(children)
@@ -418,9 +400,7 @@ def fill_children(self, data):
 class Notification(Mongo):
     def get_notification(self, username, page, size):
         # .sort("_id", pymongo.DESCENDING).limit(size).skip((page - 1) * size)
-        notify = self.db["notification"].find_one(
-            {"username": username}, projection={"_id": False}
-        )
+        notify = self.db["notification"].find_one({"username": username}, projection={"_id": False})
         if not notify:
             return {
                 "username": username,
@@ -453,9 +433,7 @@ def get_notification(self, username, page, size):
     def get_content(self, id_list):
         comments = (
             self.db["comment"]
-            .find(
-                {"_id": {"$in": id_list}}, projection={"ip": False, "parent_id": False}
-            )
+            .find({"_id": {"$in": id_list}}, projection={"ip": False, "parent_id": False})
             .sort("_id", pymongo.DESCENDING)
         )
         comments = list(comments)
@@ -467,7 +445,7 @@ def get_content(self, id_list):
                 {"_id": ObjectId(reply_to_id)},
                 projection={"content": True, "_id": False},
             )
-            comment["reply_to_content"] = rtc["content"]
+            comment["reply_to_content"] = getattr(rtc, "content", "")
 
         return comments
 

yyetsweb/databases/oauth.py

@@ -1,5 +1,7 @@
 #!/usr/bin/env python3
 # coding: utf-8
+from hashlib import sha256
+
 from common.utils import ts_date
 from databases.base import Mongo
 
@@ -27,6 +29,7 @@ def add_user(self, username, ip, browser, uid, source: "str"):
                     "oldUser": True,
                     "source": source,
                     "uid": uid,
+                    "hash": sha256(username.encode("u8")).hexdigest(),
                 }
             )
             return {
@@ -40,17 +43,17 @@ class GitHubOAuth2Login(OAuthRegister):
     pass
 
 
-class MSOAuth2Login:
+class MSOAuth2Login(OAuthRegister):
     pass
 
 
-class GoogleOAuth2Login:
+class GoogleOAuth2Login(OAuthRegister):
     pass
 
 
-class TwitterOAuth2Login:
+class TwitterOAuth2Login(OAuthRegister):
     pass
 
 
-class FacebookAuth2Login:
+class FacebookAuth2Login(OAuthRegister):
     pass

yyetsweb/databases/other.py

@@ -8,6 +8,7 @@
 import re
 import string
 import time
+from hashlib import sha256
 
 import pymongo
 import requests
@@ -165,6 +166,15 @@ def import_ban_user(self):
             r.hset("user_blacklist", username, 100)
         r.close()
 
+    def fill_user_hash(self):
+        users = self.db["users"].find({"hash": {"$exists": False}}, projection={"username": True})
+        # do it old school
+        for user in users:
+            logging.info("Filling hash for %s", user)
+            username = user["username"]
+            hash_value = sha256(username.encode("u8")).hexdigest()
+            self.db["users"].update_one({"username": username}, {"$set": {"hash": hash_value}})
+
 
 class Captcha(Redis):
     def get_captcha(self, captcha_id):

yyetsweb/databases/resources.py

@@ -11,7 +11,7 @@
 import zhconv
 from tqdm import tqdm
 
-from common.utils import ts_date
+from common.utils import hide_phone, ts_date
 from databases.base import Mongo, Redis, SearchEngine
 from databases.comment import CommentSearch
 
@@ -52,7 +52,7 @@ def meili_search(self, keyword: "str", search_type: "str") -> dict:
         returned = {"data": [], "comment": [], "extra": []}
         if search_type == "default":
             yyets = self.search_yyets(keyword)
-            comment = self.search_comment(keyword)
+            comment = hide_phone(self.search_comment(keyword))
             returned["data"] = yyets
             returned["comment"] = comment
             return returned
@@ -98,22 +98,24 @@ def mongodb_search(self, keyword: str) -> dict:
             zimuzu_data.append(item["data"]["info"])
 
         # get comment
-        r = CommentSearch().get_comment(1, 2**10, keyword)
         c_search = []
-        for c in r.get("data", []):
+        comments = CommentSearch().get_comment(1, 2**10, keyword)
+        hide_phone(comments.get("data", []))
+        for c in comments.get("data", []):
             comment_rid = c["resource_id"]
-            d = self.db["yyets"].find_one({"data.info.id": comment_rid}, projection={"data.info": True})
-            if d:
+            res = self.db["yyets"].find_one({"data.info.id": comment_rid}, projection={"data.info": True})
+            if res:
                 c_search.append(
                     {
                         "username": c["username"],
                         "date": c["date"],
                         "comment": c["content"],
                         "commentID": c["id"],
                         "resourceID": comment_rid,
-                        "resourceName": d["data"]["info"]["cnname"],
+                        "resourceName": res["data"]["info"]["cnname"],
                         "origin": "comment",
                         "hasAvatar": c["hasAvatar"],
+                        "hash": c["hash"],
                     }
                 )
         # zimuzu -> comment -> extra

yyetsweb/databases/user.py

@@ -3,10 +3,12 @@
 import os
 import random
 import re
+from hashlib import md5, sha256
 from http import HTTPStatus
 
 import filetype
 import pymongo
+import requests
 from passlib.handlers.pbkdf2 import pbkdf2_sha256
 
 from common.utils import send_mail, ts_date
@@ -101,6 +103,7 @@ def login_user(
                         date=ts_date(),
                         ip=ip,
                         browser=browser,
+                        hash=sha256(username.encode("u8")).hexdigest(),
                     )
                 )
                 returned_value["status_code"] = HTTPStatus.CREATED
@@ -177,11 +180,23 @@ def add_avatar(self, username, avatar):
 
         return {"status_code": HTTPStatus.CREATED, "message": "头像上传成功"}
 
-    def get_avatar(self, username):
-        user = self.db["users"].find_one({"username": username})
-        img = user.get("avatar", b"")
-        mime = filetype.guess_mime(img)
-        return {"image": img, "content_type": mime}
+    def get_avatar(self, username, user_hash=None):
+        if user_hash:
+            user = self.db["users"].find_one({"hash": user_hash})
+        else:
+            user = self.db["users"].find_one({"username": username})
+        if user:
+            img = user.get("avatar", b"")
+            mime = filetype.guess_mime(img)
+            return {"image": img, "content_type": mime}
+        elif "@" in username:
+            # fallback to gravatar
+            url = f"https://gravatar.webp.se/avatar/{md5(username.encode('u8')).hexdigest()}"
+            img = requests.get(url).content
+            mime = filetype.guess_mime(img)
+            return {"image": img, "content_type": mime}
+        else:
+            return {"image": None, "content_type": None}
 
 
 class UserEmail(Mongo):

yyetsweb/handlers/comment.py

@@ -1,12 +1,12 @@
 #!/usr/bin/env python3
 # coding: utf-8
-import re
 from http import HTTPStatus
 from pathlib import Path
 
 from tornado import gen, web
 from tornado.concurrent import run_on_executor
 
+from common.utils import hide_phone
 from handlers.base import BaseHandler
 
 filename = Path(__file__).name.split(".")[0]
@@ -15,13 +15,6 @@
 class CommentHandler(BaseHandler):
     filename = filename
 
-    @staticmethod
-    def hide_phone(data: list):
-        for item in data:
-            if item["username"].isdigit() and len(item["username"]) == 11:
-                item["username"] = re.sub(r"(\d{3})\d{4}(\d{4})", r"\g<1>****\g<2>", item["username"])
-        return data
-
     @run_on_executor()
     def get_comment(self):
         query_id = self.get_argument("resource_id", "0")
@@ -44,7 +37,7 @@ def get_comment(self):
             inner_page=inner_page,
             comment_id=comment_id,
         )
-        self.hide_phone((comment_data["data"]))
+        hide_phone((comment_data["data"]))
         return comment_data
 
     @run_on_executor()
@@ -144,7 +137,7 @@ def get_comment(self):
             self.set_status(HTTPStatus.BAD_REQUEST)
             return {"status": False, "message": "请提供 parent_id"}
         comment_data = self.instance.get_comment(parent_id, page, size)
-        self.hide_phone((comment_data["data"]))
+        hide_phone((comment_data["data"]))
         return comment_data
 
     @gen.coroutine
@@ -162,7 +155,7 @@ def get_comment(self):
         page = int(self.get_argument("page", "1"))
 
         comment_data = self.instance.get_comment(page, size)
-        self.hide_phone((comment_data["data"]))
+        hide_phone((comment_data["data"]))
         return comment_data
 
     @gen.coroutine
@@ -180,7 +173,7 @@ def search_comment(self):
         page = int(self.get_argument("page", "1"))
         keyword = self.get_argument("keyword", "")
         comment_data = self.instance.get_comment(page, size, keyword)
-        self.hide_phone((comment_data["data"]))
+        hide_phone((comment_data["data"]))
         return comment_data
 
     @gen.coroutine

yyetsweb/handlers/resources.py

@@ -19,7 +19,8 @@ class ResourceHandler(BaseHandler):
 
     @run_on_executor()
     def get_resource_data(self):
-        resource_id = int(self.get_query_argument("id"))
+        query = self.get_query_argument("id", None)
+        resource_id = int(query) if query.isdigit() else 0
         username = self.get_current_user()
         if str(resource_id) in os.getenv("HIDDEN_RESOURCE", "").split(","):
             self.set_status(HTTPStatus.NOT_FOUND)