This is needed because jinja2 had an update which caused the portal to
not work at all:
```
ImportError: cannot import name 'escape' from 'jinja2'
```
Quart needed updating for that.
This update required a lot of typefixes. Apparently, the "canned"
responses (like redirect) are now plain werkzeug responses, while
quart.Response does not inherit from werkzeug.Response (otherwise, we
could've changed the type annotations to werkzeug.Response everywhere,
but that doesn't work because a quart.Response is not a
werkzeug.Response).
P.S.: This time, I *did* check that avatar uploads don't break (see
b007afc).
It is more likely that a user for whose language no translation exists
can read english than danish.
The fallback to english was apparently introduced in c58ce845, though it
is possible that `best_match` did that internally before.
Fixes#131.
This is useful in situations where the admins of the Snikket
server (i.e. those who care for the docker containers) are not the
same people as the people who are admins of the Snikket service
(i.e. those who care for the users).
This reverts commit 486596f89f.
It was discovered that multipart/form-data forms do not work
correctly with Quart 0.15. The upgrade to Quart 0.15 was rushed
and not tested correctly, which I apologize for.
See-Also: https://github.com/pgjones/quart/issues/126
This checks the avatar size on the client side (if available) and
on the server side against a configuration-defined limit. The
default limit is set to use the same value as in the original
report, as no sensible limit value is known.
Fixes#67.
Previously, some kinds of errors would throw nice and fun cascades
of exceptions.
We now have a nice, clean error page for 500 and 503 (backend
connectivity) errors which includes minimal debugging information
for productive setups and a traceback for development setups.
In any case, the full exception is logged to the log with an error
ID which is printed on the error page.
snikket_web can now be fully configured via the environment alone,
no extra files needed. It is still supported to inject a python
file to generate environment variables though, which may be
useful for generating and reloading a secret key.
- Avoid fighting import cycles using a factory function
- Collapse useless subpackages into simple modules
- Move flask plugins / infrastructure in own module
- Refactor how blueprints are used to localize information about
URL routing to app factory
- Fix etag attaching (add_etag is actually a coroutine which hashes
the data payload)
- Add expires header (with now + 1800s default) so that we don’t
get hit with an avatar request on each load -- also helps with
page responsiveness.
- Proper handling for HEAD requests.
- CSP to prevent funny SVG attacks.
If a session cookie is set, but prosody doesn’t know about the
session anymore, we could get into fun states. This patch fixes
them by requiring the session to be tested with a ping request
on each HTTP request.
- Create a colour palette
- Create a sizing schema for paddings and fonts
- Implement basic form controls
- Create a theme demo page
- Apply the theme to the existing pages.
Still TODO is the final font selection.
