From c9f81c9d2754fc53b2316b814a0cd036f1c87d97 Mon Sep 17 00:00:00 2001
From: Margaret Fero <MaggieFero@users.noreply.github.com>
Date: Sat, 2 Mar 2024 18:55:24 -0800
Subject: [PATCH] Update to current versions of dependencies (#43)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* fix multiple issues from user exports config changes

- improve nginx config
- fix DATA_UPLOAD_MAX_MEMORY_SIZE default not being an int
- translate fallback value in id_to_username template tag
- make location of setting to turn on user exports easier to locate for admins

fixes #3227
fixes #3231
fixes #3232
fixes #3236

* fix comment in env example

* Fixes translation tags

* Add search for author

* Support DATA_UPLOAD_MAX_MEMORY_MiB, only, in .env

Since arithmetic is not allowed in .env files, a change in unit for
the variable seems most usable.

* Adds production.conf security configuration missing in version 0.7.2

* Add timeout to isbn.py

An instance of requests.get in isbn.py lacks a timeout, and this commit adds one with a default of 15 as used other places in the code, where requests.get does already have a timeout.

* Add timeout to base_activity.py

An instance of requests.get was missing a timeout; this commit adds a timeout of 15 as used in other places in this codebase which already have timeouts.

* Typo fix

Add a comma

* Remove duplicate types-requests==2.31.0.2

The types-requests==2.31.0.2 dependency was double-listed right next to each other; this commit removes one.

* Alphabetize requirements.txt

Alphabetize requirements.txt for developer convenience; this helps to find duplicates and unnecessarily-pinned subdependencies, as well as making the file easier to read and use.

* Upgrade Python Version from 3.9 to 3.11

* Disable Pylint Failure for imghdr deprecation for now

* Upgrade Celery to 5.3.1

* Upgrade django-celery-beat to 2.5.0

* Upgrade django-compressor to 4.4

* Upgrade flower to 2.0.0

* Add grpcio pin @ 1.57.0

* Pin Tornado at 6.3.3

* Upgrade Pylint to 2.15.0

* Upgrade pytest to 6.2.5

* Pin setuptools at 65.5.1

* Fix typo in operator

* Add extra space required by linter

* Fix spacing for linter

* Add linter exclusion for TBookWyrmModel

---------

Co-authored-by: Hugh Rundle <hugh@hughrundle.net>
Co-authored-by: Mouse Reeve <mousereeve@riseup.net>
Co-authored-by: Bart Schuurmans <bart@minnozz.com>
Co-authored-by: Adeodato Simó <dato@users.noreply.github.com>
Co-authored-by: Hugh Rundle <github@hughr.me>
Co-authored-by: FoW <fow@netspheres.org>
---
 .env.example                                  |  8 ++--
 .github/workflows/django-tests.yml            |  2 +-
 .github/workflows/mypy.yml                    |  4 +-
 .github/workflows/pylint.yml                  |  4 +-
 bookwyrm/activitypub/base_activity.py         |  2 +
 bookwyrm/connectors/abstract_connector.py     |  4 +-
 bookwyrm/isbn/isbn.py                         |  2 +-
 bookwyrm/settings.py                          |  4 +-
 bookwyrm/templates/layout.html                |  2 +-
 .../templates/preferences/export-user.html    | 39 +++++++++--------
 bookwyrm/templates/search/author.html         | 17 ++++++++
 bookwyrm/templates/search/layout.html         |  4 ++
 bookwyrm/templatetags/utilities.py            |  2 +-
 bookwyrm/views/search.py                      | 27 ++++++++++++
 nginx/development                             | 14 ++++--
 nginx/production                              | 16 +++++--
 requirements.txt                              | 43 ++++++++++---------
 17 files changed, 135 insertions(+), 59 deletions(-)
 create mode 100644 bookwyrm/templates/search/author.html

diff --git a/.env.example b/.env.example
index d0971660ef..1bf6d5406f 100644
--- a/.env.example
+++ b/.env.example
@@ -138,9 +138,9 @@ TWO_FACTOR_LOGIN_MAX_SECONDS=60
 # Value should be a comma-separated list of host names.
 CSP_ADDITIONAL_HOSTS=
 
-# The last number here means "megabytes"
-# Increase if users are having trouble uploading BookWyrm export files.
-DATA_UPLOAD_MAX_MEMORY_SIZE = (1024**2 * 100)
-
 # Time before being logged out (in seconds)
 # SESSION_COOKIE_AGE=2592000   # current default: 30 days
+
+# Maximum allowed memory for file uploads (increase if users are having trouble
+# uploading BookWyrm export files).
+# DATA_UPLOAD_MAX_MEMORY_MiB=100
diff --git a/.github/workflows/django-tests.yml b/.github/workflows/django-tests.yml
index 78b6e142ed..de71d9bcfc 100644
--- a/.github/workflows/django-tests.yml
+++ b/.github/workflows/django-tests.yml
@@ -27,7 +27,7 @@ jobs:
     - name: Set up Python
       uses: actions/setup-python@v4
       with:
-        python-version: 3.9
+        python-version: 3.11
     - name: Install Dependencies
       run: |
         python -m pip install --upgrade pip
diff --git a/.github/workflows/mypy.yml b/.github/workflows/mypy.yml
index 1a641edd28..6df987aa4f 100644
--- a/.github/workflows/mypy.yml
+++ b/.github/workflows/mypy.yml
@@ -13,10 +13,10 @@ jobs:
 
     steps:
     - uses: actions/checkout@v3
-    - name: Set up Python 3.9
+    - name: Set up Python 3.11
       uses: actions/setup-python@v4
       with:
-        python-version: 3.9
+        python-version: 3.11
     - name: Install Dependencies
       run: |
         python -m pip install --upgrade pip
diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml
index 3811c97d38..ab8633b48c 100644
--- a/.github/workflows/pylint.yml
+++ b/.github/workflows/pylint.yml
@@ -13,10 +13,10 @@ jobs:
 
     steps:
     - uses: actions/checkout@v3
-    - name: Set up Python 3.9
+    - name: Set up Python 3.11
       uses: actions/setup-python@v4
       with:
-        python-version: 3.9
+        python-version: 3.11
     - name: Install Dependencies
       run: |
         python -m pip install --upgrade pip
diff --git a/bookwyrm/activitypub/base_activity.py b/bookwyrm/activitypub/base_activity.py
index fbbc18f73e..efc9d8da2f 100644
--- a/bookwyrm/activitypub/base_activity.py
+++ b/bookwyrm/activitypub/base_activity.py
@@ -20,6 +20,7 @@
 
 logger = logging.getLogger(__name__)
 
+# pylint: disable=invalid-name
 TBookWyrmModel = TypeVar("TBookWyrmModel", bound=base_model.BookWyrmModel)
 
 
@@ -423,6 +424,7 @@ def get_activitypub_data(url):
                 "Date": now,
                 "Signature": make_signature("get", sender, url, now),
             },
+            timeout=15,
         )
     except requests.RequestException:
         raise ConnectorException()
diff --git a/bookwyrm/connectors/abstract_connector.py b/bookwyrm/connectors/abstract_connector.py
index 8b6dcb8858..aa8edbeae9 100644
--- a/bookwyrm/connectors/abstract_connector.py
+++ b/bookwyrm/connectors/abstract_connector.py
@@ -3,7 +3,9 @@
 from abc import ABC, abstractmethod
 from typing import Optional, TypedDict, Any, Callable, Union, Iterator
 from urllib.parse import quote_plus
-import imghdr
+
+# pylint: disable-next=deprecated-module
+import imghdr  # Deprecated in 3.11 for removal in 3.13; no good alternative yet
 import logging
 import re
 import asyncio
diff --git a/bookwyrm/isbn/isbn.py b/bookwyrm/isbn/isbn.py
index 56062ff7b8..d14dc26196 100644
--- a/bookwyrm/isbn/isbn.py
+++ b/bookwyrm/isbn/isbn.py
@@ -26,7 +26,7 @@ class IsbnHyphenator:
 
     def update_range_message(self) -> None:
         """Download the range message xml file and save it locally"""
-        response = requests.get(self.__range_message_url)
+        response = requests.get(self.__range_message_url, timeout=15)
         with open(self.__range_file_path, "w", encoding="utf-8") as file:
             file.write(response.text)
         self.__element_tree = None
diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py
index 7f45573c92..2bb68ff857 100644
--- a/bookwyrm/settings.py
+++ b/bookwyrm/settings.py
@@ -446,4 +446,6 @@
 # user with the same username - in which case you should change it!
 INSTANCE_ACTOR_USERNAME = "bookwyrm.instance.actor"
 
-DATA_UPLOAD_MAX_MEMORY_SIZE = env.int("DATA_UPLOAD_MAX_MEMORY_SIZE", (1024**2 * 100))
+# We only allow specifying DATA_UPLOAD_MAX_MEMORY_SIZE in MiB from .env
+# (note the difference in variable names).
+DATA_UPLOAD_MAX_MEMORY_SIZE = env.int("DATA_UPLOAD_MAX_MEMORY_MiB", 100) << 20
diff --git a/bookwyrm/templates/layout.html b/bookwyrm/templates/layout.html
index 6283e61c45..ced4e80061 100644
--- a/bookwyrm/templates/layout.html
+++ b/bookwyrm/templates/layout.html
@@ -36,7 +36,7 @@
                 <div class="field has-addons">
                     <div class="control">
                         {% if request.user.is_authenticated %}
-                            {% trans "Search for a book, user, or list" as search_placeholder %}
+                            {% trans "Search for a book, author, user, or list" as search_placeholder %}
                         {% else %}
                             {% trans "Search for a book" as search_placeholder %}
                         {% endif %}
diff --git a/bookwyrm/templates/preferences/export-user.html b/bookwyrm/templates/preferences/export-user.html
index cd3119e3e7..955cff6561 100644
--- a/bookwyrm/templates/preferences/export-user.html
+++ b/bookwyrm/templates/preferences/export-user.html
@@ -14,31 +14,29 @@
         <p> {% trans "You can create an export file here. This will allow you to migrate your data to another BookWyrm account." %}</p>
     </div>
         <div class="block mx-5 columns">
-            {% blocktrans trimmed %}
             <div class="column is-half">
-                <h2 class="is-size-5">Your file will include:</h2>
+                <h2 class="is-size-5">{% trans "Your file will include:" %}</h2>
                 <ul>
-                    <li>User profile</li>
-                    <li>Most user settings</li>
-                    <li>Reading goals</li>
-                    <li>Shelves</li>
-                    <li>Reading history</li>
-                    <li>Book reviews</li>
-                    <li>Statuses</li>
-                    <li>Your own lists and saved lists</li>
-                    <li>Which users you follow and block</li>
+                    <li>{% trans "User profile" %}</li>
+                    <li>{% trans "Most user settings" %}</li>
+                    <li>{% trans "Reading goals" %}</li>
+                    <li>{% trans "Shelves" %}</li>
+                    <li>{% trans "Reading history" %}</li>
+                    <li>{% trans "Book reviews" %}</li>
+                    <li>{% trans "Statuses" %}</li>
+                    <li>{% trans "Your own lists and saved lists" %}</li>
+                    <li>{% trans "Which users you follow and block" %}</li>
                 </ul>
             </div>
             <div class="column is-half">
-                <h2 class="is-size-5">Your file will not include:</h2>
+                <h2 class="is-size-5">{% trans "Your file will not include:" %}</h2>
                 <ul>
-                    <li>Direct messages</li>
-                    <li>Replies to your statuses</li>
-                    <li>Groups</li>
-                    <li>Favorites</li>
+                    <li>{% trans "Direct messages" %}</li>
+                    <li>{% trans "Replies to your statuses" %}</li>
+                    <li>{% trans "Groups" %}</li>
+                    <li>{% trans "Favorites" %}</li>
                 </ul>
             </div>
-            {% endblocktrans %}
         </div>
         <p class="block">{% trans "In your new BookWyrm account can choose what to import: you will not have to import everything that is exported." %}</p>
         <p class="notification is-warning">
@@ -49,6 +47,13 @@ <h2 class="is-size-5">Your file will not include:</h2>
     {% if not site.user_exports_enabled %}
     <p class="notification is-danger">
         {% trans "New user exports are currently disabled." %}
+        {% if perms.bookwyrm.edit_instance_settings %}
+        <br/>
+        {% url 'settings-imports' as url %}
+        {% blocktrans trimmed %}
+            User exports settings can be changed from <a href="{{ url }}">the Imports page</a> in the Admin dashboard.
+        {% endblocktrans %}
+    {% endif%}
     </p>
     {% elif next_available %}
     <p class="notification is-warning">
diff --git a/bookwyrm/templates/search/author.html b/bookwyrm/templates/search/author.html
new file mode 100644
index 0000000000..d42c3b54f4
--- /dev/null
+++ b/bookwyrm/templates/search/author.html
@@ -0,0 +1,17 @@
+{% extends 'search/layout.html' %}
+
+{% block panel %}
+
+{% if results %}
+<ul class="block">
+{% for author in results %}
+    <li class="">
+        <a href="{{ author.local_path }}" class="author" itemprop="author" itemscope itemtype="https://schema.org/Thing">
+            <span itemprop="name">{{ author.name }}</span>
+        </a>
+    </li>
+{% endfor %}
+</ul>
+{% endif %}
+
+{% endblock %}
diff --git a/bookwyrm/templates/search/layout.html b/bookwyrm/templates/search/layout.html
index 8cf47b3717..725a4f43f3 100644
--- a/bookwyrm/templates/search/layout.html
+++ b/bookwyrm/templates/search/layout.html
@@ -20,6 +20,7 @@ <h1 class="title">
             <div class="select" aria-label="{% trans 'Search type' %}">
                 <select name="type">
                     <option value="book" {% if type == "book" %}selected{% endif %}>{% trans "Books" %}</option>
+                    <option value="author" {% if type == "author" %}selected{% endif %}>{% trans "Authors" %}</option>
                     {% if request.user.is_authenticated %}
                     <option value="user" {% if type == "user" %}selected{% endif %}>{% trans "Users" %}</option>
                     {% endif %}
@@ -42,6 +43,9 @@ <h1 class="title">
         <li{% if type == "book" %} class="is-active"{% endif %}>
             <a href="{% url 'search' %}?q={{ query }}&type=book">{% trans "Books" %}</a>
         </li>
+        <li{% if type == "author" %} class="is-active"{% endif %}>
+            <a href="{% url 'search' %}?q={{ query }}&type=author">{% trans "Authors" %}</a>
+        </li>
         {% if request.user.is_authenticated %}
         <li{% if type == "user" %} class="is-active"{% endif %}>
             <a href="{% url 'search' %}?q={{ query }}&type=user">{% trans "Users" %}</a>
diff --git a/bookwyrm/templatetags/utilities.py b/bookwyrm/templatetags/utilities.py
index 230db366e3..d1d849cb8a 100644
--- a/bookwyrm/templatetags/utilities.py
+++ b/bookwyrm/templatetags/utilities.py
@@ -126,7 +126,7 @@ def id_to_username(user_id):
         value = f"{name}@{domain}"
 
         return value
-    return "a new user account"
+    return _("a new user account")
 
 
 @register.filter(name="get_file_size")
diff --git a/bookwyrm/views/search.py b/bookwyrm/views/search.py
index f8eddd1a68..e1598056f7 100644
--- a/bookwyrm/views/search.py
+++ b/bookwyrm/views/search.py
@@ -1,4 +1,5 @@
 """ search views"""
+
 import re
 
 from django.contrib.postgres.search import TrigramSimilarity
@@ -39,6 +40,7 @@ def get(self, request):
 
         endpoints = {
             "book": book_search,
+            "author": author_search,
             "user": user_search,
             "list": list_search,
         }
@@ -90,6 +92,31 @@ def book_search(request):
     return TemplateResponse(request, "search/book.html", data)
 
 
+def author_search(request):
+    """search for an author"""
+    query = request.GET.get("q")
+    query = query.strip()
+    data = {"type": "author", "query": query}
+
+    results = (
+        models.Author.objects.annotate(
+            similarity=TrigramSimilarity("name", query),
+        )
+        .filter(
+            similarity__gt=0.1,
+        )
+        .order_by("-similarity")
+    )
+
+    paginated = Paginator(results, PAGE_LENGTH)
+    page = paginated.get_page(request.GET.get("page"))
+    data["results"] = page
+    data["page_range"] = paginated.get_elided_page_range(
+        page.number, on_each_side=2, on_ends=1
+    )
+    return TemplateResponse(request, "search/author.html", data)
+
+
 def user_search(request):
     """user search: search for a user"""
     viewer = request.user
diff --git a/nginx/development b/nginx/development
index fdfd14e1d6..2c3a1d02f6 100644
--- a/nginx/development
+++ b/nginx/development
@@ -61,17 +61,25 @@ server {
         proxy_pass http://web;
     }
 
-    # directly serve images and static files from the
+    # directly serve static files from the
     # bookwyrm filesystem using sendfile.
     # make the logs quieter by not reporting these requests
-    location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|ttf|webp|css|js)$ {
+    location ~ ^/static/ {
         root /app;
         try_files $uri =404;
         add_header X-Cache-Status STATIC;
         access_log off;
     }
 
-    # block access to any non-image files from images or static
+    # same with image files not in static folder
+    location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
+        root /app;
+        try_files $uri =404;
+        add_header X-Cache-Status STATIC;
+        access_log off;
+    }
+
+    # block access to any non-image files from images
     location ~ ^/images/ {
         return 403;
     }
diff --git a/nginx/production b/nginx/production
index 296ede70ce..841ed8afae 100644
--- a/nginx/production
+++ b/nginx/production
@@ -93,19 +93,27 @@ server {
 #         proxy_pass http://web;
 #     }
 #
-#     # directly serve images and static files from the
+#     # directly serve static files from the
 #     # bookwyrm filesystem using sendfile.
 #     # make the logs quieter by not reporting these requests
-#     location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|ttf|webp|css|js)$ {
+#     location ~ ^/static/ {
 #         root /app;
 #         try_files $uri =404;
 #         add_header X-Cache-Status STATIC;
 #         access_log off;
 #     }
 
-#     # block access to any non-image files from images or static
+#     # same with image files not in static folder
+#     location ~ \.(bmp|ico|jpg|jpeg|png|svg|tif|tiff|webp)$ {
+#         root /app;
+#         try_files $uri =404;
+#         add_header X-Cache-Status STATIC;
+#         access_log off;
+#     }
+
+#     # block access to any non-image files from images
 #     location ~ ^/images/ {
-#          return 403;
+#         return 403;
 #     }
 #
 #     # monitor the celery queues with flower, no caching enabled
diff --git a/requirements.txt b/requirements.txt
index 83b294d9a0..270357adec 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -1,59 +1,60 @@
 aiohttp==3.9.2
 bleach==5.0.1
+boto3==1.26.57
 bw-file-resubmit==0.6.0rc2
 celery==5.3.1
 colorthief==0.2.1
 Django==3.2.24
 django-celery-beat==2.5.0
 django-compressor==4.4
+django-csp==3.7
 django-imagekit==4.1.0
 django-model-utils==4.3.1
+django-redis==5.2.0
 django-sass-processor==1.2.2
-django-csp==3.7
+django-storages==1.13.2
+django-storages[azure]
 environs==9.5.0
 flower==2.0.0
-grpcio==1.57.0
+grpcio==1.57.0 # Not a direct dependency, pinned to get a security fix
 libsass==0.22.0
 Markdown==3.4.1
-Pillow==10.2.0
-psycopg2==2.9.7
-pycryptodome==3.19.1
-python-dateutil==2.8.2
-redis==4.5.4
-requests==2.31.0
-responses==0.22.0
-pytz>=2022.7
-boto3==1.26.57
-django-storages==1.13.2
-django-storages[azure]
-django-redis==5.2.0
 opentelemetry-api==1.16.0
 opentelemetry-exporter-otlp-proto-grpc==1.16.0
 opentelemetry-instrumentation-celery==0.37b0
 opentelemetry-instrumentation-django==0.37b0
 opentelemetry-instrumentation-psycopg2==0.37b0
 opentelemetry-sdk==1.16.0
+Pillow==10.2.0
 protobuf==3.20.*
+psycopg2==2.9.7
+pycryptodome==3.19.1
 pyotp==2.8.0
+python-dateutil==2.8.2
+pytz>=2022.7
 qrcode==7.3.1
-setuptools>=65.5.1
-tornado==6.3.3
+redis==4.5.4
+requests==2.31.0
+responses==0.22.0
 
 # Dev
+celery-types==0.18.0
+django-stubs[compatible-mypy]==4.2.4
+mypy==1.5.1
+pylint==2.15.0
 pytest-django==4.1.0
 pytest==6.2.5
 pytest-cov==2.10.1
+pytest-django==4.1.0
 pytest-env==0.6.2
 pytest-xdist==2.3.0
 pytidylib==0.3.2
-pylint==2.14.0
-mypy==1.5.1
-celery-types==0.18.0
-django-stubs[compatible-mypy]==4.2.4
+setuptools>=65.5.1
+tornado==6.3.3
 types-bleach==6.0.0.4
 types-dataclasses==0.6.6
 types-Markdown==3.4.2.10
 types-Pillow==10.2.0.20240213
 types-psycopg2==2.9.21.11
 types-python-dateutil==2.8.19.14
-types-requests==2.31.0.2
\ No newline at end of file
+types-requests==2.31.0.2