Update

best commit message ever

6 files changed, 102 insertions, 29 deletions

diff --git a/.gitignore b/.gitignore
index 58bd488..a6c57f5 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1 @@
-db.json
+*.json
diff --git a/app.py b/app.py
index 1e1f226..688772a 100644
--- a/app.py
+++ b/app.py
@@ -1,7 +1,7 @@
 # qbox - anonymous question board thingy
 #
-# Copyright (c) 2022 Ferass EL HAFIDI
-# Copyright (c) 2022 Andrew Yu <andrew@andrewyu.org>
+# Copyright (c) 2022  Ferass EL HAFIDI
+# Copyright (c) 2022, 2023  Andrew Yu <andrew@andrewyu.org>
 # 
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -20,13 +20,21 @@
 from flask import Flask
 from flask import render_template, request, redirect, abort
 from flask.wrappers import Response
+import sys
+from email.mime.text import MIMEText
+from subprocess import Popen, PIPE
+
+
+
 from html import escape
 import time, os
 import json
 
-def ldb():
+mapping = {"andrew": ("andrew@andrewyu.org", "andrew.json", "<a href=\"https://www.andrewyu.org/\">Andrew Yu (Hypfzhqiik)</a>"), "hypfzwmiik": ("box2@andrewyu.org", "hypfzwmiik.json", "Hypfzqmiik")} # not gonna spam their mailbox during testing
+
+def ldb(user):
     try:
-        db_file = open("db.json", "r+")
+        db_file = open("%s" % mapping[user][1], "r+")
     except FileNotFoundError:
         db = []
     else:
@@ -34,23 +42,23 @@ def ldb():
         assert type(db) is list
         db_file.close()
     return db
-db = ldb()
 
 app = Flask(__name__)
 
-def append_question(text, ts):
+def append_question(user, text, ts):
+    db = ldb(user)
     db.append({"q": text, "a": None, "ts": ts})
-    with open("db.json",  "w") as db_file:
+    with open(mapping[user][1],  "w") as db_file:
         json.dump(db, db_file, indent=4)
 
-def gpq():
+def gpq(db):
     gd = ""
     for qs in reversed(db):
         if not qs["a"]: continue
         gd += "<hr />"
         gd += "<div class=\"single-past-question\">"
         gd += "<pre class=\"past-question-question\">"
-        gd += escape(qs["q"])
+        gd += escape(qs["q"]) # questions are not trusted and must be escaped
         gd += "</pre>"
         gd += "<span class=\"past-question-answer\">"
         gd += qs["a"] # answers are trusted and may include HTML
@@ -58,25 +66,37 @@ def gpq():
         gd += "</div>"
     return gd
 
-
-@app.route('/', methods=['GET', 'POST'])
-def index():
-    if request.method == 'GET':
+# I think, therefore I am
+@app.route('/<user>', methods=['GET', 'POST'])
+def qboard(user):
+    if user not in mapping:
+        return render_template("unknown_user.html", faulty_username=user)
+    elif request.method == 'GET':
         global db
-        db = ldb()
-        return Response(open("templates/home.html", "r").read().replace("{{pq}}", gpq()), mimetype='text/html')
-        #return render_template('home.html', pq=gpq())
+        db = ldb(user)
+        return Response(open("templates/qboard.html", "r").read().replace("{{username}}", mapping[user][2]).replace("{{pq}}", gpq(db)), mimetype='text/html')
     elif request.method == 'POST':
         ts = str(time.time())
         if "text" in request.form and request.form["text"].strip():
             text = request.form["text"]
-            append_question(text, ts)
+            append_question(user, text, ts)
             print(text + "\a")
+            msg = MIMEText(f"The following message was received in the question box at {ts}. Please reply to this IN PLAIN TEXT EMAIL; you may handwrite HTML in your reply.\n\n{text}")
+            msg["From"] = "qbox@andrewyu.org"
+            msg["To"] = mapping[user][0]
+            msg["Subject"] = "Question Box Message"
+            msg["Message-Id"] = "<qbox-%s@andrewyu.org>" % ts
+            p = Popen(["/usr/sbin/sendmail", "-t", "-oi"], stdin=PIPE)
+            p.communicate(msg.as_bytes())
         else:
             return Response("Empty submissions are forbidden.", mimetype='text/plain')
         return Response("Submission successful.", mimetype='text/plain')
     return "Invalid request.", 400
 
+@app.route('/', methods=['GET'])
+def index():
+    return render_template('home.html')
+
 if __name__ == "__main__":
-    app.run(port=8000)
+    app.run(port=5728)
 
diff --git a/templates/home.html b/templates/home.html
index a6b5ca1..3792bb4 100644
--- a/templates/home.html
+++ b/templates/home.html
@@ -1,23 +1,20 @@
 <!DOCTYPE html>
 <html lang="en">
 	<head>
-		<title>Andrew Yu's Question Board</title>
+		<title>Question Boards on andrewyu.org</title>
 		<link rel="stylesheet" href="https://www.andrewyu.org/plain.css" />
 		<link rel="shortcut icon" href="https://www.andrewyu.org/favicon.ico" type="image/x-icon" />
 		<meta charset="utf-8" />
 	</head>
 	<body>
-		<h1>Andrew Yu's Question Board</h1>
+		<h1>Question Boards on <code>andrewyu.org</code></h1>
 
-		<form method="POST" enctype="multipart/form-data">
-			What do you want to say to me or ask me?<br />
-			<textarea rows="10" cols="70" name="text" placeholder="Insert some text here."></textarea><br />
-			By submitting an HTTP POST request to this URL, for example by pressing ``Submit'' below, you promise that you wrote the text submitted in the text box above, you waive all copyright and related rights to the text to the extent permitted by applicable law, and you agree that the may be publicly displayed and commented upon on this Website.<br />Do not use this to conduct illegal activities, including malicious attempts to hijck my server or similar misuse.  Please report potential vulnerabilities responsibly by <a href="https://www.andrewyu.org/contact.html">contacting me privately</a>.<br />
-			<input type="submit" value="Submit"/ >
-		</form>
+		<strong style="color: red; font-size: 300%;">Site under maintainance — very unstable!!!</strong>
 
-		<h2>Previous Questions</h2>
-		{{pq}}
+		<ul>
+			<li><a href="/andrew">Andrew/Hypfzhqiik</a></li>
+			<li><a href="/hypfzwmiik">Hypfzwmiik</a></li>
+		</ul>
 
 		<div id="footer">
 			<hr />
diff --git a/templates/qboard.html b/templates/qboard.html
new file mode 100644
index 0000000..25c71fc
--- /dev/null
+++ b/templates/qboard.html
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<title>{{username}}'s Question Board</title>
+		<link rel="stylesheet" href="https://www.andrewyu.org/plain.css" />
+		<link rel="shortcut icon" href="https://www.andrewyu.org/favicon.ico" type="image/x-icon" />
+		<meta charset="utf-8" />
+	</head>
+	<body>
+		<h1 style="margin-bottom: 0ex;">{{username}}'s Question Board</h1>
+		<a href="/">See all public question boards on this server</a>
+		<br />
+		<br />
+
+		<form method="POST" enctype="multipart/form-data">
+			Use this form to submit a new message...<br />
+			<textarea rows="10" cols="70" name="text" placeholder="What do you want to say to me or ask me?"></textarea><br />
+			By submitting an HTTP POST request to this URL, for example by pressing ``Submit'' below, you promise that you wrote the text submitted in the text box above, you waive all copyright and related rights to the text to the extent permitted by applicable law, and you agree that the may be publicly displayed and commented upon on this Website.<br />Do not use this to conduct illegal activities, including malicious attempts to hijack the server or similar misuse.  Please report potential vulnerabilities responsibly by <a href="https://www.andrewyu.org/contact.html">contacting</a> <a href="https://www.andrewyu.org/">the server administrator</a> privately</a>.<br />
+			<input type="submit" value="Submit"/ >
+		</form>
+
+		<h2>Previous Questions</h2>
+		{{pq}}
+
+		<div id="footer">
+			<hr />
+			<p>
+			The server software behind this question board is <b>qbox</b>, a simple HTML-form question board server, licensed under <a href="https://git.andrewyu.org/andrew/qbox.git/plain/COPYING">version 3 of the GNU Affero General Public License</a>.  You may find its source code at <a href="https://git.andrewyu.org/andrew/qbox.git/">https://git.andrewyu.org/andrew/qbox.git/</a>.
+			</p>
+		</div>
+	</body>
+</html>
diff --git a/templates/unknown_user.html b/templates/unknown_user.html
new file mode 100644
index 0000000..c472966
--- /dev/null
+++ b/templates/unknown_user.html
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<title>Unknown Question Board User</title>
+		<link rel="stylesheet" href="https://www.andrewyu.org/plain.css" />
+		<link rel="shortcut icon" href="https://www.andrewyu.org/favicon.ico" type="image/x-icon" />
+		<meta charset="utf-8" />
+	</head>
+	<body>
+		<h1>Unknown question Board User</h1>
+
+		<p>I cannot find the question board for the username ``<code>{{faulty_username}}</code>''. Are you sure that you have the right URL? <a href="/">Here's a list of public question boards which may help...</a></p>
+
+		<div id="footer">
+			<hr />
+			<p>
+			The server software behind this question board is <b>qbox</b>, a simple HTML-form question board server, licensed under <a href="https://git.andrewyu.org/andrew/qbox.git/plain/COPYING">version 3 of the GNU Affero General Public License</a>.  You may find its source code at <a href="https://git.andrewyu.org/andrew/qbox.git/">https://git.andrewyu.org/andrew/qbox.git/</a>.
+			</p>
+		</div>
+	</body>
+</html>
diff --git a/todo b/todo
new file mode 100644
index 0000000..b4c49dd
--- /dev/null
+++ b/todo
@@ -0,0 +1,3 @@
+- user list in seperate configuration file
+  - {username: (database_file, email_address)}
+  - Read email replies from maildir in seperate user