Merge branch 'v2' into ila

* Fixes missing actor breaking notifications page

app/config.py

@@ -124,6 +124,7 @@ class Config(pydantic.BaseModel):
     key_path: str | None = None
 
     session_timeout: int = 3600 * 24 * 3  # in seconds, 3 days by default
+    csrf_token_exp: int = 3600
 
     disabled_notifications: list[str] = []
 
@@ -263,7 +264,7 @@ def verify_csrf_token(
     if redirect_url:
         please_try_again = f'<a href="{redirect_url}">please try again</a>'
     try:
-        csrf_serializer.loads(csrf_token, max_age=1800)
+        csrf_serializer.loads(csrf_token, max_age=CONFIG.csrf_token_exp)
     except (itsdangerous.BadData, itsdangerous.SignatureExpired):
         logger.exception("Failed to verify CSRF token")
         raise HTTPException(

app/models.py

@@ -1,4 +1,5 @@
 import enum
+from datetime import datetime
 from typing import Any
 from typing import Optional
 from typing import Union
@@ -436,7 +437,7 @@ class OutboxObjectAttachment(Base):
     outbox_object_id = Column(Integer, ForeignKey("outbox.id"), nullable=False)
 
     upload_id = Column(Integer, ForeignKey("upload.id"), nullable=False)
-    upload = relationship(Upload, uselist=False)
+    upload: Mapped["Upload"] = relationship(Upload, uselist=False)
 
 
 class IndieAuthAuthorizationRequest(Base):
@@ -459,7 +460,9 @@ class IndieAuthAccessToken(Base):
     __tablename__ = "indieauth_access_token"
 
     id = Column(Integer, primary_key=True, index=True)
-    created_at = Column(DateTime(timezone=True), nullable=False, default=now)
+    created_at: Mapped[datetime] = Column(
+        DateTime(timezone=True), nullable=False, default=now
+    )
 
     # Will be null for personal access tokens
     indieauth_authorization_request_id = Column(
@@ -470,9 +473,9 @@ class IndieAuthAccessToken(Base):
         uselist=False,
     )
 
-    access_token = Column(String, nullable=False, unique=True, index=True)
+    access_token: Mapped[str] = Column(String, nullable=False, unique=True, index=True)
     refresh_token = Column(String, nullable=True, unique=True, index=True)
-    expires_in = Column(Integer, nullable=False)
+    expires_in: Mapped[int] = Column(Integer, nullable=False)
     scope = Column(String, nullable=False)
     is_revoked = Column(Boolean, nullable=False, default=False)
     was_refreshed = Column(Boolean, nullable=False, default=False, server_default="0")

app/templates/utils.html

@@ -413,7 +413,7 @@
 <div class="activity-og-meta">
     {% if og_meta.image %}
     <div>
-        <img src="{{ og_meta.image | media_proxy_url }}">
+        <img src="{{ og_meta.image | media_proxy_url }}" {% if og_meta.image__alt %} alt="{{ og_meta.image__alt }}"{% endif %}>
     </div>
     {% endif %}
     <div>

app/uploads.py

@@ -60,7 +60,7 @@ async def save_upload(db_session: AsyncSession, f: UploadFile) -> models.Upload:
             destination_image.putdata(original_image.getdata())
             destination_image.save(
                 dest_filename,
-                format=_original_image.format,
+                format=_original_image.format,  # type: ignore
             )
 
             with open(dest_filename, "rb") as dest_f:

app/utils/opengraph.py

@@ -28,6 +28,7 @@ class OpenGraphMeta(BaseModel):
     url: str
     title: str
     image: str | None
+    image__alt: str | None
     description: str | None
     site_name: str
 
@@ -47,11 +48,12 @@ def _scrap_og_meta(url: str, html: str) -> OpenGraphMeta | None:
         "url": url,
         "title": soup.find("title").text.strip(),
         "image": None,
+        "image__alt": None,
         "description": None,
         "site_name": urlparse(url).hostname,
     }
     for field in OpenGraphMeta.__fields__.keys():
-        og_field = f"og:{field}"
+        og_field = f"og:{field.replace('__',':')}"
         if ogs.get(og_field):
             raw[field] = ogs.get(og_field, None)
 

data/templates/layout.html

@@ -5,6 +5,10 @@
 <meta http-equiv="x-ua-compatible" content="ie=edge">
 <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
 
+{% if not is_admin %}
+    <script async src="https://u.leftarchive.ie/script.js" data-website-id="a192c48a-4c50-45d5-8b60-d8396862b91a"></script>
+{% endif %}
+
 <link rel="dns-prefetch" href="https://www.leftarchive.ie/" />
 <link rel="prefetch" href="https://www.leftarchive.ie/workspace/assets/css/leftarchive.css?v=20221223" />
 <link rel="prefetch" href="https://www.leftarchive.ie/workspace/assets/fonts/fa-solid-900.woff2" />

data/templates/notifications.html

@@ -54,8 +54,12 @@
                     {%- elif notif.notification_type.value == "move" %}
                         {# for move notif, the actor is the target and the inbox object the Move activity #}
                         <div class="actor-action">
-                            <a href="{{ url_for("admin_profile") }}?actor_id={{ notif.inbox_object.actor.ap_id }}">
-                                {{ utils.display_tiny_actor_icon(notif.inbox_object.actor) }} {{ notif.inbox_object.actor.display_name | clean_html(notif.inbox_object.actor) | safe }}</a> has moved to
+                            {% if notif.inbox_object.actor %}
+                                <a href="{{ url_for("admin_profile") }}?actor_id={{ notif.inbox_object.actor.ap_id }}">
+                                    {{ utils.display_tiny_actor_icon(notif.inbox_object.actor) }} {{ notif.inbox_object.actor.display_name | clean_html(notif.inbox_object.actor) | safe }}</a> has moved to
+                            {% else %}
+                                ERROR: Missing actor on move object
+                            {% endif %}
                             <span title="{{ notif.created_at.isoformat() }}">{{ notif.created_at | timeago }}</span>
                         </div>
                         {{ utils.display_actor(notif.actor) }}