Merge branch 'pu': pre-v6.0.0

Release v6.0.0 - Python

This documents UX and functional changes for the v6.0.0 aurweb release.
Following this release, we'll be working on a few very nice features
noted at the end of this article in Upcoming Work.

Preface
-------

This v6.0.0 release makes the long-awaited Python port official.

Along with the development of the python port, we have modified a
number of features. There have been some integral changes to how
package requests are dealt with, so _Trusted Users_ should read
the entirety of this document.

Legend
------

There are a few terms which I'd like to define to increase
understanding of these changes as they are listed:

- _self_
    - Refers to a user viewing or doing something regarding their own account
- _/pkgbase/{name}/{action}_
    - Refers to a POST action which can be triggered via the relevent package
      page at `/{pkgbase,packages}/{name}`.

Grouped changes explained in multiple items will always be prefixed with
the same letter surrounded by braces. Example:

- [A] Some feature that does something
- [A] The same feature where another thing has changed

Infrastructure
--------------

- Python packaging is now done with poetry.
- SQLite support has been removed. This was done because even though
  SQLAlchemy is an ORM, SQLite has quite a few SQL-server-like features
  missing both out of the box and integrally which force us to account
  for the different database types. We now only support mysql, and should
  be able to support postgresql without much effort in the future.
  Note: Users wishing to easily spin up a database quickly can use
  `docker-compose up -d mariadb` for a Docker-hosted mariadb service.
- An example systemd service has been included at `examples/aurweb.service`.
- Example wrappers to `aurweb-git-(auth|serve|update)` have been included
  at `examples/aurweb-git-(auth|serve|update).sh` and should be used to
  call these scripts when aurweb is installed into a poetry virtualenv.

HTML
----

- Pagers have all been modified. They still serve the same purpose, but
  they have slightly different display.
- Some markup and methods around the website has been changed for
  post requests, and some forms have been completely reworked.

Package Requests
----------------

- Normal users can now view and close their own requests
- [A] Requests can no longer be accepted through manual closures
- [A] Requests are now closed via their relevent actions
    - Deletion
        - Through `/packages` bulk delete action
        - Through `/pkgbase/{name}/delete`
    - Merge
        - Through `/pkgbase/{name}/merge`
    - Orphan
        - Through `/packages` bulk disown action
        - Through `/pkgbase/{name}/disown`
- Deletion and merge requests (and their closures) are now autogenerated
  if no pre-existing request exists. This was done to increase tracking of
  package modifications performed by those with access to do so (TUs).
- Deletion, merge and orphan request actions now close all (1 or more)
  requests pertaining to the action performed. This comes with the downside
  of multiple notifications sent out about a closure if more than one
  request (or no request) exists for them
- Merge actions now automatically reject other pre-existing merge requests
  with a mismatched `MergeBaseName` column when a merge action is performed
- The last `/requests` page no longer goes nowhere

Package Bulk Actions: /packages
-------------------------------

- The `Merge into` field has been removed. Merges now require being
  performed via the `/pkgbase/{name}/merge` action.

Package View
------------

- Some cached metadata is no longer cached (pkginfo). Previously,
  this was defaulted to a one day cache for some package information.
  If we need to bring this back, we can.

TU Proposals
------------

- A valid username is now required for any addition or removal of a TU.

RPC
---

- `type=get-comment-form` has been removed and is now located at
  `/pkgbase/{name}/comments/{id}/form`.
- Support for versions 1-4 have been removed.
- JSON key ordering is different than PHP's JSON.
- `type=search` performance is overall slightly worse than PHP's. This
  should not heavily affect users, as a 3,000 record query is returned
  in roughly 0.20ms from a local standpoint. We will be working on this
  in aim to push it over PHP.

Archives
--------

- Added metadata archive `packages-meta-v1.json.gz`.
- Added metadata archive `packages-meta-ext-v1.json.gz`.
    - Enable this by passing `--extended` to `aurweb-mkpkglists`.

Performance Changes
-------------------

As is expected from a complete rewrite of the website, performance
has changed across the board. In most places, Python's implementation
now performs better than the pre-existing PHP implementation, with the
exception of a few routes. Notably:

- `/` loads much quicker as it is now persistently cached forcibly
  for five minutes at a time.
- `/packages` search is much quicker.
- `/packages/{name}` view is slightly slower; we are no longer caching
  various pieces of package info for `cache_pkginfo_ttl`, which is
  defaulted to 86400 seconds, or one day.
- Request actions are slower due to the removal of the `via` parameter.
  We now query the database for requests related to the action based on
  the current state of the DB.
- `/rpc?type=info` queries are slightly quicker.
- `/rpc?type=search` queries of low result counts are quicker.
- `/rpc?type=search` queries of large result counts (> 2500) are slower.
    - We are not satisfied with this. We'll be working on pushing this
      over the edge along with the rest of the DB-intensive routes.
      However, the speed degredation is quite negligible for users'
      experience: 0.12ms PHP vs 0.15ms Python on a 3,000 record query
      on my local 4-core 8-thread system.

Upcoming Work
-------------

This release is the first major release of the Python implementation.
We have multiple tasks up for work immediately, which will bring us
a few more minor versions forward as they are completed.

- Update request and tu vote pagers
- Archive differentials
- Archive mimetypes
- (a) Git scripts to ORM conversion
- (a) Sharness removal
- Restriction of number of requests users can submit

web/html/addvote.php

@@ -67,8 +67,10 @@ if (has_credential(CRED_TU_ADD_VOTE)) {
 		}
 	}
 
-	if (!empty($_POST['addVote']) && empty($error)) {
-		add_tu_proposal($_POST['agenda'], $_POST['user'], $len, $quorum, $uid);
+    if (!empty($_POST['addVote']) && empty($error)) {
+        // Convert $quorum to a String of maximum length "12.34" (5).
+        add_tu_proposal($_POST['agenda'], $_POST['user'],
+                        $len, strval($quorum), $uid);
 
 		print "<p class=\"pkgoutput\">" . __("New proposal submitted.") . "</p>\n";
 	} else {

web/html/css/archweb.css

@@ -329,6 +329,7 @@ label {
 
 input[type=text],
 input[type=password],
+input[type=email],
 textarea {
     padding: 0.10em;
 }

web/html/css/aurweb.css

@@ -144,8 +144,7 @@ span.hover-help {
 	cursor:help;
 }
 
-label.confirmation,
-#merge-into {
+label.confirmation {
 	width: auto;
 }
 
@@ -204,3 +203,63 @@ label.confirmation,
 	overflow: hidden;
 	transition: height 1s;
 }
+
+.proposal.details {
+    margin: .33em 0 1em;
+}
+
+button[type="submit"],
+button[type="reset"] {
+    padding: 0 0.6em;
+}
+
+.results tr td[align="left"] fieldset {
+    text-align: left;
+}
+
+.results tr td[align="right"] fieldset {
+    text-align: right;
+}
+
+input#search-action-submit {
+    width: 80px;
+}
+
+.success {
+    color: green;
+}
+
+/* Styling used to clone <a> styles for a form.link button. */
+form.link, form.link button {
+    display: inline;
+    font-family: sans-serif;
+}
+form.link button {
+    padding: 0 0.5em;
+    color: #07b;
+    background: none;
+    border: none;
+    font-family: inherit;
+    font-size: inherit;
+}
+form.link button:hover {
+    cursor: pointer;
+    text-decoration: underline;
+}
+
+/* Customize form.link when used inside of a page. */
+div.box form.link p {
+    margin: .33em 0 1em;
+}
+div.box form.link button {
+    padding: 0;
+}
+
+pre.traceback {
+    /* https://css-tricks.com/snippets/css/make-pre-text-wrap/ */
+    white-space: pre-wrap;
+    white-space: -moz-pre-wrap;
+    white-space: -pre-wrap;
+    white-space: -o-pre-wrap;
+    word-wrap: break-all;
+}

web/html/js/comment-edit.js

@@ -0,0 +1,61 @@
+function add_busy_indicator(sibling) {
+    const img = document.createElement('img');
+    img.src = "/static/images/ajax-loader.gif";
+    img.classList.add('ajax-loader');
+    img.style.height = 11;
+    img.style.width = 16;
+    img.alt = "Busy…";
+
+    sibling.insertAdjacentElement('afterend', img);
+}
+
+function remove_busy_indicator(sibling) {
+    const elem = sibling.nextElementSibling;
+    elem.parentNode.removeChild(elem);
+}
+
+function getParentsUntil(elem, className) {
+    // Limit to 10 depth
+    for ( ; elem && elem !== document; elem = elem.parentNode) {
+        if (elem.matches(className)) {
+            break;
+        }
+    }
+
+    return elem;
+}
+
+function handleEditCommentClick(event, pkgbasename) {
+    event.preventDefault();
+    const parent_element = getParentsUntil(event.target, '.comment-header');
+    const parent_id = parent_element.id;
+    const comment_id = parent_id.substr(parent_id.indexOf('-') + 1);
+    // The div class="article-content" which contains the comment
+    const edit_form = parent_element.nextElementSibling;
+
+    const url = "/pkgbase/" + pkgbasename + "/comments/" + comment_id + "/form?";
+
+    add_busy_indicator(event.target);
+
+    fetch(url + new URLSearchParams({ next: window.location.pathname }), {
+        method: 'GET',
+        credentials: 'same-origin'
+    })
+    .then(function(response) {
+        if (!response.ok) {
+            throw Error(response.statusText);
+        }
+        return response.json();
+    })
+    .then(function(data) {
+        remove_busy_indicator(event.target);
+        edit_form.innerHTML = data.form;
+        edit_form.querySelector('textarea').focus();
+    })
+    .catch(function(error) {
+        remove_busy_indicator(event.target);
+        console.error(error);
+    });
+
+    return false;
+}

web/html/js/copy.js

@@ -0,0 +1,6 @@
+document.addEventListener('DOMContentLoaded', function() {
+	document.querySelector('.copy').addEventListener('click', function(e) {
+		e.preventDefault();
+		navigator.clipboard.writeText(event.target.text);
+	});
+});

web/html/js/typeahead-home.js

@@ -0,0 +1,6 @@
+document.addEventListener('DOMContentLoaded', function() {
+    const input = document.getElementById('pkgsearch-field');
+    const form = document.getElementById('pkgsearch-form');
+    const type = 'suggest';
+    typeahead.init(type, input, form);
+});

web/html/js/typeahead-pkgbase-merge.js

@@ -0,0 +1,6 @@
+document.addEventListener('DOMContentLoaded', function() {
+	const input = document.getElementById('merge_into');
+	const form = document.getElementById('merge-form');
+	const type = "suggest-pkgbase";
+	typeahead.init(type, input, form, false);
+});

web/html/js/typeahead-pkgbase-request.js

@@ -0,0 +1,36 @@
+function showHideMergeSection() {
+    const elem = document.getElementById('id_type');
+    const merge_section = document.getElementById('merge_section');
+    if (elem.value == 'merge') {
+        merge_section.style.display = '';
+    } else {
+        merge_section.style.display = 'none';
+    }
+}
+
+function showHideRequestHints() {
+    document.getElementById('deletion_hint').style.display = 'none';
+    document.getElementById('merge_hint').style.display = 'none';
+    document.getElementById('orphan_hint').style.display = 'none';
+
+    const elem = document.getElementById('id_type');
+    document.getElementById(elem.value + '_hint').style.display = '';
+}
+
+document.addEventListener('DOMContentLoaded', function() {
+    showHideMergeSection();
+    showHideRequestHints();
+
+    const input = document.getElementById('id_merge_into');
+    const form = document.getElementById('request-form');
+    const type = "suggest-pkgbase";
+
+    typeahead.init(type, input, form, false);
+});
+
+// Bind the change event here, otherwise we have to inline javascript,
+// which angers CSP (Content Security Policy).
+document.getElementById("id_type").addEventListener("change", function() {
+    showHideMergeSection();
+    showHideRequestHints();
+});

web/html/js/typeahead.js

@@ -67,7 +67,7 @@ const typeahead = (function() {
   }
 
   function fetchData(letter) {
-    const url = '/rpc?type=' + suggest_type + '&arg=' + letter;
+    const url = '/rpc?v=5&type=' + suggest_type + '&arg=' + letter;
     fetch(url).then(function(response) {
       return response.json();
     }).then(function(data) {

web/lib/DB.class.php

@@ -20,15 +20,23 @@ class DB {
 				$backend = config_get('database', 'backend');
 				$host = config_get('database', 'host');
 				$socket = config_get('database', 'socket');
+				$port = config_get('database', 'port');
 				$name = config_get('database', 'name');
 				$user = config_get('database', 'user');
 				$password = config_get('database', 'password');
 
 				if ($backend == "mysql") {
-					$dsn = $backend .
-						':host=' . $host .
-						';unix_socket=' . $socket .
-						';dbname=' . $name;
+					if ($port != '') {
+						$dsn = $backend .
+							':host=' . $host .
+							';port=' . $port .
+							';dbname=' . $name;
+					} else {
+						$dsn = $backend .
+							':host=' . $host .
+							';unix_socket=' . $socket .
+							';dbname=' . $name;
+					}
 
 					self::$dbh = new PDO($dsn, $user, $password);
 					self::$dbh->exec("SET NAMES 'utf8' COLLATE 'utf8_general_ci';");

web/lib/confparser.inc.php

@@ -30,7 +30,9 @@ function config_get($section, $key) {
 	global $AUR_CONFIG;
 	config_load();
 
-	return $AUR_CONFIG[$section][$key];
+	return isset($AUR_CONFIG[$section][$key])
+		? $AUR_CONFIG[$section][$key]
+		: null;
 }
 
 function config_get_int($section, $key) {

web/lib/pkgbasefuncs.inc.php

@@ -1189,7 +1189,8 @@ function pkgbase_get_comaintainer_uids($base_ids) {
  * @return array Tuple of success/failure indicator and error message
  */
 function pkgbase_set_comaintainers($base_id, $users, $override=false) {
-	if (!$override && !has_credential(CRED_PKGBASE_EDIT_COMAINTAINERS, array(pkgbase_maintainer_uid($base_id)))) {
+	$maintainer_uid = pkgbase_maintainer_uid($base_id);
+	if (!$override && !has_credential(CRED_PKGBASE_EDIT_COMAINTAINERS, array($maintainer_uid))) {
 		return array(false, __("You are not allowed to manage co-maintainers of this package base."));
 	}
 
@@ -1207,9 +1208,12 @@ function pkgbase_set_comaintainers($base_id, $users, $override=false) {
 
 		if (!$uid) {
 			return array(false, __("Invalid user name: %s", $user));
+		} elseif ($uid == $maintainer_uid) {
+			// silently ignore when maintainer == co-maintainer
+			continue;
+		} else {
+			$uids_new[] = $uid;
 		}
-
-		$uids_new[] = $uid;
 	}
 
 	$q = sprintf("SELECT UsersID FROM PackageComaintainers WHERE PackageBaseID = %d", $base_id);