The default page shows the pending requests which were working OK if one
used the Filters button. This fixes the case when someone submits by
using the pager (Next, Last etc).
Closes: #405
Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
We can omit the "distinct" from some queries
because constraints in the DB ensure uniqueness:
* Groups sub-query
PackageGroup: Primary key makes "PackageID" + "GroupID" unique
Groups: Unique index on "Name" column
-> Technically we can't have a package with the same group-name twice
* Licenses sub-query:
PackageLicense -> Primary key makes "PackageID" + "LicenseID" unique
Licenses -> Unique index on "Name" column
-> Technically we can't have a package with the same license-name twice
* Keywords sub-query:
PackageKeywords -> Primary key makes "PackageBaseID" + "KeywordID" unique
(And a Package can only have one PackageBase)
Keywords -> Unique index on "Name" column
-> Technically we can't have a package with the same Keyword twice
* Packages main-query:
We join PackageBases and Users on their primary key columns
(which are guaranteed to be unique)
-> There is no way we could end up with more than one record for a Package
Signed-off-by: moson-mo <mo-son@mailbox.org>
With the 3dcbee5a the filenames inside the .gz archives contained .tmp
at the end. This fixes those by using Gzip Class constructor instead of
the gzip.open method.
Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
See doc/git-archive.md for general Git archive specifications
See doc/repos/metadata-repo.md for info and direction related to the new Git metadata archive
In my opinion, this kind of handling of transactions is pretty ugly.
The being said, we have issues with running into deadlocks on aur.al,
so this commit works against that immediate bug.
An ideal solution would be to deal with retrying transactions through
the `db.begin()` scope, so we wouldn't have to explicitly annotate
functions as "retry functions," which is what this commit does.
Closes#376
Signed-off-by: Kevin Morris <kevr@0cost.org>
swagger-ui uses inline javascript to bootstrap itself, so we need to
allow unsafe inline because we can't give swagger-ui a nonce to embed.
Signed-off-by: Kevin Morris <kevr@0cost.org>
With this on a single line, the argument ordering and class/func
execution was a bit too RNG causing exceptions to be thrown when
producing a notification based off of a deleted pkgbase object.
Signed-off-by: Kevin Morris <kevr@0cost.org>
We will be modeling future RPC implementations on an OpenAPI spec.
While this commit does not completely cohere to OpenAPI in terms
of response data, this is a good start and will allow us to cleanly
document these openapi routes in the current and future.
This commit brings in the new RPC routes:
- GET /rpc/v5/info/{pkgname}
- GET /rpc/v5/info?arg[]=pkg1&arg[]=pkg2
- POST /rpc/v5/info with JSON data `{"arg": ["pkg1", "pkg2"]}`
- GET /rpc/v5/search?arg=keywords&by=valid-by-value
- POST /rpc/v5/search with JSON data `{"by": "valid-by-value", "arg": "keywords"}`
Signed-off-by: Kevin Morris <kevr@0cost.org>
Derived off of original work done by Leonidas Spyropoulos
at https://gitlab.archlinux.org/archlinux/aurweb/-/merge_requests/503
This revision of that original work finishes off the inconsistencies
mentioned in the original MR and adds a small bit of testing for more
regression checks.
Fixes: #360
Signed-off-by: Kevin Morris <kevr@0cost.org>
in addition, remove cookie expiration for AURREMEMBER --
we don't really care about a session time for this cookie, it merely
acts as a flag given out on login to remember what the user selected
Signed-off-by: Kevin Morris <kevr@0cost.org>
Found along with the previous commit to be a security hole in our
implementation. This commit resolves an issue regarding comment editing.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This addresses a severe security issue, which is omitted from this
git message for obscurity purposes.
Otherwise, it allows co-maintainers to see the keyword form when
viewing a package they co-maintain.
Closes#378
Signed-off-by: Kevin Morris <kevr@0cost.org>
This was incorrectly using the particular Package record's name
to format options.snapshot_uri in order to produce URLPath.
It should, instead, use the PackageBase record's name, which
this commit resolves.
Bug reported by thomy2000
Closes#382
Signed-off-by: Kevin Morris <kevr@0cost.org>
Redis's get() method can return None which makes an RPC request error
out:
File "/srv/http/aurweb/aurweb/ratelimit.py", line 103, in check_ratelimit
requests = int(requests.decode())
AttributeError: 'NoneType' object has no attribute 'decode'
