funkwhale merge requestshttps://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests2020-06-05T04:25:21Zhttps://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1133Resolve "Firefox auto-fills your remembered username in the search box if you...2020-06-05T04:25:21ZAgateResolve "Firefox auto-fills your remembered username in the search box if you open the user settings page"Closes #1090, supersedes !1106
@interfect, I found out an easier solution, which was setting the "search" type on the search field ;) (via https://gist.github.com/runspired/b9fdf1fa74fc9fb4554418dea35718fe#gistcomment-2725790)Closes #1090, supersedes !1106
@interfect, I found out an easier solution, which was setting the "search" type on the search field ;) (via https://gist.github.com/runspired/b9fdf1fa74fc9fb4554418dea35718fe#gistcomment-2725790)0.21.1https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1132Revert "Merge branch 'fix-import-python-3-5' into 'develop'"2020-06-05T04:36:57ZAgateRevert "Merge branch 'fix-import-python-3-5' into 'develop'"This reverts merge request !1129. reopens #1147 and #1148
Unfortunately, this breaks on higher versions of Python with
```
Starting import of new files…
Traceback (most recent call last):
File "manage.py", line 27, in <module>...This reverts merge request !1129. reopens #1147 and #1148
Unfortunately, this breaks on higher versions of Python with
```
Starting import of new files…
Traceback (most recent call last):
File "manage.py", line 27, in <module>
execute_from_command_line(sys.argv)
File "/venv/lib/python3.7/site-packages/django/core/management/__init__.py", line 401, in execute_from_command_line
utility.execute()
File "/venv/lib/python3.7/site-packages/django/core/management/__init__.py", line 395, in execute
self.fetch_command(subcommand).run_from_argv(self.argv)
File "/venv/lib/python3.7/site-packages/django/core/management/base.py", line 328, in run_from_argv
self.execute(*args, **cmd_options)
File "/venv/lib/python3.7/site-packages/django/core/management/base.py", line 369, in execute
output = self.handle(*args, **options)
File "/venv/lib/python3.7/site-packages/django/core/management/commands/shell.py", line 92, in handle
exec(sys.stdin.read())
File "<string>", line 28, in <module>
File "/venv/lib/python3.7/site-packages/django/core/management/__init__.py", line 168, in call_command
return command.execute(*args, **defaults)
File "/venv/lib/python3.7/site-packages/django/core/management/base.py", line 369, in execute
output = self.handle(*args, **options)
File "/app/funkwhale_api/music/management/commands/import_files.py", line 307, in handle
for i, entries in enumerate(batch(crawler, options["batch_size"])):
File "/app/funkwhale_api/music/management/commands/import_files.py", line 58, in batch
current.append(next(iterable))
File "/app/funkwhale_api/music/management/commands/import_files.py", line 46, in crawl_dir
yield from dir_scanner(scanner, extensions, recursive, ignored)
File "/app/funkwhale_api/music/management/commands/import_files.py", line 35, in dir_scanner
entry, extensions, recursive=recursive, ignored=ignored
File "/app/funkwhale_api/music/management/commands/import_files.py", line 27, in dir_scanner
for entry in scanner:
TypeError: 'posix.DirEntry' object is not iterable
```0.21.1https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1131Resolve "Add "New channels" widget on landing page"2020-06-05T08:38:38ZAgateResolve "Add "New channels" widget on landing page"Closes #1113
(don't mind the sidebar, my screenshot tool is confused by the fixed layout)
![image](/uploads/28a30c2b13e72c57b53df123f10924df/image.png)
cc @funkwhale/reviewers-frontCloses #1113
(don't mind the sidebar, my screenshot tool is confused by the fixed layout)
![image](/uploads/28a30c2b13e72c57b53df123f10924df/image.png)
cc @funkwhale/reviewers-front0.21.1https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1130Resolve "X episodes instead of X tracks on Artist channel page"2020-06-05T08:38:52ZAgateResolve "X episodes instead of X tracks on Artist channel page"Closes #1117
# Before
![Screenshot_20200605_052931](/uploads/fbda734c45615784f84b584e30fd3c87/Screenshot_20200605_052931.png)
# After
![Screenshot_20200605_052911](/uploads/7f53cc80cc425befc22b475a15209b61/Screenshot_2020060...Closes #1117
# Before
![Screenshot_20200605_052931](/uploads/fbda734c45615784f84b584e30fd3c87/Screenshot_20200605_052931.png)
# After
![Screenshot_20200605_052911](/uploads/7f53cc80cc425befc22b475a15209b61/Screenshot_20200605_052911.png)
cc @funkwhale/reviewers-front0.21.1https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1129Fix support for Python 3.5 in import script2020-06-05T04:09:47ZCiarán Ainsworthsporiff@funkwhale.audioFix support for Python 3.5 in import scriptFix #1148 and #1147 XXX <!-- it's okay to have no issue for small changes -->
This Merge Request includes:
- [x] A changelog fragment (cf https://docs.funkwhale.audio/contributing.html#changelog-management)
This MR fixes compati...Fix #1148 and #1147 XXX <!-- it's okay to have no issue for small changes -->
This Merge Request includes:
- [x] A changelog fragment (cf https://docs.funkwhale.audio/contributing.html#changelog-management)
This MR fixes compatibility with Python < 3.6. The `os.scandir()` method didn't receive context support until 3.6, so users of Debian 9 (mostly Yunohost users) cannot run the script as of version 0.21 as seen in the above issues. Since we are supporting 3.5 until version 1.0, this should probably be fixed for 0.21.1.
This has been tested on my Yunohost server running Debian 9, Python 3.5.
CC @funkwhale/reviewers-python0.21.1Ciarán Ainsworthsporiff@funkwhale.audioCiarán Ainsworthsporiff@funkwhale.audiohttps://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1128docker-compose: fix music dir being mounted in the wrong place for nginx2021-02-11T07:36:34Zcodldocker-compose: fix music dir being mounted in the wrong place for nginx1.1https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1127See #1108: support using OAuth instead of JWT in front when logging in to a d...2020-05-18T12:55:16ZAgateSee #1108: support using OAuth instead of JWT in front when logging in to a different domainSee #1108
When trying to login with the SPA on a different domain (typically happens in development when pointing the frontend to a different domain), use Oauth instead of JWT:
- [x] Create an OAuth app and redirect user to authorizat...See #1108
When trying to login with the SPA on a different domain (typically happens in development when pointing the frontend to a different domain), use Oauth instead of JWT:
- [x] Create an OAuth app and redirect user to authorization screen on the api domain
- [x] Handle redirection and store oauth app/credentials
- [x] Use oauth `Bearer` token instead of JWT for authentication when doing ajax requests
- [x] Refresh oauth token transparently when it is expired, via `axios-auth-refresh`1.0https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1126Support session/cookie based auth, see #11082020-05-18T10:03:32ZAgateSupport session/cookie based auth, see #1108Initially, I wanted to use oauth for the web app UI, but it's not possible: to validate an oauth login, you must be authenticated, so there is a loop here ;) See #1108.
Since in 99% of cases the webapp is on the same domain as the API...Initially, I wanted to use oauth for the web app UI, but it's not possible: to validate an oauth login, you must be authenticated, so there is a loop here ;) See #1108.
Since in 99% of cases the webapp is on the same domain as the API, it's way easier and more secure to use session/cookie based auth.
This MR does that by:
- [x] Adding the necessary logic for cookie based login/logout on the API
- [x] Update the front-end to use the new session-based auth
- [x] Implement CSRF checks and header passing (because cookie based auth is vulnerable to this kind of attacks)
- [x] (unrelated) more consistent URL schemes, everything that is auth/user related is now under `/api/v1/users`
For the remaining 1% cases, where we won't be able to use cookie based auth because the front-end is served on another domain, we can use OAuth (to be implemented): the front-end will be considered as a separate oauth app and use OAuth for everything.1.0https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1125New theming system2020-05-15T12:22:15ZAgateNew theming systemInspired by @i_lie's work at !1094 but with a different approach to make it easier to costumize CSS and build new themes.
Basically, every important color and property is now a CSS variable, meaning one can override the variable direc...Inspired by @i_lie's work at !1094 but with a different approach to make it easier to costumize CSS and build new themes.
Basically, every important color and property is now a CSS variable, meaning one can override the variable directly, instead of overriding all the CSS rules using the hardcoded value.
For instance, instead of doing:
```css
.theme-dark .ui.sidebar {
background: red;
}
```
you can now do:
```css
.theme-dark {
--sidebar-background: red;
}
```
The benefits of this approach are multiple:
1. You don't need to override many, many rules (e.g `.button.orange, .button.basic.orange, .button.inverted.basic`). Changing the corresponding variable a single time is enough. This results in easier maintenance and development of new themes
2. It's possible to build themes in pure CSS (meaning we could support per-pod and per-user themes, without the need to rebuild the front-end)
3. It's less error-prone
4. It results in smaller CSS
5. It makes it easier to preserve backward compatibility with existing themes in future versions, since themes don't need to override CSS rules
## What's in this PR?
In order to make this possible, I had to rewrite a lot of stuff, in particular:
- [x] Write a basic CSS parser to replace hardcoded color values in Fomantic UI source files, by their CSS var counterpart (see `front/scripts/fix-fomantic-css.py`)
- [x] Move back all the customizations that were done in the dark theme, back to the main CSS, setting new variables, and updating all our code to use these new variables
Although not directly related to this MR, I took this opportunity to:
- [x] Move all scoped CSS from `.vue` files to `.scss` files in `front/src/style`. It really makes everything easier to understand and maintain
- [x] Have `front/scripts/fix-fomantic-css.py` also strip unused rules and icons from Fomantic CSS. Resulting in a 45% reduction in the size of our final CSS file, from `715KiB` to `405KiB` (before compression). This may results in a few display issues here and there, but it worked great during my tests
- [x] Improve dark theme consistency and fixed some corner cases (e.g the sidebar input wasn't dark themed, neither some dropdowns, etc.)
## Dark theme exemple
The dark theme went from a 300 lines file with many nested rules, to this:
```scss
// _main.scss
@use "sass:meta";
@use "./_vars.scss" as vars;
.theme-dark {
$fwVars: meta.module-variables("vars");
@import "../../_css_vars.scss";
}
// _vars.scss
/* purgecss start ignore */
$site-background: rgb(43, 58, 66);
$light-background-color: rgb(51, 71, 82);
$input-background: rgb(65, 86, 97);
$dimmer-background: rgba(43, 58, 66, 0.9);
$text-color: rgb(223, 235, 240);
$discrete-text-color: rgba(223, 235, 240, 0.904);
$really-discrete-text-color: rgba(223, 235, 240, 0.804);
$border-color: rgba(104, 136, 155, 0.5);
$light-shadow-color: rgba(223, 235, 240, 0.15);
$shadow-color: rgba(63, 102, 97, 0.95);
$box-shadow: 0px 1px 3px 0px rgba(63, 88, 102, 0.95),
0px 0px 0px 1px rgba(63, 88, 102, 0.98);
$link-color: rgb(255, 144, 0);
$link-hover-color: $link-color;
$button-basic-box-shadow: 0px 0px 0px 1px $light-shadow-color inset;
$button-basic-color: $text-color;
$button-basic-hover-box-shadow: 0px 0px 0px 1px $text-color inset;
$dropdown-item-hover-background: $light-background-color;
$input-selection-background: $text-color;
$divider-color: $border-color;
$secondary-meny-box-shadow: inset 0px -2px 0px 0px $light-background-color;
$secondary-menu-active-item-box-shadow: inset 0px -2px 0px 0px $shadow-color;
$secondary-menu-active-item-color: $text-color;
$segment-background: $light-background-color;
$table-background: $input-background;
@import "../../_vars";
```
As you can see, building new themes, such as the Darkgreen theme contributed by @i_lie will be considerably easier using this new system. It also makes it possible to do more fine grained theming, purely in the browser, overriding only certain variables, as shown in the video below.
![Peek_2020-05-15_13-52](/uploads/7237530818292b1410ea9378839c8b7b/Peek_2020-05-15_13-52.mp4)1.0https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1124Use scoped tokens to load <audio> urls instead of JWT2020-05-11T08:06:37ZAgateUse scoped tokens to load <audio> urls instead of JWTPart of #1108
# Rationale
We sometimes need to embed a token in the `<audio src="">` URL, as we cannot override the `Authorization` header there (the browser handles the request for us). As a workaround, we supported providing the...Part of #1108
# Rationale
We sometimes need to embed a token in the `<audio src="">` URL, as we cannot override the `Authorization` header there (the browser handles the request for us). As a workaround, we supported providing the `jwt` param in the querysting, which worked great but wasn't really great in terms of security: if you share the download URL, or shared some browser logs in a chat, everyone could access your account.
This proposal mitigates this by:
1. Allowing the generation of scoped tokens (tokens with a restricted set of capabilites) on server side
2. Extend the JSON payload returned by `/api/v1/users/me` to include a new property, `"tokens": {"listen": "<token>"}`
3. Using this token in the querystring instead of the JWT token
4. Expiring scoped tokens after 3 days
The `listen` token can only be used to access the `/api/v1/listen` endpoint, meaning in the worst case scenario, if a token is leaked, someone will be able to listen to some tracks on behalf of you (assuming they also know the corresponding track and upload uuid) for a period of 3 days.
If a user changes their password (which triggers an update of `user.secret_key`), all their existing tokens are invalidated.
In the UI, we call `/users/me` every few hours to ensure we always have a valid token (and refresh the user profile, as well).
I plan to implement something similar for websockets, by adding a new oauth scope for websockets, and include a new token for this scope in the `tokens` returned by `/users/me`.
Note that this change is fully backward compatible (nothing was removed on the API regarding JWT).1.0https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1123Resolve "Removed masonry"2020-05-07T16:39:31ZAgateResolve "Removed masonry"Closes #1112Closes #11120.21.1https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1122Fix #1092: Ensure player doesn't disappear when last queue track is removed m...2020-05-07T15:55:34ZAgateFix #1092: Ensure player doesn't disappear when last queue track is removed manuallyCloses #1092Closes #10920.21.1https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1121Fix #1078: Include tracks by album artist when filtering by artist on /api/v1...2020-05-07T14:48:11ZAgateFix #1078: Include tracks by album artist when filtering by artist on /api/v1/tracksCloses #1078Closes #10780.21.1https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1120Fix #876: use proper http-signature release2021-03-10T12:12:47ZAgateFix #876: use proper http-signature releaseCloses #876Closes #8761.1Georg KrauseGeorg Krausehttps://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1119Update followchannel.rst2020-05-07T14:29:52ZSirenUpdate followchannel.rstRelated issue: #XXX <!-- it's okay to have no issue for small changes -->
This Merge Request includes:
- [ ] Tests
- [ ] A changelog fragment (cf https://docs.funkwhale.audio/contributing.html#changelog-management)
Edit of spelling er...Related issue: #XXX <!-- it's okay to have no issue for small changes -->
This Merge Request includes:
- [ ] Tests
- [ ] A changelog fragment (cf https://docs.funkwhale.audio/contributing.html#changelog-management)
Edit of spelling error.https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1118Build docker images for master branch2020-05-07T12:12:00ZAgateBuild docker images for master branchhttps://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1117Fix #1011: Ensure tracks linked to skipped upload can be pruned2020-05-07T11:55:59ZAgateFix #1011: Ensure tracks linked to skipped upload can be prunedCloses #1011Closes #10110.21.1https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1116Fix #1086: Added safeguard to ensure local uploads are never purged from cache2020-05-07T12:05:41ZAgateFix #1086: Added safeguard to ensure local uploads are never purged from cacheCloses #1086Closes #10860.21.1https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1115Fix #1087: Fix playlist modal only listing 50 first playlists2020-05-07T11:18:39ZAgateFix #1087: Fix playlist modal only listing 50 first playlistsCloses #1087Closes #10870.21.1https://dev.funkwhale.audio/funkwhale/funkwhale/-/merge_requests/1114Fix #1091: page not refreshing when switching between My Library and Explore ...2020-05-06T08:44:09ZAgateFix #1091: page not refreshing when switching between My Library and Explore sectionsCloses #1091
Underlying issue was that the same set of components is used for both sections. However, vue-router attempts to reuse the component if possible, hence the problem.Closes #1091
Underlying issue was that the same set of components is used for both sections. However, vue-router attempts to reuse the component if possible, hence the problem.0.21.1