Release v1.2.0 (#21)

Release v1.2.0

README.md

@@ -7,129 +7,11 @@ Click [here](https://ls.ikl.sh) for a live demo.
 
 liteshort is designed with the main goal of being lightweight. It does away with all the frills of other link shorteners and allows the best of the basics at a small resource price. liteshort uses under 20 MB of memory idle, per worker. liteshort has an easy-to-use API and web interface. liteshort doesn't store any more information than necessary: just the long and short URLs. It does not log the date of creation, the remote IP, or any other information.
 
-liteshort uses Python 3, [Flask](http://flask.pocoo.org/), SQLite3, and [uwsgi](https://uwsgi-docs.readthedocs.io/en/latest/) for the backend. 
-The frontend is a basic POST form using [PureCSS](https://purecss.io).
+liteshort focuses on being configurable. There are over 15 config options and most updates will add more. Configuration is done through the easy-to-use YAML format.
+
 
 ![liteshort screenshot](https://fs.ikl.sh/selif/4cgndb6e.png)
 
 ## Installation
-This installation procedure assumes that you plan to installing using a web server reverse proxy through a unix socket. This guide is loosely based upon DigitalOcean's [Flask/uWSGI/nginx guide](https://www.digitalocean.com/community/tutorials/how-to-serve-flask-applications-with-uswgi-and-nginx-on-ubuntu-18-04).
-Before installing, you must the following or your distribution's equivalent must be installed:
-* python3-pip 
-* python3-dev 
-* python3-setuptools
-* python3-venv
-* build-essential
-
-Start in the directory you wish to install to and modify to fit your installation. It is recommended to use a user specifically for liteshort and the www-data group for your installation folder.
-
-```sh
-git clone https://github.com/132ikl/liteshort
-python3 -m venv virtualenv
-source virtualenv/bin/activate
-pip install wheel
-pip install bcrypt flask pyyaml uwsgi
-```
-
-Edit `liteshort.ini` and `liteshort.service` as seen fit. Then edit `config.yml` according to the [Configuration](#configuration) section.
-
-Finally,
-```sh
-cp liteshort.service /etc/systemd/system/
-systemctl enable liteshort
-systemctl start liteshort
-```
-
-liteshort is now accessible through a reverse proxy. The socket file is created in the install path.
-
-## Configuration
-The configuration file has an explanation for each option. This section will detail the mandatory options to be set before the program is able to be started.
-
-`admin_hashed_password` or `admin_password`
-* These must be set in order to use the API. If you do not care about the API, simply set `disable_api` to true.
-As to not store the API password in cleartext, `admin_hashed_password` is preferred over `admin_password`. Run `securepass.sh` in order to generate the password hash. Set `admin_hashed_password` to the output of the script, excluding the username header at the beginning of the hash.
-Note that using admin_hashed_password is more resource-intensive than `admin_password`, so the API will be noticeably slower when using `admin_hashed_password`.
-
-`secret_key`
-* This is used for cookies in order to store messages between requests. It should be a randomized key 12-16 characters, comprised of letters, number, and symbols. A standard password from a generator works fine.
-
-
-## API
-All API requests should have the POST form data `format` set to `json`.
-In order to create a new short URL, simply make a POST request with the form data `long` set to your long link and, optionally, set `short` to your short link.
-Everything other than creation of links requires BasicAuth using the username and password defined in the configuration file. To use the following commands, set `api` to the command in the form data of your request.
-* `list` and `listshort`
-    * Lists all links the the database, sorted by short links.
-* `listlong`
-    * Lists all links in the database, sorted by long links.
-* `delete`
-    * Deletes a URL. In the form data, set `short` to the short link you want to delete, or set `long` to delete all short links that redirect to the provided long link.
-
-### Example Request
-```
-curl -u [admin_username]:[admin_password] \
-  -d 'format=json' \
-  -d 'api=delete' \
-  -d 'short=[short]' \
-  [url]
-```
-
-## Using a reverse proxy
-The following are barebones examples of an nginx proxy for liteshort, meaning it doesn't have SSL or anything fancy. You may also use a non-nginx webserver by making a config equivalent for it based upon the following configurations. Make sure your webserver is serving the /static/ folder. While liteshort can serve the folder, webservers are much more efficient at serving static files.
-
-### On domain root
-
-
-```
-server {
-
-    listen 80;
-
-    server_name example.com;
-    
-    location ^~ /static/  {
-         include  /etc/nginx/mime.types;
-         root /usr/local/liteshort/;
-    }
-
-    location / {
-        include uwsgi_params;
-        uwsgi_pass unix:/path/to/liteshort/liteshort.sock;
-    }
-}
-```
-
-### On a subdomain
-First, make sure `site_domain` and `subdomain` options are set in config.yml. If you want the web interface on a subdomain, but the actual shortlinks on the main domain, as seen on the [demo site](https://ls.ikl.sh), use a configuration akin to the following. Make sure that anything you want to happen before liteshort, like a homepage on /, has its location block BEFORE the rewrite block. Nginx goes in numerical order of location blocks, so the rewrite location block will redirect everything on / to liteshort if not the last block.
-
-```
-server {
-
-    listen 80;
-
-    server_name subdomain.example.com;
-
-    location / {
-        include uwsgi_params;
-        uwsgi_pass unix:/path/to/liteshort/liteshort.sock;
-    }
-}
-
-server {
 
-    listen 80;
- 
-    server_name example.com;
-    
-    location ^~ /static/  {
-         include  /etc/nginx/mime.types;
-         root /usr/local/liteshort/;
-    }
-    
-    location / {
-        rewrite /example/subdomain.example(.+) /$1 break;
-        include uwsgi_params;
-        uwsgi_pass unix:/usr/local/liteshort/liteshort.sock;
-    }
-}
-```
+Liteshort's installation process is dead-simple. Check out the [installation page](https://github.com/132ikl/liteshort/wiki/How-to-Install) for info on how to install.

liteshort/config.py

@@ -0,0 +1,115 @@
+import logging
+from pathlib import Path
+from shutil import copyfile
+
+from appdirs import site_config_dir, user_config_dir
+from pkg_resources import resource_filename
+from yaml import safe_load
+
+logging.basicConfig(level=logging.DEBUG)
+LOGGER = logging.getLogger(__name__)
+
+
+def get_config():
+    APP = "liteshort"
+    AUTHOR = "132ikl"
+
+    paths = [
+        Path("/etc/liteshort"),
+        Path(site_config_dir(APP, AUTHOR)),
+        Path(user_config_dir(APP, AUTHOR)),
+        Path(),
+    ]
+
+    for path in paths:
+        f = path / "config.yml"
+        if f.exists():
+            LOGGER.debug(f"Selecting config file {f}")
+            return open(f, "r")
+
+    for path in paths:
+        try:
+            path.mkdir(exist_ok=True)
+            template = resource_filename(__name__, "config.template.yml")
+            copyfile(template, (path / "config.template.yml"))
+            copyfile(template, (path / "config.yml"))
+            return open(path / "config.yml", "r")
+        except (PermissionError, OSError) as e:
+            LOGGER.warn(f"Failed to create config in {path}")
+            LOGGER.debug("", exc_info=True)
+
+    raise FileNotFoundError("Cannot find config.yml, and failed to create it")
+
+
+# TODO: yikes
+def load_config():
+    with get_config() as config:
+        configYaml = safe_load(config)
+    config = {
+        k.lower(): v for k, v in configYaml.items()
+    }  # Make config keys case insensitive
+
+    req_options = {
+        "admin_username": "admin",
+        "database_name": "urls",
+        "random_length": 4,
+        "allowed_chars": "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_",
+        "random_gen_timeout": 5,
+        "site_name": "liteshort",
+        "site_domain": None,
+        "show_github_link": True,
+        "secret_key": None,
+        "disable_api": False,
+        "subdomain": "",
+        "latest": "l",
+        "selflinks": False,
+        "blocklist": [],
+    }
+
+    config_types = {
+        "admin_username": str,
+        "database_name": str,
+        "random_length": int,
+        "allowed_chars": str,
+        "random_gen_timeout": int,
+        "site_name": str,
+        "site_domain": (str, type(None)),
+        "show_github_link": bool,
+        "secret_key": str,
+        "disable_api": bool,
+        "subdomain": (str, type(None)),
+        "latest": (str, type(None)),
+        "selflinks": bool,
+        "blocklist": list,
+    }
+
+    for option in req_options.keys():
+        if (
+            option not in config.keys()
+        ):  # Make sure everything in req_options is set in config
+            config[option] = req_options[option]
+
+    for option in config.keys():
+        if option in config_types:
+            matches = False
+            if type(config_types[option]) is not tuple:
+                config_types[option] = (
+                    config_types[option],
+                )  # Automatically creates tuple for non-tuple types
+            for req_type in config_types[
+                option
+            ]:  # Iterates through tuple to allow multiple types for config options
+                if type(config[option]) is req_type:
+                    matches = True
+            if not matches:
+                raise TypeError(option + " is incorrect type")
+    if not config["disable_api"]:
+        if "admin_hashed_password" in config.keys() and config["admin_hashed_password"]:
+            config["password_hashed"] = True
+        elif "admin_password" in config.keys() and config["admin_password"]:
+            config["password_hashed"] = False
+        else:
+            raise TypeError(
+                "admin_password or admin_hashed_password must be set in config.yml"
+            )
+    return config

config.yml → liteshort/config.template.yml

@@ -5,13 +5,13 @@ admin_username: 'admin'
 # String: Plaintext password to make admin API requests
 # Safe to remove if admin_hashed_password is set
 # Default: unset
-#admin_password:
+admin_password: CHANGE_ME
 
-# String: Hashed password (bcrypt) to make admin API requests - Preferred over plaintext, use securepass.sh to generate
+# String: Hashed password (bcrypt) to make admin API requests - Preferred over plaintext, use lshash to generate
 # Please note that authentication takes noticeably longer than using plaintext password
 # Don't include the <username>: segment, just the hash
 # Default: unset (required to start application)
-admin_hashed_password:
+#admin_hashed_password:
 
 # Boolean: Disables API. If set to true, admin_password/admin_hashed_password do not need to be set.
 # Default: false
@@ -20,7 +20,7 @@ disable_api: false
 # String: Secret key used for cookies (used for storage of messages)
 # This should be a 12-16 character randomized string with letters, numbers, and symbols
 # Default: unset (required to start application)
-secret_key:
+secret_key: CHANGE_ME
 
 # String: Filename of the URL database without extension
 # Default: 'urls'
@@ -56,6 +56,7 @@ subdomain:
 
 # String: URL which takes you to the most recent short URL's destination
 # Short URLs cannot be created with this string if set
+# Unset to disable
 # Default: l
 latest: 'l'
 
@@ -66,3 +67,11 @@ show_github_link: true
 # Boolean: Allow short URLs linking to your site_domain URL
 # Default: false
 selflinks: false
+
+# List: Prevent creation of URLs linking to domains in the blocklist
+# Example of list formatting in yaml:
+# blocklist:
+#     - blocklisted.com
+#     - subdomain.blocklisted.net
+# Default: []
+blocklist: []