Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

- On non-localhost communication, this whitelists forwarded headers
  on all remote ips
- Add more headers
- Force https X-Forwarded-Proto
- Unset Forwarded header and rely on X-Forwarded-*

Signed-off-by: Kevin Morris <kevr@0cost.org>

When the Docker image is outdated, we need to fetch updated
archlinux-keyring keys to perform an -Syu without problems.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Added the rest:
- aurweb-pkgmaint
- aurweb-usermaint
- aurweb-tuvotereminder
- aurweb-popupdate

Signed-off-by: Kevin Morris <kevr@0cost.org>

This patch brings in the use of .with_entities on our
RPC search query. This primarily fixes performance issues
we were seeing with large queries.

That being said, we do see a bit of a slowdown on
large record count rpc queries, but it's quite negligible
at this point.

We still do aim to perform better than the older PHP
implementation, so this is not a finishing patch by
any means.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Closes #255



Signed-off-by: Kevin Morris <kevr@0cost.org>

We were allowing erroneous URLs through, raising exceptions,
from e.g. `http://[localhost:8444/blah`. This patch catches
any ValueErrors raised during the parse process and returns
False, indicating that the validation failed.

This patch also adds testing specifically for `util.valid_homepage`.
We didn't have specific testing for this before; this will allow us
to catch regressions in this area.

Closes #250



Signed-off-by: Kevin Morris <kevr@0cost.org>

Without this rewriting, we've been running into conversing with
HTTP over HTTPS (400 Bad Request).

TODO: Refactor this entire nginx config to something a bit more
simple and clean.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

We don't need the https certificates being dealt with in the fastapi
service; we will define our certificates in any frontend nginx
running on top.

Signed-off-by: Kevin Morris <kevr@0cost.org>

This commit does quite a bit:
- Catches unhandled exceptions raised in the route handler and
  produces a 500 Internal Server Error Arch-themed response.
- Each unhandled exception causes a notification to be sent to new
  `notifications.postmaster` email with a "Traceback ID."
- Traceback ID is logged to the server along with the traceback which
  caused the 500: `docker-compose logs fastapi | grep '<traceback_id>'`
- If `options.traceback` is set to `1`, traceback is displayed in
  the new 500.html template.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Prioritizes COMMIT_HASH environment variable and uses
`aurweb.config.AURWEB_VERSION` as a fallback.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Originally left at util/adduser.py, this script allows administrators
to simply add a user to the configured aurweb database.

See --help for options.

Signed-off-by: Kevin Morris <kevr@0cost.org>

This gets raised when a client closes a connection before receiving
a valid response; this is not controllable from our side.

Signed-off-by: Kevin Morris <kevr@0cost.org>

After two months, this finally got merged by somebody else.
Still largely considering moving away from FastAPI in the
long run, but this is better than relying on kevr's fork
for starlette 0.17.1 compat.

Other packages have also been upgraded and locked to versions.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

This migration modifies the Yes, No, Abstain and ActiveTUs columns
of the TUVoteInfo table from unsigned TINYINT to unsigned INTEGER.

TINYINT supports a total of 1 byte (up to 255 trusted users). This
is quite limited and we don't spend too much more by storing a
standard 4-byte INTEGER.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Previous conversion was causing a straight up bug when submitting
new proposals. This patch fixes that issue.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Closes #237



Signed-off-by: Kevin Morris <kevr@0cost.org>

Closes #238



Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

In addition, we display the Voters partial regardless of them existing
or not; with no voters, an empty Voters list is displayed.

Closes #236



Signed-off-by: Kevin Morris <kevr@0cost.org>

Closes #235



Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

This was stopping us from using numerous records for each dep type.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Conflicts, Provides and Replaces did not have consistent
ordering with PHP. This patch fixes that issue.

Closes #228



Signed-off-by: Kevin Morris <kevr@0cost.org>

Closes #229



Signed-off-by: Kevin Morris <kevr@0cost.org>

This was redirecting us to the package which we merged, leading
us into a 404. This fixes that issue by instead redirecting us
into the target we merge into.

Closes #231



Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>