Add files via upload

.docker/full-stack.yml

@@ -39,16 +39,18 @@ services:
     restart: on-failure
 
   mariadb:
-    image: mariadb:10.0
+    image: mariadb:10.11
     volumes:
       - './mariadb-init-sql:/docker-entrypoint-initdb.d:ro'
       - '../configs/my.cnf:/etc/mysql/conf.d/50-binlog.cnf:ro'
       - 'mariadb-data:/var/lib/mysql'
     environment:
-      - MYSQL_RANDOM_ROOT_PASSWORD=yes
+      - MYSQL_ROOT_PASSWORD=123456789987jaGAJ
       - MYSQL_USER=nyaadev
       - MYSQL_PASSWORD=ZmtB2oihHFvc39JaEDoF
       - MYSQL_DATABASE=nyaav2
+    ports:
+      - "3306:3306" # Exposes MariaDB to your local Adminer
 
   elasticsearch:
     image: elasticsearch:6.5.4

config.example.py

@@ -1,7 +1,7 @@
 import os
 import re
 
-DEBUG = True
+DEBUG = False
 
 ######################
 ## Maintenance mode ##
@@ -29,9 +29,9 @@
 #############
 
 # What the site identifies itself as. This affects templates, not database stuff.
-SITE_NAME = 'Nyaa'
+SITE_NAME = 'AnimeBD'
 # What the both sites are labeled under (used for eg. email subjects)
-GLOBAL_SITE_NAME = 'Nyaa.si'
+GLOBAL_SITE_NAME = 'www.animebd.xyz'
 
 # General prefix for running multiple sites, eg. most database tables are site-prefixed
 SITE_FLAVOR = 'nyaa' # 'nyaa' or 'sukebei'
@@ -45,7 +45,7 @@
 # Present a recaptcha for anonymous uploaders
 USE_RECAPTCHA = False
 # Require email validation
-USE_EMAIL_VERIFICATION = False
+USE_EMAIL_VERIFICATION = True
 # Use MySQL or Sqlite3 (mostly deprecated)
 USE_MYSQL = True
 # Show seeds/peers/completions in torrent list/page
@@ -92,18 +92,18 @@
 ###########
 
 # 'smtp' or 'mailgun'
-MAIL_BACKEND = 'mailgun'
+MAIL_BACKEND = 'smtp'
 MAIL_FROM_ADDRESS = 'Sender Name <sender@domain.com>'
 
 # Mailgun settings
 MAILGUN_API_BASE = 'https://api.mailgun.net/v3/YOUR_DOMAIN_NAME'
 MAILGUN_API_KEY = 'YOUR_API_KEY'
 
 # SMTP settings
-SMTP_SERVER = '***'
+SMTP_SERVER = 'smtp.gmail.com'
 SMTP_PORT = 587
-SMTP_USERNAME = '***'
-SMTP_PASSWORD = '***'
+SMTP_USERNAME = ''
+SMTP_PASSWORD = ''
 
 
 # The maximum number of files a torrent can contain
@@ -112,10 +112,10 @@
 
 # Verify uploaded torrents have the given tracker in them?
 ENFORCE_MAIN_ANNOUNCE_URL = False
-MAIN_ANNOUNCE_URL = 'http://127.0.0.1:6881/announce'
+MAIN_ANNOUNCE_URL = 'http://main.animebd.xyz:6881/announce'
 
 # Tracker API integration - don't mind this
-TRACKER_API_URL = 'http://127.0.0.1:6881/api'
+TRACKER_API_URL = 'http://main.animebd.xyz:6881/api'
 TRACKER_API_AUTH = 'topsecret'
 
 #############

sync_es.py

@@ -114,6 +114,7 @@ def reindex_torrent(t, index_name):
     return {
         '_op_type': 'update',
         '_index': index_name,
+        '_type': '_doc',
         '_id': str(t['id']),
         "doc": doc,
         "doc_as_upsert": True
@@ -127,6 +128,7 @@ def reindex_stats(s, index_name):
     return {
         '_op_type': 'update',
         '_index': index_name,
+        '_type': '_doc',
         '_id': str(s['torrent_id']),
         "doc": {
             "stats_last_updated": s["last_updated"],
@@ -139,6 +141,7 @@ def delet_this(row, index_name):
     return {
         "_op_type": 'delete',
         '_index': index_name,
+        '_type': '_doc',
         '_id': str(row['values']['id'])}
 
 # we could try to make this script robust to errors from es or mysql, but since
@@ -166,8 +169,42 @@ def __init__(self, write_buf):
         self.write_buf = write_buf
 
     def run_happy(self):
-        with open(SAVE_LOC) as f:
-            pos = json.load(f)
+        # Try to load saved position, or initialize from MySQL SHOW MASTER STATUS
+        try:
+            with open(SAVE_LOC, 'r') as f:
+                content = f.read().strip()
+                if content:
+                    pos = json.loads(content)
+                else:
+                    # File is empty, get position from MySQL
+                    log.info(f"Position file {SAVE_LOC} is empty, initializing from MySQL")
+                    with app.app_context():
+                        result = db.engine.execute('SHOW MASTER STATUS;').fetchone()
+                        pos = {
+                            'log_file': result[0],
+                            'log_pos': result[1]
+                        }
+                    log.info(f"Initialized position from MySQL: {pos}")
+        except FileNotFoundError:
+            # File doesn't exist, create it from MySQL
+            log.info(f"Position file {SAVE_LOC} not found, initializing from MySQL")
+            with app.app_context():
+                result = db.engine.execute('SHOW MASTER STATUS;').fetchone()
+                pos = {
+                    'log_file': result[0],
+                    'log_pos': result[1]
+                }
+            log.info(f"Initialized position from MySQL: {pos}")
+        except (json.JSONDecodeError, ValueError) as e:
+            # File has invalid JSON, get position from MySQL
+            log.warning(f"Position file {SAVE_LOC} has invalid JSON: {e}, reinitializing from MySQL")
+            with app.app_context():
+                result = db.engine.execute('SHOW MASTER STATUS;').fetchone()
+                pos = {
+                    'log_file': result[0],
+                    'log_pos': result[1]
+                }
+            log.info(f"Reinitialized position from MySQL: {pos}")
 
         stream = BinLogStreamReader(
                 # TODO parse out from config.py or something

tests/test_nyaa.py

@@ -50,6 +50,45 @@ def test_registration_url(self):
         assert b'Username' in rv.data
         assert b'Password' in rv.data
 
+    def test_login_with_non_ascii_username(self):
+        # Posting a username with non-ASCII characters should not raise an exception
+        rv = self.app.post('/login', data={
+            'username': 'ünîcødê',
+            'password': 'whatever'
+        }, follow_redirects=True)
+        assert b'Invalid characters in username.' in rv.data
+
+    def test_email_blacklist_validator(self):
+        # Registry should reject emails matching string or regex entries
+        with self.nyaa_app.app_context():
+            self.nyaa_app.config['EMAIL_BLACKLIST'] = ['foo', re.compile(r'bar')]
+
+        # use form directly to avoid full request complexity
+        form = nyaa.forms.RegisterForm(data={
+            'username': 'user1',
+            'email': 'foo@example.com',
+            'password': 'pass123',
+            'password_confirm': 'pass123'
+        })
+        assert not form.validate()
+        assert any('Blacklisted email provider' in e for e in form.email.errors)
+
+        form = nyaa.forms.RegisterForm(data={
+            'username': 'user2',
+            'email': 'bar@domain.com',
+            'password': 'pass123',
+            'password_confirm': 'pass123'
+        })
+        assert not form.validate()
+
+        form = nyaa.forms.RegisterForm(data={
+            'username': 'user3',
+            'email': 'good@domain.com',
+            'password': 'pass123',
+            'password_confirm': 'pass123'
+        })
+        assert form.validate()
+
 
 if __name__ == '__main__':
     unittest.main()