show live commit to everyone

2022-12-30 15:32:58 +02:00 · 2022-12-30 15:32:58 +02:00 · 0bbe5d5ddd
parent 2805ecbfca
commit 0bbe5d5ddd
4 changed files with 22 additions and 26 deletions
--- a/files/routes/admin.py
+++ b/files/routes/admin.py
@ -455,27 +455,8 @@ def admin_home(v):
 	if v.admin_level >= PERMS['SITE_SETTINGS_UNDER_ATTACK']:
 		under_attack = (get_security_level() or 'high') == 'under_attack'

-	gitref = admin_git_head()
-	
 	return render_template("admin/admin_home.html", v=v, 
-		under_attack=under_attack, 
-		gitref=gitref)
-
-def admin_git_head():
-	short_len = 12
-	# Note: doing zero sanitization. Git branch names are extremely permissive.
-	# However, they forbid '..', so I don't see an obvious dir traversal attack.
-	# Also, a malicious branch name would mean someone already owned the server
-	# or repo, so I think this isn't a weak link.
-	try:
-		with open('.git/HEAD', encoding='utf_8') as head_f:
-			head_txt = head_f.read()
-			head_path = git_regex.match(head_txt).group(1)
-			with open('.git/' + head_path, encoding='utf_8') as ref_f:
-				gitref = ref_f.read()[0:short_len]
-	except:
-		return '<unable to read>', ''
-	return (gitref, head_txt)
+		under_attack=under_attack)

@app.post("/admin/site_settings/<setting>")
@admin_level_required(PERMS['SITE_SETTINGS'])
--- a/files/routes/front.py
+++ b/files/routes/front.py
@ -10,6 +10,22 @@ from files.helpers.sorting_and_time import *
 from files.routes.wrappers import *
 from files.__main__ import app, cache, limiter

+def git_head():
+	short_len = 12
+	# Note: doing zero sanitization. Git branch names are extremely permissive.
+	# However, they forbid '..', so I don't see an obvious dir traversal attack.
+	# Also, a malicious branch name would mean someone already owned the server
+	# or repo, so I think this isn't a weak link.
+	try:
+		with open('.git/HEAD', encoding='utf_8') as head_f:
+			head_txt = head_f.read()
+			head_path = git_regex.match(head_txt).group(1)
+			with open('.git/' + head_path, encoding='utf_8') as ref_f:
+				gitref = ref_f.read()[0:short_len]
+	except:
+		return '<unable to read>', ''
+	return (gitref, head_txt)
+
@app.get("/")
@app.get("/h/<sub>")
@app.get("/s/<sub>")
@ -70,7 +86,7 @@ def front_all(v, sub=None, subdomain=None):
 		award_timers(v)

 	if v and v.client: return {"data": [x.json(g.db) for x in posts], "next_exists": next_exists}
-	return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, sub=sub, home=True, pins=pins, holes=holes)
+	return render_template("home.html", v=v, listing=posts, next_exists=next_exists, sort=sort, t=t, page=page, sub=sub, home=True, pins=pins, holes=holes, gitref=git_head())


@cache.memoize(timeout=86400)
--- a/files/templates/admin/admin_home.html
+++ b/files/templates/admin/admin_home.html
@ -131,9 +131,4 @@
 	{% endif %}
 {% endif %}

-<h4>Server Status</h4>
-<div>
-	Live Revision: <code>{{gitref[0]}}</code> — <code>{{gitref[1]}}</code>
-</div>
-
 {% endblock %}
--- a/files/templates/home.html
+++ b/files/templates/home.html
@ -177,4 +177,8 @@
 	<script defer src="{{'js/fp.js' | asset}}"></script>
 {% endif %}

+<div class="mt-3">
+	Live Commit: <a href="https://fsdfsd.net/rDrama/rDrama/commit/{{gitref[0]}}">{{gitref[0]}}</a>
+</div>
+
 {% endblock %}