From a97f27c77f7679b2582f9f0435adaffa780b5538 Mon Sep 17 00:00:00 2001 From: Tyler Date: Fri, 23 Jun 2023 16:33:34 -0700 Subject: [PATCH] Fixed revelation not showing --- app.py | 68 +++++++++++++++++++++++--------------- html/shortcode_report.html | 14 ++++++++ 2 files changed, 56 insertions(+), 26 deletions(-) create mode 100644 html/shortcode_report.html diff --git a/app.py b/app.py index fc81a5e..dd25ca4 100644 --- a/app.py +++ b/app.py @@ -88,7 +88,7 @@ cached: dict = { if int(str(chap)[:-3]) not in cached["chapter_list"] ] cached["chapter_list"].sort() -for book in range(1, 66): +for book in range(1, 67): cached["books_chapter_lengths"][book] = kjv_cur.execute( "SELECT c FROM fts_kjv where b = ? ORDER BY id DESC LIMIT 1;", (book,) ).fetchone()[0] @@ -108,8 +108,7 @@ def generate_short_id(): def lookup_bookname(book_id): result = kjv_cur.execute( - f"SELECT n FROM key_english WHERE b = {book_id};" - ).fetchone() + "SELECT n FROM key_english WHERE b = ?;",(book_id,)).fetchone() if result: result = result[0] return result @@ -117,8 +116,7 @@ def lookup_bookname(book_id): def lookup_book_id(bookname) -> int: result = kjv_cur.execute( - f"SELECT b FROM key_english WHERE n = '{bookname}';" - ).fetchone() + "SELECT b FROM key_english WHERE n = ?;",(bookname,)).fetchone() if result: result = result[0] return result @@ -126,10 +124,11 @@ def lookup_book_id(bookname) -> int: def lookup_fts(kwds): logging.debug(f"lookup_fts.kwds = '{kwds}'") - return kjv_cur.execute(f"SELECT * FROM fts_kjv('{kwds}')").fetchall() + return kjv_cur.execute("SELECT * FROM fts_kjv(?)", (kwds,)).fetchall() -def lookup_by_verse_id(start_verse, end_verse=None): +def lookup_by_verse_id(start_verse, end_verse=None) -> list: + # This is an internal function - we don't use placeholders because SQL injection should be impossible here if not end_verse: results = kjv_cur.execute( f"SELECT * FROM fts_kjv WHERE id = {start_verse};" @@ -191,7 +190,8 @@ def ref_input_cleaning( logging.debug(f"ref_input_cleaning({ref})") ref = ref.replace(" ", "") if ref.count(":") != 1 and ref_search: - logging.debug("ref_input_cleaning: Assuming user wanted entire chapter") + if len(ref) == 0: + return "Invalid Query" if ref[-1] in string.digits: ref += ":-" else: @@ -227,8 +227,9 @@ def ref_input_cleaning( def search_input_cleaning( - query, valid_chars=string.ascii_letters + string.digits + "+^* " + query, valid_chars=string.ascii_letters + string.digits + "+^* ", extra_chars='' ): + valid_chars += extra_chars # should protect against SQL injection, maybe. Should have another person review. cleaned_query = [] for character in query: @@ -294,7 +295,7 @@ def parse_query(query_override: str = None): result += "" result += "
" # result += search() - logging.debug(f"parse_query.search = '{result}'") + #logging.debug(f"parse_query.search = '{result}'") return result @@ -357,13 +358,13 @@ def return_dict_rich(ref, defs, simple): def show(kw=None, get_start_verse_id=False, human_readable=False): ref: str = request.args.get("kw", None) get_chapter: bool = request.args.get("all", False) - if ref.endswith(","): - ref = ref[:-1] if kw: ref = kw - if ref is None: + if not ref: return send_file("html/show.html") logging.debug(f"show({ref})") + if ref.endswith(","): + ref = ref[:-1] refs: list = [] for r in ref.split(","): r_ = ref_input_cleaning(r.strip()) @@ -374,6 +375,8 @@ def show(kw=None, get_start_verse_id=False, human_readable=False): verse_results: list = [] # check if the search is for multiple refs for ref in refs: + if len(ref) < 2: + continue logging.debug(f"show.reference({ref})") maybe_chapter: str = ref.split(":")[0][3:] ref_chapter: str = "" @@ -410,7 +413,7 @@ def show(kw=None, get_start_verse_id=False, human_readable=False): logging.debug(f"show.start_verse_id({start_verse_id})") logging.debug(f"show.end_verse_id({end_verse_id})") results = lookup_by_verse_id(start_verse_id, end_verse_id) - logging.debug(f"show.results(len({results}))") + logging.debug(f"show.results len({len(results)})") for result in results: verse_results.append(result) response_list = scripture_response(verse_results, human_readable) @@ -507,10 +510,11 @@ def page_not_found(e): @app.get("/") def idx(shortcode=""): if not sanity: - return "Sanity check failed. Check log, or please notify tyler@dinsmoor.us" + return "Sanity check failed. Check database ownership or please notify tyler@dinsmoor.us" if shortcode: + logging.info(f"/{shortcode}") return resolve_shortcode(shortcode) - logging.info("Index Served") + logging.info(f"/{shortcode}") return send_file("html/index.html") @@ -533,7 +537,7 @@ def random_verse(): response = "
".join(response_list) else: response = jsonify(response_list) - logging.debug(f"Search Response: {response}") + #logging.debug(f"Search Response: {response}") return response @@ -554,7 +558,7 @@ def verse_of_the_day(): response = "
".join(response_list) else: response = jsonify(response_list) - logging.debug(f"Search Response: {response}") + #logging.debug(f"Search Response: {response}") return response @@ -595,7 +599,7 @@ def search(): response = "
".join(response_list) else: response = jsonify(response_list) - logging.debug(f"Search Response: {response}") + #logging.debug(f"Search Response: {response}") return response @@ -640,6 +644,18 @@ def sequential_report(uid=None): uids = seq_cur.execute("select * from reading_tracker").fetchall() return render_template("seq_report.html", uids=uids) +@app.get("/screport") +def shortcode_report(shortcode=None): + if usermode == "Single": + short_conn = sqlite3.connect("data/shortcodes.db", check_same_thread=False) + else: + short_conn = sqlite3.connect("data/shortcodes.db") + short_cur = short_conn.cursor() + shortcodes = short_cur.execute( + "SELECT * FROM shortcodes" + ).fetchall() + return render_template("shortcode_report.html", shortcodes=shortcodes) + def sequential_purge(): if usermode == "Single": @@ -655,7 +671,7 @@ def sequential_purge(): since_use: timedelta = evaluate_datetime - last_used if since_use > sequential_purge_delta: logging.info(f"Purging UID: {uid[0]}") - seq_cur.execute(f"DELETE FROM reading_tracker WHERE uid = '{uid[0]}'") + seq_cur.execute("DELETE FROM reading_tracker WHERE uid = ?", (uid[0],)) seq_conn.commit() seq_cur.close() @@ -693,7 +709,7 @@ def sequential_read(start=0, num=1, uid=None, getuid=False): uid = generate_short_id() # range returns a 5 digit id try: seq_cur.execute( - f"INSERT INTO reading_tracker VALUES('{uid}', {start}, '{last_used}')" + "INSERT INTO reading_tracker VALUES(?, ?, ?)", (uid, start, last_used) ) except sqlite3.OperationalError as e: logging.error( @@ -710,7 +726,7 @@ def sequential_read(start=0, num=1, uid=None, getuid=False): uid = ref_input_cleaning(uid, ref_search=False) try: nextverse = seq_cur.execute( - f"SELECT verse FROM reading_tracker WHERE uid = '{uid}'" + "SELECT verse FROM reading_tracker WHERE uid = ?", (uid,) ).fetchone()[0] logging.debug(f"Queried UID {uid} on verse {nextverse}") sequential_purge() @@ -728,7 +744,7 @@ def sequential_read(start=0, num=1, uid=None, getuid=False): logging.info(f"Served {num+1} verses to UID {uid}") seq_cur.execute( - f"REPLACE INTO reading_tracker (uid, verse, last_used) VALUES('{uid}', {nextverse+num+1}, '{last_used}')" + "REPLACE INTO reading_tracker (uid, verse, last_used) VALUES(?, ?, ?)", (uid, (nextverse+num+1), last_used) ) # Doing REPLACE INTO instead of UPDATE will make the updated row at the end of the table, making the purging # only look at a small set of the oldest unused entries. @@ -744,7 +760,7 @@ def sequential_read(start=0, num=1, uid=None, getuid=False): @app.get("/mksc/") def generate_shortcode(query: str = ""): - query = search_input_cleaning(query) + query = search_input_cleaning(query, extra_chars=":-,") if not query: return "Empty query." if usermode == "Single": @@ -759,7 +775,7 @@ def generate_shortcode(query: str = ""): creation_date = str(datetime.now()) shortcode = generate_short_id() short_cur.execute( - f"REPLACE INTO shortcodes(shortcode,query,creation_date) VALUES('{shortcode}', '{query}', '{creation_date}')" + "REPLACE INTO shortcodes(shortcode,query,creation_date) VALUES(?, ?, ?)", (shortcode, query, creation_date) ) short_conn.commit() short_cur.close() @@ -779,7 +795,7 @@ def resolve_shortcode(shortcode: str = ""): short_conn = sqlite3.connect("data/shortcodes.db") short_cur = short_conn.cursor() query = short_cur.execute( - f"SELECT query FROM shortcodes WHERE shortcode = '{shortcode}'" + "SELECT query FROM shortcodes WHERE shortcode = ?", (shortcode,) ).fetchone()[0] short_cur.close() logging.info(f"Resolved Shortcode {shortcode} for query '{query}'") diff --git a/html/shortcode_report.html b/html/shortcode_report.html new file mode 100644 index 0000000..2862337 --- /dev/null +++ b/html/shortcode_report.html @@ -0,0 +1,14 @@ + + + + + + + {% for code in shortcodes %} + + + + + + {% endfor %} +
shortcode |query |creation_date
{{ code[0] }} |{{ code[1] }} |{{ code[2] }}
\ No newline at end of file