From f4cde843c045784a1eecc154279f138767c16ae0 Mon Sep 17 00:00:00 2001
From: Dustin Steiner <dustin.steiner@gmail.com>
Date: Mon, 30 Jan 2023 14:40:33 +0000
Subject: [PATCH 01/22] chore: larger dropdown size for mobile devices

---
 .../snippets/shelve_button/shelve_button_dropdown.html          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bookwyrm/templates/snippets/shelve_button/shelve_button_dropdown.html b/bookwyrm/templates/snippets/shelve_button/shelve_button_dropdown.html
index 6ea30fadf..6187b2038 100644
--- a/bookwyrm/templates/snippets/shelve_button/shelve_button_dropdown.html
+++ b/bookwyrm/templates/snippets/shelve_button/shelve_button_dropdown.html
@@ -7,5 +7,5 @@
 {% endblock %}
 
 {% block dropdown-list %}
-{% include 'snippets/shelve_button/shelve_button_dropdown_options.html' with active_shelf=active_shelf shelves=user_shelves dropdown=True class="shelf-option is-fullwidth is-small is-radiusless has-background-body" %}
+{% include 'snippets/shelve_button/shelve_button_dropdown_options.html' with active_shelf=active_shelf shelves=user_shelves dropdown=True class="shelf-option is-fullwidth is-small is-size-6-mobile is-radiusless has-background-body" %}
 {% endblock %}

From f085315d70d7cbb7f772b51ef6cb8cce8d6f42a2 Mon Sep 17 00:00:00 2001
From: Giebisch <rafael@giebisch-mail.de>
Date: Mon, 30 Jan 2023 16:12:14 +0100
Subject: [PATCH 02/22] Added Backend Part

---
 bookwyrm/forms/status.py                      |  1 +
 .../migrations/0174_auto_20230130_1240.py     | 26 +++++++++++++++++++
 bookwyrm/models/status.py                     |  3 +++
 .../snippets/create_status/quotation.html     | 13 ++++++++++
 .../snippets/status/content_status.html       |  4 +--
 5 files changed, 45 insertions(+), 2 deletions(-)
 create mode 100644 bookwyrm/migrations/0174_auto_20230130_1240.py

diff --git a/bookwyrm/forms/status.py b/bookwyrm/forms/status.py
index 0800166bf..b562595ee 100644
--- a/bookwyrm/forms/status.py
+++ b/bookwyrm/forms/status.py
@@ -53,6 +53,7 @@ class QuotationForm(CustomForm):
             "sensitive",
             "privacy",
             "position",
+            "endposition",
             "position_mode",
         ]
 
diff --git a/bookwyrm/migrations/0174_auto_20230130_1240.py b/bookwyrm/migrations/0174_auto_20230130_1240.py
new file mode 100644
index 000000000..1b81c2087
--- /dev/null
+++ b/bookwyrm/migrations/0174_auto_20230130_1240.py
@@ -0,0 +1,26 @@
+# Generated by Django 3.2.16 on 2023-01-30 12:40
+
+import django.core.validators
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('auth', '0012_alter_user_first_name_max_length'),
+        ('bookwyrm', '0173_default_user_auth_group_setting'),
+    ]
+
+    operations = [
+        migrations.AddField(
+            model_name='quotation',
+            name='endposition',
+            field=models.IntegerField(blank=True, null=True, validators=[django.core.validators.MinValueValidator(0)]),
+        ),
+        migrations.AlterField(
+            model_name='sitesettings',
+            name='default_user_auth_group',
+            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.PROTECT, to='auth.group'),
+        ),
+    ]
diff --git a/bookwyrm/models/status.py b/bookwyrm/models/status.py
index 19eab584d..d5dc8e9c1 100644
--- a/bookwyrm/models/status.py
+++ b/bookwyrm/models/status.py
@@ -329,6 +329,9 @@ class Quotation(BookStatus):
     position = models.IntegerField(
         validators=[MinValueValidator(0)], null=True, blank=True
     )
+    endposition = models.IntegerField(
+        validators=[MinValueValidator(0)], null=True, blank=True
+    )
     position_mode = models.CharField(
         max_length=3,
         choices=ProgressMode.choices,
diff --git a/bookwyrm/templates/snippets/create_status/quotation.html b/bookwyrm/templates/snippets/create_status/quotation.html
index a9ddb17f4..9cc76d5a9 100644
--- a/bookwyrm/templates/snippets/create_status/quotation.html
+++ b/bookwyrm/templates/snippets/create_status/quotation.html
@@ -65,6 +65,19 @@ uuid: a unique identifier used to make html "id" attributes unique and clarify j
                     {% if not draft %}data-cache-draft="id_position_{{ book.id }}_{{ type }}"{% endif %}
                 >
             </div>
+            <div class="control">
+                <input
+                    aria-label="{% if draft.position_mode == 'PG' %}Page{% else %}Percent{% endif %}"
+                    class="input"
+                    type="number"
+                    min="0"
+                    name="endposition"
+                    size="3"
+                    value="{% firstof draft.endposition '' %}"
+                    id="endposition_{{ uuid }}"
+                    {% if not draft %}data-cache-draft="id_endposition_{{ book.id }}_{{ type }}"{% endif %}
+                >
+            </div>
         </div>
     </div>
 {% endblock %}
diff --git a/bookwyrm/templates/snippets/status/content_status.html b/bookwyrm/templates/snippets/status/content_status.html
index e39284fcf..4c4d89341 100644
--- a/bookwyrm/templates/snippets/status/content_status.html
+++ b/bookwyrm/templates/snippets/status/content_status.html
@@ -99,9 +99,9 @@
                             &mdash; {% include 'snippets/book_titleby.html' with book=status.book %}
                             {% if status.position %}
                                 {% if status.position_mode == 'PG' %}
-                                    {% blocktrans with page=status.position|intcomma %}(Page {{ page }}){% endblocktrans %}
+                                    {% blocktrans with page=status.position|intcomma %}(Page {{ page }}{% endblocktrans%}{% if status.endposition%} - {% blocktrans with endpage=status.endposition|intcomma %}{{ endpage }}{% endblocktrans %}{% endif%})
                                 {% else %}
-                                    {% blocktrans with percent=status.position %}({{ percent }}%){% endblocktrans %}
+                                    {% blocktrans with percent=status.position %}({{ percent }}%{% endblocktrans %}{% if status.endposition%}{% blocktrans with endpercent=status.endposition|intcomma %} - {{ endpercent }}%{% endblocktrans %}{% endif %})
                                 {% endif %}
                             {% endif %}
                         </p>

From f30a0ae7143c0a9ededbd2454fe1aeaaaacb7771 Mon Sep 17 00:00:00 2001
From: Dustin Steiner <dustin.steiner@gmail.com>
Date: Tue, 31 Jan 2023 08:12:57 +0000
Subject: [PATCH 03/22] chore: more dropdown resizes

---
 bookwyrm/templates/snippets/report_button.html         |  2 +-
 bookwyrm/templates/snippets/shelf_selector.html        |  6 +++---
 bookwyrm/templates/snippets/status/status_options.html | 10 +++++-----
 bookwyrm/templates/snippets/user_options.html          |  6 +++---
 4 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/bookwyrm/templates/snippets/report_button.html b/bookwyrm/templates/snippets/report_button.html
index 60b542f43..92d70699c 100644
--- a/bookwyrm/templates/snippets/report_button.html
+++ b/bookwyrm/templates/snippets/report_button.html
@@ -5,7 +5,7 @@
 
 {% join "report" report_uuid as modal_id %}
 <button
-    class="button is-small is-danger is-light is-fullwidth"
+    class="button is-small is-danger is-light is-fullwidth {{ class }}"
     type="button"
     data-modal-open="{{ modal_id }}"
     {% if is_current %}disabled{% endif %}
diff --git a/bookwyrm/templates/snippets/shelf_selector.html b/bookwyrm/templates/snippets/shelf_selector.html
index 902a66196..2a17e7d58 100644
--- a/bookwyrm/templates/snippets/shelf_selector.html
+++ b/bookwyrm/templates/snippets/shelf_selector.html
@@ -31,7 +31,7 @@
 </li>
 {% else%}
 {% comparison_bool shelf.identifier active_shelf.shelf.identifier as is_current %}
-{% with button_class="is-fullwidth is-small shelf-option is-radiusless has-background-body" %}
+{% with button_class="is-fullwidth is-small is-size-6-mobile shelf-option is-radiusless has-background-body" %}
 <li role="menuitem" class="dropdown-item p-0">
 {% if shelf.identifier == 'reading' %}
 
@@ -77,7 +77,7 @@
         {% csrf_token %}
         <input type="hidden" name="book" value="{{ book.id }}">
         <input type="hidden" name="shelf" value="{{ user_shelf.id }}">
-        <button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit">
+        <button class="button is-fullwidth is-small is-size-6-mobile is-radiusless is-danger is-light" type="submit">
             {% blocktrans with name=user_shelf|translate_shelf_name %}Remove from {{ name }}{% endblocktrans %}
         </button>
     </form>
@@ -91,7 +91,7 @@
         {% csrf_token %}
         <input type="hidden" name="book" value="{{ book.id }}">
         <input type="hidden" name="shelf" value="{{ shelf.id }}">
-        <button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit">{% trans "Remove from" %} {{ shelf.name }}</button>
+        <button class="button is-fullwidth is-small is-size-6-mobile is-radiusless is-danger is-light" type="submit">{% trans "Remove from" %} {{ shelf.name }}</button>
     </form>
 </li>
 {% endif %}
diff --git a/bookwyrm/templates/snippets/status/status_options.html b/bookwyrm/templates/snippets/status/status_options.html
index f47967551..e12d6e1d6 100644
--- a/bookwyrm/templates/snippets/status/status_options.html
+++ b/bookwyrm/templates/snippets/status/status_options.html
@@ -13,7 +13,7 @@
 <li role="menuitem" class="dropdown-item p-0">
     <form name="delete-{{ status.id|uuid }}" action="/delete-status/{{ status.id }}" method="post">
         {% csrf_token %}
-        <button class="button is-radiusless is-danger is-light is-fullwidth is-small" type="submit">
+        <button class="button is-radiusless is-danger is-light is-fullwidth is-small is-size-6-mobile" type="submit">
             {% trans "Delete status" %}
         </button>
     </form>
@@ -21,7 +21,7 @@
 {% if status.status_type != 'GeneratedNote' and status.status_type != 'Rating' %}
 <li role="menuitem" class="dropdown-item p-0">
     <span class="control">
-        <a href="{% url 'edit-status' status.id %}" class="button is-radiusless is-fullwidth is-small" type="submit">
+        <a href="{% url 'edit-status' status.id %}" class="button is-radiusless is-fullwidth is-small is-size-6-mobile" type="submit">
             {% trans "Edit" %}
         </a>
     </span>
@@ -31,16 +31,16 @@
 {# things you can do to other people's statuses #}
 <li role="menuitem" class="dropdown-item p-0">
     <span class="control">
-        <a href="{% url 'direct-messages-user' status.user|username %}" class="button is-small has-background-body is-radiusless is-fullwidth">
+        <a href="{% url 'direct-messages-user' status.user|username %}" class="button is-small has-background-body is-radiusless is-fullwidth is-size-6-mobile">
             {% trans "Send direct message" %}
         </a>
     </span>
 </li>
 <li role="menuitem" class="dropdown-item p-0">
-    {% include 'snippets/report_button.html' with user=status.user status=status %}
+    {% include 'snippets/report_button.html' with user=status.user status=status class="is-size-6-mobile" %}
 </li>
 <li role="menuitem" class="dropdown-item p-0">
-    {% include 'snippets/block_button.html' with user=status.user class="is-fullwidth" blocks=False %}
+    {% include 'snippets/block_button.html' with user=status.user class="is-fullwidth is-size-6-mobile" blocks=False %}
 </li>
 {% endif %}
 {% endblock %}
diff --git a/bookwyrm/templates/snippets/user_options.html b/bookwyrm/templates/snippets/user_options.html
index 35abc98c2..7923e3d27 100644
--- a/bookwyrm/templates/snippets/user_options.html
+++ b/bookwyrm/templates/snippets/user_options.html
@@ -11,13 +11,13 @@
 {% block dropdown-list %}
 <li role="menuitem">
     <div class="control">
-        <a href="{% url 'direct-messages-user' user|username %}" class="button is-fullwidth is-small">{% trans "Send direct message" %}</a>
+        <a href="{% url 'direct-messages-user' user|username %}" class="button is-fullwidth is-small is-size-6-mobile">{% trans "Send direct message" %}</a>
     </div>
 </li>
 <li role="menuitem">
-    {% include 'snippets/report_button.html' with user=user class="is-fullwidth" %}
+    {% include 'snippets/report_button.html' with user=user class="is-fullwidth is-size-6-mobile" %}
 </li>
 <li role="menuitem">
-    {% include 'snippets/block_button.html' with user=user class="is-fullwidth" blocks=False %}
+    {% include 'snippets/block_button.html' with user=user class="is-fullwidth is-size-6-mobile" blocks=False %}
 </li>
 {% endblock %}

From 96097f3b583f48189d5aaa16e53cd030461d83f9 Mon Sep 17 00:00:00 2001
From: Dustin Steiner <dustin.steiner@gmail.com>
Date: Tue, 31 Jan 2023 18:33:44 +0000
Subject: [PATCH 04/22] chore: use bulma override for mobile dropdown instead
 of classes

---
 .../bookwyrm/overrides/_bulma_overrides.scss  | 120 +++++++++---------
 .../templates/snippets/shelf_selector.html    |   6 +-
 .../shelve_button/shelve_button_dropdown.html |   2 +-
 .../snippets/status/status_options.html       |  10 +-
 bookwyrm/templates/snippets/user_options.html |   6 +-
 5 files changed, 75 insertions(+), 69 deletions(-)

diff --git a/bookwyrm/static/css/bookwyrm/overrides/_bulma_overrides.scss b/bookwyrm/static/css/bookwyrm/overrides/_bulma_overrides.scss
index cdcd74202..a8768328e 100644
--- a/bookwyrm/static/css/bookwyrm/overrides/_bulma_overrides.scss
+++ b/bookwyrm/static/css/bookwyrm/overrides/_bulma_overrides.scss
@@ -1,111 +1,117 @@
 .summary-on-open {
-    display: none;
+	display: none;
 }
 
 @media only screen and (max-width: 768px) {
-    .navbar-menu {
-        text-align: right;
-        padding-right: 1rem;
+	.navbar-menu {
+		text-align: right;
+		padding-right: 1rem;
 
-        .tags {
-            justify-content: flex-end;
-        }
+		.tags {
+			justify-content: flex-end;
+		}
 
-        #navbar-dropdown {
-            &[open] {
-                .summary-on-open {
-                    display: initial;
-                    position: fixed;
-                    top: 0;
-                    left: 0;
-                    right: 0;
-                    height: 3rem;
-                    z-index: 31;
-                    background-color: $dropdown-content-background-color;
-                    padding: 1rem 1.75rem;
-                    line-height: 1;
-                }
-            }
+		#navbar-dropdown {
+			&[open] {
+				.summary-on-open {
+					display: initial;
+					position: fixed;
+					top: 0;
+					left: 0;
+					right: 0;
+					height: 3rem;
+					z-index: 31;
+					background-color: $dropdown-content-background-color;
+					padding: 1rem 1.75rem;
+					line-height: 1;
+				}
+			}
 
-            .dropdown-menu {
-                padding-top: 0;
-                top: 3rem;
-            }
+			.dropdown-menu {
+				padding-top: 0;
+				top: 3rem;
+			}
 
-            .dropdown-content {
-                padding-top: 0;
-                box-shadow: none;
-                border-top-left-radius: 0;
-                border-top-right-radius: 0;
-            }
+			.dropdown-content {
+				padding-top: 0;
+				box-shadow: none;
+				border-top-left-radius: 0;
+				border-top-right-radius: 0;
+			}
 
-            .navbar-item {
-                // see ../components/_details.scss :: Navbar details
-                padding-right: 1.75rem;
-                font-size: 1rem;
-            }
-        }
-    }
+			.navbar-item {
+				// see ../components/_details.scss :: Navbar details
+				padding-right: 1.75rem;
+				font-size: 1rem;
+			}
+		}
+	}
 }
 
 .image {
-    overflow: hidden;
+	overflow: hidden;
 }
 
 .navbar .logo {
-    max-height: 50px;
+	max-height: 50px;
 }
 
 .card {
-    overflow: visible;
+	overflow: visible;
 }
 
 .card.has-border {
-    border: 1px solid $border;
+	border: 1px solid $border;
 }
 
 .scroll-x {
-    overflow: hidden;
-    overflow-x: auto;
+	overflow: hidden;
+	overflow-x: auto;
 }
 
 .modal-card {
-    pointer-events: none;
+	pointer-events: none;
 }
 
 .modal-card > * {
-    pointer-events: all;
+	pointer-events: all;
 }
 
 /* stylelint-disable no-descending-specificity */
 .modal-card:focus {
-    outline-style: auto;
+	outline-style: auto;
 }
 
 .modal-card:focus:not(:focus-visible) {
-    outline-style: initial;
+	outline-style: initial;
 }
 
 .modal-card:focus-visible {
-    outline-style: auto;
+	outline-style: auto;
 }
 /* stylelint-enable no-descending-specificity */
 
 .modal-card.is-fullwidth {
-    min-width: 75% !important;
+	min-width: 75% !important;
 }
 
 @media only screen and (min-width: 769px) {
-    .modal-card.is-thin {
-        width: 350px !important;
-    }
+	.modal-card.is-thin {
+		width: 350px !important;
+	}
 }
 
 .modal-card-body {
-    max-height: 70vh;
+	max-height: 70vh;
 }
 
 .clip-text {
-    max-height: 35em;
-    overflow: hidden;
+	max-height: 35em;
+	overflow: hidden;
+}
+
+@include mobile {
+	.dropdown-menu .button {
+		font-size: $size-6;
+	}
 }
diff --git a/bookwyrm/templates/snippets/shelf_selector.html b/bookwyrm/templates/snippets/shelf_selector.html
index 2a17e7d58..902a66196 100644
--- a/bookwyrm/templates/snippets/shelf_selector.html
+++ b/bookwyrm/templates/snippets/shelf_selector.html
@@ -31,7 +31,7 @@
 </li>
 {% else%}
 {% comparison_bool shelf.identifier active_shelf.shelf.identifier as is_current %}
-{% with button_class="is-fullwidth is-small is-size-6-mobile shelf-option is-radiusless has-background-body" %}
+{% with button_class="is-fullwidth is-small shelf-option is-radiusless has-background-body" %}
 <li role="menuitem" class="dropdown-item p-0">
 {% if shelf.identifier == 'reading' %}
 
@@ -77,7 +77,7 @@
         {% csrf_token %}
         <input type="hidden" name="book" value="{{ book.id }}">
         <input type="hidden" name="shelf" value="{{ user_shelf.id }}">
-        <button class="button is-fullwidth is-small is-size-6-mobile is-radiusless is-danger is-light" type="submit">
+        <button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit">
             {% blocktrans with name=user_shelf|translate_shelf_name %}Remove from {{ name }}{% endblocktrans %}
         </button>
     </form>
@@ -91,7 +91,7 @@
         {% csrf_token %}
         <input type="hidden" name="book" value="{{ book.id }}">
         <input type="hidden" name="shelf" value="{{ shelf.id }}">
-        <button class="button is-fullwidth is-small is-size-6-mobile is-radiusless is-danger is-light" type="submit">{% trans "Remove from" %} {{ shelf.name }}</button>
+        <button class="button is-fullwidth is-small is-radiusless is-danger is-light" type="submit">{% trans "Remove from" %} {{ shelf.name }}</button>
     </form>
 </li>
 {% endif %}
diff --git a/bookwyrm/templates/snippets/shelve_button/shelve_button_dropdown.html b/bookwyrm/templates/snippets/shelve_button/shelve_button_dropdown.html
index 6187b2038..6ea30fadf 100644
--- a/bookwyrm/templates/snippets/shelve_button/shelve_button_dropdown.html
+++ b/bookwyrm/templates/snippets/shelve_button/shelve_button_dropdown.html
@@ -7,5 +7,5 @@
 {% endblock %}
 
 {% block dropdown-list %}
-{% include 'snippets/shelve_button/shelve_button_dropdown_options.html' with active_shelf=active_shelf shelves=user_shelves dropdown=True class="shelf-option is-fullwidth is-small is-size-6-mobile is-radiusless has-background-body" %}
+{% include 'snippets/shelve_button/shelve_button_dropdown_options.html' with active_shelf=active_shelf shelves=user_shelves dropdown=True class="shelf-option is-fullwidth is-small is-radiusless has-background-body" %}
 {% endblock %}
diff --git a/bookwyrm/templates/snippets/status/status_options.html b/bookwyrm/templates/snippets/status/status_options.html
index e12d6e1d6..f47967551 100644
--- a/bookwyrm/templates/snippets/status/status_options.html
+++ b/bookwyrm/templates/snippets/status/status_options.html
@@ -13,7 +13,7 @@
 <li role="menuitem" class="dropdown-item p-0">
     <form name="delete-{{ status.id|uuid }}" action="/delete-status/{{ status.id }}" method="post">
         {% csrf_token %}
-        <button class="button is-radiusless is-danger is-light is-fullwidth is-small is-size-6-mobile" type="submit">
+        <button class="button is-radiusless is-danger is-light is-fullwidth is-small" type="submit">
             {% trans "Delete status" %}
         </button>
     </form>
@@ -21,7 +21,7 @@
 {% if status.status_type != 'GeneratedNote' and status.status_type != 'Rating' %}
 <li role="menuitem" class="dropdown-item p-0">
     <span class="control">
-        <a href="{% url 'edit-status' status.id %}" class="button is-radiusless is-fullwidth is-small is-size-6-mobile" type="submit">
+        <a href="{% url 'edit-status' status.id %}" class="button is-radiusless is-fullwidth is-small" type="submit">
             {% trans "Edit" %}
         </a>
     </span>
@@ -31,16 +31,16 @@
 {# things you can do to other people's statuses #}
 <li role="menuitem" class="dropdown-item p-0">
     <span class="control">
-        <a href="{% url 'direct-messages-user' status.user|username %}" class="button is-small has-background-body is-radiusless is-fullwidth is-size-6-mobile">
+        <a href="{% url 'direct-messages-user' status.user|username %}" class="button is-small has-background-body is-radiusless is-fullwidth">
             {% trans "Send direct message" %}
         </a>
     </span>
 </li>
 <li role="menuitem" class="dropdown-item p-0">
-    {% include 'snippets/report_button.html' with user=status.user status=status class="is-size-6-mobile" %}
+    {% include 'snippets/report_button.html' with user=status.user status=status %}
 </li>
 <li role="menuitem" class="dropdown-item p-0">
-    {% include 'snippets/block_button.html' with user=status.user class="is-fullwidth is-size-6-mobile" blocks=False %}
+    {% include 'snippets/block_button.html' with user=status.user class="is-fullwidth" blocks=False %}
 </li>
 {% endif %}
 {% endblock %}
diff --git a/bookwyrm/templates/snippets/user_options.html b/bookwyrm/templates/snippets/user_options.html
index 7923e3d27..35abc98c2 100644
--- a/bookwyrm/templates/snippets/user_options.html
+++ b/bookwyrm/templates/snippets/user_options.html
@@ -11,13 +11,13 @@
 {% block dropdown-list %}
 <li role="menuitem">
     <div class="control">
-        <a href="{% url 'direct-messages-user' user|username %}" class="button is-fullwidth is-small is-size-6-mobile">{% trans "Send direct message" %}</a>
+        <a href="{% url 'direct-messages-user' user|username %}" class="button is-fullwidth is-small">{% trans "Send direct message" %}</a>
     </div>
 </li>
 <li role="menuitem">
-    {% include 'snippets/report_button.html' with user=user class="is-fullwidth is-size-6-mobile" %}
+    {% include 'snippets/report_button.html' with user=user class="is-fullwidth" %}
 </li>
 <li role="menuitem">
-    {% include 'snippets/block_button.html' with user=user class="is-fullwidth is-size-6-mobile" blocks=False %}
+    {% include 'snippets/block_button.html' with user=user class="is-fullwidth" blocks=False %}
 </li>
 {% endblock %}

From 610a4e8a66447d542262c871334340ee09223422 Mon Sep 17 00:00:00 2001
From: Dustin Steiner <dustin.steiner@gmail.com>
Date: Tue, 31 Jan 2023 18:44:09 +0000
Subject: [PATCH 05/22] chore: run styling

---
 .../bookwyrm/overrides/_bulma_overrides.scss  | 122 +++++++++---------
 1 file changed, 61 insertions(+), 61 deletions(-)

diff --git a/bookwyrm/static/css/bookwyrm/overrides/_bulma_overrides.scss b/bookwyrm/static/css/bookwyrm/overrides/_bulma_overrides.scss
index a8768328e..9ab44f89d 100644
--- a/bookwyrm/static/css/bookwyrm/overrides/_bulma_overrides.scss
+++ b/bookwyrm/static/css/bookwyrm/overrides/_bulma_overrides.scss
@@ -1,117 +1,117 @@
 .summary-on-open {
-	display: none;
+    display: none;
 }
 
 @media only screen and (max-width: 768px) {
-	.navbar-menu {
-		text-align: right;
-		padding-right: 1rem;
+    .navbar-menu {
+        text-align: right;
+        padding-right: 1rem;
 
-		.tags {
-			justify-content: flex-end;
-		}
+        .tags {
+            justify-content: flex-end;
+        }
 
-		#navbar-dropdown {
-			&[open] {
-				.summary-on-open {
-					display: initial;
-					position: fixed;
-					top: 0;
-					left: 0;
-					right: 0;
-					height: 3rem;
-					z-index: 31;
-					background-color: $dropdown-content-background-color;
-					padding: 1rem 1.75rem;
-					line-height: 1;
-				}
-			}
+        #navbar-dropdown {
+            &[open] {
+                .summary-on-open {
+                    display: initial;
+                    position: fixed;
+                    top: 0;
+                    left: 0;
+                    right: 0;
+                    height: 3rem;
+                    z-index: 31;
+                    background-color: $dropdown-content-background-color;
+                    padding: 1rem 1.75rem;
+                    line-height: 1;
+                }
+            }
 
-			.dropdown-menu {
-				padding-top: 0;
-				top: 3rem;
-			}
+            .dropdown-menu {
+                padding-top: 0;
+                top: 3rem;
+            }
 
-			.dropdown-content {
-				padding-top: 0;
-				box-shadow: none;
-				border-top-left-radius: 0;
-				border-top-right-radius: 0;
-			}
+            .dropdown-content {
+                padding-top: 0;
+                box-shadow: none;
+                border-top-left-radius: 0;
+                border-top-right-radius: 0;
+            }
 
-			.navbar-item {
-				// see ../components/_details.scss :: Navbar details
-				padding-right: 1.75rem;
-				font-size: 1rem;
-			}
-		}
-	}
+            .navbar-item {
+                /* see ../components/_details.scss :: Navbar details */
+                padding-right: 1.75rem;
+                font-size: 1rem;
+            }
+        }
+    }
 }
 
 .image {
-	overflow: hidden;
+    overflow: hidden;
 }
 
 .navbar .logo {
-	max-height: 50px;
+    max-height: 50px;
 }
 
 .card {
-	overflow: visible;
+    overflow: visible;
 }
 
 .card.has-border {
-	border: 1px solid $border;
+    border: 1px solid $border;
 }
 
 .scroll-x {
-	overflow: hidden;
-	overflow-x: auto;
+    overflow: hidden;
+    overflow-x: auto;
 }
 
 .modal-card {
-	pointer-events: none;
+    pointer-events: none;
 }
 
 .modal-card > * {
-	pointer-events: all;
+    pointer-events: all;
 }
 
 /* stylelint-disable no-descending-specificity */
 .modal-card:focus {
-	outline-style: auto;
+    outline-style: auto;
 }
 
 .modal-card:focus:not(:focus-visible) {
-	outline-style: initial;
+    outline-style: initial;
 }
 
 .modal-card:focus-visible {
-	outline-style: auto;
+    outline-style: auto;
 }
 /* stylelint-enable no-descending-specificity */
 
 .modal-card.is-fullwidth {
-	min-width: 75% !important;
+    min-width: 75% !important;
 }
 
 @media only screen and (min-width: 769px) {
-	.modal-card.is-thin {
-		width: 350px !important;
-	}
+    .modal-card.is-thin {
+        width: 350px !important;
+    }
 }
 
 .modal-card-body {
-	max-height: 70vh;
+    max-height: 70vh;
 }
 
 .clip-text {
-	max-height: 35em;
-	overflow: hidden;
+    max-height: 35em;
+    overflow: hidden;
 }
 
-@include mobile {
-	.dropdown-menu .button {
-		font-size: $size-6;
-	}
+.dropdown-menu .button {
+    @include mobile {
+        font-size: $size-6;
+    }
 }

From 36605efd206610fdd64283b5caec3f5662195ada Mon Sep 17 00:00:00 2001
From: Robert George <rrgeorge@raphus.social>
Date: Wed, 1 Feb 2023 12:59:10 -0800
Subject: [PATCH 06/22] Added support for secure cookies and django-csp

---
 bookwyrm/settings.py                                     | 9 +++++++++
 bookwyrm/templates/guided_tour/book.html                 | 2 +-
 bookwyrm/templates/guided_tour/group.html                | 2 +-
 bookwyrm/templates/guided_tour/home.html                 | 2 +-
 bookwyrm/templates/guided_tour/lists.html                | 2 +-
 bookwyrm/templates/guided_tour/search.html               | 2 +-
 bookwyrm/templates/guided_tour/user_books.html           | 2 +-
 bookwyrm/templates/guided_tour/user_groups.html          | 2 +-
 bookwyrm/templates/guided_tour/user_profile.html         | 2 +-
 bookwyrm/templates/layout.html                           | 2 +-
 bookwyrm/templates/ostatus/template.html                 | 4 ++--
 .../templates/settings/dashboard/registration_chart.html | 2 +-
 bookwyrm/templates/settings/dashboard/status_chart.html  | 2 +-
 bookwyrm/templates/settings/dashboard/user_chart.html    | 2 +-
 bookwyrm/templates/settings/dashboard/works_chart.html   | 2 +-
 bookwyrm/views/admin/dashboard.py                        | 3 +++
 requirements.txt                                         | 1 +
 17 files changed, 28 insertions(+), 15 deletions(-)

diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py
index 61240dbfa..abd71b2dd 100644
--- a/bookwyrm/settings.py
+++ b/bookwyrm/settings.py
@@ -101,6 +101,7 @@ MIDDLEWARE = [
     "django.middleware.locale.LocaleMiddleware",
     "django.middleware.common.CommonMiddleware",
     "django.middleware.csrf.CsrfViewMiddleware",
+    "csp.middleware.CSPMiddleware",
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "bookwyrm.middleware.TimezoneMiddleware",
     "bookwyrm.middleware.IPBlocklistMiddleware",
@@ -335,6 +336,8 @@ PROJECT_DIR = os.path.dirname(os.path.abspath(__file__))
 PROTOCOL = "http"
 if USE_HTTPS:
     PROTOCOL = "https"
+    SESSION_COOKIE_SECURE = True
+    CSRF_COOKIE_SECURE = True
 
 USE_S3 = env.bool("USE_S3", False)
 
@@ -358,11 +361,17 @@ if USE_S3:
     MEDIA_FULL_URL = MEDIA_URL
     STATIC_FULL_URL = STATIC_URL
     DEFAULT_FILE_STORAGE = "bookwyrm.storage_backends.ImagesStorage"
+    CSP_DEFAULT_SRC = ("'self'", AWS_S3_CUSTOM_DOMAIN)
+    CSP_SCRIPT_SRC = ("'self'", AWS_S3_CUSTOM_DOMAIN)
 else:
     STATIC_URL = "/static/"
     MEDIA_URL = "/images/"
     MEDIA_FULL_URL = f"{PROTOCOL}://{DOMAIN}{MEDIA_URL}"
     STATIC_FULL_URL = f"{PROTOCOL}://{DOMAIN}{STATIC_URL}"
+    CSP_DEFAULT_SRC = ("'self'")
+    CSP_SCRIPT_SRC = ("'self'")
+
+CSP_INCLUDE_NONCE_IN=['script-src']
 
 OTEL_EXPORTER_OTLP_ENDPOINT = env("OTEL_EXPORTER_OTLP_ENDPOINT", None)
 OTEL_EXPORTER_OTLP_HEADERS = env("OTEL_EXPORTER_OTLP_HEADERS", None)
diff --git a/bookwyrm/templates/guided_tour/book.html b/bookwyrm/templates/guided_tour/book.html
index 44a37f65e..a0d60e831 100644
--- a/bookwyrm/templates/guided_tour/book.html
+++ b/bookwyrm/templates/guided_tour/book.html
@@ -1,6 +1,6 @@
 {% load i18n %}
 
-<script>
+<script nonce="{{request.csp_nonce}}">
     const tour = new Shepherd.Tour({
         exitOnEsc: true,
     });
diff --git a/bookwyrm/templates/guided_tour/group.html b/bookwyrm/templates/guided_tour/group.html
index 088437233..98fa4757a 100644
--- a/bookwyrm/templates/guided_tour/group.html
+++ b/bookwyrm/templates/guided_tour/group.html
@@ -1,6 +1,6 @@
 {% load i18n %}
 
-<script>
+<script nonce="{{request.csp_nonce}}">
     const tour = new Shepherd.Tour({
         exitOnEsc: true,
     });
diff --git a/bookwyrm/templates/guided_tour/home.html b/bookwyrm/templates/guided_tour/home.html
index 37e874afa..be8d095af 100644
--- a/bookwyrm/templates/guided_tour/home.html
+++ b/bookwyrm/templates/guided_tour/home.html
@@ -1,6 +1,6 @@
 {% load i18n %}
 
-<script>
+<script nonce="{{request.csp_nonce}}">
 const initiateTour = new Shepherd.Tour({
     exitOnEsc: true,
 });
diff --git a/bookwyrm/templates/guided_tour/lists.html b/bookwyrm/templates/guided_tour/lists.html
index 4c4d241c8..72218e395 100644
--- a/bookwyrm/templates/guided_tour/lists.html
+++ b/bookwyrm/templates/guided_tour/lists.html
@@ -2,7 +2,7 @@
 {% load utilities %}
 {% load user_page_tags %}
 
-<script>
+<script nonce="{{request.csp_nonce}}">
 
     const tour = new Shepherd.Tour({
         exitOnEsc: true,
diff --git a/bookwyrm/templates/guided_tour/search.html b/bookwyrm/templates/guided_tour/search.html
index 3e726aeb8..8a96ae0dc 100644
--- a/bookwyrm/templates/guided_tour/search.html
+++ b/bookwyrm/templates/guided_tour/search.html
@@ -1,6 +1,6 @@
 {% load i18n %}
 
-<script>
+<script nonce="{{request.csp_nonce}}">
 
     let localResult = document.querySelector(".local-book-search-result");
     let remoteResult = document.querySelector(".remote-book-search-result");
diff --git a/bookwyrm/templates/guided_tour/user_books.html b/bookwyrm/templates/guided_tour/user_books.html
index 2a4629050..c86d3cd34 100644
--- a/bookwyrm/templates/guided_tour/user_books.html
+++ b/bookwyrm/templates/guided_tour/user_books.html
@@ -1,6 +1,6 @@
 {% load i18n %}
 
-<script>
+<script nonce="{{request.csp_nonce}}">
     const tour = new Shepherd.Tour({
         exitOnEsc: true,
     });
diff --git a/bookwyrm/templates/guided_tour/user_groups.html b/bookwyrm/templates/guided_tour/user_groups.html
index fc6169521..58502fbc9 100644
--- a/bookwyrm/templates/guided_tour/user_groups.html
+++ b/bookwyrm/templates/guided_tour/user_groups.html
@@ -1,6 +1,6 @@
 {% load i18n %}
 
-<script>
+<script nonce="{{request.csp_nonce}}">
     const tour = new Shepherd.Tour({
         exitOnEsc: true,
     });
diff --git a/bookwyrm/templates/guided_tour/user_profile.html b/bookwyrm/templates/guided_tour/user_profile.html
index 29a94a2ad..f831744b9 100644
--- a/bookwyrm/templates/guided_tour/user_profile.html
+++ b/bookwyrm/templates/guided_tour/user_profile.html
@@ -1,6 +1,6 @@
 {% load i18n %}
 
-<script>
+<script nonce="{{request.csp_nonce}}">
 const tour = new Shepherd.Tour({
     exitOnEsc: true,
 });
diff --git a/bookwyrm/templates/layout.html b/bookwyrm/templates/layout.html
index 1227e39c4..c3408f44e 100644
--- a/bookwyrm/templates/layout.html
+++ b/bookwyrm/templates/layout.html
@@ -183,7 +183,7 @@
 {% include 'snippets/footer.html' %}
 {% endblock %}
 
-<script>
+<script nonce="{{request.csp_nonce}}">
     var csrf_token = '{{ csrf_token }}';
 </script>
 
diff --git a/bookwyrm/templates/ostatus/template.html b/bookwyrm/templates/ostatus/template.html
index eb904a693..25d2430c0 100644
--- a/bookwyrm/templates/ostatus/template.html
+++ b/bookwyrm/templates/ostatus/template.html
@@ -11,7 +11,7 @@
     <title>{% block title %}{% endblock %}</title>
     <meta name="viewport" content="width=device-width, initial-scale=1">
     <link href="{% sass_src site_theme %}" rel="stylesheet" type="text/css" />
-    <script>
+    <script nonce="{{request.csp_nonce}}">
         function closeWindow() {
             window.close();
         }
@@ -32,7 +32,7 @@
     </div>
 </div>
 
-<script>
+<script nonce="{{request.csp_nonce}}">
     var csrf_token = '{{ csrf_token }}';
 </script>
 <script src="{% static 'js/bookwyrm.js' %}?v={{ js_cache }}"></script>
diff --git a/bookwyrm/templates/settings/dashboard/registration_chart.html b/bookwyrm/templates/settings/dashboard/registration_chart.html
index 3b258fec8..bb51ed8bc 100644
--- a/bookwyrm/templates/settings/dashboard/registration_chart.html
+++ b/bookwyrm/templates/settings/dashboard/registration_chart.html
@@ -1,5 +1,5 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
 var registerStats = new Chart(
     document.getElementById('register_stats'),
     {
diff --git a/bookwyrm/templates/settings/dashboard/status_chart.html b/bookwyrm/templates/settings/dashboard/status_chart.html
index a59036a51..93ea315ab 100644
--- a/bookwyrm/templates/settings/dashboard/status_chart.html
+++ b/bookwyrm/templates/settings/dashboard/status_chart.html
@@ -1,5 +1,5 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
 
 var statusStats = new Chart(
     document.getElementById('status_stats'),
diff --git a/bookwyrm/templates/settings/dashboard/user_chart.html b/bookwyrm/templates/settings/dashboard/user_chart.html
index a8d356bb8..499554af6 100644
--- a/bookwyrm/templates/settings/dashboard/user_chart.html
+++ b/bookwyrm/templates/settings/dashboard/user_chart.html
@@ -1,5 +1,5 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
 
 var userStats = new Chart(
     document.getElementById('user_stats'),
diff --git a/bookwyrm/templates/settings/dashboard/works_chart.html b/bookwyrm/templates/settings/dashboard/works_chart.html
index c65014e98..41cb13a6b 100644
--- a/bookwyrm/templates/settings/dashboard/works_chart.html
+++ b/bookwyrm/templates/settings/dashboard/works_chart.html
@@ -1,5 +1,5 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
 
 var worksStats = new Chart(
     document.getElementById('works_stats'),
diff --git a/bookwyrm/views/admin/dashboard.py b/bookwyrm/views/admin/dashboard.py
index 19583bfa1..4db3c5702 100644
--- a/bookwyrm/views/admin/dashboard.py
+++ b/bookwyrm/views/admin/dashboard.py
@@ -12,6 +12,8 @@ from django.utils import timezone
 from django.utils.decorators import method_decorator
 from django.views import View
 
+from csp.decorators import csp_update
+
 from bookwyrm import models, settings
 from bookwyrm.connectors.abstract_connector import get_data
 from bookwyrm.connectors.connector_manager import ConnectorException
@@ -27,6 +29,7 @@ from bookwyrm.utils import regex
 class Dashboard(View):
     """admin overview"""
 
+    @csp_update(SCRIPT_SRC='https://cdn.jsdelivr.net/npm/chart.js@3.5.1/dist/chart.min.js')
     def get(self, request):
         """list of users"""
         data = get_charts_and_stats(request)
diff --git a/requirements.txt b/requirements.txt
index e71fb52c8..cee91b434 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -8,6 +8,7 @@ django-compressor==4.3.1
 django-imagekit==4.1.0
 django-model-utils==4.3.1
 django-sass-processor==1.2.2
+django-csp==3.7
 environs==9.5.0
 flower==1.2.0
 libsass==0.22.0

From 6b97702cc401dfe2f00b6ce3a128e02ae27d0116 Mon Sep 17 00:00:00 2001
From: Robert George <rrgeorge@raphus.social>
Date: Wed, 1 Feb 2023 13:19:57 -0800
Subject: [PATCH 07/22] Fix long line

---
 bookwyrm/views/admin/dashboard.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/bookwyrm/views/admin/dashboard.py b/bookwyrm/views/admin/dashboard.py
index 4db3c5702..682f2d811 100644
--- a/bookwyrm/views/admin/dashboard.py
+++ b/bookwyrm/views/admin/dashboard.py
@@ -29,7 +29,9 @@ from bookwyrm.utils import regex
 class Dashboard(View):
     """admin overview"""
 
-    @csp_update(SCRIPT_SRC='https://cdn.jsdelivr.net/npm/chart.js@3.5.1/dist/chart.min.js')
+    @csp_update(
+        SCRIPT_SRC="https://cdn.jsdelivr.net/npm/chart.js@3.5.1/dist/chart.min.js"
+    )
     def get(self, request):
         """list of users"""
         data = get_charts_and_stats(request)

From afe651cd6dad06645efa2943d179ab2f55a30119 Mon Sep 17 00:00:00 2001
From: Robert George <rrgeorge@raphus.social>
Date: Fri, 3 Feb 2023 11:53:41 -0800
Subject: [PATCH 08/22] Added img-src * csp exception to search

---
 bookwyrm/views/search.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/bookwyrm/views/search.py b/bookwyrm/views/search.py
index f7d552a4e..2bd83bce0 100644
--- a/bookwyrm/views/search.py
+++ b/bookwyrm/views/search.py
@@ -8,6 +8,8 @@ from django.http import JsonResponse
 from django.template.response import TemplateResponse
 from django.views import View
 
+from csp.decorators import csp_update
+
 from bookwyrm import models
 from bookwyrm.connectors import connector_manager
 from bookwyrm.book_search import search, format_search_result
@@ -21,6 +23,7 @@ from .helpers import handle_remote_webfinger
 class Search(View):
     """search users or books"""
 
+    @csp_update(IMG_SRC='*')
     def get(self, request):
         """that search bar up top"""
         if is_api_request(request):

From b82231202c5f1e7746274d30863068dcc5bfaa9f Mon Sep 17 00:00:00 2001
From: Robert George <rrgeorge@raphus.social>
Date: Fri, 3 Feb 2023 12:03:52 -0800
Subject: [PATCH 09/22] lint

---
 bookwyrm/settings.py     | 6 +++---
 bookwyrm/views/search.py | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py
index abd71b2dd..c66bd636b 100644
--- a/bookwyrm/settings.py
+++ b/bookwyrm/settings.py
@@ -368,10 +368,10 @@ else:
     MEDIA_URL = "/images/"
     MEDIA_FULL_URL = f"{PROTOCOL}://{DOMAIN}{MEDIA_URL}"
     STATIC_FULL_URL = f"{PROTOCOL}://{DOMAIN}{STATIC_URL}"
-    CSP_DEFAULT_SRC = ("'self'")
-    CSP_SCRIPT_SRC = ("'self'")
+    CSP_DEFAULT_SRC = "'self'"
+    CSP_SCRIPT_SRC = "'self'"
 
-CSP_INCLUDE_NONCE_IN=['script-src']
+CSP_INCLUDE_NONCE_IN = ["script-src"]
 
 OTEL_EXPORTER_OTLP_ENDPOINT = env("OTEL_EXPORTER_OTLP_ENDPOINT", None)
 OTEL_EXPORTER_OTLP_HEADERS = env("OTEL_EXPORTER_OTLP_HEADERS", None)
diff --git a/bookwyrm/views/search.py b/bookwyrm/views/search.py
index 2bd83bce0..bc3b2aa57 100644
--- a/bookwyrm/views/search.py
+++ b/bookwyrm/views/search.py
@@ -23,7 +23,7 @@ from .helpers import handle_remote_webfinger
 class Search(View):
     """search users or books"""
 
-    @csp_update(IMG_SRC='*')
+    @csp_update(IMG_SRC="*")
     def get(self, request):
         """that search bar up top"""
         if is_api_request(request):

From 6af1be28f3aa2bbee4cb95a816677ebf49d57274 Mon Sep 17 00:00:00 2001
From: Christof Dorner <christof@chdorner.com>
Date: Sat, 4 Feb 2023 12:50:10 +0100
Subject: [PATCH 10/22] Always expand content status on single status view

On the feed view along with other statuses, the body will be trimmed,
but on the single view, there's no need to trim it. This preserves the
logic for spoiler alerts.
---
 bookwyrm/templates/feed/status.html                    | 2 +-
 bookwyrm/templates/snippets/status/body.html           | 3 +--
 bookwyrm/templates/snippets/status/content_status.html | 3 +--
 bookwyrm/templates/snippets/status/status.html         | 2 +-
 4 files changed, 4 insertions(+), 6 deletions(-)

diff --git a/bookwyrm/templates/feed/status.html b/bookwyrm/templates/feed/status.html
index ccec6503c..c05d2ba46 100644
--- a/bookwyrm/templates/feed/status.html
+++ b/bookwyrm/templates/feed/status.html
@@ -30,7 +30,7 @@
         {% endif %}
         {% endfor %}
         <div class="is-main block">
-            {% include 'snippets/status/status.html' with status=status main=True %}
+            {% include 'snippets/status/status.html' with status=status main=True expand=True %}
         </div>
 
         {% for child in children %}
diff --git a/bookwyrm/templates/snippets/status/body.html b/bookwyrm/templates/snippets/status/body.html
index 2c8a0e045..cd3b3cd43 100644
--- a/bookwyrm/templates/snippets/status/body.html
+++ b/bookwyrm/templates/snippets/status/body.html
@@ -6,9 +6,8 @@
 {% if status_type == 'GeneratedNote' or status_type == 'Rating' %}
     {% include 'snippets/status/generated_status.html' with status=status %}
 {% else %}
-    {% include 'snippets/status/content_status.html' with status=status %}
+    {% include 'snippets/status/content_status.html' with status=status expand=expand %}
 {% endif %}
 
 {% endwith %}
 {% endblock %}
-
diff --git a/bookwyrm/templates/snippets/status/content_status.html b/bookwyrm/templates/snippets/status/content_status.html
index e39284fcf..b8c719ec0 100644
--- a/bookwyrm/templates/snippets/status/content_status.html
+++ b/bookwyrm/templates/snippets/status/content_status.html
@@ -109,7 +109,7 @@
                 {% endif %}
 
                 {% if status.content and status_type != 'GeneratedNote' and status_type != 'Announce' %}
-                    {% with full=status.content|safe no_trim=status.content_warning itemprop="reviewBody" %}
+                    {% with full=status.content|safe no_trim=status.content_warning|default:expand itemprop="reviewBody" %}
                         {% include 'snippets/trimmed_text.html' %}
                     {% endwith %}
                 {% endif %}
@@ -155,4 +155,3 @@
 </div>
 
 {% endwith %}
-
diff --git a/bookwyrm/templates/snippets/status/status.html b/bookwyrm/templates/snippets/status/status.html
index eb0c409eb..a04b76700 100644
--- a/bookwyrm/templates/snippets/status/status.html
+++ b/bookwyrm/templates/snippets/status/status.html
@@ -10,6 +10,6 @@
         {% trans "boosted" %}
         {% include 'snippets/status/body.html' with status=status|boosted_status %}
     {% else %}
-        {% include 'snippets/status/body.html' with status=status %}
+        {% include 'snippets/status/body.html' with status=status expand=expand %}
     {% endif %}
 {% endif %}

From f65e0b7632b4c5f17cdd6335e4e0a1aa466532bd Mon Sep 17 00:00:00 2001
From: Giebisch <rafael@giebisch-mail.de>
Date: Mon, 6 Feb 2023 14:00:04 +0100
Subject: [PATCH 11/22] Add Quotation endposition test

---
 .../migrations/0174_auto_20230130_1240.py     | 25 +++++++++++------
 bookwyrm/tests/views/books/test_book.py       | 27 +++++++++++++++++++
 2 files changed, 44 insertions(+), 8 deletions(-)

diff --git a/bookwyrm/migrations/0174_auto_20230130_1240.py b/bookwyrm/migrations/0174_auto_20230130_1240.py
index 1b81c2087..7337b6b46 100644
--- a/bookwyrm/migrations/0174_auto_20230130_1240.py
+++ b/bookwyrm/migrations/0174_auto_20230130_1240.py
@@ -8,19 +8,28 @@ import django.db.models.deletion
 class Migration(migrations.Migration):
 
     dependencies = [
-        ('auth', '0012_alter_user_first_name_max_length'),
-        ('bookwyrm', '0173_default_user_auth_group_setting'),
+        ("auth", "0012_alter_user_first_name_max_length"),
+        ("bookwyrm", "0173_default_user_auth_group_setting"),
     ]
 
     operations = [
         migrations.AddField(
-            model_name='quotation',
-            name='endposition',
-            field=models.IntegerField(blank=True, null=True, validators=[django.core.validators.MinValueValidator(0)]),
+            model_name="quotation",
+            name="endposition",
+            field=models.IntegerField(
+                blank=True,
+                null=True,
+                validators=[django.core.validators.MinValueValidator(0)],
+            ),
         ),
         migrations.AlterField(
-            model_name='sitesettings',
-            name='default_user_auth_group',
-            field=models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.PROTECT, to='auth.group'),
+            model_name="sitesettings",
+            name="default_user_auth_group",
+            field=models.ForeignKey(
+                blank=True,
+                null=True,
+                on_delete=django.db.models.deletion.PROTECT,
+                to="auth.group",
+            ),
         ),
     ]
diff --git a/bookwyrm/tests/views/books/test_book.py b/bookwyrm/tests/views/books/test_book.py
index e536ef736..dfa68a7e4 100644
--- a/bookwyrm/tests/views/books/test_book.py
+++ b/bookwyrm/tests/views/books/test_book.py
@@ -257,6 +257,33 @@ class BookViews(TestCase):
         self.assertEqual(mock.call_args[0][0], "https://openlibrary.org/book/123")
         self.assertEqual(result.status_code, 302)
 
+    @patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async")
+    @patch("bookwyrm.activitystreams.add_status_task.delay")
+    def test_quotation_endposition(self, *_):
+        """make sure the endposition is served as well"""
+        view = views.Book.as_view()
+
+        quote = models.Quotation.objects.create(
+            user=self.local_user,
+            book=self.book,
+            content="hi",
+            quote="wow",
+            position=12,
+            endposition=13,
+        )
+
+        request = self.factory.get("")
+        request.user = self.local_user
+
+        with patch("bookwyrm.views.books.books.is_api_request") as is_api:
+            is_api.return_value = False
+            result = view(request, self.book.id, user_statuses="quotation")
+        self.assertIsInstance(result, TemplateResponse)
+        validate_html(result.render())
+        print(result.render())
+        self.assertEqual(result.status_code, 200)
+        self.assertEqual(result.context_data["statuses"].object_list[0].endposition, 13)
+
 
 def _setup_cover_url():
     """creates cover url mock"""

From 21575fbf3f8e2c08c0ef9c7551978764606890a3 Mon Sep 17 00:00:00 2001
From: Giebisch <rafael@giebisch-mail.de>
Date: Mon, 6 Feb 2023 14:09:53 +0100
Subject: [PATCH 12/22] Unused variable fix

---
 bookwyrm/tests/views/books/test_book.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bookwyrm/tests/views/books/test_book.py b/bookwyrm/tests/views/books/test_book.py
index dfa68a7e4..a829c4a4b 100644
--- a/bookwyrm/tests/views/books/test_book.py
+++ b/bookwyrm/tests/views/books/test_book.py
@@ -263,7 +263,7 @@ class BookViews(TestCase):
         """make sure the endposition is served as well"""
         view = views.Book.as_view()
 
-        quote = models.Quotation.objects.create(
+        _ = models.Quotation.objects.create(
             user=self.local_user,
             book=self.book,
             content="hi",

From 173d7ba9bf6a2f823cec32e7db4c4d47beec44dc Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 15 Feb 2023 19:45:09 +0000
Subject: [PATCH 13/22] chore(deps): bump django from 3.2.17 to 3.2.18

Bumps [django](https://github.com/django/django) from 3.2.17 to 3.2.18.
- [Release notes](https://github.com/django/django/releases)
- [Commits](https://github.com/django/django/compare/3.2.17...3.2.18)

---
updated-dependencies:
- dependency-name: django
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/requirements.txt b/requirements.txt
index 0f287e970..b63c1f30c 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -2,7 +2,7 @@ aiohttp==3.8.3
 bleach==5.0.1
 celery==5.2.7
 colorthief==0.2.1
-Django==3.2.17
+Django==3.2.18
 django-celery-beat==2.4.0
 django-compressor==4.3.1
 django-imagekit==4.1.0

From dc5b79779611a480bb3097306fe891a8ecaa5a55 Mon Sep 17 00:00:00 2001
From: Christof Dorner <christof@chdorner.com>
Date: Sat, 18 Feb 2023 19:33:25 +0100
Subject: [PATCH 14/22] Fix `SiteSettings.default_user_auth_group` FK on_delete
 value

The migration uses `RESTRICT` instead of `PROTECT`, which is both more
correct, but also those values need to be identical, otherwise Django
thinks that there's a migration missing and will refuse to apply any
new migrations.
---
 bookwyrm/models/site.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bookwyrm/models/site.py b/bookwyrm/models/site.py
index e40609f36..35f007be2 100644
--- a/bookwyrm/models/site.py
+++ b/bookwyrm/models/site.py
@@ -72,7 +72,7 @@ class SiteSettings(SiteModel):
     invite_request_question = models.BooleanField(default=False)
     require_confirm_email = models.BooleanField(default=True)
     default_user_auth_group = models.ForeignKey(
-        auth_models.Group, null=True, blank=True, on_delete=models.PROTECT
+        auth_models.Group, null=True, blank=True, on_delete=models.RESTRICT
     )
 
     invite_question_text = models.CharField(

From db207065ceaba491526aec341c49dd7e25779f0c Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Mon, 20 Feb 2023 09:15:38 -0800
Subject: [PATCH 15/22] Update version number

---
 bookwyrm/settings.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py
index c66bd636b..a86586eeb 100644
--- a/bookwyrm/settings.py
+++ b/bookwyrm/settings.py
@@ -11,7 +11,7 @@ from django.utils.translation import gettext_lazy as _
 env = Env()
 env.read_env()
 DOMAIN = env("DOMAIN")
-VERSION = "0.5.4"
+VERSION = "0.5.5"
 
 RELEASE_API = env(
     "RELEASE_API",

From 2093c4760b6736c577d77af677bda14c45a79b0f Mon Sep 17 00:00:00 2001
From: Martynas Sklizmantas <saint@ghost.lt>
Date: Sun, 2 Jan 2022 09:30:31 +0200
Subject: [PATCH 16/22] increasing rsa key size

---
 bookwyrm/signatures.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bookwyrm/signatures.py b/bookwyrm/signatures.py
index 772d39cce..3102f8da2 100644
--- a/bookwyrm/signatures.py
+++ b/bookwyrm/signatures.py
@@ -15,7 +15,7 @@ MAX_SIGNATURE_AGE = 300
 def create_key_pair():
     """a new public/private key pair, used for creating new users"""
     random_generator = Random.new().read
-    key = RSA.generate(1024, random_generator)
+    key = RSA.generate(2048, random_generator)
     private_key = key.export_key().decode("utf8")
     public_key = key.public_key().export_key().decode("utf8")
 

From b167364c5c936cd98f65c165a876057278515b8a Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Mon, 20 Feb 2023 12:58:41 -0800
Subject: [PATCH 17/22] Use a separate queue for broadcasts

I think this will go a long way to solve the federation delay problems
we're seeing on b.s. I'm not sure at what point adding more queues will
create more problems than it solves, but I do think in this case the
queues are out of balance and moving broadcasts (which are the most
common type of `medium_priority` task at the moment) to their own queue
will be an improvement.
---
 bookwyrm/models/activitypub_mixin.py    |  8 ++++----
 bookwyrm/tasks.py                       |  2 ++
 bookwyrm/templates/settings/celery.html | 16 +++++++++++-----
 bookwyrm/views/admin/celery_status.py   | 11 ++++++-----
 contrib/systemd/bookwyrm-worker.service |  2 +-
 docker-compose.yml                      |  2 +-
 6 files changed, 25 insertions(+), 16 deletions(-)

diff --git a/bookwyrm/models/activitypub_mixin.py b/bookwyrm/models/activitypub_mixin.py
index 9361854ba..ec1c34a40 100644
--- a/bookwyrm/models/activitypub_mixin.py
+++ b/bookwyrm/models/activitypub_mixin.py
@@ -21,7 +21,7 @@ from django.utils.http import http_date
 from bookwyrm import activitypub
 from bookwyrm.settings import USER_AGENT, PAGE_LENGTH
 from bookwyrm.signatures import make_signature, make_digest
-from bookwyrm.tasks import app, MEDIUM
+from bookwyrm.tasks import app, MEDIUM, BROADCAST
 from bookwyrm.models.fields import ImageField, ManyToManyField
 
 logger = logging.getLogger(__name__)
@@ -126,7 +126,7 @@ class ActivitypubMixin:
         # there OUGHT to be only one match
         return match.first()
 
-    def broadcast(self, activity, sender, software=None, queue=MEDIUM):
+    def broadcast(self, activity, sender, software=None, queue=BROADCAST):
         """send out an activity"""
         broadcast_task.apply_async(
             args=(
@@ -198,7 +198,7 @@ class ActivitypubMixin:
 class ObjectMixin(ActivitypubMixin):
     """add this mixin for object models that are AP serializable"""
 
-    def save(self, *args, created=None, software=None, priority=MEDIUM, **kwargs):
+    def save(self, *args, created=None, software=None, priority=BROADCAST, **kwargs):
         """broadcast created/updated/deleted objects as appropriate"""
         broadcast = kwargs.get("broadcast", True)
         # this bonus kwarg would cause an error in the base save method
@@ -506,7 +506,7 @@ def unfurl_related_field(related_field, sort_field=None):
     return related_field.remote_id
 
 
-@app.task(queue=MEDIUM)
+@app.task(queue=BROADCAST)
 def broadcast_task(sender_id: int, activity: str, recipients: List[str]):
     """the celery task for broadcast"""
     user_model = apps.get_model("bookwyrm.User", require_ready=True)
diff --git a/bookwyrm/tasks.py b/bookwyrm/tasks.py
index ec018e179..91977afda 100644
--- a/bookwyrm/tasks.py
+++ b/bookwyrm/tasks.py
@@ -16,3 +16,5 @@ MEDIUM = "medium_priority"
 HIGH = "high_priority"
 # import items get their own queue because they're such a pain in the ass
 IMPORTS = "imports"
+# I keep making more queues?? this one broadcasting out
+BROADCAST = "broadcast"
diff --git a/bookwyrm/templates/settings/celery.html b/bookwyrm/templates/settings/celery.html
index 6a3ee6574..65315da01 100644
--- a/bookwyrm/templates/settings/celery.html
+++ b/bookwyrm/templates/settings/celery.html
@@ -20,31 +20,37 @@
 {% if queues %}
 <section class="block content">
     <h2>{% trans "Queues" %}</h2>
-    <div class="columns has-text-centered">
-        <div class="column is-3">
+    <div class="columns has-text-centered is-multiline">
+        <div class="column is-4">
             <div class="notification">
                 <p class="header">{% trans "Low priority" %}</p>
                 <p class="title is-5">{{ queues.low_priority|intcomma }}</p>
             </div>
         </div>
-        <div class="column is-3">
+        <div class="column is-4">
             <div class="notification">
                 <p class="header">{% trans "Medium priority" %}</p>
                 <p class="title is-5">{{ queues.medium_priority|intcomma }}</p>
             </div>
         </div>
-        <div class="column is-3">
+        <div class="column is-4">
             <div class="notification">
                 <p class="header">{% trans "High priority" %}</p>
                 <p class="title is-5">{{ queues.high_priority|intcomma }}</p>
             </div>
         </div>
-        <div class="column is-3">
+        <div class="column is-6">
             <div class="notification">
                 <p class="header">{% trans "Imports" %}</p>
                 <p class="title is-5">{{ queues.imports|intcomma }}</p>
             </div>
         </div>
+        <div class="column is-6">
+            <div class="notification">
+                <p class="header">{% trans "Broadcasts" %}</p>
+                <p class="title is-5">{{ queues.broadcast|intcomma }}</p>
+            </div>
+        </div>
     </div>
 </section>
 {% else %}
diff --git a/bookwyrm/views/admin/celery_status.py b/bookwyrm/views/admin/celery_status.py
index 8c6b9f5a3..e0b1fe18c 100644
--- a/bookwyrm/views/admin/celery_status.py
+++ b/bookwyrm/views/admin/celery_status.py
@@ -8,7 +8,7 @@ from django.views.decorators.http import require_GET
 import redis
 
 from celerywyrm import settings
-from bookwyrm.tasks import app as celery
+from bookwyrm.tasks import app as celery, LOW, MEDIUM, HIGH, IMPORTS, BROADCAST
 
 r = redis.from_url(settings.REDIS_BROKER_URL)
 
@@ -35,10 +35,11 @@ class CeleryStatus(View):
 
         try:
             queues = {
-                "low_priority": r.llen("low_priority"),
-                "medium_priority": r.llen("medium_priority"),
-                "high_priority": r.llen("high_priority"),
-                "imports": r.llen("imports"),
+                LOW: r.llen(LOW),
+                MEDIUM: r.llen(MEDIUM),
+                HIGH: r.llen(HIGH),
+                IMPORTS: r.llen(IMPORTS),
+                BROADCAST: r.llen(BROADCAST),
             }
         # pylint: disable=broad-except
         except Exception as err:
diff --git a/contrib/systemd/bookwyrm-worker.service b/contrib/systemd/bookwyrm-worker.service
index d79fdabf6..e4f1e98b5 100644
--- a/contrib/systemd/bookwyrm-worker.service
+++ b/contrib/systemd/bookwyrm-worker.service
@@ -6,7 +6,7 @@ After=network.target postgresql.service redis.service
 User=bookwyrm
 Group=bookwyrm
 WorkingDirectory=/opt/bookwyrm/
-ExecStart=/opt/bookwyrm/venv/bin/celery -A celerywyrm worker -l info -Q high_priority,medium_priority,low_priority,import
+ExecStart=/opt/bookwyrm/venv/bin/celery -A celerywyrm worker -l info -Q high_priority,medium_priority,low_priority,import,broadcast
 StandardOutput=journal
 StandardError=inherit
 
diff --git a/docker-compose.yml b/docker-compose.yml
index 4ab7a1c34..4389c08aa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -62,7 +62,7 @@ services:
     build: .
     networks:
       - main
-    command: celery -A celerywyrm worker -l info -Q high_priority,medium_priority,low_priority,imports
+    command: celery -A celerywyrm worker -l info -Q high_priority,medium_priority,low_priority,imports,broadcast
     volumes:
       - .:/app
       - static_volume:/app/static

From 3814cb5b58318d335837d93f2860a30d8d7e5545 Mon Sep 17 00:00:00 2001
From: Christof Dorner <christof@chdorner.com>
Date: Tue, 21 Feb 2023 22:02:52 +0100
Subject: [PATCH 18/22] Add config variable for additional CSP hosts

---
 .env.example         | 5 +++++
 bookwyrm/settings.py | 9 +++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/.env.example b/.env.example
index 4c1c2eefe..522bf2df4 100644
--- a/.env.example
+++ b/.env.example
@@ -120,3 +120,8 @@ OTEL_SERVICE_NAME=
 # for your instance:
 # https://docs.djangoproject.com/en/3.2/ref/settings/#secure-proxy-ssl-header
 HTTP_X_FORWARDED_PROTO=false
+
+# Additional hosts to allow in the Content-Security-Policy, "self" (should be DOMAIN)
+# and AWS_S3_CUSTOM_DOMAIN (if used) are added by default.
+# Value should be a comma-separated list of host names.
+CSP_ADDITIONAL_HOSTS=
diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py
index a86586eeb..4e5779e99 100644
--- a/bookwyrm/settings.py
+++ b/bookwyrm/settings.py
@@ -330,6 +330,7 @@ IMAGEKIT_DEFAULT_CACHEFILE_STRATEGY = "bookwyrm.thumbnail_generation.Strategy"
 # https://docs.djangoproject.com/en/3.2/howto/static-files/
 
 PROJECT_DIR = os.path.dirname(os.path.abspath(__file__))
+CSP_ADDITIONAL_HOSTS = env.list("CSP_ADDITIONAL_HOSTS", [])
 
 # Storage
 
@@ -361,15 +362,15 @@ if USE_S3:
     MEDIA_FULL_URL = MEDIA_URL
     STATIC_FULL_URL = STATIC_URL
     DEFAULT_FILE_STORAGE = "bookwyrm.storage_backends.ImagesStorage"
-    CSP_DEFAULT_SRC = ("'self'", AWS_S3_CUSTOM_DOMAIN)
-    CSP_SCRIPT_SRC = ("'self'", AWS_S3_CUSTOM_DOMAIN)
+    CSP_DEFAULT_SRC = ["'self'", AWS_S3_CUSTOM_DOMAIN] + CSP_ADDITIONAL_HOSTS
+    CSP_SCRIPT_SRC = ["'self'", AWS_S3_CUSTOM_DOMAIN] + CSP_ADDITIONAL_HOSTS
 else:
     STATIC_URL = "/static/"
     MEDIA_URL = "/images/"
     MEDIA_FULL_URL = f"{PROTOCOL}://{DOMAIN}{MEDIA_URL}"
     STATIC_FULL_URL = f"{PROTOCOL}://{DOMAIN}{STATIC_URL}"
-    CSP_DEFAULT_SRC = "'self'"
-    CSP_SCRIPT_SRC = "'self'"
+    CSP_DEFAULT_SRC = ["'self'"] + CSP_ADDITIONAL_HOSTS
+    CSP_SCRIPT_SRC = ["'self'"] + CSP_ADDITIONAL_HOSTS
 
 CSP_INCLUDE_NONCE_IN = ["script-src"]
 

From 9b94c1c288613256d29f37d11ff034dc484523d0 Mon Sep 17 00:00:00 2001
From: 0x29a <grrrr@protonmail.com>
Date: Wed, 22 Feb 2023 16:24:26 +0100
Subject: [PATCH 19/22] fix: missing expand variable

---
 bookwyrm/templates/discover/large-book.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bookwyrm/templates/discover/large-book.html b/bookwyrm/templates/discover/large-book.html
index f016a2f65..939544987 100644
--- a/bookwyrm/templates/discover/large-book.html
+++ b/bookwyrm/templates/discover/large-book.html
@@ -46,7 +46,7 @@
             </div>
 
             <div class="notification has-background-body p-2 mb-2 clip-text">
-                {% include "snippets/status/content_status.html" with hide_book=True trim_length=70 hide_more=True %}
+                {% include "snippets/status/content_status.html" with hide_book=True trim_length=70 hide_more=True expand=False %}
             </div>
             <a href="{{ status.remote_id }}">
                 <span>{% trans "View status" %}</span>

From 0a07607240248d69bd25626805b746f986e751f9 Mon Sep 17 00:00:00 2001
From: Mouse Reeve <mousereeve@riseup.net>
Date: Wed, 22 Feb 2023 08:43:13 -0800
Subject: [PATCH 20/22] Improves discover page test so it catches errors

Without `select_subclasses` in the mock, it wasn't actually collecting
any statuses to display, so errors on that view weren't caught in this
test.
---
 bookwyrm/tests/views/test_discover.py | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/bookwyrm/tests/views/test_discover.py b/bookwyrm/tests/views/test_discover.py
index b0989da8f..ffe8c51c9 100644
--- a/bookwyrm/tests/views/test_discover.py
+++ b/bookwyrm/tests/views/test_discover.py
@@ -11,6 +11,7 @@ from bookwyrm.tests.validate_html import validate_html
 class DiscoverViews(TestCase):
     """pages you land on without really trying"""
 
+    # pylint: disable=invalid-name
     def setUp(self):
         """we need basic test data and mocks"""
         self.factory = RequestFactory()
@@ -43,7 +44,7 @@ class DiscoverViews(TestCase):
 
     @patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async")
     @patch("bookwyrm.activitystreams.add_status_task.delay")
-    def test_discover_page(self, *_):
+    def test_discover_page_with_posts(self, *_):
         """there are so many views, this just makes sure it LOADS"""
         view = views.Discover.as_view()
         request = self.factory.get("")
@@ -53,17 +54,34 @@ class DiscoverViews(TestCase):
             title="hi", parent_work=models.Work.objects.create(title="work")
         )
 
+        models.ReviewRating.objects.create(
+            book=book,
+            user=self.local_user,
+            rating=4,
+        )
+        models.Review.objects.create(
+            book=book,
+            user=self.local_user,
+            content="hello",
+            rating=4,
+        )
         models.Comment.objects.create(
             book=book,
             user=self.local_user,
             content="hello",
         )
+        models.Quotation.objects.create(
+            book=book,
+            user=self.local_user,
+            quote="beep",
+            content="hello",
+        )
         models.Status.objects.create(user=self.local_user, content="beep")
 
         with patch(
             "bookwyrm.activitystreams.ActivityStream.get_activity_stream"
         ) as mock:
-            mock.return_value = models.Status.objects.all()
+            mock.return_value = models.Status.objects.select_subclasses().all()
             result = view(request)
         self.assertEqual(mock.call_count, 1)
         self.assertEqual(result.status_code, 200)

From 43fe4331338eee4468566cec16d76af086d84f4c Mon Sep 17 00:00:00 2001
From: Giebisch <rafael@giebisch-mail.de>
Date: Thu, 23 Feb 2023 18:40:20 +0100
Subject: [PATCH 21/22] Quotation same start and endposition

---
 bookwyrm/templates/snippets/create_status/quotation.html | 3 +++
 bookwyrm/templates/snippets/status/content_status.html   | 4 ++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/bookwyrm/templates/snippets/create_status/quotation.html b/bookwyrm/templates/snippets/create_status/quotation.html
index 9cc76d5a9..bd1d817ad 100644
--- a/bookwyrm/templates/snippets/create_status/quotation.html
+++ b/bookwyrm/templates/snippets/create_status/quotation.html
@@ -65,6 +65,9 @@ uuid: a unique identifier used to make html "id" attributes unique and clarify j
                     {% if not draft %}data-cache-draft="id_position_{{ book.id }}_{{ type }}"{% endif %}
                 >
             </div>
+            <div class="button is-static">
+                {% trans "to" %}
+            </div>
             <div class="control">
                 <input
                     aria-label="{% if draft.position_mode == 'PG' %}Page{% else %}Percent{% endif %}"
diff --git a/bookwyrm/templates/snippets/status/content_status.html b/bookwyrm/templates/snippets/status/content_status.html
index 4c4d89341..2b1e12582 100644
--- a/bookwyrm/templates/snippets/status/content_status.html
+++ b/bookwyrm/templates/snippets/status/content_status.html
@@ -99,9 +99,9 @@
                             &mdash; {% include 'snippets/book_titleby.html' with book=status.book %}
                             {% if status.position %}
                                 {% if status.position_mode == 'PG' %}
-                                    {% blocktrans with page=status.position|intcomma %}(Page {{ page }}{% endblocktrans%}{% if status.endposition%} - {% blocktrans with endpage=status.endposition|intcomma %}{{ endpage }}{% endblocktrans %}{% endif%})
+                                    {% blocktrans with page=status.position|intcomma %}(Page {{ page }}{% endblocktrans%}{% if status.endposition and status.endposition != status.position %} - {% blocktrans with endpage=status.endposition|intcomma %}{{ endpage }}{% endblocktrans %}{% endif%})
                                 {% else %}
-                                    {% blocktrans with percent=status.position %}({{ percent }}%{% endblocktrans %}{% if status.endposition%}{% blocktrans with endpercent=status.endposition|intcomma %} - {{ endpercent }}%{% endblocktrans %}{% endif %})
+                                    {% blocktrans with percent=status.position %}({{ percent }}%{% endblocktrans %}{% if status.endposition and status.endposition != status.position %}{% blocktrans with endpercent=status.endposition|intcomma %} - {{ endpercent }}%{% endblocktrans %}{% endif %})
                                 {% endif %}
                             {% endif %}
                         </p>

From b4e388a9758dd2c79195975bc94870a7b987ed46 Mon Sep 17 00:00:00 2001
From: wanjiku <wanjikukangangi@gmail.com>
Date: Fri, 24 Feb 2023 11:11:55 +0300
Subject: [PATCH 22/22] Replace Next and Previous with Older and Newer

---
 bookwyrm/templates/snippets/pagination.html | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bookwyrm/templates/snippets/pagination.html b/bookwyrm/templates/snippets/pagination.html
index db2396ae7..85f966f50 100644
--- a/bookwyrm/templates/snippets/pagination.html
+++ b/bookwyrm/templates/snippets/pagination.html
@@ -9,7 +9,7 @@
         {% endif %}>
 
         <span class="icon icon-arrow-left" aria-hidden="true"></span>
-        {% trans "Previous" %}
+        {% trans "Older" %}
     </a>
 
     <a
@@ -20,7 +20,7 @@
         aria-hidden="true"
         {% endif %}>
 
-        {% trans "Next" %}
+        {% trans "Newer" %}
         <span class="icon icon-arrow-right" aria-hidden="true"></span>
     </a>