Merge branch 'main' into totp-window

2024-11-22 09:31:08 +00:00 · 2023-02-27 18:21:39 +11:00 · 2023-02-27 18:21:39 +11:00 · bba0d09fa4
commit bba0d09fa4
parent d123cc6b0c 3a67727a9a
41 changed files with 187 additions and 50 deletions
--- a/.env.example
+++ b/.env.example
@ -126,3 +126,8 @@ HTTP_X_FORWARDED_PROTO=false
 # which will be accepted.
 TWO_FACTOR_LOGIN_VALIDITY_WINDOW=2
 TWO_FACTOR_LOGIN_MAX_SECONDS=60
 # Additional hosts to allow in the Content-Security-Policy, "self" (should be DOMAIN)
 # and AWS_S3_CUSTOM_DOMAIN (if used) are added by default.
 # Value should be a comma-separated list of host names.
 CSP_ADDITIONAL_HOSTS=
--- a/bookwyrm/forms/status.py
+++ b/bookwyrm/forms/status.py
@ -53,6 +53,7 @@ class QuotationForm(CustomForm):
            "sensitive",
            "privacy",
            "position",
            "endposition",
            "position_mode",
        ]
--- a/bookwyrm/migrations/0174_auto_20230130_1240.py
+++ b/bookwyrm/migrations/0174_auto_20230130_1240.py
@ -0,0 +1,35 @@
 # Generated by Django 3.2.16 on 2023-01-30 12:40
 import django.core.validators
 from django.db import migrations, models
 import django.db.models.deletion
 class Migration(migrations.Migration):
    dependencies = [
        ("auth", "0012_alter_user_first_name_max_length"),
        ("bookwyrm", "0173_default_user_auth_group_setting"),
    ]
    operations = [
        migrations.AddField(
            model_name="quotation",
            name="endposition",
            field=models.IntegerField(
                blank=True,
                null=True,
                validators=[django.core.validators.MinValueValidator(0)],
            ),
        ),
        migrations.AlterField(
            model_name="sitesettings",
            name="default_user_auth_group",
            field=models.ForeignKey(
                blank=True,
                null=True,
                on_delete=django.db.models.deletion.PROTECT,
                to="auth.group",
            ),
        ),
    ]
--- a/bookwyrm/models/activitypub_mixin.py
+++ b/bookwyrm/models/activitypub_mixin.py
@ -21,7 +21,7 @@ from django.utils.http import http_date
 from bookwyrm import activitypub
 from bookwyrm.settings import USER_AGENT, PAGE_LENGTH
 from bookwyrm.signatures import make_signature, make_digest
-from bookwyrm.tasks import app, MEDIUM
+from bookwyrm.tasks import app, MEDIUM, BROADCAST
 from bookwyrm.models.fields import ImageField, ManyToManyField
 logger = logging.getLogger(__name__)
@ -126,7 +126,7 @@ class ActivitypubMixin:
        # there OUGHT to be only one match
        return match.first()
-    def broadcast(self, activity, sender, software=None, queue=MEDIUM):
+    def broadcast(self, activity, sender, software=None, queue=BROADCAST):
        """send out an activity"""
        broadcast_task.apply_async(
            args=(
@ -198,7 +198,7 @@ class ActivitypubMixin:
 class ObjectMixin(ActivitypubMixin):
    """add this mixin for object models that are AP serializable"""
-    def save(self, *args, created=None, software=None, priority=MEDIUM, **kwargs):
+    def save(self, *args, created=None, software=None, priority=BROADCAST, **kwargs):
        """broadcast created/updated/deleted objects as appropriate"""
        broadcast = kwargs.get("broadcast", True)
        # this bonus kwarg would cause an error in the base save method
@ -506,7 +506,7 @@ def unfurl_related_field(related_field, sort_field=None):
    return related_field.remote_id
-@app.task(queue=MEDIUM)
+@app.task(queue=BROADCAST)
 def broadcast_task(sender_id: int, activity: str, recipients: List[str]):
    """the celery task for broadcast"""
    user_model = apps.get_model("bookwyrm.User", require_ready=True)
--- a/bookwyrm/models/site.py
+++ b/bookwyrm/models/site.py
@ -72,7 +72,7 @@ class SiteSettings(SiteModel):
    invite_request_question = models.BooleanField(default=False)
    require_confirm_email = models.BooleanField(default=True)
    default_user_auth_group = models.ForeignKey(
-        auth_models.Group, null=True, blank=True, on_delete=models.PROTECT
+        auth_models.Group, null=True, blank=True, on_delete=models.RESTRICT
    )
    invite_question_text = models.CharField(
--- a/bookwyrm/models/status.py
+++ b/bookwyrm/models/status.py
@ -329,6 +329,9 @@ class Quotation(BookStatus):
    position = models.IntegerField(
        validators=[MinValueValidator(0)], null=True, blank=True
    )
    endposition = models.IntegerField(
        validators=[MinValueValidator(0)], null=True, blank=True
    )
    position_mode = models.CharField(
        max_length=3,
        choices=ProgressMode.choices,
--- a/bookwyrm/settings.py
+++ b/bookwyrm/settings.py
@ -11,7 +11,7 @@ from django.utils.translation import gettext_lazy as _
 env = Env()
 env.read_env()
 DOMAIN = env("DOMAIN")
-VERSION = "0.5.4"
+VERSION = "0.5.5"
 RELEASE_API = env(
    "RELEASE_API",
@ -101,6 +101,7 @@ MIDDLEWARE = [
    "django.middleware.locale.LocaleMiddleware",
    "django.middleware.common.CommonMiddleware",
    "django.middleware.csrf.CsrfViewMiddleware",
    "csp.middleware.CSPMiddleware",
    "django.contrib.auth.middleware.AuthenticationMiddleware",
    "bookwyrm.middleware.TimezoneMiddleware",
    "bookwyrm.middleware.IPBlocklistMiddleware",
@ -329,12 +330,15 @@ IMAGEKIT_DEFAULT_CACHEFILE_STRATEGY = "bookwyrm.thumbnail_generation.Strategy"
 # https://docs.djangoproject.com/en/3.2/howto/static-files/
 PROJECT_DIR = os.path.dirname(os.path.abspath(__file__))
 CSP_ADDITIONAL_HOSTS = env.list("CSP_ADDITIONAL_HOSTS", [])
 # Storage
 PROTOCOL = "http"
 if USE_HTTPS:
    PROTOCOL = "https"
    SESSION_COOKIE_SECURE = True
    CSRF_COOKIE_SECURE = True
 USE_S3 = env.bool("USE_S3", False)
@ -358,11 +362,17 @@ if USE_S3:
    MEDIA_FULL_URL = MEDIA_URL
    STATIC_FULL_URL = STATIC_URL
    DEFAULT_FILE_STORAGE = "bookwyrm.storage_backends.ImagesStorage"
    CSP_DEFAULT_SRC = ["'self'", AWS_S3_CUSTOM_DOMAIN] + CSP_ADDITIONAL_HOSTS
    CSP_SCRIPT_SRC = ["'self'", AWS_S3_CUSTOM_DOMAIN] + CSP_ADDITIONAL_HOSTS
 else:
    STATIC_URL = "/static/"
    MEDIA_URL = "/images/"
    MEDIA_FULL_URL = f"{PROTOCOL}://{DOMAIN}{MEDIA_URL}"
    STATIC_FULL_URL = f"{PROTOCOL}://{DOMAIN}{STATIC_URL}"
    CSP_DEFAULT_SRC = ["'self'"] + CSP_ADDITIONAL_HOSTS
    CSP_SCRIPT_SRC = ["'self'"] + CSP_ADDITIONAL_HOSTS
 CSP_INCLUDE_NONCE_IN = ["script-src"]
 OTEL_EXPORTER_OTLP_ENDPOINT = env("OTEL_EXPORTER_OTLP_ENDPOINT", None)
 OTEL_EXPORTER_OTLP_HEADERS = env("OTEL_EXPORTER_OTLP_HEADERS", None)
--- a/bookwyrm/signatures.py
+++ b/bookwyrm/signatures.py
@ -15,7 +15,7 @@ MAX_SIGNATURE_AGE = 300
 def create_key_pair():
    """a new public/private key pair, used for creating new users"""
    random_generator = Random.new().read
-    key = RSA.generate(1024, random_generator)
+    key = RSA.generate(2048, random_generator)
    private_key = key.export_key().decode("utf8")
    public_key = key.public_key().export_key().decode("utf8")
--- a/bookwyrm/static/css/bookwyrm/overrides/_bulma_overrides.scss
+++ b/bookwyrm/static/css/bookwyrm/overrides/_bulma_overrides.scss
@ -40,7 +40,7 @@
            }
            .navbar-item {
-                // see ../components/_details.scss :: Navbar details
+                /* see ../components/_details.scss :: Navbar details */
                padding-right: 1.75rem;
                font-size: 1rem;
            }
@ -109,3 +109,9 @@
    max-height: 35em;
    overflow: hidden;
 }
 .dropdown-menu .button {
    @include mobile {
        font-size: $size-6;
    }
 }
--- a/bookwyrm/tasks.py
+++ b/bookwyrm/tasks.py
@ -16,3 +16,5 @@ MEDIUM = "medium_priority"
 HIGH = "high_priority"
 # import items get their own queue because they're such a pain in the ass
 IMPORTS = "imports"
 # I keep making more queues?? this one broadcasting out
 BROADCAST = "broadcast"
--- a/bookwyrm/templates/discover/large-book.html
+++ b/bookwyrm/templates/discover/large-book.html
@ -46,7 +46,7 @@
            </div>
            <div class="notification has-background-body p-2 mb-2 clip-text">
-                {% include "snippets/status/content_status.html" with hide_book=True trim_length=70 hide_more=True %}
+                {% include "snippets/status/content_status.html" with hide_book=True trim_length=70 hide_more=True expand=False %}
            </div>
            <a href="{{ status.remote_id }}">
                <span>{% trans "View status" %}</span>
--- a/bookwyrm/templates/feed/status.html
+++ b/bookwyrm/templates/feed/status.html
@ -30,7 +30,7 @@
        {% endif %}
        {% endfor %}
        <div class="is-main block">
-            {% include 'snippets/status/status.html' with status=status main=True %}
+            {% include 'snippets/status/status.html' with status=status main=True expand=True %}
        </div>
        {% for child in children %}
--- a/bookwyrm/templates/guided_tour/book.html
+++ b/bookwyrm/templates/guided_tour/book.html
@ -1,6 +1,6 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
    const tour = new Shepherd.Tour({
        exitOnEsc: true,
    });
--- a/bookwyrm/templates/guided_tour/group.html
+++ b/bookwyrm/templates/guided_tour/group.html
@ -1,6 +1,6 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
    const tour = new Shepherd.Tour({
        exitOnEsc: true,
    });
--- a/bookwyrm/templates/guided_tour/home.html
+++ b/bookwyrm/templates/guided_tour/home.html
@ -1,6 +1,6 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
 const initiateTour = new Shepherd.Tour({
    exitOnEsc: true,
 });
--- a/bookwyrm/templates/guided_tour/lists.html
+++ b/bookwyrm/templates/guided_tour/lists.html
@ -2,7 +2,7 @@
 {% load utilities %}
 {% load user_page_tags %}
-<script>
+<script nonce="{{request.csp_nonce}}">
    const tour = new Shepherd.Tour({
        exitOnEsc: true,
--- a/bookwyrm/templates/guided_tour/search.html
+++ b/bookwyrm/templates/guided_tour/search.html
@ -1,6 +1,6 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
    let localResult = document.querySelector(".local-book-search-result");
    let remoteResult = document.querySelector(".remote-book-search-result");
--- a/bookwyrm/templates/guided_tour/user_books.html
+++ b/bookwyrm/templates/guided_tour/user_books.html
@ -1,6 +1,6 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
    const tour = new Shepherd.Tour({
        exitOnEsc: true,
    });
--- a/bookwyrm/templates/guided_tour/user_groups.html
+++ b/bookwyrm/templates/guided_tour/user_groups.html
@ -1,6 +1,6 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
    const tour = new Shepherd.Tour({
        exitOnEsc: true,
    });
--- a/bookwyrm/templates/guided_tour/user_profile.html
+++ b/bookwyrm/templates/guided_tour/user_profile.html
@ -1,6 +1,6 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
 const tour = new Shepherd.Tour({
    exitOnEsc: true,
 });
--- a/bookwyrm/templates/layout.html
+++ b/bookwyrm/templates/layout.html
@ -183,7 +183,7 @@
 {% include 'snippets/footer.html' %}
 {% endblock %}
-<script>
+<script nonce="{{request.csp_nonce}}">
    var csrf_token = '{{ csrf_token }}';
 </script>
--- a/bookwyrm/templates/ostatus/template.html
+++ b/bookwyrm/templates/ostatus/template.html
@ -11,7 +11,7 @@
    <title>{% block title %}{% endblock %}</title>
    <meta name="viewport" content="width=device-width, initial-scale=1">
    <link href="{% sass_src site_theme %}" rel="stylesheet" type="text/css" />
-    <script>
+    <script nonce="{{request.csp_nonce}}">
        function closeWindow() {
            window.close();
        }
@ -32,7 +32,7 @@
    </div>
 </div>
-<script>
+<script nonce="{{request.csp_nonce}}">
    var csrf_token = '{{ csrf_token }}';
 </script>
 <script src="{% static 'js/bookwyrm.js' %}?v={{ js_cache }}"></script>
--- a/bookwyrm/templates/settings/celery.html
+++ b/bookwyrm/templates/settings/celery.html
@ -20,31 +20,37 @@
 {% if queues %}
 <section class="block content">
    <h2>{% trans "Queues" %}</h2>
-    <div class="columns has-text-centered">
+    <div class="columns has-text-centered is-multiline">
-        <div class="column is-3">
+        <div class="column is-4">
            <div class="notification">
                <p class="header">{% trans "Low priority" %}</p>
                <p class="title is-5">{{ queues.low_priority|intcomma }}</p>
            </div>
        </div>
-        <div class="column is-3">
+        <div class="column is-4">
            <div class="notification">
                <p class="header">{% trans "Medium priority" %}</p>
                <p class="title is-5">{{ queues.medium_priority|intcomma }}</p>
            </div>
        </div>
-        <div class="column is-3">
+        <div class="column is-4">
            <div class="notification">
                <p class="header">{% trans "High priority" %}</p>
                <p class="title is-5">{{ queues.high_priority|intcomma }}</p>
            </div>
        </div>
-        <div class="column is-3">
+        <div class="column is-6">
            <div class="notification">
                <p class="header">{% trans "Imports" %}</p>
                <p class="title is-5">{{ queues.imports|intcomma }}</p>
            </div>
        </div>
        <div class="column is-6">
            <div class="notification">
                <p class="header">{% trans "Broadcasts" %}</p>
                <p class="title is-5">{{ queues.broadcast|intcomma }}</p>
            </div>
        </div>
    </div>
 </section>
 {% else %}
--- a/bookwyrm/templates/settings/dashboard/registration_chart.html
+++ b/bookwyrm/templates/settings/dashboard/registration_chart.html
@ -1,5 +1,5 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
 var registerStats = new Chart(
    document.getElementById('register_stats'),
    {
--- a/bookwyrm/templates/settings/dashboard/status_chart.html
+++ b/bookwyrm/templates/settings/dashboard/status_chart.html
@ -1,5 +1,5 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
 var statusStats = new Chart(
    document.getElementById('status_stats'),
--- a/bookwyrm/templates/settings/dashboard/user_chart.html
+++ b/bookwyrm/templates/settings/dashboard/user_chart.html
@ -1,5 +1,5 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
 var userStats = new Chart(
    document.getElementById('user_stats'),
--- a/bookwyrm/templates/settings/dashboard/works_chart.html
+++ b/bookwyrm/templates/settings/dashboard/works_chart.html
@ -1,5 +1,5 @@
 {% load i18n %}
-<script>
+<script nonce="{{request.csp_nonce}}">
 var worksStats = new Chart(
    document.getElementById('works_stats'),
--- a/bookwyrm/templates/snippets/create_status/quotation.html
+++ b/bookwyrm/templates/snippets/create_status/quotation.html
@ -65,6 +65,22 @@ uuid: a unique identifier used to make html "id" attributes unique and clarify j
                    {% if not draft %}data-cache-draft="id_position_{{ book.id }}_{{ type }}"{% endif %}
                >
            </div>
            <div class="button is-static">
                {% trans "to" %}
            </div>
            <div class="control">
                <input
                    aria-label="{% if draft.position_mode == 'PG' %}Page{% else %}Percent{% endif %}"
                    class="input"
                    type="number"
                    min="0"
                    name="endposition"
                    size="3"
                    value="{% firstof draft.endposition '' %}"
                    id="endposition_{{ uuid }}"
                    {% if not draft %}data-cache-draft="id_endposition_{{ book.id }}_{{ type }}"{% endif %}
                >
            </div>
        </div>
    </div>
 {% endblock %}
--- a/bookwyrm/templates/snippets/pagination.html
+++ b/bookwyrm/templates/snippets/pagination.html
@ -9,7 +9,7 @@
        {% endif %}>
        <span class="icon icon-arrow-left" aria-hidden="true"></span>
-        {% trans "Previous" %}
+        {% trans "Older" %}
    </a>
    <a
@ -20,7 +20,7 @@
        aria-hidden="true"
        {% endif %}>
-        {% trans "Next" %}
+        {% trans "Newer" %}
        <span class="icon icon-arrow-right" aria-hidden="true"></span>
    </a>
--- a/bookwyrm/templates/snippets/report_button.html
+++ b/bookwyrm/templates/snippets/report_button.html
@ -5,7 +5,7 @@
 {% join "report" report_uuid as modal_id %}
 <button
-    class="button is-small is-danger is-light is-fullwidth"
+    class="button is-small is-danger is-light is-fullwidth {{ class }}"
    type="button"
    data-modal-open="{{ modal_id }}"
    {% if is_current %}disabled{% endif %}
--- a/bookwyrm/templates/snippets/status/body.html
+++ b/bookwyrm/templates/snippets/status/body.html
@ -6,9 +6,8 @@
 {% if status_type == 'GeneratedNote' or status_type == 'Rating' %}
    {% include 'snippets/status/generated_status.html' with status=status %}
 {% else %}
-    {% include 'snippets/status/content_status.html' with status=status %}
+    {% include 'snippets/status/content_status.html' with status=status expand=expand %}
 {% endif %}
 {% endwith %}
 {% endblock %}
--- a/bookwyrm/templates/snippets/status/content_status.html
+++ b/bookwyrm/templates/snippets/status/content_status.html
@ -99,9 +99,9 @@
                            &mdash; {% include 'snippets/book_titleby.html' with book=status.book %}
                            {% if status.position %}
                                {% if status.position_mode == 'PG' %}
-                                    {% blocktrans with page=status.position|intcomma %}(Page {{ page }}){% endblocktrans %}
+                                    {% blocktrans with page=status.position|intcomma %}(Page {{ page }}{% endblocktrans%}{% if status.endposition and status.endposition != status.position %} - {% blocktrans with endpage=status.endposition|intcomma %}{{ endpage }}{% endblocktrans %}{% endif%})
                                {% else %}
-                                    {% blocktrans with percent=status.position %}({{ percent }}%){% endblocktrans %}
+                                    {% blocktrans with percent=status.position %}({{ percent }}%{% endblocktrans %}{% if status.endposition and status.endposition != status.position %}{% blocktrans with endpercent=status.endposition|intcomma %} - {{ endpercent }}%{% endblocktrans %}{% endif %})
                                {% endif %}
                            {% endif %}
                        </p>
@ -109,7 +109,7 @@
                {% endif %}
                {% if status.content and status_type != 'GeneratedNote' and status_type != 'Announce' %}
-                    {% with full=status.content|safe no_trim=status.content_warning itemprop="reviewBody" %}
+                    {% with full=status.content|safe no_trim=status.content_warning|default:expand itemprop="reviewBody" %}
                        {% include 'snippets/trimmed_text.html' %}
                    {% endwith %}
                {% endif %}
@ -155,4 +155,3 @@
 </div>
 {% endwith %}
--- a/bookwyrm/templates/snippets/status/status.html
+++ b/bookwyrm/templates/snippets/status/status.html
@ -10,6 +10,6 @@
        {% trans "boosted" %}
        {% include 'snippets/status/body.html' with status=status|boosted_status %}
    {% else %}
-        {% include 'snippets/status/body.html' with status=status %}
+        {% include 'snippets/status/body.html' with status=status expand=expand %}
    {% endif %}
 {% endif %}
--- a/bookwyrm/tests/views/books/test_book.py
+++ b/bookwyrm/tests/views/books/test_book.py
@ -257,6 +257,33 @@ class BookViews(TestCase):
        self.assertEqual(mock.call_args[0][0], "https://openlibrary.org/book/123")
        self.assertEqual(result.status_code, 302)
    @patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async")
    @patch("bookwyrm.activitystreams.add_status_task.delay")
    def test_quotation_endposition(self, *_):
        """make sure the endposition is served as well"""
        view = views.Book.as_view()
        _ = models.Quotation.objects.create(
            user=self.local_user,
            book=self.book,
            content="hi",
            quote="wow",
            position=12,
            endposition=13,
        )
        request = self.factory.get("")
        request.user = self.local_user
        with patch("bookwyrm.views.books.books.is_api_request") as is_api:
            is_api.return_value = False
            result = view(request, self.book.id, user_statuses="quotation")
        self.assertIsInstance(result, TemplateResponse)
        validate_html(result.render())
        print(result.render())
        self.assertEqual(result.status_code, 200)
        self.assertEqual(result.context_data["statuses"].object_list[0].endposition, 13)
 def _setup_cover_url():
    """creates cover url mock"""
--- a/bookwyrm/tests/views/test_discover.py
+++ b/bookwyrm/tests/views/test_discover.py
@ -11,6 +11,7 @@ from bookwyrm.tests.validate_html import validate_html
 class DiscoverViews(TestCase):
    """pages you land on without really trying"""
    # pylint: disable=invalid-name
    def setUp(self):
        """we need basic test data and mocks"""
        self.factory = RequestFactory()
@ -43,7 +44,7 @@ class DiscoverViews(TestCase):
    @patch("bookwyrm.models.activitypub_mixin.broadcast_task.apply_async")
    @patch("bookwyrm.activitystreams.add_status_task.delay")
-    def test_discover_page(self, *_):
+    def test_discover_page_with_posts(self, *_):
        """there are so many views, this just makes sure it LOADS"""
        view = views.Discover.as_view()
        request = self.factory.get("")
@ -53,17 +54,34 @@ class DiscoverViews(TestCase):
            title="hi", parent_work=models.Work.objects.create(title="work")
        )
        models.ReviewRating.objects.create(
            book=book,
            user=self.local_user,
            rating=4,
        )
        models.Review.objects.create(
            book=book,
            user=self.local_user,
            content="hello",
            rating=4,
        )
        models.Comment.objects.create(
            book=book,
            user=self.local_user,
            content="hello",
        )
        models.Quotation.objects.create(
            book=book,
            user=self.local_user,
            quote="beep",
            content="hello",
        )
        models.Status.objects.create(user=self.local_user, content="beep")
        with patch(
            "bookwyrm.activitystreams.ActivityStream.get_activity_stream"
        ) as mock:
-            mock.return_value = models.Status.objects.all()
+            mock.return_value = models.Status.objects.select_subclasses().all()
            result = view(request)
        self.assertEqual(mock.call_count, 1)
        self.assertEqual(result.status_code, 200)
--- a/bookwyrm/views/admin/celery_status.py
+++ b/bookwyrm/views/admin/celery_status.py
@ -8,7 +8,7 @@ from django.views.decorators.http import require_GET
 import redis
 from celerywyrm import settings
-from bookwyrm.tasks import app as celery
+from bookwyrm.tasks import app as celery, LOW, MEDIUM, HIGH, IMPORTS, BROADCAST
 r = redis.from_url(settings.REDIS_BROKER_URL)
@ -35,10 +35,11 @@ class CeleryStatus(View):
        try:
            queues = {
-                "low_priority": r.llen("low_priority"),
+                LOW: r.llen(LOW),
-                "medium_priority": r.llen("medium_priority"),
+                MEDIUM: r.llen(MEDIUM),
-                "high_priority": r.llen("high_priority"),
+                HIGH: r.llen(HIGH),
-                "imports": r.llen("imports"),
+                IMPORTS: r.llen(IMPORTS),
                BROADCAST: r.llen(BROADCAST),
            }
        # pylint: disable=broad-except
        except Exception as err:
--- a/bookwyrm/views/admin/dashboard.py
+++ b/bookwyrm/views/admin/dashboard.py
@ -12,6 +12,8 @@ from django.utils import timezone
 from django.utils.decorators import method_decorator
 from django.views import View
 from csp.decorators import csp_update
 from bookwyrm import models, settings
 from bookwyrm.connectors.abstract_connector import get_data
 from bookwyrm.connectors.connector_manager import ConnectorException
@ -27,6 +29,9 @@ from bookwyrm.utils import regex
 class Dashboard(View):
    """admin overview"""
    @csp_update(
        SCRIPT_SRC="https://cdn.jsdelivr.net/npm/chart.js@3.5.1/dist/chart.min.js"
    )
    def get(self, request):
        """list of users"""
        data = get_charts_and_stats(request)
--- a/bookwyrm/views/search.py
+++ b/bookwyrm/views/search.py
@ -8,6 +8,8 @@ from django.http import JsonResponse
 from django.template.response import TemplateResponse
 from django.views import View
 from csp.decorators import csp_update
 from bookwyrm import models
 from bookwyrm.connectors import connector_manager
 from bookwyrm.book_search import search, format_search_result
@ -21,6 +23,7 @@ from .helpers import handle_remote_webfinger
 class Search(View):
    """search users or books"""
    @csp_update(IMG_SRC="*")
    def get(self, request):
        """that search bar up top"""
        if is_api_request(request):
--- a/contrib/systemd/bookwyrm-worker.service
+++ b/contrib/systemd/bookwyrm-worker.service
@ -6,7 +6,7 @@ After=network.target postgresql.service redis.service
 User=bookwyrm
 Group=bookwyrm
 WorkingDirectory=/opt/bookwyrm/
-ExecStart=/opt/bookwyrm/venv/bin/celery -A celerywyrm worker -l info -Q high_priority,medium_priority,low_priority,import
+ExecStart=/opt/bookwyrm/venv/bin/celery -A celerywyrm worker -l info -Q high_priority,medium_priority,low_priority,import,broadcast
 StandardOutput=journal
 StandardError=inherit
--- a/docker-compose.yml
+++ b/docker-compose.yml
@ -62,7 +62,7 @@ services:
    build: .
    networks:
      - main
-    command: celery -A celerywyrm worker -l info -Q high_priority,medium_priority,low_priority,imports
+    command: celery -A celerywyrm worker -l info -Q high_priority,medium_priority,low_priority,imports,broadcast
    volumes:
      - .:/app
      - static_volume:/app/static
--- a/requirements.txt
+++ b/requirements.txt
@ -2,12 +2,13 @@ aiohttp==3.8.3
 bleach==5.0.1
 celery==5.2.7
 colorthief==0.2.1
-Django==3.2.17
+Django==3.2.18
 django-celery-beat==2.4.0
 django-compressor==4.3.1
 django-imagekit==4.1.0
 django-model-utils==4.3.1
 django-sass-processor==1.2.2
 django-csp==3.7
 environs==9.5.0
 flower==1.2.0
 libsass==0.22.0