From e138a585d18f31a9673bad5f30d6168edbde7892 Mon Sep 17 00:00:00 2001
From: Jason Kelly <jason.kelly@lingumi.com>
Date: Sun, 23 May 2021 14:07:45 +0800
Subject: [PATCH 1/6] Setting `client_max_body_size` to 10m.

- Removed commented-out nginx config for clarity.
---
 nginx/development   |  2 ++
 nginx/production    | 59 +--------------------------------------------
 nginx/server_config |  1 +
 3 files changed, 4 insertions(+), 58 deletions(-)
 create mode 100644 nginx/server_config

diff --git a/nginx/development b/nginx/development
index d3898287..cdc90df1 100644
--- a/nginx/development
+++ b/nginx/development
@@ -5,6 +5,8 @@ upstream web {
 server {
     listen 80;
 
+    include /etc/nginx/conf.d/server_config;
+
     location / {
         proxy_pass http://web;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/nginx/production b/nginx/production
index c5d83cbf..95225c26 100644
--- a/nginx/production
+++ b/nginx/production
@@ -6,67 +6,10 @@ server {
     listen [::]:80;
     listen 80;
 
-    server_name your-domain.com www.your-domain.com;
+    include /etc/nginx/conf.d/server_config;
 
     location ~ /.well-known/acme-challenge {
         allow all;
         root /var/www/certbot;
     }
-
-#     # redirect http to https
-#     return 301 https://your-domain.com$request_uri;
-# }
-#
-# server {
-#     listen [::]:443 ssl http2;
-#     listen 443 ssl http2;
-#
-#     server_name your-domain.com;
-#
-#     # SSL code
-#     ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
-#     ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
-#
-#     location ~ /.well-known/acme-challenge {
-#         allow all;
-#         root /var/www/certbot;
-#     }
-#
-#     location / {
-#         proxy_pass http://web;
-#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-#         proxy_set_header Host $host;
-#         proxy_redirect off;
-#     }
-#
-#     location /images/ {
-#         alias /app/images/;
-#     }
-#
-#     location /static/ {
-#         alias /app/static/;
-#     }
 }
-
-# Reverse-Proxy server
-# server {
-#     listen [::]:8001;
-#     listen 8001;
-
-#     server_name your-domain.com www.your-domain.com;
-
-#     location / {
-#         proxy_pass http://web;
-#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-#         proxy_set_header Host $host;
-#         proxy_redirect off;
-#     }
-
-#     location /images/ {
-#         alias /app/images/;
-#     }
-
-#     location /static/ {
-#         alias /app/static/;
-#     }
-# }
diff --git a/nginx/server_config b/nginx/server_config
new file mode 100644
index 00000000..c9aad8e4
--- /dev/null
+++ b/nginx/server_config
@@ -0,0 +1 @@
+client_max_body_size 10m;

From c9617c4bd372c26f4ed8b015ae70e64673752bdb Mon Sep 17 00:00:00 2001
From: Jason Kelly <jason.kelly@lingumi.com>
Date: Sun, 23 May 2021 14:09:13 +0800
Subject: [PATCH 2/6] Added `EMAIL_BACKEND` to env settings to be able to use
 console backend in local dev.

---
 bookwyrm/settings.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/bookwyrm/settings.py b/bookwyrm/settings.py
index d694e33f..b689a6a2 100644
--- a/bookwyrm/settings.py
+++ b/bookwyrm/settings.py
@@ -21,6 +21,7 @@ CELERY_TASK_SERIALIZER = "json"
 CELERY_RESULT_SERIALIZER = "json"
 
 # email
+EMAIL_BACKEND = env("EMAIL_BACKEND", "django.core.mail.backends.smtp.EmailBackend")
 EMAIL_HOST = env("EMAIL_HOST")
 EMAIL_PORT = env("EMAIL_PORT", 587)
 EMAIL_HOST_USER = env("EMAIL_HOST_USER")

From 6e655cb0e0fdf0d52681d12ee96e14d11d21fcc8 Mon Sep 17 00:00:00 2001
From: Jason Kelly <jason.kelly@lingumi.com>
Date: Sun, 23 May 2021 14:12:00 +0800
Subject: [PATCH 3/6] Added new widget to alert if a file is set at larger than
 10 MB.

- Updated default widget to use template that adds a notification box.
- Added JS to add onchange & load events to look at the value in the input and trigger the notification & disable the form submits.
---
 bookwyrm/models/fields.py                     | 15 ++++++++
 bookwyrm/static/js/bookwyrm.js                | 35 +++++++++++++++++++
 .../clearable_file_input_with_warning.html    |  3 ++
 3 files changed, 53 insertions(+)
 create mode 100644 bookwyrm/templates/widgets/clearable_file_input_with_warning.html

diff --git a/bookwyrm/models/fields.py b/bookwyrm/models/fields.py
index 123b3efa..d4d94aa2 100644
--- a/bookwyrm/models/fields.py
+++ b/bookwyrm/models/fields.py
@@ -9,6 +9,7 @@ from django.contrib.postgres.fields import ArrayField as DjangoArrayField
 from django.core.exceptions import ValidationError
 from django.core.files.base import ContentFile
 from django.db import models
+from django.forms import ClearableFileInput, ImageField
 from django.utils import timezone
 from django.utils.translation import gettext_lazy as _
 from bookwyrm import activitypub
@@ -332,6 +333,14 @@ class TagField(ManyToManyField):
         return items
 
 
+class ClearableFileInputWithWarning(ClearableFileInput):
+    template_name = 'widgets/clearable_file_input_with_warning.html'
+
+
+class CustomImageField(ImageField):
+    widget = ClearableFileInputWithWarning
+
+
 def image_serializer(value, alt):
     """helper for serializing images"""
     if value and hasattr(value, "url"):
@@ -395,6 +404,12 @@ class ImageField(ActivitypubFieldMixin, models.ImageField):
         image_content = ContentFile(response.content)
         return [image_name, image_content]
 
+    def formfield(self, **kwargs):
+        return super().formfield(**{
+            'form_class': CustomImageField,
+            **kwargs,
+        })
+
 
 class DateTimeField(ActivitypubFieldMixin, models.DateTimeField):
     """activitypub-aware datetime field"""
diff --git a/bookwyrm/static/js/bookwyrm.js b/bookwyrm/static/js/bookwyrm.js
index 3659a20e..2c43d738 100644
--- a/bookwyrm/static/js/bookwyrm.js
+++ b/bookwyrm/static/js/bookwyrm.js
@@ -3,6 +3,7 @@
 
 let BookWyrm = new class {
     constructor() {
+        this.MAX_FILE_SIZE = 10000000
         this.initOnDOMLoaded();
         this.initReccuringTasks();
         this.initEventListeners();
@@ -32,15 +33,26 @@ let BookWyrm = new class {
                 'click',
                 this.back)
             );
+
+        document.querySelectorAll('input[type="file"]')
+            .forEach(node => node.addEventListener(
+                'change',
+                this.disableIfTooLarge.bind(this)
+            ));
     }
 
     /**
      * Execute code once the DOM is loaded.
      */
     initOnDOMLoaded() {
+        const bookwyrm = this
+
         window.addEventListener('DOMContentLoaded', function() {
             document.querySelectorAll('.tab-group')
                 .forEach(tabs => new TabGroup(tabs));
+            document.querySelectorAll('input[type="file"]').forEach(
+                bookwyrm.disableIfTooLarge.bind(bookwyrm)
+            )
         });
     }
 
@@ -284,4 +296,27 @@ let BookWyrm = new class {
             node.classList.remove(classname);
         }
     }
+
+    disableIfTooLarge(eventOrElement) {
+        const { addRemoveClass, MAX_FILE_SIZE } = this
+        const element = eventOrElement.currentTarget || eventOrElement
+
+        const submits = element.form.querySelectorAll('[type="submit"]')
+        const warns = element.parentElement.querySelectorAll('.file-too-big')
+        const isTooBig = element.files &&
+            element.files[0] &&
+            element.files[0].size > MAX_FILE_SIZE
+
+        if (isTooBig) {
+            submits.forEach(submitter => submitter.disabled = true)
+            warns.forEach(
+                sib => addRemoveClass(sib, 'is-hidden', false)
+            )
+        } else {
+            submits.forEach(submitter => submitter.disabled = false)
+            warns.forEach(
+                sib => addRemoveClass(sib, 'is-hidden', true)
+            )
+        }
+    }
 }
diff --git a/bookwyrm/templates/widgets/clearable_file_input_with_warning.html b/bookwyrm/templates/widgets/clearable_file_input_with_warning.html
new file mode 100644
index 00000000..700e22f9
--- /dev/null
+++ b/bookwyrm/templates/widgets/clearable_file_input_with_warning.html
@@ -0,0 +1,3 @@
+{% load i18n %}
+{% include "django/forms/widgets/clearable_file_input.html" %}
+<span class="help file-cta is-hidden file-too-big">{% trans "File exceeds maximum size: 10MB" %}</span>

From 318e0bf508ac9ccc2c0076763d6eb28bc0a5ab0b Mon Sep 17 00:00:00 2001
From: Jason Kelly <jason.kelly@lingumi.com>
Date: Sun, 23 May 2021 14:27:02 +0800
Subject: [PATCH 4/6] Fixing nginx-config misunderstanding.

---
 nginx/development |  4 ++--
 nginx/production  | 61 ++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 62 insertions(+), 3 deletions(-)

diff --git a/nginx/development b/nginx/development
index cdc90df1..05b27c2b 100644
--- a/nginx/development
+++ b/nginx/development
@@ -1,3 +1,5 @@
+include /etc/nginx/conf.d/server_config;
+
 upstream web {
     server web:8000;
 }
@@ -5,8 +7,6 @@ upstream web {
 server {
     listen 80;
 
-    include /etc/nginx/conf.d/server_config;
-
     location / {
         proxy_pass http://web;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/nginx/production b/nginx/production
index 95225c26..54c84af4 100644
--- a/nginx/production
+++ b/nginx/production
@@ -1,3 +1,5 @@
+include /etc/nginx/conf.d/server_config;
+
 upstream web {
     server web:8000;
 }
@@ -6,10 +8,67 @@ server {
     listen [::]:80;
     listen 80;
 
-    include /etc/nginx/conf.d/server_config;
+    server_name your-domain.com www.your-domain.com;
 
     location ~ /.well-known/acme-challenge {
         allow all;
         root /var/www/certbot;
     }
+
+#     # redirect http to https
+#     return 301 https://your-domain.com$request_uri;
+# }
+#
+# server {
+#     listen [::]:443 ssl http2;
+#     listen 443 ssl http2;
+#
+#     server_name your-domain.com;
+#
+#     # SSL code
+#     ssl_certificate /etc/nginx/ssl/live/your-domain.com/fullchain.pem;
+#     ssl_certificate_key /etc/nginx/ssl/live/your-domain.com/privkey.pem;
+#
+#     location ~ /.well-known/acme-challenge {
+#         allow all;
+#         root /var/www/certbot;
+#     }
+#
+#     location / {
+#         proxy_pass http://web;
+#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#         proxy_set_header Host $host;
+#         proxy_redirect off;
+#     }
+#
+#     location /images/ {
+#         alias /app/images/;
+#     }
+#
+#     location /static/ {
+#         alias /app/static/;
+#     }
 }
+
+# Reverse-Proxy server
+# server {
+#     listen [::]:8001;
+#     listen 8001;
+
+#     server_name your-domain.com www.your-domain.com;
+
+#     location / {
+#         proxy_pass http://web;
+#         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+#         proxy_set_header Host $host;
+#         proxy_redirect off;
+#     }
+
+#     location /images/ {
+#         alias /app/images/;
+#     }
+
+#     location /static/ {
+#         alias /app/static/;
+#     }
+# }

From 7eb5f3b026cd11e2a981db294ae31770a36cc192 Mon Sep 17 00:00:00 2001
From: Jason Kelly <jason.kelly@lingumi.com>
Date: Sun, 23 May 2021 14:31:22 +0800
Subject: [PATCH 5/6] Making magic number more readable

---
 bookwyrm/static/js/bookwyrm.js | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/bookwyrm/static/js/bookwyrm.js b/bookwyrm/static/js/bookwyrm.js
index 2c43d738..598dd93a 100644
--- a/bookwyrm/static/js/bookwyrm.js
+++ b/bookwyrm/static/js/bookwyrm.js
@@ -3,7 +3,7 @@
 
 let BookWyrm = new class {
     constructor() {
-        this.MAX_FILE_SIZE = 10000000
+        this.MAX_FILE_SIZE_BYTES = 10 * 1000000
         this.initOnDOMLoaded();
         this.initReccuringTasks();
         this.initEventListeners();
@@ -298,14 +298,14 @@ let BookWyrm = new class {
     }
 
     disableIfTooLarge(eventOrElement) {
-        const { addRemoveClass, MAX_FILE_SIZE } = this
+        const { addRemoveClass, MAX_FILE_SIZE_BYTES } = this
         const element = eventOrElement.currentTarget || eventOrElement
 
         const submits = element.form.querySelectorAll('[type="submit"]')
         const warns = element.parentElement.querySelectorAll('.file-too-big')
         const isTooBig = element.files &&
             element.files[0] &&
-            element.files[0].size > MAX_FILE_SIZE
+            element.files[0].size > MAX_FILE_SIZE_BYTES
 
         if (isTooBig) {
             submits.forEach(submitter => submitter.disabled = true)

From b362b72c57531d3d85e272f9892758e57a89edf2 Mon Sep 17 00:00:00 2001
From: Jason Kelly <jason@eatsleepdeploy.com>
Date: Mon, 24 May 2021 09:35:21 +0800
Subject: [PATCH 6/6] Python linting

---
 bookwyrm/models/fields.py | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/bookwyrm/models/fields.py b/bookwyrm/models/fields.py
index d4d94aa2..caa22fcd 100644
--- a/bookwyrm/models/fields.py
+++ b/bookwyrm/models/fields.py
@@ -334,7 +334,7 @@ class TagField(ManyToManyField):
 
 
 class ClearableFileInputWithWarning(ClearableFileInput):
-    template_name = 'widgets/clearable_file_input_with_warning.html'
+    template_name = "widgets/clearable_file_input_with_warning.html"
 
 
 class CustomImageField(ImageField):
@@ -405,10 +405,12 @@ class ImageField(ActivitypubFieldMixin, models.ImageField):
         return [image_name, image_content]
 
     def formfield(self, **kwargs):
-        return super().formfield(**{
-            'form_class': CustomImageField,
-            **kwargs,
-        })
+        return super().formfield(
+            **{
+                "form_class": CustomImageField,
+                **kwargs,
+            }
+        )
 
 
 class DateTimeField(ActivitypubFieldMixin, models.DateTimeField):