neocities
/
neocities
mirror of https://github.com/neocities/neocities


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136
							def dashboard_if_signed_in
  redirect '/dashboard' if signed_in?
end

def csrf_safe?
  csrf_token == params[:csrf_token] || csrf_token == request.env['HTTP_X_CSRF_TOKEN']
end

def csrf_token
   session[:_csrf_token] ||= SecureRandom.base64(32)
end

def is_education?
  current_site && current_site.is_education
end

def require_login
  redirect '/' unless signed_in? && current_site
end

def signed_in?
  return false if current_site.nil?
  true
end

def signout
  @_site = nil
  @_parent_site = nil
  session[:id] = nil
end

def current_site
  return nil if session[:id].nil?
  @_site ||= Site[id: session[:id]]
  @_parent_site ||= @_site.parent

  if @_site.is_banned || @_site.is_deleted || (@_parent_site && (@_parent_site.is_banned || @_parent_site.is_deleted))
    signout
  end

  @_site
end

def parent_site
  @_parent_site || current_site
end

def meta_robots(newtag=nil)
  if newtag
    @_meta_robots = newtag
  end

  @_meta_robots
end

def title
  out = "Neocities"
  return out                  if request.path == '/'
  return "#{out} - #{@title}" if @title
  "#{out} - #{request.path.gsub('/', '').capitalize}"
end

def encoding_fix(file)
  begin
    Rack::Utils.escape_html file
  rescue ArgumentError => e
    if e.message =~ /invalid byte sequence in UTF-8/ ||
       e.message =~ /incompatible character encodings/
      return Rack::Utils.escape_html(file.force_encoding('BINARY'))
    end
    fail
  end
end

def send_confirmation_email(site=current_site)
  if site.email_confirmation_count > Site::MAXIMUM_EMAIL_CONFIRMATIONS
    flash[:error] = 'You sent too many email confirmation requests, cannot continue.'
    redirect request.referrer
  end

  DB['UPDATE sites set email_confirmation_count=email_confirmation_count+1 WHERE id=?', site.id].first

  EmailWorker.perform_async({
    from: 'web@neocities.org',
    reply_to: 'contact@neocities.org',
    to: site.email,
    subject: "[Neocities] Confirm your email address",
    body: Tilt.new('./views/templates/email/confirm.erb', pretty: true).render(self, site: site)
  })
end

def dont_browser_cache
  headers['Cache-Control'] = 'private, no-store, max-age=0, no-cache, must-revalidate, post-check=0, pre-check=0'
  headers['Pragma'] = 'no-cache'
  headers['Expires'] = 'Fri, 01 Jan 1990 00:00:00 GMT'
  @dont_browser_cache = true
end

def sanitize_comment(text)
  Rinku.auto_link Sanitize.fragment(text), :all, 'target="_blank" rel="nofollow"'
end

def flash_display(opts={})
  erb :'_flash', layout: false, locals: {opts: opts}
end

def hcaptcha_valid?
  return true if ENV['RACK_ENV'] == 'test' || ENV['CI']
  return false unless params[:'h-captcha-response']

  resp = HTTP.get('https://hcaptcha.com/siteverify', params: {
    secret: $config['hcaptcha_secret_key'],
    response: params[:'h-captcha-response']
  })

  resp = JSON.parse resp

  if resp['success'] == true
    true
  else
    false
  end
end

JS_ESCAPE_MAP = {"\\" => "\\\\", "</" => '<\/', "\r\n" => '\n', "\n" => '\n', "\r" => '\n', '"' => '\\"', "'" => "\\'", "`" => "\\`", "$" => "\\$"}

def escape_javascript(javascript)
  javascript = javascript.to_s
  if javascript.empty?
    result = ""
  else
    result = javascript.gsub(/(\\|<\/|\r\n|\342\200\250|\342\200\251|[\n\r"']|[`]|[$])/u, JS_ESCAPE_MAP)
  end
  result
end