V0.1.1 release, close to actual release. Bug & security fixes/improvements.

2026-05-24 19:29:41 +02:00
parent a7b44af91a
commit b004e15948
38 changed files with 3145 additions and 137 deletions
--- a/frontend/src/lib/api.js
+++ b/frontend/src/lib/api.js
@@ -1,5 +1,5 @@
 //               "window.location.origin"
-const API_BASE = "http://127.0.0.1:8090";
+export const API_BASE = "http://127.0.0.1:8090";

 export const BOT_USERNAME = "council_websharingbot";

--- a/frontend/src/routes/Home.svelte
+++ b/frontend/src/routes/Home.svelte
@@ -1,5 +1,5 @@
 <script>
-  import { fetchMetadata, verifyPassword, BOT_USERNAME } from '../lib/api.js'
+  import { fetchMetadata, BOT_USERNAME, API_BASE } from '../lib/api.js'

  let cxidInput = $state('')
  let passwordInput = $state('')
@@ -7,32 +7,56 @@
  let loading = $state(false)
  let error = $state('')
  let reportCxid = $state('')
+  let reportStatus = $state('')
+  let reportStatusIsError = $state(false)
+
+  async function submitDirectReport() {
+    reportStatus = ''
+    reportStatusIsError = false
+    if (!reportCxid.trim()) {
+      reportStatus = 'Please enter a content ID.'
+      reportStatusIsError = true
+      return
+    }
+    try {
+      const res = await fetch(`${API_BASE}/api/content/${encodeURIComponent(reportCxid.trim())}/report`, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/json' },
+        body: JSON.stringify({ reason: 'Direct web report' }),
+      })
+      if (!res.ok) {
+        const text = await res.text()
+        throw new Error(text || 'Report failed.')
+      }
+      reportStatus = 'Report submitted successfully.'
+      reportCxid = ''
+    } catch (e) {
+      reportStatus = e.message || 'Report failed.'
+      reportStatusIsError = true
+    }
+  }

  async function submit() {
    error = ''
    if (!cxidInput.trim()) return
    loading = true
    try {
-      const meta = await fetchMetadata(cxidInput.trim())
-      if (meta.has_password && !passwordInput) {
-        needsPassword = true
-        loading = false
-        return
-      }
-      if (meta.has_password) {
-        const ok = await verifyPassword(cxidInput.trim(), passwordInput)
-        if (!ok) {
-          error = 'Incorrect password.'
-          loading = false
-          return
-        }
-      }
+      const meta = await fetchMetadata(cxidInput.trim(), passwordInput)
      const url = new URL(window.location.href)
      url.searchParams.set('cxid', cxidInput.trim())
      if (passwordInput) url.searchParams.set('sc', passwordInput)
      history.pushState({}, '', url.toString())
      window.dispatchEvent(new PopStateEvent('popstate'))
    } catch (e) {
+      if (e.status === 401) {
+        if (passwordInput) {
+          error = 'Incorrect password.'
+        } else {
+          needsPassword = true
+        }
+        loading = false
+        return
+      }
      error = e.message || 'Content not found.'
      loading = false
    }
@@ -49,15 +73,16 @@
  </div>

  <div class="panel">
-    <p class="cg-subtitle">-- cannibal girls --</p>
+    <label for="cxid">Content ID</label>
+    <input id="cxid" type="text" bind:value={cxidInput} placeholder="Enter content ID..." onkeydown={onKeydown} />
+
    <p class="bot-link">
      <a href="https://t.me/{BOT_USERNAME}?start=submit" target="_blank" rel="noopener">
        t.me/{BOT_USERNAME}
      </a>
    </p>
    <p class="share-text">Share & submit your own media</p>
-    <label for="cxid">Content ID</label>
-    <input id="cxid" type="text" bind:value={cxidInput} placeholder="Enter content ID..." onkeydown={onKeydown} />
+    <p class="cg-subtitle">-- cannibal girls --</p>

    {#if needsPassword}
      <label for="pw">Password</label>
@@ -75,15 +100,16 @@
    <details class="misc-section">
      <summary>[ Misc ]</summary>
      <div class="misc-content">
-        <a href="https://t.me/harmfulmeowbot?start=submit" target="_blank" rel="noopener">Report Content via Telegram</a>
+        <a href={`https://t.me/${BOT_USERNAME}?start=submit`} target="_blank" rel="noopener">Report Content via Telegram</a>
        <div class="report-direct">
          <span>Report Content directly</span>
          <div class="report-direct-row">
            <input type="text" bind:value={reportCxid} placeholder="Content ID or link..." />
-            <a href={`https://t.me/harmfulmeowbot?start=report_${reportCxid}`} target="_blank" rel="noopener">
-              <button disabled={!reportCxid.trim()}>[ Submit ]</button>
-            </a>
+            <button onclick={submitDirectReport} disabled={!reportCxid.trim()}>[ Submit ]</button>
          </div>
+          {#if reportStatus}
+            <p class="report-status" style={reportStatusIsError ? 'color: var(--retro-danger);' : 'color: var(--retro-green);'}>{reportStatus}</p>
+          {/if}
        </div>
      </div>
    </details>
@@ -213,13 +239,17 @@
    font-size: 0.75rem;
    cursor: pointer;
  }
+  .report-status {
+    font-size: 0.85rem;
+    margin: 4px 0 0;
+  }
  .bot-link {
    font-style: italic;
    text-align: center;
    margin: 0;
  }
  .bot-link a {
-    color: var(--retro-green);
+    color: var(--retro-accent);
    text-decoration: underline;
    font-size: 0.95rem;
  }