Fix url_for crash on "home_page"

Fixes #130

.dockerignore

@@ -0,0 +1,3 @@
+.git
+data
+uploads

.github/ISSUE_TEMPLATE/bug_report.md

@@ -0,0 +1,13 @@
+---
+name: Bug report
+about: Create a report to help us improve
+title: ''
+labels: Unconfirmed Bug
+assignees: ''
+---
+
+## Summary
+Describe your problem here
+
+##### Steps to reproduce
+For bug reports or build issues, explain how the problem happened

.github/ISSUE_TEMPLATE/feature_request.md

@@ -0,0 +1,25 @@
+---
+name: Feature request
+about: Suggest an idea for this project
+title: ''
+labels: Feature
+assignees: ''
+---
+
+## Problem
+
+A clear and concise description of what the problem is.
+ie: Why is this needed?
+Ex. I'm always frustrated when [...]
+
+## Solutions
+
+A clear and concise description of what you want to happen.
+
+## Alternatives
+
+A clear and concise description of any alternative solutions or features you've considered.
+
+## Additional context
+
+Add any other context or screenshots about the feature request here.

.github/ISSUE_TEMPLATE/policy.md

@@ -0,0 +1,7 @@
+---
+name: Policy suggestion
+about: Suggest a change to the guidelines
+title: ''
+labels: Policy
+assignees: ''
+---

.github/SECURITY.md

@@ -0,0 +1,19 @@
+# Security Policy
+
+## Supported Versions
+
+We only support the latest production version, deployed to <https://content.minetest.net>.
+See the [releases page](https://github.com/minetest/contentdb/releases).
+
+## Reporting a Vulnerability
+
+We ask that you report vulnerabilities privately, by contacting rubenwardy,
+to give us time to fix them. You can do that by using one of the methods outlined in the following link:
+
+* https://rubenwardy.com/contact/
+
+Depending on severity, we will either create a private issue for the vulnerability
+and release a security update, or give you permission to file the issue publicly.
+
+For more information on the justification of this policy, see
+[Responsible Disclosure](https://en.wikipedia.org/wiki/Responsible_disclosure).

.gitignore

@@ -1,13 +1,15 @@
 config.cfg
-config.prod.cfg
+*.env
 *.sqlite
-main.css
+.vscode
+custom.css
 tmp
 log.txt
 *.rdb
-uploads
-thumbnails
+app/public/uploads
+app/public/thumbnails
 celerybeat-schedule
+/data
 
 # Created by https://www.gitignore.io/api/linux,macos,python,windows
 

Dockerfile

@@ -0,0 +1,19 @@
+FROM python:3.6
+
+RUN groupadd -g 5123 cdb && \
+    useradd -r -u 5123 -g cdb cdb
+
+WORKDIR /home/cdb
+
+COPY requirements.txt requirements.txt
+RUN pip install -r ./requirements.txt
+RUN pip install gunicorn
+
+COPY utils utils
+COPY config.cfg ./config.cfg
+COPY migrations migrations
+COPY app app
+
+RUN mkdir /home/cdb/app/public/uploads/
+RUN chown cdb:cdb /home/cdb -R
+USER cdb

README.md

@@ -1,59 +1,19 @@
 # Content Database
 
-## Setup
+Content database for Minetest mods, games, and more.
 
-First create a Python virtual env:
-
-	virtualenv env -ppython3
-	source env/bin/activate
-
-then use pip:
-
-	pip3 install -r requirements.txt
-
-### Development
-
-* Copy config.example.cfg to config.cfg
-* Fill SECRET_KEY and WTF_CSRF_SECRET_KEY in with a random string
-* Make a Github OAuth Client at <https://github.com/settings/developers>:
-	* Homepage URL - `http://localhost:5000/`
-	* Authorization callback URL - `http://localhost:5000/user/github/callback/`
-* Put client id and client secret in GITHUB_CLIENT_ID and GITHUB_CLIENT_SECRET
-* Setup the database: python3 setup.py
-
-
-## Running
-
-### Development
-
-You need to enter the virtual environment if you haven't yet in
-the current session:
-
-	source env/bin/activate
-
-If you need to, reset the db like so:
-
-	python3 setup.py -t
-
-Then run the server:
-
-	./rundebug.py
-
-Then view in your web browser: http://localhost:5000/
+Developed by rubenwardy, license GPLv3.0+.
 
 ## How-tos
 
-### Start celery worker
+Note: you should first read one of the guides on the [Github repo wiki](https://github.com/minetest/contentdb/wiki)
 
 ```sh
+# Run celery worker
 FLASK_CONFIG=../config.cfg celery -A app.tasks.celery worker
-```
 
-### Create migration
-
-```sh
 # if sqlite
-python setup.py -t
+python utils/setup.py -t
 rm db.sqlite && python setup.py -t && FLASK_CONFIG=../config.cfg FLASK_APP=app/__init__.py flask db stamp head
 
 # Create migration
@@ -61,4 +21,7 @@ FLASK_CONFIG=../config.cfg FLASK_APP=app/__init__.py flask db migrate
 
 # Run migration
 FLASK_CONFIG=../config.cfg FLASK_APP=app/__init__.py flask db upgrade
+
+# Enter docker
+docker exec -it contentdb_app_1 bash
 ```

app/__init__.py

@@ -17,29 +17,77 @@
 
 from flask import *
 from flask_user import *
+from flask_gravatar import Gravatar
 import flask_menu as menu
 from flask_mail import Mail
-from flask.ext import markdown
+from flaskext.markdown import Markdown
 from flask_github import GitHub
 from flask_wtf.csrf import CsrfProtect
 from flask_flatpages import FlatPages
-import os
+from flask_babel import Babel
+import os, redis
 
 app = Flask(__name__, static_folder="public/static")
 app.config["FLATPAGES_ROOT"] = "flatpages"
 app.config["FLATPAGES_EXTENSION"] = ".md"
 app.config.from_pyfile(os.environ["FLASK_CONFIG"])
 
+r = redis.Redis.from_url(app.config["REDIS_URL"])
+
 menu.Menu(app=app)
-markdown.Markdown(app, extensions=["fenced_code"], safe_mode=True, output_format="html5")
+markdown = Markdown(app, extensions=["fenced_code"], safe_mode=True, output_format="html5")
 github = GitHub(app)
 csrf = CsrfProtect(app)
 mail = Mail(app)
 pages = FlatPages(app)
+babel = Babel(app)
+gravatar = Gravatar(app,
+		size=58,
+		rating='g',
+		default='mp',
+		force_default=False,
+		force_lower=False,
+		use_ssl=True,
+		base_url=None)
 
-if not app.debug:
+from .sass import sass
+sass(app)
+
+
+if not app.debug and app.config["MAIL_UTILS_ERROR_SEND_TO"]:
 	from .maillogger import register_mail_error_handler
 	register_mail_error_handler(app, mail)
 
-from . import models, tasks
-from .views import *
+
+@babel.localeselector
+def get_locale():
+	return request.accept_languages.best_match(app.config['LANGUAGES'].keys())
+
+from . import models, tasks, template_filters
+
+from .blueprints import create_blueprints
+create_blueprints(app)
+
+from flask_login import logout_user
+
+@app.route("/uploads/<path:path>")
+def send_upload(path):
+	return send_from_directory("public/uploads", path)
+
+@menu.register_menu(app, ".help", "Help", order=19, endpoint_arguments_constructor=lambda: { 'path': 'help' })
+@app.route('/<path:path>/')
+def flatpage(path):
+    page = pages.get_or_404(path)
+    template = page.meta.get('template', 'flatpage.html')
+    return render_template(template, page=page)
+
+@app.before_request
+def check_for_ban():
+	if current_user.is_authenticated:
+		if current_user.rank == models.UserRank.BANNED:
+			flash("You have been banned.", "error")
+			logout_user()
+			return redirect(url_for('user.login'))
+		elif current_user.rank == models.UserRank.NOT_JOINED:
+			current_user.rank = models.UserRank.MEMBER
+			models.db.session.commit()

app/blueprints/__init__.py

@@ -0,0 +1,10 @@
+import os, importlib
+
+def create_blueprints(app):
+	dir = os.path.dirname(os.path.realpath(__file__))
+	modules = next(os.walk(dir))[1]	
+	
+	for modname in modules:		
+		if all(c.islower() for c in modname):
+			module = importlib.import_module("." + modname, __name__)		
+			app.register_blueprint(module.bp)

app/blueprints/admin/__init__.py

@@ -0,0 +1,22 @@
+# Content DB
+# Copyright (C) 2018  rubenwardy
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+from flask import Blueprint
+
+bp = Blueprint("admin", __name__)
+
+from . import admin, licenseseditor, tagseditor, versioneditor

app/blueprints/admin/admin.py

@@ -17,25 +17,32 @@
 
 from flask import *
 from flask_user import *
-from flask.ext import menu
-from app import app
+import flask_menu as menu
+from . import bp
 from app.models import *
 from celery import uuid
 from app.tasks.importtasks import importRepoScreenshot, importAllDependencies, makeVCSRelease
-from app.tasks.forumtasks  import importTopicList
+from app.tasks.forumtasks  import importTopicList, checkAllForumAccounts
 from flask_wtf import FlaskForm
 from wtforms import *
 from app.utils import loginUser, rank_required, triggerNotif
 import datetime
 
-@app.route("/admin/", methods=["GET", "POST"])
+@bp.route("/admin/", methods=["GET", "POST"])
 @rank_required(UserRank.ADMIN)
 def admin_page():
 	if request.method == "POST":
 		action = request.form["action"]
-		if action == "importmodlist":
+		if action == "delstuckreleases":
+			PackageRelease.query.filter(PackageRelease.task_id != None).delete()
+			db.session.commit()
+			return redirect(url_for("admin.admin_page"))
+		elif action == "importmodlist":
 			task = importTopicList.delay()
-			return redirect(url_for("check_task", id=task.id, r=url_for("todo_topics_page")))
+			return redirect(url_for("tasks.check", id=task.id, r=url_for("todo.topics")))
+		elif action == "checkusers":
+			task = checkAllForumAccounts.delay()
+			return redirect(url_for("tasks.check", id=task.id, r=url_for("admin.admin_page")))
 		elif action == "importscreenshots":
 			packages = Package.query \
 				.filter_by(soft_deleted=False) \
@@ -45,7 +52,7 @@ def admin_page():
 			for package in packages:
 				importRepoScreenshot.delay(package.id)
 
-			return redirect(url_for("admin_page"))
+			return redirect(url_for("admin.admin_page"))
 		elif action == "restore":
 			package = Package.query.get(request.form["package"])
 			if package is None:
@@ -53,10 +60,10 @@ def admin_page():
 			else:
 				package.soft_deleted = False
 				db.session.commit()
-				return redirect(url_for("admin_page"))
+				return redirect(url_for("admin.admin_page"))
 		elif action == "importdepends":
 			task = importAllDependencies.delay()
-			return redirect(url_for("check_task", id=task.id, r=url_for("admin_page")))
+			return redirect(url_for("tasks.check", id=task.id, r=url_for("admin.admin_page")))
 		elif action == "modprovides":
 			packages = Package.query.filter_by(type=PackageType.MOD).all()
 			mpackage_cache = {}
@@ -65,13 +72,13 @@ def admin_page():
 					p.provides.append(MetaPackage.GetOrCreate(p.name, mpackage_cache))
 
 			db.session.commit()
-			return redirect(url_for("admin_page"))
+			return redirect(url_for("admin.admin_page"))
 		elif action == "recalcscores":
 			for p in Package.query.all():
 				p.recalcScore()
 
 			db.session.commit()
-			return redirect(url_for("admin_page"))
+			return redirect(url_for("admin.admin_page"))
 		elif action == "vcsrelease":
 			for package in Package.query.filter(Package.repo.isnot(None)).all():
 				if package.releases.count() != 0:
@@ -103,19 +110,19 @@ class SwitchUserForm(FlaskForm):
 	submit = SubmitField("Switch")
 
 
-@app.route("/admin/switchuser/", methods=["GET", "POST"])
+@bp.route("/admin/switchuser/", methods=["GET", "POST"])
 @rank_required(UserRank.ADMIN)
-def switch_user_page():
+def switch_user():
 	form = SwitchUserForm(formdata=request.form)
 	if request.method == "POST" and form.validate():
 		user = User.query.filter_by(username=form["username"].data).first()
 		if user is None:
 			flash("Unable to find user", "error")
 		elif loginUser(user):
-			return redirect(url_for("user_profile_page", username=current_user.username))
+			return redirect(url_for("users.profile", username=current_user.username))
 		else:
 			flash("Unable to login as user", "error")
 
 
 	# Process GET or invalid POST
-	return render_template("admin/switch_user_page.html", form=form)
+	return render_template("admin/switch_user.html", form=form)

app/blueprints/admin/licenseseditor.py

@@ -17,16 +17,16 @@
 
 from flask import *
 from flask_user import *
-from app import app
+from . import bp
 from app.models import *
 from flask_wtf import FlaskForm
 from wtforms import *
 from wtforms.validators import *
 from app.utils import rank_required
 
-@app.route("/licenses/")
+@bp.route("/licenses/")
 @rank_required(UserRank.MODERATOR)
-def license_list_page():
+def license_list():
 	return render_template("admin/licenses/list.html", licenses=License.query.order_by(db.asc(License.name)).all())
 
 class LicenseForm(FlaskForm):
@@ -34,10 +34,10 @@ class LicenseForm(FlaskForm):
 	is_foss  = BooleanField("Is FOSS")
 	submit   = SubmitField("Save")
 
-@app.route("/licenses/new/", methods=["GET", "POST"])
-@app.route("/licenses/<name>/edit/", methods=["GET", "POST"])
+@bp.route("/licenses/new/", methods=["GET", "POST"])
+@bp.route("/licenses/<name>/edit/", methods=["GET", "POST"])
 @rank_required(UserRank.MODERATOR)
-def createedit_license_page(name=None):
+def create_edit_license(name=None):
 	license = None
 	if name is not None:
 		license = License.query.filter_by(name=name).first()
@@ -57,6 +57,6 @@ def createedit_license_page(name=None):
 
 		form.populate_obj(license)
 		db.session.commit()
-		return redirect(url_for("license_list_page"))
+		return redirect(url_for("admin.license_list"))
 
 	return render_template("admin/licenses/edit.html", license=license, form=form)

app/blueprints/admin/tagseditor.py

@@ -17,16 +17,16 @@
 
 from flask import *
 from flask_user import *
-from app import app
+from . import bp
 from app.models import *
 from flask_wtf import FlaskForm
 from wtforms import *
 from wtforms.validators import *
 from app.utils import rank_required
 
-@app.route("/tags/")
+@bp.route("/tags/")
 @rank_required(UserRank.MODERATOR)
-def tag_list_page():
+def tag_list():
 	return render_template("admin/tags/list.html", tags=Tag.query.order_by(db.asc(Tag.title)).all())
 
 class TagForm(FlaskForm):
@@ -34,10 +34,10 @@ class TagForm(FlaskForm):
 	name     = StringField("Name", [Optional(), Length(1, 20), Regexp("^[a-z0-9_]", 0, "Lower case letters (a-z), digits (0-9), and underscores (_) only")])
 	submit   = SubmitField("Save")
 
-@app.route("/tags/new/", methods=["GET", "POST"])
-@app.route("/tags/<name>/edit/", methods=["GET", "POST"])
+@bp.route("/tags/new/", methods=["GET", "POST"])
+@bp.route("/tags/<name>/edit/", methods=["GET", "POST"])
 @rank_required(UserRank.MODERATOR)
-def createedit_tag_page(name=None):
+def create_edit_tag(name=None):
 	tag = None
 	if name is not None:
 		tag = Tag.query.filter_by(name=name).first()
@@ -52,6 +52,6 @@ def createedit_tag_page(name=None):
 		else:
 			form.populate_obj(tag)
 		db.session.commit()
-		return redirect(url_for("createedit_tag_page", name=tag.name))
+		return redirect(url_for("admin.create_edit_tag", name=tag.name))
 
 	return render_template("admin/tags/edit.html", tag=tag, form=form)

app/blueprints/admin/versioneditor.py

@@ -0,0 +1,60 @@
+# Content DB
+# Copyright (C) 2018  rubenwardy
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+from flask import *
+from flask_user import *
+from . import bp
+from app.models import *
+from flask_wtf import FlaskForm
+from wtforms import *
+from wtforms.validators import *
+from app.utils import rank_required
+
+@bp.route("/versions/")
+@rank_required(UserRank.MODERATOR)
+def version_list():
+	return render_template("admin/versions/list.html", versions=MinetestRelease.query.order_by(db.asc(MinetestRelease.id)).all())
+
+class VersionForm(FlaskForm):
+	name	 = StringField("Name", [InputRequired(), Length(3,100)])
+	protocol = IntegerField("Protocol")
+	submit   = SubmitField("Save")
+
+@bp.route("/versions/new/", methods=["GET", "POST"])
+@bp.route("/versions/<name>/edit/", methods=["GET", "POST"])
+@rank_required(UserRank.MODERATOR)
+def create_edit_version(name=None):
+	version = None
+	if name is not None:
+		version = MinetestRelease.query.filter_by(name=name).first()
+		if version is None:
+			abort(404)
+
+	form = VersionForm(formdata=request.form, obj=version)
+	if request.method == "POST" and form.validate():
+		if version is None:
+			version = MinetestRelease(form.name.data)
+			db.session.add(version)
+			flash("Created version " + form.name.data, "success")
+		else:
+			flash("Updated version " + form.name.data, "success")
+
+		form.populate_obj(version)
+		db.session.commit()
+		return redirect(url_for("admin.version_list"))
+
+	return render_template("admin/versions/edit.html", version=version, form=form)

app/blueprints/api/__init__.py

@@ -0,0 +1,100 @@
+# Content DB
+# Copyright (C) 2018  rubenwardy
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+
+from flask import *
+from flask_user import *
+from app.models import *
+from app.utils import is_package_page
+from app.querybuilder import QueryBuilder
+
+bp = Blueprint("api", __name__)
+
+@bp.route("/api/packages/")
+def packages():
+	qb    = QueryBuilder(request.args)
+	query = qb.buildPackageQuery()
+	ver   = qb.getMinetestVersion()
+
+	pkgs = [package.getAsDictionaryShort(current_app.config["BASE_URL"], version=ver) \
+			for package in query.all()]
+	return jsonify(pkgs)
+
+
+@bp.route("/api/packages/<author>/<name>/")
+@is_package_page
+def package(package):
+	return jsonify(package.getAsDictionary(current_app.config["BASE_URL"]))
+
+
+@bp.route("/api/packages/<author>/<name>/dependencies/")
+@is_package_page
+def package_dependencies(package):
+	ret = []
+
+	for dep in package.dependencies:
+		name = None
+		fulfilled_by = None
+
+		if dep.package:
+			name = dep.package.name
+			fulfilled_by = [ dep.package.getAsDictionaryKey() ]
+
+		elif dep.meta_package:
+			name = dep.meta_package.name
+			fulfilled_by = [ pkg.getAsDictionaryKey() for pkg in dep.meta_package.packages]
+
+		else:
+			raise "Malformed dependency"
+
+		ret.append({
+			"name": name,
+			"is_optional": dep.optional,
+			"packages": fulfilled_by
+		})
+
+	return jsonify(ret)
+
+
+@bp.route("/api/topics/")
+def topics():
+	qb     = QueryBuilder(request.args)
+	query  = qb.buildTopicQuery(show_added=True)
+	return jsonify([t.getAsDictionary() for t in query.all()])
+
+
+@bp.route("/api/topic_discard/", methods=["POST"])
+@login_required
+def topic_set_discard():
+	tid = request.args.get("tid")
+	discard = request.args.get("discard")
+	if tid is None or discard is None:
+		abort(400)
+
+	topic = ForumTopic.query.get(tid)
+	if not topic.checkPerm(current_user, Permission.TOPIC_DISCARD):
+		abort(403)
+
+	topic.discarded = discard == "true"
+	db.session.commit()
+
+	return jsonify(topic.getAsDictionary())
+
+
+@bp.route("/api/minetest_versions/")
+def versions():
+	return jsonify([{ "name": rel.name, "protocol_version": rel.protocol }\
+			for rel in MinetestRelease.query.all() if rel.getActual() is not None])

app/blueprints/homepage/__init__.py

@@ -0,0 +1,20 @@
+from flask import Blueprint, render_template
+
+bp = Blueprint("homepage", __name__)
+
+from app.models import *
+import flask_menu as menu
+from sqlalchemy.sql.expression import func
+
+@bp.route("/")
+@menu.register_menu(bp, ".", "Home")
+def home():
+	query   = Package.query.filter_by(approved=True, soft_deleted=False)
+	count   = query.count()
+	new     = query.order_by(db.desc(Package.created_at)).limit(8).all()
+	pop_mod = query.filter_by(type=PackageType.MOD).order_by(db.desc(Package.score)).limit(8).all()
+	pop_gam = query.filter_by(type=PackageType.GAME).order_by(db.desc(Package.score)).limit(4).all()
+	pop_txp = query.filter_by(type=PackageType.TXP).order_by(db.desc(Package.score)).limit(4).all()
+	downloads = db.session.query(func.sum(PackageRelease.downloads)).first()[0]
+	return render_template("index.html", count=count, downloads=downloads, \
+			new=new, pop_mod=pop_mod, pop_txp=pop_txp, pop_gam=pop_gam)

app/blueprints/metapackages/__init__.py

@@ -16,17 +16,19 @@
 
 
 from flask import *
+
+bp = Blueprint("metapackages", __name__)
+
 from flask_user import *
-from app import app
 from app.models import *
 
-@app.route("/metapackages/")
-def meta_package_list_page():
+@bp.route("/metapackages/")
+def list_all():
 	mpackages = MetaPackage.query.order_by(db.asc(MetaPackage.name)).all()
 	return render_template("meta/list.html", mpackages=mpackages)
 
-@app.route("/metapackages/<name>/")
-def meta_package_page(name):
+@bp.route("/metapackages/<name>/")
+def view(name):
 	mpackage = MetaPackage.query.filter_by(name=name).first()
 	if mpackage is None:
 		abort(404)

app/blueprints/notifications/__init__.py

@@ -15,19 +15,20 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 
-from flask import *
+from flask import Blueprint
 from flask_user import current_user, login_required
-from app import app
-from app.models import *
+from app.models import db
 
-@app.route("/notifications/")
+bp = Blueprint("notifications", __name__)
+
+@bp.route("/notifications/")
 @login_required
-def notifications_page():
+def list_all():
 	return render_template("notifications/list.html")
 
-@app.route("/notifications/clear/", methods=["POST"])
+@bp.route("/notifications/clear/", methods=["POST"])
 @login_required
-def clear_notifications_page():
+def clear():
 	current_user.notifications.clear()
 	db.session.commit()
-	return redirect(url_for("notifications_page"))
+	return redirect(url_for("notifications.list_all"))

app/blueprints/packages/__init__.py

@@ -0,0 +1,21 @@
+# Content DB
+# Copyright (C) 2018  rubenwardy
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+from flask import Blueprint
+
+bp = Blueprint("packages", __name__)
+
+from . import packages, screenshots, releases

app/blueprints/packages/editrequests.py

@@ -14,10 +14,8 @@
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
-
 from flask import *
 from flask_user import *
-from flask.ext import menu
 from app import app
 from app.models import *
 

app/blueprints/packages/packages.py

@@ -15,92 +15,31 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 
-from flask import *
-from flask_user import *
-from flask.ext import menu
-from app import app
-from app.models import *
-from app.tasks.importtasks import importRepoScreenshot, makeVCSRelease
+from flask import render_template, abort, request, redirect, url_for, flash
+from flask_user import current_user
+import flask_menu as menu
 
+from . import bp
+
+from app.models import *
+from app.querybuilder import QueryBuilder
+from app.tasks.importtasks import importRepoScreenshot
 from app.utils import *
 
-from celery import uuid
 from flask_wtf import FlaskForm
 from wtforms import *
 from wtforms.validators import *
 from wtforms.ext.sqlalchemy.fields import QuerySelectField, QuerySelectMultipleField
-from sqlalchemy import or_, any_
+from sqlalchemy import or_
 
 
-class QueryBuilder:
-	title  = None
-	types  = None
-	search = None
-
-	def __init__(self):
-		title = "Packages"
-
-		# Get request types
-		types = request.args.getlist("type")
-		types = [PackageType.get(tname) for tname in types]
-		types = [type for type in types if type is not None]
-		if len(types) > 0:
-			title = ", ".join([type.value + "s" for type in types])
-
-		self.title  = title
-		self.types  = types
-		self.search = request.args.get("q")
-		self.lucky  = "lucky" in request.args
-		self.hide_nonfree = isNo(request.args.get("nonfree"))
-		self.limit  = 1 if self.lucky else None
-
-	def buildPackageQuery(self):
-		query = Package.query.filter_by(soft_deleted=False, approved=True)
-
-		if len(self.types) > 0:
-			query = query.filter(Package.type.in_(self.types))
-
-		if self.search is not None and self.search.strip() != "":
-			query = query.filter(Package.title.ilike('%' + self.search + '%'))
-
-		query = query.order_by(db.desc(Package.score))
-
-		if self.hide_nonfree:
-			query = query.filter(Package.license.has(License.is_foss == True))
-			query = query.filter(Package.media_license.has(License.is_foss == True))
-
-		if self.limit:
-			query = query.limit(self.limit)
-
-		return query
-
-	def buildTopicQuery(self):
-		topics = ForumTopic.query \
-				.filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \
-				.order_by(db.asc(ForumTopic.wip), db.asc(ForumTopic.name), db.asc(ForumTopic.title)) \
-				.filter(ForumTopic.title.ilike('%' + self.search + '%'))
-
-		if len(self.types) > 0:
-			topics = topics.filter(ForumTopic.type.in_(self.types))
-
-		if self.hide_nonfree:
-			query = query.filter(Package.license.has(License.is_foss == True))
-			query = query.filter(Package.media_license.has(License.is_foss == True))
-
-		if self.limit:
-			topics = topics.limit(self.limit)
-
-		return topics
-
-@menu.register_menu(app, ".mods", "Mods", order=11, endpoint_arguments_constructor=lambda: { 'type': 'mod' })
-@menu.register_menu(app, ".games", "Games", order=12, endpoint_arguments_constructor=lambda: { 'type': 'game' })
-@menu.register_menu(app, ".txp", "Texture Packs", order=13, endpoint_arguments_constructor=lambda: { 'type': 'txp' })
-@app.route("/packages/")
-def packages_page():
-	if shouldReturnJson():
-		return redirect(url_for("api_packages_page"))
-
-	qb    = QueryBuilder()
+@menu.register_menu(bp, ".mods", "Mods", order=11, endpoint_arguments_constructor=lambda: { 'type': 'mod' })
+@menu.register_menu(bp, ".games", "Games", order=12, endpoint_arguments_constructor=lambda: { 'type': 'game' })
+@menu.register_menu(bp, ".txp", "Texture Packs", order=13, endpoint_arguments_constructor=lambda: { 'type': 'txp' })
+@menu.register_menu(bp, ".random", "Random", order=14, endpoint_arguments_constructor=lambda: { 'random': '1' })
+@bp.route("/packages/")
+def list_all():
+	qb    = QueryBuilder(request.args)
 	query = qb.buildPackageQuery()
 	title = qb.title
 
@@ -110,19 +49,19 @@ def packages_page():
 			return redirect(package.getDetailsURL())
 
 		topic = qb.buildTopicQuery().first()
-		if topic:
+		if qb.search and topic:
 			return redirect("https://forum.minetest.net/viewtopic.php?t=" + str(topic.topic_id))
 
-	page  = int(request.args.get("page") or 1)
-	num   = min(42, int(request.args.get("n") or 100))
+	page  = get_int_or_abort(request.args.get("page"), 1)
+	num   = min(40, get_int_or_abort(request.args.get("n"), 100))
 	query = query.paginate(page, num, True)
 
 	search = request.args.get("q")
 	type_name = request.args.get("type")
 
-	next_url = url_for("packages_page", type=type_name, q=search, page=query.next_num) \
+	next_url = url_for("packages.list_all", type=type_name, q=search, page=query.next_num) \
 			if query.has_next else None
-	prev_url = url_for("packages_page", type=type_name, q=search, page=query.prev_num) \
+	prev_url = url_for("packages.list_all", type=type_name, q=search, page=query.prev_num) \
 			if query.has_prev else None
 
 	topics = None
@@ -138,23 +77,24 @@ def packages_page():
 
 def getReleases(package):
 	if package.checkPerm(current_user, Permission.MAKE_RELEASE):
-		return package.releases
+		return package.releases.limit(5)
 	else:
-		return [rel for rel in package.releases if rel.approved]
+		return package.releases.filter_by(approved=True).limit(5)
 
 
-@app.route("/packages/<author>/<name>/")
+@bp.route("/packages/<author>/<name>/")
 @is_package_page
-def package_page(package):
+def view(package):
 	clearNotifications(package.getDetailsURL())
 
 	alternatives = None
 	if package.type == PackageType.MOD:
 		alternatives = Package.query \
-				.filter_by(name=package.name, type=PackageType.MOD, soft_deleted=False) \
-				.filter(Package.id != package.id) \
-				.order_by(db.asc(Package.title)) \
-				.all()
+			.filter_by(name=package.name, type=PackageType.MOD, soft_deleted=False) \
+			.filter(Package.id != package.id) \
+			.order_by(db.desc(Package.score)) \
+			.all()
+
 
 	show_similar_topics = current_user == package.author or \
 			package.checkPerm(current_user, Permission.APPROVE_NEW)
@@ -180,13 +120,13 @@ def package_page(package):
 		errors = []
 		if Package.query.filter_by(forums=package.forums, soft_deleted=False).count() > 1:
 			errors.append("<b>Error: Another package already uses this forum topic!</b>")
-			topic_error_lvl = "error"
+			topic_error_lvl = "danger"
 
 		topic = ForumTopic.query.get(package.forums)
 		if topic is not None:
 			if topic.author != package.author:
 				errors.append("<b>Error: Forum topic author doesn't match package author.</b>")
-				topic_error_lvl = "error"
+				topic_error_lvl = "danger"
 
 			if topic.wip:
 				errors.append("Warning: Forum topic is in WIP section, make sure package meets playability standards.")
@@ -210,9 +150,9 @@ def package_page(package):
 			threads=threads.all())
 
 
-@app.route("/packages/<author>/<name>/download/")
+@bp.route("/packages/<author>/<name>/download/")
 @is_package_page
-def package_download_page(package):
+def download(package):
 	release = package.getDownloadRelease()
 
 	if release is None:
@@ -223,31 +163,36 @@ def package_download_page(package):
 			flash("No download available.", "error")
 			return redirect(package.getDetailsURL())
 	else:
+		PackageRelease.query.filter_by(id=release.id).update({
+				"downloads": PackageRelease.downloads + 1
+			})
+		db.session.commit()
+
 		return redirect(release.url, code=302)
 
 
 class PackageForm(FlaskForm):
 	name          = StringField("Name (Technical)", [InputRequired(), Length(1, 20), Regexp("^[a-z0-9_]", 0, "Lower case letters (a-z), digits (0-9), and underscores (_) only")])
 	title         = StringField("Title (Human-readable)", [InputRequired(), Length(3, 50)])
-	shortDesc     = StringField("Short Description (Plaintext)", [InputRequired(), Length(1,200)])
+	short_desc     = StringField("Short Description (Plaintext)", [InputRequired(), Length(1,200)])
 	desc          = TextAreaField("Long Description (Markdown)", [Optional(), Length(0,10000)])
 	type          = SelectField("Type", [InputRequired()], choices=PackageType.choices(), coerce=PackageType.coerce, default=PackageType.MOD)
 	license       = QuerySelectField("License", [InputRequired()], query_factory=lambda: License.query.order_by(db.asc(License.name)), get_pk=lambda a: a.id, get_label=lambda a: a.name)
 	media_license = QuerySelectField("Media License", [InputRequired()], query_factory=lambda: License.query.order_by(db.asc(License.name)), get_pk=lambda a: a.id, get_label=lambda a: a.name)
-	provides_str  = StringField("Provides (mods included in package)", [Optional(), Length(0,1000)])
+	provides_str  = StringField("Provides (mods included in package)", [Optional()])
 	tags          = QuerySelectMultipleField('Tags', query_factory=lambda: Tag.query.order_by(db.asc(Tag.name)), get_pk=lambda a: a.id, get_label=lambda a: a.title)
-	harddep_str   = StringField("Hard Dependencies", [Optional(), Length(0,1000)])
-	softdep_str   = StringField("Soft Dependencies", [Optional(), Length(0,1000)])
-	repo          = StringField("VCS Repository URL", [Optional(), URL()])
-	website       = StringField("Website URL", [Optional(), URL()])
-	issueTracker  = StringField("Issue Tracker URL", [Optional(), URL()])
+	harddep_str   = StringField("Hard Dependencies", [Optional()])
+	softdep_str   = StringField("Soft Dependencies", [Optional()])
+	repo          = StringField("VCS Repository URL", [Optional(), URL()], filters = [lambda x: x or None])
+	website       = StringField("Website URL", [Optional(), URL()], filters = [lambda x: x or None])
+	issueTracker  = StringField("Issue Tracker URL", [Optional(), URL()], filters = [lambda x: x or None])
 	forums	      = IntegerField("Forum Topic ID", [Optional(), NumberRange(0,999999)])
 	submit	      = SubmitField("Save")
 
-@app.route("/packages/new/", methods=["GET", "POST"])
-@app.route("/packages/<author>/<name>/edit/", methods=["GET", "POST"])
+@bp.route("/packages/new/", methods=["GET", "POST"])
+@bp.route("/packages/<author>/<name>/edit/", methods=["GET", "POST"])
 @login_required
-def create_edit_package_page(author=None, name=None):
+def create_edit(author=None, name=None):
 	package = None
 	form = None
 	if author is None:
@@ -259,11 +204,11 @@ def create_edit_package_page(author=None, name=None):
 			author = User.query.filter_by(username=author).first()
 			if author is None:
 				flash("Unable to find that user", "error")
-				return redirect(url_for("create_edit_package_page"))
+				return redirect(url_for("packages.create_edit"))
 
 			if not author.checkPerm(current_user, Permission.CHANGE_AUTHOR):
 				flash("Permission denied", "error")
-				return redirect(url_for("create_edit_package_page"))
+				return redirect(url_for("packages.create_edit"))
 
 	else:
 		package = getPackageByInfo(author, name)
@@ -296,17 +241,26 @@ def create_edit_package_page(author=None, name=None):
 					Package.query.filter_by(name=form["name"].data, author_id=author.id).delete()
 				else:
 					flash("Package already exists!", "error")
-					return redirect(url_for("create_edit_package_page"))
+					return redirect(url_for("packages.create_edit"))
 
 			package = Package()
 			package.author = author
 			wasNew = True
+
+		elif package.approved and package.name != form.name.data and \
+				not package.checkPerm(current_user, Permission.CHANGE_NAME):
+			flash("Unable to change package name", "danger")
+			return redirect(url_for("packages.create_edit", author=author, name=name))
+
 		else:
 			triggerNotif(package.author, current_user,
 					"{} edited".format(package.title), package.getDetailsURL())
 
 		form.populate_obj(package) # copy to row
 
+		if package.type== PackageType.TXP:
+			package.license = package.media_license
+
 		mpackage_cache = {}
 		package.provides.clear()
 		mpackages = MetaPackage.SpecToList(form.provides_str.data, mpackage_cache)
@@ -337,7 +291,7 @@ def create_edit_package_page(author=None, name=None):
 		next_url = package.getDetailsURL()
 		if wasNew and package.repo is not None:
 			task = importRepoScreenshot.delay(package.id)
-			next_url = url_for("check_task", id=task.id, r=next_url)
+			next_url = url_for("tasks.check", id=task.id, r=next_url)
 
 		if wasNew and ("WTFPL" in package.license.name or "WTFPL" in package.media_license.name):
 			next_url = url_for("flatpage", path="help/wtfpl", r=next_url)
@@ -354,10 +308,10 @@ def create_edit_package_page(author=None, name=None):
 			packages=package_query.all(), \
 			mpackages=MetaPackage.query.order_by(db.asc(MetaPackage.name)).all())
 
-@app.route("/packages/<author>/<name>/approve/", methods=["POST"])
+@bp.route("/packages/<author>/<name>/approve/", methods=["POST"])
 @login_required
 @is_package_page
-def approve_package_page(package):
+def approve(package):
 	if not package.checkPerm(current_user, Permission.APPROVE_NEW):
 		flash("You don't have permission to do that.", "error")
 
@@ -378,25 +332,41 @@ def approve_package_page(package):
 	return redirect(package.getDetailsURL())
 
 
-@app.route("/packages/<author>/<name>/delete/", methods=["GET", "POST"])
+@bp.route("/packages/<author>/<name>/remove/", methods=["GET", "POST"])
 @login_required
 @is_package_page
-def delete_package_page(package):
+def remove(package):
 	if request.method == "GET":
-		return render_template("packages/delete.html", package=package)
+		return render_template("packages/remove.html", package=package)
 
-	if not package.checkPerm(current_user, Permission.DELETE_PACKAGE):
-		flash("You don't have permission to do that.", "error")
+	if "delete" in request.form:
+		if not package.checkPerm(current_user, Permission.DELETE_PACKAGE):
+			flash("You don't have permission to do that.", "error")
+			return redirect(package.getDetailsURL())
 
-	package.soft_deleted = True
+		package.soft_deleted = True
 
-	url = url_for("user_profile_page", username=package.author.username)
-	triggerNotif(package.author, current_user,
-			"{} deleted".format(package.title), url)
-	db.session.commit()
+		url = url_for("users.profile", username=package.author.username)
+		triggerNotif(package.author, current_user,
+				"{} deleted".format(package.title), url)
+		db.session.commit()
 
-	flash("Deleted package", "success")
+		flash("Deleted package", "success")
 
-	return redirect(url)
+		return redirect(url)
+	elif "unapprove" in request.form:
+		if not package.checkPerm(current_user, Permission.UNAPPROVE_PACKAGE):
+			flash("You don't have permission to do that.", "error")
+			return redirect(package.getDetailsURL())
 
-from . import todo, screenshots, releases
+		package.approved = False
+
+		triggerNotif(package.author, current_user,
+				"{} deleted".format(package.title), package.getDetailsURL())
+		db.session.commit()
+
+		flash("Unapproved package", "success")
+
+		return redirect(package.getDetailsURL())
+	else:
+		abort(400)

app/blueprints/packages/releases.py

@@ -17,36 +17,57 @@
 
 from flask import *
 from flask_user import *
-from flask.ext import menu
-from app import app
+
+from . import bp
+
+from app.rediscache import has_key, set_key, make_download_key
 from app.models import *
 from app.tasks.importtasks import makeVCSRelease
-
 from app.utils import *
 
 from celery import uuid
 from flask_wtf import FlaskForm
 from wtforms import *
 from wtforms.validators import *
+from wtforms.ext.sqlalchemy.fields import QuerySelectField
+
+
+def get_mt_releases(is_max):
+	query = MinetestRelease.query.order_by(db.asc(MinetestRelease.id))
+	if is_max:
+		query = query.limit(query.count() - 1)
+	else:
+		query = query.filter(MinetestRelease.name != "0.4.17")
+
+	return query
+
 
 class CreatePackageReleaseForm(FlaskForm):
 	title	   = StringField("Title", [InputRequired(), Length(1, 30)])
 	uploadOpt  = RadioField ("Method", choices=[("upload", "File Upload")], default="upload")
-	vcsLabel   = StringField("VCS Commit or Branch", default="master")
+	vcsLabel   = StringField("VCS Commit Hash, Branch, or Tag", default="master")
 	fileUpload = FileField("File Upload")
+	min_rel    = QuerySelectField("Minimum Minetest Version", [InputRequired()],
+			query_factory=lambda: get_mt_releases(False), get_pk=lambda a: a.id, get_label=lambda a: a.name)
+	max_rel    = QuerySelectField("Maximum Minetest Version", [InputRequired()],
+			query_factory=lambda: get_mt_releases(True), get_pk=lambda a: a.id, get_label=lambda a: a.name)
 	submit	   = SubmitField("Save")
 
 class EditPackageReleaseForm(FlaskForm):
 	title    = StringField("Title", [InputRequired(), Length(1, 30)])
 	url      = StringField("URL", [URL])
-	task_id  = StringField("Task ID")
+	task_id  = StringField("Task ID", filters = [lambda x: x or None])
 	approved = BooleanField("Is Approved")
+	min_rel  = QuerySelectField("Minimum Minetest Version", [InputRequired()],
+			query_factory=lambda: get_mt_releases(False), get_pk=lambda a: a.id, get_label=lambda a: a.name)
+	max_rel  = QuerySelectField("Maximum Minetest Version", [InputRequired()],
+			query_factory=lambda: get_mt_releases(True), get_pk=lambda a: a.id, get_label=lambda a: a.name)
 	submit   = SubmitField("Save")
 
-@app.route("/packages/<author>/<name>/releases/new/", methods=["GET", "POST"])
+@bp.route("/packages/<author>/<name>/releases/new/", methods=["GET", "POST"])
 @login_required
 @is_package_page
-def create_release_page(package):
+def create_release(package):
 	if not package.checkPerm(current_user, Permission.MAKE_RELEASE):
 		return redirect(package.getDetailsURL())
 
@@ -64,6 +85,8 @@ def create_release_page(package):
 			rel.title   = form["title"].data
 			rel.url     = ""
 			rel.task_id = uuid()
+			rel.min_rel = form["min_rel"].data.getActual()
+			rel.max_rel = form["max_rel"].data.getActual()
 			db.session.add(rel)
 			db.session.commit()
 
@@ -73,14 +96,17 @@ def create_release_page(package):
 			triggerNotif(package.author, current_user, msg, rel.getEditURL())
 			db.session.commit()
 
-			return redirect(url_for("check_task", id=rel.task_id, r=rel.getEditURL()))
+			return redirect(url_for("tasks.check", id=rel.task_id, r=rel.getEditURL()))
 		else:
-			uploadedPath = doFileUpload(form.fileUpload.data, ["zip"], "a zip file")
+			uploadedPath = doFileUpload(form.fileUpload.data, "zip", "a zip file")
 			if uploadedPath is not None:
 				rel = PackageRelease()
 				rel.package = package
 				rel.title = form["title"].data
 				rel.url = uploadedPath
+				rel.min_rel = form["min_rel"].data.getActual()
+				rel.max_rel = form["max_rel"].data.getActual()
+				rel.approve(current_user)
 				db.session.add(rel)
 				db.session.commit()
 
@@ -91,27 +117,30 @@ def create_release_page(package):
 
 	return render_template("packages/release_new.html", package=package, form=form)
 
-@app.route("/packages/<author>/<name>/releases/<id>/download/")
+@bp.route("/packages/<author>/<name>/releases/<id>/download/")
 @is_package_page
-def download_release_page(package, id):
+def download_release(package, id):
 	release = PackageRelease.query.get(id)
 	if release is None or release.package != package:
 		abort(404)
 
-	if release is None:
-		if "application/zip" in request.accept_mimetypes and \
-				not "text/html" in request.accept_mimetypes:
-			return "", 204
-		else:
-			flash("No download available.", "error")
-			return redirect(package.getDetailsURL())
-	else:
-		return redirect(release.url, code=300)
+	ip = request.headers.get("X-Forwarded-For") or request.remote_addr
+	if ip is not None:
+		key = make_download_key(ip, release.package)
+		if not has_key(key):
+			set_key(key, "true")
 
-@app.route("/packages/<author>/<name>/releases/<id>/", methods=["GET", "POST"])
+			PackageRelease.query.filter_by(id=release.id).update({
+					"downloads": PackageRelease.downloads + 1
+				})
+			db.session.commit()
+
+	return redirect(release.url, code=300)
+
+@bp.route("/packages/<author>/<name>/releases/<id>/", methods=["GET", "POST"])
 @login_required
 @is_package_page
-def edit_release_page(package, id):
+def edit_release(package, id):
 	release = PackageRelease.query.get(id)
 	if release is None or release.package != package:
 		abort(404)
@@ -129,11 +158,13 @@ def edit_release_page(package, id):
 		wasApproved = release.approved
 		if canEdit:
 			release.title = form["title"].data
+			release.min_rel = form["min_rel"].data.getActual()
+			release.max_rel = form["max_rel"].data.getActual()
 
 		if package.checkPerm(current_user, Permission.CHANGE_RELEASE_URL):
 			release.url = form["url"].data
 			release.task_id = form["task_id"].data
-			if release.task_id.strip() == "":
+			if release.task_id is not None:
 				release.task_id = None
 
 		if canApprove:
@@ -145,3 +176,43 @@ def edit_release_page(package, id):
 		return redirect(package.getDetailsURL())
 
 	return render_template("packages/release_edit.html", package=package, release=release, form=form)
+
+
+
+class BulkReleaseForm(FlaskForm):
+	set_min = BooleanField("Set Min")
+	min_rel  = QuerySelectField("Minimum Minetest Version", [InputRequired()],
+			query_factory=lambda: get_mt_releases(False), get_pk=lambda a: a.id, get_label=lambda a: a.name)
+	set_max = BooleanField("Set Max")
+	max_rel  = QuerySelectField("Maximum Minetest Version", [InputRequired()],
+			query_factory=lambda: get_mt_releases(True), get_pk=lambda a: a.id, get_label=lambda a: a.name)
+	only_change_none = BooleanField("Only change values previously set as none")
+	submit   = SubmitField("Update")
+
+
+@bp.route("/packages/<author>/<name>/releases/bulk_change/", methods=["GET", "POST"])
+@login_required
+@is_package_page
+def bulk_change_release(package):
+	if not package.checkPerm(current_user, Permission.MAKE_RELEASE):
+		return redirect(package.getDetailsURL())
+
+	# Initial form class from post data and default data
+	form = BulkReleaseForm()
+
+	if request.method == "GET":
+		form.only_change_none.data = True
+	elif request.method == "POST" and form.validate():
+		only_change_none = form.only_change_none.data
+
+		for release in package.releases.all():
+			if form["set_min"].data and (not only_change_none or release.min_rel is None):
+				release.min_rel = form["min_rel"].data.getActual()
+			if form["set_max"].data and (not only_change_none or release.max_rel is None):
+				release.max_rel = form["max_rel"].data.getActual()
+
+		db.session.commit()
+
+		return redirect(package.getDetailsURL())
+
+	return render_template("packages/release_bulk_change.html", package=package, form=form)

app/blueprints/packages/screenshots.py

@@ -17,9 +17,10 @@
 
 from flask import *
 from flask_user import *
-from app import app
-from app.models import *
 
+from . import bp
+
+from app.models import *
 from app.utils import *
 
 from flask_wtf import FlaskForm
@@ -39,23 +40,24 @@ class EditScreenshotForm(FlaskForm):
 	delete   = BooleanField("Delete")
 	submit   = SubmitField("Save")
 
-@app.route("/packages/<author>/<name>/screenshots/new/", methods=["GET", "POST"])
+@bp.route("/packages/<author>/<name>/screenshots/new/", methods=["GET", "POST"])
 @login_required
 @is_package_page
-def create_screenshot_page(package, id=None):
+def create_screenshot(package, id=None):
 	if not package.checkPerm(current_user, Permission.ADD_SCREENSHOTS):
 		return redirect(package.getDetailsURL())
 
 	# Initial form class from post data and default data
 	form = CreateScreenshotForm()
 	if request.method == "POST" and form.validate():
-		uploadedPath = doFileUpload(form.fileUpload.data, ["png", "jpg", "jpeg"],
+		uploadedPath = doFileUpload(form.fileUpload.data, "image",
 				"a PNG or JPG image file")
 		if uploadedPath is not None:
 			ss = PackageScreenshot()
-			ss.package = package
-			ss.title   = form["title"].data or "Untitled"
-			ss.url     = uploadedPath
+			ss.package  = package
+			ss.title    = form["title"].data or "Untitled"
+			ss.url      = uploadedPath
+			ss.approved = package.checkPerm(current_user, Permission.APPROVE_SCREENSHOT)
 			db.session.add(ss)
 
 			msg = "{}: Screenshot added {}" \
@@ -66,10 +68,10 @@ def create_screenshot_page(package, id=None):
 
 	return render_template("packages/screenshot_new.html", package=package, form=form)
 
-@app.route("/packages/<author>/<name>/screenshots/<id>/edit/", methods=["GET", "POST"])
+@bp.route("/packages/<author>/<name>/screenshots/<id>/edit/", methods=["GET", "POST"])
 @login_required
 @is_package_page
-def edit_screenshot_page(package, id):
+def edit_screenshot(package, id):
 	screenshot = PackageScreenshot.query.get(id)
 	if screenshot is None or screenshot.package != package:
 		abort(404)

app/blueprints/tasks/__init__.py

@@ -17,29 +17,29 @@
 
 from flask import *
 from flask_user import *
-from flask.ext import menu
-from app import app, csrf
+import flask_menu as menu
+from app import csrf
 from app.models import *
 from app.tasks import celery, TaskError
 from app.tasks.importtasks import getMeta
 from app.utils import shouldReturnJson
-# from celery.result import AsyncResult
-
 from app.utils import *
 
+bp = Blueprint("tasks", __name__)
+
 @csrf.exempt
-@app.route("/tasks/getmeta/new/", methods=["POST"])
+@bp.route("/tasks/getmeta/new/", methods=["POST"])
 @login_required
-def new_getmeta_page():
+def start_getmeta():
 	author = request.args.get("author")
 	author = current_user.forums_username if author is None else author
 	aresult = getMeta.delay(request.args.get("url"), author)
 	return jsonify({
-		"poll_url": url_for("check_task", id=aresult.id),
+		"poll_url": url_for("tasks.check", id=aresult.id),
 	})
 
-@app.route("/tasks/<id>/")
-def check_task(id):
+@bp.route("/tasks/<id>/")
+def check(id):
 	result = celery.AsyncResult(id)
 	status = result.status
 	traceback = result.traceback

app/blueprints/threads/__init__.py

@@ -16,26 +16,30 @@
 
 
 from flask import *
+
+bp = Blueprint("threads", __name__)
+
 from flask_user import *
-from app import app
 from app.models import *
 from app.utils import triggerNotif, clearNotifications
 
+import datetime
+
 from flask_wtf import FlaskForm
 from wtforms import *
 from wtforms.validators import *
 
-@app.route("/threads/")
-def threads_page():
+@bp.route("/threads/")
+def list_all():
 	query = Thread.query
 	if not Permission.SEE_THREAD.check(current_user):
 		query = query.filter_by(private=False)
 	return render_template("threads/list.html", threads=query.all())
 
 
-@app.route("/threads/<int:id>/subscribe/", methods=["POST"])
+@bp.route("/threads/<int:id>/subscribe/", methods=["POST"])
 @login_required
-def thread_subscribe_page(id):
+def subscribe(id):
 	thread = Thread.query.get(id)
 	if thread is None or not thread.checkPerm(current_user, Permission.SEE_THREAD):
 		abort(404)
@@ -47,12 +51,12 @@ def thread_subscribe_page(id):
 		thread.watchers.append(current_user)
 		db.session.commit()
 
-	return redirect(url_for("thread_page", id=id))
+	return redirect(url_for("threads.view", id=id))
 
 
-@app.route("/threads/<int:id>/unsubscribe/", methods=["POST"])
+@bp.route("/threads/<int:id>/unsubscribe/", methods=["POST"])
 @login_required
-def thread_unsubscribe_page(id):
+def unsubscribe(id):
 	thread = Thread.query.get(id)
 	if thread is None or not thread.checkPerm(current_user, Permission.SEE_THREAD):
 		abort(404)
@@ -64,12 +68,12 @@ def thread_unsubscribe_page(id):
 	else:
 		flash("Not subscribed to thread", "success")
 
-	return redirect(url_for("thread_page", id=id))
+	return redirect(url_for("threads.view", id=id))
 
 
-@app.route("/threads/<int:id>/", methods=["GET", "POST"])
-def thread_page(id):
-	clearNotifications(url_for("thread_page", id=id))
+@bp.route("/threads/<int:id>/", methods=["GET", "POST"])
+def view(id):
+	clearNotifications(url_for("threads.view", id=id))
 
 	thread = Thread.query.get(id)
 	if thread is None or not thread.checkPerm(current_user, Permission.SEE_THREAD):
@@ -78,6 +82,13 @@ def thread_page(id):
 	if current_user.is_authenticated and request.method == "POST":
 		comment = request.form["comment"]
 
+		if not current_user.canCommentRL():
+			flash("Please wait before commenting again", "danger")
+			if package:
+				return redirect(package.getDetailsURL())
+			else:
+				return redirect(url_for("homepage.home"))
+
 		if len(comment) <= 500 and len(comment) > 3:
 			reply = ThreadReply()
 			reply.author = current_user
@@ -97,11 +108,11 @@ def thread_page(id):
 
 			for user in thread.watchers:
 				if user != current_user:
-					triggerNotif(user, current_user, msg, url_for("thread_page", id=thread.id))
+					triggerNotif(user, current_user, msg, url_for("threads.view", id=thread.id))
 
 			db.session.commit()
 
-			return redirect(url_for("thread_page", id=id))
+			return redirect(url_for("threads.view", id=id))
 
 		else:
 			flash("Comment needs to be between 3 and 500 characters.")
@@ -115,9 +126,9 @@ class ThreadForm(FlaskForm):
 	private = BooleanField("Private")
 	submit  = SubmitField("Open Thread")
 
-@app.route("/threads/new/", methods=["GET", "POST"])
+@bp.route("/threads/new/", methods=["GET", "POST"])
 @login_required
-def new_thread_page():
+def new():
 	form = ThreadForm(formdata=request.form)
 
 	package = None
@@ -126,26 +137,33 @@ def new_thread_page():
 		if package is None:
 			flash("Unable to find that package!", "error")
 
-	# Don't allow making threads on approved packages for now
+	# Don't allow making orphan threads on approved packages for now
 	if package is None:
 		abort(403)
 
 	def_is_private   = request.args.get("private") or False
-	if not package.approved:
+	if package is None:
 		def_is_private = True
-	allow_change     = package.approved
-	is_review_thread = package is not None and not package.approved
+	allow_change     = package and package.approved
+	is_review_thread = package and not package.approved
 
 	# Check that user can make the thread
 	if not package.checkPerm(current_user, Permission.CREATE_THREAD):
 		flash("Unable to create thread!", "error")
-		return redirect(url_for("home_page"))
+		return redirect(url_for("homepage.home"))
 
 	# Only allow creating one thread when not approved
 	elif is_review_thread and package.review_thread is not None:
 		flash("A review thread already exists!", "error")
-		if request.method == "GET":
-			return redirect(url_for("thread_page", id=package.review_thread.id))
+		return redirect(url_for("threads.view", id=package.review_thread.id))
+
+	elif not current_user.canOpenThreadRL():
+		flash("Please wait before opening another thread", "danger")
+
+		if package:
+			return redirect(package.getDetailsURL())
+		else:
+			return redirect(url_for("homepage.home"))
 
 	# Set default values
 	elif request.method == "GET":
@@ -178,13 +196,19 @@ def new_thread_page():
 		if is_review_thread:
 			package.review_thread = thread
 
+		notif_msg = None
 		if package is not None:
-			triggerNotif(package.author, current_user,
-					"New thread '{}' on package {}".format(thread.title, package.title), url_for("thread_page", id=thread.id))
+			notif_msg = "New thread '{}' on package {}".format(thread.title, package.title)
+			triggerNotif(package.author, current_user, notif_msg, url_for("threads.view", id=thread.id))
+		else:
+			notif_msg = "New thread '{}'".format(thread.title)
+
+		for user in User.query.filter(User.rank >= UserRank.EDITOR).all():
+			triggerNotif(user, current_user, notif_msg, url_for("threads.view", id=thread.id))
 
 		db.session.commit()
 
-		return redirect(url_for("thread_page", id=thread.id))
+		return redirect(url_for("threads.view", id=thread.id))
 
 
-	return render_template("threads/new.html", form=form, allow_private_change=allow_change)
+	return render_template("threads/new.html", form=form, allow_private_change=allow_change, package=package)

app/blueprints/thumbnails/__init__.py

@@ -16,12 +16,13 @@
 
 
 from flask import *
-from app import app
+
+bp = Blueprint("thumbnails", __name__)
 
 import os
 from PIL import Image
 
-ALLOWED_RESOLUTIONS=[(350,233)]
+ALLOWED_RESOLUTIONS=[(100,67), (270,180), (350,233)]
 
 def mkdir(path):
 	if not os.path.isdir(path):
@@ -56,15 +57,17 @@ def resize_and_crop(img_path, modified_path, size):
 
 	img.save(modified_path)
 
-@app.route("/thumbnails/<img>")
-@app.route("/thumbnails/<int:w>x<int:h>/<img>")
-def make_thumbnail(img, w=350, h=233):
-	if not (w, h) in ALLOWED_RESOLUTIONS:
+
+@bp.route("/thumbnails/<int:level>/<img>")
+def make_thumbnail(img, level):
+	if level > len(ALLOWED_RESOLUTIONS) or level <= 0:
 		abort(403)
 
-	mkdir("app/public/thumbnails/{}x{}/".format(w, h))
+	w, h = ALLOWED_RESOLUTIONS[level - 1]
 
-	cache_filepath  = "public/thumbnails/{}x{}/{}".format(w, h, img)
+	mkdir("app/public/thumbnails/{:d}/".format(level))
+
+	cache_filepath  = "public/thumbnails/{:d}/{}".format(level, img)
 	source_filepath = "public/uploads/" + img
 
 	resize_and_crop("app/" + source_filepath, "app/" + cache_filepath, (w, h))

app/blueprints/todo/__init__.py

@@ -0,0 +1,102 @@
+# Content DB
+# Copyright (C) 2018  rubenwardy
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <https://www.gnu.org/licenses/>.
+
+from flask import *
+from flask_user import *
+import flask_menu as menu
+from app.models import *
+from app.querybuilder import QueryBuilder
+from app.utils import get_int_or_abort
+
+bp = Blueprint("todo", __name__)
+
+@bp.route("/todo/", methods=["GET", "POST"])
+@login_required
+def view():
+	canApproveNew = Permission.APPROVE_NEW.check(current_user)
+	canApproveRel = Permission.APPROVE_RELEASE.check(current_user)
+	canApproveScn = Permission.APPROVE_SCREENSHOT.check(current_user)
+
+	packages = None
+	if canApproveNew:
+		packages = Package.query.filter_by(approved=False, soft_deleted=False).order_by(db.desc(Package.created_at)).all()
+
+	releases = None
+	if canApproveRel:
+		releases = PackageRelease.query.filter_by(approved=False).all()
+
+	screenshots = None
+	if canApproveScn:
+		screenshots = PackageScreenshot.query.filter_by(approved=False).all()
+
+	if not canApproveNew and not canApproveRel and not canApproveScn:
+		abort(403)
+
+	if request.method == "POST":
+		if request.form["action"] == "screenshots_approve_all":
+			if not canApproveScn:
+				abort(403)
+
+			PackageScreenshot.query.update({ "approved": True })
+			db.session.commit()
+			return redirect(url_for("todo.view"))
+		else:
+			abort(400)
+
+	topic_query = ForumTopic.query \
+			.filter_by(discarded=False)
+
+	total_topics = topic_query.count()
+	topics_to_add = topic_query \
+			.filter(~ db.exists().where(Package.forums==ForumTopic.topic_id)) \
+			.count()
+
+	return render_template("todo/list.html", title="Reports and Work Queue",
+		packages=packages, releases=releases, screenshots=screenshots,
+		canApproveNew=canApproveNew, canApproveRel=canApproveRel, canApproveScn=canApproveScn,
+		topics_to_add=topics_to_add, total_topics=total_topics)
+
+
+@bp.route("/todo/topics/")
+@login_required
+def topics():
+	qb    = QueryBuilder(request.args)
+	qb.setSortIfNone("date")
+	query = qb.buildTopicQuery()
+
+	tmp_q = ForumTopic.query
+	if not qb.show_discarded:
+		tmp_q = tmp_q.filter_by(discarded=False)
+	total = tmp_q.count()
+	topic_count = query.count()
+
+	page  = get_int_or_abort(request.args.get("page"), 1)
+	num   = get_int_or_abort(request.args.get("n"), 100)
+	if num > 100 and not current_user.rank.atLeast(UserRank.EDITOR):
+		num = 100
+
+	query = query.paginate(page, num, True)
+	next_url = url_for("todo.topics", page=query.next_num, query=qb.search, \
+	 	show_discarded=qb.show_discarded, n=num, sort=qb.order_by) \
+			if query.has_next else None
+	prev_url = url_for("todo.topics", page=query.prev_num, query=qb.search, \
+	 	show_discarded=qb.show_discarded, n=num, sort=qb.order_by) \
+			if query.has_prev else None
+
+	return render_template("todo/topics.html", topics=query.items, total=total, \
+			topic_count=topic_count, query=qb.search, show_discarded=qb.show_discarded, \
+			next_url=next_url, prev_url=prev_url, page=page, page_max=query.pages, \
+			n=num, sort_by=qb.order_by)

app/blueprints/users/__init__.py

@@ -0,0 +1,5 @@
+from flask import Blueprint
+
+bp = Blueprint("users", __name__)
+
+from . import githublogin, profile

app/blueprints/users/githublogin.py

@@ -21,15 +21,16 @@ from flask_login import login_user, logout_user
 from sqlalchemy import func
 import flask_menu as menu
 from flask_github import GitHub
-from app import app, github
+from . import bp
+from app import github
 from app.models import *
 from app.utils import loginUser
 
-@app.route("/user/github/start/")
-def github_signin_page():
+@bp.route("/user/github/start/")
+def github_signin():
 	return github.authorize("")
 
-@app.route("/user/github/callback/")
+@bp.route("/user/github/callback/")
 @github.authorized_handler
 def github_authorized(oauth_token):
 	next_url = request.args.get("next")
@@ -53,21 +54,21 @@ def github_authorized(oauth_token):
 			current_user.github_username = username
 			db.session.commit()
 			flash("Linked github to account", "success")
-			return redirect(url_for("home_page"))
+			return redirect(url_for("homepage.home"))
 		else:
 			flash("Github account is already associated with another user", "danger")
-			return redirect(url_for("home_page"))
+			return redirect(url_for("homepage.home"))
 
 	# If not logged in, log in
 	else:
 		if userByGithub is None:
 			flash("Unable to find an account for that Github user", "error")
-			return redirect(url_for("user_claim_page"))
+			return redirect(url_for("users.claim"))
 		elif loginUser(userByGithub):
 			if current_user.password is None:
-				return redirect(next_url or url_for("set_password_page", optional=True))
+				return redirect(next_url or url_for("users.set_password", optional=True))
 			else:
-				return redirect(next_url or url_for("home_page"))
+				return redirect(next_url or url_for("homepage.home"))
 		else:
 			flash("Authorization failed [err=gh-login-failed]", "danger")
 			return redirect(url_for("user.login"))

app/blueprints/users/profile.py

@@ -18,34 +18,35 @@
 from flask import *
 from flask_user import *
 from flask_login import login_user, logout_user
-from flask.ext import menu
-from app import app
+from app import markdown
+from . import bp
 from app.models import *
 from flask_wtf import FlaskForm
-from flask_user.forms import RegisterForm
 from wtforms import *
 from wtforms.validators import *
-from app.utils import rank_required, randomString, loginUser
+from app.utils import randomString, loginUser, rank_required
 from app.tasks.forumtasks import checkForumAccount
-from app.tasks.emails import sendVerifyEmail
+from app.tasks.emails import sendVerifyEmail, sendEmailRaw
 from app.tasks.phpbbparser import getProfile
 
 # Define the User profile form
 class UserProfileForm(FlaskForm):
 	display_name = StringField("Display name", [Optional(), Length(2, 20)])
-	email = StringField("Email", [Optional(), Email()])
+	email = StringField("Email", [Optional(), Email()], filters = [lambda x: x or None])
+	website_url = StringField("Website URL", [Optional(), URL()], filters = [lambda x: x or None])
+	donate_url = StringField("Donation URL", [Optional(), URL()], filters = [lambda x: x or None])
 	rank = SelectField("Rank", [Optional()], choices=UserRank.choices(), coerce=UserRank.coerce, default=UserRank.NEW_MEMBER)
 	submit = SubmitField("Save")
 
-@app.route("/users/", methods=["GET"])
-@login_required
-def user_list_page():
+
+@bp.route("/users/", methods=["GET"])
+def list_all():
 	users = User.query.order_by(db.desc(User.rank), db.asc(User.display_name)).all()
 	return render_template("users/list.html", users=users)
 
 
-@app.route("/users/<username>/", methods=["GET", "POST"])
-def user_profile_page(username):
+@bp.route("/users/<username>/", methods=["GET", "POST"])
+def profile(username):
 	user = User.query.filter_by(username=username).first()
 	if not user:
 		abort(404)
@@ -62,6 +63,8 @@ def user_profile_page(username):
 			# Copy form fields to user_profile fields
 			if user.checkPerm(current_user, Permission.CHANGE_DNAME):
 				user.display_name = form["display_name"].data
+				user.website_url  = form["website_url"].data
+				user.donate_url   = form["donate_url"].data
 
 			if user.checkPerm(current_user, Permission.CHANGE_RANK):
 				newRank = form["rank"].data
@@ -76,20 +79,20 @@ def user_profile_page(username):
 					token = randomString(32)
 
 					ver = UserEmailVerification()
-					ver.user = user
+					ver.user  = user
 					ver.token = token
 					ver.email = newEmail
 					db.session.add(ver)
 					db.session.commit()
 
 					task = sendVerifyEmail.delay(newEmail, token)
-					return redirect(url_for("check_task", id=task.id, r=url_for("user_profile_page", username=username)))
+					return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=username)))
 
 			# Save user_profile
 			db.session.commit()
 
 			# Redirect to home page
-			return redirect(url_for("user_profile_page", username=username))
+			return redirect(url_for("users.profile", username=username))
 
 	packages = user.packages.filter_by(soft_deleted=False)
 	if not current_user.is_authenticated or (user != current_user and not current_user.canAccessTodoList()):
@@ -105,18 +108,68 @@ def user_profile_page(username):
 					.all()
 
 	# Process GET or invalid POST
-	return render_template("users/user_profile_page.html",
+	return render_template("users/profile.html",
 			user=user, form=form, packages=packages, topics_to_add=topics_to_add)
 
+
+@bp.route("/users/<username>/check/", methods=["POST"])
+@login_required
+def user_check(username):
+	user = User.query.filter_by(username=username).first()
+	if user is None:
+		abort(404)
+
+	if current_user != user and not current_user.rank.atLeast(UserRank.MODERATOR):
+		abort(403)
+
+	if user.forums_username is None:
+		abort(404)
+
+	task = checkForumAccount.delay(user.forums_username)
+	next_url = url_for("users.profile", username=username)
+
+	return redirect(url_for("tasks.check", id=task.id, r=next_url))
+
+
+class SendEmailForm(FlaskForm):
+	subject = StringField("Subject", [InputRequired(), Length(1, 300)])
+	text    = TextAreaField("Message", [InputRequired()])
+	submit  = SubmitField("Send")
+
+
+@bp.route("/users/<username>/email/", methods=["GET", "POST"])
+@rank_required(UserRank.MODERATOR)
+def send_email(username):
+	user = User.query.filter_by(username=username).first()
+	if user is None:
+		abort(404)
+
+	next_url = url_for("users.profile", username=user.username)
+
+	if user.email is None:
+		flash("User has no email address!", "error")
+		return redirect(next_url)
+
+	form = SendEmailForm(request.form)
+	if form.validate_on_submit():
+		text = form.text.data
+		html = markdown(text)
+		task = sendEmailRaw.delay([user.email], form.subject.data, text, html)
+		return redirect(url_for("tasks.check", id=task.id, r=next_url))
+
+	return render_template("users/send_email.html", form=form)
+
+
+
 class SetPasswordForm(FlaskForm):
 	email = StringField("Email", [Optional(), Email()])
-	password = PasswordField("New password", [InputRequired(), Length(2, 20)])
-	password2 = PasswordField("Verify password", [InputRequired(), Length(2, 20)])
+	password = PasswordField("New password", [InputRequired(), Length(2, 100)])
+	password2 = PasswordField("Verify password", [InputRequired(), Length(2, 100)])
 	submit = SubmitField("Save")
 
-@app.route("/user/set-password/", methods=["GET", "POST"])
+@bp.route("/user/set-password/", methods=["GET", "POST"])
 @login_required
-def set_password_page():
+def set_password():
 	if current_user.password is not None:
 		return redirect(url_for("user.change_password"))
 
@@ -156,17 +209,17 @@ def set_password_page():
 				db.session.commit()
 
 				task = sendVerifyEmail.delay(newEmail, token)
-				return redirect(url_for("check_task", id=task.id, r=url_for("user_profile_page", username=current_user.username)))
+				return redirect(url_for("tasks.check", id=task.id, r=url_for("users.profile", username=current_user.username)))
 			else:
-				return redirect(url_for("user_profile_page", username=current_user.username))
+				return redirect(url_for("users.profile", username=current_user.username))
 		else:
 			flash("Passwords do not match", "error")
 
 	return render_template("users/set_password.html", form=form, optional=request.args.get("optional"))
 
 
-@app.route("/user/claim/", methods=["GET", "POST"])
-def user_claim_page():
+@bp.route("/user/claim/", methods=["GET", "POST"])
+def claim():
 	username = request.args.get("username")
 	if username is None:
 		username = ""
@@ -175,16 +228,16 @@ def user_claim_page():
 		user = User.query.filter_by(forums_username=username).first()
 		if user and user.rank.atLeast(UserRank.NEW_MEMBER):
 			flash("User has already been claimed", "error")
-			return redirect(url_for("user_claim_page"))
+			return redirect(url_for("users.claim"))
 		elif user is None and method == "github":
 			flash("Unable to get Github username for user", "error")
-			return redirect(url_for("user_claim_page"))
+			return redirect(url_for("users.claim"))
 		elif user is None:
 			flash("Unable to find that user", "error")
-			return redirect(url_for("user_claim_page"))
+			return redirect(url_for("users.claim"))
 
 		if user is not None and method == "github":
-			return redirect(url_for("github_signin_page"))
+			return redirect(url_for("users.github_signin"))
 
 	token = None
 	if "forum_token" in session:
@@ -201,12 +254,12 @@ def user_claim_page():
 			flash("Invalid username", "error")
 		elif ctype == "github":
 			task = checkForumAccount.delay(username)
-			return redirect(url_for("check_task", id=task.id, r=url_for("user_claim_page", username=username, method="github")))
+			return redirect(url_for("tasks.check", id=task.id, r=url_for("users.claim", username=username, method="github")))
 		elif ctype == "forum":
 			user = User.query.filter_by(forums_username=username).first()
 			if user is not None and user.rank.atLeast(UserRank.NEW_MEMBER):
 				flash("That user has already been claimed!", "error")
-				return redirect(url_for("user_claim_page"))
+				return redirect(url_for("users.claim"))
 
 			# Get signature
 			sig = None
@@ -215,7 +268,7 @@ def user_claim_page():
 				sig = profile.signature
 			except IOError:
 				flash("Unable to get forum signature - does the user exist?", "error")
-				return redirect(url_for("user_claim_page", username=username))
+				return redirect(url_for("users.claim", username=username))
 
 			# Look for key
 			if token in sig:
@@ -226,21 +279,21 @@ def user_claim_page():
 					db.session.commit()
 
 				if loginUser(user):
-					return redirect(url_for("set_password_page"))
+					return redirect(url_for("users.set_password"))
 				else:
 					flash("Unable to login as user", "error")
-					return redirect(url_for("user_claim_page", username=username))
+					return redirect(url_for("users.claim", username=username))
 
 			else:
 				flash("Could not find the key in your signature!", "error")
-				return redirect(url_for("user_claim_page", username=username))
+				return redirect(url_for("users.claim", username=username))
 		else:
 			flash("Unknown claim type", "error")
 
 	return render_template("users/claim.html", username=username, key=token)
 
-@app.route("/users/verify/")
-def verify_email_page():
+@bp.route("/users/verify/")
+def verify_email():
 	token = request.args.get("token")
 	ver = UserEmailVerification.query.filter_by(token=token).first()
 	if ver is None:
@@ -251,6 +304,6 @@ def verify_email_page():
 		db.session.commit()
 
 	if current_user.is_authenticated:
-		return redirect(url_for("user_profile_page", username=current_user.username))
+		return redirect(url_for("users.profile", username=current_user.username))
 	else:
-		return redirect(url_for("home_page"))
+		return redirect(url_for("homepage.home"))

app/flatpages/help.md

@@ -2,4 +2,5 @@ title: Help
 
 * [Package Tags](package_tags)
 * [Ranks and Permissions](ranks_permissions)
+* [Content Ratings and Flags](content_flags)
 * [Reporting Content](reporting)

app/flatpages/help/content_flags.md

@@ -0,0 +1,26 @@
+title: Content Flags
+
+Content flags allow you to hide content based on your preferences.
+The filtering is done server-side, which means that you don't need to update
+your client to use new flags.
+
+## Flags
+
+* `nonfree` - can be used to hide packages which do not qualify as
+	'free software', as defined by the Free Software Foundation.
+* A content rating, given below.
+
+
+## Ratings
+
+Content ratings aren't currently supported by ContentDB.
+Instead, mature content isn't allowed at all for now.
+
+In the future, more mature content will be allowed but labelled with
+content ratings which may contain the following:
+
+* android_default - meta-rating which includes gore and drugs.
+* desktop_default - meta-rating which won't include anything for now.
+* gore - more than just blood
+* drugs
+* swearing

app/flatpages/help/reporting.md

@@ -5,4 +5,4 @@ laws.
 
 We take copyright violation and other offenses very seriously.
 
-<a href="https://rubenwardy.com/contact/" class="button btn_green">Contact</a>
+<a href="https://rubenwardy.com/contact/" class="btn btn-success">Contact</a>

app/flatpages/help/wtfpl.md

@@ -1,7 +1,7 @@
 title: WTFPL is a terrible license
 no_h1: true
 
-<div id="warning" class="box box_grey alert alert-warning">
+<div id="warning" class="alert alert-warning">
 	<span class="icon_message"></span>
 
 	Please reconsider the choice of WTFPL as a license.

app/flatpages/policy_and_guidance.md

@@ -1,6 +1,6 @@
 title: Package Inclusion Policy and Guidance
 
-<div class="box box_grey alert alert-warning">
+<div class="alert alert-warning">
 	<b>Note:</b> This is a draft
 </div>
 
@@ -10,36 +10,45 @@ ContentDB is for the community, and as such listings should be useful to the
 community. To help with this, there are a few rules to improve the quality of
 the listings and to combat abuse.
 
-* No inappropriate content.
-* Content must be playable/useful, but not necessarily finished.
-* Don't use the name of another mod unless your mod is a fork or reimplementation.
-* Licenses must allow derivatives, redistribution, and must not discriminate.
-* Don't put promotions are advertisements in package listings, except for
-  donation and personal website links which are permitted in the long description.
+* No inappropriate content. <sup>2.1</sup>
+* Content must be playable/useful, but not necessarily finished. <sup>2.2</sup>
+* Don't use the name of another mod unless your mod is a fork or reimplementation. <sup>3</sup>
+* Licenses must allow derivatives, redistribution, and must not discriminate. <sup>4</sup>
+* Don't put promotions or advertisements in package listings, except for
+  donation and personal website links which are permitted in the
+  long description. <sup>5</sup>
+* The ContentDB admin reserves the right to remove packages for any reason,
+  including ones not covered by this document, and to ban users who abuse
+  this service. <sup>1</sup>
 
 
 ## 1. General
 
-It is not permitted to submit abusive, obscene, vulgar, slanderous, hateful,
-threatening, sexually-orientated or any material that may violate any laws be
-it of your country, the country where "Content DB” is hosted or International Law.
-
 The ContentDB admin reserves the right to remove packages for any reason,
 including ones not covered by this document, and to ban users who abuse this service.
 
 Also see the [help page on tags](/help/package_tags/).
 
 
-## 2. Accepted Content and State of Completion
+## 2. Accepted Content
+
+### 2.1. Acceptable Content
+
+Sexually-orientated content is not permitted.
+
+Mature content, including that relating to drugs, excessive gore, violence, or
+excessive horror, is not currently permitted - but will be in the future.
 
 The submission of malware is strictly prohibited. This includes software which
 does not do as it advertises, for example if it posts telemetry without stating
 clearly that it does in the package meta.
 
+### 2.2. State of Completion
+
 ContentDB should only currently contain playable content - content which is
 sufficiently complete to be useful to end users. It's fine to add stuff which
 is still a work in progress (WIP) as long as it adds sufficient value -
-Mineclone 2 is a good example of a WIP package which may break between releases
+MineClone 2 is a good example of a WIP package which may break between releases
 but still has value. Note that this doesn't mean that you should add a thing
 you started working on yesterday, it's worth adding all the basic stuff to
 make your package useful.
@@ -116,15 +125,15 @@ Public domain is not a valid license in many countries, please use CC0 or MIT in
 
 ## 5. Promotions and Advertisements (inc. asking for donations)
 
-Any information other than the long description - including screenshots - must
-not contain any promotions or advertisements. This includes asking for donations,
-promoting online shops, or linking to personal websites and social media.
+You may note place any promotions or advertisements in any meta data including
+screensthos. This includes asking for donations, promoting online shops,
+or linking to personal websites and social media. Please instead use the
+fields provided on your user profile page to place links to websites and
+donation pages.
 
 ContentDB is for the community. We may remove any promotions if we feel that
 they're inappropriate.
 
-Paid promotions are not allowed at all, anywhere.
-
 
 ## 6. Reporting Violations
 

app/models.py

@@ -15,19 +15,29 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 
-from flask import Flask, url_for
-from flask_sqlalchemy import SQLAlchemy
-from flask_migrate import Migrate
+import enum, datetime
+
+from app import app, gravatar
 from urllib.parse import urlparse
-from app import app
-from datetime import datetime
-from sqlalchemy.orm import validates
+
+from flask import Flask, url_for
+from flask_sqlalchemy import SQLAlchemy, BaseQuery
+from flask_migrate import Migrate
 from flask_user import login_required, UserManager, UserMixin, SQLAlchemyAdapter
-import enum
+from sqlalchemy.orm import validates
+from sqlalchemy_searchable import SearchQueryMixin
+from sqlalchemy_utils.types import TSVectorType
+from sqlalchemy_searchable import make_searchable
+
 
 # Initialise database
 db = SQLAlchemy(app)
 migrate = Migrate(app, db)
+make_searchable(db.metadata)
+
+
+class ArticleQuery(BaseQuery, SearchQueryMixin):
+	pass
 
 
 class UserRank(enum.Enum):
@@ -66,6 +76,7 @@ class Permission(enum.Enum):
 	APPROVE_CHANGES    = "APPROVE_CHANGES"
 	DELETE_PACKAGE     = "DELETE_PACKAGE"
 	CHANGE_AUTHOR      = "CHANGE_AUTHOR"
+	CHANGE_NAME        = "CHANGE_NAME"
 	MAKE_RELEASE       = "MAKE_RELEASE"
 	ADD_SCREENSHOTS    = "ADD_SCREENSHOTS"
 	APPROVE_SCREENSHOT = "APPROVE_SCREENSHOT"
@@ -78,6 +89,8 @@ class Permission(enum.Enum):
 	EDIT_EDITREQUEST   = "EDIT_EDITREQUEST"
 	SEE_THREAD         = "SEE_THREAD"
 	CREATE_THREAD      = "CREATE_THREAD"
+	UNAPPROVE_PACKAGE  = "UNAPPROVE_PACKAGE"
+	TOPIC_DISCARD      = "TOPIC_DISCARD"
 
 	# Only return true if the permission is valid for *all* contexts
 	# See Package.checkPerm for package-specific contexts
@@ -95,26 +108,31 @@ class Permission(enum.Enum):
 			raise Exception("Non-global permission checked globally. Use Package.checkPerm or User.checkPerm instead.")
 
 class User(db.Model, UserMixin):
-	id = db.Column(db.Integer, primary_key=True)
+	id           = db.Column(db.Integer, primary_key=True)
 
 	# User authentication information
-	username = db.Column(db.String(50, collation="NOCASE"), nullable=False, unique=True, index=True)
-	password = db.Column(db.String(255), nullable=True)
+	username     = db.Column(db.String(50, collation="NOCASE"), nullable=False, unique=True, index=True)
+	password     = db.Column(db.String(255), nullable=True)
 	reset_password_token = db.Column(db.String(100), nullable=False, server_default="")
 
-	rank = db.Column(db.Enum(UserRank))
+	rank         = db.Column(db.Enum(UserRank))
 
 	# Account linking
 	github_username = db.Column(db.String(50, collation="NOCASE"), nullable=True, unique=True)
 	forums_username = db.Column(db.String(50, collation="NOCASE"), nullable=True, unique=True)
 
 	# User email information
-	email = db.Column(db.String(255), nullable=True, unique=True)
-	confirmed_at = db.Column(db.DateTime())
+	email         = db.Column(db.String(255), nullable=True, unique=True)
+	confirmed_at  = db.Column(db.DateTime())
 
 	# User information
-	active = db.Column("is_active", db.Boolean, nullable=False, server_default="0")
-	display_name = db.Column(db.String(100), nullable=False, server_default="")
+	profile_pic   = db.Column(db.String(255), nullable=True, server_default=None)
+	active        = db.Column("is_active", db.Boolean, nullable=False, server_default="0")
+	display_name  = db.Column(db.String(100), nullable=False, server_default="")
+
+	# Links
+	website_url   = db.Column(db.String(255), nullable=True, default=None)
+	donate_url    = db.Column(db.String(255), nullable=True, default=None)
 
 	# Content
 	notifications = db.relationship("Notification", primaryjoin="User.id==Notification.user_id")
@@ -126,8 +144,6 @@ class User(db.Model, UserMixin):
 	replies       = db.relationship("ThreadReply", backref="author", lazy="dynamic")
 
 	def __init__(self, username, active=False, email=None, password=None):
-		import datetime
-
 		self.username = username
 		self.confirmed_at = datetime.datetime.now() - datetime.timedelta(days=6000)
 		self.display_name = username
@@ -144,6 +160,12 @@ class User(db.Model, UserMixin):
 	def isClaimed(self):
 		return self.rank.atLeast(UserRank.NEW_MEMBER)
 
+	def getProfilePicURL(self):
+		if self.profile_pic:
+			return self.profile_pic
+		else:
+			return gravatar(self.email or "")
+
 	def checkPerm(self, user, perm):
 		if not user.is_authenticated:
 			return False
@@ -163,6 +185,16 @@ class User(db.Model, UserMixin):
 		else:
 			raise Exception("Permission {} is not related to users".format(perm.name))
 
+	def canCommentRL(self):
+		hour_ago = datetime.datetime.utcnow() - datetime.timedelta(hours=1)
+		return ThreadReply.query.filter_by(author=self) \
+			.filter(ThreadReply.created_at > hour_ago).count() < 4
+
+	def canOpenThreadRL(self):
+		hour_ago = datetime.datetime.utcnow() - datetime.timedelta(hours=1)
+		return Thread.query.filter_by(author=self) \
+			.filter(Thread.created_at > hour_ago).count() < 2
+
 class UserEmailVerification(db.Model):
 	id      = db.Column(db.Integer, primary_key=True)
 	user_id = db.Column(db.Integer, db.ForeignKey("user.id"))
@@ -181,6 +213,9 @@ class Notification(db.Model):
 	url       = db.Column(db.String(200), nullable=True)
 
 	def __init__(self, us, cau, titl, ur):
+		if len(titl) > 100:
+			title = title[:99] + "…"
+
 		self.user   = us
 		self.causer = cau
 		self.title  = titl
@@ -230,7 +265,7 @@ class PackageType(enum.Enum):
 class PackagePropertyKey(enum.Enum):
 	name          = "Name"
 	title         = "Title"
-	shortDesc     = "Short Description"
+	short_desc     = "Short Description"
 	desc          = "Description"
 	type          = "Type"
 	license       = "License"
@@ -327,18 +362,21 @@ class Dependency(db.Model):
 		return retval
 
 
-
 class Package(db.Model):
+	query_class  = ArticleQuery
+
 	id           = db.Column(db.Integer, primary_key=True)
 
 	# Basic details
 	author_id    = db.Column(db.Integer, db.ForeignKey("user.id"))
 	name         = db.Column(db.String(100), nullable=False)
-	title        = db.Column(db.String(100), nullable=False)
-	shortDesc    = db.Column(db.String(200), nullable=False)
-	desc         = db.Column(db.Text, nullable=True)
+	title        = db.Column(db.Unicode(100), nullable=False)
+	short_desc   = db.Column(db.Unicode(200), nullable=False)
+	desc         = db.Column(db.UnicodeText, nullable=True)
 	type         = db.Column(db.Enum(PackageType))
-	created_at   = db.Column(db.DateTime, nullable=False, default=datetime.utcnow)
+	created_at   = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow)
+
+	search_vector = db.Column(TSVectorType("title", "short_desc", "desc"))
 
 	license_id   = db.Column(db.Integer, db.ForeignKey("license.id"), nullable=False, default=1)
 	license      = db.relationship("License", foreign_keys=[license_id])
@@ -360,7 +398,7 @@ class Package(db.Model):
 	forums       = db.Column(db.Integer,     nullable=True)
 
 	provides = db.relationship("MetaPackage", secondary=provides, lazy="subquery",
-			backref=db.backref("packages", lazy="dynamic"))
+			backref=db.backref("packages", lazy="dynamic", order_by=db.desc("score")))
 
 	dependencies = db.relationship("Dependency", backref="depender", lazy="dynamic", foreign_keys=[Dependency.depender_id])
 
@@ -371,7 +409,7 @@ class Package(db.Model):
 			lazy="dynamic", order_by=db.desc("package_release_releaseDate"))
 
 	screenshots = db.relationship("PackageScreenshot", backref="package",
-			lazy="dynamic")
+			lazy="dynamic", order_by=db.asc("package_screenshot_id"))
 
 	requests = db.relationship("EditRequest", backref="package",
 			lazy="dynamic")
@@ -387,26 +425,51 @@ class Package(db.Model):
 		for e in PackagePropertyKey:
 			setattr(self, e.name, getattr(package, e.name))
 
-	def getAsDictionaryShort(self, base_url):
-		tnurl = self.getThumbnailURL()
+	def getState(self):
+		if self.approved:
+			return "approved"
+		elif self.review_thread_id:
+			return "thread"
+		elif (self.type == PackageType.GAME or \
+					self.type == PackageType.TXP) and \
+				self.screenshots.count() == 0:
+			return "wip"
+		elif not self.getDownloadRelease():
+			return "wip"
+		elif "Other" in self.license.name or "Other" in self.media_license.name:
+			return "license"
+		else:
+			return "ready"
+
+	def getAsDictionaryKey(self):
+		return {
+			"name": self.name,
+			"author": self.author.display_name,
+			"type": self.type.toName(),
+		}
+
+	def getAsDictionaryShort(self, base_url, version=None, protonum=None):
+		tnurl = self.getThumbnailURL(1)
+		release = self.getDownloadRelease(version=version, protonum=protonum)
 		return {
 			"name": self.name,
 			"title": self.title,
 			"author": self.author.display_name,
-			"short_description": self.shortDesc,
+			"short_description": self.short_desc,
 			"type": self.type.toName(),
-			"release": self.getDownloadRelease().id if self.getDownloadRelease() is not None else None,
+			"release": release and release.id,
 			"thumbnail": (base_url + tnurl) if tnurl is not None else None,
 			"score": round(self.score * 10) / 10
 		}
 
-	def getAsDictionary(self, base_url):
-		tnurl = self.getThumbnailURL()
+	def getAsDictionary(self, base_url, version=None, protonum=None):
+		tnurl = self.getThumbnailURL(1)
+		release = self.getDownloadRelease(version=version, protonum=protonum)
 		return {
 			"author": self.author.display_name,
 			"name": self.name,
 			"title": self.title,
-			"short_description": self.shortDesc,
+			"short_description": self.short_desc,
 			"desc": self.desc,
 			"type": self.type.toName(),
 			"created_at": self.created_at,
@@ -424,58 +487,78 @@ class Package(db.Model):
 			"screenshots": [base_url + ss.url for ss in self.screenshots],
 
 			"url": base_url + self.getDownloadURL(),
-			"release": self.getDownloadRelease().id if self.getDownloadRelease() is not None else None,
+			"release": release and release.id,
 
 			"score": round(self.score * 10) / 10
 		}
 
-	def getThumbnailURL(self):
-		screenshot = self.screenshots.filter_by(approved=True).first()
-		return screenshot.getThumbnailURL() if screenshot is not None else None
+	def getThumbnailURL(self, level=2):
+		screenshot = self.screenshots.filter_by(approved=True).order_by(db.asc(PackageScreenshot.id)).first()
+		return screenshot.getThumbnailURL(level) if screenshot is not None else None
 
 	def getMainScreenshotURL(self):
-		screenshot = self.screenshots.filter_by(approved=True).first()
+		screenshot = self.screenshots.filter_by(approved=True).order_by(db.asc(PackageScreenshot.id)).first()
 		return screenshot.url if screenshot is not None else None
 
 	def getDetailsURL(self):
-		return url_for("package_page",
+		return url_for("packages.view",
 				author=self.author.username, name=self.name)
 
 	def getEditURL(self):
-		return url_for("create_edit_package_page",
+		return url_for("packages.create_edit",
 				author=self.author.username, name=self.name)
 
 	def getApproveURL(self):
-		return url_for("approve_package_page",
+		return url_for("packages.approve",
 				author=self.author.username, name=self.name)
 
-	def getDeleteURL(self):
-		return url_for("delete_package_page",
+	def getRemoveURL(self):
+		return url_for("packages.remove",
 				author=self.author.username, name=self.name)
 
 	def getNewScreenshotURL(self):
-		return url_for("create_screenshot_page",
+		return url_for("packages.create_screenshot",
 				author=self.author.username, name=self.name)
 
 	def getCreateReleaseURL(self):
-		return url_for("create_release_page",
+		return url_for("packages.create_release",
 				author=self.author.username, name=self.name)
 
 	def getCreateEditRequestURL(self):
 		return url_for("create_edit_editrequest_page",
 				author=self.author.username, name=self.name)
 
+	def getBulkReleaseURL(self):
+		return url_for("packages.bulk_change_release",
+			author=self.author.username, name=self.name)
+
 	def getDownloadURL(self):
-		return url_for("package_download_page",
+		return url_for("packages.download",
 				author=self.author.username, name=self.name)
 
-	def getDownloadRelease(self):
+	def getDownloadRelease(self, version=None, protonum=None):
+		if version is None and protonum is not None:
+			version = MinetestRelease.query.filter(MinetestRelease.protocol >= int(protonum)).first()
+			if version is not None:
+				version = version.id
+			else:
+				version = 10000000
+
+
 		for rel in self.releases:
-			if rel.approved:
+			if rel.approved and (version is None or
+					((rel.min_rel is None or rel.min_rel_id <= version) and \
+					(rel.max_rel is None or rel.max_rel_id >= version))):
 				return rel
 
 		return None
 
+	def getDownloadCount(self):
+		counter = 0
+		for release in self.releases:
+			counter += release.downloads
+		return counter
+
 	def checkPerm(self, user, perm):
 		if not user.is_authenticated:
 			return False
@@ -487,8 +570,11 @@ class Package(db.Model):
 
 		isOwner = user == self.author
 
+		if perm == Permission.CREATE_THREAD:
+			return user.rank.atLeast(UserRank.MEMBER)
+
 		# Members can edit their own packages, and editors can edit any packages
-		if perm == Permission.MAKE_RELEASE or perm == Permission.ADD_SCREENSHOTS or perm == Permission.CREATE_THREAD:
+		if perm == Permission.MAKE_RELEASE or perm == Permission.ADD_SCREENSHOTS:
 			return isOwner or user.rank.atLeast(UserRank.EDITOR)
 
 		if perm == Permission.EDIT_PACKAGE or perm == Permission.APPROVE_CHANGES:
@@ -497,6 +583,10 @@ class Package(db.Model):
 			else:
 				return user.rank.atLeast(UserRank.EDITOR)
 
+		# Anyone can change the package name when not approved, but only editors when approved
+		elif perm == Permission.CHANGE_NAME:
+			return not self.approved or user.rank.atLeast(UserRank.EDITOR)
+
 		# Editors can change authors and approve new packages
 		elif perm == Permission.APPROVE_NEW or perm == Permission.CHANGE_AUTHOR:
 			return user.rank.atLeast(UserRank.EDITOR)
@@ -505,15 +595,14 @@ class Package(db.Model):
 			return user.rank.atLeast(UserRank.TRUSTED_MEMBER if isOwner else UserRank.EDITOR)
 
 		# Moderators can delete packages
-		elif perm == Permission.DELETE_PACKAGE or perm == Permission.CHANGE_RELEASE_URL:
+		elif perm == Permission.DELETE_PACKAGE or perm == Permission.UNAPPROVE_PACKAGE \
+				or perm == Permission.CHANGE_RELEASE_URL:
 			return user.rank.atLeast(UserRank.MODERATOR)
 
 		else:
 			raise Exception("Permission {} is not related to packages".format(perm.name))
 
 	def recalcScore(self):
-		import datetime
-
 		self.score = 10
 
 		if self.forums is not None:
@@ -594,33 +683,63 @@ class Tag(db.Model):
 		regex = re.compile("[^a-z_]")
 		self.name = regex.sub("", self.title.lower().replace(" ", "_"))
 
+
+class MinetestRelease(db.Model):
+	id       = db.Column(db.Integer, primary_key=True)
+	name     = db.Column(db.String(100), unique=True, nullable=False)
+	protocol = db.Column(db.Integer, nullable=False, default=0)
+
+	def __init__(self, name=None):
+		self.name = name
+
+	def getActual(self):
+		return None if self.name == "None" else self
+
+
 class PackageRelease(db.Model):
 	id           = db.Column(db.Integer, primary_key=True)
 
 	package_id   = db.Column(db.Integer, db.ForeignKey("package.id"))
 	title        = db.Column(db.String(100), nullable=False)
-	releaseDate  = db.Column(db.DateTime,        nullable=False)
+	releaseDate  = db.Column(db.DateTime,    nullable=False)
 	url          = db.Column(db.String(200), nullable=False)
 	approved     = db.Column(db.Boolean, nullable=False, default=False)
 	task_id      = db.Column(db.String(37), nullable=True)
 	commit_hash  = db.Column(db.String(41), nullable=True, default=None)
+	downloads    = db.Column(db.Integer, nullable=False, default=0)
+
+	min_rel_id = db.Column(db.Integer, db.ForeignKey("minetest_release.id"), nullable=True, server_default=None)
+	min_rel    = db.relationship("MinetestRelease", foreign_keys=[min_rel_id])
+
+	max_rel_id = db.Column(db.Integer, db.ForeignKey("minetest_release.id"), nullable=True, server_default=None)
+	max_rel    = db.relationship("MinetestRelease", foreign_keys=[max_rel_id])
 
 
 	def getEditURL(self):
-		return url_for("edit_release_page",
+		return url_for("packages.edit_release",
 				author=self.package.author.username,
 				name=self.package.name,
 				id=self.id)
 
 	def getDownloadURL(self):
-		return url_for("download_release_page",
+		return url_for("packages.download_release",
 				author=self.package.author.username,
 				name=self.package.name,
 				id=self.id)
 
 
 	def __init__(self):
-		self.releaseDate = datetime.now()
+		self.releaseDate = datetime.datetime.now()
+
+	def approve(self, user):
+		if self.package.approved and \
+				not self.package.checkPerm(user, Permission.APPROVE_RELEASE):
+			return False
+
+		assert(self.task_id is None and self.url is not None and self.url != "")
+
+		self.approved = True
+		return True
 
 
 class PackageReview(db.Model):
@@ -639,13 +758,15 @@ class PackageScreenshot(db.Model):
 
 
 	def getEditURL(self):
-		return url_for("edit_screenshot_page",
+		return url_for("packages.edit_screenshot",
 				author=self.package.author.username,
 				name=self.package.name,
 				id=self.id)
 
-	def getThumbnailURL(self):
-		return self.url.replace("/uploads/", "/thumbnails/350x233/")
+	def getThumbnailURL(self, level=2):
+		return self.url.replace("/uploads/", ("/thumbnails/{:d}/").format(level))
+
+
 
 class EditRequest(db.Model):
 	id           = db.Column(db.Integer, primary_key=True)
@@ -750,7 +871,7 @@ class Thread(db.Model):
 	title      = db.Column(db.String(100), nullable=False)
 	private    = db.Column(db.Boolean, server_default="0")
 
-	created_at = db.Column(db.DateTime, nullable=False, default=datetime.utcnow)
+	created_at = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow)
 
 	replies    = db.relationship("ThreadReply", backref="thread", lazy="dynamic")
 
@@ -759,11 +880,11 @@ class Thread(db.Model):
 
 
 	def getSubscribeURL(self):
-		return url_for("thread_subscribe_page",
+		return url_for("threads.subscribe",
 				id=self.id)
 
 	def getUnsubscribeURL(self):
-		return url_for("thread_unsubscribe_page",
+		return url_for("threads.unsubscribe",
 				id=self.id)
 
 	def checkPerm(self, user, perm):
@@ -788,7 +909,7 @@ class ThreadReply(db.Model):
 	thread_id  = db.Column(db.Integer, db.ForeignKey("thread.id"), nullable=False)
 	comment    = db.Column(db.String(500), nullable=False)
 	author_id  = db.Column(db.Integer, db.ForeignKey("user.id"), nullable=False)
-	created_at = db.Column(db.DateTime, nullable=False, default=datetime.utcnow)
+	created_at = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow)
 
 
 REPO_BLACKLIST = [".zip", "mediafire.com", "dropbox.com", "weebly.com", \
@@ -802,6 +923,7 @@ class ForumTopic(db.Model):
 	author    = db.relationship("User")
 
 	wip       = db.Column(db.Boolean, server_default="0")
+	discarded = db.Column(db.Boolean, server_default="0")
 
 	type      = db.Column(db.Enum(PackageType), nullable=False)
 	title     = db.Column(db.String(200), nullable=False)
@@ -811,7 +933,7 @@ class ForumTopic(db.Model):
 	posts     = db.Column(db.Integer, nullable=False)
 	views     = db.Column(db.Integer, nullable=False)
 
-	created_at = db.Column(db.DateTime, nullable=False, default=datetime.utcnow)
+	created_at = db.Column(db.DateTime, nullable=False, default=datetime.datetime.utcnow)
 
 	def getRepoURL(self):
 		if self.link is None:
@@ -834,9 +956,25 @@ class ForumTopic(db.Model):
 			"posts":  self.posts,
 			"views":  self.views,
 			"is_wip": self.wip,
+			"discarded":  self.discarded,
 			"created_at": self.created_at.isoformat(),
 		}
 
+	def checkPerm(self, user, perm):
+		if not user.is_authenticated:
+			return False
+
+		if type(perm) == str:
+			perm = Permission[perm]
+		elif type(perm) != Permission:
+			raise Exception("Unknown permission given to ForumTopic.checkPerm()")
+
+		if perm == Permission.TOPIC_DISCARD:
+			return self.author == user or user.rank.atLeast(UserRank.EDITOR)
+
+		else:
+			raise Exception("Permission {} is not related to topics".format(perm.name))
+
 
 # Setup Flask-User
 db_adapter = SQLAlchemyAdapter(db, User)        # Register the User model

app/public/static/opensearch.xml

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<OpenSearchDescription xmlns="http://a9.com/-/spec/opensearch/1.1/">
+	<ShortName>ContentDB</ShortName>
+	<LongName>ContentDB</LongName>
+	<InputEncoding>UTF-8</InputEncoding>
+	<Description>Search mods, games, and textures for Minetest.</Description>
+	<Tags>Minetest Mod Game Subgame Search</Tags>
+	<Url type="text/html" method="get" template="https://content.minetest.net/packages?q={searchTerms}"/>
+</OpenSearchDescription>

app/public/static/package_create.js

@@ -20,41 +20,38 @@ $(function() {
 			$(".pkg_wiz_2").show()
 			$(".pkg_repo").hide()
 
-			function setSpecial(id, value) {
-				if (value != "") {
+			function setField(id, value) {
+				if (value && value != "") {
 					var ele = $(id);
 					ele.val(value);
-					ele.trigger("change")
+					ele.trigger("change");
 				}
 			}
 
 			performTask("/tasks/getmeta/new/?url=" + encodeURI(repoURL)).then(function(result) {
-				$("#name").val(result.name)
-				setSpecial("#provides_str", result.provides)
-				$("#title").val(result.title)
-				$("#repo").val(result.repo || repoURL)
-				$("#issueTracker").val(result.issueTracker)
-				$("#desc").val(result.description)
-				$("#shortDesc").val(result.short_description)
-				setSpecial("#harddep_str", result.depends)
-				setSpecial("#softdep_str", result.optional_depends)
-				$("#shortDesc").val(result.short_description)
-				if (result.forumId) {
-					$("#forums").val(result.forumId)
-				}
-
+				setField("#name", result.name);
+				setField("#provides_str", result.provides);
+				setField("#title", result.title);
+				setField("#repo", result.repo || repoURL);
+				setField("#issueTracker", result.issueTracker);
+				setField("#desc", result.description);
+				setField("#short_desc", result.short_description);
+				setField("#harddep_str", result.depends);
+				setField("#softdep_str", result.optional_depends);
+				setField("#short_desc", result.short_description);
+				setField("#forums", result.forumId);
 				if (result.type && result.type.length > 2) {
-					$("#type").val(result.type)
+					$("#type").val(result.type);
 				}
 
-				finish()
+				finish();
 			}).catch(function(e) {
-				alert(e)
-				$(".pkg_wiz_1").show()
-				$(".pkg_wiz_2").hide()
-				$(".pkg_repo").show()
+				alert(e);
+				$(".pkg_wiz_1").show();
+				$(".pkg_wiz_2").hide();
+				$(".pkg_repo").show();
 				// finish()
-			})
+			});
 		} else {
 			finish()
 		}

app/public/static/package_edit.js

@@ -8,4 +8,57 @@ $(function() {
 	})
 	$(".not_mod, .not_game, .not_txp").show()
 	$(".not_" + $("#type").val().toLowerCase()).hide()
+
+	$("#forums").on('paste', function(e) {
+		try {
+			var pasteData = e.originalEvent.clipboardData.getData('text')
+			var url = new URL(pasteData);
+			if (url.hostname == "forum.minetest.net") {
+				$(this).val(url.searchParams.get("t"));
+				e.preventDefault();
+			}
+		} catch (e) {
+			console.log("Not a URL");
+		}
+	});
+
+	let hint = null;
+	function showHint(ele, text) {
+		if (hint) {
+			hint.remove();
+		}
+
+		hint = ele.parent()
+				.append(`<div class="alert alert-warning my-3">${text}</div>`)
+				.find(".alert");
+	}
+
+	let hint_mtmods = `Tip:
+		Don't include <i>Minetest</i>, <i>mod</i>, or <i>modpack</i> anywhere in the short description.
+		It is unnecessary and wastes characters.`;
+
+	let hint_thegame = `Tip:
+		It's obvious that this adds something to Minetest,
+		there's no need to use phrases such as \"adds X to the game\".`
+
+	$("#short_desc").on("change paste keyup", function() {
+		var val = $(this).val().toLowerCase();
+		if (val.indexOf("minetest") >= 0 || val.indexOf("mod") >= 0 ||
+				val.indexOf("modpack") >= 0 || val.indexOf("mod pack") >= 0) {
+			showHint($(this), hint_mtmods);
+		} else if (val.indexOf("the game") >= 0) {
+			showHint($(this), hint_thegame);
+		} else if (hint) {
+			hint.remove();
+			hint = null;
+		}
+	})
+
+	var btn = $("#forums").parent().find("label").append("<a class='ml-3 btn btn-sm btn-primary'>Open</a>");
+	btn.click(function() {
+		var id = $("#forums").val();
+		if (/^\d+$/.test(id)) {
+			window.open("https://forum.minetest.net/viewtopic.php?t=" + id, "_blank");
+		}
+	});
 })

app/public/static/release_minmax.js

@@ -0,0 +1,18 @@
+var min = $("#min_rel");
+var max = $("#max_rel");
+var none = $("#min_rel option:first-child").attr("value");
+var warning = $("#minmax_warning");
+
+function ver_check() {
+	var minv = min.val();
+	var maxv = max.val();
+
+	if (minv != none && maxv != none && minv > maxv) {
+		warning.show();
+	} else {
+		warning.hide();
+	}
+}
+
+min.change(ver_check);
+max.change(ver_check);

app/public/static/tagselector.js

@@ -5,13 +5,25 @@
  * https://petprojects.googlecode.com/svn/trunk/GPL-LICENSE.txt
  */
 (function($) {
+	function hide_error(input) {
+		var err = input.parent().parent().find(".invalid-remaining");
+		err.hide();
+	}
+
+	function show_error(input, msg) {
+		var err = input.parent().parent().find(".invalid-remaining");
+		console.log(err.length);
+		err.text(msg);
+		err.show();
+	}
+
 	$.fn.selectSelector = function(source, name, select) {
 		return this.each(function() {
 				var selector = $(this),
 					input = $('input[type=text]', this);
 
 				selector.click(function() { input.focus(); })
-					.delegate('.tag a', 'click', function() {
+					.delegate('.badge a', 'click', function() {
 						var id = $(this).parent().data("id");
 						for (var i = 0; i < source.length; i++) {
 							if (source[i].id == id) {
@@ -23,13 +35,14 @@
 					});
 
 				function addTag(item) {
-					var tag = $('<span class="tag"/>')
+					var tag = $('<span class="badge badge-pill badge-primary"/>')
 						.text(item.toString() + ' ')
 						.data("id", item.id)
 						.append('<a>x</a>')
 						.insertBefore(input);
 					input.attr("placeholder", null);
 					select.find("option[value=" + item.id + "]").attr("selected", "selected")
+					hide_error(input);
 				}
 
 				function recreate() {
@@ -42,6 +55,13 @@
 				}
 				recreate();
 
+				input.focusout(function(e) {
+					var value = input.val().trim()
+					if (value != "") {
+						show_error(input, "Please select an existing tag, it;s not possible to add custom ones.");
+					}
+				})
+
 				input.keydown(function(e) {
 						if (e.keyCode === $.ui.keyCode.TAB && $(this).data('ui-autocomplete').menu.active)
 							e.preventDefault();
@@ -92,7 +112,7 @@
 				}
 
 				selector.click(function() { input.focus(); })
-					.delegate('.tag a', 'click', function() {
+					.delegate('.badge a', 'click', function() {
 						var id = $(this).parent().data("id");
 						for (var i = 0; i < selected.length; i++) {
 							if (selected[i] == id) {
@@ -113,13 +133,14 @@
 				}
 
 				function addTag(id, value) {
-					var tag = $('<span class="tag"/>')
+					var tag = $('<span class="badge badge-pill badge-primary"/>')
 						.text(value)
 						.data("id", id)
 						.append(' <a>x</a>')
 						.insertBefore(input);
 
 					input.attr("placeholder", null);
+					hide_error(input);
 				}
 
 				function recreate() {
@@ -147,6 +168,18 @@
 
 				result.change(readFromResult);
 
+				input.focusout(function() {
+					var item = input.val();
+					if (item.length == 0) {
+						input.data("ui-autocomplete").search("");
+					} else if (item.match(/^([a-z0-9_]+)$/)) {
+						selectItem(item);
+						recreate();
+						input.val("");
+					}
+					return true;
+				});
+
 				input.keydown(function(e) {
 						if (e.keyCode === $.ui.keyCode.TAB && $(this).data('ui-autocomplete').menu.active)
 							e.preventDefault();
@@ -159,7 +192,7 @@
 								recreate();
 								input.val("");
 							} else {
-								alert("Only lowercase alphanumeric and number names allowed.");
+								show_error(input, "Only lowercase alphanumeric and number names allowed.");
 							}
 							e.preventDefault();
 							return true;

app/public/static/topic_discard.js

@@ -0,0 +1,29 @@
+$(".topic-discard").click(function() {
+	var ele = $(this);
+	var tid = ele.attr("data-tid");
+	var discard = !ele.parent().parent().hasClass("discardtopic");
+	fetch(new Request("/api/topic_discard/?tid=" + tid +
+			"&discard=" + (discard ? "true" : "false"), {
+		method: "post",
+		credentials: "same-origin",
+		headers: {
+			"Accept": "application/json",
+			"X-CSRFToken": csrf_token,
+		},
+	})).then(function(response) {
+		response.text().then(function(txt) {
+			console.log(JSON.parse(txt));
+			if (JSON.parse(txt).discarded) {
+				ele.parent().parent().addClass("discardtopic");
+				ele.removeClass("btn-danger");
+				ele.addClass("btn-success");
+				ele.text("Show");
+			} else {
+				ele.parent().parent().removeClass("discardtopic");
+				ele.removeClass("btn-success");
+				ele.addClass("btn-danger");
+				ele.text("Discard");
+			}
+		}).catch(console.log)
+	}).catch(console.log)
+});

app/querybuilder.py

@@ -0,0 +1,130 @@
+from .models import db, PackageType, Package, ForumTopic, License, MinetestRelease, PackageRelease
+from .utils import isNo, isYes
+from sqlalchemy.sql.expression import func
+from flask import abort
+from sqlalchemy import or_
+
+class QueryBuilder:
+	title  = None
+	types  = None
+	search = None
+
+	def __init__(self, args):
+		title = "Packages"
+
+		# Get request types
+		types = args.getlist("type")
+		types = [PackageType.get(tname) for tname in types]
+		types = [type for type in types if type is not None]
+		if len(types) > 0:
+			title = ", ".join([type.value + "s" for type in types])
+
+		hide_flags = args.getlist("hide")
+
+		self.title  = title
+		self.types  = types
+		self.search = args.get("q")
+		self.random = "random" in args
+		self.lucky  = self.random or "lucky" in args
+		self.hide_nonfree = "nonfree" in hide_flags
+		self.limit  = 1 if self.lucky else None
+		self.order_by  = args.get("sort")
+		self.order_dir = args.get("order") or "desc"
+		self.protocol_version = args.get("protocol_version")
+
+		self.show_discarded = isYes(args.get("show_discarded"))
+		self.show_added = args.get("show_added")
+		if self.show_added is not None:
+			self.show_added = isYes(self.show_added)
+
+		if self.search is not None and self.search.strip() == "":
+			self.search = None
+
+	def setSortIfNone(self, name):
+		if self.order_by is None:
+			self.order_by = name
+
+	def getMinetestVersion(self):
+		if not self.protocol_version:
+			return None
+
+		self.protocol_version = int(self.protocol_version)
+		version = MinetestRelease.query.filter(MinetestRelease.protocol>=self.protocol_version).first()
+		if version is not None:
+			return version.id
+		else:
+			return 10000000
+
+	def buildPackageQuery(self):
+		query = Package.query.filter_by(soft_deleted=False, approved=True)
+
+		if len(self.types) > 0:
+			query = query.filter(Package.type.in_(self.types))
+
+		if self.search:
+			query = query.search(self.search)
+
+		if self.random:
+			query = query.order_by(func.random())
+		else:
+			to_order = None
+			if self.order_by is None or self.order_by == "score":
+				to_order = Package.score
+			elif self.order_by == "created_at":
+				to_order = Package.created_at
+			else:
+				abort(400)
+
+			if self.order_dir == "asc":
+				to_order = db.asc(to_order)
+			elif self.order_dir == "desc":
+				to_order = db.desc(to_order)
+			else:
+				abort(400)
+
+			query = query.order_by(to_order)
+
+		if self.hide_nonfree:
+			query = query.filter(Package.license.has(License.is_foss == True))
+			query = query.filter(Package.media_license.has(License.is_foss == True))
+
+		if self.protocol_version:
+			version = self.getMinetestVersion()
+			query = query.join(Package.releases) \
+				.filter(PackageRelease.approved==True) \
+				.filter(or_(PackageRelease.min_rel_id==None, PackageRelease.min_rel_id<=version)) \
+				.filter(or_(PackageRelease.max_rel_id==None, PackageRelease.max_rel_id>=version))
+
+		if self.limit:
+			query = query.limit(self.limit)
+
+		return query
+
+	def buildTopicQuery(self, show_added=False):
+		query = ForumTopic.query
+
+		if not self.show_discarded:
+			query = query.filter_by(discarded=False)
+
+		show_added = self.show_added == True or (self.show_added is None and show_added)
+		if not show_added:
+			query = query.filter(~ db.exists().where(Package.forums==ForumTopic.topic_id))
+
+		if self.order_by is None or self.order_by == "name":
+			query = query.order_by(db.asc(ForumTopic.wip), db.asc(ForumTopic.name), db.asc(ForumTopic.title))
+		elif self.order_by == "views":
+			query = query.order_by(db.desc(ForumTopic.views))
+		elif self.order_by == "date":
+			query = query.order_by(db.asc(ForumTopic.created_at))
+			sort_by = "date"
+
+		if self.search:
+			query = query.filter(ForumTopic.title.ilike('%' + self.search + '%'))
+
+		if len(self.types) > 0:
+			query = query.filter(ForumTopic.type.in_(self.types))
+
+		if self.limit:
+			query = query.limit(self.limit)
+
+		return query

app/rediscache.py

@@ -0,0 +1,13 @@
+from . import r
+
+# This file acts as a facade between the releases code and redis,
+# and also means that the releases code avoids knowing about `app`
+
+def make_download_key(ip, package):
+	return ("{}/{}/{}").format(ip, package.author.username, package.name)
+
+def set_key(key, v):
+	r.set(key, v)
+
+def has_key(key):
+	return r.exists(key)

app/sass.py

@@ -15,8 +15,6 @@ import codecs
 from flask import *
 from scss import Scss
 
-from app import app
-
 def _convert(dir, src, dst):
 	original_wd = os.getcwd()
 	os.chdir(dir)
@@ -31,7 +29,7 @@ def _convert(dir, src, dst):
 	outfile.write(output)
 	outfile.close()
 
-def _getDirPath(originalPath, create=False):
+def _getDirPath(app, originalPath, create=False):
 	path = originalPath
 
 	if not os.path.isdir(path):
@@ -47,8 +45,8 @@ def _getDirPath(originalPath, create=False):
 
 def sass(app, inputDir='scss', outputPath='static', force=False, cacheDir="public/static"):
 	static_url_path = app.static_url_path
-	inputDir = _getDirPath(inputDir)
-	cacheDir = _getDirPath(cacheDir or outputPath, True)
+	inputDir = _getDirPath(app, inputDir)
+	cacheDir = _getDirPath(app, cacheDir or outputPath, True)
 
 	def _sass(filepath):
 		sassfile = "%s/%s.scss" % (inputDir, filepath)
@@ -63,5 +61,3 @@ def sass(app, inputDir='scss', outputPath='static', force=False, cacheDir="publi
 		return send_from_directory(cacheDir, filepath + ".css")
 
 	app.add_url_rule("/%s/<path:filepath>.css" % (outputPath), 'sass', _sass)
-
-sass(app)

app/scss/comments.scss

@@ -1,49 +1,29 @@
-.comments, .comments li {
-	list-style: none;
-	padding: 0;
-	margin: 0;
-	border: 1px solid #444;
+.img-thumbnail-1 {
+	padding: 0px;
+	// width: 100%;
+	background: white;
 }
 
 .comments {
-	border-radius: 5px;
-	margin: 15px 0;
-	background: #333;
+	list-style: none;
+	padding: 0;
 
-	.info_strip, .msg {
-		display: block;
-		margin: 0;
-	}
+	.card {
+		position:relative;
 
-	.info_strip {
-		padding: 0.2em 1em;
-		border-bottom: 1px solid #444;
-	}
-
-	.msg {
-		padding: 1em;
-		background: #222;
-	}
-
-	.author {
-		font-weight: bold;
-		float: left;
-		display: inline-block;
-	}
-
-	.info_strip span {
-		float: right;
-		display: inline-block;
-		color: #bbb;
+		.card-header:before {
+			position: absolute;
+			top: 11px;
+			right: 100%;
+			width: 0;
+			height: 0;
+			display: block;
+			content:" ";
+			border-color: transparent;
+			border-style: solid solid outset;
+			pointer-events:none;
+			border-right-color: #444;
+			border-width: 14px;
+		}
 	}
 }
-
-.comment_form {
-	margin: 1em 0;
-}
-
-.comment_form textarea {
-	min-width: 60%;
-	max-width: 100%;
-	margin: 0 0 1em 0;
-}

app/scss/components.scss

@@ -1,112 +1,3 @@
-h1 {
-	margin: 0;
-}
-
-h2, h3 {
-	margin: 5px 0;
-}
-
-a {
-	color: #0be;
-	font-weight: bold;
-	text-decoration: none;
-}
-
-a:hover {
-	color: #0df;
-	text-decoration: underline;
-}
-
-/* Containers */
-
-.box {
-	border-radius: 5px;
-	margin: 15px 0;
-	padding: 0;
-}
-
-.box > h2, .box > h3 {
-	margin: 0;
-	padding: 0.5em 0.5em 0.5em 15px;
-	border-bottom: 1px solid #444;
-}
-
-.box .box-body {
-	padding: 1em !important;
-}
-
-// .box form {
-// 	padding: 1em;
-// }
-
-.box_grey {
-	background: #333;
-	border: 1px solid #444;
-}
-
-.ul_boxes {
-	display: block;
-	margin: 0;
-	padding: 0;
-	list-style: none;
-}
-
-.ul_boxes > li {
-	padding: 0;
-	list-style: none;
-}
-
-.box_link {
-	display: block;
-	color: #ddd;
-	text-decoration: none;
-}
-
-.box_link:hover{
-	background: #3a3a3a;
-}
-
-
-/*
-	buttonset
-*/
-
-.buttonset, .buttonset li {
-	display: block;
-	margin: 0;
-	padding: 0;
-	list-style: none;
-}
-
-.buttonset {
-	margin: 15px 0;
-}
-
-.button, .buttonset li a, input[type=submit] {
-	cursor: pointer;
-}
-
-.button, .buttonset li a, input[type=submit], input[type=text],
-		input[type=password], textarea, select, .bulletselector {
-	text-align: center;
-	display: inline-block;
-	padding: 0.4em 1em;
-	background: rgba(255,255,255,0.07);
-	border: 1px solid rgba(255,255,255,0.1);
-	color: #ddd;
-	border-radius: 5px;
-	text-decoration: none;
-	font-size: 100%;
-}
-
-select > * {
-	color: #222;
-}
-
-input[type=text], input[type=password], textarea, select, .bulletselector {
-	text-align: left;
-}
-
 .ui-autocomplete, ui-front {
 	position:absolute;
 	cursor:default;
@@ -133,74 +24,11 @@ input[type=text], input[type=password], textarea, select, .bulletselector {
 	}
 }
 
-select {
-	min-width: 200px;
+.bulletselector {
+	height: auto !important;
+	display: inline-block !important;
 }
 
-select:not([multiple]) {
-	background: linear-gradient(#444, #333);
-}
-
-.form-group {
-	padding: 8px 0;
-}
-
-.form-group label {
-	display: block;
-	vertical-align: top;
-	padding: 0 8px 8px 0;
-}
-
-.form-group input, .form-group textarea, .form-group .bulletselector {
-	display: block;
-	min-width: 100%;
-	max-width: 100%;
-}
-
-.box .form-group input, .box .form-group textarea, .form-group .bulletselector {
-	min-width: 95%;
-	max-width: 95%;
-}
-
-.form-group textarea {
-	min-height: 200px;
-}
-
-.button:hover, .buttonset li a:hover, input[type=submit]:hover {
-	background: rgba(255,255,255,0.13);
-	border: 1px solid rgba(255,255,255,0.17);
-	text-decoration: none;
-	color: #ddd;
-}
-
-.btn_green {
-	background: #363 !important;
-	border: 1px solid #473;
-}
-
-.btn_green:hover {
-	background: #474 !important;
-}
-
-.linedbuttonset a {
-	border: 1px solid #eee;
-	border-radius: 3px;
-	padding: 4px 10px;
-	margin: 0;
-	display: block;
-}
-
-.linedbuttonset {
-	display: block;
-	margin: 0;
-}
-
-.linedbuttonset li {
-	display: inline-block;
-	margin: 10px 10px 0 0;
-}
-
-
 .bulletselector input {
 	border: none;
 	border-radius: 0;
@@ -215,166 +43,14 @@ select:not([multiple]) {
 	white-space: nowrap;
 	background: transparent;
 }
-.bulletselector .tag {
-	background: #375D81;
-	border-radius: 3px;
-    -moz-border-radius: 3px;
-	color: #FFF;
+.bulletselector .badge {
 	float: left;
-	height: 15px;
-	padding: 0.1em 0.4em 0.5em;
+	padding: 0.4em 0.8em;
 	margin-right: 0.3em;
-	margin-bottom: 0.3em;
-    vertical-align: baseline;
-}
-.bulletselector .tag a {
-	color: #FFF;
-	cursor: pointer;
-}
-.bulletselector .tag a:hover {
-	color: #0099CC;
-	text-decoration: none;
 }
 
-
-/* Alerts */
-
-
-.alert .alert_right, .alert > form {
-	display: inline-block;
-	margin: 0;
-	position: absolute;
-	top: 0;
-	right: 0;
-	bottom: 0;
-}
-
-.alert {
-	padding: 10px;
-	position: relative;
-
-	.alert_right:not(.button) {
-		padding: 0;
-	}
-
-	.alert_right form {
-		height: 100%;
-	}
-
-	form {
-		display: inline-block;
-		margin: 0;
-		padding: 0;
-	}
-
-	input {
-		height: 100%;
-	}
-
-	input, .button {
-		margin: 0;
-		background: 0;
-		border: 0;
-		border-left: 1px solid rgba(255,255,255,0.12);
-		border-radius: 0;
-		vertical-align: middle;
-	}
-
-	input:hover, .button:hover {
-		border: 0;
-		border-left: 1px solid rgba(255,255,255,0.2);
-	}
-}
-
-#alerts {
-	list-style: none;
-	position: fixed;
-	bottom: 15px;
-	left: 0;
-	right: 0;
-	z-index: 1000;
-}
-
-#alerts .alert {
-	margin: 5px 0;
-	vertical-align: middle;
-}
-
-#alerts .close {
-	float: right;
-	color: white;
-}
-
-#alerts .close:hover {
-	color: #fff;
-}
-
-.alert-error, .button-danger {
-	background: #933 !important;
-	border: 1px solid #c44 !important;
-}
-
-.alert-warning {
-	background: #963;
-	border: 1px solid #c96;
-}
-
-.alert-primary {
-	background: #339;
-	border: 1px solid #66a;
-}
-
-.alert-success {
-	background: #161;
-	border: 1px solid #393;
-}
-
-table.fancyTable {
-	font-family: "Arial Black", Gadget, sans-serif;
-	border: 2px solid #000000;
-	background-color: #4A4A4A;
-	width: 100%;
-	text-align: center;
-	border-collapse: collapse;
-}
-table.fancyTable td, table.fancyTable th {
-	border: 1px solid #4A4A4A;
-	padding: 3px 2px;
-}
-table.fancyTable tbody td {
-	font-size: 13px;
-	color: #E6E6E6;
-}
-table.fancyTable tr:nth-child(even) {
-	background: #888888;
-}
-table.fancyTable thead {
-	background: #000000;
-	border-bottom: 3px solid #000000;
-}
-table.fancyTable thead th {
-	font-size: 15px;
-	font-weight: bold;
-	color: #E6E6E6;
-	text-align: center;
-	border-left: 2px solid #4A4A4A;
-}
-table.fancyTable thead th:first-child {
-	border-left: none;
-}
-
-table.fancyTable tfoot {
-	font-size: 12px;
-	font-weight: bold;
-	color: #E6E6E6;
-	background: #000000;
-	background: -moz-linear-gradient(top, #404040 0%, #191919 66%, #000000 100%);
-	background: -webkit-linear-gradient(top, #404040 0%, #191919 66%, #000000 100%);
-	background: linear-gradient(to bottom, #404040 0%, #191919 66%, #000000 100%);
-	border-top: 1px solid #4A4A4A;
-}
-table.fancyTable tfoot td {
-	font-size: 12px;
+.invalid-remaining {
+	display: none;
 }
 
 .t-mll tr td:not(:first-child) {
@@ -405,69 +81,44 @@ table.fancyTable tfoot td {
 	color: #2c2;
 }
 
-/*
-	Aside
-*/
-
-.asideright {
-	float: right;
-	margin: 0 0 0 15px;
-	max-width: 300px;
-}
-
-.outsidecontainer {
-	position: absolute;
-	right: 102%;
-	top: 0;
-	width: intrinsic;           /* Safari/WebKit uses a non-standard name */
-	width: -moz-max-content;    /* Firefox/Gecko */
-	width: -webkit-max-content; /* Chrome */
-}
-
-@media (max-width: 1490px) {
-	.outsidecontainer {
-		display: none;
-	}
-}
-
-.flatlist, .flatlist li {
-	list-style: none;
-	padding: 0;
-	margin: 0;
-}
-
-.flatlist li {
-	display: block;
-}
-
-.flatlist a {
-	display: block;
-	padding: 0.5em 20px;
-	color: #ddd;
-	font-weight: normal;
-}
-
-.flatlist a:hover {
-	background: #444;
-	text-decoration: none;
-}
-
-.table-topalign td {
-	vertical-align: top;
-}
-
-.wiptopic a {
+.wiptopic a:not(.btn) {
 	color: #7ac;
 }
 
-.editor-toolbar {
-	background-color: #333 !important;
+.discardtopic {
+	text-decoration: line-through;
+	a:not(.btn) {
+		color: #7ac;
+	}
+	filter: brightness(0.5);
 }
 
-.CodeMirror {
-	background-color: #222 !important;
+.editor-toolbar, .editor-toolbar.fullscreen {
+	margin-bottom: 0 !important;
+	background-color: #444 !important;
+	border: none !important;
+	border-radius: calc(0.25rem - 1px) calc(0.25rem - 1px) 0 0 !important;
+	border-bottom: 1px solid rgba(0, 0, 0, 0.125) !important;
 }
 
-.editor-preview-side {
-	background-color: #222 !important;
+.editor-toolbar button {
+	color: white;
+}
+
+.editor-toolbar button.active, .editor-toolbar button:hover {
+	background: #375a7f !important;
+	color: white !important;
+}
+
+.editor-toolbar.fullscreen::before, .editor-toolbar.fullscreen::after {
+	display: none !important;
+}
+
+// .CodeMirror {
+// 	background-color: #222 !important;
+// }
+
+.editor-preview-side, .editor-preview {
+	background-color: #222 !important;
+	color: white !important;
 }

app/scss/custom.scss

@@ -0,0 +1,57 @@
+@import "components.scss";
+@import "packages.scss";
+@import "packagegrid.scss";
+@import "comments.scss";
+
+.dropdown-menu {
+    margin-top: 0;
+}
+
+.dropdown:hover .dropdown-menu {
+   display: block;
+}
+
+.nav-link > img {
+	max-height: 1em;
+}
+
+#alerts {
+    display: block;
+    list-style: none;
+    position: fixed;
+    bottom: 0;
+    left:0;
+    right:0;
+    margin: 0;
+    padding:0;
+    z-index: 1000;
+}
+
+#alerts li {
+    list-style: none;
+}
+
+.jumbotron {
+    background-size: cover;
+    background-repeat: no-repeat;
+    background-position: center;
+}
+
+.alert .btn {
+    text-decoration: none;
+}
+
+.card .table {
+    margin-bottom: 0;
+}
+
+.btn-download {
+    color: #fff;
+    background-color: #00b05c;
+    border-color: #00b05c;
+}
+
+.btn-download:focus, .btn-download.focus {
+    -webkit-box-shadow: 0 0 0 0.2rem rgba(231, 76, 60, 0.5);
+    box-shadow: 0 0 0 0.2rem rgba(231, 76, 60, 0.5);
+}

app/scss/main.scss

@@ -1,6 +0,0 @@
-@import "page.scss";
-@import "components.scss";
-@import "nav.scss";
-@import "packages.scss";
-@import "packagegrid.scss";
-@import "comments.scss";

app/scss/nav.scss

@@ -1,90 +0,0 @@
-nav {
-	margin: 0 auto 0 auto;
-	list-style: none;
-	background: #333;
-}
-
-nav .navbar-left {
-	float: left;
-}
-
-nav .navbar-left li {
-	float: left;
-}
-
-nav .navbar-right {
-	float: right;
-}
-
-nav ul {
-	margin: 0 auto 0 auto;
-	padding: 0;
-	list-style: none;
-}
-
-nav li {
-	margin: 0;
-	padding: 0;
-	list-style: none;
-	display: inline-block;
-}
-
-nav li a {
-	color: #ddd;
-	margin: 0;
-	padding: 1em 1em;
-	display: block;
-	border-left: 1px solid #444;
-}
-
-nav li a:not([href]) {
-	cursor: default;
-}
-
-nav ul li:last-child a {
-	border-right: 1px solid #444;
-}
-
-nav a:hover {
-	color: #eee;
-	background: #444;
-	text-decoration: none;
-}
-
-nav img {
-	height: 1em;
-}
-
-li.dropdown {
-	position: relative;
-	display: inline-block;
-}
-
-.dropdown-menu {
-	display: none;
-	position: absolute;
-	margin: 0;
-	padding: 0;
-	min-width:160px;
-	background: #333;
-	z-index: 1;
-	right: 0;
-	box-shadow: 0px 8px 16px 0px rgba(0,0,0,0.4);
-}
-
-.dropdown:hover ul {
-	display: block;
-}
-
-.dropdown li {
-	display: block;
-}
-
-.dropdown li a {
-	border: none;
-	border-top: 1px solid #444;
-}
-
-.dropdown li:last-child a {
-	border-bottom: 1px solid #444;
-}

app/scss/packagegrid.scss

@@ -1,27 +1,20 @@
-.packagegrid {
-	display: flex;
-	flex-wrap: wrap;
-	flex-direction: row;
-	flex-grow: 1;
-	flex-shrink: 1;
+.packagetile {
+	list-style: none;
 	padding: 0;
-	margin: 0 -7px;
+	margin: 0 7px 7px 0;
+	min-width: 250px;
 }
 
-.packagegrid li {
-	flex: 1;
-	display: block;
-	min-width: 300px;
-	min-height: 200px;
-	max-width: 332px;
+li.d-flex {
+	list-style: none;
 	padding: 0;
-	margin: 7px;
+	margin: 0;
 }
 
-.packagegrid a {
+.packagetile a {
 	display: block;
 	padding-bottom: 66.66%;
-	border-radius: 7px;
+	border-radius: 3px;
 	position: relative;
 	overflow: hidden;
 	background-size: cover;
@@ -29,10 +22,6 @@
 	background-position: center;
 }
 
-.packagegrid a:hover {
-	// box-shadow: 0px 0px 16px 6px rgba(0,0,0,0.4);
-}
-
 .packagegridscrub {
 	position: absolute;
 	top: 50%;
@@ -53,6 +42,14 @@
 
 .packagegridinfo h3 {
 	color: white;
+	font-size: 120%;
+	font-weight: bold;
+}
+
+.packagegridinfo small {
+	color: #ddd;
+	font-size: 75%;
+	font-weight: bold;
 }
 
 .packagegridinfo p {
@@ -61,15 +58,15 @@
 	font-weight: normal;
 }
 
-.packagegrid a:hover .packagegridinfo {
+.packagetile a:hover .packagegridinfo {
 	top: 0;
 }
 
-.packagegrid a:hover p {
+.packagetile a:hover p {
 	display: block;
 }
 
-.packagegrid a:hover .packagegridscrub {
+.packagetile a:hover .packagegridscrub {
 	top: 0;
 	background: rgba(0,0,0,0.8);
 }

app/scss/packages.scss

@@ -37,34 +37,6 @@
 	left: 15px;
 }
 
-.sidebar_container {
-	display: block;
-	position: relative;
-	padding: 0;
-	margin: 0;
-}
-
-.sidebar_container .right, .sidebar_container .left{
-	position: absolute;
-	display: block;
-	top: 10px;
-	margin-top: 0;
-}
-
-.sidebar_container .right {
-	right: 0;
-	width: 280px;
-}
-
-.sidebar_container .left {
-	right: 295px;
-	left: 0;
-}
-
-.sidebar_container .right > *:first-child, .sidebar_container .left > *:first-child {
-	margin-top: 0;
-}
-
 .package-short-large {
 	font-size: 120%;
 }

app/scss/page.scss

@@ -1,56 +0,0 @@
-html, body {
-	font-family: "Arial", sans-serif;
-	background: #222;
-	color: #ddd;
-	padding: 0;
-	margin: 0;
-}
-
-.container, main, #alerts, footer {
-	width: 90%;
-	max-width: 1024px;
-	margin: auto;
-	padding: 0;
-	display: block;
-}
-
-main {
-	padding: 7px 0;
-	position: relative;
-	box-sizing: border-box;
-}
-
-.clearboth {
-	clear: both;
-}
-
-header h1, header p, header form {
-	padding: 0 5px;
-	margin-left: 0;
-}
-
-header {
-	padding: 30px;
-	background: #258;
-}
-
-header p {
-	max-width: 400px;
-}
-
-header input {
-	margin: 3px;
-}
-
-footer {
-	color: #999;
-	padding: 30px 0;
-}
-
-footer a {
-	color: #aaa;
-}
-
-footer a:hover {
-	color: #bbb;
-}

app/tasks/__init__.py

@@ -16,7 +16,7 @@
 
 
 import flask
-from flask.ext.sqlalchemy import SQLAlchemy
+from flask_sqlalchemy import SQLAlchemy
 from celery import Celery
 from celery.schedules import crontab
 from app import app

app/tasks/emails.py

@@ -15,15 +15,27 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 
-from flask import *
+from flask import render_template, url_for
 from flask_mail import Message
 from app import mail
 from app.tasks import celery
 
 @celery.task()
 def sendVerifyEmail(newEmail, token):
+	print("Sending verify email!")
 	msg = Message("Verify email address", recipients=[newEmail])
-	msg.body = "This is a verification email!"
+
+	msg.body = """
+			This email has been sent to you because someone (hopefully you)
+			has entered your email address as a user's email.
+
+			If it wasn't you, then just delete this email.
+
+			If this was you, then please click this link to verify the address:
+
+			{}
+		""".format(url_for('users.verify_email', token=token, _external=True))
+
 	msg.html = render_template("emails/verify.html", token=token)
 	mail.send(msg)
 
@@ -31,8 +43,8 @@ def sendVerifyEmail(newEmail, token):
 def sendEmailRaw(to, subject, text, html):
 	from flask_mail import Message
 	msg = Message(subject, recipients=to)
-	if text:
-		msg.body = text
-	if html:
-		msg.html = html
+
+	msg.body = text or html
+	html = html or text
+	msg.html = render_template("emails/base.html", subject=subject, content=html)
 	mail.send(msg)

app/tasks/forumtasks.py

@@ -16,7 +16,7 @@
 
 
 import flask, json, re
-from flask.ext.sqlalchemy import SQLAlchemy
+from flask_sqlalchemy import SQLAlchemy
 from app import app
 from app.models import *
 from app.tasks import celery
@@ -25,7 +25,8 @@ import urllib.request
 from urllib.parse import urlparse, quote_plus
 
 @celery.task()
-def checkForumAccount(username, token=None):
+def checkForumAccount(username, forceNoSave=False):
+	print("Checking " + username)
 	try:
 		profile = getProfile("https://forum.minetest.net", username)
 	except OSError:
@@ -47,10 +48,34 @@ def checkForumAccount(username, token=None):
 		user.github_username = github_username
 		needsSaving = True
 
+	pic = profile.avatar
+	if pic and "http" in pic:
+		pic = None
+
+	needsSaving = needsSaving or pic != user.profile_pic
+	if pic:
+		user.profile_pic = "https://forum.minetest.net/" + pic
+	else:
+		user.profile_pic = None
+
 	# Save
-	if needsSaving:
+	if needsSaving and not forceNoSave:
 		db.session.commit()
 
+	return needsSaving
+
+@celery.task()
+def checkAllForumAccounts(forceNoSave=False):
+	needsSaving = False
+	query = User.query.filter(User.forums_username.isnot(None))
+	for user in query.all():
+		needsSaving = checkForumAccount(user.username) or needsSaving
+
+	if needsSaving and not forceNoSave:
+		db.session.commit()
+
+	return needsSaving
+
 
 regex_tag    = re.compile(r"\[([a-z0-9_]+)\]")
 BANNED_NAMES = ["mod", "game", "old", "outdated", "wip", "api", "beta", "alpha", "git"]
@@ -74,11 +99,19 @@ def parseTitle(title):
 def getLinksFromModSearch():
 	links = {}
 
-	contents = urllib.request.urlopen("https://krock-works.uk.to/minetest/modList.php").read().decode("utf-8")
-	for x in json.loads(contents):
-		link = x.get("link")
-		if link is not None:
-			links[int(x["topicId"])] = link
+	try:
+		contents = urllib.request.urlopen("https://krock-works.uk.to/minetest/modList.php").read().decode("utf-8")
+		for x in json.loads(contents):
+			try:
+				link = x.get("link")
+				if link is not None:
+					links[int(x["topicId"])] = link
+			except ValueError:
+				pass
+
+	except urllib.error.URLError:
+		print("Unable to open krocks mod search!")
+		return links
 
 	return links
 

app/tasks/importtasks.py

@@ -15,9 +15,9 @@
 # along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 
-import flask, json, os, git, tempfile, shutil
+import flask, json, os, git, tempfile, shutil, gitdb
 from git import GitCommandError
-from flask.ext.sqlalchemy import SQLAlchemy
+from flask_sqlalchemy import SQLAlchemy
 from urllib.error import HTTPError
 import urllib.request
 from urllib.parse import urlparse, quote_plus, urlsplit
@@ -29,6 +29,10 @@ from app.utils import randomString
 
 class GithubURLMaker:
 	def __init__(self, url):
+		self.baseUrl = None
+		self.user = None
+		self.repo = None
+
 		# Rewrite path
 		import re
 		m = re.search("^\/([^\/]+)\/([^\/]+)\/?$", url.path)
@@ -51,6 +55,9 @@ class GithubURLMaker:
 	def getScreenshotURL(self):
 		return self.baseUrl + "/screenshot.png"
 
+	def getModConfURL(self):
+		return self.baseUrl + "/mod.conf"
+
 	def getCommitsURL(self, branch):
 		return "https://api.github.com/repos/{}/{}/commits?sha={}" \
 				.format(self.user, self.repo, urllib.parse.quote_plus(branch))
@@ -291,16 +298,23 @@ def cloneRepo(urlstr, ref=None, recursive=False):
 	try:
 		gitUrl = generateGitURL(urlstr)
 		print("Cloning from " + gitUrl)
-		repo = git.Repo.clone_from(gitUrl, gitDir, \
-				progress=None, env=None, depth=1, recursive=recursive, kill_after_timeout=15)
 
-		if ref is not None:
-			repo.create_head("myhead", ref).checkout()
+		if ref is None:
+			repo = git.Repo.clone_from(gitUrl, gitDir, \
+					progress=None, env=None, depth=1, recursive=recursive, kill_after_timeout=15)
+		else:
+			repo = git.Repo.clone_from(gitUrl, gitDir, \
+					progress=None, env=None, depth=1, recursive=recursive, kill_after_timeout=15, b=ref)
+
 		return gitDir, repo
+
 	except GitCommandError as e:
 		# This is needed to stop the backtrace being weird
 		err = e.stderr
 
+	except gitdb.exc.BadName as e:
+		err = "Unable to find the reference " + (ref or "?") + "\n" + e.stderr
+
 	raise TaskError(err.replace("stderr: ", "") \
 			.replace("Cloning into '" + gitDir + "'...", "") \
 			.strip())
@@ -339,8 +353,11 @@ def makeVCSReleaseFromGithub(id, branch, release, url):
 		raise TaskError("Invalid github repo URL")
 
 	commitsURL = urlmaker.getCommitsURL(branch)
-	contents = urllib.request.urlopen(commitsURL).read().decode("utf-8")
-	commits = json.loads(contents)
+	try:
+		contents = urllib.request.urlopen(commitsURL).read().decode("utf-8")
+		commits = json.loads(contents)
+	except HTTPError:
+		raise TaskError("Unable to get commits for Github repository. Either the repository or reference doesn't exist.")
 
 	if len(commits) == 0 or not "sha" in commits[0]:
 		raise TaskError("No commits found")
@@ -348,7 +365,7 @@ def makeVCSReleaseFromGithub(id, branch, release, url):
 	release.url          = urlmaker.getCommitDownload(commits[0]["sha"])
 	release.task_id     = None
 	release.commit_hash = commits[0]["sha"]
-	print(release.url)
+	release.approve(release.package.author)
 	db.session.commit()
 
 	return release.url
@@ -379,6 +396,7 @@ def makeVCSRelease(id, branch):
 			release.url         = "/uploads/" + filename
 			release.task_id     = None
 			release.commit_hash = repo.head.object.hexsha
+			release.approve(release.package.author)
 			print(release.url)
 			db.session.commit()
 

app/tasks/phpbbparser.py

@@ -15,8 +15,9 @@ def urlEncodeNonAscii(b):
 
 class Profile:
 	def __init__(self, username):
-		self.username = username
-		self.signature = ""
+		self.username   = username
+		self.signature  = ""
+		self.avatar     = None
 		self.properties = {}
 
 	def set(self, key, value):
@@ -33,6 +34,11 @@ def __extract_properties(profile, soup):
 	if el is None:
 		return None
 
+	res1 = el.find_all("dl")
+	imgs = res1[0].find_all("img")
+	if len(imgs) == 1:
+		profile.avatar = imgs[0]["src"]
+
 	res = el.find_all("dl", class_ = "left-box details")
 	if len(res) != 1:
 		return None

app/template_filters.py

@@ -0,0 +1,22 @@
+from . import app
+from urllib.parse import urlparse
+
+@app.context_processor
+def inject_debug():
+    return dict(debug=app.debug)
+
+@app.template_filter()
+def throw(err):
+	raise Exception(err)
+
+@app.template_filter()
+def domain(url):
+	return urlparse(url).netloc
+
+@app.template_filter()
+def date(value):
+    return value.strftime("%Y-%m-%d")
+
+@app.template_filter()
+def datetime(value):
+    return value.strftime("%Y-%m-%d %H:%M") + " UTC"

app/templates/admin/licenses/edit.html

@@ -10,8 +10,8 @@
 
 {% block content %}
 	<p>
-		<a href="{{ url_for('license_list_page') }}">Back to list</a> |
-		<a href="{{ url_for('createedit_license_page') }}">New License</a>
+		<a href="{{ url_for('admin.license_list') }}">Back to list</a> |
+		<a href="{{ url_for('admin.create_edit_license') }}">New License</a>
 	</p>
 
 	{% from "macros/forms.html" import render_field, render_submit_field %}

app/templates/admin/licenses/list.html

@@ -6,11 +6,11 @@ Licenses
 
 {% block content %}
 	<p>
-		<a href="{{ url_for('createedit_license_page') }}">New Tag</a>
+		<a href="{{ url_for('admin.create_edit_license') }}">New License</a>
 	</p>
 	<ul>
 		{% for l in licenses %}
-			<li><a href="{{ url_for('createedit_license_page', name=l.name) }}">{{ l.name }}</a> [{{ l.is_foss and "Free" or "Non-free"}}]</li>
+			<li><a href="{{ url_for('admin.create_edit_license', name=l.name) }}">{{ l.name }}</a> [{{ l.is_foss and "Free" or "Non-free"}}]</li>
 		{% endfor %}
 	</ul>
 {% endblock %}

app/templates/admin/list.html

@@ -6,21 +6,24 @@
 
 {% block content %}
 	<ul>
-		<li><a href="{{ url_for('user_list_page') }}">User list</a></li>
-		<li><a href="{{ url_for('tag_list_page') }}">Tag Editor</a></li>
-		<li><a href="{{ url_for('license_list_page') }}">License Editor</a></li>
-		<li><a href="{{ url_for('switch_user_page') }}">Sign in as another user</a></li>
+		<li><a href="{{ url_for('users.list_all') }}">User list</a></li>
+		<li><a href="{{ url_for('admin.tag_list') }}">Tag Editor</a></li>
+		<li><a href="{{ url_for('admin.license_list') }}">License Editor</a></li>
+		<li><a href="{{ url_for('admin.version_list') }}">Version Editor</a></li>
+		<li><a href="{{ url_for('admin.switch_user') }}">Sign in as another user</a></li>
 	</ul>
 
-	<div class="box box_grey">
-		<h2>Do action</h2>
+	<div class="card my-4">
+		<h2 class="card-header">Do action</h2>
 
-		<form method="post" action="" class="box-body">
+		<form method="post" action="" class="card-body">
 			<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
 			<select name="action">
-				<option value="importmodlist" selected>Import forum topics</option>
+				<option value="delstuckreleases" selected>Delete stuck releases</option>
+				<option value="importmodlist">Import forum topics</option>
 				<option value="recalcscores">Recalculate package scores</option>
-				<!-- <option value="importscreenshots">Import screenshots from VCS</option> -->
+				<option value="checkusers">Check forum users</option>
+				<option value="importscreenshots">Import screenshots from VCS</option>
 				<!-- <option value="importdepends">Import dependencies from downloads</option> -->
 				<!-- <option value="modprovides">Set provides to mod name</option> -->
 				<!-- <option value="vcsrelease">Create VCS releases</option> -->
@@ -29,10 +32,10 @@
 		</form>
 	</div>
 
-	<div class="box box_grey">
-		<h2>Restore Package</h2>
+	<div class="card my-4">
+		<h2 class="card-header">Restore Package</h2>
 
-		<form method="post" action="" class="box-body">
+		<form method="post" action="" class="card-body">
 			<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
 			<input type="hidden" name="action" value="restore" />
 			<select name="package">

app/templates/admin/tags/edit.html

@@ -10,8 +10,8 @@
 
 {% block content %}
 	<p>
-		<a href="{{ url_for('tag_list_page') }}">Back to list</a> |
-		<a href="{{ url_for('createedit_tag_page') }}">New Tag</a>
+		<a href="{{ url_for('admin.tag_list') }}">Back to list</a> |
+		<a href="{{ url_for('admin.create_edit_tag') }}">New Tag</a>
 	</p>
 
 	{% from "macros/forms.html" import render_field, render_submit_field %}

app/templates/admin/tags/list.html

@@ -6,11 +6,11 @@ Tags
 
 {% block content %}
 	<p>
-		<a href="{{ url_for('createedit_tag_page') }}">New Tag</a>
+		<a href="{{ url_for('admin.create_edit_tag') }}">New Tag</a>
 	</p>
 	<ul>
 		{% for t in tags %}
-			<li><a href="{{ url_for('createedit_tag_page', name=t.name) }}">{{ t.title }}</a> [{{ t.packages | count }} packages]</li>
+			<li><a href="{{ url_for('admin.create_edit_tag', name=t.name) }}">{{ t.title }}</a> [{{ t.packages | count }} packages]</li>
 		{% endfor %}
 	</ul>
 {% endblock %}

app/templates/admin/versions/edit.html

@@ -0,0 +1,25 @@
+{% extends "base.html" %}
+
+{% block title %}
+	{% if version %}
+		Edit {{ version.name }}
+	{% else %}
+		New Minetest Version
+	{% endif %}
+{% endblock %}
+
+{% block content %}
+	<p>
+		<a href="{{ url_for('admin.version_list') }}">Back to list</a> |
+		<a href="{{ url_for('admin.create_edit_version') }}">New Version</a>
+	</p>
+
+	{% from "macros/forms.html" import render_field, render_submit_field %}
+	<form method="POST" action="" enctype="multipart/form-data">
+		{{ form.hidden_tag() }}
+
+		{{ render_field(form.name) }}
+		{{ render_field(form.protocol) }}
+		{{ render_submit_field(form.submit) }}
+	</form>
+{% endblock %}

app/templates/admin/versions/list.html

@@ -0,0 +1,16 @@
+{% extends "base.html" %}
+
+{% block title %}
+Minetest Versions
+{% endblock %}
+
+{% block content %}
+	<p>
+		<a href="{{ url_for('admin.create_edit_version') }}">New Version</a>
+	</p>
+	<ul>
+		{% for v in versions %}
+			<li><a href="{{ url_for('admin.create_edit_version', name=v.name) }}">{{ v.name }}</a></li>
+		{% endfor %}
+	</ul>
+{% endblock %}

app/templates/base.html

@@ -6,75 +6,100 @@
 	<meta http-equiv="X-UA-Compatible" content="IE=edge">
 	<meta name="viewport" content="width=device-width, initial-scale=1">
 	<title>{% block title %}title{% endblock %} - {{ config.USER_APP_NAME }}</title>
-	<link rel="stylesheet" type="text/css" href="/static/main.css">
+	<link rel="stylesheet" type="text/css" href="/static/bootstrap.css">
+	<link rel="stylesheet" type="text/css" href="/static/custom.css?v=7">
+	<link rel="search" type="application/opensearchdescription+xml" href="/static/opensearch.xml" title="ContentDB" />
+	<link rel="shortcut icon" href="/favicon-16.png" sizes="16x16">
+	<link rel="icon" href="/favicon-128.png" sizes="128x128">
+	<link rel="icon" href="/favicon-32.png" sizes="32x32">
 	{% block headextra %}{% endblock %}
 </head>
 
 <body>
-	<nav>
+	<nav class="navbar navbar-expand-lg navbar-dark bg-primary">
 		<div class="container">
-			<ul class="nav navbar-nav navbar-left">
-				<li><a href="/">{{ config.USER_APP_NAME }}</a></li>
-				{% for item in current_menu.children recursive %}
-					{% if item.visible %}
-						<li{% if item.children %} class="dropdown"{% endif %}>
-							<a href="{{ item.url }}"
-									{% if item.children %}
-										class="dropdown-toggle"
-										data-toggle="dropdown"
-										role="button"
-										aria-expanded="false"
-									{% endif %}>
-								{{ item.text }}
-								{% if item.children %}
-									<span class="caret"></span>
-								{% endif %}
-							</a>
-							{% if item.children %}
-							<ul class="dropdown-menu" role="menu">
-								{{ loop(item.children) }}
-							</ul>
-							{% endif %}
-						</li>
-					{% endif %}
-				{% endfor %}
-			</ul>
-			<ul class="nav navbar-nav navbar-right">
-				{% if current_user.is_authenticated %}
-					<li><a href="{{ url_for('notifications_page') }}">
-						<img src="/static/notification{% if current_user.notifications %}_alert{% endif %}.svg" />
-					</a></li>
-					<li><a href="{{ url_for('create_edit_package_page') }}">+</a></li>
-					<li class="dropdown">
-						<a class="dropdown-toggle"
-							data-toggle="dropdown"
-							role="button"
-							aria-expanded="false">{{ current_user.display_name }}
-								<span class="caret"></span></a>
+			<a class="navbar-brand" href="/">{{ config.USER_APP_NAME }}</a>
+			<button class="navbar-toggler" type="button" data-toggle="collapse" data-target="#navbarColor01" aria-controls="navbarColor01" aria-expanded="false" aria-label="Toggle navigation">
+				<span class="navbar-toggler-icon"></span>
+			</button>
 
-						<ul class="dropdown-menu" role="menu">
-							<li>
-								<a href="{{ url_for('user_profile_page', username=current_user.username) }}">Profile</a>
+			<div class="collapse navbar-collapse" id="navbarColor01">
+				<ul class="navbar-nav mr-auto">
+					{% for item in current_menu.children recursive %}
+						{% if item.visible %}
+							<li class="nav-item {% if item.children %} dropdown{% endif %}">
+								<a class="nav-link" href="{{ item.url }}"
+										{% if item.children %}
+											class="dropdown-toggle"
+											data-toggle="dropdown"
+											role="button"
+											aria-expanded="false"
+										{% endif %}>
+									{{ item.text }}
+									{% if item.children %}
+										<span class="caret"></span>
+									{% endif %}
+								</a>
+								{% if item.children %}
+								<ul class="dropdown-menu" role="menu">
+									{{ loop(item.children) }}
+								</ul>
+								{% endif %}
 							</li>
-							{% if current_user.canAccessTodoList() %}
-								<li><a href="{{ url_for('todo_page') }}">Work Queue</a></li>
-								<li><a href="{{ url_for('user_list_page') }}">User list</a></li>
-							{% endif %}
-							{% if current_user.rank == current_user.rank.ADMIN %}
-								<li><a href="{{ url_for('admin_page') }}">Admin</a></li>
-							{% endif %}
-							{% if current_user.rank == current_user.rank.MODERATOR %}
-								<li><a href="{{ url_for('tag_list_page') }}">Tag Editor</a></li>
-								<li><a href="{{ url_for('license_list_page') }}">License Editor</a></li>
-							{% endif %}
-							<li><a href="{{ url_for('user.logout') }}">Sign out</a></li>
-						</ul>
-					</li>
-				{% else %}
-					<li><a href="{{ url_for('user.login') }}">Sign in</a></li>
-				{% endif %}
-			</ul>
-			<div class="clearboth"></div>
+						{% endif %}
+					{% endfor %}
+				</ul>
+				<form class="form-inline my-2 my-lg-0" method="GET" action="/packages/">
+					{% if type %}<input type="hidden" name="type" value="{{ type }}" />{% endif %}
+					<input class="form-control mr-sm-2" name="q" type="text" placeholder="Search {{ title | lower or 'all packages' }}" value="{{ query or ''}}">
+					<input class="btn btn-secondary my-2 my-sm-0 mr-sm-2" type="submit" value="Search" />
+					<!-- <input class="btn btn-secondary my-2 my-sm-0"
+						data-toggle="tooltip" data-placement="bottom"
+						title="Go to the first found result for this query."
+						type="submit" name="lucky" value="First" /> -->
+				</form>
+				<ul class="navbar-nav ml-auto">
+					{% if current_user.is_authenticated %}
+						<li class="nav-item"><a class="nav-link" href="{{ url_for('notifications.list_all') }}">
+							<img src="/static/notification{% if current_user.notifications %}_alert{% endif %}.svg" />
+						</a></li>
+						<li class="nav-item"><a class="nav-link" href="{{ url_for('packages.create_edit') }}">+</a></li>
+						<li class="nav-item dropdown">
+							<a class="nav-link dropdown-toggle"
+								data-toggle="dropdown"
+								role="button"
+								aria-expanded="false">{{ current_user.display_name }}
+									<span class="caret"></span></a>
+
+							<ul class="dropdown-menu" role="menu">
+								<li class="nav-item">
+									<a class="nav-link" href="{{ url_for('users.profile', username=current_user.username) }}">Profile</a>
+								</li>
+								<li class="nav-item">
+									<a class="nav-link" href="{{ url_for('users.profile', username=current_user.username) }}#unadded-topics">Your unadded topics</a>
+								</li>
+								{% if current_user.canAccessTodoList() %}
+									<li class="nav-item"><a class="nav-link" href="{{ url_for('todo.view') }}">{{ _("Work Queue") }}</a></li>
+									<li class="nav-item"><a  class="nav-link" href="{{ url_for('users.list_all') }}">{{ _("User list") }}</a></li>
+								{% endif %}
+								<li class="nav-item">
+									<a class="nav-link" href="{{ url_for('todo.topics') }}">{{ _("All unadded topics") }}</a>
+								</li>
+								{% if current_user.rank == current_user.rank.ADMIN %}
+									<li class="nav-item"><a class="nav-link" href="{{ url_for('admin.admin_page') }}">{{ _("Admin") }}</a></li>
+								{% endif %}
+								{% if current_user.rank == current_user.rank.MODERATOR %}
+									<li class="nav-item"><a class="nav-link" href="{{ url_for('admin.tag_list') }}">{{ _("Tag Editor") }}</a></li>
+									<li class="nav-item"><a class="nav-link" href="{{ url_for('admin.license_list') }}">{{ _("License Editor") }}</a></li>
+								{% endif %}
+								<li class="nav-item"><a class="nav-link" href="{{ url_for('user.logout') }}">{{ _("Sign out") }}</a></li>
+							</ul>
+						</li>
+					{% else %}
+						<li><a class="nav-link" href="{{ url_for('user.login') }}">{{ _("Sign in") }}</a></li>
+					{% endif %}
+				</ul>
+			</div>
 		</div>
 	</nav>
 
@@ -83,7 +108,7 @@
 			{% if messages %}
 				<ul id="alerts">
 					{% for category, message in messages %}
-						<li class="box box_grey alert alert-{{category}}">
+						<li class="alert alert-{{category}} container">
 							<span class="icon_message"></span>
 
 							{{ message|safe }}
@@ -97,16 +122,37 @@
 	{% endblock %}
 
 	{% block container %}
-	<main>
+	<main class="container mt-4">
 		{% block content %}
 		{% endblock %}
 	</main>
 	{% endblock %}
 
-	<footer>
-		ContentDB &copy; 2018 to <a href="https://rubenwardy.com/">rubenwardy</a> |
+	<footer class="container footer-copyright my-5 page-footer font-small text-center">
+		ContentDB &copy; 2018-9 to <a href="https://rubenwardy.com/">rubenwardy</a> |
 		<a href="https://github.com/minetest/contentdb">GitHub</a> |
-		<a href="{{ url_for('flatpage', path='help') }}">Help</a> |
-		<a href="{{ url_for('flatpage', path='help/reporting') }}">Report / DMCA</a>
+		<a href="{{ url_for('flatpage', path='help') }}">{{ _("Help") }}</a> |
+		<a href="{{ url_for('flatpage', path='policy_and_guidance') }}">{{ _("Policy and Guidance") }}</a> |
+		<a href="{{ url_for('flatpage', path='help/reporting') }}">{{ _("Report / DMCA") }}</a> |
+		<a href="{{ url_for('users.list_all') }}">{{ _("User List") }}</a>
+
+		{% if debug %}
+			<p style="color: red">
+				DEBUG MODE ENABLED
+			</p>
+		{% endif %}
 	</footer>
+
+	<script src="/static/jquery.min.js"></script>
+	<script src="/static/popper.min.js"></script>
+	<script src="/static/bootstrap.min.js"></script>
+	<script src="/static/easymde.min.js"></script>
+	<link rel="stylesheet" type="text/css" href="/static/easymde.min.css">
+	<script>
+		$("textarea.markdown").each(function() {
+			new EasyMDE({ element: this, hideIcons: ["image"], forceSync: true });
+		})
+	</script>
+	{% block scriptextra %}{% endblock %}
+</body>
 </html>

app/templates/emails/base.html

@@ -0,0 +1,64 @@
+<!doctype html>
+<html>
+<head>
+	<style>
+		.btn {
+			display: inline-block !important;
+			color: #fff !important;
+			font-weight: 400;
+			text-align: center;
+			vertical-align: middle;
+			-webkit-user-select: none;
+			-moz-user-select: none;
+			-ms-user-select: none;
+			user-select: none;
+			background-color: transparent;
+			border: 1px solid transparent;
+			border-top-color: transparent;
+			border-bottom-color: transparent;
+			border-left-color: transparent;
+			padding: 0.375rem 0.75rem;
+			font-size: 0.9375rem;
+			line-height: 1.5;
+			border-radius: 0.25rem;
+			-webkit-transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;
+			transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;
+			transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out;
+			transition: color 0.15s ease-in-out, background-color 0.15s ease-in-out, border-color 0.15s ease-in-out, box-shadow 0.15s ease-in-out, -webkit-box-shadow 0.15s ease-in-out;
+			background-color: #2C3E50;
+			border-color: #2C3E50;
+			text-decoration: none;
+		}
+
+		.btn:hover {
+			color: #fff;
+			background-color: #1e2b37;
+			border-color: #1a252f;
+		}
+
+		.btn:focus {
+			-webkit-box-shadow: 0 0 0 0.2rem rgba(76, 91, 106, 0.5);
+			box-shadow: 0 0 0 0.2rem rgba(76, 91, 106, 0.5);
+			outline: 0;
+		}
+	</style>
+</head>
+<body>
+	<div style="font-family: 'Arial', 'sans-serif'; max-width: 700px; margin: auto; padding: 0;">
+		<div style="background: #2C3E50; padding: 1.2rem 1.2rem 1.2rem 2em; color: white;">
+			<h1 style="margin: 0; font-size: 120%; font-weight: normal;">ContentDB</h1>
+		</div>
+		<div style="padding: 2em; background: white;">
+			{% block content %}
+				<h2 style="margin-top: 0;">{{ subject }}</h2>
+
+				{{ content | safe }}
+			{% endblock %}
+
+			<div style="margin-top: 3em;font-size: 80%;color: #666;">
+				ContentDB &copy; rubenwardy
+			</div>
+		</div>
+	</div>
+</body>
+</html>

app/templates/emails/verify.html

@@ -1,4 +1,7 @@
-<h1>Hello!</h1>
+{% extends "emails/base.html" %}
+
+{% block content %}
+<h2 style="margin-top: 0;">Hello!</h2>
 
 <p>
 	This email has been sent to you because someone (hopefully you)
@@ -6,12 +9,19 @@
 </p>
 
 <p>
-	If this was you, then please click this link to verify the address:
-	<a href="{{ url_for('verify_email_page', token=token, _external=True) }}">
-		{{ url_for('verify_email_page', token=token, _external=True) }}
-	</a>
+	If it wasn't you, then just delete this email.
 </p>
 
 <p>
-	If it wasn't you, then just delete this email.
+	If this was you, then please click this link to verify the address:
 </p>
+
+<a class="btn" href="{{ url_for('users.verify_email', token=token, _external=True) }}">
+	Confirm Email Address
+</a>
+
+<p style="font-size: 80%;">
+	Or paste this into your browser: {{ url_for('users.verify_email', token=token, _external=True) }}
+<p>
+
+{% endblock %}

app/templates/flask_user/login.html

@@ -5,76 +5,76 @@ Sign in
 {% endblock %}
 
 {% block content %}
-<div class="sidebar_container">
-	<div class="left box box_grey">
-		{% from "flask_user/_macros.html" import render_field, render_checkbox_field, render_submit_field %}
-		<h2>{%trans%}Sign in{%endtrans%}</h2>
+<div class="row">
+	<div class="col-sm-8">
+		<div class="card">
+			{% from "flask_user/_macros.html" import render_field, render_checkbox_field, render_submit_field %}
+			<h2 class="card-header">{%trans%}Sign in{%endtrans%}</h2>
 
-		<form action="" method="POST" class="form box-body" role="form">
-			<h3>Sign in with username/password</h3>
-			{{ form.hidden_tag() }}
+			<form action="" method="POST" class="form card-body" role="form">
+				{{ form.hidden_tag() }}
 
-			{# Username or Email field #}
-			{% set field = form.username if user_manager.enable_username else form.email %}
-			<div class="form-group {% if field.errors %}has-error{% endif %}">
-				{# Label on left, "New here? Register." on right #}
-				<div class="row">
-					<div class="col-xs-6">
-						<label for="{{ field.id }}" class="control-label">{{ field.label.text }}</label>
-					</div>
+				{# Username or Email field #}
+				{% set field = form.username if user_manager.enable_username else form.email %}
+				<div class="form-group {% if field.errors %}has-error{% endif %}">
+					{# Label on left, "New here? Register." on right #}
+					<label for="{{ field.id }}" class="control-label">{{ field.label.text }}</label>
+					{{ field(class_='form-control', tabindex=110) }}
+					{% if field.errors %}
+					{% for e in field.errors %}
+					<p class="help-block">{{ e }}</p>
+					{% endfor %}
+					{% endif %}
 				</div>
-				{{ field(class_='form-control', tabindex=110) }}
-				{% if field.errors %}
-				{% for e in field.errors %}
-				<p class="help-block">{{ e }}</p>
-				{% endfor %}
-				{% endif %}
-			</div>
 
-			{# Password field #}
-			{% set field = form.password %}
-			<div class="form-group {% if field.errors %}has-error{% endif %}">
-				<div class="row">
+				{# Password field #}
+				{% set field = form.password %}
+				<div class="form-group {% if field.errors %}has-error{% endif %}">
 					<label for="{{ field.id }}" class="control-label">{{ field.label.text }}
 					{% if user_manager.enable_forgot_password %}
 						<a href="{{ url_for('user.forgot_password') }}" tabindex='195'>
 							[{%trans%}Forgot My Password{%endtrans%}]</a>
 					{% endif %}
 					</label>
+					{{ field(class_='form-control', tabindex=120) }}
+					{% if field.errors %}
+					{% for e in field.errors %}
+					<p class="help-block">{{ e }}</p>
+					{% endfor %}
+					{% endif %}
 				</div>
-				{{ field(class_='form-control', tabindex=120) }}
-				{% if field.errors %}
-				{% for e in field.errors %}
-				<p class="help-block">{{ e }}</p>
-				{% endfor %}
+
+				{# Remember me #}
+				{% if user_manager.enable_remember_me %}
+				{{ render_checkbox_field(login_form.remember_me, tabindex=130) }}
 				{% endif %}
+
+				{# Submit button #}
+				<p>
+					{{ render_submit_field(form.submit, tabindex=180) }}
+				</p>
+			</form>
+		</div>
+
+		<div class="card mt-4">
+			{% from "flask_user/_macros.html" import render_field, render_checkbox_field, render_submit_field %}
+			<h2 class="card-header">{%trans%}Sign in with Github{%endtrans%}</h2>
+			<div class="card-body">
+				<a class="btn btn-primary" href="{{ url_for('users.github_signin') }}">GitHub</a>
 			</div>
-
-			{# Remember me #}
-			{% if user_manager.enable_remember_me %}
-			{{ render_checkbox_field(login_form.remember_me, tabindex=130) }}
-			{% endif %}
-
-			{# Submit button #}
-			<p>
-				{{ render_submit_field(form.submit, tabindex=180) }}
-			</p>
-
-			<h3>Sign in with Github</h3>
-			<p><a class="button" href="{{ url_for('github_signin_page') }}">GitHub</a></p>
-		</form>
+		</div>
 	</div>
 
-	<div class="right">
-		<aside class="box box_grey">
-			<h2>New here?</h2>
-
-			<div class="box-body">
+	<aside class="col-sm-4">
+		<div class="card">
+			{% from "flask_user/_macros.html" import render_field, render_checkbox_field, render_submit_field %}
+			<h2 class="card-header">{%trans%}New here?{%endtrans%}</h2>
+			<div class="card-body">
 				<p>Create an account using your forum account or email.</p>
 
-				<a href="{{ url_for('user_claim_page') }}" class="button">{%trans%}Claim your account{%endtrans%}</a>
+				<a href="{{ url_for('users.claim') }}" class="btn btn-primary">{%trans%}Claim your account{%endtrans%}</a>
 			</div>
-		</aside>
-	</div>
+		</div>
+	</aside>
 </div>
 {% endblock %}

app/templates/flask_user/public_base.html

@@ -1,10 +1,10 @@
 {% extends "base.html" %}
 
 {% block container %}
-	<main>
-		<div class="box box_grey">
-			<!-- <h2>{{ self.title() }}</h2> -->
-			<div class="box-body">
+	<main class="container mt-4">
+		<div class="card">
+			<!-- <h2 class="card-header">{{ self.title() }}</h2> -->
+			<div class="card-body">
 				{% block content %}
 				{% endblock %}
 			</div>

app/templates/index.html

@@ -1,38 +1,73 @@
 {% extends "base.html" %}
 
 {% block title %}
-Welcome
+{{ _("Welcome") }}
 {% endblock %}
 
-{% block container %}
-<header>
-	<div class="container">
-		<h1>Content DB</h1>
+{% block scriptextra %}
+<script type="application/ld+json">
+{
+  "@context": "https://schema.org",
+  "@type": "WebSite",
+  "url": "https://content.minetest.net/",
+  "potentialAction": {
+    "@type": "SearchAction",
+    "target": "https://content.minetest.net/packages?q={search_term_string}",
+    "query-input": "required name=search_term_string"
+  }
+}
+</script>
+{% endblock %}
 
-		<p>
+{% block content %}
+<!-- <header class="jumbotron">
+	<div class="container">
+		<h1 class="display-3">{{ config.USER_APP_NAME }}</h1>
+
+		<p class="lead">
 			Minetest's official content repository.
 			Browse {{ count }} packages,
 			the majority of which are available under a free
 			and open source license.
 		</p>
-
-		<form method="get" action="/packages/">
-			<input type="text" name="q" value="{{ query or ''}}" />
-			<input type="submit" value="Search" />
-		</form>
 	</div>
 </header>
 
-<main>
+<main class="container"> -->
 	{% from "macros/packagegridtile.html" import render_pkggrid %}
 
-	<h2>Popular</h2>
-	{{ render_pkggrid(popular) }}
 
-	<a href="{{ url_for('packages_page') }}" class="button">Show More</a>
-
-	<h2 style="margin-top:2em;">Newly Added</h2>
+	<a href="{{ url_for('packages.list_all', sort='created_at', order='desc') }}" class="btn btn-secondary float-right">
+		{{ _("See more") }}
+	</a>
+	<h2 class="my-3">{{ _("Recently Added") }}</h2>
 	{{ render_pkggrid(new) }}
 
-</main>
+
+	<a href="{{ url_for('packages.list_all', type='mod', sort='score', order='desc') }}" class="btn btn-secondary float-right">
+		{{ _("See more") }}
+	</a>
+	<h2 class="my-3">{{ _("Top Mods") }}</h2>
+	{{ render_pkggrid(pop_mod) }}
+
+
+	<a href="{{ url_for('packages.list_all', type='game', sort='score', order='desc') }}" class="btn btn-secondary float-right">
+		{{ _("See more") }}
+	</a>
+	<h2 class="my-3">{{ _("Top Games") }}</h2>
+	{{ render_pkggrid(pop_gam) }}
+
+
+	<a href="{{ url_for('packages.list_all', type='txp', sort='score', order='desc') }}" class="btn btn-secondary float-right">
+		{{ _("See more") }}
+	</a>
+	<h2 class="my-3">{{ _("Top Texture Packs") }}</h2>
+	{{ render_pkggrid(pop_txp) }}
+
+	<div class="text-center">
+		<small>
+			{{ _("CDB has %(count)d packages, with a total of %(downloads)d downloads.", count=count, downloads=downloads) }}
+		</small>
+	</div>
+<!-- </main> -->
 {% endblock %}

app/templates/macros/forms.html

@@ -1,10 +1,10 @@
-{% macro render_field(field, label=None, label_visible=true, right_url=None, right_label=None) -%}
+{% macro render_field(field, label=None, label_visible=true, right_url=None, right_label=None, fieldclass=None) -%}
 	<div class="form-group {% if field.errors %}has-error{% endif %} {{ kwargs.pop('class_', '') }}">
 		{% if field.type != 'HiddenField' and label_visible %}
-			{% if not label %}{% set label=field.label.text %}{% endif %}
-			<label for="{{ field.id }}" class="control-label">{{ label|safe }}</label>
+			{% if not label and label != "" %}{% set label=field.label.text %}{% endif %}
+			{% if label %}<label for="{{ field.id }}">{{ label|safe }}</label>{% endif %}
 		{% endif %}
-		{{ field(class_='form-control', **kwargs) }}
+		{{ field(class_=fieldclass or 'form-control', **kwargs) }}
 		{% if field.errors %}
 			{% for e in field.errors %}
 				<p class="help-block">{{ e }}</p>
@@ -13,9 +13,8 @@
 	</div>
 {%- endmacro %}
 
-{% macro form_includes() -%}
+{% macro form_scripts() -%}
 	<link href="/static/jquery-ui.min.css" rel="stylesheet" type="text/css">
-	<script src="/static/jquery.min.js"></script>
 	<script src="/static/jquery-ui.min.js"></script>
 	<script src="/static/tagselector.js"></script>
 {% endmacro %}
@@ -58,16 +57,17 @@
 	<div class="form-group {% if field.errors %}has-error{% endif %} {{ kwargs.pop('class_', '') }}">
 		{% if field.type != 'HiddenField' and label_visible %}
 			{% if not label %}{% set label=field.label.text %}{% endif %}
-			<label for="{{ field.id }}" class="control-label">{{ label|safe }}</label>
+			<label for="{{ field.id }}">{{ label|safe }}</label>
 		{% endif %}
-		<div class="multichoice_selector bulletselector">
+		<div class="multichoice_selector bulletselector form-control">
 			<input type="text" placeholder="Start typing to see suggestions">
 			<div class="clearboth"></div>
 		</div>
+		<div class="invalid-remaining invalid-feedback"></div>
 		{{ field(class_='form-control', **kwargs) }}
 		{% if field.errors %}
 			{% for e in field.errors %}
-				<p class="help-block">{{ e }}</p>
+				<div class="invalid-feedback">{{ e }}</div>
 			{% endfor %}
 		{% endif %}
 	</div>
@@ -77,13 +77,14 @@
 	<div class="form-group {% if field.errors %}has-error{% endif %} {{ kwargs.pop('class_', '') }}">
 		{% if field.type != 'HiddenField' and label_visible %}
 			{% if not label %}{% set label=field.label.text %}{% endif %}
-			<label for="{{ field.id }}" class="control-label">{{ label|safe }}</label>
+			<label for="{{ field.id }}">{{ label|safe }}</label>
 		{% endif %}
-		<div class="metapackage_selector bulletselector">
+		<div class="metapackage_selector bulletselector form-control">
 			<input type="text" placeholder="Comma-seperated values">
 			<div class="clearboth"></div>
 		</div>
 		{{ field(class_='form-control', **kwargs) }}
+		<div class="invalid-remaining invalid-feedback"></div>
 		{% if field.errors %}
 			{% for e in field.errors %}
 				<p class="help-block">{{ e }}</p>
@@ -96,13 +97,14 @@
 	<div class="form-group {% if field.errors %}has-error{% endif %} {{ kwargs.pop('class_', '') }}">
 		{% if field.type != 'HiddenField' and label_visible %}
 			{% if not label %}{% set label=field.label.text %}{% endif %}
-			<label for="{{ field.id }}" class="control-label">{{ label|safe }}</label>
+			<label for="{{ field.id }}">{{ label|safe }}</label>
 		{% endif %}
-		<div class="deps_selector bulletselector">
+		<div class="deps_selector bulletselector form-control">
 			<input type="text" placeholder="Comma-seperated values">
 			<div class="clearboth"></div>
 		</div>
 		{{ field(class_='form-control', **kwargs) }}
+		<div class="invalid-remaining invalid-feedback"></div>
 		{% if field.errors %}
 			{% for e in field.errors %}
 				<p class="help-block">{{ e }}</p>
@@ -113,7 +115,7 @@
 
 {% macro render_checkbox_field(field, label=None) -%}
 	{% if not label %}{% set label=field.label.text %}{% endif %}
-	<div class="checkbox">
+	<div class="checkbox {{ kwargs.pop('class_', '') }}">
 		<label>
 			{{ field(type='checkbox', **kwargs) }} {{ label }}
 		</label>
@@ -122,9 +124,9 @@
 
 {% macro render_radio_field(field) -%}
 	{% for value, label, checked in field.iter_choices() %}
-		<div class="radio">
-			<label>
-				<input type="radio" name="{{ field.id }}" id="{{ field.id }}" value="{{ value }}"{% if checked %} checked{% endif %}>
+		<div class="form-check my-1">
+			<label class="form-check-label">
+				<input class="form-check-input" type="radio" name="{{ field.id }}" id="{{ field.id }}" value="{{ value }}"{% if checked %} checked{% endif %}>
 				{{ label }}
 			</label>
 		</div>
@@ -134,7 +136,7 @@
 {% macro render_submit_field(field, label=None, tabindex=None) -%}
 	{% if not label %}{% set label=field.label.text %}{% endif %}
 	{#<button type="submit" class="form-control btn btn-default btn-primary">{{label}}</button>#}
-	<input type="submit" value="{{label}}"
+	<input type="submit" value="{{label}}" class="btn btn-primary"
 		   {% if tabindex %}tabindex="{{ tabindex }}"{% endif %}
 		   >
 {%- endmacro %}

app/templates/macros/packagegridtile.html

@@ -1,18 +1,18 @@
 {% macro render_pkgtile(package, show_author) -%}
-	<li><a href="{{ package.getDetailsURL() }}"
+	<li class="packagetile flex-fill"><a href="{{ package.getDetailsURL() }}"
 		style="background-image: url({{ package.getThumbnailURL() or '/static/placeholder.png' }});">
 		<div class="packagegridscrub"></div>
 		<div class="packagegridinfo">
 			<h3>
 				{{ package.title }}
 
-				{% if show_author %}
-					by {{ package.author.display_name }}
+				{% if show_author %}<br />
+					<small>{{ package.author.display_name }}</small>
 				{% endif %}
 			</h3>
 
 			<p>
-				{{ package.shortDesc }}
+				{{ package.short_desc }}
 			</p>
 
 
@@ -34,11 +34,14 @@
 {% endmacro %}
 
 {% macro render_pkggrid(packages, show_author=True) -%}
-	<ul class="packagegrid">
+	<ul class="d-flex p-0 flex-row flex-wrap justify-content-start align-content-start ">
 		{% for p in packages %}
 			{{ render_pkgtile(p, show_author) }}
 		{% else %}
 			<li><i>No packages available</i></ul>
 		{% endfor %}
+		{% for i in range(4) %}
+			<li class="packagetile flex-fill"></li>
+		{% endfor %}
 	</ul>
 {% endmacro %}

app/templates/macros/threads.html

@@ -1,36 +1,83 @@
 {% macro render_thread(thread, current_user) -%}
-	<ul class="comments">
-		{% for r in thread.replies %}
-			<li>
-				<div class="info_strip">
+
+<ul class="comments mt-4 mb-0">
+	{% for r in thread.replies %}
+	<li class="row my-2 mx-0">
+		<div class="col-md-1 p-1">
+			<a href="{{ url_for('users.profile', username=r.author.username) }}">
+				<img class="img-responsive user-photo img-thumbnail img-thumbnail-1" src="{{ r.author.getProfilePicURL() }}">
+			</a>
+		</div>
+		<div class="col">
+			<div class="card">
+				<div class="card-header">
 					<a class="author {{ r.author.rank.name }}"
-							href="{{ url_for('user_profile_page', username=r.author.username) }}">
-						{{ r.author.display_name }}</a>
-					<span>{{ r.created_at | datetime }}</span>
-					<div class="clearboth"></div>
+							href="{{ url_for('users.profile', username=r.author.username) }}">
+						{{ r.author.display_name }}
+					</a>
+					<a name="reply-{{ r.id }}" class="text-muted float-right"
+							href="{{ url_for('threads.view', id=thread.id) }}#reply-{{ r.id }}">
+						{{ r.created_at | datetime }}
+					</a>
 				</div>
-				<div class="msg">
+
+				<div class="card-body">
 					{{ r.comment | markdown }}
 				</div>
-			</li>
-		{% endfor %}
-	</ul>
+			</div>
+		</div>
+	</li>
+	{% endfor %}
+</ul>
 
-	{% if current_user.is_authenticated %}
-		<form method="post" action="{{ url_for('thread_page', id=thread.id)}}" class="comment_form">
-			<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
-			<textarea required maxlength=500 name="comment" placeholder="Markdown supported"></textarea><br />
-			<input type="submit" value="Comment" />
-		</form>
-	{% endif %}
+{% if current_user.is_authenticated %}
+<div class="row mt-0 mb-4 comments mx-0">
+	<div class="col-md-1 p-1">
+		<img class="img-responsive user-photo img-thumbnail img-thumbnail-1" src="{{ current_user.getProfilePicURL() }}">
+	</div>
+	<div class="col">
+		<div class="card">
+			<div class="card-header {{ current_user.rank.name }}">
+				{{ current_user.display_name }}
+				<a name="reply"></a>
+			</div>
+
+			{% if current_user.canCommentRL() %}
+				<form method="post" action="{{ url_for('threads.view', id=thread.id)}}" class="card-body">
+					<input type="hidden" name="csrf_token" value="{{ csrf_token() }}" />
+					<textarea class="form-control markdown" required maxlength=500 name="comment"></textarea><br />
+					<input class="btn btn-primary" type="submit" value="Comment" />
+				</form>
+			{% else %}
+				<div class="card-body">
+					<textarea class="form-control" readonly disabled>Please wait before commenting again.</textarea><br />
+					<input class="btn btn-primary" type="submit" disabled value="Comment" />
+				</div>
+			{% endif %}
+		</div>
+	</div>
+</div>
+{% endif %}
 {% endmacro %}
 
-{% macro render_threadlist(threads) -%}
-	<ul>
+{% macro render_threadlist(threads, list_group=False) -%}
+	{% if not list_group %}<ul>{% endif %}
 		{% for t in threads %}
-			<li>{% if t.private %}&#x1f512; {% endif %}<a href="{{ url_for('thread_page', id=t.id) }}">{{ t.title }}</a> by {{ t.author.display_name }}</li>
+			<li {% if list_group %}class="list-group-item"{% endif %}>
+				{% if list_group %}
+					<a href="{{ url_for('threads.view', id=t.id) }}">
+						{% if t.private %}&#x1f512; {% endif %}
+						{{ t.title }}
+						by {{ t.author.display_name }}
+					</a>
+				{% else %}
+					{% if t.private %}&#x1f512; {% endif %}
+					<a href="{{ url_for('threads.view', id=t.id) }}">{{ t.title }}</a>
+					by {{ t.author.display_name }}
+				{% endif %}
+			</li>
 		{% else %}
-			<li><i>No threads found</i></li>
+			<li {% if list_group %}class="list-group-item"{% endif %}><i>No threads found</i></li>
 		{% endfor %}
-	</ul>
+	{% if not list_group %}</ul>{% endif %}
 {% endmacro %}