Fix API auth crash and add more error messages

app/blueprints/api/auth.py

@@ -16,6 +16,7 @@
 
 from flask import request, make_response, jsonify, abort
 from app.models import APIToken
+from .support import error
 from functools import wraps
 
 def is_api_authd(f):
@@ -29,13 +30,13 @@ def is_api_authd(f):
 		elif value[0:7].lower() == "bearer ":
 			access_token = value[7:]
 			if len(access_token) < 10:
-				abort(400)
+				error(400, "API token is too short")
 
 			token = APIToken.query.filter_by(access_token=access_token).first()
 			if token is None:
-				abort(403)
+				error(403, "Unknown API token")
 		else:
-			abort(403)
+			abort(403, "Unsupported authentication method")
 
 		return f(token=token, *args, **kwargs)
 

app/blueprints/api/endpoints.py

@@ -143,19 +143,21 @@ def markdown():
 @is_package_page
 @is_api_authd
 def create_release(token, package):
+	if not token:
+		error(401, "Authentication needed")
+
 	if not package.checkPerm(token.owner, Permission.APPROVE_RELEASE):
-		return error(403, "You do not have the permission to approve releases")
+		error(403, "You do not have the permission to approve releases")
 
 	json = request.json
 	if json is None:
-		return error(400, "JSON post data is required")
+		error(400, "JSON post data is required")
 
 	for option in ["method", "title", "ref"]:
 		if json.get(option) is None:
-			return error(400, option + " is required in the POST data")
-
+			error(400, option + " is required in the POST data")
 
 	if json["method"].lower() != "git":
-		return error(400, "Release-creation methods other than git are not supported")
+		error(400, "Release-creation methods other than git are not supported")
 
 	return handleCreateRelease(token, package, json["title"], json["ref"])

app/blueprints/api/support.py

@@ -1,12 +1,12 @@
 from app.models import PackageRelease, db, Permission
 from app.tasks.importtasks import makeVCSRelease
 from celery import uuid
-from flask import jsonify, make_response, url_for
+from flask import jsonify, abort, url_for
 import datetime
 
 
 def error(status, message):
-	return make_response(jsonify({ "success": False, "error": message }), status)
+	abort(status, jsonify({ "success": False, "error": message }))
 
 
 def handleCreateRelease(token, package, title, ref):

app/flatpages/help/api.md

@@ -9,6 +9,8 @@ Authentication is done using Bearer tokens:
 
 You can use the `/api/whoami` to check authentication.
 
+Tokens can be attained by visiting "API Tokens" on your profile page.
+
 ## Endpoints
 
 ### Misc
@@ -16,7 +18,7 @@ You can use the `/api/whoami` to check authentication.
 * GET `/api/whoami/` - Json dictionary with the following keys:
 	* `is_authenticated` - True on successful API authentication
 	* `username` - Username of the user authenticated as, null otherwise.
-	* 403 will be thrown on unsupported authentication type, invalid access token, or other errors.
+	* 4xx status codes will be thrown on unsupported authentication type, invalid access token, or other errors.
 
 ### Packages
 

app/flatpages/help/top_packages.md

@@ -1,14 +1,18 @@
 title: Top Packages Algorithm
 
-## Pseudo rolling average
+## Score
+
+A package's score is currently equal to a pseudo rolling average of downloads.
+In the future, a package will also gain score through reviews.
+
+## Pseudo rolling average of downloads
 
 Every package loses 5% of its score every day.
 
 An open source package will gain 1 score for each unique download,
 whereas a non-free package will only gain 0.1 score.
 
-A package currently only gains score through downloads.
-In the future, a package will also gain score through reviews.
+This metric aims to be roughly equivalent to the average downloads.
 
 ## Seeded using a legacy heuristic
 
@@ -32,8 +36,14 @@ As said, this legacy score is no longer used when ranking mods.
 It was only used to provide an initial score for the rolling average,
 which was 20% of the above value.
 
+## Manual adjustments
+
+The admin occasionally reduces all packages by a set percentage to speed up
+convergence. Convergence is when
+
 ## Transparency and Feedback
 
-You can see all scores using the [scores REST API](/api/scores/).
+You can see all scores using the [scores REST API](/api/scores/), or by
+using the [Prometheus metrics](/help/metrics/) endpoint.
 
 Consider [suggesting improvements](https://github.com/minetest/contentdb/issues/new?assignees=&labels=Policy&template=policy.md&title=).

app/models.py

@@ -578,13 +578,25 @@ class Package(db.Model):
 		screenshot = self.screenshots.filter_by(approved=True).order_by(db.asc(PackageScreenshot.id)).first()
 		return screenshot.getThumbnailURL(level) if screenshot is not None else None
 
-	def getMainScreenshotURL(self):
+	def getMainScreenshotURL(self, absolute=False):
 		screenshot = self.screenshots.filter_by(approved=True).order_by(db.asc(PackageScreenshot.id)).first()
-		return screenshot.url if screenshot is not None else None
+		if screenshot is None:
+			return None
 
-	def getDetailsURL(self):
-		return url_for("packages.view",
-				author=self.author.username, name=self.name)
+		if absolute:
+			from app.utils import abs_url
+			return abs_url(screenshot.url)
+		else:
+			return screenshot.url
+
+	def getDetailsURL(self, absolute=False):
+		if absolute:
+			from app.utils import abs_url_for
+			return abs_url_for("packages.view",
+					author=self.author.username, name=self.name)
+		else:
+			return url_for("packages.view",
+					author=self.author.username, name=self.name)
 
 	def getEditURL(self):
 		return url_for("packages.create_edit",
@@ -835,12 +847,11 @@ class PackageRelease(db.Model):
 				name=self.package.name,
 				id=self.id)
 
-
 	def __init__(self):
 		self.releaseDate = datetime.datetime.now()
 
 	def approve(self, user):
-		if self.package.approved and \
+		if self.package.approved or \
 				not self.package.checkPerm(user, Permission.APPROVE_RELEASE):
 			return False
 

app/querybuilder.py

@@ -1,6 +1,6 @@
 from .models import db, PackageType, Package, ForumTopic, License, MinetestRelease, PackageRelease, User, Tag
 from .models import tags as Tags
-from .utils import isNo, isYes
+from .utils import isNo, isYes, get_int_or_abort
 from sqlalchemy.sql.expression import func
 from flask import abort
 from sqlalchemy import or_
@@ -61,7 +61,7 @@ class QueryBuilder:
 		if not self.protocol_version:
 			return None
 
-		self.protocol_version = int(self.protocol_version)
+		self.protocol_version = get_int_or_abort(self.protocol_version)
 		version = MinetestRelease.query.filter(MinetestRelease.protocol>=self.protocol_version).first()
 		if version is not None:
 			return version.id
@@ -139,7 +139,6 @@ class QueryBuilder:
 			query = query.order_by(db.desc(ForumTopic.views))
 		elif self.order_by == "date":
 			query = query.order_by(db.asc(ForumTopic.created_at))
-			sort_by = "date"
 
 		if self.search:
 			query = query.filter(ForumTopic.title.ilike('%' + self.search + '%'))

app/templates/packages/view.html

@@ -6,6 +6,16 @@
 	{{ package.title }}
 {% endblock %}
 
+{% block headextra %}
+	<meta name="og:title" content="{{ package.title }}"/>
+	<meta name="og:description" content="{{ package.short_desc }}"/>
+	<meta name="description" content="{{ package.short_desc }}"/>
+	<meta name="og:url" content="{{ package.getDetailsURL(absolute=True) }}"/>
+	{% if package.getMainScreenshotURL() %}
+	<meta name="og:image" content="{{ package.getMainScreenshotURL(absolute=True) }}"/>
+	{% endif %}
+{% endblock %}
+
 {% block container %}
 	{% if not package.license.is_foss and not package.media_license.is_foss and package.type != package.type.TXP  %}
 		{% set package_warning="Non-free code and media" %}

app/utils.py

@@ -21,11 +21,15 @@ from flask_login import login_user, logout_user
 from .models import *
 from . import app
 import random, string, os, imghdr
+from urllib.parse import urljoin
 
 def abs_url_for(path, **kwargs):
 	scheme = "https" if app.config["BASE_URL"][:5] == "https" else "http"
 	return url_for(path, _external=True, _scheme=scheme, **kwargs)
 
+def abs_url(path):
+	return urljoin(app.config["BASE_URL"], path)
+
 def get_int_or_abort(v, default=None):
 	try:
 		return int(v or default)

docker-compose.yml

@@ -60,3 +60,12 @@ services:
       - 5124:5124
     depends_on:
       - redis
+
+  exporter:
+    image: ovalmoney/celery-exporter
+    env_file:
+      - config.env
+    ports:
+      - 5125:9540
+    depends_on:
+      - redis