# HG changeset patch # User Brian Neal # Date 1426557817 18000 # Node ID 90632d090bbc783aa1a8c2d3028a1d3c7391564f # Parent 4dee923a2f6d50407992995309eb318a019f59a0# Parent 2181da65c98b9fecb04cc7eff2bde6c60e2fb6e6 Merge with upstream. diff -r 2181da65c98b -r 90632d090bbc .hgignore --- a/.hgignore Mon Mar 16 20:58:40 2015 -0500 +++ b/.hgignore Mon Mar 16 21:03:37 2015 -0500 @@ -7,6 +7,7 @@ secrets.json *.db *.mp3 +.tags static_serve media/avatars/users media/badges diff -r 2181da65c98b -r 90632d090bbc core/management/commands/ssl_images.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/core/management/commands/ssl_images.py Mon Mar 16 21:03:37 2015 -0500 @@ -0,0 +1,422 @@ +""" +ssl_images is a custom manage.py command to convert forum post and comment +images to https. It does this by rewriting the markup: + - Images with src = http://surfguitar101.com/something are rewritten to be + /something. + - Non SG101 images that use http: are downloaded, resized, and uploaded to + an S3 bucket. The src attribute is replaced with the new S3 URL. +""" +import base64 +import datetime +import json +import logging +from optparse import make_option +import os +import re +import signal +import socket +import urllib +import urlparse +import uuid + +from django.core.management.base import NoArgsCommand, CommandError +from django.conf import settings +from lxml import etree +import markdown.inlinepatterns +from PIL import Image + +from comments.models import Comment +from forums.models import Post +from core.s3 import S3Bucket + + +LOGFILE = os.path.join(settings.PROJECT_PATH, 'logs', 'ssl_images.log') +logger = logging.getLogger(__name__) + +IMAGE_LINK_RE = re.compile(markdown.inlinepatterns.IMAGE_LINK_RE, + re.DOTALL | re.UNICODE) +IMAGE_REF_RE = re.compile(markdown.inlinepatterns.IMAGE_REFERENCE_RE, + re.DOTALL | re.UNICODE) + +SG101_HOSTS = set(['www.surfguitar101.com', 'surfguitar101.com']) +MODEL_CHOICES = ['comments', 'posts'] + +PHOTO_MAX_SIZE = (660, 720) +PHOTO_BASE_URL = 'https://s3.amazonaws.com/' +PHOTO_BUCKET_NAME = 'sg101.forum.photos' + +CACHE_FILENAME = 'ssl_images_cache.json' + +quit_flag = False +opener = None +bucket = None +url_cache = {} +bad_hosts = set() + + +def signal_handler(signum, frame): + """SIGINT signal handler""" + global quit_flag + quit_flag = True + + +def _setup_logging(): + logger.setLevel(logging.DEBUG) + logger.propagate = False + handler = logging.FileHandler(filename=LOGFILE, encoding='utf-8') + formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s') + handler.setFormatter(formatter) + logger.addHandler(handler) + + +class ImageURLopener(urllib.FancyURLopener): + """Our URL opener. Handles redirects as per FancyURLopener. But all other + errors and authentication requests will raise an IOError. + """ + HANDLED_ERRORS = set([302, 301, 303, 307]) + + def http_error_default(self, url, fp, errcode, errmsg, headers): + return urllib.URLopener.http_error_default(self, url, fp, errcode, + errmsg, headers) + + def http_error(self, url, fp, errcode, errmsg, headers, data=None): + """Handle http errors. + We let FancyURLopener handle the redirects, but any other error we want + to let fail. + """ + if errcode in self.HANDLED_ERRORS: + name = 'http_error_%d' % errcode + method = getattr(self, name) + if data is None: + result = method(url, fp, errcode, errmsg, headers) + else: + result = method(url, fp, errcode, errmsg, headers, data) + if result: + return result + return self.http_error_default(url, fp, errcode, errmsg, headers) + + +def download_image(parsed_url): + """Downloads the image file from the given source URL. + + If successful returns the path to the downloaded file. Otherwise None is + returned. + """ + src = parsed_url.geturl() + logger.info("Retrieving %s", src) + try: + fn, hdrs = opener.retrieve(src) + except IOError as ex: + args = ex.args if ex.args else [] + if len(args) == 4 and args[0] == 'http error': + logger.error("http error: %d - %s", args[1], args[2]) + elif len(args) == 2 and isinstance(args[1], socket.gaierror): + logger.error("gaierror, ignoring host %s", parsed_url.hostname) + bad_hosts.add(parsed_url.hostname) + else: + logger.error("%s", ex) + return None + + # Does it look like an image? + content_type = hdrs.get('content-type') + if not content_type: + logger.error("No content-type header found") + return None + + file_size = os.stat(fn).st_size + logger.info("Retrieved: %s bytes; content-type: %s", file_size, content_type) + + parts = content_type.split('/') + if len(parts) < 2 or parts[0] != 'image': + logger.error("Unknown content-type: %s", content_type) + return None + + return fn + + +def resize_image(img_path): + """Resizes the image found at img_path if necessary.""" + image = Image.open(img_path) + if image.size > PHOTO_MAX_SIZE: + logger.info('Resizing from %s to %s', image.size, PHOTO_MAX_SIZE) + image.thumbnail(PHOTO_MAX_SIZE, Image.ANTIALIAS) + image.save(img_path) + + +def gen_key(): + """Return a random key.""" + return base64.b64encode(uuid.uuid4().bytes, '-_').rstrip('=') + + +def upload_image(img_path): + """Upload image file located at img_path to our S3 bucket. + + Returns the URL of the image in the bucket or None if an error occurs. + """ + logger.info("upload_image starting") + # Make a unique name for the image in the bucket + ext = os.path.splitext(img_path)[1] + file_key = gen_key() + ext + try: + return bucket.upload_from_filename(file_key, img_path, public=True) + except IOError as ex: + logger.error("Error uploading file: %s", ex) + return None + + +def convert_to_ssl(parsed_url): + """Top-level function for moving an image to SSL.""" + + src = parsed_url.geturl() + + if parsed_url.hostname in bad_hosts: + logger.info("Host known to be bad, skipping: %s", src) + return None + + # Check the cache + try: + new_url = url_cache[src] + except KeyError: + # cache miss, try to get the file + new_url = save_image_to_cloud(parsed_url) + url_cache[src] = new_url + else: + if new_url: + logger.info("Found URL in cache: %s => %s", src, new_url) + else: + logger.info("URL known to be bad, skipping: %s", src) + + return new_url + + +def save_image_to_cloud(parsed_url): + """Downloads an image at a given source URL. Uploads it to cloud storage. + + Returns the new URL or None if unsuccessful. + """ + fn = download_image(parsed_url) + if fn: + resize_image(fn) + return upload_image(fn) + return None + + +def replace_image_markup(match): + src_parts = match.group(8).split() + if src_parts: + src = src_parts[0] + if src[0] == "<" and src[-1] == ">": + src = src[1:-1] + else: + src = '' + + title = '' + if len(src_parts) > 1: + title = " ".join(src_parts[1:]) + alt = match.group(1) + + new_src = None + if src: + r = urlparse.urlparse(src) + if r.hostname in SG101_HOSTS: + new_src = r.path # convert to relative path + elif r.scheme == 'http': + # Try a few things to get this on ssl: + new_src = convert_to_ssl(r) + elif r.scheme == 'https': + new_src = src # already https, accept it as-is + + if new_src: + if title: + s = u'![{alt}]({src} {title})'.format(alt=alt, src=new_src, title=title) + else: + s = u'![{alt}]({src})'.format(alt=alt, src=new_src) + else: + # something's messed up, convert to a link using original src + s = u'[{alt}]({src})'.format(alt=alt, src=src) + + return s + + +def warn_if_image_refs(text, model_name, pk): + """Search text for Markdown image reference markup. + + We aren't expecting these, but we will log something if we see any. + """ + if IMAGE_REF_RE.search(text): + logger.warning("Image reference found in %s pk = #%d", model_name, pk) + + +def process_post(text): + """Process the post object: + + A regex substitution is run on the post's text field. This fixes up image + links, getting rid of plain old http sources; either converting to https + or relative style links (if the link is to SG101). + + """ + return IMAGE_LINK_RE.sub(replace_image_markup, text) + + +def html_check(html): + """Return True if the given HTML fragment has tags with src attributes + that use http, and False otherwise. + """ + if not html: + return False + + root = etree.HTML(html) + for img in root.iter('img'): + src = img.get('src') + if src and src.lower().startswith('http:'): + return True + return False + + +class Command(NoArgsCommand): + help = "Rewrite forum posts and comments to not use http for images" + option_list = NoArgsCommand.option_list + ( + make_option('-m', '--model', + choices=MODEL_CHOICES, + help="which model to update; must be one of {{{}}}".format( + ', '.join(MODEL_CHOICES))), + make_option('-i', '--i', + type='int', + help="optional first slice index; the i in [i:j]"), + make_option('-j', '--j', + type='int', + help="optional second slice index; the j in [i:j]"), + make_option('-t', '--timeout', + type='int', + help="optional socket timeout (secs)"), + ) + + def handle_noargs(self, **options): + time_started = datetime.datetime.now() + _setup_logging() + logger.info("Starting; arguments received: %s", options) + + if options['model'] not in MODEL_CHOICES: + raise CommandError('Please choose a --model option') + + if options['model'] == 'comments': + qs = Comment.objects.all() + text_attr = 'comment' + model_name = 'Comment' + else: + qs = Post.objects.all() + text_attr = 'body' + model_name = 'Post' + + i, j = options['i'], options['j'] + + if i is not None and i < 0: + raise CommandError("-i must be >= 0") + if j is not None and j < 0: + raise CommandError("-j must be >= 0") + if j is not None and i is not None and j <= i: + raise CommandError("-j must be > -i") + + if i is not None and j is not None: + qs = qs[i:j] + elif i is not None and j is None: + qs = qs[i:] + elif i is None and j is not None: + qs = qs[:j] + + # Set global socket timeout + timeout = options.get('timeout', 30) + logger.info("Setting socket timeout to %d", timeout) + socket.setdefaulttimeout(timeout) + + # Install signal handler for ctrl-c + signal.signal(signal.SIGINT, signal_handler) + + # Create URL opener to download photos + global opener + opener = ImageURLopener() + + # Create bucket to upload photos + global bucket + bucket = S3Bucket(access_key=settings.USER_PHOTOS_ACCESS_KEY, + secret_key=settings.USER_PHOTOS_SECRET_KEY, + base_url=PHOTO_BASE_URL, + bucket_name=PHOTO_BUCKET_NAME) + + # Load cached info from previous runs + load_cache() + + if i is None: + i = 0 + + count = 0 + for n, model in enumerate(qs.iterator()): + if quit_flag: + logger.warning("SIGINT received, exiting") + break + logger.info("Processing %s #%d (pk = %d)", model_name, n + i, model.pk) + txt = getattr(model, text_attr) + warn_if_image_refs(txt, model_name, model.pk) + new_txt = process_post(txt) + if txt != new_txt: + logger.info("Content changed on %s #%d (pk = %d)", + model_name, n + i, model.pk) + logger.debug("original: %s", txt) + logger.debug("changed: %s", new_txt) + setattr(model, text_attr, new_txt) + model.save() + elif html_check(model.html): + # Check for content generated with older smiley code that used + # absolute URLs for the smiley images. If True, then just save + # the model again to force updated HTML to be created. + logger.info("Older Smiley HTML detected, forcing a save") + model.save() + count += 1 + + time_finished = datetime.datetime.now() + elapsed = time_finished - time_started + logger.info("ssl_images exiting; number of objects: %d; elapsed: %s", + count, elapsed) + + http_images = len(url_cache) + https_images = sum(1 for v in url_cache.itervalues() if v) + bad_images = http_images - https_images + if http_images > 0: + pct_saved = float(https_images) / http_images * 100.0 + else: + pct_saved = 0.0 + + logger.info("Summary: http: %d; https: %d; lost: %d; saved: %3.1f %%", + http_images, https_images, bad_images, pct_saved) + + save_cache() + logger.info("ssl_images done") + + +def load_cache(): + """Load cache from previous runs.""" + logger.info("Loading cached information") + try: + with open(CACHE_FILENAME, 'r') as fp: + d = json.load(fp) + except IOError as ex: + logger.error("Cache file (%s) IOError: %s", CACHE_FILENAME, ex) + return + except ValueError: + logger.error("Mangled cache file: %s", CACHE_FILENAME) + return + + global bad_hosts, url_cache + try: + bad_hosts = set(d['bad_hosts']) + url_cache = d['url_cache'] + except KeyError: + logger.error("Malformed cache file: %s", CACHE_FILENAME) + + +def save_cache(): + """Save our cache to a file for future runs.""" + logger.info("Saving cached information") + d = {'bad_hosts': list(bad_hosts), 'url_cache': url_cache} + with open(CACHE_FILENAME, 'w') as fp: + json.dump(d, fp, indent=4) diff -r 2181da65c98b -r 90632d090bbc core/mdexts/ssl_images.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/core/mdexts/ssl_images.py Mon Mar 16 21:03:37 2015 -0500 @@ -0,0 +1,28 @@ +""" +A python-markdown extension to turn tags with http: source attributes into + tags. +""" +from urlparse import urlparse + +import markdown + + +class SslImagesTreeprocessor(markdown.treeprocessors.Treeprocessor): + + def run(self, root): + for node in root.iter('img'): + src = node.get('src') + if src: + url = urlparse(src) + if url.scheme == 'http': + node.clear() + node.tag = 'a' + node.text = 'Click for image' + node.set('href', url.geturl()) + + +class SslImagesExtension(markdown.Extension): + + def extendMarkdown(self, md, md_globals): + tree_proc = SslImagesTreeprocessor() + md.treeprocessors.add('ssl_images', tree_proc, '>inline') diff -r 2181da65c98b -r 90632d090bbc core/tests/test_mdexts.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/core/tests/test_mdexts.py Mon Mar 16 21:03:37 2015 -0500 @@ -0,0 +1,27 @@ +"""Testing our custom Markdown extensions.""" + +import unittest + +import markdown + +from core.mdexts.ssl_images import SslImagesExtension + + +class SslImagesExtTestCase(unittest.TestCase): + """Tests for the SslImagesExtension.""" + + def setUp(self): + self.md = markdown.Markdown(extensions=[SslImagesExtension()]) + + def test_simple(self): + self.assertEqual(self.md.convert(''), '') + self.assertEqual(self.md.convert('1'), '

1

') + + def test_no_change(self): + self.assertEqual(self.md.convert('![image](https://example.com/1.jpg)'), + u'

image

') + + def test_change(self): + text = u'![image](http://example.com/1.jpg)' + html = u'

Click for image

' + self.assertEqual(self.md.convert(text), html) diff -r 2181da65c98b -r 90632d090bbc core/tests/test_ssl_images.py --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/core/tests/test_ssl_images.py Mon Mar 16 21:03:37 2015 -0500 @@ -0,0 +1,316 @@ +"""Unit tests for the ssl_images management command.""" +import re +import unittest +from urlparse import urlparse + +import mock + +from core.management.commands.ssl_images import html_check +from core.management.commands.ssl_images import process_post +import core.management.commands.ssl_images + + +class ProcessPostTestCase(unittest.TestCase): + + SG101_RE = re.compile(r'http://(?:www\.)?surfguitar101.com/', re.I) + + def tearDown(self): + core.management.commands.ssl_images.url_cache = {} + + def test_empty_string(self): + s = process_post('') + self.assertEqual(s, '') + + def test_no_matches(self): + test_str = """Here is a post that doesn't contain any image links at + all. It also spans lines. + """ + result = process_post(test_str) + self.assertEqual(test_str, result) + + def test_sg101_images(self): + test_str = """An image: ![image](http://www.surfguitar101.com/img.jpg) + And another: ![pic](HTTP://SURFGUITAR101.COM/foo/bar/img.png). + More stuff here.""" + expected = self.SG101_RE.sub('/', test_str) + result = process_post(test_str) + self.assertNotEqual(test_str, expected) + self.assertEqual(expected, result) + + def test_sg101_with_newlines(self): + test_str = """An image: ![image]( +http://surfguitar101.com/media/zzz.jpg +) + with trailing text.""" + expected = """An image: ![image](/media/zzz.jpg) + with trailing text.""" + result = process_post(test_str) + self.assertNotEqual(test_str, expected) + self.assertEqual(expected, result) + + def test_https_already(self): + test_str = """An image that is already using https: + ![flyer](https://example.com/zzz.png) + It's cool. + """ + result = process_post(test_str) + self.assertEqual(test_str, result) + + def test_https_sg101(self): + test_str = """An image that is already using https: + ![flyer](https://www.SURFGUITAR101.com/zzz.png) + It's cool. + """ + expected = """An image that is already using https: + ![flyer](/zzz.png) + It's cool. + """ + result = process_post(test_str) + self.assertEqual(expected, result) + + def test_multiple_non_http(self): + test_str = """An image: ![image](http://www.surfguitar101.com/img.jpg) + And another: ![pic](HTTPS://example.com/foo/bar/img.png). + More stuff here.""" + expected = """An image: ![image](/img.jpg) + And another: ![pic](HTTPS://example.com/foo/bar/img.png). + More stuff here.""" + result = process_post(test_str) + self.assertEqual(expected, result) + + def test_https_already_with_title(self): + test_str = """An image that is already using https: + ![flyer](https://example.com/zzz.png "the title") + It's cool. + """ + result = process_post(test_str) + self.assertEqual(test_str, result) + + def test_sg101_with_title(self): + test_str = """An image on SG101: + ![flyer](http://surfguitar101.com/zzz.png "the title") + It's cool. + """ + expected = """An image on SG101: + ![flyer](/zzz.png "the title") + It's cool. + """ + result = process_post(test_str) + self.assertEqual(expected, result) + + def test_https_sg101_brackets(self): + test_str = """An image that is already using https: + ![flyer]() + It's cool. + """ + expected = """An image that is already using https: + ![flyer](/zzz.png) + It's cool. + """ + result = process_post(test_str) + self.assertEqual(expected, result) + + def test_https_already_brackets(self): + test_str = """An image that is already using https: + ![flyer]() + It's cool. + """ + expected = """An image that is already using https: + ![flyer](https://example.com/zzz.png) + It's cool. + """ + result = process_post(test_str) + self.assertEqual(expected, result) + + @mock.patch('core.management.commands.ssl_images.save_image_to_cloud') + @mock.patch('core.management.commands.ssl_images.check_https_availability', + new=lambda r: None) + def test_simple_replacement(self, upload_mock): + old_src = 'http://example.com/images/my_image.jpg' + new_src = 'https://cloud.com/ABCDEF.jpg' + test_str = """Here is a really cool http: based image: + ![flyer]({}) + Cool, right?""".format(old_src) + expected = """Here is a really cool http: based image: + ![flyer]({}) + Cool, right?""".format(new_src) + + upload_mock.return_value = new_src + result = process_post(test_str) + self.assertEqual(expected, result) + upload_mock.assert_called_once_with(old_src) + + @mock.patch('core.management.commands.ssl_images.save_image_to_cloud') + @mock.patch('core.management.commands.ssl_images.check_https_availability', + new=lambda r: None) + def test_multiple_replacement(self, upload_mock): + old_src = [ + 'http://example.com/images/my_image.jpg', + 'http://example.com/static/wow.gif', + 'http://example.com/media/a/b/c/pic.png', + ] + new_src = [ + 'https://cloud.com/some/path/012345.jpg', + 'https://cloud.com/some/path/6789AB.gif', + 'https://cloud.com/some/path/CDEF01.png', + ] + + template = """Here is a really cool http: based image: + ![flyer]({}) + Cool, right? + Another one: ![pic]({}) + And finally + ![an image]({}) + """ + + test_str = template.format(*old_src) + expected = template.format(*new_src) + + upload_mock.side_effect = new_src + result = process_post(test_str) + self.assertEqual(expected, result) + expected_args = [mock.call(c) for c in old_src] + self.assertEqual(upload_mock.call_args_list, expected_args) + + @mock.patch('core.management.commands.ssl_images.save_image_to_cloud') + @mock.patch('core.management.commands.ssl_images.check_https_availability', + new=lambda r: None) + def test_multiple_replacement_2(self, upload_mock): + old_src = [ + 'http://example.com/images/my_image.jpg', + 'https://example.com/static/wow.gif', + 'http://www.surfguitar101.com/media/a/b/c/pic.png', + 'http://surfguitar101.com/media/a/b/c/pic2.png', + ] + new_src = [ + 'https://cloud.com/some/path/012345.jpg', + 'https://example.com/static/wow.gif', + '/media/a/b/c/pic.png', + '/media/a/b/c/pic2.png', + ] + + template = """Here is a really cool http: based image: + ![flyer]({}) + Cool, right? + Another two: ![pic]({}) ![photo]({}) + And finally + ![an image]({}). + """ + + test_str = template.format(*old_src) + expected = template.format(*new_src) + + upload_mock.side_effect = new_src + result = process_post(test_str) + self.assertEqual(expected, result) + upload_mock.assert_called_once_with(old_src[0]) + + @mock.patch('core.management.commands.ssl_images.save_image_to_cloud') + @mock.patch('core.management.commands.ssl_images.check_https_availability', + new=lambda r: None) + def test_caching(self, upload_mock): + old_src = [ + 'http://example.com/images/my_image.jpg', + 'http://example.com/static/wow.gif', + 'http://example.com/images/my_image.jpg', + ] + new_src = [ + 'https://cloud.com/some/path/012345.jpg', + 'https://cloud.com/some/path/6789AB.gif', + 'https://cloud.com/some/path/012345.jpg', + ] + + template = """Here is a really cool http: based image: + ![flyer]({}) + Cool, right? + Another one: ![pic]({}) + And finally + ![an image]({}) + """ + + test_str = template.format(*old_src) + expected = template.format(*new_src) + + upload_mock.side_effect = new_src + result = process_post(test_str) + self.assertEqual(expected, result) + expected_args = [mock.call(c) for c in old_src[:2]] + self.assertEqual(upload_mock.call_args_list, expected_args) + + @mock.patch('core.management.commands.ssl_images.check_https_availability') + def test_https_availability(self, check_https_mock): + old_src = [ + 'http://example.com/images/my_image.jpg', + 'http://example.com/static/wow.gif', + 'http://example.com/images/another_image.jpg', + ] + new_src = [ + 'https://example.com/images/my_image.jpg', + 'https://example.com/static/wow.gif', + 'https://example.com/images/another_image.jpg', + ] + + template = """Here is a really cool http: based image: + ![flyer]({}) + Cool, right? + Another one: ![pic]({}) + And finally + ![an image]({}) + """ + + test_str = template.format(*old_src) + expected = template.format(*new_src) + + check_https_mock.side_effect = new_src + result = process_post(test_str) + self.assertEqual(expected, result) + expected_args = [mock.call(urlparse(c)) for c in old_src] + self.assertEqual(check_https_mock.call_args_list, expected_args) + + +class HtmlCheckTestCase(unittest.TestCase): + + def test_empty(self): + self.assertFalse(html_check('')) + + def test_no_images(self): + self.assertFalse(html_check('

Hi there!

')) + self.assertFalse(html_check('

Hi there!

')) + + def test_safe_image(self): + self.assertFalse(html_check('')) + self.assertFalse(html_check('stuff')) + self.assertFalse(html_check('')) + self.assertFalse(html_check(""" +
+

Look: a

+

Look again: b

+
+ """)) + + def test_one_image(self): + self.assertTrue(html_check('a')) + self.assertTrue(html_check( + '

Look: a

')) + + def test_two_images(self): + self.assertTrue(html_check(""" +

Look: a

+

Look again: b

+ """)) + self.assertTrue(html_check(""" +

Look: a

+

Look again: b

+ """)) + self.assertTrue(html_check(""" +
+

Look: a

+

Look again: b

+
+ """)) + self.assertTrue(html_check(""" +
+

Look: a

+

Look again: b

+
+ """))