Compare commits
8 Commits
v26.05.27.1
...
ext-1.0.5
| Author | SHA1 | Date | |
|---|---|---|---|
| 9075d8eadd | |||
| df6d89cb59 | |||
| 12be188ada | |||
| 6d7116c090 | |||
| b447c42853 | |||
| abafc3265e | |||
| 2394e47370 | |||
| 8243740a04 |
@@ -97,11 +97,19 @@ async def images_bulk_delete():
|
||||
)
|
||||
)
|
||||
|
||||
if dry_run:
|
||||
return jsonify(projected)
|
||||
|
||||
sha8 = _bulk_image_confirm_token(image_ids)
|
||||
expected = f"delete-images-{sha8}"
|
||||
|
||||
if dry_run:
|
||||
# Hand the canonical Tier-C confirm token back with the
|
||||
# projection so the frontend doesn't have to recompute SHA-256
|
||||
# client-side via crypto.subtle (Secure-Context-gated,
|
||||
# undefined on plain-HTTP origins per the homelab posture).
|
||||
# Operator-flagged 2026-05-27.
|
||||
projected["confirm_token"] = expected
|
||||
return jsonify(projected)
|
||||
|
||||
|
||||
if supplied_confirm != expected:
|
||||
return _bad(
|
||||
"confirm_mismatch",
|
||||
|
||||
@@ -81,6 +81,13 @@ async def min_dim_preview():
|
||||
s, min_width=min_w, min_height=min_h,
|
||||
)
|
||||
)
|
||||
# Hand the canonical Tier-C delete token back with the preview so
|
||||
# the frontend doesn't have to recompute SHA-256 client-side.
|
||||
# window.crypto.subtle is Secure-Context-gated and undefined on
|
||||
# plain-HTTP origins (homelab posture); without this the Delete
|
||||
# button silently swallowed the TypeError and never opened the
|
||||
# confirm modal. Operator-flagged 2026-05-27.
|
||||
projection["confirm_token"] = _min_dim_token(min_w, min_h)
|
||||
return jsonify(projection)
|
||||
|
||||
|
||||
|
||||
@@ -148,6 +148,7 @@ class CredentialService:
|
||||
return None
|
||||
plaintext = self.crypto.decrypt(row.encrypted_blob)
|
||||
netscape = _to_netscape(plaintext)
|
||||
netscape = _augment_cookies(platform, netscape)
|
||||
self.cookies_dir.mkdir(parents=True, exist_ok=True)
|
||||
out = self.cookies_dir / f"{platform}_cookies.txt"
|
||||
out.write_text(netscape)
|
||||
@@ -163,6 +164,19 @@ class CredentialService:
|
||||
return self.crypto.decrypt(row.encrypted_blob)
|
||||
|
||||
|
||||
def _augment_cookies(platform: str, netscape: str) -> str:
|
||||
"""Delegate to the platform's `augment_cookies` hook if one is
|
||||
registered (subscribestar, hentaifoundry, etc. — see
|
||||
`services/platforms/<name>.py`). No-op when the platform doesn't
|
||||
register a hook (Patreon, DeviantArt). Centralizing the
|
||||
quirks-per-platform in the platforms package means adding a new
|
||||
platform's cookie quirks doesn't require touching this file."""
|
||||
info = PLATFORMS.get(platform)
|
||||
if info is None or info.augment_cookies is None:
|
||||
return netscape
|
||||
return info.augment_cookies(netscape)
|
||||
|
||||
|
||||
def _to_netscape(plaintext: str) -> str:
|
||||
"""Accept either Netscape-format text (the extension's output) or a
|
||||
JSON array of cookie dicts (a manual-paste edge case); produce
|
||||
|
||||
@@ -1,140 +0,0 @@
|
||||
"""FC-3b platforms registry — the single source of truth for what
|
||||
FabledCurator supports.
|
||||
|
||||
Lifted from GallerySubscriber's
|
||||
~/Nextcloud/Projects/GallerySubscriber/backend/app/api/platforms.py
|
||||
and ~/.../extension/lib/platforms.js. Six platforms; auth_type and
|
||||
URL patterns match GS exactly so the existing browser extension
|
||||
hits FC unmodified.
|
||||
"""
|
||||
|
||||
from dataclasses import dataclass
|
||||
from typing import Literal
|
||||
|
||||
|
||||
@dataclass(frozen=True)
|
||||
class PlatformInfo:
|
||||
key: str
|
||||
name: str
|
||||
description: str
|
||||
auth_type: Literal["cookies", "token"]
|
||||
requires_auth: bool
|
||||
url_pattern: str
|
||||
url_examples: list[str]
|
||||
default_config: dict
|
||||
notes: str | None = None
|
||||
|
||||
|
||||
# Common defaults used across most platforms; embedded per-platform
|
||||
# below so per-platform overrides remain explicit.
|
||||
_DEFAULTS = {
|
||||
"sleep": 3.0,
|
||||
"sleep_request": 1.5,
|
||||
"skip_existing": True,
|
||||
"save_metadata": True,
|
||||
"timeout": 3600,
|
||||
}
|
||||
|
||||
|
||||
PLATFORMS: dict[str, PlatformInfo] = {
|
||||
"patreon": PlatformInfo(
|
||||
key="patreon",
|
||||
name="Patreon",
|
||||
description="Download posts from Patreon creators",
|
||||
auth_type="cookies",
|
||||
requires_auth=True,
|
||||
url_pattern=r"^https?://(www\.)?patreon\.com/",
|
||||
url_examples=[
|
||||
"https://www.patreon.com/example_artist",
|
||||
"https://www.patreon.com/user?u=12345678",
|
||||
],
|
||||
default_config={**_DEFAULTS, "content_types": ["images", "attachments"]},
|
||||
),
|
||||
"subscribestar": PlatformInfo(
|
||||
key="subscribestar",
|
||||
name="SubscribeStar",
|
||||
description="Download posts from SubscribeStar creators",
|
||||
auth_type="cookies",
|
||||
requires_auth=True,
|
||||
url_pattern=r"^https?://(www\.)?subscribestar\.(com|adult)/",
|
||||
url_examples=[
|
||||
"https://subscribestar.adult/example_artist",
|
||||
"https://www.subscribestar.com/example_artist",
|
||||
],
|
||||
default_config={**_DEFAULTS, "content_types": ["all"]},
|
||||
),
|
||||
"hentaifoundry": PlatformInfo(
|
||||
key="hentaifoundry",
|
||||
name="Hentai Foundry",
|
||||
description="Download artwork from Hentai Foundry artists",
|
||||
auth_type="cookies",
|
||||
requires_auth=False,
|
||||
url_pattern=r"^https?://(www\.)?hentai-foundry\.com/",
|
||||
url_examples=[
|
||||
"https://www.hentai-foundry.com/user/example_artist",
|
||||
"https://www.hentai-foundry.com/pictures/user/example_artist",
|
||||
],
|
||||
default_config={**_DEFAULTS, "content_types": ["pictures"]},
|
||||
),
|
||||
"discord": PlatformInfo(
|
||||
key="discord",
|
||||
name="Discord",
|
||||
description="Download attachments from Discord channels",
|
||||
auth_type="token",
|
||||
requires_auth=True,
|
||||
url_pattern=r"^https?://(www\.)?discord\.com/channels/",
|
||||
url_examples=["https://discord.com/channels/123456789/987654321"],
|
||||
default_config={**_DEFAULTS, "content_types": ["all"]},
|
||||
notes="Requires Discord user token (not bot token).",
|
||||
),
|
||||
"pixiv": PlatformInfo(
|
||||
key="pixiv",
|
||||
name="Pixiv",
|
||||
description="Download artwork from Pixiv artists",
|
||||
auth_type="token",
|
||||
requires_auth=True,
|
||||
url_pattern=r"^https?://(www\.)?pixiv\.net/",
|
||||
url_examples=[
|
||||
"https://www.pixiv.net/users/12345678",
|
||||
"https://www.pixiv.net/en/users/12345678",
|
||||
],
|
||||
default_config={**_DEFAULTS, "content_types": ["all"]},
|
||||
notes="Requires OAuth refresh token. Run `gallery-dl oauth:pixiv` to obtain one.",
|
||||
),
|
||||
"deviantart": PlatformInfo(
|
||||
key="deviantart",
|
||||
name="DeviantArt",
|
||||
description="Download artwork from DeviantArt artists",
|
||||
auth_type="cookies",
|
||||
requires_auth=False,
|
||||
url_pattern=r"^https?://(www\.)?deviantart\.com/",
|
||||
url_examples=[
|
||||
"https://www.deviantart.com/example-artist",
|
||||
"https://www.deviantart.com/example-artist/gallery",
|
||||
],
|
||||
default_config={**_DEFAULTS, "content_types": ["gallery"]},
|
||||
),
|
||||
}
|
||||
|
||||
|
||||
def known_platform_keys() -> frozenset[str]:
|
||||
return frozenset(PLATFORMS.keys())
|
||||
|
||||
|
||||
def auth_type_for(platform: str) -> str | None:
|
||||
info = PLATFORMS.get(platform)
|
||||
return info.auth_type if info else None
|
||||
|
||||
|
||||
def to_dict(info: PlatformInfo) -> dict:
|
||||
return {
|
||||
"key": info.key,
|
||||
"name": info.name,
|
||||
"description": info.description,
|
||||
"auth_type": info.auth_type,
|
||||
"requires_auth": info.requires_auth,
|
||||
"url_pattern": info.url_pattern,
|
||||
"url_examples": info.url_examples,
|
||||
"default_config": info.default_config,
|
||||
"notes": info.notes,
|
||||
}
|
||||
@@ -0,0 +1,95 @@
|
||||
"""FC-3b platforms registry — single source of truth for what
|
||||
FabledCurator supports + where each platform's quirks live.
|
||||
|
||||
Adding a new platform: drop a new module `<platform>.py` next to this
|
||||
one, declare an `INFO = PlatformInfo(...)`, add the import + entry in
|
||||
PLATFORMS below. Sidecar parsing, cookie materialization, and
|
||||
`/api/platforms` pick it up automatically.
|
||||
|
||||
Lifted from GallerySubscriber's
|
||||
~/Nextcloud/Projects/GallerySubscriber/backend/app/api/platforms.py
|
||||
and ~/.../extension/lib/platforms.js. Six platforms; auth_type and
|
||||
URL patterns match GS exactly so the existing browser extension
|
||||
hits FC unmodified.
|
||||
"""
|
||||
|
||||
from .base import (
|
||||
DEFAULT_DESCRIPTION_KEYS,
|
||||
DEFAULT_EXTERNAL_POST_ID_KEYS,
|
||||
PlatformInfo,
|
||||
)
|
||||
from .deviantart import INFO as _DEVIANTART
|
||||
from .discord import INFO as _DISCORD
|
||||
from .hentaifoundry import INFO as _HENTAIFOUNDRY
|
||||
from .patreon import INFO as _PATREON
|
||||
from .pixiv import INFO as _PIXIV
|
||||
from .subscribestar import INFO as _SUBSCRIBESTAR
|
||||
|
||||
PLATFORMS: dict[str, PlatformInfo] = {
|
||||
info.key: info
|
||||
for info in (
|
||||
_PATREON,
|
||||
_SUBSCRIBESTAR,
|
||||
_HENTAIFOUNDRY,
|
||||
_DISCORD,
|
||||
_PIXIV,
|
||||
_DEVIANTART,
|
||||
)
|
||||
}
|
||||
|
||||
|
||||
def known_platform_keys() -> frozenset[str]:
|
||||
return frozenset(PLATFORMS.keys())
|
||||
|
||||
|
||||
def auth_type_for(platform: str) -> str | None:
|
||||
info = PLATFORMS.get(platform)
|
||||
return info.auth_type if info else None
|
||||
|
||||
|
||||
def to_dict(info: PlatformInfo) -> dict:
|
||||
"""Serialize a PlatformInfo to a JSON-safe dict for /api/platforms.
|
||||
|
||||
Behavioral fields (callables, sidecar-chain overrides) are
|
||||
intentionally omitted — they aren't useful to API consumers.
|
||||
"""
|
||||
return {
|
||||
"key": info.key,
|
||||
"name": info.name,
|
||||
"description": info.description,
|
||||
"auth_type": info.auth_type,
|
||||
"requires_auth": info.requires_auth,
|
||||
"url_pattern": info.url_pattern,
|
||||
"url_examples": info.url_examples,
|
||||
"default_config": info.default_config,
|
||||
"notes": info.notes,
|
||||
}
|
||||
|
||||
|
||||
def external_post_id_keys_for(platform: str | None) -> tuple[str, ...]:
|
||||
"""Resolve the external_post_id lookup chain for a given platform,
|
||||
falling back to the module default when the platform isn't
|
||||
registered or hasn't overridden the chain."""
|
||||
info = PLATFORMS.get(platform) if platform else None
|
||||
if info is not None and info.external_post_id_keys is not None:
|
||||
return info.external_post_id_keys
|
||||
return DEFAULT_EXTERNAL_POST_ID_KEYS
|
||||
|
||||
|
||||
def description_keys_for(platform: str | None) -> tuple[str, ...]:
|
||||
"""Resolve the description body lookup chain for a given platform."""
|
||||
info = PLATFORMS.get(platform) if platform else None
|
||||
if info is not None and info.description_keys is not None:
|
||||
return info.description_keys
|
||||
return DEFAULT_DESCRIPTION_KEYS
|
||||
|
||||
|
||||
__all__ = [
|
||||
"PLATFORMS",
|
||||
"PlatformInfo",
|
||||
"auth_type_for",
|
||||
"description_keys_for",
|
||||
"external_post_id_keys_for",
|
||||
"known_platform_keys",
|
||||
"to_dict",
|
||||
]
|
||||
@@ -0,0 +1,105 @@
|
||||
"""PlatformInfo dataclass + shared defaults + small helpers.
|
||||
|
||||
Per-platform modules import from here, register their PlatformInfo via
|
||||
INFO, optionally attaching `derive_post_url` and/or `augment_cookies`
|
||||
callables for behavior that diverges from gallery-dl's mainline shape
|
||||
(Patreon).
|
||||
|
||||
Adding a new platform: drop a new module under `services/platforms/`,
|
||||
declare an INFO, and add it to the import list in
|
||||
`services/platforms/__init__.py`. Sidecar parsing, cookie
|
||||
materialization, and the /api/platforms response pick it up
|
||||
automatically.
|
||||
"""
|
||||
|
||||
from collections.abc import Callable
|
||||
from dataclasses import dataclass
|
||||
from typing import Literal
|
||||
|
||||
# Sidecar parsing defaults. Per-platform PlatformInfo entries can
|
||||
# override these by setting `external_post_id_keys=` /
|
||||
# `description_keys=`. Most don't need to — the defaults already cover
|
||||
# every platform FC supports.
|
||||
#
|
||||
# external_post_id chain: `post_id` MUST come before `id` because
|
||||
# SubscribeStar gallery-dl puts the per-attachment id in `id` and the
|
||||
# actual post id in `post_id`; picking `id` first fragments
|
||||
# multi-image SubscribeStar posts into N Post rows. Patreon/Pixiv have
|
||||
# no `post_id` so `id` still wins for them; HF uses `index`, Discord
|
||||
# uses `message_id` — all reached via the remaining chain entries.
|
||||
# (Banked 2026-05-27 during the sidecar audit.)
|
||||
DEFAULT_EXTERNAL_POST_ID_KEYS: tuple[str, ...] = (
|
||||
"post_id", "id", "index", "message_id",
|
||||
)
|
||||
|
||||
# Description body chain: Discord's gallery-dl extractor uses `message`
|
||||
# (no `content`); appended to the chain so Discord posts surface body
|
||||
# text.
|
||||
DEFAULT_DESCRIPTION_KEYS: tuple[str, ...] = (
|
||||
"content", "description", "caption", "message",
|
||||
)
|
||||
|
||||
|
||||
@dataclass(frozen=True)
|
||||
class PlatformInfo:
|
||||
# --- Identity / metadata ---
|
||||
key: str
|
||||
name: str
|
||||
description: str
|
||||
auth_type: Literal["cookies", "token"]
|
||||
requires_auth: bool
|
||||
url_pattern: str
|
||||
url_examples: list[str]
|
||||
default_config: dict
|
||||
notes: str | None = None
|
||||
|
||||
# --- Sidecar parsing overrides ---
|
||||
# Each is None to mean "use the module default above"; a platform
|
||||
# only sets one of these when its sidecar shape genuinely differs.
|
||||
external_post_id_keys: tuple[str, ...] | None = None
|
||||
description_keys: tuple[str, ...] | None = None
|
||||
|
||||
# --- Behavioral hooks ---
|
||||
# Synthesize a post permalink from sidecar data. Required when
|
||||
# gallery-dl's `url` field is the file/CDN URL rather than the post
|
||||
# permalink (subscribestar/pixiv/hf/discord). None = trust the bare
|
||||
# `url` field (patreon, deviantart).
|
||||
derive_post_url: Callable[[dict], str | None] | None = None
|
||||
|
||||
# Post-process the materialized cookies.txt for gallery-dl. Used by
|
||||
# platforms whose server gates or extractor quirks need synthetic
|
||||
# cookies the extension can't capture (subscribestar age cookie, HF
|
||||
# host-only PHPSESSID duplicate). None = no-op.
|
||||
augment_cookies: Callable[[str], str] | None = None
|
||||
|
||||
|
||||
def str_id_value(v) -> str | None:
|
||||
"""Coerce a JSON scalar id into a non-empty string, rejecting bool
|
||||
(Python's bool is an int subclass so `isinstance(True, int)` is
|
||||
True; without this guard a sidecar with `"id": true` would produce
|
||||
external_post_id="True")."""
|
||||
if isinstance(v, bool):
|
||||
return None
|
||||
if isinstance(v, (str, int)) and str(v).strip():
|
||||
return str(v).strip()
|
||||
return None
|
||||
|
||||
|
||||
def str_field(v) -> str | None:
|
||||
"""Same idea as str_id_value but for plain string fields (no int
|
||||
coercion)."""
|
||||
if isinstance(v, str) and v.strip():
|
||||
return v.strip()
|
||||
return None
|
||||
|
||||
|
||||
# Shared gallery-dl invocation defaults. Embedded in each platform's
|
||||
# default_config (with platform-specific overrides) so per-platform
|
||||
# choices stay explicit.
|
||||
GD_DEFAULTS = {
|
||||
"sleep": 3.0,
|
||||
"sleep_request": 1.5,
|
||||
"skip_existing": True,
|
||||
"save_metadata": True,
|
||||
"timeout": 3600,
|
||||
}
|
||||
@@ -0,0 +1,23 @@
|
||||
"""DeviantArt — no exercised quirks yet.
|
||||
|
||||
No operator-owned DeviantArt archive existed at the 2026-05-27 sidecar
|
||||
audit, so we don't know yet whether DA's gallery-dl sidecars are
|
||||
well-behaved or have their own quirks. When DA gets exercised for the
|
||||
first time, add `derive_post_url` / `augment_cookies` here as needed.
|
||||
"""
|
||||
|
||||
from .base import GD_DEFAULTS, PlatformInfo
|
||||
|
||||
INFO = PlatformInfo(
|
||||
key="deviantart",
|
||||
name="DeviantArt",
|
||||
description="Download artwork from DeviantArt artists",
|
||||
auth_type="cookies",
|
||||
requires_auth=False,
|
||||
url_pattern=r"^https?://(www\.)?deviantart\.com/",
|
||||
url_examples=[
|
||||
"https://www.deviantart.com/example-artist",
|
||||
"https://www.deviantart.com/example-artist/gallery",
|
||||
],
|
||||
default_config={**GD_DEFAULTS, "content_types": ["gallery"]},
|
||||
)
|
||||
@@ -0,0 +1,38 @@
|
||||
"""Discord — one quirk + one already-default.
|
||||
|
||||
post_url: gallery-dl's `url` is the CDN attachment URL. The "permalink"
|
||||
for a Discord message uses the (server, channel, message) triple via
|
||||
`discord.com/channels/<server>/<channel>/<message>`. Note that
|
||||
permalinks are only resolvable for users in the same server — public
|
||||
access doesn't work — but the URL is still useful to the operator
|
||||
in-app.
|
||||
|
||||
Description body is in `message` not `content`. That's already covered
|
||||
by the default description chain in base.py (DEFAULT_DESCRIPTION_KEYS
|
||||
ends with `message`). No description_keys override needed.
|
||||
"""
|
||||
|
||||
from .base import GD_DEFAULTS, PlatformInfo, str_id_value
|
||||
|
||||
|
||||
def derive_post_url(data: dict) -> str | None:
|
||||
sid = str_id_value(data.get("server_id"))
|
||||
cid = str_id_value(data.get("channel_id"))
|
||||
mid = str_id_value(data.get("message_id"))
|
||||
if sid and cid and mid:
|
||||
return f"https://discord.com/channels/{sid}/{cid}/{mid}"
|
||||
return None
|
||||
|
||||
|
||||
INFO = PlatformInfo(
|
||||
key="discord",
|
||||
name="Discord",
|
||||
description="Download attachments from Discord channels",
|
||||
auth_type="token",
|
||||
requires_auth=True,
|
||||
url_pattern=r"^https?://(www\.)?discord\.com/channels/",
|
||||
url_examples=["https://discord.com/channels/123456789/987654321"],
|
||||
default_config={**GD_DEFAULTS, "content_types": ["all"]},
|
||||
notes="Requires Discord user token (not bot token).",
|
||||
derive_post_url=derive_post_url,
|
||||
)
|
||||
@@ -0,0 +1,83 @@
|
||||
"""HentaiFoundry — two quirks colocated.
|
||||
|
||||
1. post_url: HF sidecars omit `url` entirely; `src` is the image URL.
|
||||
Synthesize the permalink from `user` + `index`
|
||||
(/pictures/user/<user>/<index>).
|
||||
|
||||
2. augment_cookies: gallery-dl's HF extractor checks
|
||||
`self.cookies.get("PHPSESSID", domain="www.hentai-foundry.com")` with
|
||||
`requests`' EXACT domain matching. The extension's pre-v1.0.5
|
||||
`cookies.js` aggressively rewrote every captured cookie to the
|
||||
leading-dot subdomain-wide form (`.hentai-foundry.com`), which fails
|
||||
the exact lookup even though the cookie IS sent on actual HTTP
|
||||
requests (RFC 6265 subdomain matching). The extractor falls into
|
||||
an unauthenticated `?enterAgree=1` HEAD that 401s. Inject host-only
|
||||
duplicates of PHPSESSID + YII_CSRF_TOKEN so the lookup succeeds.
|
||||
"""
|
||||
|
||||
from .base import GD_DEFAULTS, PlatformInfo, str_field, str_id_value
|
||||
|
||||
_HOST_ONLY_NAMES = ("PHPSESSID", "YII_CSRF_TOKEN")
|
||||
|
||||
|
||||
def derive_post_url(data: dict) -> str | None:
|
||||
user = str_field(data.get("user")) or str_field(data.get("artist"))
|
||||
idx = str_id_value(data.get("index"))
|
||||
if user and idx:
|
||||
return f"https://www.hentai-foundry.com/pictures/user/{user}/{idx}"
|
||||
return None
|
||||
|
||||
|
||||
def augment_cookies(netscape: str) -> str:
|
||||
body = netscape.rstrip("\n")
|
||||
if not body:
|
||||
return netscape
|
||||
lines = body.split("\n")
|
||||
existing_host_only: set[str] = set()
|
||||
by_name: dict[str, list[str]] = {}
|
||||
for raw in lines:
|
||||
if not raw or raw.startswith("#"):
|
||||
continue
|
||||
parts = raw.split("\t")
|
||||
if len(parts) < 7:
|
||||
continue
|
||||
domain, _flag, _path, _secure, _exp, name, _value = parts[:7]
|
||||
if name not in _HOST_ONLY_NAMES:
|
||||
continue
|
||||
if domain == "www.hentai-foundry.com":
|
||||
existing_host_only.add(name)
|
||||
elif domain in (".hentai-foundry.com", "hentai-foundry.com"):
|
||||
by_name.setdefault(name, []).append(raw)
|
||||
|
||||
appended: list[str] = []
|
||||
for name in _HOST_ONLY_NAMES:
|
||||
if name in existing_host_only or name not in by_name:
|
||||
continue
|
||||
# Duplicate the first subdomain-wide line as host-only on
|
||||
# www.hentai-foundry.com. Same value + expiry; flag=FALSE marks
|
||||
# the entry host-only in netscape format.
|
||||
parts = by_name[name][0].split("\t")
|
||||
parts[0] = "www.hentai-foundry.com"
|
||||
parts[1] = "FALSE"
|
||||
appended.append("\t".join(parts[:7]))
|
||||
|
||||
if not appended:
|
||||
return netscape
|
||||
return body + "\n" + "\n".join(appended) + "\n"
|
||||
|
||||
|
||||
INFO = PlatformInfo(
|
||||
key="hentaifoundry",
|
||||
name="Hentai Foundry",
|
||||
description="Download artwork from Hentai Foundry artists",
|
||||
auth_type="cookies",
|
||||
requires_auth=False,
|
||||
url_pattern=r"^https?://(www\.)?hentai-foundry\.com/",
|
||||
url_examples=[
|
||||
"https://www.hentai-foundry.com/user/example_artist",
|
||||
"https://www.hentai-foundry.com/pictures/user/example_artist",
|
||||
],
|
||||
default_config={**GD_DEFAULTS, "content_types": ["pictures"]},
|
||||
derive_post_url=derive_post_url,
|
||||
augment_cookies=augment_cookies,
|
||||
)
|
||||
@@ -0,0 +1,23 @@
|
||||
"""Patreon — no quirks. The reference platform.
|
||||
|
||||
Patreon's gallery-dl sidecars are the well-behaved baseline: `url` is a
|
||||
real permalink, `id` is the post id, `title` and `content` are
|
||||
populated. No cookie quirks (session cookies are domain-wide). No
|
||||
derivation overrides.
|
||||
"""
|
||||
|
||||
from .base import GD_DEFAULTS, PlatformInfo
|
||||
|
||||
INFO = PlatformInfo(
|
||||
key="patreon",
|
||||
name="Patreon",
|
||||
description="Download posts from Patreon creators",
|
||||
auth_type="cookies",
|
||||
requires_auth=True,
|
||||
url_pattern=r"^https?://(www\.)?patreon\.com/",
|
||||
url_examples=[
|
||||
"https://www.patreon.com/example_artist",
|
||||
"https://www.patreon.com/user?u=12345678",
|
||||
],
|
||||
default_config={**GD_DEFAULTS, "content_types": ["images", "attachments"]},
|
||||
)
|
||||
@@ -0,0 +1,32 @@
|
||||
"""Pixiv — one quirk.
|
||||
|
||||
post_url: gallery-dl's `url` is the image URL on `i.pximg.net`. The
|
||||
post permalink follows /artworks/<id>. external_post_id (= `id`) was
|
||||
already correct, so no override there.
|
||||
"""
|
||||
|
||||
from .base import GD_DEFAULTS, PlatformInfo, str_id_value
|
||||
|
||||
|
||||
def derive_post_url(data: dict) -> str | None:
|
||||
pid = str_id_value(data.get("id"))
|
||||
if pid:
|
||||
return f"https://www.pixiv.net/artworks/{pid}"
|
||||
return None
|
||||
|
||||
|
||||
INFO = PlatformInfo(
|
||||
key="pixiv",
|
||||
name="Pixiv",
|
||||
description="Download artwork from Pixiv artists",
|
||||
auth_type="token",
|
||||
requires_auth=True,
|
||||
url_pattern=r"^https?://(www\.)?pixiv\.net/",
|
||||
url_examples=[
|
||||
"https://www.pixiv.net/users/12345678",
|
||||
"https://www.pixiv.net/en/users/12345678",
|
||||
],
|
||||
default_config={**GD_DEFAULTS, "content_types": ["all"]},
|
||||
notes="Requires OAuth refresh token. Run `gallery-dl oauth:pixiv` to obtain one.",
|
||||
derive_post_url=derive_post_url,
|
||||
)
|
||||
@@ -0,0 +1,62 @@
|
||||
"""SubscribeStar — three quirks colocated.
|
||||
|
||||
1. external_post_id: gallery-dl puts the per-attachment id in `id`
|
||||
(e.g. 711509) and the actual post id in `post_id` (e.g. 360360).
|
||||
The default chain in base.py already prefers `post_id`; this module
|
||||
doesn't need to override it but the comment lives here too so a
|
||||
future reader knows the chain's order was driven by this platform.
|
||||
|
||||
2. post_url: gallery-dl's `url` is the file CDN URL
|
||||
(`/post_uploads?payload=...`). Synthesize the post permalink from
|
||||
`post_id`.
|
||||
|
||||
3. augment_cookies: the server gates artist pages behind a
|
||||
`_personalization_id` age-confirmation cookie that the user can't
|
||||
easily refresh — SubscribeStar's frontend JS uses localStorage to
|
||||
suppress the age popup once dismissed. gallery-dl's own login flow
|
||||
sidesteps this by setting `18_plus_agreement_generic=true` on
|
||||
`.subscribestar.adult`; we mirror that for cookies captured via the
|
||||
extension.
|
||||
"""
|
||||
|
||||
from .base import GD_DEFAULTS, PlatformInfo, str_id_value
|
||||
|
||||
|
||||
def derive_post_url(data: dict) -> str | None:
|
||||
pid = str_id_value(data.get("post_id"))
|
||||
if pid:
|
||||
return f"https://www.subscribestar.com/posts/{pid}"
|
||||
return None
|
||||
|
||||
|
||||
def augment_cookies(netscape: str) -> str:
|
||||
if "18_plus_agreement_generic" in netscape:
|
||||
return netscape
|
||||
# Far-future expiry — gallery-dl's own login flow sets this with no
|
||||
# explicit expiry; the server only checks presence/value.
|
||||
expiry = 4102444800 # 2100-01-01 UTC
|
||||
line = "\t".join([
|
||||
".subscribestar.adult", "TRUE", "/", "TRUE",
|
||||
str(expiry), "18_plus_agreement_generic", "true",
|
||||
])
|
||||
body = netscape.rstrip("\n")
|
||||
if not body:
|
||||
body = "# Netscape HTTP Cookie File"
|
||||
return body + "\n" + line + "\n"
|
||||
|
||||
|
||||
INFO = PlatformInfo(
|
||||
key="subscribestar",
|
||||
name="SubscribeStar",
|
||||
description="Download posts from SubscribeStar creators",
|
||||
auth_type="cookies",
|
||||
requires_auth=True,
|
||||
url_pattern=r"^https?://(www\.)?subscribestar\.(com|adult)/",
|
||||
url_examples=[
|
||||
"https://subscribestar.adult/example_artist",
|
||||
"https://www.subscribestar.com/example_artist",
|
||||
],
|
||||
default_config={**GD_DEFAULTS, "content_types": ["all"]},
|
||||
derive_post_url=derive_post_url,
|
||||
augment_cookies=augment_cookies,
|
||||
)
|
||||
@@ -1,7 +1,9 @@
|
||||
"""Minimal gallery-dl sidecar parsing (one-time filesystem-import aid).
|
||||
|
||||
No per-platform branching: a small common key set with fallbacks; the
|
||||
full JSON is kept in raw so anything unmapped is recoverable later.
|
||||
Per-platform quirks (post_url synthesis, key-chain overrides) live in
|
||||
the platforms registry — `backend/app/services/platforms/`. This module
|
||||
is platform-agnostic: it looks up `category` in the sidecar and asks
|
||||
the registry for the right behavior.
|
||||
"""
|
||||
|
||||
import re
|
||||
@@ -9,6 +11,12 @@ from dataclasses import dataclass
|
||||
from datetime import UTC, datetime
|
||||
from pathlib import Path
|
||||
|
||||
from ..services.platforms import (
|
||||
PLATFORMS,
|
||||
description_keys_for,
|
||||
external_post_id_keys_for,
|
||||
)
|
||||
|
||||
|
||||
@dataclass(frozen=True)
|
||||
class SidecarData:
|
||||
@@ -55,6 +63,19 @@ def _first_str(data: dict, keys: tuple[str, ...]) -> str | None:
|
||||
return None
|
||||
|
||||
|
||||
def _first_id(data: dict, keys: tuple[str, ...]) -> str | None:
|
||||
"""Like `_first_str` but accepts ints and rejects bool (Python's
|
||||
bool subclasses int, so a literal `"id": true` would otherwise
|
||||
yield external_post_id="True")."""
|
||||
for k in keys:
|
||||
v = data.get(k)
|
||||
if isinstance(v, bool):
|
||||
continue
|
||||
if isinstance(v, (str, int)) and str(v).strip():
|
||||
return str(v).strip()
|
||||
return None
|
||||
|
||||
|
||||
# Strip HTML tags + collapse whitespace + take the first non-empty line.
|
||||
# Used to derive a display title from a body when the platform doesn't
|
||||
# expose a separate title field (subscribestar posts always write
|
||||
@@ -111,22 +132,7 @@ def parse_sidecar(data: dict) -> SidecarData:
|
||||
cat = data.get("category")
|
||||
platform = cat if isinstance(cat, str) and cat.strip() else None
|
||||
|
||||
# external_post_id lookup order: post_id MUST come before id.
|
||||
# SubscribeStar gallery-dl writes the per-attachment id in `id`
|
||||
# (e.g. 711509) and the actual post id in `post_id` (e.g. 360360);
|
||||
# picking `id` first fragments every multi-image subscribestar post
|
||||
# into N distinct Post rows in FC. Patreon/Pixiv have no `post_id`
|
||||
# so `id` still wins for them; HF uses `index`, Discord uses
|
||||
# `message_id` — all reached via the remaining chain entries.
|
||||
# Operator-flagged 2026-05-27 during the sidecar audit.
|
||||
external_post_id = None
|
||||
for k in ("post_id", "id", "index", "message_id"):
|
||||
v = data.get(k)
|
||||
if isinstance(v, bool):
|
||||
continue
|
||||
if isinstance(v, (str, int)) and str(v).strip():
|
||||
external_post_id = str(v)
|
||||
break
|
||||
external_post_id = _first_id(data, external_post_id_keys_for(platform))
|
||||
|
||||
pc = data.get("page_count")
|
||||
if isinstance(pc, bool):
|
||||
@@ -146,30 +152,23 @@ def parse_sidecar(data: dict) -> SidecarData:
|
||||
if post_date is not None:
|
||||
break
|
||||
|
||||
# `message` is Discord gallery-dl's body field (no `content`); added
|
||||
# 2026-05-27 to the description fallback chain.
|
||||
description = _first_str(
|
||||
data, ("content", "description", "caption", "message"),
|
||||
)
|
||||
description = _first_str(data, description_keys_for(platform))
|
||||
|
||||
# SubscribeStar posts always write `title: ""` and put the leading
|
||||
# sentence inside `content` (confirmed against the operator's
|
||||
# /mnt/Data/Patreon/Cheunart/subscribestar/ dump 2026-05-27). When
|
||||
# no explicit title is present, synthesize one from the description
|
||||
# body's first non-empty line. Patreon retains its explicit titles
|
||||
# because they're non-empty and short-circuit the fallback.
|
||||
# When `title` is empty (subscribestar always; sometimes elsewhere),
|
||||
# synthesize from the description body's first non-empty text line.
|
||||
# Patreon's explicit titles short-circuit the fallback.
|
||||
post_title = _first_str(data, ("title",))
|
||||
if post_title is None and description:
|
||||
post_title = _first_line_text(description)
|
||||
|
||||
# post_url derivation: SubscribeStar/Pixiv/HF/Discord put the FILE
|
||||
# download URL in `url`, not a post permalink. Synthesize the
|
||||
# permalink from per-platform fields when possible. Patreon's `url`
|
||||
# IS a permalink and is used as-is. For the four file-URL platforms,
|
||||
# the bare `url` is NEVER trusted — derive or return None rather
|
||||
# than persist a CDN URL in post.post_url.
|
||||
if platform in _DERIVED_URL_PLATFORMS:
|
||||
post_url = _derive_post_url(platform, data)
|
||||
# post_url: ask the platform module to synthesize a permalink.
|
||||
# When the platform registers a `derive_post_url`, it owns the
|
||||
# field (the bare `url`/`post_url` value is a file CDN URL and
|
||||
# must NEVER be persisted). When it doesn't register one, trust
|
||||
# the sidecar's `url` (Patreon's case — real permalink).
|
||||
info = PLATFORMS.get(platform) if platform else None
|
||||
if info is not None and info.derive_post_url is not None:
|
||||
post_url = info.derive_post_url(data)
|
||||
else:
|
||||
post_url = _first_str(data, ("url", "post_url"))
|
||||
|
||||
@@ -183,39 +182,3 @@ def parse_sidecar(data: dict) -> SidecarData:
|
||||
post_date=post_date,
|
||||
raw=data,
|
||||
)
|
||||
|
||||
|
||||
_DERIVED_URL_PLATFORMS = frozenset({
|
||||
"subscribestar", "pixiv", "hentaifoundry", "discord",
|
||||
})
|
||||
|
||||
|
||||
def _derive_post_url(platform: str, data: dict) -> str | None:
|
||||
"""Synthesize the post-permalink URL from per-platform metadata.
|
||||
|
||||
gallery-dl writes the file-download URL in `url` for these four
|
||||
platforms; we need a real permalink for the PostCard "open original"
|
||||
button. Returns None if the platform-specific fields are missing
|
||||
(rare in well-formed sidecars but defensive).
|
||||
"""
|
||||
if platform == "subscribestar":
|
||||
pid = data.get("post_id")
|
||||
if isinstance(pid, (str, int)) and str(pid).strip():
|
||||
return f"https://www.subscribestar.com/posts/{pid}"
|
||||
elif platform == "pixiv":
|
||||
pid = data.get("id")
|
||||
if isinstance(pid, (str, int)) and not isinstance(pid, bool) and str(pid).strip():
|
||||
return f"https://www.pixiv.net/artworks/{pid}"
|
||||
elif platform == "hentaifoundry":
|
||||
user = _first_str(data, ("user", "artist"))
|
||||
idx = data.get("index")
|
||||
if user and isinstance(idx, (str, int)) and not isinstance(idx, bool) and str(idx).strip():
|
||||
return f"https://www.hentai-foundry.com/pictures/user/{user}/{idx}"
|
||||
elif platform == "discord":
|
||||
sid = data.get("server_id")
|
||||
cid = data.get("channel_id")
|
||||
mid = data.get("message_id")
|
||||
if all(isinstance(v, (str, int)) and not isinstance(v, bool) and str(v).strip()
|
||||
for v in (sid, cid, mid)):
|
||||
return f"https://discord.com/channels/{sid}/{cid}/{mid}"
|
||||
return None
|
||||
|
||||
@@ -38,11 +38,33 @@ function deduplicateCookies(cookies) {
|
||||
function toNetscapeFormat(cookies) {
|
||||
const lines = ['# Netscape HTTP Cookie File'];
|
||||
for (const c of cookies) {
|
||||
let domain = c.domain.replace(/^\.?www\./, '.');
|
||||
if (!domain.startsWith('.')) domain = '.' + domain;
|
||||
// Preserve the browser's actual scope. Earlier versions rewrote
|
||||
// every cookie to a leading-dot subdomain-wide form, which broke
|
||||
// gallery-dl's HF extractor: its `cookies.get(name,
|
||||
// domain="www.hentai-foundry.com")` does EXACT domain matching and
|
||||
// missed host-only PHPSESSID rewritten to `.hentai-foundry.com`.
|
||||
// Operator-flagged 2026-05-27. Backend `_augment_cookies` covers
|
||||
// the already-stored cookies; this fix is forward-compat for fresh
|
||||
// captures.
|
||||
//
|
||||
// Cookie storage semantics (Firefox):
|
||||
// c.hostOnly === true → cookie set without a Domain= attribute;
|
||||
// applies to the exact host only.
|
||||
// c.hostOnly === false → cookie set with Domain=X; applies to
|
||||
// that domain and its subdomains.
|
||||
//
|
||||
// Netscape format:
|
||||
// leading-dot domain + TRUE flag → subdomain-wide
|
||||
// bare-host domain + FALSE flag → host-only
|
||||
const hostOnly = c.hostOnly === true;
|
||||
let domain = c.domain;
|
||||
if (!hostOnly && !domain.startsWith('.')) {
|
||||
domain = '.' + domain;
|
||||
}
|
||||
const subdomainFlag = hostOnly ? 'FALSE' : 'TRUE';
|
||||
const secure = c.secure ? 'TRUE' : 'FALSE';
|
||||
const expiration = c.expirationDate ? Math.floor(c.expirationDate) : 0;
|
||||
lines.push([domain, 'TRUE', c.path || '/', secure, String(expiration), c.name, c.value].join('\t'));
|
||||
lines.push([domain, subdomainFlag, c.path || '/', secure, String(expiration), c.name, c.value].join('\t'));
|
||||
}
|
||||
return lines.join('\n');
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"manifest_version": 3,
|
||||
"name": "FabledCurator",
|
||||
"version": "1.0.4",
|
||||
"version": "1.0.5",
|
||||
"description": "Export cookies from supported platforms to FabledCurator and add creators as sources in one click.",
|
||||
|
||||
"browser_specific_settings": {
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "fabledcurator-extension",
|
||||
"version": "1.0.4",
|
||||
"version": "1.0.5",
|
||||
"private": true,
|
||||
"description": "Firefox extension for FabledCurator",
|
||||
"scripts": {
|
||||
|
||||
@@ -52,8 +52,8 @@
|
||||
v-model="showModal"
|
||||
action="delete"
|
||||
kind="min-dim"
|
||||
:run-id="tokenSha8"
|
||||
tier="C"
|
||||
:expected-token-override="preview?.confirm_token || ''"
|
||||
:projected-counts="projectedCounts"
|
||||
:description="`Width < ${minW} OR height < ${minH}`"
|
||||
@confirm="onConfirmedDelete"
|
||||
@@ -67,13 +67,20 @@ import { onMounted, ref } from 'vue'
|
||||
import DestructiveConfirmModal from '../modal/DestructiveConfirmModal.vue'
|
||||
import { useCleanupStore } from '../../stores/cleanup.js'
|
||||
|
||||
// Backend's preview response hands the full Tier-C confirm token back
|
||||
// as `confirm_token` (e.g. `delete-min-dim-1a2b3c4d`); passed straight
|
||||
// to the modal via `expected-token-override`. We previously
|
||||
// reconstructed via Web Crypto's SHA-256, but `crypto.subtle` is
|
||||
// Secure-Context-gated and undefined on plain-HTTP origins, so the
|
||||
// Delete button silently swallowed the TypeError. Operator-flagged
|
||||
// 2026-05-27.
|
||||
|
||||
const store = useCleanupStore()
|
||||
const minW = ref(0)
|
||||
const minH = ref(0)
|
||||
const preview = ref(null)
|
||||
const busy = ref(false)
|
||||
const showModal = ref(false)
|
||||
const tokenSha8 = ref('')
|
||||
const projectedCounts = ref({})
|
||||
|
||||
onMounted(async () => {
|
||||
@@ -82,15 +89,6 @@ onMounted(async () => {
|
||||
minH.value = store.defaults.min_height
|
||||
})
|
||||
|
||||
// SHA-256 truncated to 8 hex chars — matches the backend's
|
||||
// _min_dim_token() exactly. Web Crypto rejects MD5 as insecure.
|
||||
async function sha8(canon) {
|
||||
const enc = new TextEncoder()
|
||||
const buf = await crypto.subtle.digest('SHA-256', enc.encode(canon))
|
||||
const hex = Array.from(new Uint8Array(buf)).map(b => b.toString(16).padStart(2, '0')).join('')
|
||||
return hex.slice(0, 8)
|
||||
}
|
||||
|
||||
async function onPreview() {
|
||||
busy.value = true
|
||||
try {
|
||||
@@ -102,8 +100,7 @@ async function onPreview() {
|
||||
}
|
||||
}
|
||||
|
||||
async function onDeleteClick() {
|
||||
tokenSha8.value = await sha8(`${minW.value}x${minH.value}`)
|
||||
function onDeleteClick() {
|
||||
projectedCounts.value = { 'Images to delete': preview.value.count }
|
||||
showModal.value = true
|
||||
}
|
||||
|
||||
@@ -4,7 +4,10 @@
|
||||
<div v-for="(col, ci) in columns" :key="ci" class="fc-masonry__col">
|
||||
<button
|
||||
v-for="item in col" :key="item.id"
|
||||
class="fc-masonry__item" type="button"
|
||||
class="fc-masonry__item"
|
||||
:class="{ 'fc-masonry__item--anim': shouldAnimate(item) }"
|
||||
:style="itemStyle(item)"
|
||||
type="button"
|
||||
@click="$emit('open', item.id)"
|
||||
>
|
||||
<img
|
||||
@@ -33,7 +36,13 @@ import { usePolyMasonry } from '../../composables/usePolyMasonry.js'
|
||||
const props = defineProps({
|
||||
items: { type: Array, default: () => [] },
|
||||
loading: { type: Boolean, default: false },
|
||||
hasMore: { type: Boolean, default: false }
|
||||
hasMore: { type: Boolean, default: false },
|
||||
// Items at indices >= animateFromIndex get the stagger fade-in. Opt-in
|
||||
// — defaults to Infinity (no animation) so views that don't want it
|
||||
// (ArtistView, etc.) don't pay the layout-shift cost. ShowcaseView
|
||||
// uses 0 on initial load / shuffle and prevCount on infinite-scroll
|
||||
// appends.
|
||||
animateFromIndex: { type: Number, default: Number.POSITIVE_INFINITY },
|
||||
})
|
||||
const emit = defineEmits(['load-more', 'open'])
|
||||
|
||||
@@ -43,6 +52,25 @@ const { columnCount, distribute } = usePolyMasonry(containerEl)
|
||||
|
||||
const columns = computed(() => distribute(props.items, columnCount.value))
|
||||
|
||||
// id → index lookup so we can derive the stagger from natural reading
|
||||
// order even after the masonry distributes items across columns.
|
||||
const idxById = computed(() => {
|
||||
const m = new Map()
|
||||
props.items.forEach((it, i) => m.set(it.id, i))
|
||||
return m
|
||||
})
|
||||
|
||||
function shouldAnimate(item) {
|
||||
const idx = idxById.value.get(item.id)
|
||||
return idx !== undefined && idx >= props.animateFromIndex
|
||||
}
|
||||
|
||||
function itemStyle(item) {
|
||||
if (!shouldAnimate(item)) return {}
|
||||
const idx = idxById.value.get(item.id) - props.animateFromIndex
|
||||
return { '--stagger-index': idx }
|
||||
}
|
||||
|
||||
function aspectStyle(item) {
|
||||
const w = Number(item.width)
|
||||
const h = Number(item.height)
|
||||
@@ -81,4 +109,23 @@ onUnmounted(() => observer && observer.disconnect())
|
||||
display: flex; justify-content: center; padding: 32px 0; min-height: 60px;
|
||||
}
|
||||
.fc-masonry__end { text-align: center; padding: 32px 0; }
|
||||
|
||||
/* IR-parity stagger fade-in for showcase entry / shuffle. 60ms between
|
||||
items, 250ms each — matches IR's `itemFadeIn` keyframe (style.css
|
||||
~line 1834). Honors prefers-reduced-motion. */
|
||||
@keyframes fc-masonry-item-in {
|
||||
from { opacity: 0; transform: translateY(12px); }
|
||||
to { opacity: 1; transform: translateY(0); }
|
||||
}
|
||||
.fc-masonry__item--anim {
|
||||
animation: fc-masonry-item-in 0.25s ease forwards;
|
||||
animation-delay: calc(var(--stagger-index, 0) * 60ms);
|
||||
opacity: 0;
|
||||
}
|
||||
@media (prefers-reduced-motion: reduce) {
|
||||
.fc-masonry__item--anim {
|
||||
animation: none;
|
||||
opacity: 1;
|
||||
}
|
||||
}
|
||||
</style>
|
||||
|
||||
@@ -74,7 +74,7 @@
|
||||
v-model="deleteModalOpen"
|
||||
action="delete"
|
||||
kind="images-selection"
|
||||
:run-id="bulkToken"
|
||||
:expected-token-override="bulkProjected?.confirm_token || ''"
|
||||
tier="C"
|
||||
:projected-counts="bulkProjectedCounts"
|
||||
:description="bulkDescription"
|
||||
@@ -130,7 +130,6 @@ watch(() => sel.order.length, () => {
|
||||
const deleting = ref(false)
|
||||
const deleteModalOpen = ref(false)
|
||||
const bulkProjected = ref(null)
|
||||
const bulkToken = ref('')
|
||||
|
||||
const bulkProjectedCounts = computed(() => bulkProjected.value
|
||||
? {
|
||||
@@ -147,24 +146,22 @@ const bulkDescription = computed(
|
||||
: '',
|
||||
)
|
||||
|
||||
async function _computeSha8(ids) {
|
||||
const canon = [...ids].sort((a, b) => a - b).join(',')
|
||||
const buf = new TextEncoder().encode(canon)
|
||||
const hashBuf = await crypto.subtle.digest('SHA-256', buf)
|
||||
const bytes = new Uint8Array(hashBuf)
|
||||
let hex = ''
|
||||
for (let i = 0; i < 4; i++) {
|
||||
hex += bytes[i].toString(16).padStart(2, '0')
|
||||
}
|
||||
return hex
|
||||
}
|
||||
// The dry-run response hands the canonical Tier-C confirm token back
|
||||
// as `confirm_token` (e.g. `delete-images-1a2b3c4d`), passed straight
|
||||
// to the modal via `expected-token-override`. We used to compute the
|
||||
// hash client-side via `crypto.subtle.digest`, but (1) that's
|
||||
// Secure-Context-gated and undefined on plain-HTTP origins
|
||||
// (homelab posture), so the click silently threw TypeError and the
|
||||
// modal never opened, and (2) the modal's `kind="images-selection"`
|
||||
// produced `delete-images-selection-<sha8>` while the backend
|
||||
// expected `delete-images-<sha8>` — so it never would have worked
|
||||
// even on HTTPS. Operator-flagged 2026-05-27.
|
||||
|
||||
async function onDeleteClick() {
|
||||
if (!sel.order.length) return
|
||||
deleting.value = true
|
||||
try {
|
||||
bulkProjected.value = await adminStore.projectBulkImageDelete(sel.order)
|
||||
bulkToken.value = await _computeSha8(sel.order)
|
||||
deleteModalOpen.value = true
|
||||
} finally {
|
||||
deleting.value = false
|
||||
|
||||
@@ -58,17 +58,27 @@ import { computed, ref, watch } from 'vue'
|
||||
const props = defineProps({
|
||||
modelValue: { type: Boolean, required: true },
|
||||
action: { type: String, required: true }, // 'restore' | 'delete'
|
||||
kind: { type: String, required: true }, // 'db' | 'images' | 'artist' | 'tag' | 'images-selection'
|
||||
kind: { type: String, required: true }, // 'db' | 'images' | 'artist' | 'tag' | 'images-selection' | 'audit' | 'min-dim'
|
||||
runId: { type: [Number, String], default: '' }, // numeric id or sha8 string
|
||||
description: { type: String, default: '' },
|
||||
tier: { type: String, default: 'C' }, // 'B' | 'C'
|
||||
projectedCounts: { type: Object, default: null },
|
||||
// Override the `${action}-${kind}-${runId}` token formula. Use when
|
||||
// the backend computes the canonical confirm token (e.g. bulk-delete
|
||||
// and min-dim cleanup both return `confirm_token` from their dry-run
|
||||
// endpoints) and the UI's kind/runId would otherwise produce a
|
||||
// mismatched string. Operator-flagged 2026-05-27 after the
|
||||
// BulkEditor's kind="images-selection" produced
|
||||
// `delete-images-selection-<sha8>` while the backend expected
|
||||
// `delete-images-<sha8>`.
|
||||
expectedTokenOverride: { type: String, default: '' },
|
||||
})
|
||||
const emit = defineEmits(['update:modelValue', 'confirm'])
|
||||
|
||||
const typed = ref('')
|
||||
const expectedToken = computed(
|
||||
() => `${props.action}-${props.kind}-${props.runId}`,
|
||||
() => props.expectedTokenOverride
|
||||
|| `${props.action}-${props.kind}-${props.runId}`,
|
||||
)
|
||||
const titleVerb = computed(
|
||||
() => props.action === 'restore' ? 'Restore' : 'Delete',
|
||||
|
||||
@@ -18,6 +18,7 @@
|
||||
:items="store.images"
|
||||
:loading="store.loading"
|
||||
:has-more="store.hasMore"
|
||||
:animate-from-index="animateFromIndex"
|
||||
@load-more="store.fetchPage()"
|
||||
@open="openImage"
|
||||
/>
|
||||
@@ -25,17 +26,52 @@
|
||||
</template>
|
||||
|
||||
<script setup>
|
||||
import { onMounted } from 'vue'
|
||||
import { useShowcaseStore } from '../stores/showcase.js'
|
||||
import { useModalStore } from '../stores/modal.js'
|
||||
import { onMounted, onUnmounted, ref, watch } from 'vue'
|
||||
|
||||
import MasonryGrid from '../components/discovery/MasonryGrid.vue'
|
||||
import { useModalStore } from '../stores/modal.js'
|
||||
import { useShowcaseStore } from '../stores/showcase.js'
|
||||
|
||||
const store = useShowcaseStore()
|
||||
const modal = useModalStore()
|
||||
|
||||
onMounted(() => { if (store.images.length === 0) store.fetchPage() })
|
||||
// Track when items were appended vs replaced so MasonryGrid only animates
|
||||
// items new to the current batch (mirrors IR's behavior: animate on
|
||||
// initial load and on shuffle, but skip silent infinite-scroll appends).
|
||||
const animateFromIndex = ref(0)
|
||||
let prevCount = 0
|
||||
watch(() => store.images.length, (newCount) => {
|
||||
if (newCount < prevCount || prevCount === 0) {
|
||||
// Reset (shuffle) or initial load — animate everything from 0.
|
||||
animateFromIndex.value = 0
|
||||
} else {
|
||||
// Append — only animate the newly-added tail.
|
||||
animateFromIndex.value = prevCount
|
||||
}
|
||||
prevCount = newCount
|
||||
})
|
||||
|
||||
function openImage(id) {
|
||||
modal.open(id)
|
||||
}
|
||||
|
||||
// IR-parity keyboard shuffle: press R anywhere on the page (not inside a
|
||||
// text input, not while a Vuetify overlay is open) to reshuffle.
|
||||
function onKeydown(e) {
|
||||
const t = e.target
|
||||
if (t && (t.tagName === 'INPUT' || t.tagName === 'TEXTAREA' || t.isContentEditable)) return
|
||||
// Vuetify marks the active overlay (v-dialog, v-menu) on the body when
|
||||
// open. Skip shuffle when a modal is in the way.
|
||||
if (document.querySelector('.v-overlay--active')) return
|
||||
if (e.key === 'r' || e.key === 'R') {
|
||||
e.preventDefault()
|
||||
store.shuffle()
|
||||
}
|
||||
}
|
||||
|
||||
onMounted(() => {
|
||||
if (store.images.length === 0) store.fetchPage()
|
||||
window.addEventListener('keydown', onKeydown)
|
||||
})
|
||||
onUnmounted(() => window.removeEventListener('keydown', onKeydown))
|
||||
</script>
|
||||
|
||||
@@ -140,6 +140,11 @@ async def test_bulk_delete_dry_run_returns_counts(client, db, tmp_path):
|
||||
assert body["images_found"] == 2
|
||||
assert body["bytes_on_disk"] == 30
|
||||
assert body["missing_ids"] == [9_999_999]
|
||||
# Dry-run hands the canonical Tier-C confirm token back so the
|
||||
# frontend doesn't recompute SHA-256 client-side (crypto.subtle
|
||||
# is Secure-Context-gated; FC runs over plain HTTP).
|
||||
assert body["confirm_token"].startswith("delete-images-")
|
||||
assert len(body["confirm_token"]) == len("delete-images-") + 8
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
|
||||
@@ -66,6 +66,10 @@ async def test_min_dimension_preview_returns_count(client, db, tmp_path):
|
||||
assert resp.status_code == 200
|
||||
body = await resp.get_json()
|
||||
assert body["count"] == 1
|
||||
# Preview hands the canonical Tier-C confirm token back so the
|
||||
# frontend doesn't have to recompute SHA-256 client-side
|
||||
# (crypto.subtle is Secure-Context-gated; FC runs over plain HTTP).
|
||||
assert body["confirm_token"] == _sha256_min_dim_token(200, 200)
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
|
||||
@@ -110,6 +110,114 @@ async def test_get_cookies_path_none_for_token_kind(db, crypto, tmp_path):
|
||||
assert await svc.get_cookies_path("discord") is None
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_get_cookies_path_subscribestar_injects_age_cookie(db, crypto, tmp_path):
|
||||
"""SubscribeStar's server gates artist pages behind a _personalization_id
|
||||
cookie; the browser-stored cookie expires annually and can't be easily
|
||||
refreshed (the JS age popup is suppressed by localStorage). Mirror
|
||||
gallery-dl's own login-flow workaround by injecting
|
||||
`18_plus_agreement_generic=true` on `.subscribestar.adult` whenever
|
||||
cookies for subscribestar are materialized."""
|
||||
netscape_in = (
|
||||
"# Netscape HTTP Cookie File\n"
|
||||
".subscribestar.adult\tTRUE\t/\tTRUE\t1700000000\tsession_id\txyz\n"
|
||||
)
|
||||
svc = CredentialService(db, crypto, cookies_dir=tmp_path / "cookies")
|
||||
await svc.upsert(platform="subscribestar", credential_type="cookies", data=netscape_in)
|
||||
path = await svc.get_cookies_path("subscribestar")
|
||||
contents = path.read_text()
|
||||
assert "18_plus_agreement_generic\ttrue" in contents
|
||||
assert ".subscribestar.adult" in contents
|
||||
# Original session_id cookie preserved.
|
||||
assert "session_id\txyz" in contents
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_get_cookies_path_subscribestar_idempotent_when_present(db, crypto, tmp_path):
|
||||
"""If the operator's captured cookies ALREADY contain the age cookie
|
||||
(e.g. a manual paste, or a re-login), don't double-inject."""
|
||||
netscape_in = (
|
||||
"# Netscape HTTP Cookie File\n"
|
||||
".subscribestar.adult\tTRUE\t/\tTRUE\t1700000000\t18_plus_agreement_generic\ttrue\n"
|
||||
".subscribestar.adult\tTRUE\t/\tTRUE\t1700000000\tsession_id\txyz\n"
|
||||
)
|
||||
svc = CredentialService(db, crypto, cookies_dir=tmp_path / "cookies")
|
||||
await svc.upsert(platform="subscribestar", credential_type="cookies", data=netscape_in)
|
||||
path = await svc.get_cookies_path("subscribestar")
|
||||
contents = path.read_text()
|
||||
assert contents.count("18_plus_agreement_generic") == 1
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_get_cookies_path_non_subscribestar_unchanged(db, crypto, tmp_path):
|
||||
"""The age-cookie injection MUST NOT fire for non-subscribestar
|
||||
platforms — Patreon/etc. don't need it and shouldn't carry a
|
||||
foreign-domain cookie in their cookies.txt."""
|
||||
svc = CredentialService(db, crypto, cookies_dir=tmp_path / "cookies")
|
||||
await svc.upsert(platform="patreon", credential_type="cookies", data=_NETSCAPE)
|
||||
path = await svc.get_cookies_path("patreon")
|
||||
contents = path.read_text()
|
||||
assert "18_plus_agreement_generic" not in contents
|
||||
assert "subscribestar" not in contents
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_get_cookies_path_hf_injects_host_only_phpsessid(db, crypto, tmp_path):
|
||||
"""HF: extension writes session cookies as subdomain-wide
|
||||
(`.hentai-foundry.com`), but gallery-dl's extractor uses
|
||||
`cookies.get(name, domain='www.hentai-foundry.com')` with EXACT
|
||||
domain matching. Emit host-only duplicates of PHPSESSID +
|
||||
YII_CSRF_TOKEN on `www.hentai-foundry.com` so the lookup matches."""
|
||||
netscape_in = (
|
||||
"# Netscape HTTP Cookie File\n"
|
||||
".hentai-foundry.com\tTRUE\t/\tTRUE\t1900000000\tPHPSESSID\tsess123\n"
|
||||
".hentai-foundry.com\tTRUE\t/\tTRUE\t1900000000\tYII_CSRF_TOKEN\ttoken456\n"
|
||||
)
|
||||
svc = CredentialService(db, crypto, cookies_dir=tmp_path / "cookies")
|
||||
await svc.upsert(platform="hentaifoundry", credential_type="cookies", data=netscape_in)
|
||||
path = await svc.get_cookies_path("hentaifoundry")
|
||||
contents = path.read_text()
|
||||
# Subdomain-wide originals preserved.
|
||||
assert ".hentai-foundry.com\tTRUE\t/\tTRUE\t1900000000\tPHPSESSID\tsess123" in contents
|
||||
# Host-only duplicates appended for both names.
|
||||
assert "www.hentai-foundry.com\tFALSE\t/\tTRUE\t1900000000\tPHPSESSID\tsess123" in contents
|
||||
assert "www.hentai-foundry.com\tFALSE\t/\tTRUE\t1900000000\tYII_CSRF_TOKEN\ttoken456" in contents
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_get_cookies_path_hf_idempotent_when_host_only_present(db, crypto, tmp_path):
|
||||
"""If the captured cookies already include a host-only PHPSESSID
|
||||
on www.hentai-foundry.com (e.g. a future extension fix that
|
||||
preserves browser hostOnly state), don't double-inject."""
|
||||
netscape_in = (
|
||||
"# Netscape HTTP Cookie File\n"
|
||||
".hentai-foundry.com\tTRUE\t/\tTRUE\t1900000000\tPHPSESSID\tsess123\n"
|
||||
"www.hentai-foundry.com\tFALSE\t/\tTRUE\t1900000000\tPHPSESSID\tsess123\n"
|
||||
)
|
||||
svc = CredentialService(db, crypto, cookies_dir=tmp_path / "cookies")
|
||||
await svc.upsert(platform="hentaifoundry", credential_type="cookies", data=netscape_in)
|
||||
path = await svc.get_cookies_path("hentaifoundry")
|
||||
contents = path.read_text()
|
||||
# Should count PHPSESSID exactly twice — the original two lines, no third.
|
||||
assert contents.count("PHPSESSID\tsess123") == 2
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_get_cookies_path_hf_ignores_unrelated_cookies(db, crypto, tmp_path):
|
||||
"""The injection should only target session/CSRF cookies. Other HF
|
||||
cookies (e.g. analytics) stay subdomain-wide as captured."""
|
||||
netscape_in = (
|
||||
"# Netscape HTTP Cookie File\n"
|
||||
".hentai-foundry.com\tTRUE\t/\tTRUE\t1900000000\t_ga\tGA1.2.x\n"
|
||||
)
|
||||
svc = CredentialService(db, crypto, cookies_dir=tmp_path / "cookies")
|
||||
await svc.upsert(platform="hentaifoundry", credential_type="cookies", data=netscape_in)
|
||||
path = await svc.get_cookies_path("hentaifoundry")
|
||||
contents = path.read_text()
|
||||
assert "www.hentai-foundry.com" not in contents
|
||||
assert contents.count("_ga") == 1
|
||||
|
||||
|
||||
@pytest.mark.asyncio
|
||||
async def test_get_token_decrypts(db, crypto):
|
||||
svc = CredentialService(db, crypto)
|
||||
|
||||
Reference in New Issue
Block a user