From c2d7c2c8b7b18531271f18d0b5a18032eb599806 Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Tue, 25 Jun 2019 21:17:30 +0300
Subject: [PATCH 1/5] Fix #124 according to the snippet by @mrvdb

I changed the sh alias to shell instead of bash.

The additions to the `highlight(nodes)` function look redundant.
It works for me without them but maybe they cover an edge case I
cannot think about?
---
 templates/include/post-render.tmpl | 20 +++++++++++++++++++-
 1 file changed, 19 insertions(+), 1 deletion(-)

diff --git a/templates/include/post-render.tmpl b/templates/include/post-render.tmpl
index b0e8582..0f23810 100644
--- a/templates/include/post-render.tmpl
+++ b/templates/include/post-render.tmpl
@@ -9,6 +9,22 @@
     // Set langs to the langs that are included by default (for now: 'common set' on CDN)
     var langs = [];
 
+    // Custom aliasmap
+    var aliasmap = {
+      "elisp"      : "lisp",
+      "emacs-lisp" : "lisp",
+      "c"          : "cpp",
+      "cc"         : "cpp",
+      "h"          : "cpp",
+      "c++"        : "cpp",
+      "h++"        : "cpp",
+      "hpp"        : "cpp",
+      "hh"         : "cpp",
+      "hxx"        : "cpp",
+      "cxx"        : "cpp",
+      "sh"         : "shell"
+    };
+    
     // Given a set of nodes, run highlighting on them
     function highlight(nodes) {
       for (i=0; i < nodes.length; i++) {
@@ -22,7 +38,7 @@
         var sc = document.createElement('script');
         sc.src = uri;
         sc.async = false; // critical?
-	// Set callback on last script
+	  // Set callback on last script
         if (uris.indexOf(uri) == uris.length-1) {
 	  // Set callback regardless
 	  // so we're sure it will run if last element had error
@@ -46,6 +62,8 @@
       // Check what we need to load
       for (i=0; i < lb.length; i++) {
         lang = lb[i].className.replace('language-','');
+        // Support the aliases specified above
+        if (aliasmap[lang]) lang = aliasmap[lang];
         lurl = hlbaseUri + "highlightjs/" + lang + ".min.js";
         if (!(langs.includes(lang) || jss.includes(lurl))) {
           jss.push(lurl);

From 08421196948276be3847d5cf6dcb88eb0778c0cf Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Thu, 27 Jun 2019 00:12:18 +0300
Subject: [PATCH 2/5] Change `sh` alias back to `bash`

because this is the alias in highlight itself.

(see https://github.com/writeas/writefreely/pull/128#issuecomment-505766645)
---
 templates/include/post-render.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/include/post-render.tmpl b/templates/include/post-render.tmpl
index 0f23810..517b291 100644
--- a/templates/include/post-render.tmpl
+++ b/templates/include/post-render.tmpl
@@ -22,7 +22,7 @@
       "hh"         : "cpp",
       "hxx"        : "cpp",
       "cxx"        : "cpp",
-      "sh"         : "shell"
+      "sh"         : "bash"
     };
     
     // Given a set of nodes, run highlighting on them

From a102f97c3eead290ec51e6ed898805baf7fe67d5 Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Mon, 10 Jun 2019 00:43:19 +0300
Subject: [PATCH 3/5] Fix #96

This solves the error 500 on the /api/me endpoint.

Replace token search query `=` with `LIKE` to fix sqlite complaining about
no valid tokens. Also checked with MySQL and it still works after the change.
---
 database.go | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/database.go b/database.go
index b52f27b..3af659d 100644
--- a/database.go
+++ b/database.go
@@ -388,7 +388,7 @@ func (db *datastore) GetUserNameFromToken(accessToken string) (string, error) {
 
 	var oneTime bool
 	var username string
-	err := db.QueryRow("SELECT username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&username, &oneTime)
+	err := db.QueryRow("SELECT username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&username, &oneTime)
 	switch {
 	case err == sql.ErrNoRows:
 		return "", ErrBadAccessToken
@@ -413,7 +413,7 @@ func (db *datastore) GetUserDataFromToken(accessToken string) (int64, string, er
 	var userID int64
 	var oneTime bool
 	var username string
-	err := db.QueryRow("SELECT user_id, username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&userID, &username, &oneTime)
+	err := db.QueryRow("SELECT user_id, username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&userID, &username, &oneTime)
 	switch {
 	case err == sql.ErrNoRows:
 		return 0, "", ErrBadAccessToken
@@ -452,7 +452,7 @@ func (db *datastore) GetUserIDPrivilege(accessToken string) (userID int64, sudo
 	}
 
 	var oneTime bool
-	err := db.QueryRow("SELECT user_id, sudo, one_time FROM accesstokens WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&userID, &sudo, &oneTime)
+	err := db.QueryRow("SELECT user_id, sudo, one_time FROM accesstokens WHERE token LIKE ? AND (expires IS NULL OR expires > "+db.now()+")", t).Scan(&userID, &sudo, &oneTime)
 	switch {
 	case err == sql.ErrNoRows:
 		return -1, false
@@ -469,7 +469,7 @@ func (db *datastore) GetUserIDPrivilege(accessToken string) (userID int64, sudo
 }
 
 func (db *datastore) DeleteToken(accessToken []byte) error {
-	res, err := db.Exec("DELETE FROM accesstokens WHERE token = ?", accessToken)
+	res, err := db.Exec("DELETE FROM accesstokens WHERE token LIKE ?", accessToken)
 	if err != nil {
 		return err
 	}
@@ -484,7 +484,7 @@ func (db *datastore) DeleteToken(accessToken []byte) error {
 // userID.
 func (db *datastore) FetchLastAccessToken(userID int64) string {
 	var t []byte
-	err := db.QueryRow("SELECT token FROM accesstokens WHERE user_id = ? AND (expires IS NULL OR expires > NOW()) ORDER BY created DESC LIMIT 1", userID).Scan(&t)
+	err := db.QueryRow("SELECT token FROM accesstokens WHERE user_id = ? AND (expires IS NULL OR expires > "+db.now()+") ORDER BY created DESC LIMIT 1", userID).Scan(&t)
 	switch {
 	case err == sql.ErrNoRows:
 		return ""
@@ -529,7 +529,7 @@ func (db *datastore) GetTemporaryOneTimeAccessToken(userID int64, validSecs int,
 
 	expirationVal := "NULL"
 	if validSecs > 0 {
-		expirationVal = fmt.Sprintf("DATE_ADD(NOW(), INTERVAL %d SECOND)", validSecs)
+		expirationVal = fmt.Sprintf("DATE_ADD("+db.now()+", INTERVAL %d SECOND)", validSecs)
 	}
 
 	_, err = db.Exec("INSERT INTO accesstokens (token, user_id, one_time, expires) VALUES (?, ?, ?, "+expirationVal+")", string(binTok), userID, oneTime)

From 8d9f60aaa9b9d006d0d9fc34030a18ee4f58cc52 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 20 Jun 2019 09:04:52 -0400
Subject: [PATCH 4/5] Always initialize database after --config

Previously, this would only run when configuring an instance for
single-user usage. Now it'll also run when configuring for multi-user
usage.

It also adds a log when the database has already been initialized.
---
 app.go | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/app.go b/app.go
index 8aeedce..7b149cc 100644
--- a/app.go
+++ b/app.go
@@ -449,19 +449,21 @@ func DoConfig(app *App) {
 		log.Error("Unable to configure: %v", err)
 		os.Exit(1)
 	}
-	if d.User != nil {
-		app.cfg = d.Config
-		connectToDatabase(app)
-		defer shutdown(app)
+	app.cfg = d.Config
+	connectToDatabase(app)
+	defer shutdown(app)
 
-		if !app.db.DatabaseInitialized() {
-			err = adminInitDatabase(app)
-			if err != nil {
-				log.Error(err.Error())
-				os.Exit(1)
-			}
+	if !app.db.DatabaseInitialized() {
+		err = adminInitDatabase(app)
+		if err != nil {
+			log.Error(err.Error())
+			os.Exit(1)
 		}
+	} else {
+		log.Info("Database already initialized.")
+	}
 
+	if d.User != nil {
 		u := &User{
 			Username:   d.User.Username,
 			HashedPass: d.User.HashedPass,

From 4feac6dcd217d5415d198510941bdafc77d9774a Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Thu, 27 Jun 2019 18:13:20 +0300
Subject: [PATCH 5/5] Remove `langs` list from `post-render` as it does not
 actually do anything useful (see
 https://github.com/writeas/writefreely/pull/128#issuecomment-506207107)

---
 templates/include/post-render.tmpl | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/templates/include/post-render.tmpl b/templates/include/post-render.tmpl
index 517b291..8d7a816 100644
--- a/templates/include/post-render.tmpl
+++ b/templates/include/post-render.tmpl
@@ -6,8 +6,6 @@
     var hlbaseUri = "/js/";
     var lb = document.querySelectorAll("code[class^='language-']");
 
-    // Set langs to the langs that are included by default (for now: 'common set' on CDN)
-    var langs = [];
 
     // Custom aliasmap
     var aliasmap = {
@@ -65,7 +63,7 @@
         // Support the aliases specified above
         if (aliasmap[lang]) lang = aliasmap[lang];
         lurl = hlbaseUri + "highlightjs/" + lang + ".min.js";
-        if (!(langs.includes(lang) || jss.includes(lurl))) {
+        if (!jss.includes(lurl)) {
           jss.push(lurl);
         }
       }