simonmichael/hledger
1
1
Fork 0
mirror of https://github.com/simonmichael/hledger.git synced 2024-09-19 10:17:35 +03:00
Code Issues Projects Releases Wiki Activity
eeb45ec6ef
hledger/hledger-web/package.yaml

166 lines
3.9 KiB
YAML
Raw Normal View History

lib, cli, web, api: use hpack (package.yaml) for all packages at last #371 Generated package.yaml files from the old cabal files with hpack-convert, removed some problematic blank lines manually, regenerated the cabal files from the package.yaml files with hpack. Tests pass, looks like all the info is still there. This means that from now on, we don't edit cabal files directly. We edit the less verbose package.yaml files. stack will update the cabal files automatically (or non-stack users can use hpack). The changes to both are committed, as we still want to provide the cabal files to downloaders.
2016-08-09 17:24:41 +03:00
name: hledger-web
;pkg: bump version to 1.32.99
2023-12-02 22:09:07 +03:00
version: 1.32.99
;doc: package description cleanups
2023-09-21 09:40:24 +03:00
synopsis: Web user interface for the hledger accounting system
format package descriptions more nicely
2016-08-09 21:27:00 +03:00
description: |
;doc: package description cleanups
2023-09-21 09:40:24 +03:00
A simple web user interface for the hledger accounting system,
;doc: more tweaks to package readmes, hackage descriptions
2020-03-22 20:49:02 +03:00
providing a more modern UI than the command-line or terminal interfaces.
It can be used as a local single-user UI, or as a multi-user UI for
Fix hledger-web description Slashes need to be escaped or they introduce unexpected italic style due to Haddock markup.
2020-10-22 08:06:35 +03:00
viewing\/adding\/editing on the web.
;doc: more tweaks to package readmes, hackage descriptions
2020-03-22 20:49:02 +03:00
hledger is a robust, cross-platform set of tools for tracking money,
time, or any other commodity, using double-entry accounting and a
simple, editable file format, with command-line, terminal and web
interfaces. It is a Haskell rewrite of Ledger, and one of the leading
implementations of Plain Text Accounting. Read more at:
<https://hledger.org>
format package descriptions more nicely
2016-08-09 21:27:00 +03:00
lib, cli, web, api: use hpack (package.yaml) for all packages at last #371 Generated package.yaml files from the old cabal files with hpack-convert, removed some problematic blank lines manually, regenerated the cabal files from the package.yaml files with hpack. Tests pass, looks like all the info is still there. This means that from now on, we don't edit cabal files directly. We edit the less verbose package.yaml files. stack will update the cabal files automatically (or non-stack users can use hpack). The changes to both are committed, as we still want to provide the cabal files to downloaders.
2016-08-09 17:24:41 +03:00
category: Finance
Use more accurate license tag in Cabal file.
2017-03-08 11:19:13 +03:00
license: GPL-3
lib, cli, web, api: use hpack (package.yaml) for all packages at last #371 Generated package.yaml files from the old cabal files with hpack-convert, removed some problematic blank lines manually, regenerated the cabal files from the package.yaml files with hpack. Tests pass, looks like all the info is still there. This means that from now on, we don't edit cabal files directly. We edit the less verbose package.yaml files. stack will update the cabal files automatically (or non-stack users can use hpack). The changes to both are committed, as we still want to provide the cabal files to downloaders.
2016-08-09 17:24:41 +03:00
author: Simon Michael <simon@joyful.com>
maintainer: Simon Michael <simon@joyful.com>
github: simonmichael/hledger
homepage: http://hledger.org
bug-reports: http://bugs.hledger.org
ui, web, api: package.yaml: similar cleanups
2017-08-26 02:31:54 +03:00
stability: stable
;pkg: update tested-with
2023-07-01 20:34:46 +03:00
tested-with: GHC==8.10.7, GHC==9.0.2, GHC==9.2.8, GHC==9.4.5
ui, web, api: package.yaml: similar cleanups
2017-08-26 02:31:54 +03:00
lib, cli, web, api: use hpack (package.yaml) for all packages at last #371 Generated package.yaml files from the old cabal files with hpack-convert, removed some problematic blank lines manually, regenerated the cabal files from the package.yaml files with hpack. Tests pass, looks like all the info is still there. This means that from now on, we don't edit cabal files directly. We edit the less verbose package.yaml files. stack will update the cabal files automatically (or non-stack users can use hpack). The changes to both are committed, as we still want to provide the cabal files to downloaders.
2016-08-09 17:24:41 +03:00
extra-source-files:
doc: changelogs: rename to CHANGES.md These have been an adhoc mixture of plain text, markdown and org, and used in each mode at different times. They will now have a definite format, which for now is markdown. Org was another contender. [ci skip]
2019-01-26 05:11:04 +03:00
- CHANGES.md
;doc: consistent markdown readmes for packages
2020-03-22 19:07:47 +03:00
- README.md
lib, cli, web, api: use hpack (package.yaml) for all packages at last #371 Generated package.yaml files from the old cabal files with hpack-convert, removed some problematic blank lines manually, regenerated the cabal files from the package.yaml files with hpack. Tests pass, looks like all the info is still there. This means that from now on, we don't edit cabal files directly. We edit the less verbose package.yaml files. stack will update the cabal files automatically (or non-stack users can use hpack). The changes to both are committed, as we still want to provide the cabal files to downloaders.
2016-08-09 17:24:41 +03:00
- config/favicon.ico
- config/keter.yaml
- config/robots.txt
- config/routes
- config/settings.yml
- static/css/*.css
- static/css/*.map
- static/fonts/*.eot
- static/fonts/*.svg
- static/fonts/*.ttf
- static/fonts/*.woff
- static/hledger.css
- static/hledger.js
- static/js/*.js
- templates/*.hamlet
fix data-files paths in yaml/cabal files
2017-12-07 05:45:01 +03:00
- hledger-web.1
- hledger-web.txt
- hledger-web.info
ui, web, api: package.yaml: similar cleanups
2017-08-26 02:31:54 +03:00
reorder yaml files consistently
2016-08-09 21:39:42 +03:00
flags:
library-only:
description: Build for use with "yesod devel"
manual: false
default: false
dev:
description: Turn on development settings, like auto-reload templates.
manual: false
default: false
threaded:
description: Build with support for multithreaded execution.
manual: false
default: true
ui, web, api: package.yaml: similar cleanups
2017-08-26 02:31:54 +03:00
web: fix duplicate package.yaml keys warned about by hpack
2018-10-19 00:38:20 +03:00
ghc-options:
- -Wall
imp: consistent ghc warnings
2022-03-26 21:11:52 +03:00
# not included in -Wall:
;cabal: remove special cases for unsupported GHC 7
2019-11-29 01:58:32 +03:00
- -Wredundant-constraints
imp: consistent ghc warnings
2022-03-26 21:11:52 +03:00
# not included in -Wall by older GHC versions:
- -Wincomplete-record-updates
- -Wincomplete-uni-patterns
web: fix duplicate package.yaml keys warned about by hpack
2018-10-19 00:38:20 +03:00
ui, web, api: package.yaml: similar cleanups
2017-08-26 02:31:54 +03:00
when:
- condition: (flag(dev)) || (flag(library-only))
cpp-options: -DDEVELOPMENT
web: note hackage warning [ci skip]
2018-12-04 01:05:01 +03:00
# This causes a warning when uploading to hackage:
#Package check reported the following warnings:
# 'ghc-options: -O0' is not needed. Use the --disable-optimization configure flag.
ui, web, api: package.yaml: similar cleanups
2017-08-26 02:31:54 +03:00
- condition: flag(dev)
ghc-options: -O0
pkg: web: start a common deps list, add breakpoint to other components
2022-08-23 03:10:11 +03:00
dependencies:
;dev: ui, web: fixes for ghc 9.6; cleanup (#2011)
2023-03-16 08:09:18 +03:00
- base >=4.14 && <4.19
pkg: web: start a common deps list, add breakpoint to other components
2022-08-23 03:10:11 +03:00
lib, cli, web, api: use hpack (package.yaml) for all packages at last #371 Generated package.yaml files from the old cabal files with hpack-convert, removed some problematic blank lines manually, regenerated the cabal files from the package.yaml files with hpack. Tests pass, looks like all the info is still there. This means that from now on, we don't edit cabal files directly. We edit the less verbose package.yaml files. stack will update the cabal files automatically (or non-stack users can use hpack). The changes to both are committed, as we still want to provide the cabal files to downloaders.
2016-08-09 17:24:41 +03:00
library:
web: Conform layout to the rest of hledger-* packages
2018-06-18 12:23:44 +03:00
source-dirs: .
;pkg: bump version to 1.32.99
2023-12-02 22:09:07 +03:00
cpp-options: -DVERSION="1.32.99"
lib, cli, web, api: use hpack (package.yaml) for all packages at last #371 Generated package.yaml files from the old cabal files with hpack-convert, removed some problematic blank lines manually, regenerated the cabal files from the package.yaml files with hpack. Tests pass, looks like all the info is still there. This means that from now on, we don't edit cabal files directly. We edit the less verbose package.yaml files. stack will update the cabal files automatically (or non-stack users can use hpack). The changes to both are committed, as we still want to provide the cabal files to downloaders.
2016-08-09 17:24:41 +03:00
exposed-modules:
- Hledger.Web
lib!: export less from cli and web packages, and more from ui
2023-09-21 09:38:28 +03:00
- Hledger.Web.Main
- Hledger.Web.WebOptions
web: Conform layout to the rest of hledger-* packages
2018-06-18 12:23:44 +03:00
- Hledger.Web.Application
lib!: export less from cli and web packages, and more from ui
2023-09-21 09:38:28 +03:00
- Hledger.Web.Import
- Hledger.Web.Test
web: Add /manage page, implement /edit, /upload, and /download
2018-06-17 02:04:13 +03:00
dependencies:
;pkg: bump version to 1.32.99
2023-12-02 22:09:07 +03:00
- hledger-lib >=1.32.99 && <1.33
- hledger >=1.32.99 && <1.33
pkg: add support for aeson 2.2, add upper bound
2023-07-01 21:10:44 +03:00
- aeson >=1 && <2.3
fix: web: b64 encode user controlled input (#1525) This fixes a reported Stored XSS vulnerability in toBloodhoundJson by encoding the user-controlled values in this payload into base64 and parsing them with atob. In my exploration of the vulnerability with various payloads I and others crafted, it would appear that this is the only available XSS in hledger-web in relation to stored accounts and transaction details. If there is other parts of the UI which may contain user-controlled data, they should be examined for similar things. In this instance, protections provided by yesod and other libraries worked fine, but in a bit of code that hledger-web was generating, the user could insert a </Script> tag (which is valid HTML and equivalent to </script> but not caught by the T.Replace that existed in toBloodhoundJson) in order to switch out of a script context, allowing the parser to be reset, and for arbitrary JavaScript to run. The real fix is a bit more involved, but produces much better results: Content-Security-Policy headers should be introduced, and using sha256-<hash of script> or a different algorithm, they should be marked as trusted in the header. This way, if the (in-browser) parser and hledger-web generator disagree on the source code of the script, the script won't run. Note that this would still be susceptible to attacks that involve changing the script by escaping from the string inside it or something similar to that, which can be avoided additionally by using either the method used in this commit, or a proper JSON encoder. The second approach has the advantage of preventing further XSS, to the extent specified above, in practice, a combination of both should be used, b64 for embedded data and the CSP sha256-hash script-src over everything else, which will eliminate all injected or malformed script blocks (via CSP), in combination with eliminating any HTML closing tags which might occur in stored data (via b64). This vulnerability appears to have been first introduced when autocompletion was added in hledger-web, git tag hledger-0.24, commit hash: ec51d28839b2910eea360b1b8c72904b51cf7821 Test payload: </Script><svg onload=alert(1)//> Closes #1525
2021-08-22 14:58:46 +03:00
- base64
web: Add /manage page, implement /edit, /upload, and /download
2018-06-17 02:04:13 +03:00
- blaze-html
- blaze-markup
- bytestring
web: Add capabilities type, CLI options, and reading them from headers
2018-06-18 00:53:24 +03:00
- case-insensitive
web: Add /manage page, implement /edit, /upload, and /download
2018-06-17 02:04:13 +03:00
- clientsession
- cmdargs >=0.10
- conduit
- conduit-extra >=1.1
lib, etc: add now-required lower bound on containers (#1514)
2021-03-29 18:19:28 +03:00
- containers >=0.5.9
web: Add /manage page, implement /edit, /upload, and /download
2018-06-17 02:04:13 +03:00
- data-default
require newer Decimal, math-functions, fixing inconsistent rounding Decimal 0.5.1+ changed to banker's rounding (round to nearest even number), and math-functions 0.3.3.0 (used by roi) fixed various precision-related issues. Now we require the latest versions of these. This was causing some functional test failures when building with old GHCs/snapshots.
2020-03-19 20:10:55 +03:00
- Decimal >=0.5.1
web: Put session file in $XDG_DATA_DIR. (#1344) * web: Put session file in $XDG_DATA_DIR. * web: Use $XDG_CACHE_HOME instead of $XDG_DATA_HOME. * web: Force minimum version of directory (needed for xdg utilities). * web: Cancel changes to hledger-web.cabal Co-authored-by: Félix Sipma <felix.sipma@no-log.org>
2020-09-10 18:37:33 +03:00
- directory >=1.2.3.0
Use nubSort instead of nub . sort.
2020-01-04 09:09:01 +03:00
- extra >=1.6.3
web: Add /manage page, implement /edit, /upload, and /download
2018-06-17 02:04:13 +03:00
- filepath
- hjsmin
- http-conduit
- http-client
web: support adding new transactions via JSON PUT (#316) A single transaction can be added by PUT to /add. (I read that PUT, not POST, should be used to create; perhaps the web add form should also use PUT ?) As with the web form, the `add` capability is required (and enabled by default). Here's how to test with curl: $ curl -s http://127.0.0.1:5000/add -X PUT -H 'Content-Type: application/json' --data-binary @in.json; echo New readJsonFile/writeJsonFile helpers in Hledger.Web.Json are handy for generating test data. Eg: >>> writeJsonFile "in.json" (head $ jtxns samplejournal)
2019-02-21 04:39:35 +03:00
- http-types
pkg: allow megaparsec 9.5
2023-09-02 08:25:29 +03:00
- megaparsec >=7.0.0 && <9.6
lib, cli, web: drop unnecessary mtl-compat dependency
2019-12-02 19:23:00 +03:00
- mtl >=2.2.1
web: Add option --socket to use UNIX socket file This commit adds the --socket option to use hledger-web over an AF_UNIX socket file. It allows running multiple instances of hledger-web on the same system without having to manually choose a port for each instance, which is helpful for running individual instances for multiple users. In this scenario, the socket path is predictable, as it can be derived from the username. It also introduces the following dependencies: - network - Used to create the unix domain socket - unix-compat - Used to identify if the socket file is still a socket, to reduce the risk of deleting a file when cleaning up the socket
2019-07-18 02:58:33 +03:00
- network
imp:web: access control UX cleanups (fix #834) Changes: 1. rename the sandstorm "manage" permission to "edit" (old permission names: view, add, manage; new permission names: view, add, edit). Rationale: "edit" best describes this permission's current powers, to users and to operators. If we ever added more manager-type features we'd want that to be a new permission, not a rename of the existing one (which would change the powers of existing users). 2. rename the sandstorm roles for consistency with permissions (old role names: viewer, editor, manager; new role names: viewer, adder, editor) Rationale: it's needed to avoid confusion. 3. add a new option: --allow=view|add|edit|sandstorm (default: add). 'sandstorm' sets permissions according to the X-Sandstorm-Permissions header. Drop the --capabilities and --capabilities-header options. Rationale: it's simpler and more intuitive. 4. replace "capability" with "permission" in ui/docs/code. Rationale: consistent with the above, more familiar.
2023-10-23 11:39:13 +03:00
- safe >=0.3.19
web: Add /manage page, implement /edit, /upload, and /download
2018-06-17 02:04:13 +03:00
- shakespeare >=2.0.2.2
- template-haskell
feat:print: add a basic beancount output format This prints journal output more likely (but not guaranteed) to be readable by Beancount. All packages now require text 1.2.4.1 or greater.
2023-11-23 10:11:59 +03:00
- text >=1.2.4.1
web: Add /manage page, implement /edit, /upload, and /download
2018-06-17 02:04:13 +03:00
- time >=1.5
- transformers
web: Add option --socket to use UNIX socket file This commit adds the --socket option to use hledger-web over an AF_UNIX socket file. It allows running multiple instances of hledger-web on the same system without having to manually choose a port for each instance, which is helpful for running individual instances for multiple users. In this scenario, the socket path is predictable, as it can be derived from the username. It also introduces the following dependencies: - network - Used to create the unix domain socket - unix-compat - Used to identify if the socket file is still a socket, to reduce the risk of deleting a file when cleaning up the socket
2019-07-18 02:58:33 +03:00
- unix-compat
;web: transaction fragments: use numeric identifiers for journal files This saves us from any escaping issues.
2020-05-25 11:06:20 +03:00
- unordered-containers
web: Modify the --cors option to require a specific origin - Modified the cors option to require a String - Moved the logic to build the cors policy to WebOptions.hs - Specify the --cors "*" example in the cors option help - Added utf8-string dependency to convert a String into a ByteString
2019-10-07 12:29:06 +03:00
- utf8-string
web: Add /manage page, implement /edit, /upload, and /download
2018-06-17 02:04:13 +03:00
- wai
- wai-extra
web: Add IPv6 and hostname support This commit introduces IPv6 support (and thus closes #1145). It also allows using local hostnames as a parameter for --host. For this, multiple things needed to be changed: - checkWebOpts is dropped, as the supplied parameter is checked later by Network.Socket.getAddrInfo - defbaseurl needs to check if : is used in the host, as this indicates the usage of an IPv6 address. In this case, the host needs to be wrapped in [] for the base URL - To allow opening such a modified base URL, runHostPortFullUrl is used instead of runhostPortUrl, as it allows opening arbitrary URLs instead of a path prefixed with http://127.0.0.1 As checking the host for validity is postponed until the webserver tries to start, an invalid hostname leads to an exception caused by Network.Socket.getAddrInfo. This is still fine, as hledger-web won't start in an undefined state, but will terminate with a nonzero exit code.
2020-01-15 00:18:05 +03:00
- wai-handler-launch >=3.0.3
web: Allow CORS to be enabled in hledger-web Add a --cors option to the CLI to enable simple cross-origin requests
2019-09-28 13:35:40 +03:00
- wai-cors
web: Add /manage page, implement /edit, /upload, and /download
2018-06-17 02:04:13 +03:00
- warp
- yaml
;cabal: remove special cases for unsupported GHC 7
2019-11-29 01:58:32 +03:00
- yesod >=1.4 && < 1.7
- yesod-core >=1.4 && < 1.7
Allow yesod-form 1.7 Builds fine and all tests pass here.
2021-04-23 20:20:25 +03:00
- yesod-form >=1.4 && < 1.8
;cabal: remove special cases for unsupported GHC 7
2019-11-29 01:58:32 +03:00
- yesod-static >=1.4 && < 1.7
web: --test [-- HSPECARGS] runs the test suite
2020-11-17 00:58:48 +03:00
- hspec
- yesod-test
ui, web, api: package.yaml: similar cleanups
2017-08-26 02:31:54 +03:00
lib, cli, web, api: use hpack (package.yaml) for all packages at last #371 Generated package.yaml files from the old cabal files with hpack-convert, removed some problematic blank lines manually, regenerated the cabal files from the package.yaml files with hpack. Tests pass, looks like all the info is still there. This means that from now on, we don't edit cabal files directly. We edit the less verbose package.yaml files. stack will update the cabal files automatically (or non-stack users can use hpack). The changes to both are committed, as we still want to provide the cabal files to downloaders.
2016-08-09 17:24:41 +03:00
executables:
hledger-web:
source-dirs: app
ui, web, api: package.yaml: similar cleanups
2017-08-26 02:31:54 +03:00
main: main.hs
;pkg: bump version to 1.32.99
2023-12-02 22:09:07 +03:00
cpp-options: -DVERSION="1.32.99"
lib, cli, web, api: use hpack (package.yaml) for all packages at last #371 Generated package.yaml files from the old cabal files with hpack-convert, removed some problematic blank lines manually, regenerated the cabal files from the package.yaml files with hpack. Tests pass, looks like all the info is still there. This means that from now on, we don't edit cabal files directly. We edit the less verbose package.yaml files. stack will update the cabal files automatically (or non-stack users can use hpack). The changes to both are committed, as we still want to provide the cabal files to downloaders.
2016-08-09 17:24:41 +03:00
dependencies:
cli, web: remove unnecessary bound to satisfy hackage server
2017-08-25 19:09:25 +03:00
- hledger-web
lib, cli, web, api: use hpack (package.yaml) for all packages at last #371 Generated package.yaml files from the old cabal files with hpack-convert, removed some problematic blank lines manually, regenerated the cabal files from the package.yaml files with hpack. Tests pass, looks like all the info is still there. This means that from now on, we don't edit cabal files directly. We edit the less verbose package.yaml files. stack will update the cabal files automatically (or non-stack users can use hpack). The changes to both are committed, as we still want to provide the cabal files to downloaders.
2016-08-09 17:24:41 +03:00
when:
- condition: flag(library-only)
buildable: false
- condition: flag(threaded)
ghc-options: -threaded
ui, web, api: package.yaml: similar cleanups
2017-08-26 02:31:54 +03:00
web: re-enable the test suite; add a test for /journal (#1390)
2020-11-13 05:09:02 +03:00
tests:
test:
source-dirs: test
main: test.hs
other-modules: [] # prevent double compilation, https://github.com/sol/hpack/issues/188
;pkg: bump version to 1.32.99
2023-12-02 22:09:07 +03:00
cpp-options: -DVERSION="1.32.99"
web: re-enable the test suite; add a test for /journal (#1390)
2020-11-13 05:09:02 +03:00
dependencies:
- hledger-web
pkg:web: clean up some apparently redundant declarations and deps
2023-11-07 20:06:25 +03:00
# - hspec
# - text
# - yesod
# - yesod-test
Reference in New Issue Copy Permalink