Merge branch 'OWASP-BLT:main' into patch-7

blog/templates/blog/post_form.html

@@ -40,7 +40,39 @@
     }
 
     .form-field {
-        margin-bottom: 15px;
+        margin-bottom: 20px;
+    }
+
+    .form-field label {
+        font-weight: bold;
+        display: block;
+        margin-bottom: 5px;
+        color: #333;
+    }
+
+    .form-field input, .form-field textarea {
+        width: 100%;
+        padding: 10px;
+        margin-top: 5px;
+        border: 1px solid #ccc;
+        border-radius: 5px;
+        box-sizing: border-box;
+        font-size: 16px;
+        background-color: #F9F9F9; 
+        color: #333; 
+    }
+    .form-field input:focus, .form-field textarea:focus {
+        outline: none;
+        border-color: #007BFF; 
+        background-color: #FFFFFF; 
+    }
+    .form-field input::placeholder, .form-field textarea::placeholder {
+        color: #888; 
+    }
+    .form-field .error {
+        color: red;
+        font-size: 0.9em;
+        margin-top: 5px;
     }
     </style>
     {% include "includes/sidenav.html" %}

blog/templates/blog/post_list.html

@@ -59,6 +59,30 @@
         border-radius: 5px;
         margin-bottom: 10px;
     }
+
+    a.floating-new-blog-button {
+        position: fixed;
+        bottom: 50px;
+        left: 220px;
+        padding: 10px 15px;
+        background-color: #C51919; 
+        color: #fff;
+        text-decoration: none;
+        border-radius: 5px;
+        font-weight: bold;
+        display: inline-flex;
+        align-items: center;
+        box-shadow: 0 4px 8px rgba(0, 0, 0, 0.2);
+        transition: transform 0.3s ease;
+        z-index: 1000;
+    }
+    a.floating-new-blog-button:hover {
+        transform: scale(1.1); 
+        color:red;
+    }
+    a.floating-new-blog-button i {
+        margin-right: 6px;
+    }
     </style>
     {% include "includes/sidenav.html" %}
     <h1 class="blog-title">Blog Posts</h1>
@@ -80,4 +104,7 @@ <h1 class="blog-title">Blog Posts</h1>
             <p class="no-posts-message">No posts available.</p>
         {% endfor %}
     </ul>
+    <a href="{% url 'post_create' %}" class="floating-new-blog-button">
+        <i class="fas fa-plus"></i> New Blog
+    </a>
 {% endblock content %}

blt/middleware/ip_restrict.py

@@ -138,7 +138,9 @@ def __call__(self, request):
 
         if ip:
             with transaction.atomic():
-                ip_records = IP.objects.select_for_update().filter(address=ip)
+                # create unique entry for every unique (ip,path) tuple
+                # if this tuple already exists, we just increment the count.
+                ip_records = IP.objects.select_for_update().filter(address=ip, path=request.path)
                 if ip_records.exists():
                     ip_record = ip_records.first()
 
@@ -149,8 +151,8 @@ def __call__(self, request):
 
                     ip_record.agent = agent
                     ip_record.count = new_count
-                    ip_record.path = request.path
-                    ip_record.save(update_fields=["agent", "count", "path"])
+                    if ip_record.pk:
+                        ip_record.save(update_fields=["agent", "count"])
 
                     # Check if a transaction is already active before starting a new one
                     if not transaction.get_autocommit():

pyproject.toml

@@ -68,7 +68,7 @@ bitcash = "^1.0.2"
 pydantic = "^2.7.3"
 pydantic_core = "^2.18.4"
 langchain = "^0.2.17"
-langchain-community = "^0.2.18"
+langchain-community = "^0.2.19"
 langchain-core = "^0.2.43"
 langchain-openai = "^0.1.25"
 unstructured = "^0.16.5"
@@ -78,11 +78,13 @@ openai = "^1.54.4"
 psutil = "^5.9.8"
 python-bitcoinrpc = "^1.0"
 sendgrid = "^6.11.0"
+matplotlib = "^3.9.2"
+openpyxl = "^3.1.5"
 
 [tool.poetry.group.dev.dependencies]
 black = "^24.8.0"
 isort = "^5.13.2"
-ruff = "^0.7.2"
+ruff = "^0.7.4"
 pre-commit = "^3.8.0"
 
 [tool.isort]

website/templates/home.html

@@ -11,7 +11,7 @@
         <section class="text-center py-16 ">
             <h1 class="text-5xl font-bold mb-4">Welcome to OWASP BLT</h1>
             <p class="text-xl mb-8">Making the World Wide Web a Safer Place</p>
-            <a href="{% url 'issues' %}"
+            <a href="{% url 'report' %}"
                class="bg-white text-red-500 font-semibold py-3 px-6 rounded-full shadow-lg">
                 <i class="fas fa-flag"></i> Report a Bug
             </a>

website/views/project.py

@@ -1,23 +1,29 @@
 import json
+import logging
 import re
 from datetime import datetime, timedelta
+from io import BytesIO
 from pathlib import Path
 
+import matplotlib.pyplot as plt
 import requests
 from django.contrib import messages
 from django.contrib.auth.decorators import user_passes_test
+from django.db.models import Count
+from django.db.models.functions import TruncDate
 from django.http import HttpResponse
 from django.shortcuts import get_object_or_404, redirect, render
 from django.utils.timezone import now
 from django.views.generic import DetailView, ListView
-from PIL import Image, ImageDraw, ImageFont
 from rest_framework.views import APIView
 
 from website.bitcoin_utils import create_bacon_token
 from website.forms import GitHubURLForm
-from website.models import BaconToken, Contribution, Project
+from website.models import IP, BaconToken, Contribution, Project
 from website.utils import admin_required
 
+logging.getLogger("matplotlib").setLevel(logging.ERROR)
+
 
 def blt_tomato(request):
     current_dir = Path(__file__).parent
@@ -170,30 +176,49 @@ def get(self, request, slug):
         # Retrieve the project or return 404
         project = get_object_or_404(Project, slug=slug)
 
-        # Increment the visit count
+        # Get unique visits, grouped by date
+        visit_counts = (
+            IP.objects.filter(path=request.path)
+            .annotate(date=TruncDate("created"))
+            .values("date")
+            .annotate(visit_count=Count("address"))
+            .order_by("date")  # Order from oldest to newest
+        )
+
+        # Update project visit count
         project.repo_visit_count += 1
         project.save()
 
-        # Create an image with the updated visit count
-        img = Image.new("RGB", (200, 50), color=(73, 109, 137))
-        d = ImageDraw.Draw(img)
-        font = ImageFont.load_default()
-
-        # Updated line to calculate text size
-        text = f"Visits: {project.repo_visit_count}"
-        bbox = d.textbbox((0, 0), text, font=font)
-        text_width = bbox[2] - bbox[0]
-        text_height = bbox[3] - bbox[1]
+        # Extract dates and counts
+        dates = [entry["date"] for entry in visit_counts]
+        counts = [entry["visit_count"] for entry in visit_counts]
+        total_views = sum(counts)  # Calculate total views
+
+        fig = plt.figure(figsize=(4, 1))
+        plt.bar(dates, counts, width=0.5, color="red")
+
+        plt.title(
+            f"{total_views}",
+            loc="left",
+            x=-0.36,
+            y=0.3,
+            fontsize=15,
+            fontweight="bold",
+            color="red",
+        )
 
-        # Center the text in the image
-        position = ((200 - text_width) / 2, (50 - text_height) / 2)
-        d.text(position, text, font=font, fill=(255, 255, 0))
+        plt.gca().set_xticks([])  # Remove x-axis ticks
+        plt.gca().set_yticks([])
+        plt.box(False)
 
-        # Prepare the HTTP response with the image and cache control
-        response = HttpResponse(content_type="image/png")
-        img.save(response, "PNG")
+        # Save the plot to an in-memory file
+        buffer = BytesIO()
+        plt.savefig(buffer, format="png", bbox_inches="tight")
+        plt.close()
+        buffer.seek(0)
 
-        # Set headers to prevent caching
+        # Prepare the HTTP response with the bar graph image
+        response = HttpResponse(buffer, content_type="image/png")
         response["Cache-Control"] = "no-store, no-cache, must-revalidate, max-age=0"
         response["Pragma"] = "no-cache"
         response["Expires"] = "0"