I didn't break anything, what are you talking about...?

add note about securing it

.gitignore

@@ -4,7 +4,7 @@ resources.py
 __pycache__/
 venv/
 static/policy/
-app/static/site.css
+app/static/css/site.css
 app/static/.webassets-cache/**/*
 app/static/brickdb/*
 locale.json
@@ -17,3 +17,5 @@ property_files/*
 *.log
 app/settings.py
 *.exe
+*.csv
+*.sql

README.md

@@ -65,18 +65,20 @@
       * Reports how much currency that characters posses
     * U-Score:
       * Reports how much U-Score that characters posses
-  * Analytics:
-    * Provide reporting to Developers to help better solve issues
-    * Disabled by default. Set `ALLOW_ANALYTICS` to true to enable.
 
 # Deployment
 
 > **NOTE: This tutorial assumes you have a working DLU server instance and**
-> **some knowledge of Linux**
+> **some knowledge of command line interfaces on your chosen platform**
+
+
+**It is highly recommended to setup a reverse proxy via Nginx or some other tool and use SSL to secure your Nexus Dashboard instance if you are going to be opening it up to any non-LANs**
+ * [How to setup Nginx](https://www.digitalocean.com/community/tutorials/how-to-configure-nginx-as-a-reverse-proxy-on-ubuntu-22-04)
+ * [How to use certbot for SSL](https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-22-04)
+
 ## Docker
 
 ```bash
-
 docker run -d \
     -e APP_SECRET_KEY='<secret_key>' \
     -e APP_DATABASE_URI='mysql+pymysql://<username>:<password>@<host>:<port>/<database>' \
@@ -86,7 +88,6 @@ docker run -d \
     -v /path/to/unpacked/client:/app/luclient:rw \
     -v /path/to/cachedir:/app/cache:rw \
     aronwk/nexus-dashboard:latest
-
 ```
 
  * `/app/luclient` must be mapped to the location of an unpacked client
@@ -103,36 +104,41 @@ Please Reference `app/settings_exmaple.py` to see all the variables
     * APP_DATABASE_URI (Must be provided)
   * Everything else is optional and has defaults
 
-## Manual
+## Manual Linux Installation
 
 Thanks to [HailStorm32](https://github.com/HailStorm32) for this manual install guide!
+
 ### Setting Up The Environment
-First you will want to install the following packages by executing the following commands
+First you will want to install the following packages by executing the following commands presuming you are on a Debian based system.
+
 `sudo apt-get update`
+
 `sudo apt-get install -y python3 python3-pip sqlite3 git unzip libmagickwand-dev`
 
 > *Note: If  you are having issues with installing `sqlite3`, change it to `sqlite`*
 
 <br>
-Next we will clone the repository. You can clone it anywhere, but for the purpose of this tutorial, we will be cloning it to the home directory.
+Next you will want to clone the repository. You can clone it anywhere, but for the purpose of this tutorial, we will be cloning it to the home directory.'
+<br></br>
 
-`cd` *make sure you are in the home directory*
+Run `cd ~` to ensure that you are currently in the home directory then run the following command to clone the repository into our home directory
 `git clone https://github.com/DarkflameUniverse/NexusDashboard.git`
 
-You should now have a directory called `NexusDashboard`
+You should now have a directory called `NexusDashboard` present in your home directory
 
 ### Setting up
 
 Rename the example settings file
 `cp ~/NexusDashboard/app/settings_example.py ~/NexusDashboard/app/settings.py`
 
-Now let's open the settings file we just created and configure some of the settings
-`vim ~/NexusDashboard/app/settings.py`
->*Feel free to use any text editor you are more comfortable with instead of vim*
+Now let's open the settings file we just created and configure some of the settings with nano as it is a simple text editor that is easy to use
+`nano ~/NexusDashboard/app/settings.py`
+>*Obviously you can replace this with a text editor of your choice, nano is just the most simple to use out of the ones available by default on most Linux distros*
 
 <br>
-Inside this file is where you can change certain settings like user registration, email support and other things. In this tutorial I will only be focusing on the bare minimum to get up and running, but feel free to adjust what you would like
->*Note: Enabling the email option will require further setup that is outside the scope of this tutorial*
+Inside this file is where you can change certain settings like user registration, email support and other things. In this tutorial we will only be focusing on the bare minimum to get up and running, but feel free to adjust what you would like to fit your needs.
+
+>*Note: There are options in here that are related to email registration and password recovery among other features however those require extra setup not covered by this tutorial*
 
 The two important settings to configure are `APP_SECRET_KEY` and `APP_DATABASE_URI`
 
@@ -162,65 +168,166 @@ Once you are done making the changes, save and close the file
 
 We will need the following folders from the client
 ```
-locale  (all of the files inside)
+locale
+└───locale.xml
 
 res
-|_BrickModels
-|_brickprimitives
-|_textures
-|_ui
-|_brickdb.zip
+├───BrickModels
+├───brickprimitives
+├───textures
+├───ui
+├───brickdb.zip
 ```
 Put the two folders in `~/NexusDashboard/app/luclient`
 
 Unzip the `brickdb.zip` in place
 `unzip brickdb.zip`
 
-Remove the `.zip` after you have unzipped it
+Remove the `.zip` file after you have unzipped it, you can do that with
 `rm brickdb.zip`
 
 In the `luclient` directory you should now have a file structure that looks like this
 ```
-local
-|_locale.xml
+locale
+└───locale.xml
 
 res
-|_BrickModels
-	|_...
-|_brickprimitives
-	|_...
-|_textures
-	|_...
-|_ui
-	|_...
-|_Assemblies
-	|_...
-|_Primitives
-	|_...
-|_Materials.xml
-|_info.xml
+├───BrickModels
+│   └─── ...
+├───brickprimitives
+│	└─── ...
+├───textures
+│	└─── ...
+├───ui
+│	└─── ...
+├───Assemblies
+│	└─── ...
+├───Primitives
+│	└─── ...
+├───Materials.xml
+└───info.xml
 ```
 
 We will also need to copy the `CDServer.sqlite` database file from the server to the `~/NexusDashboard/app/luclient/res` folder
 
-Once the file is moved over, you will need to rename it to `cdclient.sqlite`
-`mv ~/NexusDashboard/app/luclient/res/CDServer.sqlite ~/NexusDashboard/app/luclient/res/cdclient.sqlite`
+Once the file is moved over, you will need to rename it to `cdclient.sqlite`, this can be done with the following command
+```bash
+mv ~/NexusDashboard/app/luclient/res/CDServer.sqlite ~/NexusDashboard/app/luclient/res/cdclient.sqlite
+```
 
 
 ##### Remaining Setup
-Run the following commands one at a time
+To finish this, we will need to install the python dependencies and run the database migrations, simply run the following commands one at a time
+```bash
+cd ~/NexusDashboard
+pip install -r requirements.txt
+pip install gunicorn
+flask db upgrade
+```
+##### Running the site
+Once all of the above is complete, you can run the site with the command
+`gunicorn -b :8000 -w 4 wsgi:app`
 
-`cd ~/NexusDashboard`
-`pip install -r requirements.txt`
-`pip install gunicorn`
-`flask db upgrade`
+## Manual Windows Setup
+
+While a lot of the setup on Windows is the same a lot of it can be completed with GUI interfaces and requires installing things from websites instead of the command line.
+
+### Setting Up The Environment
+You need to install the following prerequisites:
+
+  * [Python 3.8](https://www.python.org/downloads/release/python-380/)
+  * [Git](https://git-scm.com/downloads)
+  * [ImageMagick](https://docs.wand-py.org/en/latest/guide/install.html#install-imagemagick-on-windows)
+  * [7-Zip](https://www.7-zip.org/download.html)
+
+Next you will need to clone the repository. You can clone it anywhere, but for the purpose of this tutorial, you will want to clone it to your desktop just for simplicity, it can be moved after.
+
+Open a command prompt and run `cd Desktop` (The command line should place you in your Home directory be default) to ensure that you are currently in the desktop directory then run the following command to clone the repository into our desktop directory
+
+Run the following command to clone the repository `git clone https://github.com/DarkflameUniverse/NexusDashboard.git`
+
+You should now have a directory called `NexusDashboard` present on your desktop.
+
+### Setting up 
+Now that we have the repository cloned you need to rename the example settings file, you can perform this manually in the GUI or you can use the command line, to do the latter run the following commands
+  * `cd NexusDashboard\app`
+  * `copy settings_example.py settings.py`
+
+Now let's open the settings file we just created and configure some of the settings with the Windows default notepad. 
+* `notepad settings.py`
+
+Inside this file is where you can change certain settings like user registration, email support and other things. In this tutorial we will only be focusing on the bare minimum to get up and running, but feel free to adjust what you would like to fit your needs.
+
+> *Note: There are options in here that are related to email registration and password recovery among other features however those require extra setup not covered by this tutorial*
+
+The two important settings to configure are `APP_SECRET_KEY` and `APP_DATABASE_URI`
+
+For `APP_SECRET_KEY` you can just fill in any random 32 character string and for `APP_DATABASE_URI` you will need to fill in a connection string to your database. The connection string will look similar to this. You will need to fill in your own information for the username, password, host, port and database name.
+```
+APP_DATABASE_URI = "mysql+pymysql://<username>:<password>@<host>:<port>/<database>"
+```
+and the rest of the file can be left at the default values other than the `APP_SECRET_KEY` which you will need to fill in with random characters.
+
+Once you are done making the changes, save and close the file
+
+##### Client related files
+We will need the following folders from the client
+```
+locale
+└───locale.xml
+
+res
+├───BrickModels
+├───brickprimitives
+├───textures
+├───ui
+└───brickdb.zip
+```
+Put the two folders in `Desktop/NexusDashboard/app/luclient`
+
+Unzip the `brickdb.zip` in place using 7-Zip, you can do this by right clicking the file and selecting `7-Zip > Extract Here`.
+
+After doing this you can remove the `.zip`, simply delete the file.
+
+In the `luclient` directory you should now have a file structure that looks like this
+```
+locale
+└───locale.xml
+
+res
+├───BrickModels
+│   └─── ...
+├───brickprimitives
+│	└─── ...
+├───textures
+│	└─── ...
+├───ui
+│	└─── ...
+├───Assemblies
+│	└─── ...
+├───Primitives
+│	└─── ...
+├───Materials.xml
+└───info.xml
+```
+
+We will also need to copy the `CDServer.sqlite` database file from the server to the `Desktop/NexusDashboard/app/luclient/res` folder
+
+Once the file is moved over, you will need to rename it to `cdclient.sqlite`, this can be done by right clicking the file and selecting `Rename` and then changing the name to `cdclient.sqlite`
+
+##### Remaining Setup
+To finish this, we will need to install the python dependencies and run the database migrations, simply run the following commands one at a time in the root directory of the site, if you are not in the root directory you can run `cd Desktop/NexusDashboard` to get there (assuming you have opened a new terminal window)
+```bat
+pip install -r requirements.txt
+flask db upgrade
+```
 
 ##### Running the site
-You can run the site with
-`gunicorn -b :8000 -w 4 wsgi:app`
+Once all of the above is complete, you can run the site with the command
+`flask run` however bare in mind that this is a development version of the site, at the moment running a production version of the site on Windows is not supported.
 
 # Development
 
-Please use [Editor Config](https://editorconfig.org/)
+Please use [Editor Config](https://editorconfig.org/) to maintain a consistent coding style between different editors and different contributors.
 
-  * `flask run` to run local dev server
+  * `python3 -m flask run` to run a local dev server

app/__init__.py

@@ -11,6 +11,7 @@ from flask_user import user_registered, current_user, user_logged_in
 from flask_wtf.csrf import CSRFProtect
 from flask_apscheduler import APScheduler
 from app.luclient import register_luclient_jinja_helpers
+import pathlib
 
 from app.commands import (
     init_db,
@@ -82,6 +83,11 @@ def create_app():
         if cdclient is not None:
             cdclient.close()
 
+    @app.template_filter()
+    def numberFormat(value):
+        return format(int(value), ',d')
+
+
     # add the commands to flask cli
     app.cli.add_command(init_db)
     app.cli.add_command(init_accounts)
@@ -96,6 +102,19 @@ def create_app():
     register_blueprints(app)
     register_luclient_jinja_helpers(app)
 
+    # Extract the brickdb if it's not already extracted
+    materials = pathlib.Path(f'{app.config["CACHE_LOCATION"]}Materials.xml')
+    if not materials.is_file():
+        # unzip the brickdb, and remove the import after
+        from zipfile import ZipFile
+        with ZipFile(f"{app.config['CLIENT_LOCATION']}res/brickdb.zip","r") as zip_ref:
+            zip_ref.extractall(app.config["CACHE_LOCATION"])
+        del ZipFile
+        # copy over the brick primitives, and remove the import after
+        from shutil import copytree
+        copytree(f"{app.config['CLIENT_LOCATION']}res/brickprimitives", f"{app.config['CACHE_LOCATION']}brickprimitives")
+        del copytree
+
     return app
 
 
@@ -120,7 +139,7 @@ def register_extensions(app):
 
     assets = Environment(app)
     assets.url = app.static_url_path
-    scss = Bundle('scss/site.scss', filters='libsass', output='site.css')
+    scss = Bundle('scss/site.scss', filters='libsass', output='css/site.css')
     assets.register('scss_all', scss)
 
 
@@ -159,7 +178,7 @@ def register_blueprints(app):
 
 def register_logging(app):
     # file logger
-    file_handler = RotatingFileHandler('nexus_dashboard.log', maxBytes=1024 * 1024 * 100, backupCount=20)
+    file_handler = RotatingFileHandler('logs/nexus_dashboard.log', maxBytes=1024 * 1024 * 100, backupCount=20)
     file_handler.setLevel(logging.INFO)
     formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")
     file_handler.setFormatter(formatter)
@@ -220,10 +239,6 @@ def register_settings(app):
         'USER_REQUIRE_INVITATION',
         app.config['USER_REQUIRE_INVITATION']
     )
-    app.config['ALLOW_ANALYTICS'] = os.getenv(
-        'ALLOW_ANALYTICS',
-        app.config['ALLOW_ANALYTICS']
-    )
     app.config['SQLALCHEMY_ENGINE_OPTIONS'] = {
         "pool_pre_ping": True,
         "pool_size": 10,
@@ -265,6 +280,35 @@ def register_settings(app):
         app.config['USER_EMAIL_SENDER_EMAIL']
     )
 
+    if "ENABLE_CHAR_XML_UPLOAD" not in app.config:
+        app.config['ENABLE_CHAR_XML_UPLOAD'] = False
+    app.config['ENABLE_CHAR_XML_UPLOAD'] = os.getenv(
+        'ENABLE_CHAR_XML_UPLOAD',
+        app.config['ENABLE_CHAR_XML_UPLOAD']
+    )
+
+    if "CLIENT_LOCATION" not in app.config:
+        app.config['CLIENT_LOCATION'] = 'app/luclient/'
+    app.config['CLIENT_LOCATION'] = os.getenv(
+        'CLIENT_LOCATION',
+        app.config['CLIENT_LOCATION']
+    )
+
+    if "CD_SQLITE_LOCATION" not in app.config:
+        app.config['CD_SQLITE_LOCATION'] = 'app/luclient/res/'
+    app.config['CD_SQLITE_LOCATION'] = os.getenv(
+        'CD_SQLITE_LOCATION',
+        app.config['CD_SQLITE_LOCATION']
+    )
+
+    if "CACHE_LOCATION" not in app.config:
+        app.config['CACHE_LOCATION'] = 'app/cache/'
+    app.config['CACHE_LOCATION'] = os.getenv(
+        'CACHE_LOCATION',
+        app.config['CACHE_LOCATION']
+    )
+
+
 
 def gm_level(gm_level):
     """Decorator for handling permissions based on the user's GM Level

app/accounts.py

@@ -1,7 +1,9 @@
 from flask import render_template, Blueprint, redirect, url_for, request, current_app, flash
 from flask_user import login_required, current_user
 from datatables import ColumnDT, DataTables
+import bcrypt
 import datetime
+import secrets
 from app.models import (
     Account,
     CharacterInfo,
@@ -14,11 +16,13 @@ from app.models import (
     AuditLog,
     BugReport,
     AccountInvitation,
-    db
+    db,
+    Friends
 )
 from app.schemas import AccountSchema
 from app import gm_level, log_audit
 from app.forms import EditGMLevelForm, EditEmailForm
+from sqlalchemy import or_
 
 accounts_blueprint = Blueprint('accounts', __name__)
 
@@ -150,10 +154,14 @@ def delete(id):
     message = f"Deleted Account ({account.id}){account.username}"
     chars = CharacterInfo.query.filter(CharacterInfo.account_id == id).all()
     for char in chars:
-        activities = ActivityLog.query.filter(ActivityLog.character_id == char.id).all()
+        activities = ActivityLog.query.filter(
+            ActivityLog.character_id == char.id
+        ).all()
         for activity in activities:
             activity.delete()
-        lb_entries = Leaderboard.query.filter(Leaderboard.character_id == char.id).all()
+        lb_entries = Leaderboard.query.filter(
+            Leaderboard.character_id == char.id
+        ).all()
         for lb_entry in lb_entries:
             lb_entry.delete()
         mails = Mail.query.filter(Mail.receiver_id == char.id).all()
@@ -161,21 +169,29 @@ def delete(id):
             mail.delete()
         props = Property.query.filter(Property.owner_id == char.id).all()
         for prop in props:
-            prop_contents = PropertyContent.query.filter(PropertyContent.property_id == prop.id).all()
+            prop_contents = PropertyContent.query.filter(
+                PropertyContent.property_id == prop.id
+            ).all()
             for prop_content in prop_contents:
                 if prop_content.lot == "14":
                     UGC.query.filter(UGC.id == prop.ugc_id).first().delete()
                 prop_content.delete()
             prop.delete()
+        friends = Friends.query.filter(
+            or_(Friends.player_id == char.id, Friends.friend_id == char.id)
+        ).all()
+        for friend in friends:
+            friend.delete()
         char.delete()
     # This is for GM stuff, it will be permnently delete logs
-    bugs = BugReport.query.filter(BugReport.resolve_by_id == id).all()
+    bugs = BugReport.query.filter(BugReport.resoleved_by_id == id).all()
     for bug in bugs:
         bug.delete()
     audits = AuditLog.query.filter(AuditLog.account_id == id).all()
     for audit in audits:
         audit.delete()
-    invites = AccountInvitation.query.filter(AccountInvitation.invited_by_user_id == id).all()
+    invites = AccountInvitation.query.filter(
+        AccountInvitation.invited_by_user_id == id).all()
     for invite in invites:
         invite.delete()
     account.delete()
@@ -184,6 +200,27 @@ def delete(id):
     return redirect(url_for("main.index"))
 
 
+@accounts_blueprint.route('/pass_reset/<id>', methods=['GET', 'POST'])
+@login_required
+@gm_level(9)
+def pass_reset(id):
+    # get the account
+    account = Account.query.filter(Account.id == id).first()
+    # make a random pass of length 12 using secrets
+    raw_pass = secrets.token_urlsafe(12)
+    # generate the hash
+    salt = bcrypt.gensalt()
+    hashed = bcrypt.hashpw(str.encode(raw_pass), salt)
+    # save the has
+    account.password = hashed
+    account.save()
+    # display for the admin to get and log that the action was done
+    flash(f"Set password for account {account.username} to {raw_pass}", "success")
+    log_audit(f"Reset password for {account.username}")
+
+    return redirect(request.referrer if request.referrer else url_for("main.index"))
+
+
 @accounts_blueprint.route('/get', methods=['GET'])
 @login_required
 @gm_level(3)

app/characters.py

@@ -1,14 +1,15 @@
-from flask import render_template, Blueprint, redirect, url_for, request, abort, flash, make_response
+from flask import render_template, Blueprint, redirect, url_for, request, abort, flash, make_response, current_app
 from flask_user import login_required, current_user
 from datatables import ColumnDT, DataTables
 import time
 from app.models import CharacterInfo, CharacterXML, Account, db
 from app.schemas import CharacterInfoSchema
-from app.forms import RescueForm
+from app.forms import RescueForm, CharXMLUploadForm
 from app import gm_level, log_audit
 from app.luclient import translate_from_locale
 import xmltodict
 import xml.etree.ElementTree as ET
+import json
 
 
 character_blueprint = Blueprint('characters', __name__)
@@ -30,14 +31,20 @@ def approve_name(id, action):
     character = CharacterInfo.query.filter(CharacterInfo.id == id).first()
 
     if action == "approve":
-        log_audit(f"Approved ({character.id}){character.pending_name} from {character.name}")
-        flash(
-            f"Approved ({character.id}){character.pending_name} from {character.name}",
-            "success"
-        )
         if character.pending_name:
             character.name = character.pending_name
             character.pending_name = ""
+            log_audit(f"Approved ({character.id}){character.pending_name} from {character.name}")
+            flash(
+                f"Approved ({character.id}){character.pending_name} from {character.name}",
+                "success"
+            )
+        else:
+            log_audit("Cannot make character name empty")
+            flash(
+                "Cannot make character name empty",
+                "danger"
+            )
         character.needs_rename = False
 
     elif action == "rename":
@@ -72,7 +79,7 @@ def view(id):
     character_json = xmltodict.parse(
         CharacterXML.query.filter(
             CharacterXML.id == id
-        ).first().xml_data,
+        ).first().xml_data.replace("\"stt=", "\" stt="),
         attr_prefix="attr_"
     )
 
@@ -85,9 +92,10 @@ def view(id):
     # stupid fix for jinja parsing
     character_json["obj"]["inv"]["holdings"] = character_json["obj"]["inv"].pop("items")
     # sort by items slot index
-    for inv in character_json["obj"]["inv"]["holdings"]["in"]:
-        if "i" in inv.keys() and type(inv["i"]) == list:
-            inv["i"] = sorted(inv["i"], key=lambda i: int(i['attr_s']))
+    if type(character_json["obj"]["inv"]["holdings"]["in"]) == list:
+        for inv in character_json["obj"]["inv"]["holdings"]["in"]:
+                if "i" in inv.keys() and type(inv["i"]) == list:
+                    inv["i"] = sorted(inv["i"], key=lambda i: int(i['attr_s']))
 
     return render_template(
         'character/view.html.j2',
@@ -113,7 +121,7 @@ def view_xml(id):
 
     character_xml = CharacterXML.query.filter(
         CharacterXML.id == id
-    ).first().xml_data
+    ).first().xml_data.replace("\"stt=", "\" stt=")
 
     response = make_response(character_xml)
     response.headers.set('Content-Type', 'text/xml')
@@ -184,7 +192,7 @@ def rescue(id):
         CharacterXML.id == id
     ).first()
 
-    character_xml = ET.XML(character_data.xml_data)
+    character_xml = ET.XML(character_data.xml_data.replace("\"stt=", "\" stt="))
     for zone in character_xml.findall('.//r'):
         if int(zone.attrib["w"]) % 100 == 0:
             form.save_world.choices.append(
@@ -210,6 +218,30 @@ def rescue(id):
     return render_template("character/rescue.html.j2", form=form)
 
 
+@character_blueprint.route('/upload/<id>', methods=['GET', 'POST'])
+@login_required
+@gm_level(8)
+def upload(id):
+    if not current_app.config["ENABLE_CHAR_XML_UPLOAD"]:
+        flash("You must enable this setting to do this", "danger")
+        return redirect(url_for('characters.view', id=id))
+
+    form = CharXMLUploadForm()
+
+    character_data = CharacterXML.query.filter(
+        CharacterXML.id == id
+    ).first()
+
+    if form.validate_on_submit():
+        character_data.xml_data = form.char_xml.data
+        character_data.save()
+        flash("You accept all consequences from these actions", "danger")
+        log_audit(f"Updated {character_data.id}'s xml data")
+        return redirect(url_for('characters.view', id=id))
+    form.char_xml.data = character_data.xml_data
+    return render_template("character/upload.html.j2", form=form)
+
+
 @character_blueprint.route('/get/<status>', methods=['GET'])
 @login_required
 @gm_level(3)
@@ -228,7 +260,7 @@ def get(status):
     if status == "approved":
         query = db.session.query().select_from(CharacterInfo).join(Account).filter((CharacterInfo.pending_name == "") & (CharacterInfo.needs_rename == False))
     elif status == "unapproved":
-        query = db.session.query().select_from(CharacterInfo).join(Account).filter((CharacterInfo.pending_name != "") | (CharacterInfo.needs_rename == True))
+        query = db.session.query().select_from(CharacterInfo).join(Account).filter((CharacterInfo.pending_name != "") & (CharacterInfo.needs_rename == False))
     else:
         query = db.session.query().select_from(CharacterInfo).join(Account)
 

app/forms.py

@@ -75,10 +75,12 @@ class CustomRegisterForm(FlaskForm):
 
     password = PasswordField('Password', validators=[
         DataRequired(),
-        password_validator
+        password_validator,
+        validators.length(max=40, message="The maximum length of the password is 40 characters due to game client limitations")
     ])
     retype_password = PasswordField('Retype Password', validators=[
-        validators.EqualTo('password', message='Passwords did not match')
+        validators.EqualTo('password', message='Passwords did not match'),
+        validators.length(max=40, message="The maximum length of the password is 40 characters due to game client limitations")
     ])
 
     invite_token = HiddenField('Token')
@@ -119,7 +121,7 @@ class EditPlayKeyForm(FlaskForm):
 
 class EditGMLevelForm(FlaskForm):
 
-    email = IntegerField(
+    gm_level = IntegerField(
         'GM Level',
         widget=NumberInput(min=0, max=9)
     )
@@ -209,3 +211,13 @@ class RejectPropertyForm(FlaskForm):
     )
 
     submit = SubmitField('Submit')
+
+
+class CharXMLUploadForm(FlaskForm):
+    char_xml = StringField(
+        'Paste minified charxml here:',
+        widget=TextArea(),
+        validators=[validators.DataRequired()]
+    )
+
+    submit = SubmitField('Submit')

app/log.py

@@ -25,7 +25,7 @@ def command():
 @log_blueprint.route('/system')
 @gm_level(8)
 def system():
-    with open('nexus_dashboard.log', 'r') as file:
+    with open('logs/nexus_dashboard.log', 'r') as file:
         logs = '</br>'.join(file.read().split('\n')[-100:])
     return render_template('logs/system.html.j2', logs=logs)
 

app/luclient.py

@@ -5,7 +5,8 @@ from flask import (
     redirect,
     url_for,
     make_response,
-    abort
+    abort,
+    current_app
 )
 from flask_user import login_required
 from app.models import CharacterInfo
@@ -32,7 +33,7 @@ def get_dds_as_png(filename):
     cache = f'cache/{filename.split(".")[0]}.png'
 
     if not os.path.exists(cache):
-        root = 'app/luclient/res/'
+        root = f"{current_app.config['CLIENT_LOCATION']}res/"
 
         path = glob.glob(
             root + f'**/{filename}',
@@ -41,7 +42,7 @@ def get_dds_as_png(filename):
 
         with image.Image(filename=path) as img:
             img.compression = "no"
-            img.save(filename='app/cache/' + filename.split('.')[0] + '.png')
+            img.save(filename=current_app.config["CACHE_LOCATION"] + filename.split('.')[0] + '.png')
 
     return send_file(cache)
 
@@ -52,7 +53,7 @@ def get_dds(filename):
     if filename.split('.')[-1] != 'dds':
         return 404
 
-    root = 'app/luclient/res/'
+    root = f"{current_app.config['CLIENT_LOCATION']}res/"
 
     dds = glob.glob(
         root + f'**/{filename}',
@@ -65,12 +66,17 @@ def get_dds(filename):
 @luclient_blueprint.route('/get_icon_lot/<id>')
 @login_required
 def get_icon_lot(id):
-
+    if id is None:
+        redirect(url_for('luclient.unknown'))
     render_component_id = query_cdclient(
         'select component_id from ComponentsRegistry where component_type = 2 and id = ?',
         [id],
         one=True
-    )[0]
+    )
+    if render_component_id is not None:
+        render_component_id = render_component_id[0]
+    else:
+        return redirect(url_for('luclient.unknown'))
 
     # find the asset from rendercomponent given the  component id
     filename = query_cdclient(
@@ -84,10 +90,10 @@ def get_icon_lot(id):
     else:
         return redirect(url_for('luclient.unknown'))
 
-    cache = f'app/cache/{filename.split(".")[0]}.png'
+    cache = f'{current_app.config["CACHE_LOCATION"]}{filename.split(".")[0]}.png'
 
     if not os.path.exists(cache):
-        root = 'app/luclient/res/'
+        root = f"{current_app.config['CLIENT_LOCATION']}res/"
         try:
             pathlib.Path(os.path.dirname(cache)).resolve().mkdir(parents=True, exist_ok=True)
             with image.Image(filename=f'{root}{filename}'.lower()) as img:
@@ -111,10 +117,10 @@ def get_icon_iconid(id):
 
     filename = filename.replace("..\\", "").replace("\\", "/")
 
-    cache = f'app/cache/{filename.split(".")[0]}.png'
+    cache = f'{current_app.config["CACHE_LOCATION"]}{filename.split(".")[0]}.png'
 
     if not os.path.exists(cache):
-        root = 'app/luclient/res/'
+        root = f"{current_app.config['CLIENT_LOCATION']}res/"
         try:
             pathlib.Path(os.path.dirname(cache)).resolve().mkdir(parents=True, exist_ok=True)
             with image.Image(filename=f'{root}{filename}'.lower()) as img:
@@ -132,14 +138,14 @@ def brick_list():
     brick_list = []
     if len(brick_list) == 0:
         suffixes = [".g", ".g1", ".g2", ".g3", ".xml"]
-        res = pathlib.Path('app/luclient/res/')
+        res = pathlib.Path(f"{current_app.config['CLIENT_LOCATION']}res/")
         # Load g files
         for path in res.rglob("*.*"):
             if str(path.suffix) in suffixes:
                 brick_list.append(
                     {
                         "type": "file",
-                        "name": str(path.as_posix()).replace("app/luclient/res/", "")
+                        "name": str(path.as_posix()).replace("{current_app.config['CLIENT_LOCATION']}res/", "")
                     }
                 )
     response = make_response(json.dumps(brick_list))
@@ -151,7 +157,7 @@ def brick_list():
 @luclient_blueprint.route('/ldddb/<path:req_path>')
 def dir_listing(req_path):
     # Joining the base and the requested path
-    rel_path = pathlib.Path(str(pathlib.Path(f'app/luclient/res/{req_path}').resolve()))
+    rel_path = pathlib.Path(str(pathlib.Path(f"{current_app.config['CLIENT_LOCATION']}res/{req_path}").resolve()))
     # Return 404 if path doesn't exist
     if not rel_path.exists():
         return abort(404)
@@ -168,10 +174,10 @@ def dir_listing(req_path):
 def unknown():
     filename = "textures/ui/inventory/unknown.dds"
 
-    cache = f'app/cache/{filename.split(".")[0]}.png'
+    cache = f'{current_app.config["CACHE_LOCATION"]}{filename.split(".")[0]}.png'
 
     if not os.path.exists(cache):
-        root = 'app/luclient/res/'
+        root = f"{current_app.config['CLIENT_LOCATION']}res/"
         try:
             pathlib.Path(os.path.dirname(cache)).resolve().mkdir(parents=True, exist_ok=True)
             with image.Image(filename=f'{root}{filename}'.lower()) as img:
@@ -191,7 +197,16 @@ def get_cdclient():
     """
     cdclient = getattr(g, '_cdclient', None)
     if cdclient is None:
-        cdclient = g._database = sqlite3.connect('app/luclient/res/cdclient.sqlite')
+        path = pathlib.Path(f"{current_app.config['CD_SQLITE_LOCATION']}cdclient.sqlite")
+        if path.is_file():
+            cdclient = g._database = sqlite3.connect(f"{current_app.config['CD_SQLITE_LOCATION']}cdclient.sqlite")
+            return cdclient
+
+        path = pathlib.Path(f"{current_app.config['CD_SQLITE_LOCATION']}CDServer.sqlite")
+        if path.is_file():
+            cdclient = g._database = sqlite3.connect(f"{current_app.config['CD_SQLITE_LOCATION']}CDServer.sqlite")
+            return cdclient
+
     return cdclient
 
 
@@ -223,7 +238,7 @@ def translate_from_locale(trans_string):
     locale_data = ""
 
     if not locale:
-        locale_path = "app/luclient/locale/locale.xml"
+        locale_path = f"{current_app.config['CLIENT_LOCATION']}locale/locale.xml"
 
         with open(locale_path, 'r') as file:
             locale_data = file.read()
@@ -281,6 +296,7 @@ def register_luclient_jinja_helpers(app):
 
     @app.template_filter('parse_lzid')
     def parse_lzid(lzid):
+        if not lzid: return [1000, 1000, 1000]
         return[
             (int(lzid) & ((1 << 16) - 1)),
             ((int(lzid) >> 16) & ((1 << 16) - 1)),
@@ -308,7 +324,9 @@ def register_luclient_jinja_helpers(app):
             'select component_id from ComponentsRegistry where component_type = 11 and id = ?',
             [lot_id],
             one=True
-        )[0]
+        )
+        if render_component_id:
+            render_component_id = render_component_id[0]
 
         rarity = query_cdclient(
             'select rarity from ItemComponent where id = ?',

app/mail.py

@@ -69,8 +69,7 @@ def send():
         form.recipient.choices.append((character.id, character.name))
 
     items = query_cdclient(
-        'Select id, name, displayName from Objects where type = ?',
-        ["Loot"]
+        'Select id, name, displayName from Objects where type = "Loot"'
     )
 
     for item in items:

app/main.py

@@ -4,6 +4,9 @@ from flask_user import current_user, login_required
 from app.models import Account, CharacterInfo, ActivityLog
 from app.schemas import AccountSchema, CharacterInfoSchema
 
+import datetime
+import time
+
 main_blueprint = Blueprint('main', __name__)
 
 account_schema = AccountSchema()
@@ -28,12 +31,16 @@ def index():
 @login_required
 def about():
     """About Page"""
-    mods = Account.query.filter(Account.gm_level > 0).order_by(Account.gm_level.desc()).all()
+    mods = Account.query.filter(Account.gm_level > 1).order_by(Account.gm_level.desc()).all()
     online = 0
-    chars = CharacterInfo.query.all()
+    users = []
+    zones = {}
+    twodaysago = time.mktime((datetime.datetime.now() - datetime.timedelta(days=2)).timetuple())
+    chars = CharacterInfo.query.filter(CharacterInfo.last_login >= twodaysago).all()
+
     for char in chars:
         last_log = ActivityLog.query.with_entities(
-            ActivityLog.activity
+            ActivityLog.activity, ActivityLog.map_id
         ).filter(
             ActivityLog.character_id == char.id
         ).order_by(ActivityLog.id.desc()).first()
@@ -41,8 +48,13 @@ def about():
         if last_log:
             if last_log[0] == 0:
                 online += 1
+                if current_user.gm_level >= 8: users.append([char.name, last_log[1]])
+                if str(last_log[1]) not in zones:
+                    zones[str(last_log[1])] = 1
+                else:
+                    zones[str(last_log[1])] += 1
 
-    return render_template('main/about.html.j2', mods=mods, online=online)
+    return render_template('main/about.html.j2', mods=mods, online=online, users=users, zones=zones)
 
 
 @main_blueprint.route('/favicon.ico')

app/models.py

@@ -114,7 +114,7 @@ class PlayKey(db.Model):
             )
             db.session.add(new_key)
             db.session.commit()
-            return key
+        return key
 
     def delete(self):
         db.session.delete(self)

app/play_keys.py

@@ -11,14 +11,14 @@ play_keys_blueprint = Blueprint('play_keys', __name__)
 # Key creation page
 @play_keys_blueprint.route('/', methods=['GET'])
 @login_required
-@gm_level(9)
+@gm_level(5)
 def index():
     return render_template('play_keys/index.html.j2')
 
 
 @play_keys_blueprint.route('/create/<count>/<uses>', methods=['GET'], defaults={'count': 1, 'uses': 1})
 @login_required
-@gm_level(9)
+@gm_level(5)
 def create(count=1, uses=1):
     key = PlayKey.create(count=count, uses=uses)
     log_audit(f"Created {count} Play Key(s) with {uses} uses!")
@@ -28,7 +28,7 @@ def create(count=1, uses=1):
 
 @play_keys_blueprint.route('/create/bulk', methods=('GET', 'POST'))
 @login_required
-@gm_level(9)
+@gm_level(5)
 def bulk_create():
     form = CreatePlayKeyForm()
     if form.validate_on_submit():
@@ -42,7 +42,7 @@ def bulk_create():
 
 @play_keys_blueprint.route('/delete/<id>', methods=('GET', 'POST'))
 @login_required
-@gm_level(9)
+@gm_level(5)
 def delete(id):
     key = PlayKey.query.filter(PlayKey.id == id).first()
     # associated_accounts = Account.query.filter(Account.play_key_id==id).all()
@@ -54,7 +54,7 @@ def delete(id):
 
 @play_keys_blueprint.route('/edit/<id>', methods=('GET', 'POST'))
 @login_required
-@gm_level(9)
+@gm_level(5)
 def edit(id):
     key = PlayKey.query.filter(PlayKey.id == id).first()
     form = EditPlayKeyForm()
@@ -81,7 +81,7 @@ def edit(id):
 
 @play_keys_blueprint.route('/view/<id>', methods=('GET', 'POST'))
 @login_required
-@gm_level(9)
+@gm_level(5)
 def view(id):
     key = PlayKey.query.filter(PlayKey.id == id).first()
     accounts = Account.query.filter(Account.play_key_id == id).all()
@@ -90,7 +90,7 @@ def view(id):
 
 @play_keys_blueprint.route('/get', methods=['GET'])
 @login_required
-@gm_level(9)
+@gm_level(5)
 def get():
     columns = [
         ColumnDT(PlayKey.id),

app/properties.py

@@ -411,25 +411,37 @@ def download_model(id):
 
 def ugc(content):
     ugc_data = UGC.query.filter(UGC.id == content.ugc_id).first()
-    uncompressed_lxfml = zlib.decompress(ugc_data.lxfml)
+    uncompressed_lxfml = decompress(ugc_data.lxfml)
     response = make_response(uncompressed_lxfml)
     return response, ugc_data.filename
 
+def decompress(data):
+	assert data[:5] == b"sd0\x01\xff"
+	pos = 5
+	out = b""
+	while pos < len(data):
+		length = int.from_bytes(data[pos:pos+4], "little")
+		pos += 4
+		out += zlib.decompress(data[pos:pos+length])
+		pos += length
+	return out
 
 def prebuilt(content, file_format, lod):
     # translate LOT to component id
-    # we need to get a type of 2 because reasons
+    # we need to get a type of 2 for the render component to find the filename
     render_component_id = query_cdclient(
         'select component_id from ComponentsRegistry where component_type = 2 and id = ?',
         [content.lot],
         one=True
     )[0]
-    # find the asset from rendercomponent given the  component id
+    # find the asset from rendercomponent given the component id
     filename = query_cdclient(
         'select render_asset from RenderComponent where id = ?',
         [render_component_id],
         one=True
     )
+
+    # if we have a valie filename, coerce it
     if filename:
         filename = filename[0].split("\\\\")[-1].lower().split(".")[0]
         if "/" in filename:
@@ -437,25 +449,29 @@ def prebuilt(content, file_format, lod):
     else:
         return f"No filename for LOT {content.lot}"
 
-    lxfml = pathlib.Path(f'app/luclient/res/BrickModels/{filename.split(".")[0]}.lxfml')
+    # if we just want the lxfml, fine t and return it
+    lxfml = pathlib.Path(f'{current_app.config["CLIENT_LOCATION"]}res/BrickModels/{filename.split(".")[0]}.lxfml')
     if file_format == "lxfml":
 
         with open(lxfml, 'r') as file:
             lxfml_data = file.read()
         response = make_response(lxfml_data)
 
+    # else we handle getting the files for lddviewer
     elif file_format in ["obj", "mtl"]:
-        cache = pathlib.Path(f'app/cache/BrickModels/{filename}.lod{lod}.{file_format}')
+        # check to see if the file exists
+        cache = pathlib.Path(f'{current_app.config["CACHE_LOCATION"]}BrickModels/{filename}.lod{lod}.{file_format}')
         if not cache.is_file():
+            # if not make it an store it for later
             cache.parent.mkdir(parents=True, exist_ok=True)
             try:
                 ldd.main(str(lxfml.as_posix()), str(cache.with_suffix("").as_posix()), lod)  # convert to OBJ
             except Exception as e:
                 current_app.logger.error(f"ERROR on {cache}:\n {e}")
-
+        # then just read it
         with open(str(cache.as_posix()), 'r') as file:
             cache_data = file.read()
-
+        # and serve it
         response = make_response(cache_data)
 
     else:

app/pylddlib.py

@@ -7,6 +7,7 @@ import math
 import struct
 import zipfile
 from xml.dom import minidom
+from flask import current_app
 
 PRIMITIVEPATH = '/Primitives/'
 GEOMETRIEPATH = PRIMITIVEPATH
@@ -968,8 +969,8 @@ def main(lxf_filename, obj_filename, lod="2"):
     GEOMETRIEPATH = GEOMETRIEPATH + f"LOD{lod}/"
     converter = Converter()
     # print("Found DB folder. Will use this instead of db.lif!")
-    setDBFolderVars(dbfolderlocation="app/luclient/res/", lod=lod)
-    converter.LoadDBFolder(dbfolderlocation="app/luclient/res/")
+    setDBFolderVars(dbfolderlocation=f"{current_app.config['CACHE_LOCATION']}", lod=lod)
+    converter.LoadDBFolder(dbfolderlocation=f"{current_app.config['CACHE_LOCATION']}")
     converter.LoadScene(filename=lxf_filename)
     converter.Export(filename=obj_filename)
 

app/reports.py

@@ -6,7 +6,6 @@ from app import gm_level, scheduler
 from sqlalchemy.orm import load_only
 import datetime
 import xmltodict
-import random
 
 reports_blueprint = Blueprint('reports', __name__)
 
@@ -32,7 +31,6 @@ def index():
     ).filter(
         Reports.report_type == "uscore"
     ).group_by(Reports.date).options(load_only(Reports.date)).all()
-
     return render_template(
         'reports/index.html.j2',
         reports_items=reports_items,
@@ -69,20 +67,24 @@ def items_graph(start, end):
             items[key] = get_lot_name(key)
     # make it
     for key, value in items.items():
-        data = []
-        for entry in entries:
-            if key in entry.data.keys():
-                data.append(entry.data[key])
-            else:
-                data.append(0)
-        color = "#" + value.encode("utf-8").hex()[1:7]
-        if max(data) > 10:
-            datasets.append({
-                "label": value,
-                "data": data,
-                "backgroundColor": color,
-                "borderColor": color
-            })
+        if value:
+            data = []
+            for entry in entries:
+                if key in entry.data.keys():
+                    if not isinstance(entry.data[key], int):
+                        data.append(entry.data[key]["item_count"])
+                    else:
+                        data.append(entry.data[key])
+                else:
+                    data.append(0)
+            color = "#" + value.encode("utf-8").hex()[1:7]
+            if max(data) > 10:
+                datasets.append({
+                    "label": value,
+                    "data": data,
+                    "backgroundColor": color,
+                    "borderColor": color
+                })
 
     return render_template(
         'reports/graph.html.j2',
@@ -224,6 +226,7 @@ def gen_item_report():
             report_data = {}
 
             for char_xml in char_xmls:
+                name = CharacterInfo.query.filter(CharacterInfo.id == char_xml.id).first().name
                 try:
                     character_json = xmltodict.parse(
                         char_xml.xml_data,
@@ -233,9 +236,13 @@ def gen_item_report():
                         if "i" in inv.keys() and type(inv["i"]) == list and (int(inv["attr_t"]) == 0 or int(inv["attr_t"]) == 1):
                             for item in inv["i"]:
                                 if item["attr_l"] in report_data:
-                                    report_data[item["attr_l"]] = report_data[item["attr_l"]] + int(item["attr_c"])
+                                    report_data[item["attr_l"]]["item_count"] = report_data[item["attr_l"]]["item_count"] + int(item["attr_c"])
                                 else:
-                                    report_data[item["attr_l"]] = int(item["attr_c"])
+                                    report_data[item["attr_l"]] = {"item_count": int(item["attr_c"]), "chars": {}}
+                                if name in report_data[item["attr_l"]]["chars"]:
+                                    report_data[item["attr_l"]]["chars"][name] = report_data[item["attr_l"]]["chars"][name] + int(item["attr_c"])
+                                else:
+                                    report_data[item["attr_l"]]["chars"][name] = int(item["attr_c"])
                 except Exception as e:
                     current_app.logger.error(f"REPORT::ITEMS - ERROR PARSING CHARACTER {char_xml.id}")
                     current_app.logger.error(f"REPORT::ITEMS - {e}")

app/settings_example.py

@@ -7,8 +7,14 @@ APP_SYSTEM_ERROR_SUBJECT_LINE = APP_NAME + " system error"
 APP_SECRET_KEY = ""
 APP_DATABASE_URI = "mysql+pymysql://<username>:<password>@<host>:<port>/<database>"
 
-# Send Analytics for Developers to better fix issues
-ALLOW_ANALYTICS = False
+CLIENT_LOCATION = 'app/luclient/'
+CD_SQLITE_LOCATION = 'app/luclient/res/'
+CACHE_LOCATION = 'app/cache/'
+
+CONFIG_LINK = False
+CONFIG_LINK_TITLE = ""
+CONFIG_LINK_HREF = ""
+CONFIG_LINK_TEXT = ""
 
 # Flask settings
 CSRF_ENABLED = True
@@ -52,3 +58,6 @@ USER_PASSLIB_CRYPTCONTEXT_SCHEMES = ['bcrypt']  # bcrypt for password hashing
 # Flask-User routing settings
 USER_AFTER_LOGIN_ENDPOINT = "main.index"
 USER_AFTER_LOGOUT_ENDPOINT = "main.index"
+
+# Option will be removed once this feature is full implemeted
+ENABLE_CHAR_XML_UPLOAD = False

app/templates/base.html.j2

@@ -84,36 +84,6 @@
   <script type="text/javascript" src="{{ url_for('static', filename='bootstrap-4.2.1/js/bootstrap.bundle.min.js') }}"></script>
   <script type="text/javascript" src="{{ url_for('static', filename='datatables/datatables.min.js') }}"></script>
   <script type="sytylesheet" src="{{ url_for('static', filename='datatables/datatables.min.css') }}"></script>
-  <script>
-    // set the active nav-link item
-    $(function () {
-      let target_nav = '#{{request.endpoint}}'.replace('\.', '-');
-      $(target_nav).addClass('active');
-    });
-    $(function () {
-      $('[data-toggle="tooltip"]').tooltip()
-    })
-    {% if config.ALLOW_ANALYTICS %}
-      // Matomo JS analytics
-      var _paq = window._paq = window._paq || [];
-      /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
-      _paq.push(["setDocumentTitle", document.domain + "/" + document.title]);
-      _paq.push(['trackPageView']);
-      _paq.push(['enableLinkTracking']);
-      (function() {
-        var u="https://matomo.aronwk.com/";
-        _paq.push(['setTrackerUrl', u+'matomo.php']);
-        _paq.push(['setSiteId', '3']);
-        var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
-        g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
-      })();
-    {% endif %}
-  </script>
-  {% if config.ALLOW_ANALYTICS %}
-    <!-- Matomo no js analytics -->
-    <noscript><p><img src="https://matomo.aronwk.com/matomo.php?idsite=3&amp;rec=1" style="border:0;" alt="" /></p></noscript>
-  {% endif %}
-
 {% endblock %}
 
 </body>

app/templates/character/upload.html.j2

@@ -0,0 +1,22 @@
+{% extends 'base.html.j2' %}
+
+{% block title %}
+  Character XML Upload
+{% endblock title %}
+
+{% block content_before %}
+  Character XML Upload
+{% endblock content_before %}
+
+{% block content %}
+  <h3 style="color: orange;">PROCEED WITH CAUTION</h3>
+  <form method=post>
+    {{ form.csrf_token }}
+    <div class="card shadow-sm mx-auto pb-3 bg-dark border-primary" style="width: 20rem;">
+      <div class="card-body">
+        {{ helper.render_field(form.char_xml) }}
+        {{ helper.render_submit_field(form.submit) }}
+      </div>
+    </div>
+  </form>
+{% endblock  %}

app/templates/header.html.j2

@@ -46,7 +46,7 @@
           <a id='property-index' class='nav-link' href='{{ url_for('properties.index') }}'>Properties</a>
         {% endif %}
 
-        {% if current_user.is_authenticated and current_user.gm_level == 9 and config.REQUIRE_PLAY_KEY %}
+        {% if current_user.is_authenticated and current_user.gm_level >= 5 and config.REQUIRE_PLAY_KEY %}
           {# Play Keys #}
           <a id='play_keys-index' class='nav-link' href='{{ url_for('play_keys.index') }}'>Play Keys</a>
         {% endif %}
@@ -71,8 +71,8 @@
               {% if current_user.is_authenticated and current_user.gm_level >= 8 %}
                 <hr/>
                 <h3 class="text-center">Logs</h3>
-                <a class="dropdown-item text-center" href='{{ url_for('log.activity') }}'>Command Log</a>
-                <a class="dropdown-item text-center" href='{{ url_for('log.command') }}'>Activity Log</a>
+                <a class="dropdown-item text-center" href='{{ url_for('log.command') }}'>Command Log</a>
+                <a class="dropdown-item text-center" href='{{ url_for('log.activity') }}'>Activity Log</a>
                 <a class="dropdown-item text-center" href='{{ url_for('log.audit') }}'>Audit Log</a>
                 <a class="dropdown-item text-center" href='{{ url_for('log.system') }}'>System Log</a>
               {% endif %}

app/templates/ldd/ldd.html.j2

@@ -35,29 +35,6 @@
 
 <script type="text/javascript" src="{{ url_for('static', filename='lddviewer/base64-binary.js') }}"></script>
 
-{% if config.ALLOW_ANALYTICS %}
-  <script>
-    // Matomo JS analytics
-    var _paq = window._paq = window._paq || [];
-    /* tracker methods like "setCustomDimension" should be called before "trackPageView" */
-    _paq.push(["setDocumentTitle", document.domain + "/" + document.title]);
-    _paq.push(['trackPageView']);
-    _paq.push(['enableLinkTracking']);
-    (function() {
-      var u="https://matomo.aronwk.com/";
-      _paq.push(['setTrackerUrl', u+'matomo.php']);
-      _paq.push(['setSiteId', '3']);
-      var d=document, g=d.createElement('script'), s=d.getElementsByTagName('script')[0];
-      g.async=true; g.src=u+'matomo.js'; s.parentNode.insertBefore(g,s);
-    })();
-  </script>
-{% endif %}
-
-{% if config.ALLOW_ANALYTICS %}
-  <!-- Matomo no js analytics -->
-  <noscript><p><img src="https://matomo.aronwk.com/matomo.php?idsite=3&amp;rec=1" style="border:0;" alt="" /></p></noscript>
-{% endif %}
-
 <script type='module'>
   import {MTLLoader} from 'https://cdn.jsdelivr.net/npm/three@0.116.0/examples/jsm/loaders/MTLLoader.js'
   import {OBJLoader} from 'https://cdn.jsdelivr.net/npm/three@0.116.0/examples/jsm/loaders/OBJLoader.js'

app/templates/logs/activity.html.j2

@@ -22,7 +22,9 @@
         <tr>
             <th>ID</th>
             <th>Account:Character</th>
-            <th>Command</th>
+            <th>Activity</th>
+            <th>Time</th>
+            <th>Map</th>
         </tr>
     </thead>
     <tbody></tbody>
@@ -38,7 +40,7 @@
             "order": [[0, "desc"]],
             "processing": true,
             "serverSide": true,
-            "ajax": "{{ url_for('log.get_commands') }}",
+            "ajax": "{{ url_for('log.get_activities') }}",
           });
         });
   </script>

app/templates/logs/command.html.j2

@@ -22,9 +22,7 @@
         <tr>
             <th>ID</th>
             <th>Account:Character</th>
-            <th>Activity</th>
-            <th>Time</th>
-            <th>Map</th>
+            <th>Command</th>
         </tr>
     </thead>
     <tbody></tbody>
@@ -40,7 +38,7 @@
             "order": [[0, "desc"]],
             "processing": true,
             "serverSide": true,
-            "ajax": "{{ url_for('log.get_activities') }}",
+            "ajax": "{{ url_for('log.get_commands') }}",
           });
         });
   </script>

app/templates/main/about.html.j2

@@ -4,9 +4,47 @@
 
 {% block content_before %}
   Online Players: {{ online }}
+
 {% endblock %}
 
 {% block content %}
+
+  {# show general zone info to everyone #}
+  {% if zones %}
+    <div class='card mx-auto mt-5 shadow-sm bg-dark border-primary'>
+      <div class="card-body">
+        {% for zone, players in zones.items() %}
+          <div class="row">
+            <div class="col text-right">
+              {{ zone|get_zone_name }}
+            </div>
+            <div class="col">
+              {{ players }}
+            </div>
+          </div>
+        {% endfor %}
+      </div>
+    </div>
+  {% endif %}
+
+  {# only show this info to high level admina #}
+  {% if current_user.gm_level >= 8 and users|length > 0 %}
+    <div class='card mx-auto mt-5 shadow-sm bg-dark border-primary'>
+      <div class="card-body">
+        {% for user in users %}
+          <div class="row">
+            <div class="col text-right">
+              {{ user[0] }}
+            </div>
+            <div class="col">
+              {{ user[1]|get_zone_name }}
+            </div>
+          </div>
+        {% endfor %}
+      </div>
+    </div>
+  {% endif %}
+
   <div class='card mx-auto mt-5 shadow-sm bg-dark border-primary'>
     <div class="card-body">
       <h4 class="text-center">Staff</h4>
@@ -24,7 +62,27 @@
         </div>
       {% endfor %}
 
-      <hr>
+    </div>
+  </div>
+
+  <div class='card mx-auto mt-5 shadow-sm bg-dark border-primary'>
+    <div class="card-body">
+      <h4 class="text-center">Links</h4>
+
+      {% if config.CONFIG_LINK %}
+        <div class="row">
+          <div class="col text-right">
+            {{ config.CONFIG_LINK_TITLE }}
+          </div>
+          <div class="col">
+            <a href="{{ url_for('static', filename=config.CONFIG_LINK_HREF) }}">
+              {{ config.CONFIG_LINK_TEXT }}
+            </a>
+          </div>
+        </div>
+      {% endif %}
+
+
       <div class="row">
         <div class="col text-right">
           Source

app/templates/partials/_account.html.j2

@@ -108,6 +108,12 @@
           </div>
         {% endif %}
       </div>
+    {% elif current_user.gm_level == 9 %}
+      <div class="col">
+        <a role="button" class="btn btn-danger btn btn-block" href='{{ url_for('accounts.pass_reset', id= account_data.id) }}'>
+          Reset User's Password
+        </a>
+      </div>
     {% endif %}
 
     {% if account_data.play_key and current_user.gm_level > 3 and config.REQUIRE_PLAY_KEY %}

app/templates/partials/_character.html.j2

@@ -41,29 +41,35 @@
       </div>
     </div>
     {% if request.endpoint != "characters.view" %}
-    <br/>
-    <div class="row">
-      <div class="col text-center">
-          <a role="button" class="btn btn-primary btn-block"
-            href='{{ url_for('characters.view', id=character.id) }}'>
-            View Character
-          </a>
+      <br/>
+      <div class="row">
+        <div class="col text-center">
+            <a role="button" class="btn btn-primary btn-block"
+              href='{{ url_for('characters.view', id=character.id) }}'>
+              View Character
+            </a>
+        </div>
       </div>
-    </div>
     {% else %}
-    <br/>
-    <a role="button" class="btn btn-primary btn-block"
-      href='{{ url_for('characters.view_xml', id=character.id) }}'>
-      View XML
-    </a>
-    <a role="button" class="btn btn-primary btn-block"
-      href='{{ url_for('characters.get_xml', id=character.id) }}'>
-      Download XML
-    </a>
-    <a role="button" class="btn btn-primary btn-block"
-      href='{{ url_for('accounts.view', id=character.account_id) }}'>
-      View Account: {{character.account.username}}
-    </a>
+      <br/>
+      <a role="button" class="btn btn-primary btn-block"
+        href='{{ url_for('characters.view_xml', id=character.id) }}'>
+        View XML
+      </a>
+      <a role="button" class="btn btn-primary btn-block"
+        href='{{ url_for('characters.get_xml', id=character.id) }}'>
+        Download XML
+      </a>
+      {% if config.ENABLE_CHAR_XML_UPLOAD and current_user.gm_level >= 8 %}
+        <a role="button" class="btn btn-primary btn-block"
+          href='{{ url_for('characters.upload', id=character.id) }}'>
+          Upload XML
+        </a>
+      {% endif %}
+      <a role="button" class="btn btn-primary btn-block"
+        href='{{ url_for('accounts.view', id=character.account_id) }}'>
+        View Account: {{character.account.username}}
+      </a>
     {% endif %}
 
     {% if current_user.gm_level > 2 %}

app/templates/partials/_charxml.html.j2

@@ -63,9 +63,13 @@
         Play time:
       </div>
       <div class="col">
+        {% if character_json.obj.char.attr_time %}
           {{ (character_json.obj.char.attr_time|int/60/60/24)|int }} Days
           {{ (character_json.obj.char.attr_time|int/60/60)|int - ((character_json.obj.char.attr_time|int/60/60/24)|int) * 24}} Hours
           {{ (character_json.obj.char.attr_time|int/60 - (character_json.obj.char.attr_time|int/60/60)|int*60)|int }} Minutes
+        {% else %}
+          None
+        {% endif %}
       </div>
     </div>
     <hr class="bg-primary"/>
@@ -110,9 +114,15 @@
             {# Inv ID 0 - Index: 0 #}
             {% for item in character_json.obj.inv.holdings.in %}
               {% if item.attr_t == "0" %}
-                {% for inv_item in item.i %}
-                  {% include 'partials/charxml/_inv_grid.html.j2' %}
-                {% endfor %}
+                {% if item.i is iterable and (item.i is not string and item.i is not mapping) %}
+                  {% for inv_item in item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endfor %}
+                {% else %}
+                  {% with inv_item=item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endwith %}
+                {% endif %}
               {% endif %}
             {% endfor %}
           </div>
@@ -120,9 +130,15 @@
             {# Inv ID 1 - Index: 1 #}
             {% for item in character_json.obj.inv.holdings.in %}
               {% if item.attr_t == "1" %}
-                {% for inv_item in item.i %}
-                  {% include 'partials/charxml/_inv_grid.html.j2' %}
-                {% endfor %}
+                {% if item.i is iterable and (item.i is not string and item.i is not mapping) %}
+                  {% for inv_item in item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endfor %}
+                {% else %}
+                  {% with inv_item=item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endwith %}
+                {% endif %}
               {% endif %}
             {% endfor %}
           </div>
@@ -130,9 +146,15 @@
             {# Inv ID 14 - Index: 10 #}
             {% for item in character_json.obj.inv.holdings.in %}
               {% if item.attr_t == "14" %}
-                {% for inv_item in item.i %}
-                  {% include 'partials/charxml/_inv_grid.html.j2' %}
-                {% endfor %}
+                {% if item.i is iterable and (item.i is not string and item.i is not mapping) %}
+                  {% for inv_item in item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endfor %}
+                {% else %}
+                  {% with inv_item=item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endwith %}
+                {% endif %}
               {% endif %}
             {% endfor %}
           </div>
@@ -140,9 +162,15 @@
             {# Inv ID 2 - Index: 2 #}
             {% for item in character_json.obj.inv.holdings.in %}
               {% if item.attr_t == "2" %}
-                {% for inv_item in item.i %}
-                  {% include 'partials/charxml/_inv_grid.html.j2' %}
-                {% endfor %}
+                {% if item.i is iterable and (item.i is not string and item.i is not mapping) %}
+                  {% for inv_item in item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endfor %}
+                {% else %}
+                  {% with inv_item=item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endwith %}
+                {% endif %}
               {% endif %}
             {% endfor %}
           </div>
@@ -150,9 +178,15 @@
             {# Inv ID 5 - Index: 6 #}
             {% for item in character_json.obj.inv.holdings.in %}
               {% if item.attr_t == "5" %}
-                {% for inv_item in item.i %}
-                  {% include 'partials/charxml/_inv_grid.html.j2' %}
-                {% endfor %}
+                {% if item.i is iterable and (item.i is not string and item.i is not mapping) %}
+                  {% for inv_item in item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endfor %}
+                {% else %}
+                  {% with inv_item=item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endwith %}
+                {% endif %}
               {% endif %}
             {% endfor %}
           </div>
@@ -160,9 +194,15 @@
             {# Inv ID 7 - Index: 8 #}
             {% for item in character_json.obj.inv.holdings.in %}
               {% if item.attr_t == "7" %}
-                {% for inv_item in item.i %}
-                  {% include 'partials/charxml/_inv_grid.html.j2' %}
-                {% endfor %}
+                {% if item.i is iterable and (item.i is not string and item.i is not mapping) %}
+                  {% for inv_item in item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endfor %}
+                {% else %}
+                  {% with inv_item=item.i %}
+                    {% include 'partials/charxml/_inv_grid.html.j2' %}
+                  {% endwith %}
+                {% endif %}
               {% endif %}
             {% endfor %}
           </div>
@@ -187,10 +227,14 @@
         </button>
       </div>
       <div class="modal-body">
-        {% for zone in character_json.obj.char.zs.s %}
-          {% include 'partials/charxml/_zone_stats.html.j2' %}
-          {{ '<hr class="bg-primary"/>' if not loop.last else "" }}
-        {% endfor %}
+        {% if character_json.obj.char.zs %}
+          {% for zone in character_json.obj.char.zs.s %}
+            {% include 'partials/charxml/_zone_stats.html.j2' %}
+            {{ '<hr class="bg-primary"/>' if not loop.last else "" }}
+          {% endfor %}
+        {% else %}
+          No Stats Yet
+        {% endif %}
       </div>
       <div class="modal-footer">
         <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>

app/templates/partials/_gm_level.html.j2

@@ -14,7 +14,7 @@
 {% if gm_level==0 %}
   Player
 {% elif gm_level==1 %}
-  Key Distributor
+  Elevevated Civilan {# Unused #}
 {% elif gm_level==2 %}
   Junior Moderator
 {% elif gm_level==3 %}

app/templates/partials/charxml/_inv_grid.html.j2

@@ -13,7 +13,11 @@
   >
   {% if inv_item.attr_c != "1" %}
     <span class="inventory-count text-bold">
-      {{ inv_item.attr_c }}
+      {%if inv_item.attr_c|int > 999 %}
+        +999
+      {% else %}
+        {{ inv_item.attr_c }}
+      {% endif %}
     </span>
   {% endif %}
   {% if inv_item.attr_b == "true" %}

app/templates/partials/charxml/_item_tooltip.html.j2

@@ -66,3 +66,7 @@
   {% endwith %}
 {% endif %}
 
+{%if inv_item.attr_c|int > 999 %}
+  <br />Count: {{ inv_item.attr_c|numberFormat }}
+{% endif %}
+

app/templates/reports/items/by_date.html.j2

@@ -20,18 +20,34 @@
         <th scope="col">
           Count
         </th>
+        <th scope="col">
+          Breakdown
+        </th>
         <th scope="col">
           Rarity
         </th>
       </thead>
       <tbody>
-        {% for lot, count in data.items() %}
+        {% for lot, details in data.items() %}
           <tr>
             <td>
               {{ lot|get_lot_name }}
             </td>
             <td>
-              {{ count }}
+              {% if details.chars %}
+                {{ details.item_count }}
+              {% else %}
+                {{ details }}
+              {% endif %}
+            </td>
+            <td>
+              {% if details.chars %}
+                {% for char, value in details.chars|dictsort(false, 'value')|reverse %}
+                  {{char}}: {{value}}<br/>
+                {% endfor %}
+              {% else %}
+                Missing
+              {% endif %}
             </td>
             <td>
               {{ lot|get_lot_rarity }}

entrypoint.bat

@@ -0,0 +1,2 @@
+python3 -m flask db upgrade
+python3 wsgi.py

entrypoint.sh

@@ -1,8 +1,5 @@
 #!/usr/bin/env bash
 
-# unzip brickdb from client to the right places
-unzip -n -q /app/luclient/res/brickdb.zip -d app/luclient/res/
-
 # TODO: preconvert images options
 # TODO: preconvery models options
 

migrations/versions/712d42956a47_initial_migration.py

@@ -103,14 +103,13 @@ def upgrade():
             sa.Column('other_player_id', mysql.TEXT(), nullable=False),
             sa.Column('selection', mysql.TEXT(), nullable=False),
             sa.Column('submitted', mysql.TIMESTAMP(), server_default=sa.text('now()'), nullable=False),
-            sa.ForeignKeyConstraint(['resoleved_by_id'], ['accounts.id'], ondelete='CASCADE'),
             sa.PrimaryKeyConstraint('id')
         )
 
     op.add_column('bug_reports', sa.Column('resolved_time', mysql.TIMESTAMP(), nullable=True))
     op.add_column('bug_reports', sa.Column('resoleved_by_id', sa.Integer(), nullable=True))
     op.add_column('bug_reports', sa.Column('resolution', mysql.TEXT(), nullable=True))
-    op.create_foreign_key(None, 'bug_reports', 'accounts', ['resoleved_by_id'], ['id'])
+    op.create_foreign_key(None, 'bug_reports', 'accounts', ['resoleved_by_id'], ['id'], ondelete='CASCADE')
 
     if 'charinfo' not in tables:
         op.create_table('charinfo',

migrations/versions/a6e42ef03da7_force_play_key_id_to_be_nullable.py

@@ -0,0 +1,33 @@
+"""force play_key_id to be nullable
+
+Revision ID: a6e42ef03da7
+Revises: 8e52b5c7568a
+Create Date: 2022-11-29 19:14:22.645911
+
+"""
+from alembic import op
+import sqlalchemy as sa
+from sqlalchemy.dialects import mysql
+
+# revision identifiers, used by Alembic.
+revision = 'a6e42ef03da7'
+down_revision = '8e52b5c7568a'
+branch_labels = None
+depends_on = None
+
+
+def upgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('accounts', 'play_key_id',
+               existing_type=mysql.INTEGER(display_width=11),
+               nullable=True)
+    # ### end Alembic commands ###
+
+
+def downgrade():
+    # ### commands auto generated by Alembic - please adjust! ###
+    op.alter_column('accounts', 'play_key_id',
+               existing_type=mysql.INTEGER(display_width=11),
+               nullable=False)
+    # ### end Alembic commands ###
+

requirements.txt

@@ -28,7 +28,7 @@ itsdangerous==2.0.1
 Jinja2==3.0.1
 lazy-object-proxy==1.7.1
 libsass==0.21.0
-Mako==1.1.6
+Mako==1.2.2
 MarkupSafe==2.0.1
 marshmallow==3.14.1
 marshmallow-sqlalchemy==0.26.1

wsgi.py

@@ -1,25 +1,33 @@
-
+from sys import platform
 from app import create_app
 
 app = create_app()
 
-
 @app.shell_context_processor
 def make_shell_context():
     """Extend the Flask shell context."""
     return {'app': app}
 
+running_directly = __name__ == "wsgi" or __name__ == "__main__"
+running_under_gunicorn = not running_directly and 'gunicorn' in __name__ and 'linux' in platform
 
-if __name__ == '__main__':
+# Configure development running
+if running_directly:
     with app.app_context():
         app.run(host='0.0.0.0')
-else:
+
+# Configure production running
+if running_under_gunicorn:
     import logging
     from logging.handlers import RotatingFileHandler
     gunicorn_logger = logging.getLogger('gunicorn.error')
     app.logger.handlers = gunicorn_logger.handlers
-    file_handler = RotatingFileHandler('nexus_dashboard.log', maxBytes=1024 * 1024 * 100, backupCount=20)
+    file_handler = RotatingFileHandler('logs/nexus_dashboard.log', maxBytes=1024 * 1024 * 100, backupCount=20)
     formatter = logging.Formatter("%(asctime)s - %(name)s - %(levelname)s - %(message)s")
     file_handler.setFormatter(formatter)
     app.logger.addHandler(file_handler)
     app.logger.setLevel(gunicorn_logger.level)
+
+# Error out if nothing has been setup
+if not running_directly and not running_under_gunicorn:
+    raise RuntimeError('Unsupported WSGI server')