Remove dependency on django_markwhat and showdown

This simplifies deployments since django_markwhat has a tendency to
create conflicting requirements that makes upgrades harder. Showdown
doesn't have that problem, but this way we have a single defined
markdown process instead of having two subtly different ones.

Most of the code behind this adapted from the pgweb project that went
through this some months ago.

Fixes #72

5 files changed, 54 insertions, 1 deletions

diff --git a/postgresqleu/confreg/templatetags/pgmarkdown.py b/postgresqleu/confreg/templatetags/pgmarkdown.py
new file mode 100644
index 00000000..2e595c54
--- /dev/null
+++ b/postgresqleu/confreg/templatetags/pgmarkdown.py
@@ -0,0 +1,29 @@
+# Filter wrapping the python markdown library into a django template filter
+from django import template
+from django.utils.encoding import force_text
+from django.utils.safestring import mark_safe
+
+from postgresqleu.util.markup import pgmarkdown
+
+register = template.Library()
+
+
+@register.filter(is_safe=True)
+def markdown(value, args=''):
+    allow_images = False
+    allow_relative_links = False
+
+    if args:
+        for a in args.split(','):
+            if a == 'allowimages':
+                allow_images = True
+            elif a == 'allowrelativelinks':
+                allow_relative_links = True
+            else:
+                raise ValueError("Invalid argument to markdown: {}".format(a))
+
+    return mark_safe(pgmarkdown(
+        force_text(value),
+        allow_images=allow_images,
+        allow_relative_links=allow_relative_links,
+    ))
diff --git a/postgresqleu/settings.py b/postgresqleu/settings.py
index f9b73360..0e586d4b 100644
--- a/postgresqleu/settings.py
+++ b/postgresqleu/settings.py
@@ -99,7 +99,6 @@ INSTALLED_APPS = [
     'postgresqleu.util.apps.UtilAppConfig',  # Must be *before* admin
     'django.contrib.messages',
     'django.contrib.admin',
-    'django_markwhat',
     'django.contrib.staticfiles',
     'django.contrib.humanize',
     'postgresqleu.static',
diff --git a/postgresqleu/urls.py b/postgresqleu/urls.py
index 9c14417b..f474e85d 100644
--- a/postgresqleu/urls.py
+++ b/postgresqleu/urls.py
@@ -82,6 +82,7 @@ urlpatterns.extend([
     # Global admin
     url(r'^admin/$', postgresqleu.views.admin_dashboard),
     url(r'^admin/docs/(?P<page>\w+/)?$', postgresqleu.util.docsviews.docspage),
+    url(r'^admin/mdpreview/$', postgresqleu.util.views.markdown_preview),
 
     # News
     url(r'^admin/news/news/(.*/)?$', postgresqleu.newsevents.backendviews.edit_news),
diff --git a/postgresqleu/util/markup.py b/postgresqleu/util/markup.py
new file mode 100644
index 00000000..ab6012a1
--- /dev/null
+++ b/postgresqleu/util/markup.py
@@ -0,0 +1,7 @@
+import markdown
+
+
+# We do pure markdown and don't bother doing any filtering on the content
+# as for now anybody entering markdown is considered trusted.
+def pgmarkdown(value):
+    return markdown.markdown(value, extensions=['tables', ])
diff --git a/postgresqleu/util/views.py b/postgresqleu/util/views.py
index 521fc331..6eb2300e 100644
--- a/postgresqleu/util/views.py
+++ b/postgresqleu/util/views.py
@@ -1,9 +1,26 @@
 from django.views.decorators.csrf import csrf_exempt
 from django.shortcuts import get_object_or_404
+from django.contrib.auth.decorators import login_required
+from django.http import HttpResponse, Http404
 
 from postgresqleu.confreg.models import MessagingProvider
 from postgresqleu.util.messaging import get_messaging
 from postgresqleu.util.messaging.twitter import process_twitter_webhook
+from postgresqleu.util.markup import pgmarkdown
+
+
+# Anybody logged in can do a markdown preview, since it's a safe operation
+# and this way we don't need any db access.
+@login_required
+@csrf_exempt
+def markdown_preview(request):
+    if request.method != 'POST':
+        return HttpResponse("POST only please", status=405)
+
+    if request.headers.get('x-preview', None) != 'md':
+        raise Http404()
+
+    return HttpResponse(pgmarkdown(request.body.decode('utf8', 'ignore')))
 
 
 @csrf_exempt