summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimonMichael <>2021-09-22 03:43:00 (GMT)
committerhdiff <hdiff@hdiff.luite.com>2021-09-22 03:43:00 (GMT)
commit7646d91a878d7f8a31af3c3d9238ef3ec67893bc (patch)
tree686a00ebf2f384070fa78017b31a505ed0bdfea3
parenta6758ac148c80b561b12a2f17caa991c4ad74f29 (diff)
version 1.23HEAD1.23master
-rw-r--r--CHANGES.md34
-rw-r--r--Hledger/Web/Foundation.hs29
-rw-r--r--Hledger/Web/Handler/JournalR.hs3
-rw-r--r--Hledger/Web/Handler/MiscR.hs7
-rw-r--r--Hledger/Web/Handler/RegisterR.hs25
-rw-r--r--Hledger/Web/Main.hs8
-rw-r--r--Hledger/Web/Settings.hs5
-rw-r--r--Hledger/Web/Test.hs2
-rw-r--r--Hledger/Web/WebOptions.hs34
-rw-r--r--Hledger/Web/Widget/AddForm.hs36
-rw-r--r--Hledger/Web/Widget/Common.hs7
-rw-r--r--hledger-web.120
-rw-r--r--hledger-web.cabal17
-rw-r--r--hledger-web.info48
-rw-r--r--hledger-web.txt158
-rw-r--r--templates/balance-report.hamlet4
-rw-r--r--templates/journal.hamlet4
-rw-r--r--templates/register.hamlet2
18 files changed, 266 insertions, 177 deletions
diff --git a/CHANGES.md b/CHANGES.md
index 6662cd9..2d5764c 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -9,6 +9,40 @@ __ _____| |__
User-visible changes in hledger-web.
See also the hledger changelog.
+# 1.23 2021-09-21
+
+Improvements
+
+- Drop the obsolete hidden `--binary-filename` flag.
+
+- Require base >=4.11, preventing red squares on Hackage's build matrix.
+
+Fixes
+
+- Toggle showing zero items properly even when called with --empty.
+ ([#1237](https://github.com/simonmichael/hledger/issues/1237), Stephen Morgan)
+
+- Do not hide empty accounts if they have non-empty subaccounts.
+ ([#1237](https://github.com/simonmichael/hledger/issues/1237), Stephen Morgan)
+
+- Allow unbalanced postings (parenthesised account name) in the add transaction form.
+ ([#1058](https://github.com/simonmichael/hledger/issues/1058), Stephen Morgan)
+
+- An XSS (cross-site scripting) vulnerability has been fixed.
+ Previously (since hledger-web 0.24), javascript code could be added
+ to any autocompleteable field and could be executed automatically
+ by subsequent visitors viewing the journal.
+ Thanks to Gaspard Baye and Hamidullah Muslih for reporting this vulnerability.
+ ([#1525](https://github.com/simonmichael/hledger/issues/1525), Arsen Arsenović)
+
+API changes
+
+- Renamed:
+ ```
+ version -> packageversion
+ versiondescription -> versionStringFor
+ ```
+
# 1.22.2 2021-08-07
- Use hledger 1.22.2.
diff --git a/Hledger/Web/Foundation.hs b/Hledger/Web/Foundation.hs
index d38d279..5ace131 100644
--- a/Hledger/Web/Foundation.hs
+++ b/Hledger/Web/Foundation.hs
@@ -113,16 +113,20 @@ instance Yesod App where
VD {caps, j, m, opts, q, qopts} <- getViewData
msg <- getMessage
showSidebar <- shouldShowSidebar
- hideEmptyAccts <- (== Just "1") . lookup "hideemptyaccts" . reqCookies <$> getRequest
let rspec = reportspec_ (cliopts_ opts)
- ropts = rsOpts rspec
- ropts' = (rsOpts rspec)
+ ropts = _rsReportOpts rspec
+ ropts' = (_rsReportOpts rspec)
{accountlistmode_ = ALTree -- force tree mode for sidebar
- ,empty_ = not (empty_ ropts) -- show zero items by default
+ ,empty_ = True -- show zero items by default
}
- rspec' = rspec{rsQuery=m,rsOpts=ropts'}
- accounts =
+ rspec' = rspec{_rsQuery=m,_rsReportOpts=ropts'}
+
+ hideEmptyAccts <- if empty_ ropts
+ then return True
+ else (== Just "1") . lookup "hideemptyaccts" . reqCookies <$> getRequest
+
+ let accounts =
balanceReportAsHtml (JournalR, RegisterR) here hideEmptyAccts j q qopts $
balanceReport rspec' j
@@ -198,14 +202,14 @@ instance Show Text.Blaze.Markup where show _ = "<blaze markup>"
-- | Gather data used by handlers and templates in the current request.
getViewData :: Handler ViewData
getViewData = do
- App{appOpts=opts@WebOpts{cliopts_=copts@CliOpts{reportspec_=rspec@ReportSpec{rsOpts}}}, appJournal} <- getYesod
- today <- liftIO getCurrentDay
+ App{appOpts=opts@WebOpts{cliopts_=copts@CliOpts{reportspec_=rspec@ReportSpec{_rsReportOpts}}}, appJournal} <- getYesod
+ let today = _rsDay rspec
-- try to read the latest journal content, keeping the old content
-- if there's an error
(j, mjerr) <- getCurrentJournal
appJournal
- copts{reportspec_=rspec{rsOpts=rsOpts{no_elide_=True}}}
+ copts{reportspec_=rspec{_rsReportOpts=_rsReportOpts{no_elide_=True}}}
today
-- try to parse the query param, assuming no query if there's an error
@@ -245,10 +249,7 @@ shouldShowSidebar = do
msidebarcookie <- lookup "showsidebar" . reqCookies <$> getRequest
return $
let disablevalues = ["","0"]
- in maybe
- (not $ msidebarcookie `elem` map Just disablevalues)
- (not . (`elem` disablevalues))
- msidebarparam
+ in maybe True (`notElem` disablevalues) $ msidebarparam <|> msidebarcookie
-- | Update our copy of the journal if the file changed. If there is an
-- error while reloading, keep the old one and return the error, and set a
@@ -259,7 +260,7 @@ getCurrentJournal jref opts d = do
j <- liftIO (readIORef jref)
(ej, changed) <- liftIO $ journalReloadIfChanged opts d j
-- re-apply any initial filter specified at startup
- let initq = rsQuery $ reportspec_ opts
+ let initq = _rsQuery $ reportspec_ opts
case (changed, filterJournalTransactions initq <$> ej) of
(False, _) -> return (j, Nothing)
(True, Right j') -> do
diff --git a/Hledger/Web/Handler/JournalR.hs b/Hledger/Web/Handler/JournalR.hs
index 1d4199b..7799cde 100644
--- a/Hledger/Web/Handler/JournalR.hs
+++ b/Hledger/Web/Handler/JournalR.hs
@@ -27,7 +27,8 @@ getJournalR = do
Just (a, inclsubs) -> "Transactions in " <> a <> if inclsubs then "" else " (excluding subaccounts)"
title' = title <> if m /= Any then ", filtered" else ""
acctlink a = (RegisterR, [("q", replaceInacct q $ accountQuery a)])
- items = transactionsReport (reportspec_ $ cliopts_ opts) j m
+ rspec = (reportspec_ $ cliopts_ opts){_rsQuery = m}
+ items = reverse $ entriesReport rspec j
transactionFrag = transactionFragment j
defaultLayout $ do
diff --git a/Hledger/Web/Handler/MiscR.hs b/Hledger/Web/Handler/MiscR.hs
index 1cd969a..613869a 100644
--- a/Hledger/Web/Handler/MiscR.hs
+++ b/Hledger/Web/Handler/MiscR.hs
@@ -27,7 +27,7 @@ import Yesod.Default.Handlers (getFaviconR, getRobotsR)
import Hledger
import Hledger.Web.Import
-import Hledger.Web.WebOptions (version)
+import Hledger.Web.WebOptions (packageversion)
import Hledger.Web.Widget.Common (journalFile404)
getRootR :: Handler Html
@@ -60,7 +60,7 @@ getVersionR = do
VD{caps} <- getViewData
when (CapView `notElem` caps) (permissionDenied "Missing the 'view' capability")
selectRep $ do
- provideJson $ version
+ provideJson $ packageversion
getAccountnamesR :: Handler TypedContent
getAccountnamesR = do
@@ -103,8 +103,7 @@ getAccounttransactionsR a = do
when (CapView `notElem` caps) (permissionDenied "Missing the 'view' capability")
let
rspec = defreportspec
- q = Any --filterQuery (not . queryIsDepth) $ queryFromOpts d ropts'
thisacctq = Acct $ accountNameToAccountRegex a -- includes subs
selectRep $ do
- provideJson $ accountTransactionsReport rspec j q thisacctq
+ provideJson $ accountTransactionsReport rspec{_rsQuery=Any} j thisacctq
diff --git a/Hledger/Web/Handler/RegisterR.hs b/Hledger/Web/Handler/RegisterR.hs
index d5d5711..dad3999 100644
--- a/Hledger/Web/Handler/RegisterR.hs
+++ b/Hledger/Web/Handler/RegisterR.hs
@@ -1,10 +1,11 @@
-- | /register handlers.
-{-# LANGUAGE NamedFieldPuns #-}
-{-# LANGUAGE OverloadedStrings #-}
-{-# LANGUAGE QuasiQuotes #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE OverloadedStrings #-}
+{-# LANGUAGE QuasiQuotes #-}
{-# LANGUAGE ScopedTypeVariables #-}
-{-# LANGUAGE TemplateHaskell #-}
+{-# LANGUAGE TemplateHaskell #-}
+{-# LANGUAGE TupleSections #-}
module Hledger.Web.Handler.RegisterR where
@@ -44,9 +45,9 @@ getRegisterR = do
zip xs $
zip (map (T.unpack . accountSummarisedName . paccount) xs) $
tail $ (", "<$xs) ++ [""]
- items = accountTransactionsReport rspec j m acctQuery
+ items = accountTransactionsReport rspec{_rsQuery=m} j acctQuery
balancelabel
- | isJust (inAccount qopts), balancetype_ (rsOpts rspec) == HistoricalBalance = "Historical Total"
+ | isJust (inAccount qopts), balanceaccum_ (_rsReportOpts rspec) == Historical = "Historical Total"
| isJust (inAccount qopts) = "Period Total"
| otherwise = "Total"
transactionFrag = transactionFragment j
@@ -78,7 +79,7 @@ preferReal ps
elideRightDecorated :: Int -> [(Maybe d, Char)] -> [(Maybe d, Char)]
elideRightDecorated width s =
if length s > width
- then take (width - 2) s ++ map ((,) Nothing) ".."
+ then take (width - 2) s ++ map (Nothing,) ".."
else s
undecorateLinks :: [(Maybe acct, char)] -> [(acct, ([char], [char]))]
@@ -92,14 +93,12 @@ undecorateLinks xs0@(x:_) =
_ -> error "link name not decorated with account" -- PARTIAL:
decorateLinks :: [(acct, ([char], [char]))] -> [(Maybe acct, char)]
-decorateLinks =
- concatMap
- (\(acct, (name, comma)) ->
- map ((,) (Just acct)) name ++ map ((,) Nothing) comma)
+decorateLinks = concatMap $ \(acct, (name, comma)) ->
+ map (Just acct,) name ++ map (Nothing,) comma
-- | Generate javascript/html for a register balance line chart based on
--- the provided "TransactionsReportItem"s.
-registerChartHtml :: Text -> String -> [(CommoditySymbol, [TransactionsReportItem])] -> HtmlUrl AppRoute
+-- the provided "AccountTransactionsReportItem"s.
+registerChartHtml :: Text -> String -> [(CommoditySymbol, [AccountTransactionsReportItem])] -> HtmlUrl AppRoute
registerChartHtml q title percommoditytxnreports = $(hamletFile "templates/chart.hamlet")
-- have to make sure plot is not called when our container (maincontent)
-- is hidden, eg with add form toggled
diff --git a/Hledger/Web/Main.hs b/Hledger/Web/Main.hs
index 37a4cbe..08eacbf 100644
--- a/Hledger/Web/Main.hs
+++ b/Hledger/Web/Main.hs
@@ -20,7 +20,6 @@ import Network.Socket
import Network.Wai (Application)
import Network.Wai.Handler.Warp (runSettings, runSettingsSocket, defaultSettings, setHost, setPort)
import Network.Wai.Handler.Launch (runHostPortFullUrl)
-import Prelude hiding (putStrLn)
import System.Directory (removeFile)
import System.Environment ( getArgs, withArgs )
import System.Exit (exitSuccess, exitFailure)
@@ -32,7 +31,6 @@ import Yesod.Default.Main (defaultDevelApp)
import Hledger
import Hledger.Cli hiding (progname,prognameandversion)
-import Hledger.Utils.UTF8IOCompat (putStrLn)
import Hledger.Web.Application (makeApplication)
import Hledger.Web.Settings (Extra(..), parseExtra)
import Hledger.Web.Test (hledgerWebTest)
@@ -57,16 +55,16 @@ hledgerWebMain = do
| "info" `inRawOpts` rawopts_ -> runInfoForTopic "hledger-web" Nothing
| "man" `inRawOpts` rawopts_ -> runManForTopic "hledger-web" Nothing
| "version" `inRawOpts` rawopts_ -> putStrLn prognameandversion >> exitSuccess
- | "binary-filename" `inRawOpts` rawopts_ -> putStrLn (binaryfilename progname)
+ -- "binary-filename" `inRawOpts` rawopts_ -> putStrLn (binaryfilename progname)
| "test" `inRawOpts` rawopts_ -> do
-- remove --test and --, leaving other args for hspec
- filter (not . (`elem` ["--test","--"])) <$> getArgs >>= flip withArgs hledgerWebTest
+ (`withArgs` hledgerWebTest) . filter (`notElem` ["--test","--"]) =<< getArgs
| otherwise -> withJournalDo copts (web wopts)
-- | The hledger web command.
web :: WebOpts -> Journal -> IO ()
web opts j = do
- let initq = rsQuery . reportspec_ $ cliopts_ opts
+ let initq = _rsQuery . reportspec_ $ cliopts_ opts
j' = filterJournalTransactions initq j
h = host_ opts
p = port_ opts
diff --git a/Hledger/Web/Settings.hs b/Hledger/Web/Settings.hs
index e35795b..579d41f 100644
--- a/Hledger/Web/Settings.hs
+++ b/Hledger/Web/Settings.hs
@@ -10,6 +10,7 @@
module Hledger.Web.Settings where
import Data.Default (def)
+import Data.Maybe (fromMaybe)
import Data.Text (Text)
import Data.Yaml
import Language.Haskell.TH.Syntax (Q, Exp)
@@ -71,9 +72,7 @@ staticDir = "static"
--
-- To see how this value is used, see urlRenderOverride in Foundation.hs
staticRoot :: AppConfig DefaultEnv Extra -> Text
-staticRoot conf = case extraStaticRoot $ appExtra conf of
- Just root -> root
- Nothing -> [st|#{appRoot conf}/static|]
+staticRoot conf = fromMaybe [st|#{appRoot conf}/static|] . extraStaticRoot $ appExtra conf
-- | Settings for 'widgetFile', such as which template languages to support and
-- default Hamlet settings.
diff --git a/Hledger/Web/Test.hs b/Hledger/Web/Test.hs
index a6b6738..4b075d2 100644
--- a/Hledger/Web/Test.hs
+++ b/Hledger/Web/Test.hs
@@ -13,7 +13,7 @@ import Yesod.Test
import Hledger.Web.Application ( makeFoundationWith )
import Hledger.Web.WebOptions ( WebOpts(cliopts_), defwebopts, prognameandversion )
import Hledger.Web.Import hiding (get, j)
-import Hledger.Cli hiding (prognameandversion, tests)
+import Hledger.Cli hiding (prognameandversion)
runHspecTestsWith :: AppConfig DefaultEnv Extra -> WebOpts -> Journal -> YesodSpec App -> IO ()
diff --git a/Hledger/Web/WebOptions.hs b/Hledger/Web/WebOptions.hs
index 8e4dcbd..35a1ac3 100644
--- a/Hledger/Web/WebOptions.hs
+++ b/Hledger/Web/WebOptions.hs
@@ -7,7 +7,6 @@ import Data.ByteString (ByteString)
import qualified Data.ByteString.Char8 as BC
import Data.ByteString.UTF8 (fromString)
import Data.CaseInsensitive (CI, mk)
-import Control.Monad (join)
import Data.Default (Default(def))
import Data.Maybe (fromMaybe)
import qualified Data.Text as T
@@ -16,18 +15,24 @@ import System.Environment (getArgs)
import Network.Wai as WAI
import Network.Wai.Middleware.Cors
-import Hledger.Cli hiding (progname, version)
+import Hledger.Cli hiding (packageversion, progname, prognameandversion)
import Hledger.Web.Settings (defhost, defport, defbaseurl)
-progname, version :: String
-progname = "hledger-web"
+-- cf Hledger.Cli.Version
+
+packageversion :: String
#ifdef VERSION
-version = VERSION
+packageversion = VERSION
#else
-version = ""
+packageversion = ""
#endif
+
+progname :: String
+progname = "hledger-web"
+
prognameandversion :: String
-prognameandversion = versiondescription progname
+prognameandversion = versionStringForProgname progname
+
webflags :: [Flag RawOpts]
webflags =
@@ -97,12 +102,13 @@ webmode =
Group
{ groupUnnamed = webflags
, groupHidden =
- hiddenflags ++
- [ flagNone
- ["binary-filename"]
- (setboolopt "binary-filename")
- "show the download filename for this executable, and exit"
- ]
+ hiddenflags
+ -- ++
+ -- [ flagNone
+ -- ["binary-filename"]
+ -- (setboolopt "binary-filename")
+ -- "show the download filename for this executable, and exit"
+ -- ]
, groupNamed = [generalflagsgroup1]
}
, modeHelpSuffix = []
@@ -149,7 +155,7 @@ rawOptsToWebOpts rawopts =
b =
maybe (defbaseurl h p) stripTrailingSlash $
maybestringopt "base-url" rawopts
- caps' = join $ T.splitOn "," . T.pack <$> listofstringopt "capabilities" rawopts
+ caps' = T.splitOn "," . T.pack =<< listofstringopt "capabilities" rawopts
caps = case traverse capabilityFromText caps' of
Left e -> error' ("Unknown capability: " ++ T.unpack e) -- PARTIAL:
Right [] -> [CapView, CapAdd]
diff --git a/Hledger/Web/Widget/AddForm.hs b/Hledger/Web/Widget/AddForm.hs
index ad31ef9..5a37a21 100644
--- a/Hledger/Web/Widget/AddForm.hs
+++ b/Hledger/Web/Widget/AddForm.hs
@@ -13,13 +13,14 @@ module Hledger.Web.Widget.AddForm
import Control.Monad.State.Strict (evalStateT)
import Data.Bifunctor (first)
import Data.Foldable (toList)
-import Data.List (dropWhileEnd, intercalate, unfoldr)
+import Data.List (dropWhileEnd, unfoldr)
import Data.Maybe (isJust)
import qualified Data.Set as S
import Data.Text (Text)
+import Data.Text.Encoding.Base64 (encodeBase64)
import qualified Data.Text as T
import Data.Time (Day)
-import Text.Blaze.Internal (Markup, preEscapedString)
+import Text.Blaze.Internal (Markup, preEscapedText)
import Text.Megaparsec (bundleErrors, eof, parseErrorTextPretty, runParser)
import Yesod
@@ -90,18 +91,23 @@ addForm j today = identifyForm "add" $ \extra -> do
-- This used to work, but since 1.16, it seems like something changed.
-- toJSON ("a"::Text) gives String "a" instead of "a", etc.
-- preEscapedString . escapeJSSpecialChars . show . toJSON
- preEscapedString $ concat [
+ preEscapedText $ T.concat [
"[",
- intercalate "," $ map (
- ("{\"value\":" ++).
- (++"}").
- show .
- -- avoid https://github.com/simonmichael/hledger/issues/236
- T.replace "</script>" "<\\/script>"
+ T.intercalate "," $ map (
+ ("{\"value\":" <>).
+ (<> "}").
+ -- This will convert a value such as ``hledger!`` into
+ -- ``atob("aGxlZGdlciE=")``. When this gets evaluated on the client,
+ -- the resulting string is ``hledger!`` again. The same data is
+ -- passed, but the user-controlled bit of that string can only use
+ -- characters [a-zA-Z0-9+=/], making it impossible to break out of
+ -- string context.
+ b64wrap
) ts,
"]"
]
- where
+b64wrap :: Text -> Text
+b64wrap = ("atob(\""<>) . (<>"\")") . encodeBase64
validateTransaction ::
FormResult Day
@@ -110,7 +116,7 @@ validateTransaction ::
-> FormResult Transaction
validateTransaction dateRes descRes postingsRes =
case makeTransaction <$> dateRes <*> descRes <*> postingsRes of
- FormSuccess txn -> case balanceTransaction balancingOpts txn of
+ FormSuccess txn -> case balanceTransaction defbalancingopts txn of
Left e -> FormFailure [T.pack e]
Right txn' -> FormSuccess txn'
x -> x
@@ -146,7 +152,10 @@ validatePostings acctRes amtRes = let
zipRow (Left e) (Left e') = Left (Just e, Just e')
zipRow (Left e) (Right _) = Left (Just e, Nothing)
zipRow (Right _) (Left e) = Left (Nothing, Just e)
- zipRow (Right acct) (Right amt) = Right (nullposting {paccount = acct, pamount = mixedAmount amt})
+ zipRow (Right acct') (Right amt) = Right (nullposting {paccount = acct, ptype = atype, pamount = mixedAmount amt})
+ where
+ acct = accountNameWithoutPostingType acct'
+ atype = accountNamePostingType acct'
errorToFormMsg = first (("Invalid value: " <>) . T.pack .
foldl (\s a -> s <> parseErrorTextPretty a) "" .
@@ -154,7 +163,7 @@ validatePostings acctRes amtRes = let
checkAccount = errorToFormMsg . runParser (accountnamep <* eof) "" . T.strip
checkAmount = errorToFormMsg . runParser (evalStateT (amountp <* eof) nulljournal) "" . T.strip
- -- Add errors to forms with zero or one rows if the form is not a FormMissing
+ -- Add errors to forms with zero rows if the form is not a FormMissing
result :: [(Text, Text, Either (Maybe Text, Maybe Text) Posting)]
result = case (acctRes, amtRes) of
(FormMissing, FormMissing) -> postings
@@ -162,7 +171,6 @@ validatePostings acctRes amtRes = let
[] -> [ ("", "", Left (Just "Missing account", Just "Missing amount"))
, ("", "", Left (Just "Missing account", Nothing))
]
- [x] -> [x, ("", "", Left (Just "Missing account", Nothing))]
xs -> xs
-- Prepare rows for rendering - resolve Eithers into error messages and pad to
diff --git a/Hledger/Web/Widget/Common.hs b/Hledger/Web/Widget/Common.hs
index 982365e..2ce97f2 100644
--- a/Hledger/Web/Widget/Common.hs
+++ b/Hledger/Web/Widget/Common.hs
@@ -19,7 +19,6 @@ module Hledger.Web.Widget.Common
, replaceInacct
) where
-import Data.Default (def)
import Data.Foldable (find, for_)
import Data.List (elemIndex)
import Data.Text (Text)
@@ -66,7 +65,7 @@ writeJournalTextIfValidAndChanged f t = do
-- formatdirectivep, #1194) writeFileWithBackupIfChanged require them.
-- XXX klunky. Any equivalent of "hSetNewlineMode h universalNewlineMode" for form posts ?
let t' = T.replace "\r" "" t
- liftIO (readJournal def (Just f) t') >>= \case
+ liftIO (readJournal definputopts (Just f) t') >>= \case
Left e -> return (Left e)
Right _ -> do
_ <- liftIO (writeFileWithBackupIfChanged f t')
@@ -85,6 +84,8 @@ balanceReportAsHtml (journalR, registerR) here hideEmpty j q qopts (items, total
l = ledgerFromJournal Any j
indent a = preEscapedString $ concat $ replicate (2 + 2 * a) "&nbsp;"
hasSubAccounts acct = maybe True (not . null . asubs) (ledgerAccount l acct)
+ isInterestingAccount acct = maybe False isInteresting $ ledgerAccount l acct
+ where isInteresting a = not (mixedAmountLooksZero (aebalance a)) || any isInteresting (asubs a)
matchesAcctSelector acct = Just True == ((`matchesAccount` acct) <$> inAccountQuery qopts)
accountQuery :: AccountName -> Text
@@ -111,7 +112,7 @@ transactionFragment j Transaction{tindex, tsourcepos} =
where
-- the numeric index of this txn's file within all the journal files,
-- or 0 if this txn has no known file (eg a forecasted txn)
- tfileindex = maybe 0 (+1) $ elemIndex (sourceFilePath tsourcepos) (journalFilePaths j)
+ tfileindex = maybe 0 (+1) $ elemIndex (sourceName $ fst tsourcepos) (journalFilePaths j)
removeDates :: Text -> [Text]
removeDates =
diff --git a/hledger-web.1 b/hledger-web.1
index d499074..b79aa1f 100644
--- a/hledger-web.1
+++ b/hledger-web.1
@@ -1,12 +1,12 @@
-.TH "HLEDGER-WEB" "1" "August 2021" "hledger-web-1.22.2 " "hledger User Manuals"
+.TH "HLEDGER-WEB" "1" "September 2021" "hledger-web-1.23 " "hledger User Manuals"
.SH NAME
.PP
hledger-web is a web interface (WUI) for the hledger accounting tool.
-This manual is for hledger-web 1.22.2.
+This manual is for hledger-web 1.23.
.SH SYNOPSIS
.PP
\f[C]hledger-web [OPTIONS]\f[R]
@@ -155,6 +155,10 @@ period expressions syntax
\f[B]\f[CB]--date2\f[B]\f[R]
match the secondary date instead (see command help for other effects)
.TP
+\f[B]\f[CB]--today=DATE\f[B]\f[R]
+override today\[aq]s date (affects relative smart dates, for
+tests/examples)
+.TP
\f[B]\f[CB]-U --unmarked\f[B]\f[R]
include only unmarked postings/txns (can combine with -P or -C)
.TP
@@ -198,6 +202,10 @@ generate future transactions from periodic transaction rules, for the
next 6 months or till report end date.
In hledger-ui, also make ordinary future transactions visible.
.TP
+\f[B]\f[CB]--commodity-style\f[B]\f[R]
+Override the commodity style in the output for the specified commodity.
+For example \[aq]EUR1.000,00\[aq].
+.TP
\f[B]\f[CB]--color=WHEN (or --colour=WHEN)\f[B]\f[R]
Should color-supporting commands use ANSI color codes in text output.
\[aq]auto\[aq] (default): whenever stdout seems to be a color-supporting
@@ -206,6 +214,14 @@ terminal.
into \[aq]less -R\[aq].
\[aq]never\[aq] or \[aq]no\[aq]: never.
A NO_COLOR environment variable overrides this.
+.TP
+\f[B]\f[CB]--pretty[=WHEN]\f[B]\f[R]
+Show prettier output, e.g.
+using unicode box-drawing characters.
+Accepts \[aq]yes\[aq] (the default) or \[aq]no\[aq] (\[aq]y\[aq],
+\[aq]n\[aq], \[aq]always\[aq], \[aq]never\[aq] also work).
+If you provide an argument you must use \[aq]=\[aq], e.g.
+\[aq]--pretty=yes\[aq].
.PP
When a reporting option appears more than once in the command line, the
last one takes precedence.
diff --git a/hledger-web.cabal b/hledger-web.cabal
index 7cfd697..bcc680b 100644
--- a/hledger-web.cabal
+++ b/hledger-web.cabal
@@ -5,7 +5,7 @@ cabal-version: 1.12
-- see: https://github.com/sol/hpack
name: hledger-web
-version: 1.22.2
+version: 1.23
synopsis: Web-based user interface for the hledger accounting system
description: A simple web-based user interface for the hledger accounting system,
providing a more modern UI than the command-line or terminal interfaces.
@@ -28,7 +28,7 @@ license: GPL-3
license-file: LICENSE
build-type: Simple
tested-with:
- GHC==8.8.4, GHC==8.10.4
+ GHC==8.8.4, GHC==8.10.4, GHC==9.0.1
extra-source-files:
CHANGES.md
README.md
@@ -151,11 +151,12 @@ library
hs-source-dirs:
./
ghc-options: -Wall -fwarn-tabs -Wcompat -Wincomplete-uni-patterns -Wincomplete-record-updates -Wredundant-constraints
- cpp-options: -DVERSION="1.22.2"
+ cpp-options: -DVERSION="1.23"
build-depends:
Decimal >=0.5.1
, aeson >=1
- , base >=4.10.1.0 && <4.16
+ , base >=4.11 && <4.16
+ , base64
, blaze-html
, blaze-markup
, bytestring
@@ -170,8 +171,8 @@ library
, extra >=1.6.3
, filepath
, hjsmin
- , hledger >=1.22.2 && <1.23
- , hledger-lib >=1.22.2 && <1.23
+ , hledger ==1.23.*
+ , hledger-lib ==1.23.*
, hspec
, http-client
, http-conduit
@@ -211,7 +212,7 @@ executable hledger-web
hs-source-dirs:
app
ghc-options: -Wall -fwarn-tabs -Wcompat -Wincomplete-uni-patterns -Wincomplete-record-updates -Wredundant-constraints
- cpp-options: -DVERSION="1.22.2"
+ cpp-options: -DVERSION="1.23"
build-depends:
base
, hledger-web
@@ -231,7 +232,7 @@ test-suite test
hs-source-dirs:
test
ghc-options: -Wall -fwarn-tabs -Wcompat -Wincomplete-uni-patterns -Wincomplete-record-updates -Wredundant-constraints
- cpp-options: -DVERSION="1.22.2"
+ cpp-options: -DVERSION="1.23"
build-depends:
base
, hledger
diff --git a/hledger-web.info b/hledger-web.info
index 12e5d2a..b970b01 100644
--- a/hledger-web.info
+++ b/hledger-web.info
@@ -12,7 +12,7 @@ hledger-web(1)
**************
hledger-web is a web interface (WUI) for the hledger accounting tool.
-This manual is for hledger-web 1.22.2.
+This manual is for hledger-web 1.23.
'hledger-web [OPTIONS]'
'hledger web -- [OPTIONS]'
@@ -170,6 +170,10 @@ before options, as shown in the synopsis above.
match the secondary date instead (see command help for other
effects)
+'--today=DATE'
+
+ override today's date (affects relative smart dates, for
+ tests/examples)
'-U --unmarked'
include only unmarked postings/txns (can combine with -P or -C)
@@ -215,6 +219,10 @@ before options, as shown in the synopsis above.
generate future transactions from periodic transaction rules, for
the next 6 months or till report end date. In hledger-ui, also
make ordinary future transactions visible.
+'--commodity-style'
+
+ Override the commodity style in the output for the specified
+ commodity. For example 'EUR1.000,00'.
'--color=WHEN (or --colour=WHEN)'
Should color-supporting commands use ANSI color codes in text
@@ -222,6 +230,12 @@ before options, as shown in the synopsis above.
color-supporting terminal. 'always' or 'yes': always, useful eg
when piping output into 'less -R'. 'never' or 'no': never. A
NO_COLOR environment variable overrides this.
+'--pretty[=WHEN]'
+
+ Show prettier output, e.g. using unicode box-drawing characters.
+ Accepts 'yes' (the default) or 'no' ('y', 'n', 'always', 'never'
+ also work). If you provide an argument you must use '=', e.g.
+ '-pretty=yes'.
When a reporting option appears more than once in the command line,
the last one takes precedence.
@@ -603,22 +617,22 @@ awkward.

Tag Table:
Node: Top223
-Node: OPTIONS1888
-Ref: #options1993
-Node: PERMISSIONS9426
-Ref: #permissions9565
-Node: EDITING UPLOADING DOWNLOADING10777
-Ref: #editing-uploading-downloading10958
-Node: RELOADING11792
-Ref: #reloading11926
-Node: JSON API12359
-Ref: #json-api12473
-Node: ENVIRONMENT17963
-Ref: #environment18079
-Node: FILES18812
-Ref: #files18912
-Node: BUGS19125
-Ref: #bugs19203
+Node: OPTIONS1886
+Ref: #options1991
+Node: PERMISSIONS9902
+Ref: #permissions10041
+Node: EDITING UPLOADING DOWNLOADING11253
+Ref: #editing-uploading-downloading11434
+Node: RELOADING12268
+Ref: #reloading12402
+Node: JSON API12835
+Ref: #json-api12949
+Node: ENVIRONMENT18439
+Ref: #environment18555
+Node: FILES19288
+Ref: #files19388
+Node: BUGS19601
+Ref: #bugs19679

End Tag Table
diff --git a/hledger-web.txt b/hledger-web.txt
index f6e59ae..2836cbe 100644
--- a/hledger-web.txt
+++ b/hledger-web.txt
@@ -5,7 +5,7 @@ HLEDGER-WEB(1) hledger User Manuals HLEDGER-WEB(1)
NAME
hledger-web is a web interface (WUI) for the hledger accounting tool.
- This manual is for hledger-web 1.22.2.
+ This manual is for hledger-web 1.23.
SYNOPSIS
hledger-web [OPTIONS]
@@ -145,6 +145,10 @@ OPTIONS
match the secondary date instead (see command help for other
effects)
+ --today=DATE
+ override today's date (affects relative smart dates, for
+ tests/examples)
+
-U --unmarked
include only unmarked postings/txns (can combine with -P or -C)
@@ -161,34 +165,38 @@ OPTIONS
hide/aggregate accounts or postings more than NUM levels deep
-E --empty
- show items with zero amount, normally hidden (and vice-versa in
+ show items with zero amount, normally hidden (and vice-versa in
hledger-ui/hledger-web)
-B --cost
convert amounts to their cost/selling amount at transaction time
-V --market
- convert amounts to their market value in default valuation com-
+ convert amounts to their market value in default valuation com-
modities
-X --exchange=COMM
convert amounts to their market value in commodity COMM
--value
- convert amounts to cost or market value, more flexibly than
+ convert amounts to cost or market value, more flexibly than
-B/-V/-X
--infer-market-prices
- use transaction prices (recorded with @ or @@) as additional
+ use transaction prices (recorded with @ or @@) as additional
market prices, as if they were P directives
--auto apply automated posting rules to modify transactions.
--forecast
- generate future transactions from periodic transaction rules,
- for the next 6 months or till report end date. In hledger-ui,
+ generate future transactions from periodic transaction rules,
+ for the next 6 months or till report end date. In hledger-ui,
also make ordinary future transactions visible.
+ --commodity-style
+ Override the commodity style in the output for the specified
+ commodity. For example 'EUR1.000,00'.
+
--color=WHEN (or --colour=WHEN)
Should color-supporting commands use ANSI color codes in text
output. 'auto' (default): whenever stdout seems to be a color-
@@ -196,6 +204,12 @@ OPTIONS
piping output into 'less -R'. 'never' or 'no': never. A
NO_COLOR environment variable overrides this.
+ --pretty[=WHEN]
+ Show prettier output, e.g. using unicode box-drawing charac-
+ ters. Accepts 'yes' (the default) or 'no' ('y', 'n', 'always',
+ 'never' also work). If you provide an argument you must use
+ '=', e.g. '--pretty=yes'.
+
When a reporting option appears more than once in the command line, the
last one takes precedence.
@@ -217,54 +231,54 @@ OPTIONS
show debug output (levels 1-9, default: 1)
A @FILE argument will be expanded to the contents of FILE, which should
- contain one command line option/argument per line. (To prevent this,
+ contain one command line option/argument per line. (To prevent this,
insert a -- argument before.)
By default, hledger-web starts the web app in "transient mode" and also
opens it in your default web browser if possible. In this mode the web
app will keep running for as long as you have it open in a browser win-
- dow, and will exit after two minutes of inactivity (no requests and no
- browser windows viewing it). With --serve, it just runs the web app
- without exiting, and logs requests to the console. With --serve-api,
- only the JSON web api (see below) is served, with the usual HTML
+ dow, and will exit after two minutes of inactivity (no requests and no
+ browser windows viewing it). With --serve, it just runs the web app
+ without exiting, and logs requests to the console. With --serve-api,
+ only the JSON web api (see below) is served, with the usual HTML
server-side web UI disabled.
- By default the server listens on IP address 127.0.0.1, accessible only
- to local requests. You can use --host to change this, eg --host
+ By default the server listens on IP address 127.0.0.1, accessible only
+ to local requests. You can use --host to change this, eg --host
0.0.0.0 to listen on all configured addresses.
- Similarly, use --port to set a TCP port other than 5000, eg if you are
+ Similarly, use --port to set a TCP port other than 5000, eg if you are
running multiple hledger-web instances.
Both of these options are ignored when --socket is used. In this case,
- it creates an AF_UNIX socket file at the supplied path and uses that
- for communication. This is an alternative way of running multiple
- hledger-web instances behind a reverse proxy that handles authentica-
- tion for different users. The path can be derived in a predictable
+ it creates an AF_UNIX socket file at the supplied path and uses that
+ for communication. This is an alternative way of running multiple
+ hledger-web instances behind a reverse proxy that handles authentica-
+ tion for different users. The path can be derived in a predictable
way, eg by using the username within the path. As an example, nginx as
- reverse proxy can use the variable $remote_user to derive a path from
- the username used in a HTTP basic authentication. The following
- proxy_pass directive allows access to all hledger-web instances that
+ reverse proxy can use the variable $remote_user to derive a path from
+ the username used in a HTTP basic authentication. The following
+ proxy_pass directive allows access to all hledger-web instances that
created a socket in /tmp/hledger/:
proxy_pass http://unix:/tmp/hledger/${remote_user}.socket;
- You can use --base-url to change the protocol, hostname, port and path
+ You can use --base-url to change the protocol, hostname, port and path
that appear in hyperlinks, useful eg for integrating hledger-web within
- a larger website. The default is http://HOST:PORT/ using the server's
+ a larger website. The default is http://HOST:PORT/ using the server's
configured host address and TCP port (or http://HOST if PORT is 80).
- With --file-url you can set a different base url for static files, eg
+ With --file-url you can set a different base url for static files, eg
for better caching or cookie-less serving on high performance websites.
PERMISSIONS
- By default, hledger-web allows anyone who can reach it to view the
+ By default, hledger-web allows anyone who can reach it to view the
journal and to add new transactions, but not to change existing data.
You can restrict who can reach it by
- o setting the IP address it listens on (see --host above). By default
- it listens on 127.0.0.1, accessible to all users on the local
+ o setting the IP address it listens on (see --host above). By default
+ it listens on 127.0.0.1, accessible to all users on the local
machine.
o putting it behind an authenticating proxy, using eg apache or nginx
@@ -274,53 +288,53 @@ PERMISSIONS
You can restrict what the users who reach it can do, by
o using the --capabilities=CAP[,CAP..] flag when you start it, enabling
- one or more of the following capabilities. The default value is
+ one or more of the following capabilities. The default value is
view,add:
o view - allows viewing the journal file and all included files
o add - allows adding new transactions to the main journal file
- o manage - allows editing, uploading or downloading the main or
+ o manage - allows editing, uploading or downloading the main or
included files
- o using the --capabilities-header=HTTPHEADER flag to specify a HTTP
- header from which it will read capabilities to enable. hledger-web
- on Sandstorm uses the X-Sandstorm-Permissions header to integrate
+ o using the --capabilities-header=HTTPHEADER flag to specify a HTTP
+ header from which it will read capabilities to enable. hledger-web
+ on Sandstorm uses the X-Sandstorm-Permissions header to integrate
with Sandstorm's permissions. This is disabled by default.
EDITING, UPLOADING, DOWNLOADING
- If you enable the manage capability mentioned above, you'll see a new
- "spanner" button to the right of the search form. Clicking this will
- let you edit, upload, or download the journal file or any files it
+ If you enable the manage capability mentioned above, you'll see a new
+ "spanner" button to the right of the search form. Clicking this will
+ let you edit, upload, or download the journal file or any files it
includes.
- Note, unlike any other hledger command, in this mode you (or any visi-
+ Note, unlike any other hledger command, in this mode you (or any visi-
tor) can alter or wipe the data files.
- Normally whenever a file is changed in this way, hledger-web saves a
- numbered backup (assuming file permissions allow it, the disk is not
- full, etc.) hledger-web is not aware of version control systems, cur-
- rently; if you use one, you'll have to arrange to commit the changes
+ Normally whenever a file is changed in this way, hledger-web saves a
+ numbered backup (assuming file permissions allow it, the disk is not
+ full, etc.) hledger-web is not aware of version control systems, cur-
+ rently; if you use one, you'll have to arrange to commit the changes
yourself (eg with a cron job or a file watcher like entr).
- Changes which would leave the journal file(s) unparseable or non-valid
- (eg with failing balance assertions) are prevented. (Probably. This
+ Changes which would leave the journal file(s) unparseable or non-valid
+ (eg with failing balance assertions) are prevented. (Probably. This
needs re-testing.)
RELOADING
hledger-web detects changes made to the files by other means (eg if you
- edit it directly, outside of hledger-web), and it will show the new
- data when you reload the page or navigate to a new page. If a change
- makes a file unparseable, hledger-web will display an error message
+ edit it directly, outside of hledger-web), and it will show the new
+ data when you reload the page or navigate to a new page. If a change
+ makes a file unparseable, hledger-web will display an error message
until the file has been fixed.
(Note: if you are viewing files mounted from another machine, make sure
that both machine clocks are roughly in step.)
JSON API
- In addition to the web UI, hledger-web also serves a JSON API that can
- be used to get data or add new transactions. If you want the JSON API
+ In addition to the web UI, hledger-web also serves a JSON API that can
+ be used to get data or add new transactions. If you want the JSON API
only, you can use the --serve-api flag. Eg:
$ hledger-web -f examples/sample.journal --serve-api
@@ -337,7 +351,7 @@ JSON API
/accounttransactions/ACCOUNTNAME
Eg, all account names in the journal (similar to the accounts command).
- (hledger-web's JSON does not include newlines, here we use python to
+ (hledger-web's JSON does not include newlines, here we use python to
prettify it):
$ curl -s http://127.0.0.1:5000/accountnames | python -m json.tool
@@ -378,25 +392,25 @@ JSON API
"aprice": null,
...
- Most of the JSON corresponds to hledger's data types; for details of
- what the fields mean, see the Hledger.Data.Json haddock docs and click
- on the various data types, eg Transaction. And for a higher level
+ Most of the JSON corresponds to hledger's data types; for details of
+ what the fields mean, see the Hledger.Data.Json haddock docs and click
+ on the various data types, eg Transaction. And for a higher level
understanding, see the journal manual.
In some cases there is outer JSON corresponding to a "Report" type. To
- understand that, go to the Hledger.Web.Handler.MiscR haddock and look
- at the source for the appropriate handler to see what it returns. Eg
+ understand that, go to the Hledger.Web.Handler.MiscR haddock and look
+ at the source for the appropriate handler to see what it returns. Eg
for /accounttransactions it's getAccounttransactionsR, returning a
- "accountTransactionsReport ...". Looking up the haddock for that we
+ "accountTransactionsReport ...". Looking up the haddock for that we
can see that /accounttransactions returns an AccountTransactionsReport,
- which consists of a report title and a list of AccountTransactionsRe-
+ which consists of a report title and a list of AccountTransactionsRe-
portItem (etc).
- You can add a new transaction to the journal with a PUT request to
- /add, if hledger-web was started with the add capability (enabled by
+ You can add a new transaction to the journal with a PUT request to
+ /add, if hledger-web was started with the add capability (enabled by
default). The payload must be the full, exact JSON representation of a
- hledger transaction (partial data won't do). You can get sample JSON
- from hledger-web's /transactions or /accounttransactions, or you can
+ hledger transaction (partial data won't do). You can get sample JSON
+ from hledger-web's /transactions or /accounttransactions, or you can
export it with hledger-lib, eg like so:
.../hledger$ stack ghci hledger-lib
@@ -492,23 +506,23 @@ JSON API
"tstatus": "Unmarked"
}
- And here's how to test adding it with curl. This should add a new
+ And here's how to test adding it with curl. This should add a new
entry to your journal:
$ curl http://127.0.0.1:5000/add -X PUT -H 'Content-Type: application/json' --data-binary @txn.json
ENVIRONMENT
LEDGER_FILE The journal file path when not specified with -f. Default:
- ~/.hledger.journal (on windows, perhaps C:/Users/USER/.hledger.jour-
+ ~/.hledger.journal (on windows, perhaps C:/Users/USER/.hledger.jour-
nal).
- A typical value is ~/DIR/YYYY.journal, where DIR is a version-con-
- trolled finance directory and YYYY is the current year. Or ~/DIR/cur-
+ A typical value is ~/DIR/YYYY.journal, where DIR is a version-con-
+ trolled finance directory and YYYY is the current year. Or ~/DIR/cur-
rent.journal, where current.journal is a symbolic link to YYYY.journal.
On Mac computers, you can set this and other environment variables in a
- more thorough way that also affects applications started from the GUI
- (say, an Emacs dock icon). Eg on MacOS Catalina I have a
+ more thorough way that also affects applications started from the GUI
+ (say, an Emacs dock icon). Eg on MacOS Catalina I have a
~/.MacOSX/environment.plist file containing
{
@@ -518,13 +532,13 @@ ENVIRONMENT
To see the effect you may need to killall Dock, or reboot.
FILES
- Reads data from one or more files in hledger journal, timeclock, time-
- dot, or CSV format specified with -f, or $LEDGER_FILE, or
- $HOME/.hledger.journal (on windows, perhaps
+ Reads data from one or more files in hledger journal, timeclock, time-
+ dot, or CSV format specified with -f, or $LEDGER_FILE, or
+ $HOME/.hledger.journal (on windows, perhaps
C:/Users/USER/.hledger.journal).
BUGS
- The need to precede options with -- when invoked from hledger is awk-
+ The need to precede options with -- when invoked from hledger is awk-
ward.
-f- doesn't work (hledger-web can't read from stdin).
@@ -538,7 +552,7 @@ BUGS
REPORTING BUGS
- Report bugs at http://bugs.hledger.org (or on the #hledger IRC channel
+ Report bugs at http://bugs.hledger.org (or on the #hledger IRC channel
or hledger mail list)
@@ -556,4 +570,4 @@ SEE ALSO
-hledger-web-1.22.2 August 2021 HLEDGER-WEB(1)
+hledger-web-1.23 September 2021 HLEDGER-WEB(1)
diff --git a/templates/balance-report.hamlet b/templates/balance-report.hamlet
index dcc9166..e275987 100644
--- a/templates/balance-report.hamlet
+++ b/templates/balance-report.hamlet
@@ -7,8 +7,8 @@
$forall (acct, adisplay, aindent, abal) <- items
<tr
:matchesAcctSelector acct:.inacct
- :mixedAmountLooksZero abal && hideEmpty:.hide>
- <td .acct :mixedAmountLooksZero abal:.empty>
+ :hideEmpty && not (isInterestingAccount acct):.hide>
+ <td .acct :not (isInterestingAccount acct):.empty>
<div .ff-wrapper>
\#{indent aindent}
<a.acct-name href="@?{(registerR, [("q", replaceInacct q $ accountQuery acct)])}"
diff --git a/templates/journal.hamlet b/templates/journal.hamlet
index 3f173aa..805b824 100644
--- a/templates/journal.hamlet
+++ b/templates/journal.hamlet
@@ -14,15 +14,13 @@ $if elem CapAdd caps
<th .account style="text-align:left;">Account
<th .amount style="text-align:right;">Amount
- $forall (torig, _, split, _, amt, _) <- items
+ $forall torig <- items
<tr .title ##{transactionFrag torig} title="#{showTransaction torig}">
<td .date nowrap>
#{show (tdate torig)}
<td colspan=2>
#{textElideRight 60 (tdescription torig)}
<td .amount style="text-align:right;">
- $if not split && not (mixedAmountLooksZero amt)
- ^{mixedAmountAsHtml amt}
$forall Posting { paccount = acc, pamount = amt } <- tpostings torig
<tr .posting>
diff --git a/templates/register.hamlet b/templates/register.hamlet
index fbdc6f0..cb20408 100644
--- a/templates/register.hamlet
+++ b/templates/register.hamlet
@@ -2,7 +2,7 @@
#{header}
<div .hidden-xs>
- ^{registerChartHtml q balancelabel $ transactionsReportByCommodity items}
+ ^{registerChartHtml q balancelabel $ accountTransactionsReportByCommodity items}
<div.table-responsive>
<table .table.table-striped.table-condensed>