Merge remote-tracking branch 'upstream/main'

.mailmap

@@ -1 +0,0 @@
-Swift Ugandan <swiftugandan@gmail.com> <swiftugandan@gmail.com>

HISTORY.md

@@ -0,0 +1,13 @@
+# History
+
+## 2.1.0
+
+### Fixes
+- Increase uwsgi buffer-size parameter. This prevents an error by uwsgi with large headers - [#5b60](https://github.com/mediacms-io/mediacms/commit/5b601698a41ad97f08c1830e14b1c18f73ab8315)
+- Fix issues with comments. These were not reported on the tracker but it is certain that they would not show comments on media files (non videos but also videos). Unfortunately this reverts work done with Timestamps on comments + Mentions on comments, more on PR [#802](https://github.com/mediacms-io/mediacms/pull/802)
+
+### Features
+- Allow tags to contains other characters too, not only English alphabet ones [#801](https://github.com/mediacms-io/mediacms/pull/801)
+- Add simple cookie consent code [#799](https://github.com/mediacms-io/mediacms/pull/799)
+- Allow password reset & email verify pages on global login required [#790](https://github.com/mediacms-io/mediacms/pull/790)
+- Add api_url field to search api [#692](https://github.com/mediacms-io/mediacms/pull/692)

cms/settings.py

@@ -481,5 +481,7 @@ if GLOBAL_LOGIN_REQUIRED:
         r'/accounts/login/$',
         r'/accounts/logout/$',
         r'/accounts/signup/$',
+        r'/accounts/password/.*/$',
+        r'/accounts/confirm-email/.*/$',
         r'/api/v[0-9]+/',
     ]

deploy/docker/uwsgi.ini

@@ -21,3 +21,4 @@ vacuum = true
 hook-master-start = unix_signal:15 gracefully_kill_them_all
 need-app = true
 die-on-term = true
+buffer-size=32768

deploy/local_install/selinux-mediacms.te

@@ -0,0 +1,34 @@
+module selinux-mediacms 1.0;
+
+require {
+	type init_t;
+	type var_t;
+	type redis_port_t;
+	type postgresql_port_t;
+	type httpd_t;
+	type httpd_sys_content_t;
+	type httpd_sys_rw_content_t;
+	class file { append create execute execute_no_trans getattr ioctl lock open read rename setattr unlink write };
+	class dir { add_name remove_name rmdir };
+	class tcp_socket name_connect;
+	class lnk_file read;
+}
+
+#============= httpd_t ==============
+
+allow httpd_t var_t:file { getattr open read };
+
+#============= init_t ==============
+allow init_t postgresql_port_t:tcp_socket name_connect;
+
+allow init_t redis_port_t:tcp_socket name_connect;
+
+allow init_t httpd_sys_content_t:dir rmdir;
+
+allow init_t httpd_sys_content_t:file { append create execute execute_no_trans ioctl lock open read rename setattr unlink write };
+
+allow init_t httpd_sys_content_t:lnk_file read;
+
+allow init_t httpd_sys_rw_content_t:dir { add_name remove_name rmdir };
+
+allow init_t httpd_sys_rw_content_t:file { create ioctl lock open read setattr unlink write };

deploy/local_install/uwsgi.ini

@@ -24,4 +24,4 @@ vacuum = true
 logto = /home/mediacms.io/mediacms/logs/errorlog.txt
 
 disable-logging = true
-
+buffer-size=32768

docs/admins_docs.md

@@ -17,17 +17,18 @@
 - [14. Add Google Analytics](#14-add-google-analytics)
 - [15. Debugging email issues](#15-debugging-email-issues)
 - [16. Frequently Asked Questions](#16-frequently-asked-questions)
+- [17. Cookie consent code](#17-cookie-consent-code)
 
 
 ## 1. Welcome
-This page is created for MediaCMS administrators that are responsible for setting up the software, maintaining it and making modifications. 
+This page is created for MediaCMS administrators that are responsible for setting up the software, maintaining it and making modifications.
 
 ## 2. Server Installation
 
 The core dependencies are Python3, Django3, Celery, PostgreSQL, Redis, ffmpeg. Any system that can have these dependencies installed, can run MediaCMS. But we strongly suggest installing on Linux Ubuntu 18 or 20 versions.
 
 Installation on a Ubuntu 18 or 20 system with git utility installed should be completed in a few minutes with the following steps.
-Make sure you run it as user root, on a clear system, since the automatic script will install and configure the following services: Celery/PostgreSQL/Redis/Nginx and will override any existing settings. 
+Make sure you run it as user root, on a clear system, since the automatic script will install and configure the following services: Celery/PostgreSQL/Redis/Nginx and will override any existing settings.
 
 Automated script - tested on Ubuntu 18, Ubuntu 20, and Debian Buster
 
@@ -37,7 +38,7 @@ git clone https://github.com/mediacms-io/mediacms
 cd /home/mediacms.io/mediacms/ && bash ./install.sh
 ```
 
-The script will ask if you have a URL where you want to deploy MediaCMS, otherwise it will use localhost. If you provide a URL, it will use Let's Encrypt service to install a valid ssl certificate. 
+The script will ask if you have a URL where you want to deploy MediaCMS, otherwise it will use localhost. If you provide a URL, it will use Let's Encrypt service to install a valid ssl certificate.
 
 
 ### Update
@@ -145,9 +146,9 @@ The main container runs migrations, mediacms_web, celery_beat, celery_workers (c
  The FRONTEND_HOST in `deploy/docker/local_settings.py` is configured as http://localhost, on the docker host machine.
 
 ### Server with ssl certificate through letsencrypt service, accessed as https://my_domain.com
-Before trying this out make sure the ip points to my_domain.com. 
+Before trying this out make sure the ip points to my_domain.com.
 
-With this method [this deployment](../docker-compose-letsencrypt.yaml) is used. 
+With this method [this deployment](../docker-compose-letsencrypt.yaml) is used.
 
 Edit this file and set `VIRTUAL_HOST` as my_domain.com, `LETSENCRYPT_HOST` as my_domain.com, and your email on `LETSENCRYPT_EMAIL`
 
@@ -177,15 +178,15 @@ The architecture below generalises all the deployment scenarios above, and provi
 ## 5. Configuration
 Several options are available on `cms/settings.py`, most of the things that are allowed or should be disallowed are described there.
 
-It is advisable to override any of them by adding it to `local_settings.py` . 
+It is advisable to override any of them by adding it to `local_settings.py` .
 
 In case of a the single server installation, add to `cms/local_settings.py` .
 
 In case of a docker compose installation, add to `deploy/docker/local_settings.py` . This will automatically overwrite `cms/local_settings.py` .
 
-Any change needs restart of MediaCMS in order to take effect. 
+Any change needs restart of MediaCMS in order to take effect.
 
-Single server installation: edit `cms/local_settings.py`, make a change and restart MediaCMS 
+Single server installation: edit `cms/local_settings.py`, make a change and restart MediaCMS
 
 ```bash
 #systemctl restart mediacms
@@ -213,7 +214,7 @@ PORTAL_NAME = 'my awesome portal'
 
 By default `CAN_ADD_MEDIA = "all"` means that all registered users can add media. Other valid options are:
 
-- **email_verified**, a user not only has to register an account but also verify the email (by clicking the link sent upon registration). Apparently email configuration need to work, otherise users won't receive emails. 
+- **email_verified**, a user not only has to register an account but also verify the email (by clicking the link sent upon registration). Apparently email configuration need to work, otherise users won't receive emails.
 
 - **advancedUser**, only users that are marked as advanced users can add media. Admins or MediaCMS managers can make users advanced users by editing their profile and selecting advancedUser.
 
@@ -282,7 +283,7 @@ Make changes (True/False) to any of the following:
 
 ### 5.9 Show or hide the download option on a media
 
-Edit `templates/config/installation/features.html` and set 
+Edit `templates/config/installation/features.html` and set
 
 ```
 download: false
@@ -291,7 +292,7 @@ download: false
 ### 5.10 Automatically hide media upon being reported
 
 set a low number for variable `REPORTED_TIMES_THRESHOLD`
-eg 
+eg
 
 ```
 REPORTED_TIMES_THRESHOLD = 2
@@ -339,7 +340,7 @@ set value
 MEDIA_IS_REVIEWED = False
 ```
 
-any uploaded media now needs to be reviewed before it can appear to the listings. 
+any uploaded media now needs to be reviewed before it can appear to the listings.
 MediaCMS editors/managers/admins can visit the media page and edit it, where they can see the option to mark media as reviewed. By default this is set to True, so all media don't require to be reviewed
 
 ### 5.15 Specify maximum number of media for a playlist
@@ -354,7 +355,7 @@ MAX_MEDIA_PER_PLAYLIST = 14
 
 ### 5.16 Specify maximum size of a media that can be uploaded
 
-change `UPLOAD_MAX_SIZE`. 
+change `UPLOAD_MAX_SIZE`.
 
 default is 4GB
 
@@ -417,7 +418,7 @@ Global notifications that are implemented are controlled by the following option
 
 ```
 USERS_NOTIFICATIONS = {
-    'MEDIA_ADDED': True,    
+    'MEDIA_ADDED': True,
 }
 ```
 
@@ -466,13 +467,13 @@ For example, the `Active` state of any profile can be toggled to enable or disab
 
 ## 13. How To Add A Static Page To The Sidebar
 
-### 1. Create your html page in templates/cms/ 
+### 1. Create your html page in templates/cms/
 e.g. duplicate and rename about.html
 ```
 sudo cp templates/cms/about.html templates/cms/volunteer.html
 ```
 
-### 2. Create your css file in static/css/ 
+### 2. Create your css file in static/css/
 ```
 touch static/css/volunteer.css
 ```
@@ -536,24 +537,24 @@ urlpatterns = [
 
 ### 8. Add your page to the left sidebar
 To add a link to your page as a menu item in the left sidebar,
-add the following code after the last line in _commons.js   
+add the following code after the last line in _commons.js
 ```
 /* Checks that a given selector has loaded. */
 const checkElement = async selector => {
     while ( document.querySelector(selector) === null) {
       await new Promise( resolve =>  requestAnimationFrame(resolve) )
     }
-    return document.querySelector(selector); 
+    return document.querySelector(selector);
   };
 
 /* Checks that sidebar nav menu has loaded, then adds menu item. */
 checkElement('.nav-menu')
 .then((element) => {
-     (function(){    
-        var a = document.createElement('a');        
+     (function(){
+        var a = document.createElement('a');
         a.href = "/volunteer";
         a.title = "Volunteer";
-       
+
         var s = document.createElement('span');
         s.className = "menu-item-icon";
 
@@ -563,7 +564,7 @@ checkElement('.nav-menu')
 
         s.appendChild(icon);
         a.appendChild(s);
-    
+
         var linkText = document.createTextNode("Volunteer");
         var t = document.createElement('span');
 
@@ -575,14 +576,14 @@ checkElement('.nav-menu')
         listItem.appendChild(a);
 
         //if signed out use 3rd nav-menu
-        var elem = document.querySelector(".nav-menu:nth-child(3) nav ul"); 
+        var elem = document.querySelector(".nav-menu:nth-child(3) nav ul");
         var loc = elem.innerText;
         if (loc.includes("About")){
           elem.insertBefore(listItem, elem.children[2]);
         } else { //if signed in use 4th nav-menu
           elem = document.querySelector(".nav-menu:nth-child(4) nav ul");
           elem.insertBefore(listItem, elem.children[2]);
-        }       
+        }
     })();
 });
 ```
@@ -608,7 +609,7 @@ Instructions contributed by @alberto98fx
 
 2. Add the Gtag/Analytics script
 
-3. Inside ``` $DIR/mediacms/templates/root.html``` you'll see a file like this one: 
+3. Inside ``` $DIR/mediacms/templates/root.html``` you'll see a file like this one:
 
 ```
 <head>
@@ -619,7 +620,7 @@ Instructions contributed by @alberto98fx
         {% include "common/head-meta.html" %}
 
         {% block headermeta %}
-        
+
         <meta property="og:title" content="{{PORTAL_NAME}}">
         <meta property="og:type" content="website">
 
@@ -632,17 +633,17 @@ Instructions contributed by @alberto98fx
         {% block topimports %}{%endblock topimports %}
 
         {% include "config/index.html" %}
-      
+
     {% endblock head %}
 
 </head>
 ```
 
 4. Add  ``` {% include "tracking.html" %} ``` at the end inside the section ```<head>```
-  
-5. If you are using Docker and didn't  mount the entire dir you need to bind a new volume: 
+
+5. If you are using Docker and didn't  mount the entire dir you need to bind a new volume:
 ```
-  
+
     web:
     image: mediacms/mediacms:latest
     restart: unless-stopped
@@ -653,7 +654,7 @@ Instructions contributed by @alberto98fx
     volumes:
       - ./templates/root.html:/home/mediacms.io/mediacms/templates/root.html
       - ./templates/tracking.html://home/mediacms.io/mediacms/templates/tracking.html
-  
+
  ```
 
 ## 15. Debugging email issues
@@ -684,7 +685,7 @@ email = EmailMessage(
 email.send(fail_silently=False)
 ```
 
-You have the chance to either receive the email (in this case it will be sent to recipient@email.com) otherwise you will see the error. 
+You have the chance to either receive the email (in this case it will be sent to recipient@email.com) otherwise you will see the error.
 For example, while specifying wrong password for my Gmail account I get
 
 ```
@@ -694,7 +695,7 @@ SMTPAuthenticationError: (535, b'5.7.8 Username and Password not accepted. Learn
 ## 16. Frequently Asked Questions
 Video is playing but preview thumbnails are not showing for large video files
 
-Chances are that the sprites file was not created correctly. 
+Chances are that the sprites file was not created correctly.
 The output of files.tasks.produce_sprite_from_video() function in this case is something like this
 
 ```
@@ -708,16 +709,16 @@ Solution: edit file `/etc/ImageMagick-6/policy.xml` and set bigger values for th
   <policy domain="resource" name="width" value="16000KP"/>
 ```
 
-Newly added video files now will be able to produce the sprites file needed for thumbnail previews. To re-run that task on existing videos, enter the Django shell 
+Newly added video files now will be able to produce the sprites file needed for thumbnail previews. To re-run that task on existing videos, enter the Django shell
 
 
 ```
-root@8433f923ccf5:/home/mediacms.io/mediacms# source  /home/mediacms.io/bin/activate 
+root@8433f923ccf5:/home/mediacms.io/mediacms# source  /home/mediacms.io/bin/activate
 root@8433f923ccf5:/home/mediacms.io/mediacms# python manage.py shell
-Python 3.8.14 (default, Sep 13 2022, 02:23:58) 
+Python 3.8.14 (default, Sep 13 2022, 02:23:58)
 ```
 
-and run 
+and run
 
 ```
 In [1]: from files.models import Media
@@ -727,4 +728,10 @@ In [3]: for media in Media.objects.filter(media_type='video', sprites=''):
    ...:     produce_sprite_from_video(media.friendly_token)
 ```
 
-this will re-create the sprites for videos that the task failed. 
+this will re-create the sprites for videos that the task failed.
+
+
+## 17. Cookie consent code
+On file `templates/components/header.html` you can find a simple cookie consent code. It is commented, so you have to remove the `{% comment %}` and `{% endcomment %}` lines in order to enable it. Or you can replace that part with your own code that handles cookie consent banners.
+
+![Simple Cookie Consent](images/cookie_consent.png)

files/helpers.py

@@ -785,3 +785,11 @@ def clean_query(query):
         query = query.replace(char, "")
 
     return query.lower()
+
+
+def get_alphanumeric_only(string):
+    """Returns a query that contains only alphanumeric characters
+    This include characters other than the English alphabet too
+    """
+    string = "".join([char for char in string if char.isalnum()])
+    return string.lower()

files/models.py

@@ -16,7 +16,6 @@ from django.core.files import File
 from django.db import connection, models
 from django.db.models.signals import m2m_changed, post_delete, post_save, pre_delete
 from django.dispatch import receiver
-from django.template.defaultfilters import slugify
 from django.urls import reverse
 from django.utils import timezone
 from django.utils.html import strip_tags
@@ -1006,10 +1005,8 @@ class Tag(models.Model):
         return True
 
     def save(self, *args, **kwargs):
-        self.title = slugify(self.title[:99])
-        strip_text_items = ["title"]
-        for item in strip_text_items:
-            setattr(self, item, strip_tags(getattr(self, item, None)))
+        self.title = helpers.get_alphanumeric_only(self.title)
+        self.title = self.title[:99]
         super(Tag, self).save(*args, **kwargs)
 
     @property

files/serializers.py

@@ -151,10 +151,14 @@ class SingleMediaSerializer(serializers.ModelSerializer):
 
 class MediaSearchSerializer(serializers.ModelSerializer):
     url = serializers.SerializerMethodField()
+    api_url = serializers.SerializerMethodField()
 
     def get_url(self, obj):
         return self.context["request"].build_absolute_uri(obj.get_absolute_url())
 
+    def get_api_url(self, obj):
+        return self.context["request"].build_absolute_uri(obj.get_absolute_url(api=True))
+
     class Meta:
         model = Media
         fields = (
@@ -168,6 +172,7 @@ class MediaSearchSerializer(serializers.ModelSerializer):
             "friendly_token",
             "duration",
             "url",
+            "api_url",
             "media_type",
             "preview_url",
             "categories_info",

files/views.py

@@ -9,7 +9,6 @@ from django.core.mail import EmailMessage
 from django.db.models import Q
 from django.http import HttpResponseRedirect
 from django.shortcuts import get_object_or_404, render
-from django.template.defaultfilters import slugify
 from drf_yasg import openapi as openapi
 from drf_yasg.utils import swagger_auto_schema
 from rest_framework import permissions, status
@@ -31,7 +30,7 @@ from cms.permissions import IsAuthorizedToAdd, IsUserOrEditor, user_allowed_to_u
 from users.models import User
 
 from .forms import ContactForm, MediaForm, SubtitleForm
-from .helpers import clean_query, produce_ffmpeg_commands
+from .helpers import clean_query, get_alphanumeric_only, produce_ffmpeg_commands
 from .methods import (
     check_comment_for_mention,
     get_user_or_session,
@@ -189,7 +188,8 @@ def edit_media(request):
                 media.tags.remove(tag)
             if form.cleaned_data.get("new_tags"):
                 for tag in form.cleaned_data.get("new_tags").split(","):
-                    tag = slugify(tag)
+                    tag = get_alphanumeric_only(tag)
+                    tag = tag[:99]
                     if tag:
                         try:
                             tag = Tag.objects.get(title=tag)

frontend/src/static/js/components/comments/Comments.jsx

@@ -80,7 +80,7 @@ function CommentForm(props) {
 
   function onChangeWithMention(event, newValue, newPlainTextValue, mentions) {
     textareaRef.current.style.height = '';
-    
+
     setValue(newValue);
     setMadeChanges(true);
 
@@ -144,8 +144,8 @@ function CommentForm(props) {
         <UserThumbnail />
         <div className="form">
           <div className={'form-textarea-wrap' + (textareaFocused ? ' focused' : '')}>
-            { MediaCMS.features.media.actions.comment_mention ? 
-              <MentionsInput 
+            { MediaCMS.features.media.actions.comment_mention ?
+              <MentionsInput
                 inputRef={textareaRef}
                 className="form-textarea"
                 rows="1"
@@ -430,31 +430,37 @@ export default function CommentsList(props) {
 
   function onCommentsLoad() {
     const retrievedComments = [...MediaPageStore.get('media-comments')];
-    const video = videojs('vjs_video_3');
-    
-    if (MediaCMS.features.media.actions.timestampTimebar)
-    {
-      enableMarkers(video);
-    }
-
-    if (MediaCMS.features.media.actions.comment_mention === true)
-    {
-      retrievedComments.forEach(comment => {
-        comment.text = setMentions(comment.text);
-      });
-    }
 
-    video.one('loadedmetadata', () => {       
-      retrievedComments.forEach(comment => {          
-        comment.text = setTimestampAnchorsAndMarkers(comment.text, video);
-      });
-      
-      displayCommentsRelatedAlert();
-      setComments([...retrievedComments]);
-    });
     setComments([...retrievedComments]);
+
+    // TODO: this code is breaking, beed ti debug, until then removing the extra
+    // functionality related with video/timestamp/user mentions
+    //    const video = videojs('vjs_video_3');
+
+    // if (MediaCMS.features.media.actions.timestampTimebar)
+    //{
+    //  enableMarkers(video);
+    //}
+
+    //if (MediaCMS.features.media.actions.comment_mention === true)
+    //{
+    //  retrievedComments.forEach(comment => {
+    //    comment.text = setMentions(comment.text);
+    //  });
+    //}
+
+    // TODO: this code is breaking
+    // video.one('loadedmetadata', () => {
+    //  retrievedComments.forEach(comment => {
+    //    comment.text = setTimestampAnchorsAndMarkers(comment.text, video);
+    //  });
+
+    //  displayCommentsRelatedAlert();
+    //  setComments([...retrievedComments]);
+    //});
+    //setComments([...retrievedComments]);
   }
-  
+
   function setMentions(text)
   {
     let sanitizedComment = text.split('@(_').join("<a href=\"/user/");
@@ -464,7 +470,7 @@ export default function CommentsList(props) {
 
   function setTimestampAnchorsAndMarkers(text, videoPlayer)
   {
-    function wrapTimestampWithAnchor(match, string) 
+    function wrapTimestampWithAnchor(match, string)
     {
       let split = match.split(':'), s = 0, m = 1;
       let searchParameters = new URLSearchParams(window.location.search);

frontend/src/static/js/utils/stores/MediaPageStore.js

@@ -209,7 +209,9 @@ class MediaPageStore extends EventEmitter {
     }
 
     this.loadPlaylists();
-    this.loadUsers();
+    if (MediaCMS.features.media.actions.comment_mention === true) {
+      this.loadUsers();
+    }
 
     if (this.mediacms_config.member.can.readComment) {
       this.loadComments();

install-rhel.sh

@@ -0,0 +1,302 @@
+#!/bin/bash
+# should be run as root on a rhel8-like system
+
+function update_permissions
+{
+	# fix permissions of /srv/mediacms directory
+	chown -R nginx:root $1
+}
+
+echo "Welcome to the MediacMS installation!";
+
+if [ `id -u` -ne 0 ]; then
+	echo "Please run as root user"
+	exit
+fi
+
+
+while true; do
+    read -p "
+This script will attempt to perform a system update, install required dependencies, and configure PostgreSQL, NGINX, Redis and a few other utilities.
+It is expected to run on a new system **with no running instances of any these services**. Make sure you check the script before you continue. Then enter y or n
+" yn
+    case $yn in
+        [Yy]* ) echo "OK!"; break;;
+        [Nn]* ) echo "Have a great day"; exit;;
+        * ) echo "Please answer y or n.";;
+    esac
+done
+
+# update configuration files
+
+sed -i 's/\/home\/mediacms\.io\/mediacms\/Bento4-SDK-1-6-0-637\.x86_64-unknown-linux\/bin\/mp4hls/\/srv\/mediacms\/bento4\/bin\/mp4hls/g' cms/settings.py
+sed -i 's/www-data/nginx/g;s/\/home\/mediacms\.io\/mediacms\/logs/\/var\/log\/mediacms/g;s/\/home\/mediacms\.io\/mediacms/\/srv\/mediacms/g;s/\/home\/mediacms\.io\/bin/\/srv\/mediacms\/virtualenv\/bin/g' deploy/local_install/celery_*.service
+sed -i 's/\/home\/mediacms\.io\/mediacms/\/srv\/mediacms/g' deploy/local_install/mediacms.io
+sed -i 's/\/home\/mediacms\.io\/bin/\/srv\/mediacms\/virtualenv\/bin/g;s/\/home\/mediacms\.io\/mediacms/\/srv\/mediacms/g' deploy/local_install/mediacms.service
+sed -i 's/\/home\/mediacms\.io\/mediacms/\/var\/log\/mediacms/g' deploy/local_install/mediacms_logrorate
+sed -i 's/www-data/nginx/g' deploy/local_install/nginx.conf
+sed -i 's/www-data/nginx/g;s/\/home\/mediacms\.io\/mediacms\/logs/\/var\/log\/mediacms/g;s/\/home\/mediacms\.io\/mediacms/\/srv\/mediacms/g;s/\/home\/mediacms\.io/\/srv\/mediacms\/virtualenv/g' deploy/local_install/uwsgi.ini
+
+osVersion=
+
+if [[ -f /etc/os-release ]]; then
+	osVersion=$(grep ^ID /etc/os-release)
+fi
+
+if [[ $osVersion == *"fedora"* ]] || [[ $osVersion == *"rhel"*  ]] || [[ $osVersion == *"centos"* ]] || [[ *"rocky"* ]]; then
+	dnf install -y epel-release https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm yum-utils
+	yum-config-manager --enable powertools
+	dnf install -y python3-virtualenv python39-devel redis postgresql postgresql-server nginx git gcc vim unzip ImageMagick python3-certbot-nginx certbot wget xz ffmpeg policycoreutils-devel cmake gcc gcc-c++ wget git bsdtar
+else
+    echo "unsupported or unknown os"
+    exit -1
+fi
+
+# fix permissions of /srv/mediacms directory
+update_permissions /srv/mediacms/
+
+read -p "Enter portal URL, or press enter for localhost : " FRONTEND_HOST
+read -p "Enter portal name, or press enter for 'MediaCMS : " PORTAL_NAME
+
+[ -z "$PORTAL_NAME" ] && PORTAL_NAME='MediaCMS'
+[ -z "$FRONTEND_HOST" ] && FRONTEND_HOST='localhost'
+
+echo "Configuring postgres"
+if [ ! command -v postgresql-setup > /dev/null 2>&1 ]; then
+        echo "Something went wrong, the command 'postgresql-setup' was not found in the system path."
+        exit -1
+fi
+
+postgresql-setup --initdb
+
+# set authentication method for mediacms user to scram-sha-256
+sed -i 's/.*password_encryption.*/password_encryption = scram-sha-256/' /var/lib/pgsql/data/postgresql.conf
+sed -i '/# IPv4 local connections:/a host\tmediacms\tmediacms\t127.0.0.1/32\tscram-sha-256' /var/lib/pgsql/data/pg_hba.conf
+
+systemctl enable postgresql.service --now
+
+su -c "psql -c \"CREATE DATABASE mediacms\"" postgres
+su -c "psql -c \"CREATE USER mediacms WITH ENCRYPTED PASSWORD 'mediacms'\"" postgres
+su -c "psql -c \"GRANT ALL PRIVILEGES ON DATABASE mediacms TO mediacms\"" postgres
+
+echo 'Creating python virtualenv on /srv/mediacms/virtualenv/'
+
+mkdir /srv/mediacms/virtualenv/
+cd /srv/mediacms/virtualenv/
+virtualenv . --python=python3
+source  /srv/mediacms/virtualenv/bin/activate
+cd /srv/mediacms/
+pip install -r requirements.txt
+
+systemctl enable redis.service --now
+
+SECRET_KEY=`python -c 'from django.core.management.utils import get_random_secret_key; print(get_random_secret_key())'`
+
+# remove http or https prefix
+FRONTEND_HOST=`echo "$FRONTEND_HOST" | sed -r 's/http:\/\///g'`
+FRONTEND_HOST=`echo "$FRONTEND_HOST" | sed -r 's/https:\/\///g'`
+
+FRONTEND_HOST_HTTP_PREFIX='http://'$FRONTEND_HOST
+
+echo 'FRONTEND_HOST='\'"$FRONTEND_HOST_HTTP_PREFIX"\' >> cms/local_settings.py
+echo 'PORTAL_NAME='\'"$PORTAL_NAME"\' >> cms/local_settings.py
+echo "SSL_FRONTEND_HOST = FRONTEND_HOST.replace('http', 'https')" >> cms/local_settings.py
+
+echo 'SECRET_KEY='\'"$SECRET_KEY"\' >> cms/local_settings.py
+echo "LOCAL_INSTALL = True" >> cms/local_settings.py
+
+mkdir /var/log/mediacms/
+mkdir pids
+
+update_permissions /var/log/mediacms/
+
+python manage.py migrate
+python manage.py loaddata fixtures/encoding_profiles.json
+python manage.py loaddata fixtures/categories.json
+python manage.py collectstatic --noinput
+
+ADMIN_PASS=`python -c "import secrets;chars = 'abcdefghijklmnopqrstuvwxyz0123456789';print(''.join(secrets.choice(chars) for i in range(10)))"`
+echo "from users.models import User; User.objects.create_superuser('admin', 'admin@example.com', '$ADMIN_PASS')" | python manage.py shell
+
+echo "from django.contrib.sites.models import Site; Site.objects.update(name='$FRONTEND_HOST', domain='$FRONTEND_HOST')" | python manage.py shell
+
+update_permissions /srv/mediacms/
+
+cp deploy/local_install/celery_long.service /etc/systemd/system/celery_long.service
+cp deploy/local_install/celery_short.service /etc/systemd/system/celery_short.service
+cp deploy/local_install/celery_beat.service /etc/systemd/system/celery_beat.service
+cp deploy/local_install/mediacms.service /etc/systemd/system/mediacms.service
+
+mkdir -p /etc/letsencrypt/live/$FRONTEND_HOST
+mkdir -p /etc/nginx/sites-enabled
+mkdir -p /etc/nginx/sites-available
+mkdir -p /etc/nginx/dhparams/
+rm -rf /etc/nginx/conf.d/default.conf
+rm -rf /etc/nginx/sites-enabled/default
+cp deploy/local_install/mediacms.io_fullchain.pem /etc/letsencrypt/live/$FRONTEND_HOST/fullchain.pem
+cp deploy/local_install/mediacms.io_privkey.pem /etc/letsencrypt/live/$FRONTEND_HOST/privkey.pem
+cp deploy/local_install/mediacms.io /etc/nginx/sites-available/mediacms.io
+ln -s /etc/nginx/sites-available/mediacms.io /etc/nginx/sites-enabled/mediacms.io
+cp deploy/local_install/uwsgi_params /etc/nginx/sites-enabled/uwsgi_params
+cp deploy/local_install/nginx.conf /etc/nginx/
+
+# attempt to get a valid certificate for specified domain
+while true ; do
+        echo "Would you like to run [c]ertbot, or [s]kip?"
+        read -p " : " certbotConfig
+
+        case $certbotConfig in
+        [cC*] )
+		if [ "$FRONTEND_HOST" != "localhost" ]; then
+			systemctl start
+			echo 'attempt to get a valid certificate for specified url $FRONTEND_HOST'
+			certbot --nginx -n --agree-tos --register-unsafely-without-email -d $FRONTEND_HOST
+			certbot --nginx -n --agree-tos --register-unsafely-without-email -d $FRONTEND_HOST
+			# unfortunately for some reason it needs to be run two times in order to create the entries
+			# and directory structure!!!
+			systemctl stop nginx
+
+			# Generate individual DH params
+			openssl dhparam -out /etc/nginx/dhparams/dhparams.pem 4096
+		fi
+
+                break
+                ;;
+        [sS*] )
+		echo "will not call certbot utility to update ssl certificate for url 'localhost', using default ssl certificate"
+		cp deploy/local_install/dhparams.pem /etc/nginx/dhparams/dhparams.pem
+
+                break
+                ;;
+        * )
+                echo "Unknown option: $certbotConfig"
+                ;;
+        esac
+done
+
+# configure bento4 utility installation, for HLS
+while true ; do
+	echo "Configuring Bento4"
+	echo "Would you like to [d]ownload a pre-compiled bento4 binary, or [b]uild it now?"
+	read -p "b/d : " bentoConfig
+
+	case $bentoConfig in
+	[bB*] )
+		echo "Building bento4 from source"
+		git clone -b v1.6.0-640 https://github.com/axiomatic-systems/Bento4 /srv/mediacms/bento4
+		cd /srv/mediacms/bento4/
+		mkdir bin
+		cd /srv/mediacms/bento4/bin/
+		cmake -DCMAKE_BUILD_TYPE=Release ..
+		make -j$(nproc)
+
+		chmod +x ../Source/Python/utils/mp4-hls.py
+
+		echo -e '#!/bin/bash' >> mp4hls
+		echo -e 'BASEDIR=$(pwd)' >> mp4hls
+		echo -e 'exec python3 "$BASEDIR/../Source/Python/utils/mp4-hls.py"' >> mp4hls
+
+		chmod +x mp4hls
+
+		break
+		;;
+	[dD*] )
+		cd /srv/mediacms/
+		wget http://zebulon.bok.net/Bento4/binaries/Bento4-SDK-1-6-0-637.x86_64-unknown-linux.zip
+		bsdtar -xf Bento4-SDK-1-6-0-637.x86_64-unknown-linux.zip -s '/Bento4-SDK-1-6-0-637.x86_64-unknown-linux/bento4/'
+
+		break
+		;;
+	* )
+		echo "Unknown option: $bentoConfig"
+		;;
+	esac
+done
+
+mkdir /srv/mediacms/media_files/hls
+
+# update permissions
+
+update_permissions /srv/mediacms/
+
+# configure selinux
+
+while true ; do
+        echo "Configuring SELinux"
+        echo "Would you like to [d]isable SELinux until next reboot, [c]onfigure our SELinux module, or [s]kip and not do any SELinux confgiguration?"
+        read -p "d/c/s : " seConfig
+
+        case $seConfig in
+        [Dd]* )
+                echo "Disabling SELinux until next reboot"
+                break
+                ;;
+        [Cc]* )
+                echo "Configuring custom mediacms selinux module"
+
+		semanage fcontext -a -t bin_t /srv/mediacms/virtualenv/bin/
+		semanage fcontext -a -t httpd_sys_content_t "/srv/mediacms(/.*)?"
+		restorecon -FRv /srv/mediacms/
+
+		sebools=(httpd_can_network_connect httpd_graceful_shutdown httpd_can_network_relay nis_enabled httpd_setrlimit domain_can_mmap_files)
+
+		for bool in "${sebools[@]}"
+		do
+			setsebool -P $bool 1
+		done
+
+		cd /srv/mediacms/deploy/local_install/
+		make -f /usr/share/selinux/devel/Makefile selinux-mediacms.pp
+		semodule -i selinux-mediacms.pp
+
+                break
+                ;;
+        [Ss]* )
+                echo "Skipping SELinux configuration"
+                break
+                ;;
+        * )
+                echo "Unknown option: $seConfig"
+                ;;
+        esac
+done
+
+# configure firewall
+if command -v firewall-cmd > /dev/null 2>&1 ; then
+	while true ; do
+	        echo "Configuring firewall"
+	        echo "Would you like to configure http, https, or skip and not do any firewall configuration?"
+	        read -p "http/https/skip : " fwConfig
+
+		case $fwConfig in
+	        http )
+	                echo "Opening port 80 until next reboot"
+			firewall-cmd --add-port=80/tcp
+	                break
+	                ;;
+	        https )
+			echo "Opening port 443 permanently"
+			firewall-cmd --add-port=443/tcp --permanent
+			firewall-cmd --reload
+	                break
+	                ;;
+	        skip )
+	                echo "Skipping firewall configuration"
+	                break
+	                ;;
+	        * )
+	                echo "Unknown option: $fwConfig"
+	                ;;
+	        esac
+	done
+
+fi
+
+systemctl daemon-reload
+systemctl start celery_long.service
+systemctl start celery_short.service
+systemctl start celery_beat.service
+systemctl start mediacms.service
+systemctl start nginx.service
+
+echo 'MediaCMS installation completed, open browser on http://'"$FRONTEND_HOST"' and login with user admin and password '"$ADMIN_PASS"''

templates/components/header.html

@@ -1 +1,20 @@
-<div id="app-header"></div>
+<div id="app-header"></div>
+
+{% comment %}
+Uncomment, or replace with your own cookie consent code.
+
+<script src="https://cdn.websitepolicies.io/lib/cookieconsent/cookieconsent.min.js" defer></script>
+<script>
+    window.addEventListener("load", function () {
+        window.wpcc.init({
+            border: "normal",
+            corners: "normal",
+            colors: { popup: { background: "#222222", text: "#ffffff", border: "#FF8000" }, button: { background: "#FF8000", text: "#000000" } },
+            position: "top-right",
+            content: { message: "Hi there, we are using cookies on this website. We don't use tracking or analytics here, just the essentials for the Website to work.\n", button: "Understood! Yum!", link: "Click here to learn more." },
+        });
+    });
+</script>
+
+
+{% endcomment %}

version.py

@@ -1 +1 @@
-2.0
+VERSION = "2.0.0"