From ddef2d341ac1c6f6f9f993754577bcb675f3eb76 Mon Sep 17 00:00:00 2001
From: Charmander <~@charmander.me>
Date: Mon, 21 Oct 2024 20:07:58 -0700
Subject: [PATCH 1/8] Normalize private message recipient names before echoing
 in form field
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Prevents a potential attack like:

```
[https://www.weasyl.com/notes/compose?recipient=admin](/notes/compose?recipient=admin%09%09%09…%09[%3b]evil)
```

(with or without a semicolon), where evidence of an unintended recipient is pushed outside the visible field with no visual indication in typical browsers (if a revealing selection is never made).

Also prevents Unicode and ASCII confusion attacks outside of lowercase + digit character set.
---
 weasyl/controllers/interaction.py | 2 +-
 weasyl/define.py                  | 7 +++++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/weasyl/controllers/interaction.py b/weasyl/controllers/interaction.py
index 72a08ca73..599df86f6 100644
--- a/weasyl/controllers/interaction.py
+++ b/weasyl/controllers/interaction.py
@@ -146,7 +146,7 @@ def notes_compose_get_(request):
 
     return Response(define.webpage(request.userid, "note/compose.html", [
         # Recipient
-        form.recipient.strip(),
+        "; ".join(define.get_sysname_list(form.recipient)),
         profile.select_myself(request.userid),
     ]))
 
diff --git a/weasyl/define.py b/weasyl/define.py
index d184fe424..894c8dce0 100644
--- a/weasyl/define.py
+++ b/weasyl/define.py
@@ -434,9 +434,12 @@ def get_userids(usernames):
     return ret
 
 
+def get_sysname_list(s: str) -> list[str]:
+    return list(filter(None, map(get_sysname, s.split(";"))))
+
+
 def get_userid_list(target):
-    usernames = target.split(";")
-    return [userid for userid in get_userids(usernames).values() if userid != 0]
+    return [userid for userid in get_userids(get_sysname_list(target)).values() if userid != 0]
 
 
 def get_ownerid(submitid=None, charid=None, journalid=None):

From bb904fc21088e7a4673f22433c11502ca31a6758 Mon Sep 17 00:00:00 2001
From: Charmander <~@charmander.me>
Date: Fri, 18 Oct 2024 18:06:09 -0700
Subject: [PATCH 2/8] Replace an `<a href="#">` with a `<button>`

---
 weasyl/templates/note/message_list.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/weasyl/templates/note/message_list.html b/weasyl/templates/note/message_list.html
index f6c334073..ae5b6fcc4 100644
--- a/weasyl/templates/note/message_list.html
+++ b/weasyl/templates/note/message_list.html
@@ -56,7 +56,7 @@
         <a class="button" href="/notes?folder=${folder}&amp;nextid=${notes[-1]['noteid']}">Next</a>
 
         <span style="float:right;">
-          <a class="button needs-js selection-toggle" href="#">Invert Selection</a>
+          <button type="button" class="button needs-js selection-toggle">Invert Selection</button>
           <button class="button negative">Remove Selected</button>
           <a class="button" href="/notes?folder=inbox">Inbox</a>
           <a class="button" href="/notes?folder=outbox">Outbox</a>

From 955fc5a17ec366098b49c0282ae70441f7502dc6 Mon Sep 17 00:00:00 2001
From: Charmander <~@charmander.me>
Date: Mon, 21 Oct 2024 16:20:06 -0700
Subject: [PATCH 3/8] cleanup: Remove unused message folder filters from
 queries

`user_folder` and `other_folder` are always 0.
---
 libweasyl/models/tables.py | 1 +
 weasyl/note.py             | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/libweasyl/models/tables.py b/libweasyl/models/tables.py
index e2f6584aa..f70f7f90e 100644
--- a/libweasyl/models/tables.py
+++ b/libweasyl/models/tables.py
@@ -376,6 +376,7 @@ def default_fkey(*args, **kwargs):
     Column('noteid', Integer(), primary_key=True, nullable=False),
     Column('userid', Integer(), nullable=False),
     Column('otherid', Integer(), nullable=False),
+    # TODO: delete unused columns after deployment of change that removes them from queries
     Column('user_folder', Integer(), nullable=False, server_default='0'),
     Column('other_folder', Integer(), nullable=False, server_default='0'),
     Column('title', String(length=100), nullable=False),
diff --git a/weasyl/note.py b/weasyl/note.py
index ac6d49000..75e7aca8f 100644
--- a/weasyl/note.py
+++ b/weasyl/note.py
@@ -21,7 +21,7 @@ def select_inbox(userid, limit, backid=None, nextid=None, filter=[]):
         SELECT ms.noteid, ms.userid, ps.username, ms.title, ms.unixtime, ms.settings
         FROM message ms
             INNER JOIN profile ps USING (userid)
-        WHERE (ms.otherid, ms.other_folder) = (%(recipient)s, 0)
+        WHERE ms.otherid = %(recipient)s
             AND ms.settings !~ 'r'
     """]
 
@@ -55,7 +55,7 @@ def select_outbox(userid, limit, backid=None, nextid=None, filter=[]):
         SELECT ms.noteid, ms.otherid, pr.username, ms.title, ms.unixtime
         FROM message ms
             INNER JOIN profile pr ON ms.otherid = pr.userid
-        WHERE (ms.userid, ms.user_folder) = (%(sender)s, 0)
+        WHERE ms.userid = %(sender)s
             AND ms.settings !~ 's'
     """]
 

From 98506dca32ae2cd0418fb283b09953f187230d7c Mon Sep 17 00:00:00 2001
From: Charmander <~@charmander.me>
Date: Mon, 21 Oct 2024 18:41:45 -0700
Subject: [PATCH 4/8] Clean up common page navigation component

- remove unused template parameter `count_limit`
- meaningful HTML: use `<nav>`, add `rel`s to previous/next page links
- use flexbox instead of (clearfixless!) float for more contained layout
---
 assets/scss/components/_page-navigation.scss |  7 +++++++
 assets/scss/site.scss                        |  1 +
 weasyl/templates/common/page_navigation.html | 14 +++++++-------
 3 files changed, 15 insertions(+), 7 deletions(-)
 create mode 100644 assets/scss/components/_page-navigation.scss

diff --git a/assets/scss/components/_page-navigation.scss b/assets/scss/components/_page-navigation.scss
new file mode 100644
index 000000000..4f6d8f391
--- /dev/null
+++ b/assets/scss/components/_page-navigation.scss
@@ -0,0 +1,7 @@
+.pages-layout-split {
+    display: flex;
+
+    > [rel=next] {
+        margin-left: auto;
+    }
+}
diff --git a/assets/scss/site.scss b/assets/scss/site.scss
index c832f6051..b8827b431 100644
--- a/assets/scss/site.scss
+++ b/assets/scss/site.scss
@@ -2,6 +2,7 @@
 @import 'reset';
 @import 'components/date-picker';
 @import 'components/option';
+@import 'components/page-navigation';
 @import 'components/text-post-list';
 @import 'components/user-tabs';
 @import 'pages/marketplace';
diff --git a/weasyl/templates/common/page_navigation.html b/weasyl/templates/common/page_navigation.html
index db0fcfc60..e88c4d247 100644
--- a/weasyl/templates/common/page_navigation.html
+++ b/weasyl/templates/common/page_navigation.html
@@ -1,12 +1,12 @@
-$def with (result, count_limit=None)
+$def with (result)
 $# paginated navigation buttons using a PaginatedResult
-<div>
+<nav class="pages-layout-split">
   $if result.has_counts:
     $if result.back_count:
-      <a class="button" href="${result.back_url}">Back (${result.back_count}$:{'+' if result.back_count == result.count_limit else ''} more)</a>
+      <a class="button" rel="prev" href="${result.back_url}">Back (${result.back_count}$:{'+' if result.back_count == result.count_limit else ''} more)</a>
     $if result.next_count:
-      <a class="button" style="float:right;" href="${result.next_url}">Next (${result.next_count}$:{'+' if result.next_count == result.count_limit else ''} more)</a>
+      <a class="button" rel="next" href="${result.next_url}">Next (${result.next_count}$:{'+' if result.next_count == result.count_limit else ''} more)</a>
   $else:
-    <a class="button" href="${result.back_url}">Back</a>
-    <a class="button" style="float:right;" href="${result.next_url}">Next</a>
-</div>
+    <a class="button" rel="prev" href="${result.back_url}">Back</a>
+    <a class="button" rel="next" href="${result.next_url}">Next</a>
+</nav>

From d10d4497d8ef154cebe766ef952a19ff653b0aaf Mon Sep 17 00:00:00 2001
From: Charmander <~@charmander.me>
Date: Mon, 21 Oct 2024 19:11:30 -0700
Subject: [PATCH 5/8] Use common pagination for private message lists
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Adds counts and hides buttons when there’s no page in that direction, improving usability.
---
 assets/scss/components/_page-navigation.scss |   5 +
 weasyl/controllers/interaction.py            |  40 +++---
 weasyl/note.py                               | 122 +++++++++++++------
 weasyl/templates/common/page_navigation.html |   4 +-
 weasyl/templates/note/message_list.html      |  85 ++++++-------
 5 files changed, 153 insertions(+), 103 deletions(-)

diff --git a/assets/scss/components/_page-navigation.scss b/assets/scss/components/_page-navigation.scss
index 4f6d8f391..568eacce6 100644
--- a/assets/scss/components/_page-navigation.scss
+++ b/assets/scss/components/_page-navigation.scss
@@ -5,3 +5,8 @@
         margin-left: auto;
     }
 }
+
+// XXX: temporary hack for private message list
+.pages-layout-left {
+    float: left;
+}
diff --git a/weasyl/controllers/interaction.py b/weasyl/controllers/interaction.py
index 599df86f6..51e84e694 100644
--- a/weasyl/controllers/interaction.py
+++ b/weasyl/controllers/interaction.py
@@ -4,7 +4,7 @@
 from weasyl.controllers.decorators import login_required, token_checked
 from weasyl.error import WeasylError
 from weasyl import (
-    define, favorite, followuser, frienduser, ignoreuser, note, profile)
+    define, favorite, followuser, frienduser, ignoreuser, note, pagination, profile)
 
 
 # User interactivity functions
@@ -114,27 +114,31 @@ def notes_(request):
         raise WeasylError("vouchRequired")
 
     form = request.web_input(folder="inbox", filter="", backid="", nextid="")
+
+    if form.folder == "inbox":
+        select_list = note.select_inbox
+        select_count = note.select_inbox_count
+    elif form.folder == "outbox":
+        select_list = note.select_outbox
+        select_count = note.select_outbox_count
+    else:
+        raise WeasylError("unknownMessageFolder")
+
     backid = int(form.backid) if form.backid else None
     nextid = int(form.nextid) if form.nextid else None
     filter_ = define.get_userid_list(form.filter)
 
-    if form.folder == "inbox":
-        return Response(define.webpage(request.userid, "note/message_list.html", [
-            # Folder
-            "inbox",
-            # Private messages
-            note.select_inbox(request.userid, 50, backid=backid, nextid=nextid, filter=filter_),
-        ]))
-
-    if form.folder == "outbox":
-        return Response(define.webpage(request.userid, "note/message_list.html", [
-            # Folder
-            "outbox",
-            # Private messages
-            note.select_outbox(request.userid, 50, backid=backid, nextid=nextid, filter=filter_),
-        ]))
-
-    raise WeasylError("unknownMessageFolder")
+    result = pagination.PaginatedResult(
+        select_list, select_count, "noteid", f"/notes?folder={form.folder}&%s",
+        request.userid, filter=filter_,
+        backid=backid,
+        nextid=nextid,
+        count_limit=note.COUNT_LIMIT,
+    )
+    return Response(define.webpage(request.userid, "note/message_list.html", (
+        form.folder,
+        result,
+    )))
 
 
 @login_required
diff --git a/weasyl/note.py b/weasyl/note.py
index 75e7aca8f..91c4aee38 100644
--- a/weasyl/note.py
+++ b/weasyl/note.py
@@ -16,26 +16,54 @@
 """
 
 
-def select_inbox(userid, limit, backid=None, nextid=None, filter=[]):
-    statement = ["""
-        SELECT ms.noteid, ms.userid, ps.username, ms.title, ms.unixtime, ms.settings
+PAGE_SIZE = 50
+COUNT_LIMIT = 1000
+
+
+def _select_inbox_query(with_backid: bool, with_nextid: bool, with_filter: bool):
+    yield """
         FROM message ms
             INNER JOIN profile ps USING (userid)
         WHERE ms.otherid = %(recipient)s
             AND ms.settings !~ 'r'
-    """]
+    """
+
+    if with_filter:
+        yield " AND ms.userid = ANY (%(filter)s)"
+
+    if with_backid:
+        yield " AND ms.noteid > %(backid)s"
+    elif with_nextid:
+        yield " AND ms.noteid < %(nextid)s"
+
+
+def _select_outbox_query(with_backid: bool, with_nextid: bool, with_filter: bool):
+    yield """
+        FROM message ms
+            INNER JOIN profile pr ON ms.otherid = pr.userid
+        WHERE ms.userid = %(sender)s
+            AND ms.settings !~ 's'
+    """
 
-    if filter:
-        statement.append(" AND ms.userid = ANY (%(filter)s)")
+    if with_filter:
+        yield " AND ms.otherid = ANY (%(filter)s)"
 
-    if backid:
-        statement.append(" AND ms.noteid > %(backid)s ORDER BY ms.noteid")
-    elif nextid:
-        statement.append(" AND ms.noteid < %(nextid)s ORDER BY ms.noteid DESC")
-    else:
-        statement.append(" ORDER BY ms.noteid DESC")
+    if with_backid:
+        yield " AND ms.noteid > %(backid)s"
+    elif with_nextid:
+        yield " AND ms.noteid < %(nextid)s"
 
-    statement.append(" LIMIT %(limit)s")
+
+def select_inbox(userid, *, limit: None, backid, nextid, filter):
+    statement = "".join((
+        "SELECT ms.noteid, ms.userid, ps.username, ms.title, ms.unixtime, ms.settings",
+        *_select_inbox_query(
+            with_backid=backid is not None,
+            with_nextid=nextid is not None,
+            with_filter=bool(filter),
+        ),
+        f" ORDER BY ms.noteid {'DESC' if backid is None else ''} LIMIT {PAGE_SIZE}",
+    ))
 
     query = [{
         "noteid": i.noteid,
@@ -45,31 +73,21 @@ def select_inbox(userid, limit, backid=None, nextid=None, filter=[]):
         "title": i.title,
         "unixtime": i.unixtime,
     } for i in d.engine.execute(
-        "".join(statement), recipient=userid, filter=filter, backid=backid, nextid=nextid, limit=limit)]
+        statement, recipient=userid, filter=filter, backid=backid, nextid=nextid)]
 
-    return list(reversed(query)) if backid else query
+    return query if backid is None else query[::-1]
 
 
-def select_outbox(userid, limit, backid=None, nextid=None, filter=[]):
-    statement = ["""
-        SELECT ms.noteid, ms.otherid, pr.username, ms.title, ms.unixtime
-        FROM message ms
-            INNER JOIN profile pr ON ms.otherid = pr.userid
-        WHERE ms.userid = %(sender)s
-            AND ms.settings !~ 's'
-    """]
-
-    if filter:
-        statement.append(" AND ms.otherid = ANY (%(filter)s)")
-
-    if backid:
-        statement.append(" AND ms.noteid > %(backid)s ORDER BY ms.noteid")
-    elif nextid:
-        statement.append(" AND ms.noteid < %(nextid)s ORDER BY ms.noteid DESC")
-    else:
-        statement.append(" ORDER BY ms.noteid DESC")
-
-    statement.append(" LIMIT %(limit)s")
+def select_outbox(userid, *, limit: None, backid, nextid, filter):
+    statement = "".join((
+        "SELECT ms.noteid, ms.otherid, pr.username, ms.title, ms.unixtime",
+        *_select_outbox_query(
+            with_backid=backid is not None,
+            with_nextid=nextid is not None,
+            with_filter=bool(filter),
+        ),
+        f" ORDER BY ms.noteid {'DESC' if backid is None else ''} LIMIT {PAGE_SIZE}",
+    ))
 
     query = [{
         "noteid": i.noteid,
@@ -78,9 +96,37 @@ def select_outbox(userid, limit, backid=None, nextid=None, filter=[]):
         "title": i.title,
         "unixtime": i.unixtime,
     } for i in d.engine.execute(
-        "".join(statement), sender=userid, filter=filter, backid=backid, nextid=nextid, limit=limit)]
-
-    return list(reversed(query)) if backid else query
+        statement, sender=userid, filter=filter, backid=backid, nextid=nextid)]
+
+    return query if backid is None else query[::-1]
+
+
+def select_inbox_count(userid, *, backid, nextid, filter):
+    statement = "".join((
+        "SELECT count(*) FROM (SELECT ",
+        *_select_inbox_query(
+            with_backid=backid is not None,
+            with_nextid=nextid is not None,
+            with_filter=bool(filter),
+        ),
+        f" LIMIT {COUNT_LIMIT}) t",
+    ))
+    return d.engine.scalar(
+        statement, recipient=userid, filter=filter, backid=backid, nextid=nextid)
+
+
+def select_outbox_count(userid, *, backid, nextid, filter):
+    statement = "".join((
+        "SELECT count(*) FROM (SELECT ",
+        *_select_outbox_query(
+            with_backid=backid is not None,
+            with_nextid=nextid is not None,
+            with_filter=bool(filter),
+        ),
+        f" LIMIT {COUNT_LIMIT}) t",
+    ))
+    return d.engine.scalar(
+        statement, sender=userid, filter=filter, backid=backid, nextid=nextid)
 
 
 def select_view(userid, noteid):
diff --git a/weasyl/templates/common/page_navigation.html b/weasyl/templates/common/page_navigation.html
index e88c4d247..04fa5781e 100644
--- a/weasyl/templates/common/page_navigation.html
+++ b/weasyl/templates/common/page_navigation.html
@@ -1,6 +1,6 @@
-$def with (result)
+$def with (result, layout="pages-layout-split")
 $# paginated navigation buttons using a PaginatedResult
-<nav class="pages-layout-split">
+<nav class="${layout}">
   $if result.has_counts:
     $if result.back_count:
       <a class="button" rel="prev" href="${result.back_url}">Back (${result.back_count}$:{'+' if result.back_count == result.count_limit else ''} more)</a>
diff --git a/weasyl/templates/note/message_list.html b/weasyl/templates/note/message_list.html
index ae5b6fcc4..88754aef4 100644
--- a/weasyl/templates/note/message_list.html
+++ b/weasyl/templates/note/message_list.html
@@ -1,4 +1,4 @@
-$def with (folder, notes)
+$def with (folder, result)
 $code:
   username_key, userid_key, title, table_header = {
     'inbox': ('sendername', 'senderid', 'Inbox', 'Sender'),
@@ -8,22 +8,22 @@
 $:{RENDER("common/stage_title.html", [title, "Notes", 0])}
 
 <div id="notes-content" class="content">
-  $if notes:
-    <form action="/notes/remove" method="post" data-confirm="Are you sure you want to remove the selected messages?">
-      <input type="hidden" name="folder" value="${folder}" />
+  <form action="/notes/remove" method="post" data-confirm="Are you sure you want to remove the selected messages?">
+    <input type="hidden" name="folder" value="${folder}" />
 
-      <table>
-        <thead>
-          <tr>
-            <th style="width:2em;"></th>
-            <th>Message Title</th>
-            <th>${table_header}</th>
-            <th>Time</th>
-          </tr>
-        </thead>
+    <table>
+      <thead>
+        <tr>
+          <th style="width:2em;"></th>
+          <th>Message Title</th>
+          <th>${table_header}</th>
+          <th>Time</th>
+        </tr>
+      </thead>
 
-        <tbody>
-          $for note in notes:
+      <tbody>
+        $if result.query:
+          $for note in result.query:
             $ noteid = note['noteid']
             $ username = note[username_key]
             $ unixtime = note['unixtime']
@@ -47,37 +47,32 @@
               </td>
               <td>$:{LOCAL_TIME(unixtime, '{date} {time}')}</td>
             </tr>
-        </tbody>
-      </table>
-
-      <!-- buttons at bottom of page -->
-      <div class="buttons">
-        <a class="button" href="/notes?folder=${folder}&amp;backid=${notes[0]['noteid']}">Back</a>
-        <a class="button" href="/notes?folder=${folder}&amp;nextid=${notes[-1]['noteid']}">Next</a>
-
-        <span style="float:right;">
-          <button type="button" class="button needs-js selection-toggle">Invert Selection</button>
-          <button class="button negative">Remove Selected</button>
-          <a class="button" href="/notes?folder=inbox">Inbox</a>
-          <a class="button" href="/notes?folder=outbox">Outbox</a>
-          <a class="button" href="/notes/compose">Compose</a>
-        </span>
-      </div>
-    </form>
-    <div style="padding-top:1em;text-align:right;">
-      <form action="/notes">
-        <input type="hidden" name="folder" value="${folder}" />
-        <input type="text" name="filter" class="input" style="width:200px;" />
-        <button type="submit" class="button">Show Messages ${'From' if folder == 'inbox' else 'To'} User</button>
-      </form>
-    </div>
+        $else:
+          <tr>
+            <td></td>
+            <td class="notes-empty" colspan="3">No private messages.</td>
+          </tr>
+      </tbody>
+    </table>
 
-  $else:
-    <p>There are no private messages to display.</p>
+    <div class="buttons clear">
+      $if result.query:
+        $:{COMPILE("common/page_navigation.html")(result, layout="pages-layout-left")}
 
-    <div class="buttons" style="text-align:right;">
-      <a class="button" href="/notes?folder=inbox">Inbox</a>
-      <a class="button" href="/notes?folder=outbox">Outbox</a>
-      <a class="button" href="/notes/compose">Compose</a>
+      <span style="float:right;">
+        <button type="button" class="button needs-js selection-toggle">Invert Selection</button>
+        <button class="button negative">Remove Selected</button>
+        <a class="button" href="/notes?folder=inbox">Inbox</a>
+        <a class="button" href="/notes?folder=outbox">Outbox</a>
+        <a class="button" href="/notes/compose">Compose</a>
+      </span>
     </div>
+  </form>
+  <div style="padding-top:1em;text-align:right;">
+    <form action="/notes">
+      <input type="hidden" name="folder" value="${folder}" />
+      <input type="text" name="filter" class="input" style="width:200px;" />
+      <button type="submit" class="button">Show Messages ${'From' if folder == 'inbox' else 'To'} User</button>
+    </form>
+  </div>
 </div>

From c5c154ec668ffe9f8de5b6a6d7cc864e91e02892 Mon Sep 17 00:00:00 2001
From: Charmander <~@charmander.me>
Date: Mon, 21 Oct 2024 21:26:50 -0700
Subject: [PATCH 6/8] Remove ability to send notes to multiple recipients
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- it isn’t obvious from the UI that this is even possible

- it’s been used 10 times ever, of which 2 are obsolete staff-related uses and 2 are abusive

- it adds complexity and undesirable failure modes (especially silently omitting recipients)

- restricted to 10 users and with Bcc-like behavior, its potential uses are limited

Message groups might be a more useful form of this some day.
---
 weasyl/errorcode.py |  2 +-
 weasyl/note.py      | 82 ++++++++++++++++++++++-----------------------
 2 files changed, 41 insertions(+), 43 deletions(-)

diff --git a/weasyl/errorcode.py b/weasyl/errorcode.py
index 1b9627db4..9d1d7c39c 100644
--- a/weasyl/errorcode.py
+++ b/weasyl/errorcode.py
@@ -111,7 +111,7 @@
     "priceidInvalid": "You did not specify a price to edit.",
     "RatingExceeded": rating,
     "ratingInvalid": "The specified rating is invalid.",
-    "recipientExcessive": "You specified too many recipients for this message.",
+    "recipientExcessive": "Private messages can only be sent to one recipient at a time.",
     "recipientInvalid": (
         "Your message could not be delivered because you did not specify any valid recipients. The users "
         "you specified may restrict who can send them private messages, or you might be on their ignore list."),
diff --git a/weasyl/note.py b/weasyl/note.py
index 91c4aee38..97283c854 100644
--- a/weasyl/note.py
+++ b/weasyl/note.py
@@ -180,70 +180,71 @@ def send(userid, form):
     elif len(form.title) > 100:
         raise WeasylError("titleTooLong")
 
-    users = set(d.get_userid_list(form.recipient))
+    recipient_sysnames = d.get_sysname_list(form.recipient)
+    if len(recipient_sysnames) > 1:
+        raise WeasylError("recipientExcessive")
+
+    recipientids = d.get_userids(recipient_sysnames)
+    if not recipientids:
+        raise WeasylError("recipientInvalid")
+
+    [recipientid] = recipientids.values()
+    del recipient_sysnames, recipientids
 
     # can't send a note to yourself
-    users.discard(userid)
+    if recipientid == userid:
+        raise WeasylError("recipientInvalid")
 
     # can't send a note to a user who ignores you
-    users.difference_update(
-        d.column(d.engine.execute("SELECT userid FROM ignoreuser WHERE otherid = %(user)s", user=userid)))
+    if ignoreuser.check(recipientid, userid):
+        raise WeasylError("recipientInvalid")
 
     # can't send a note to an unverified user
-    users.difference_update(
-        d.column(d.engine.execute("SELECT userid FROM login WHERE userid = ANY (%(users)s) AND voucher IS NULL", users=list(users))))
+    if not d.is_vouched_for(recipientid):
+        raise WeasylError("recipientInvalid")
 
     # can't send a note to a user you're ignoring
-    users.difference_update(ignoreuser.cached_list_ignoring(userid))
-
-    if not users:
+    if ignoreuser.check(userid, recipientid):
         raise WeasylError("recipientInvalid")
 
-    configs = d.engine.execute(
-        "SELECT userid, config FROM profile WHERE userid = ANY (%(recipients)s)",
-        recipients=list(users)).fetchall()
-
     if userid not in staff.MODS:
-        ignore_global_restrictions = {i for (i,) in d.engine.execute(
-            "SELECT userid FROM permitted_senders WHERE sender = %(user)s",
-            user=userid)}
+        recipient_config = d.get_config(recipientid)
 
-        remove = (
-            # Staff notes only
-            {j[0] for j in configs if "y" in j[1]} |
-            # Friend notes only
-            {j[0] for j in configs if "z" in j[1] and not frienduser.check(userid, j[0])}
-        )
+        def is_permitted_sender():
+            return d.engine.scalar(
+                "SELECT EXISTS (SELECT FROM permitted_senders WHERE (userid, sender) = (%(recipient)s, %(user)s))",
+                recipient=recipientid,
+                user=userid,
+            )
 
-        users.difference_update(remove - ignore_global_restrictions)
+        # Staff notes only
+        if "y" in recipient_config and not is_permitted_sender():
+            raise WeasylError("recipientInvalid")
 
-    if not users:
-        raise WeasylError("recipientInvalid")
-    elif len(users) > 10:
-        raise WeasylError("recipientExcessive")
+        # Friend notes only
+        if "z" in recipient_config and not frienduser.check(userid, recipientid) and not is_permitted_sender():
+            raise WeasylError("recipientInvalid")
 
     d.engine.execute(
         "INSERT INTO message (userid, otherid, title, content, unixtime)"
-        " SELECT %(sender)s, recipient, %(title)s, %(content)s, %(now)s"
-        " FROM UNNEST (%(recipients)s) AS recipient",
+        " VALUES (%(sender)s, %(recipient)s, %(title)s, %(content)s, %(now)s)",
         sender=userid,
         title=form.title,
         content=form.content,
         now=d.get_time(),
-        recipients=list(users),
+        recipient=recipientid,
     )
 
-    for u in users:
-        d._page_header_info.invalidate(u)
+    d._page_header_info.invalidate(recipientid)
 
     d.engine.execute(
         """
         INSERT INTO permitted_senders (userid, sender)
-            SELECT %(user)s, sender FROM UNNEST (%(recipients)s) AS sender
+            VALUES (%(user)s, %(recipient)s)
             ON CONFLICT (userid, sender) DO NOTHING
         """,
         user=userid,
-        recipients=list(users),
+        recipient=recipientid,
     )
 
     if form.mod_copy and userid in staff.MODS:
@@ -253,18 +254,15 @@ def send(userid, form):
         if form.staff_note:
             mod_content = '%s\n\n%s' % (form.staff_note, mod_content)
         now = arrow.utcnow()
-        mod_copies = []
-        for target in users:
-            mod_copies.append({
+        d.engine.execute(
+            d.meta.tables['comments'].insert()
+            .values({
                 'userid': userid,
-                'target_user': target,
+                'target_user': recipientid,
                 'unixtime': now,
                 'settings': 's',
                 'content': mod_content,
-            })
-        d.engine.execute(
-            d.meta.tables['comments'].insert()
-            .values(mod_copies))
+            }))
 
 
 def remove_list(userid, noteids):

From 5cbc9deb4666e8f883d2e3cc537d62f2f125aa46 Mon Sep 17 00:00:00 2001
From: Charmander <~@charmander.me>
Date: Mon, 28 Oct 2024 19:02:06 -0700
Subject: [PATCH 7/8] Improve private messages list layout
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

An intermediate improvement:

- Position navigation in more sensible places, and indicate current folder

- Indicate when a filter has been applied, and indicate when attempting to filter on nonexistent users (eventual goal: full-text search)

- Include a non-dummy link back to Notes on Compose page

- Add message count to removal button, also helping to indicate what Select All has selected (just the current page)

- Add `<title>`s to pages

- Increase text size (eventual goal: reasonable text size site-wide)

Prerequisite of new staff message functionality, which is a prerequisite of permission expansions for non-vouched-for users.

This doesn’t do much to improve the table on mobile, but I have a potential CSS grid layout in progress for the future.
---
 assets/js/message-list.js                     | 40 ++++++++
 assets/js/scripts.js                          |  6 --
 assets/scss/_theme.scss                       |  1 +
 assets/scss/components/_private-messages.scss | 95 +++++++++++++++++++
 assets/scss/site.scss                         | 33 ++-----
 build.js                                      |  1 +
 weasyl/controllers/interaction.py             | 12 ++-
 weasyl/define.py                              |  8 +-
 weasyl/note.py                                |  3 +
 weasyl/templates/note/compose.html            |  2 +-
 weasyl/templates/note/message_list.html       | 92 ++++++++++++------
 11 files changed, 225 insertions(+), 68 deletions(-)
 create mode 100644 assets/js/message-list.js
 create mode 100644 assets/scss/components/_private-messages.scss

diff --git a/assets/js/message-list.js b/assets/js/message-list.js
new file mode 100644
index 000000000..b82cca280
--- /dev/null
+++ b/assets/js/message-list.js
@@ -0,0 +1,40 @@
+import {byClass, make} from './dom.js';
+
+const notesList = byClass('notes-list');
+const actionRemove = byClass('notes-action-remove');
+const totalCount = document.getElementsByName('notes').length;
+let checkedCount = notesList.querySelectorAll('[name=notes]:checked').length;
+const selectAll = make('input', {
+    type: 'checkbox',
+    title: 'Select all on this page',
+});
+
+const updateSelection = () => {
+    selectAll.checked = checkedCount === totalCount;
+    selectAll.indeterminate = checkedCount > 0 && checkedCount < totalCount;
+    actionRemove.disabled = checkedCount === 0;
+    actionRemove.textContent = `Delete ${checkedCount} selected note${checkedCount === 1 ? '' : 's'}`;
+};
+
+selectAll.addEventListener('change', () => {
+    checkedCount = 0;
+
+    for (const noteSelect of document.getElementsByName('notes')) {
+        checkedCount += (noteSelect.checked = selectAll.checked);
+    }
+
+    updateSelection();
+});
+
+notesList.addEventListener('change', e => {
+    if (e.target.name === 'notes') {
+        checkedCount += e.target.checked ? 1 : -1;
+        updateSelection();
+    }
+});
+
+updateSelection();
+
+if (!byClass('notes-empty')) {
+    byClass('notes-select-all').append(selectAll);
+}
diff --git a/assets/js/scripts.js b/assets/js/scripts.js
index 3c9a2216b..4bc347338 100644
--- a/assets/js/scripts.js
+++ b/assets/js/scripts.js
@@ -188,12 +188,6 @@
         });
 
         // submission notifs buttons
-        $('.selection-toggle').on('click', function (ev) {
-            ev.preventDefault();
-            $(this).closest('form').find('input[type=checkbox]').each(function () {
-                this.checked = !this.checked;
-            }).change();
-        });
         $('.do-check').on('click', function (ev) {
             ev.preventDefault();
             $(this).closest('form').find('input[type=checkbox]').prop('checked', true).change();
diff --git a/assets/scss/_theme.scss b/assets/scss/_theme.scss
index 021473c65..cf96c085e 100644
--- a/assets/scss/_theme.scss
+++ b/assets/scss/_theme.scss
@@ -1 +1,2 @@
 $content-color-lighter: #777;
+$link-color: #336979;
diff --git a/assets/scss/components/_private-messages.scss b/assets/scss/components/_private-messages.scss
new file mode 100644
index 000000000..a4d5cc35a
--- /dev/null
+++ b/assets/scss/components/_private-messages.scss
@@ -0,0 +1,95 @@
+@import '../theme';
+
+.notes-folders {
+    line-height: 1;
+    margin-bottom: 16px;
+
+    > ul {
+        display: flex;
+        flex-wrap: wrap;
+        gap: 8px;
+    }
+
+    li {
+        display: block;
+    }
+
+    a {
+        border-radius: 2px;
+        display: inline-block;
+        padding: 8px;
+    }
+
+    .current {
+        background-color: $link-color;
+        color: white;
+        text-decoration: none;
+    }
+}
+
+.notes-filter {
+    margin-bottom: 16px;
+}
+
+$cell-padding: 4px;
+
+.notes-list > * > * {
+    // allow clicking anywhere on the row, outside a link, to select a message
+    > * > label {
+        display: block;
+        padding: $cell-padding;
+    }
+
+    > th {
+        padding: $cell-padding;
+        text-align: left;
+        vertical-align: bottom;  // ideally, this would be middle-aligned text aligned to the bottom of the cell (for when some other cell's text wraps to multiple lines), but normally the checkbox is close in height, so good enough
+    }
+
+    // checkbox
+    > :nth-child(1) {
+        text-align: center;
+        width: 2em;
+    }
+
+    // message title
+    //
+    // desirable properties:
+    // - [X] no zalgo overflow
+    // - [X] focus ring normal-looking and unclipped
+    // - [X] link area doesn’t include empty space when text wraps
+    // - [ ] link area extends to full height of cell
+    // - [ ] link area exists even when title is zero-sized, e.g. contains no printing characters
+    > :nth-child(2) > label {
+        overflow: hidden;
+    }
+}
+
+.notes-list > tbody > :nth-child(odd) {
+    background-color: rgba(0, 0, 0, 0.05);
+}
+
+.notes-list .unread {
+    font-weight: bold;
+}
+
+.notes-empty {
+    padding: $cell-padding;
+}
+
+#note-content {
+    padding-top: 2em;
+}
+
+#note-content .formatted-content {
+    padding-top: 1.5em;
+}
+
+#notes-content {
+    font-size: 14px;
+    padding-top: 2em;
+}
+
+#notes-content .buttons {
+    padding-top: 1em;
+}
diff --git a/assets/scss/site.scss b/assets/scss/site.scss
index b8827b431..e9d654731 100644
--- a/assets/scss/site.scss
+++ b/assets/scss/site.scss
@@ -3,6 +3,7 @@
 @import 'components/date-picker';
 @import 'components/option';
 @import 'components/page-navigation';
+@import 'components/private-messages';
 @import 'components/text-post-list';
 @import 'components/user-tabs';
 @import 'pages/marketplace';
@@ -110,7 +111,6 @@ i, #header-guest {
 --------------------------------*/
 $color-a: #069bc0;
 $color-b: #8cad47;
-$link-color: #336979;
 
 .color-a, .username, .content .username, .page-title, #header-nav .current,
 #user-nav .current,
@@ -675,7 +675,12 @@ dl + h4, #uc-info {
 
 /* ------------------------------------ =inputs -- */
 
-.button, .stage .content .button {
+// Even when the surrounding text is a different size, keep default button style consistent – extending the existing `<button>` default to `<a class="button">`.
+.button {
+    @extend .typeface-default;
+}
+
+.button, .content .button, .stage .content .button {
     display: inline-block;
     vertical-align: baseline;
     padding: 0.4em 1.2em;
@@ -3896,30 +3901,6 @@ img + #detail-art-text {
     padding-top: 2em;
 }
 
-#note-content {
-    padding-top: 2em;
-}
-
-#note-content .formatted-content {
-    padding-top: 1.5em;
-}
-
-#notes-content {
-    padding-top: 2em;
-}
-
-#notes-content th {
-    text-align: left;
-}
-
-#notes-content .unread {
-    font-weight: bold;
-}
-
-#notes-content .buttons {
-    padding-top: 1em;
-}
-
 /* ------------------------------------ =footer -- */
 
 #footer {
diff --git a/build.js b/build.js
index 1cc141176..84d6151bc 100644
--- a/build.js
+++ b/build.js
@@ -286,6 +286,7 @@ const main = async () => {
         sasscFile('scss/signup.scss', 'css/signup.css', touch, copyImages),
         esbuildFile('js/scripts.js', 'js/scripts.js', touch, {}),
         esbuildFile('js/main.js', 'js/main.js', touch, PRIVATE_FIELDS_ESM),
+        esbuildFile('js/message-list.js', 'js/message-list.js', touch, PRIVATE_FIELDS_ESM),
         esbuildFile('js/tags-edit.js', 'js/tags-edit.js', touch, PRIVATE_FIELDS_ESM),
         esbuildFile('js/flash.js', 'js/flash.js', touch, {
             format: 'esm',
diff --git a/weasyl/controllers/interaction.py b/weasyl/controllers/interaction.py
index 51e84e694..3e296dd39 100644
--- a/weasyl/controllers/interaction.py
+++ b/weasyl/controllers/interaction.py
@@ -118,19 +118,21 @@ def notes_(request):
     if form.folder == "inbox":
         select_list = note.select_inbox
         select_count = note.select_inbox_count
+        title = "Inbox"
     elif form.folder == "outbox":
         select_list = note.select_outbox
         select_count = note.select_outbox_count
+        title = "Sent messages"
     else:
         raise WeasylError("unknownMessageFolder")
 
     backid = int(form.backid) if form.backid else None
     nextid = int(form.nextid) if form.nextid else None
-    filter_ = define.get_userid_list(form.filter)
+    filter_ = define.get_userids(define.get_sysname_list(form.filter))
 
     result = pagination.PaginatedResult(
         select_list, select_count, "noteid", f"/notes?folder={form.folder}&%s",
-        request.userid, filter=filter_,
+        request.userid, filter=list(set(filter_.values())),
         backid=backid,
         nextid=nextid,
         count_limit=note.COUNT_LIMIT,
@@ -138,7 +140,9 @@ def notes_(request):
     return Response(define.webpage(request.userid, "note/message_list.html", (
         form.folder,
         result,
-    )))
+        [(sysname, userid != 0) for sysname, userid in filter_.items()],
+        note.unread_count(request.userid),
+    ), title=title))
 
 
 @login_required
@@ -152,7 +156,7 @@ def notes_compose_get_(request):
         # Recipient
         "; ".join(define.get_sysname_list(form.recipient)),
         profile.select_myself(request.userid),
-    ]))
+    ], title="Compose message"))
 
 
 @login_required
diff --git a/weasyl/define.py b/weasyl/define.py
index 894c8dce0..1e1a3964f 100644
--- a/weasyl/define.py
+++ b/weasyl/define.py
@@ -630,6 +630,11 @@ def posts_count(userid, *, friends: bool):
     return result
 
 
+def private_messages_unread_count(userid: int) -> int:
+    return engine.scalar(
+        "SELECT COUNT(*) FROM message WHERE otherid = %(user)s AND settings ~ 'u'", user=userid)
+
+
 notification_count_time = metrics.CachedMetric(Histogram("weasyl_notification_count_fetch_seconds", "notification counts fetch time", ["cached"]))
 
 
@@ -638,8 +643,7 @@ def posts_count(userid, *, friends: bool):
 @region.cache_on_arguments(expiration_time=180)
 @notification_count_time.uncached
 def _page_header_info(userid):
-    messages = engine.scalar(
-        "SELECT COUNT(*) FROM message WHERE otherid = %(user)s AND settings ~ 'u'", user=userid)
+    messages = private_messages_unread_count(userid)
     result = [messages, 0, 0, 0, 0]
 
     counts = engine.execute(
diff --git a/weasyl/note.py b/weasyl/note.py
index 97283c854..ae238c811 100644
--- a/weasyl/note.py
+++ b/weasyl/note.py
@@ -282,3 +282,6 @@ def remove_list(userid, noteids):
         user=userid,
         ids=noteids,
     )
+
+
+unread_count = d.private_messages_unread_count
diff --git a/weasyl/templates/note/compose.html b/weasyl/templates/note/compose.html
index 8891ef45a..3909afcde 100644
--- a/weasyl/templates/note/compose.html
+++ b/weasyl/templates/note/compose.html
@@ -1,5 +1,5 @@
 $def with (recipient, myself)
-$:{RENDER("common/stage_title.html", ["Compose", "Notes", 0])}
+$:{RENDER("common/stage_title.html", ["Compose", "Notes", "/notes"])}
 
 <div id="notes_compose_content" class="content">
   <form name="notescompose" action="/notes/compose" method="post" class="form wide clear">
diff --git a/weasyl/templates/note/message_list.html b/weasyl/templates/note/message_list.html
index 88754aef4..64aa3410a 100644
--- a/weasyl/templates/note/message_list.html
+++ b/weasyl/templates/note/message_list.html
@@ -1,20 +1,51 @@
-$def with (folder, result)
+$def with (folder, result, filter_usernames, inbox_unread)
 $code:
-  username_key, userid_key, title, table_header = {
-    'inbox': ('sendername', 'senderid', 'Inbox', 'Sender'),
-    'outbox': ('recipientname', 'recipientid', 'Outbox', 'Recipient'),
+  username_key, userid_key, table_header, filter_rel = {
+    'inbox': ('sendername', 'senderid', 'Sender', 'from'),
+    'outbox': ('recipientname', 'recipientid', 'Recipient', 'to'),
   }[folder]
 
-$:{RENDER("common/stage_title.html", [title, "Notes", 0])}
+  def _CURRENT(context_folder):
+    return ' class="current"' if folder == context_folder else ''
 
 <div id="notes-content" class="content">
+  <nav class="notes-folders">
+    <ul>
+      <li><a$:{_CURRENT('inbox')} href="/notes?folder=inbox">Inbox (${inbox_unread})</a></li>
+      <li><a$:{_CURRENT('outbox')} href="/notes?folder=outbox">Sent</a></li>
+      <li><a$:{_CURRENT('compose')} href="/notes/compose">Compose</a></li>
+    </ul>
+  </nav>
+
+  <search class="notes-filter">
+    $if filter_usernames:
+      Showing messages ${filter_rel}
+      $for username, exists in filter_usernames:
+        $ separator = '.' if loop.last else ' or '
+        $if exists:
+          <a href="/~${LOGIN(username)}">${username}</a>${separator}
+        $else:
+          <b>${username}</b> (no such user)${separator}
+
+      <a class="button" href="/notes?folder=${folder}">Reset filter</a>
+    $else:
+      <form action="/notes">
+        <input type="hidden" name="folder" value="${folder}" />
+        <input type="search" name="filter" class="input" />
+        <button class="button">Show messages ${filter_rel} user</button>
+      </form>
+  </search>
+
   <form action="/notes/remove" method="post" data-confirm="Are you sure you want to remove the selected messages?">
     <input type="hidden" name="folder" value="${folder}" />
 
-    <table>
+    $# disable implicit submission of this form: https://html.spec.whatwg.org/multipage/form-control-infrastructure.html#implicit-submission
+    <button hidden disabled>Do nothing</button>
+
+    <table class="notes-list">
       <thead>
         <tr>
-          <th style="width:2em;"></th>
+          <th class="notes-select-all"></th>
           <th>Message Title</th>
           <th>${table_header}</th>
           <th>Time</th>
@@ -31,21 +62,33 @@
             $ unread = folder == 'inbox' and note['unread']
 
             <tr>
-              <td><input type="checkbox" name="notes" value="${noteid}" /></td>
               <td>
-                <a href="/note?noteid=${noteid}"
-                  $if unread:
-                    class="unread"
-                  >${title}</a>
+                <label>
+                  <input id="select-note-${noteid}" type="checkbox" name="notes" value="${noteid}" />
+                </label>
               </td>
               <td>
-                <a href="/~${LOGIN(username)}">${username}</a>
+                <label for="select-note-${noteid}">
+                  <a href="/note?noteid=${noteid}"
+                    $if unread:
+                      class="unread"
+                    >${title}</a>
+                </label>
+              </td>
+              <td>
+                <label for="select-note-${noteid}">
+                  <a href="/~${LOGIN(username)}">${username}</a>
 
-                $ user_type = USER_TYPE(note[userid_key])
-                $if user_type:
-                  <strong class="user-type-${user_type}">(${user_type})</strong>
+                  $ user_type = USER_TYPE(note[userid_key])
+                  $if user_type:
+                    <strong class="user-type-${user_type}">(${user_type})</strong>
+                </label>
+              </td>
+              <td>
+                <label for="select-note-${noteid}">
+                  $:{LOCAL_TIME(unixtime, '{date} {time}')}
+                </label>
               </td>
-              <td>$:{LOCAL_TIME(unixtime, '{date} {time}')}</td>
             </tr>
         $else:
           <tr>
@@ -60,19 +103,10 @@
         $:{COMPILE("common/page_navigation.html")(result, layout="pages-layout-left")}
 
       <span style="float:right;">
-        <button type="button" class="button needs-js selection-toggle">Invert Selection</button>
-        <button class="button negative">Remove Selected</button>
-        <a class="button" href="/notes?folder=inbox">Inbox</a>
-        <a class="button" href="/notes?folder=outbox">Outbox</a>
-        <a class="button" href="/notes/compose">Compose</a>
+        <button class="button negative notes-action-remove">Delete selected notes</button>
       </span>
     </div>
   </form>
-  <div style="padding-top:1em;text-align:right;">
-    <form action="/notes">
-      <input type="hidden" name="folder" value="${folder}" />
-      <input type="text" name="filter" class="input" style="width:200px;" />
-      <button type="submit" class="button">Show Messages ${'From' if folder == 'inbox' else 'To'} User</button>
-    </form>
-  </div>
+
+  <script type="module" src="${resource_path('js/message-list.js')}"></script>
 </div>

From a1c86e59f91f80e29d5400bb0af0c4dffb8a1e9c Mon Sep 17 00:00:00 2001
From: Charmander <~@charmander.me>
Date: Wed, 30 Oct 2024 04:53:25 -0700
Subject: [PATCH 8/8] Redact more secrets when logging requests
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

We don’t use Sentry or CSRF tokens anymore. For the stdout logging that’s now in place:

- `webob._parsed_cookies` is removed before logging
- [2022-06-11 :/Buffer request bodies in memory only, never to disk] prevents `webob._parsed_post_vars` from being created at all and request bodies aren’t otherwise logged
- `HTTP_COOKIE` is stripped

Fixes #245.
---
 weasyl/middleware.py | 22 ++++++++++++++++++++--
 1 file changed, 20 insertions(+), 2 deletions(-)

diff --git a/weasyl/middleware.py b/weasyl/middleware.py
index 71d47a290..2bec5f52b 100644
--- a/weasyl/middleware.py
+++ b/weasyl/middleware.py
@@ -398,6 +398,11 @@ def web_input_request_method(request, *required, **kwargs):
     return storify(request.params.mixed(), *required, **kwargs)
 
 
+def _redact_match(match):
+    prefix, secret = match.groups()
+    return "%s[%d redacted]" % (prefix, len(secret))
+
+
 def _log_request(request, *, request_id=None):
     env = {}
 
@@ -415,9 +420,22 @@ def _log_request(request, *, request_id=None):
     # don't log session cookies
     if "HTTP_COOKIE" in env:
         env["HTTP_COOKIE"] = re.sub(
-            r'(WZL="?)([^";]+)',
-            lambda match: match.group(1) + "*" * len(match.group(2)),
+            r'(WZL="?)([\w\-]+)',
+            _redact_match,
             env["HTTP_COOKIE"],
+            re.ASCII,
+        )
+
+    # don't log API keys or OAuth tokens
+    if "HTTP_X_WEASYL_API_KEY" in env:
+        env["HTTP_X_WEASYL_API_KEY"] = "[%d redacted]" % (len(env["HTTP_X_WEASYL_API_KEY"]),)
+
+    if "HTTP_AUTHORIZATION" in env:
+        env["HTTP_AUTHORIZATION"] = re.sub(
+            r'((?:Bearer )?)([\w\-]+)',
+            _redact_match,
+            env["HTTP_AUTHORIZATION"],
+            re.ASCII,
         )
 
     print(repr(env))