moritz/lazyflat
1
0
Fork 0
Code Issues 3 Pull requests Projects Releases Packages Wiki Activity Actions

cleanup: drop coord backfill, drop transit overlay, block PM autofill

Browse source 
- Remove the admin "Koordinaten nachladen" button, /actions/backfill-coords
  endpoint, geocode.py, googlemaps dep, GMAPS_API_KEY plumbing in the web
  service, and the map diagnostic line. Going-forward geocoding happens in
  alert on scrape; upsert_flat backfill on re-submit remains for edge cases
- Remove the OpenRailwayMap transit overlay (visually noisy); keep CartoDB
  Voyager as the sole basemap
- Profile + notifications forms get autocomplete="off" + data-lpignore +
  data-1p-ignore at form and field level to keep password managers from
  popping open on /einstellungen; immomio_password uses autocomplete=new-password

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
EiSiMo 2026-04-21 13:55:24 +02:00
parent ceb2486f35
commit 7f7cbb5b1f
10 changed files with 20 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docker-compose.yml
View file

@ -28,7 +28,6 @@ services:
- SMTP_PASSWORD=${SMTP_PASSWORD:-}
- SMTP_FROM=${SMTP_FROM:-lazyflat@localhost}
- SMTP_STARTTLS=${SMTP_STARTTLS:-true}
- GMAPS_API_KEY=${GMAPS_API_KEY:-}
volumes:
- lazyflat_data:/data
expose:

38
web/app.py
View file

@ -33,7 +33,6 @@ except Exception:
BERLIN_TZ = timezone.utc
import db
import geocode
import notifications
import retention
from apply_client import ApplyClient, _row_to_profile
@ -135,9 +134,7 @@ async def security_headers(request: Request, call_next):
"script-src 'self' https://cdn.tailwindcss.com https://unpkg.com; "
"style-src 'self' https://cdn.tailwindcss.com https://unpkg.com 'unsafe-inline'; "
"img-src 'self' data: "
"https://*.tile.openstreetmap.org https://tile.openstreetmap.org "
"https://*.basemaps.cartocdn.com https://basemaps.cartocdn.com "
"https://*.tiles.openrailwaymap.org https://tiles.openrailwaymap.org "
"https://unpkg.com; "
"connect-src 'self'; frame-ancestors 'none';"
)
@ -406,12 +403,6 @@ def _wohnungen_context(user) -> dict:
flats_view.append({"row": f, "last": last})
rejected_view = db.rejected_flats(uid)
matched_count = len(flats_view)
matched_with_coords = sum(
1 for item in flats_view
if item["row"]["lat"] is not None and item["row"]["lng"] is not None
)
matched_without_coords = matched_count - matched_with_coords
allowed, reason = _manual_apply_allowed()
alert_label, alert_chip = _alert_status(notif_row)
@ -433,10 +424,6 @@ def _wohnungen_context(user) -> dict:
"flats": flats_view,
"rejected_flats": rejected_view,
"map_points": map_points,
"map_matched_total": matched_count,
"map_matched_with_coords": matched_with_coords,
"map_matched_without_coords": matched_without_coords,
"gmaps_available": bool(geocode._get_client() is not None),
"has_filters": _has_filters(filters_row),
"alert_label": alert_label,
"alert_chip": alert_chip,
@ -562,31 +549,6 @@ async def action_reject(
return _wohnungen_partial_or_redirect(request, user)
@app.post("/actions/backfill-coords")
async def action_backfill_coords(
request: Request,
csrf: str = Form(...),
admin=Depends(require_admin),
):
require_csrf(admin["id"], csrf)
rows = db.flats_missing_coords(limit=500)
total = len(rows)
resolved = 0
skipped = 0
for row in rows:
coords = geocode.geocode(row["address"])
if coords is None:
skipped += 1
continue
db.set_flat_coords(row["id"], coords[0], coords[1])
resolved += 1
summary = f"{resolved}/{total} geocoded, {skipped} übersprungen"
logger.info("coord backfill: %s", summary)
db.log_audit(admin["username"], "coords.backfill", summary,
user_id=admin["id"], ip=client_ip(request))
return _wohnungen_partial_or_redirect(request, admin)
@app.post("/actions/unreject")
async def action_unreject(
request: Request,

29
web/db.py
View file

@ -439,35 +439,6 @@ def get_flat(flat_id: str) -> Optional[sqlite3.Row]:
return _conn.execute("SELECT * FROM flats WHERE id = ?", (flat_id,)).fetchone()
def flats_missing_coords(limit: int = 500) -> list[sqlite3.Row]:
return list(_conn.execute(
"""SELECT id, address FROM flats
WHERE (lat IS NULL OR lng IS NULL) AND address IS NOT NULL AND address != ''
ORDER BY discovered_at DESC LIMIT ?""",
(limit,),
).fetchall())
def set_flat_coords(flat_id: str, lat: float, lng: float) -> None:
with _lock:
_conn.execute(
"UPDATE flats SET lat = ?, lng = ? WHERE id = ?",
(lat, lng, flat_id),
)
def count_flats_coords() -> tuple[int, int]:
"""Return (total_flats, with_coords)."""
row = _conn.execute(
"SELECT COUNT(*) AS total, "
" SUM(CASE WHEN lat IS NOT NULL AND lng IS NOT NULL THEN 1 ELSE 0 END) AS geo "
"FROM flats"
).fetchone()
total = int(row["total"] or 0)
geo = int(row["geo"] or 0)
return total, geo
# ---------------------------------------------------------------------------
# Applications
# ---------------------------------------------------------------------------

46
web/geocode.py
View file

@ -1,46 +0,0 @@
"""Thin Google-Maps geocoding wrapper used only for the admin coord backfill.
Runtime geocoding during scraping happens in the alert service. This module
exists so the web service can lazy-fix flats that were scraped before the
lat/lng migration (or where the alert run skipped geocoding).
"""
import logging
from typing import Optional
from settings import GMAPS_API_KEY
logger = logging.getLogger("web.geocode")
_client = None
def _get_client():
global _client
if _client is not None:
return _client
if not GMAPS_API_KEY:
return None
try:
import googlemaps
_client = googlemaps.Client(key=GMAPS_API_KEY)
return _client
except Exception as e:
logger.warning("googlemaps client init failed: %s", e)
return None
def geocode(address: str) -> Optional[tuple[float, float]]:
if not address:
return None
gm = _get_client()
if gm is None:
return None
try:
res = gm.geocode(f"{address}, Berlin, Germany")
if not res:
return None
loc = res[0]["geometry"]["location"]
return float(loc["lat"]), float(loc["lng"])
except Exception as e:
logger.warning("geocode failed for %r: %s", address, e)
return None

1
web/requirements.txt
View file

@ -6,4 +6,3 @@ itsdangerous==2.2.0
python-multipart==0.0.17
python-dotenv==1.0.1
requests==2.32.5
googlemaps==4.10.0

3
web/settings.py
View file

@ -63,6 +63,3 @@ SMTP_STARTTLS: bool = getenv("SMTP_STARTTLS", "true").lower() in ("true", "1", "
# --- App URL (used to build links in notifications) ---------------------------
PUBLIC_URL: str = getenv("PUBLIC_URL", "https://flat.lab.moritz.run")
# --- Google Maps (used for one-shot coord backfill via admin action) ----------
GMAPS_API_KEY: str = getenv("GMAPS_API_KEY", "")

7
web/static/map.js
View file

@ -79,13 +79,6 @@ function buildMap(el) {
subdomains: "abcd",
maxZoom: 19,
}).addTo(mapInstance);
// Transit overlay — OpenRailwayMap highlights S-/U-/Tram-Linien.
L.tileLayer("https://{s}.tiles.openrailwaymap.org/standard/{z}/{x}/{y}.png", {
attribution: "© OpenRailwayMap",
subdomains: "abc",
maxZoom: 19,
opacity: 0.75,
}).addTo(mapInstance);
markerLayer = L.layerGroup().addTo(mapInstance);
}

8
web/templates/_settings_notifications.html
View file

@ -3,7 +3,8 @@
Wähle einen Kanal und entscheide, welche Events dich erreichen sollen.
</p>
<form method="post" action="/actions/notifications" class="space-y-4 max-w-xl">
<form method="post" action="/actions/notifications" class="space-y-4 max-w-xl"
autocomplete="off" data-lpignore="true" data-1p-ignore data-form-type="other">
<input type="hidden" name="csrf" value="{{ csrf }}">
<div>
@ -17,12 +18,13 @@
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">Telegram Bot-Token</label>
<input class="input" name="telegram_bot_token" value="{{ notifications.telegram_bot_token }}"
placeholder="123456:ABC...">
placeholder="123456:ABC..." autocomplete="off" data-lpignore="true" data-1p-ignore>
<p class="text-xs text-slate-500 mt-1">Bot bei @BotFather anlegen, Token hier eintragen.</p>
</div>
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">Telegram Chat-ID</label>
<input class="input" name="telegram_chat_id" value="{{ notifications.telegram_chat_id }}" placeholder="987654321">
<input class="input" name="telegram_chat_id" value="{{ notifications.telegram_chat_id }}"
placeholder="987654321" autocomplete="off" data-lpignore="true" data-1p-ignore>
</div>
<div class="border-t border-soft pt-4 space-y-2">

25
web/templates/_settings_profil.html
View file

@ -1,6 +1,7 @@
<h2 class="font-semibold mb-4">Bewerbungsdaten</h2>
<form method="post" action="/actions/profile" class="grid grid-cols-1 md:grid-cols-2 gap-4">
<form method="post" action="/actions/profile" class="grid grid-cols-1 md:grid-cols-2 gap-4"
autocomplete="off" data-lpignore="true" data-1p-ignore data-form-type="other">
<input type="hidden" name="csrf" value="{{ csrf }}">
<div>
@ -15,38 +16,38 @@
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">Vorname</label>
<input class="input" name="firstname" value="{{ profile.firstname }}">
<input class="input" name="firstname" value="{{ profile.firstname }}" autocomplete="off" data-lpignore="true" data-1p-ignore>
</div>
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">Nachname</label>
<input class="input" name="lastname" value="{{ profile.lastname }}">
<input class="input" name="lastname" value="{{ profile.lastname }}" autocomplete="off" data-lpignore="true" data-1p-ignore>
</div>
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">E-Mail</label>
<input class="input" type="email" name="email" value="{{ profile.email }}">
<input class="input" type="email" name="email" value="{{ profile.email }}" autocomplete="off" data-lpignore="true" data-1p-ignore>
</div>
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">Telefon</label>
<input class="input" name="telephone" value="{{ profile.telephone }}">
<input class="input" name="telephone" value="{{ profile.telephone }}" autocomplete="off" data-lpignore="true" data-1p-ignore>
</div>
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">Straße</label>
<input class="input" name="street" value="{{ profile.street }}">
<input class="input" name="street" value="{{ profile.street }}" autocomplete="off" data-lpignore="true" data-1p-ignore>
</div>
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">Hausnummer</label>
<input class="input" name="house_number" value="{{ profile.house_number }}">
<input class="input" name="house_number" value="{{ profile.house_number }}" autocomplete="off" data-lpignore="true" data-1p-ignore>
</div>
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">PLZ</label>
<input class="input" name="postcode" value="{{ profile.postcode }}">
<input class="input" name="postcode" value="{{ profile.postcode }}" autocomplete="off" data-lpignore="true" data-1p-ignore>
</div>
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">Stadt</label>
<input class="input" name="city" value="{{ profile.city }}">
<input class="input" name="city" value="{{ profile.city }}" autocomplete="off" data-lpignore="true" data-1p-ignore>
</div>
<div class="col-span-1 md:col-span-2 mt-4 border-t border-soft pt-4">
@ -94,11 +95,13 @@
</div>
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">Immomio-Email</label>
<input class="input" type="email" name="immomio_email" value="{{ profile.immomio_email }}">
<input class="input" type="email" name="immomio_email" value="{{ profile.immomio_email }}" autocomplete="off" data-lpignore="true" data-1p-ignore>
</div>
<div>
<label class="block text-xs uppercase text-slate-500 mb-1">Immomio-Passwort</label>
<input class="input" type="password" name="immomio_password" value="{{ profile.immomio_password }}" placeholder="(unverändert lassen = leer)">
<input class="input" type="password" name="immomio_password" value="{{ profile.immomio_password }}"
placeholder="(unverändert lassen = leer)"
autocomplete="new-password" data-lpignore="true" data-1p-ignore>
</div>
<div class="col-span-1 md:col-span-2">

21
web/templates/_wohnungen_body.html
View file

@ -97,26 +97,7 @@
</section>
<!-- Karte (Leaflet-Container bleibt über HTMX-Swaps hinweg erhalten) -->
<section class="view-map space-y-2">
<div class="card p-3 text-xs text-slate-600 flex items-center justify-between gap-3 flex-wrap">
<div>
{{ map_matched_with_coords }} / {{ map_matched_total }} passende Wohnungen mit Koordinaten
{% if map_matched_without_coords %}
· <span class="chip chip-warn">{{ map_matched_without_coords }} ohne Koordinaten</span>
{% endif %}
</div>
{% if is_admin and map_matched_without_coords %}
<form method="post" action="/actions/backfill-coords"
hx-post="/actions/backfill-coords" hx-target="#wohnungen-body" hx-swap="outerHTML">
<input type="hidden" name="csrf" value="{{ csrf }}">
<button class="btn btn-ghost text-xs" type="submit"
{% if not gmaps_available %}disabled title="GMAPS_API_KEY fehlt"{% endif %}
hx-confirm="Fehlende Koordinaten jetzt über Google Maps nachladen?">
Koordinaten nachladen
</button>
</form>
{% endif %}
</div>
<section class="view-map">
<div class="card p-3">
<div id="flats-map" hx-preserve="true"></div>
</div>