Skip to content

Implement all improvements: utils, dry-run, CSRF, datetime, docs#37

Merged
DaLuSt merged 2 commits intomainfrom
claude/add-claude-documentation-7Wp79
Feb 28, 2026
Merged

Implement all improvements: utils, dry-run, CSRF, datetime, docs#37
DaLuSt merged 2 commits intomainfrom
claude/add-claude-documentation-7Wp79

Conversation

@DaLuSt
Copy link
Copy Markdown
Owner

@DaLuSt DaLuSt commented Feb 28, 2026

Shared utilities (utils.py)

  • Extract _with_retry, get_reddit_credentials, confirm_and_run, initialize_reddit, and get_days_old into utils.py so both CLI scripts and the web app import a single, maintained copy
  • Fix initialize_reddit to catch prawcore.exceptions.OAuthException and ResponseException in addition to praw.exceptions.APIException so bad-credential errors are always handled cleanly

CLI scripts (commentCleaner.py, PostCleaner.py)

  • Add --dry-run flag (argparse) to preview deletions without changes
  • Add per-item progress counter (\r Scanning… N items fetched)
  • Open the log file once per function call instead of once per deletion
  • Replace deprecated datetime.utcnow() / utcfromtimestamp() with timezone-aware datetime.now(timezone.utc) / fromtimestamp(..., tz=utc)
  • Mode 1 (delete_old_comments): add past_cutoff flag to skip the age check for every item once the sorted stream crosses the threshold
  • Wrap edit/delete calls with _with_retry for rate-limit resilience
  • Add prawcore.exceptions.TooManyRequests to exception handlers

Web app (web/app.py, index.html, dashboard.html)

  • Add CSRF protection via flask-wtf CSRFProtect; login form includes hidden csrf_token field; dashboard fetch sends X-CSRFToken header read from tag
  • Fix debug=True hardcoded; now reads FLASK_DEBUG env var
  • Replace bare except Exception with specific PRAW/prawcore exceptions in /login and /api/delete to avoid masking unexpected errors
  • Import _with_retry from utils; wrap all edit/delete calls
  • Open comment and post log files once per /api/delete request
  • All datetime calls now timezone-aware (timezone.utc)

Requirements

  • Pin version ranges in requirements.txt, web/requirements.txt, and tests/requirements.txt (e.g. praw>=7.6,<8, flask>=2.3,<4)
  • Add flask-wtf>=1.1,<2 to web/requirements.txt

Documentation (CLAUDE.md, README.md, SECURITY.md)

  • CLAUDE.md: add utils.py, android/, scripts/ to structure table; add sections for each; correct "No test suite" → "Test suite: tests/"; document --dry-run, FLASK_DEBUG, CSRF architecture, timezone convention
  • README.md: add Android app section with quick-start; add backfill script section; add --dry-run note to CLI section; update output-file format description to reflect JSON-lines format
  • SECURITY.md: update supported versions table to v1.8; expand reporting guidance; describe attack surface for each component

https://claude.ai/code/session_014HLhrFtCVRFnEyfRexiy3d

@claude
Implement all improvements: utils, dry-run, CSRF, datetime, docs
62a80f8 
Shared utilities (utils.py)
- Extract _with_retry, get_reddit_credentials, confirm_and_run,
  initialize_reddit, and get_days_old into utils.py so both CLI scripts
  and the web app import a single, maintained copy
- Fix initialize_reddit to catch prawcore.exceptions.OAuthException and
  ResponseException in addition to praw.exceptions.APIException so
  bad-credential errors are always handled cleanly

CLI scripts (commentCleaner.py, PostCleaner.py)
- Add --dry-run flag (argparse) to preview deletions without changes
- Add per-item progress counter (\r  Scanning… N items fetched)
- Open the log file once per function call instead of once per deletion
- Replace deprecated datetime.utcnow() / utcfromtimestamp() with
  timezone-aware datetime.now(timezone.utc) / fromtimestamp(..., tz=utc)
- Mode 1 (delete_old_comments): add past_cutoff flag to skip the age
  check for every item once the sorted stream crosses the threshold
- Wrap edit/delete calls with _with_retry for rate-limit resilience
- Add prawcore.exceptions.TooManyRequests to exception handlers

Web app (web/app.py, index.html, dashboard.html)
- Add CSRF protection via flask-wtf CSRFProtect; login form includes
  hidden csrf_token field; dashboard fetch sends X-CSRFToken header
  read from <meta name="csrf-token"> tag
- Fix debug=True hardcoded; now reads FLASK_DEBUG env var
- Replace bare except Exception with specific PRAW/prawcore exceptions
  in /login and /api/delete to avoid masking unexpected errors
- Import _with_retry from utils; wrap all edit/delete calls
- Open comment and post log files once per /api/delete request
- All datetime calls now timezone-aware (timezone.utc)

Requirements
- Pin version ranges in requirements.txt, web/requirements.txt, and
  tests/requirements.txt (e.g. praw>=7.6,<8, flask>=2.3,<4)
- Add flask-wtf>=1.1,<2 to web/requirements.txt

Documentation (CLAUDE.md, README.md, SECURITY.md)
- CLAUDE.md: add utils.py, android/, scripts/ to structure table; add
  sections for each; correct "No test suite" → "Test suite: tests/";
  document --dry-run, FLASK_DEBUG, CSRF architecture, timezone convention
- README.md: add Android app section with quick-start; add backfill
  script section; add --dry-run note to CLI section; update output-file
  format description to reflect JSON-lines format
- SECURITY.md: update supported versions table to v1.8; expand
  reporting guidance; describe attack surface for each component

https://claude.ai/code/session_014HLhrFtCVRFnEyfRexiy3d
@claude
Merge origin/main — resolve conflicts in favour of our improvements
74a85ad 
Both sides added _with_retry / helper functions to the three conflicting
files; our branch extracts them to utils.py (single source of truth)
while main added them inline.  Conflicts resolved by keeping our
version in all three files:

- commentCleaner.py: keep utils imports, timezone-aware datetimes,
  dry-run, progress counter, past_cutoff optimisation, print("\n  …")
  with newline prefix on error messages
- PostCleaner.py: same approach — utils imports, dry-run, progress,
  newline-prefixed messages, no inline _RETRY_WAIT / _with_retry
- web/app.py: keep `from datetime import datetime, timezone`,
  utils import for _with_retry, log-once-per-request pattern,
  specific PRAW exception handlers (not bare Exception)

weekly_cleanup.py auto-merged cleanly from main (no conflict).

https://claude.ai/code/session_014HLhrFtCVRFnEyfRexiy3d
@DaLuSt DaLuSt merged commit d277601 into main Feb 28, 2026
0 of 4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DaLuSt @claude