From 9b614bc92286827479df0de0c231498eb8d48c16 Mon Sep 17 00:00:00 2001 From: Dami Date: Fri, 7 Aug 2020 00:05:43 -0600 Subject: [PATCH 01/26] Fix removal of query parameters on youtube embed links This uses go's html and url parser plus regex, instead of using only a single regex for simplicity sake. A single regex expression might be error prone, for example, when trying to matching html entities. Fixes #328 --- postrender.go | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/postrender.go b/postrender.go index f917b6e..ff06b11 100644 --- a/postrender.go +++ b/postrender.go @@ -16,6 +16,7 @@ import ( "html" "html/template" "net/http" + "net/url" "regexp" "strings" "unicode" @@ -73,6 +74,25 @@ func applyMarkdown(data []byte, baseURL string, cfg *config.Config) string { return applyMarkdownSpecial(data, false, baseURL, cfg) } +func disableYoutubeAutoplay(outHTML string) string { + for _, match := range youtubeReg.FindAllString(outHTML, -1) { + u, err := url.Parse(match) + if err != nil { + log.Error("Couldn't parse youtube url: %v", err) + } + u.RawQuery = html.UnescapeString(u.RawQuery) + q := u.Query() + // Set Youtube autoplay url parameter, if any, to 0 + if len(q["autoplay"]) == 1 { + q.Set("autoplay", "0") + } + u.RawQuery = q.Encode() + clean_url := u.String() + outHTML = strings.Replace(outHTML, match, clean_url, 1) + } + return outHTML +} + func applyMarkdownSpecial(data []byte, skipNoFollow bool, baseURL string, cfg *config.Config) string { mdExtensions := 0 | blackfriday.EXTENSION_TABLES | @@ -108,10 +128,7 @@ func applyMarkdownSpecial(data []byte, skipNoFollow bool, baseURL string, cfg *c // Strip newlines on certain block elements that render with them outHTML = blockReg.ReplaceAllString(outHTML, "<$1>") outHTML = endBlockReg.ReplaceAllString(outHTML, "") - // Remove all query parameters on YouTube embed links - // TODO: make this more specific. Taking the nuclear approach here to strip ?autoplay=1 - outHTML = youtubeReg.ReplaceAllString(outHTML, "$1") - + outHTML = disableYoutubeAutoplay(outHTML) return outHTML } From 13eb51913e24ed00e647c89be1a35e035192c194 Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Wed, 19 Aug 2020 09:28:44 -0400 Subject: [PATCH 02/26] Support Web Monetization via backend attribute This supports a new `monetization_pointer` collection attribute. When present, we include the `monetization` meta tag on all collection pages. --- collections.go | 3 +++ database.go | 22 ++++++++++++++++++++++ posts.go | 2 ++ templates/chorus-collection-post.tmpl | 1 + templates/chorus-collection.tmpl | 1 + templates/collection-post.tmpl | 1 + templates/collection-tags.tmpl | 1 + templates/collection.tmpl | 1 + templates/include/post-render.tmpl | 6 ++++++ 9 files changed, 38 insertions(+) diff --git a/collections.go b/collections.go index edde677..ae75729 100644 --- a/collections.go +++ b/collections.go @@ -552,6 +552,7 @@ type CollectionPage struct { IsOwner bool CanPin bool Username string + Monetization string Collections *[]Collection PinnedPosts *[]PublicPost IsAdmin bool @@ -829,6 +830,7 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro // Add more data // TODO: fix this mess of collections inside collections displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, isOwner) + displayPage.Monetization = app.db.GetCollectionAttribute(coll.ID, "monetization_pointer") collTmpl := "collection" if app.cfg.App.Chorus { @@ -947,6 +949,7 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e // Add more data // TODO: fix this mess of collections inside collections displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, isOwner) + displayPage.Monetization = app.db.GetCollectionAttribute(coll.ID, "monetization_pointer") err = templates["collection-tags"].ExecuteTemplate(w, "collection-tags", displayPage) if err != nil { diff --git a/database.go b/database.go index c764340..a8feb8a 100644 --- a/database.go +++ b/database.go @@ -2162,6 +2162,28 @@ func (db *datastore) CollectionHasAttribute(id int64, attr string) bool { return true } +func (db *datastore) GetCollectionAttribute(id int64, attr string) string { + var v string + err := db.QueryRow("SELECT value FROM collectionattributes WHERE collection_id = ? AND attribute = ?", id, attr).Scan(&v) + switch { + case err == sql.ErrNoRows: + return "" + case err != nil: + log.Error("Couldn't SELECT value in getCollectionAttribute for attribute '%s': %v", attr, err) + return "" + } + return v +} + +func (db *datastore) SetCollectionAttribute(id int64, attr, v string) error { + _, err := db.Exec("INSERT INTO collectionattributes (collection_id, attribute, value) VALUES (?, ?, ?)", id, attr, v) + if err != nil { + log.Error("Unable to INSERT into collectionattributes: %v", err) + return err + } + return nil +} + // DeleteAccount will delete the entire account for userID func (db *datastore) DeleteAccount(userID int64) error { // Get all collections diff --git a/posts.go b/posts.go index 4c8c76e..8d60650 100644 --- a/posts.go +++ b/posts.go @@ -1476,6 +1476,7 @@ Are you sure it was ever here?`, IsOwner bool IsPinned bool IsCustomDomain bool + Monetization string PinnedPosts *[]PublicPost IsFound bool IsAdmin bool @@ -1493,6 +1494,7 @@ Are you sure it was ever here?`, tp.CanInvite = canUserInvite(app.cfg, tp.IsAdmin) tp.PinnedPosts, _ = app.db.GetPinnedPosts(coll, p.IsOwner) tp.IsPinned = len(*tp.PinnedPosts) > 0 && PostsContains(tp.PinnedPosts, p) + tp.Monetization = app.db.GetCollectionAttribute(coll.ID, "monetization_pointer") if !postFound { w.WriteHeader(http.StatusNotFound) diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl index dcea457..22f2d8f 100644 --- a/templates/chorus-collection-post.tmpl +++ b/templates/chorus-collection-post.tmpl @@ -29,6 +29,7 @@ {{range .Images}}{{else}}{{end}} + {{template "collection-meta" .}} {{if .Collection.StyleSheet}}{{end}} {{end}} {{end}} {{if .Collection.RenderMathJax}} diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl index b7c92c8..e2f8962 100644 --- a/templates/collection-tags.tmpl +++ b/templates/collection-tags.tmpl @@ -29,6 +29,7 @@ + {{template "collection-meta" .}} {{if .Collection.StyleSheet}}{{end}} {{if .Collection.RenderMathJax}} diff --git a/templates/collection.tmpl b/templates/collection.tmpl index d39c58c..42664e7 100644 --- a/templates/collection.tmpl +++ b/templates/collection.tmpl @@ -27,6 +27,7 @@ + {{template "collection-meta" .}} {{if .StyleSheet}}{{end}} {{if .RenderMathJax}} diff --git a/templates/include/post-render.tmpl b/templates/include/post-render.tmpl index 81fd33e..c4ed082 100644 --- a/templates/include/post-render.tmpl +++ b/templates/include/post-render.tmpl @@ -1,4 +1,10 @@ +{{define "collection-meta"}} + {{if .Monetization -}} + + {{- end}} +{{end}} + {{define "highlighting"}} {{template "footer" .}} From 75a79d49bdcfd866e8c1942551f1a03f2831ce8f Mon Sep 17 00:00:00 2001 From: Colin Axner Date: Fri, 25 Sep 2020 16:07:30 +0200 Subject: [PATCH 14/26] remove unnecessary var Remove createdWithPass var in account.go along with impossible if statement --- account.go | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/account.go b/account.go index ba013c2..b7343df 100644 --- a/account.go +++ b/account.go @@ -151,8 +151,6 @@ func signupWithRegistration(app *App, signup userRegistration, w http.ResponseWr } // Handle empty optional params - // TODO: remove this var - createdWithPass := true hashedPass, err := auth.HashPass([]byte(signup.Pass)) if err != nil { return nil, impart.HTTPError{http.StatusInternalServerError, "Could not create password hash."} @@ -162,7 +160,7 @@ func signupWithRegistration(app *App, signup userRegistration, w http.ResponseWr u := &User{ Username: signup.Alias, HashedPass: hashedPass, - HasPass: createdWithPass, + HasPass: true, Email: prepareUserEmail(signup.Email, app.keys.EmailKey), Created: time.Now().Truncate(time.Second).UTC(), } @@ -188,9 +186,6 @@ func signupWithRegistration(app *App, signup userRegistration, w http.ResponseWr resUser := &AuthUser{ User: u, } - if !createdWithPass { - resUser.Password = signup.Pass - } title := signup.Alias if signup.Normalize { title = desiredUsername From 678653ac30d592ab4381e3514a9936af292fccd3 Mon Sep 17 00:00:00 2001 From: Colin Axner Date: Fri, 25 Sep 2020 16:47:31 +0200 Subject: [PATCH 15/26] update getCollectionPage Update getCollectionPage godoc and reduce logic and variable assignments --- collections.go | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/collections.go b/collections.go index edde677..2295837 100644 --- a/collections.go +++ b/collections.go @@ -723,14 +723,14 @@ func newDisplayCollection(c *Collection, cr *collectionReq, page int) *DisplayCo return coll } +// getCollectionPage returns the collection page as an int. If the parsed page value is not +// greater than 0 then the default value of 1 is returned. func getCollectionPage(vars map[string]string) int { - page := 1 - var p int - p, _ = strconv.Atoi(vars["page"]) - if p > 0 { - page = p + if p, _ := strconv.Atoi(vars["page"]); p > 0 { + return p } - return page + + return 1 } // handleViewCollection displays the requested Collection From ec7b299fd3a91d6d978b5ec534ee8229faf7b970 Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Wed, 30 Sep 2020 14:40:13 -0400 Subject: [PATCH 16/26] Enable updating WM payment pointer via API and Customize page Ref T773 --- account.go | 3 +++ collections.go | 19 +++++++++++-------- database.go | 19 ++++++++++++++----- templates/user/collection.tmpl | 8 ++++++++ 4 files changed, 36 insertions(+), 13 deletions(-) diff --git a/account.go b/account.go index fbe5ad0..ae8e21c 100644 --- a/account.go +++ b/account.go @@ -839,6 +839,9 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques return ErrCollectionNotFound } + // Add collection properties + c.Monetization = app.db.GetCollectionAttribute(c.ID, "monetization_pointer") + silenced, err := app.db.IsUserSilenced(u.ID) if err != nil { log.Error("view edit collection %v", err) diff --git a/collections.go b/collections.go index ae75729..ad9cd87 100644 --- a/collections.go +++ b/collections.go @@ -56,6 +56,8 @@ type ( PublicOwner bool `datastore:"public_owner" json:"-"` URL string `json:"url,omitempty"` + Monetization string `json:"monetization_pointer,omitempty"` + db *datastore hostName string } @@ -87,14 +89,15 @@ type ( Handle string `schema:"handle" json:"handle"` // Actual collection values updated in the DB - Alias *string `schema:"alias" json:"alias"` - Title *string `schema:"title" json:"title"` - Description *string `schema:"description" json:"description"` - StyleSheet *sql.NullString `schema:"style_sheet" json:"style_sheet"` - Script *sql.NullString `schema:"script" json:"script"` - Signature *sql.NullString `schema:"signature" json:"signature"` - Visibility *int `schema:"visibility" json:"public"` - Format *sql.NullString `schema:"format" json:"format"` + Alias *string `schema:"alias" json:"alias"` + Title *string `schema:"title" json:"title"` + Description *string `schema:"description" json:"description"` + StyleSheet *sql.NullString `schema:"style_sheet" json:"style_sheet"` + Script *sql.NullString `schema:"script" json:"script"` + Signature *sql.NullString `schema:"signature" json:"signature"` + Monetization *string `schema:"monetization_pointer" json:"monetization_pointer"` + Visibility *int `schema:"visibility" json:"public"` + Format *sql.NullString `schema:"format" json:"format"` } CollectionFormat struct { Format string diff --git a/database.go b/database.go index a8feb8a..5977a7d 100644 --- a/database.go +++ b/database.go @@ -905,6 +905,15 @@ func (db *datastore) UpdateCollection(c *SubmittedCollection, alias string) erro } } + // Update Monetization value + if c.Monetization != nil { + _, err = db.Exec("INSERT INTO collectionattributes (collection_id, attribute, value) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE value = ?", collID, "monetization_pointer", *c.Monetization, *c.Monetization) + if err != nil { + log.Error("Unable to insert monetization_pointer value: %v", err) + return err + } + } + // Update rest of the collection data res, err = db.Exec("UPDATE collections SET "+q.Updates+" WHERE "+q.Conditions, q.Params...) if err != nil { @@ -2649,11 +2658,11 @@ func (db *datastore) GetIDForRemoteUser(ctx context.Context, remoteUserID, provi } type oauthAccountInfo struct { - Provider string - ClientID string - RemoteUserID string - DisplayName string - AllowDisconnect bool + Provider string + ClientID string + RemoteUserID string + DisplayName string + AllowDisconnect bool } func (db *datastore) GetOauthAccounts(ctx context.Context, userID int64) ([]oauthAccountInfo, error) { diff --git a/templates/user/collection.tmpl b/templates/user/collection.tmpl index 14114e6..5c0a793 100644 --- a/templates/user/collection.tmpl +++ b/templates/user/collection.tmpl @@ -146,6 +146,14 @@ textarea.section.norm { +
+

Web Monetization

+
+

Web Monetization enables you to receive micropayments from readers that have a Coil membership. Add your payment pointer to enable Web Monetization on your blog.

+ +
+
+

View Blog

From 13a3a68d54a94f35e9fa7b4f430120a750cc7f0e Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Wed, 30 Sep 2020 14:42:11 -0400 Subject: [PATCH 17/26] Validate and trim spaces on WM pointer Ref T773 --- database.go | 22 ++++++++++++++++++---- 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/database.go b/database.go index 5977a7d..54939fe 100644 --- a/database.go +++ b/database.go @@ -907,10 +907,24 @@ func (db *datastore) UpdateCollection(c *SubmittedCollection, alias string) erro // Update Monetization value if c.Monetization != nil { - _, err = db.Exec("INSERT INTO collectionattributes (collection_id, attribute, value) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE value = ?", collID, "monetization_pointer", *c.Monetization, *c.Monetization) - if err != nil { - log.Error("Unable to insert monetization_pointer value: %v", err) - return err + skipUpdate := false + if *c.Monetization != "" { + // Strip away any excess spaces + trimmed := strings.TrimSpace(*c.Monetization) + // Only update value when it starts with "$", per spec: https://paymentpointers.org + if strings.HasPrefix(trimmed, "$") { + c.Monetization = &trimmed + } else { + // Value appears invalid, so don't update + skipUpdate = true + } + } + if !skipUpdate { + _, err = db.Exec("INSERT INTO collectionattributes (collection_id, attribute, value) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE value = ?", collID, "monetization_pointer", *c.Monetization, *c.Monetization) + if err != nil { + log.Error("Unable to insert monetization_pointer value: %v", err) + return err + } } } From 2768ea9414e160f21f4a0408e1ab182606a0c52f Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Wed, 30 Sep 2020 15:18:21 -0400 Subject: [PATCH 18/26] Make Monetization optional Some WriteFreely instances are completely private, and thus have no need for public- oriented features like Web Monetization. Like federation, this gives admins control over whether or not the feature is enabled for users. Ref T773 --- account.go | 2 +- admin.go | 1 + collections.go | 2 +- config/config.go | 8 +++++--- templates/user/admin/app-settings.tmpl | 7 +++++++ templates/user/collection.tmpl | 4 +++- 6 files changed, 18 insertions(+), 6 deletions(-) diff --git a/account.go b/account.go index ae8e21c..3adb7f7 100644 --- a/account.go +++ b/account.go @@ -840,7 +840,7 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques } // Add collection properties - c.Monetization = app.db.GetCollectionAttribute(c.ID, "monetization_pointer") + c.MonetizationPointer = app.db.GetCollectionAttribute(c.ID, "monetization_pointer") silenced, err := app.db.IsUserSilenced(u.ID) if err != nil { diff --git a/admin.go b/admin.go index 457b384..a0d10eb 100644 --- a/admin.go +++ b/admin.go @@ -529,6 +529,7 @@ func handleAdminUpdateConfig(apper Apper, u *User, w http.ResponseWriter, r *htt } apper.App().cfg.App.Federation = r.FormValue("federation") == "on" apper.App().cfg.App.PublicStats = r.FormValue("public_stats") == "on" + apper.App().cfg.App.Monetization = r.FormValue("monetization") == "on" apper.App().cfg.App.Private = r.FormValue("private") == "on" apper.App().cfg.App.LocalTimeline = r.FormValue("local_timeline") == "on" if apper.App().cfg.App.LocalTimeline && apper.App().timeline == nil { diff --git a/collections.go b/collections.go index ad9cd87..f2958fd 100644 --- a/collections.go +++ b/collections.go @@ -56,7 +56,7 @@ type ( PublicOwner bool `datastore:"public_owner" json:"-"` URL string `json:"url,omitempty"` - Monetization string `json:"monetization_pointer,omitempty"` + MonetizationPointer string `json:"monetization_pointer,omitempty"` db *datastore hostName string diff --git a/config/config.go b/config/config.go index 9ff13f8..39e461b 100644 --- a/config/config.go +++ b/config/config.go @@ -1,5 +1,5 @@ /* - * Copyright © 2018-2019 A Bunch Tell LLC. + * Copyright © 2018-2020 A Bunch Tell LLC. * * This file is part of WriteFreely. * @@ -136,9 +136,11 @@ type ( MinUsernameLen int `ini:"min_username_len"` MaxBlogs int `ini:"max_blogs"` + // Options for public instances // Federation - Federation bool `ini:"federation"` - PublicStats bool `ini:"public_stats"` + Federation bool `ini:"federation"` + PublicStats bool `ini:"public_stats"` + Monetization bool `ini:"monetization"` // Access Private bool `ini:"private"` diff --git a/templates/user/admin/app-settings.tmpl b/templates/user/admin/app-settings.tmpl index 4bd87da..9142dcc 100644 --- a/templates/user/admin/app-settings.tmpl +++ b/templates/user/admin/app-settings.tmpl @@ -136,6 +136,13 @@ select {
+
+
+
+
+ {{if .Monetization}}

Web Monetization

Web Monetization enables you to receive micropayments from readers that have a Coil membership. Add your payment pointer to enable Web Monetization on your blog.

- +
+ {{end}}
From c22a751ab73f25bd2e5dd7b8507c70cd61b8527f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Oct 2020 05:22:43 +0000 Subject: [PATCH 19/26] Bump github.com/manifoldco/promptui from 0.7.0 to 0.8.0 Bumps [github.com/manifoldco/promptui](https://github.com/manifoldco/promptui) from 0.7.0 to 0.8.0. - [Release notes](https://github.com/manifoldco/promptui/releases) - [Changelog](https://github.com/manifoldco/promptui/blob/master/CHANGELOG.md) - [Commits](https://github.com/manifoldco/promptui/compare/v0.7.0...v0.8.0) Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 1d03956..2fd31ad 100644 --- a/go.mod +++ b/go.mod @@ -21,7 +21,7 @@ require ( github.com/jtolds/gls v4.2.1+incompatible // indirect github.com/kylemcc/twitter-text-go v0.0.0-20180726194232-7f582f6736ec github.com/lunixbochs/vtclean v1.0.0 // indirect - github.com/manifoldco/promptui v0.7.0 + github.com/manifoldco/promptui v0.8.0 github.com/mattn/go-sqlite3 v1.14.2 github.com/microcosm-cc/bluemonday v1.0.4 github.com/mitchellh/go-wordwrap v1.0.0 diff --git a/go.sum b/go.sum index 90c1bdd..9baa337 100644 --- a/go.sum +++ b/go.sum @@ -116,6 +116,8 @@ github.com/manifoldco/promptui v0.3.2 h1:rir7oByTERac6jhpHUPErHuopoRDvO3jxS+Fdad github.com/manifoldco/promptui v0.3.2/go.mod h1:8JU+igZ+eeiiRku4T5BjtKh2ms8sziGpSYl1gN8Bazw= github.com/manifoldco/promptui v0.7.0 h1:3l11YT8tm9MnwGFQ4kETwkzpAwY2Jt9lCrumCUW4+z4= github.com/manifoldco/promptui v0.7.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ= +github.com/manifoldco/promptui v0.8.0 h1:R95mMF+McvXZQ7j1g8ucVZE1gLP3Sv6j9vlF9kyRqQo= +github.com/manifoldco/promptui v0.8.0/go.mod h1:n4zTdgP0vr0S3w7/O/g98U+e0gwLScEXGwov2nIKuGQ= github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4= github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.0 h1:v2XXALHHh6zHfYTJ+cSkwtyffnaOyR1MXaA91mTrb8o= From f5f28550fb1e4a6b47b29ce3e6280139e6fe8b86 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 1 Oct 2020 05:23:13 +0000 Subject: [PATCH 20/26] Bump gopkg.in/ini.v1 from 1.57.0 to 1.61.0 Bumps [gopkg.in/ini.v1](https://github.com/go-ini/ini) from 1.57.0 to 1.61.0. - [Release notes](https://github.com/go-ini/ini/releases) - [Commits](https://github.com/go-ini/ini/compare/v1.57.0...v1.61.0) Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 1d03956..5a773e0 100644 --- a/go.mod +++ b/go.mod @@ -54,7 +54,7 @@ require ( golang.org/x/tools v0.0.0-20190208222737-3744606dbb67 // indirect google.golang.org/appengine v1.4.0 // indirect gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c // indirect - gopkg.in/ini.v1 v1.57.0 + gopkg.in/ini.v1 v1.61.0 src.techknowlogick.com/xgo v0.0.0-20200129005940-d0fae26e014b // indirect ) diff --git a/go.sum b/go.sum index 90c1bdd..d20d4ff 100644 --- a/go.sum +++ b/go.sum @@ -266,6 +266,8 @@ gopkg.in/ini.v1 v1.55.0 h1:E8yzL5unfpW3M6fz/eB7Cb5MQAYSZ7GKo4Qth+N2sgQ= gopkg.in/ini.v1 v1.55.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/ini.v1 v1.57.0 h1:9unxIsFcTt4I55uWluz+UmL95q4kdJ0buvQ1ZIqVQww= gopkg.in/ini.v1 v1.57.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= +gopkg.in/ini.v1 v1.61.0 h1:LBCdW4FmFYL4s/vDZD1RQYX7oAR6IjujCYgMdbHBR10= +gopkg.in/ini.v1 v1.61.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0 h1:POO/ycCATvegFmVuPpQzZFJ+pGZeX22Ufu6fibxDVjU= gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg= gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw= From 5961eb8f2799a585bb5901533e6ed4910178267b Mon Sep 17 00:00:00 2001 From: Marcel van der Boom Date: Sat, 3 Oct 2020 15:34:44 +0200 Subject: [PATCH 21/26] Drop the /tags/{tag} route fixes issue #305 --- routes.go | 1 - 1 file changed, 1 deletion(-) diff --git a/routes.go b/routes.go index efe1f21..bb1785f 100644 --- a/routes.go +++ b/routes.go @@ -207,7 +207,6 @@ func RouteCollections(handler *Handler, r *mux.Router) { r.HandleFunc("/page/{page:[0-9]+}", handler.Web(handleViewCollection, UserLevelReader)) r.HandleFunc("/tag:{tag}", handler.Web(handleViewCollectionTag, UserLevelReader)) r.HandleFunc("/tag:{tag}/feed/", handler.Web(ViewFeed, UserLevelReader)) - r.HandleFunc("/tags/{tag}", handler.Web(handleViewCollectionTag, UserLevelReader)) r.HandleFunc("/sitemap.xml", handler.AllReader(handleViewSitemap)) r.HandleFunc("/feed/", handler.AllReader(ViewFeed)) r.HandleFunc("/{slug}", handler.CollectionPostOrStatic) From 454e781ed4d5a7b0d6fad09724190204be5f89f1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Oct 2020 14:30:24 +0000 Subject: [PATCH 22/26] Bump github.com/mitchellh/go-wordwrap from 1.0.0 to 1.0.1 Bumps [github.com/mitchellh/go-wordwrap](https://github.com/mitchellh/go-wordwrap) from 1.0.0 to 1.0.1. - [Release notes](https://github.com/mitchellh/go-wordwrap/releases) - [Commits](https://github.com/mitchellh/go-wordwrap/compare/v1.0.0...v1.0.1) Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index 2fd31ad..ce03807 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/manifoldco/promptui v0.8.0 github.com/mattn/go-sqlite3 v1.14.2 github.com/microcosm-cc/bluemonday v1.0.4 - github.com/mitchellh/go-wordwrap v1.0.0 + github.com/mitchellh/go-wordwrap v1.0.1 github.com/nicksnyder/go-i18n v1.10.0 // indirect github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d github.com/pelletier/go-toml v1.2.0 // indirect diff --git a/go.sum b/go.sum index 9baa337..6360deb 100644 --- a/go.sum +++ b/go.sum @@ -143,6 +143,8 @@ github.com/microcosm-cc/bluemonday v1.0.4 h1:p0L+CTpo/PLFdkoPcJemLXG+fpMD7pYOoDE github.com/microcosm-cc/bluemonday v1.0.4/go.mod h1:8iwZnFn2CDDNZ0r6UXhF4xawGvzaqzCRa1n3/lO3W2w= github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4= github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= +github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= +github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/nicksnyder/go-i18n v1.10.0 h1:5AzlPKvXBH4qBzmZ09Ua9Gipyruv6uApMcrNZdo96+Q= github.com/nicksnyder/go-i18n v1.10.0/go.mod h1:HrK7VCrbOvQoUAQ7Vpy7i87N7JZZZ7R2xBGjv0j365Q= github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d h1:VhgPp6v9qf9Agr/56bj7Y/xa04UccTW04VP0Qed4vnQ= From 083d8c4d67cc999092bbd8f7c207e28069a8832d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 3 Oct 2020 14:35:04 +0000 Subject: [PATCH 23/26] Bump github.com/mattn/go-sqlite3 from 1.14.2 to 1.14.4 Bumps [github.com/mattn/go-sqlite3](https://github.com/mattn/go-sqlite3) from 1.14.2 to 1.14.4. - [Release notes](https://github.com/mattn/go-sqlite3/releases) - [Commits](https://github.com/mattn/go-sqlite3/compare/v1.14.2...v1.14.4) Signed-off-by: dependabot[bot] --- go.mod | 2 +- go.sum | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/go.mod b/go.mod index ce03807..11e1655 100644 --- a/go.mod +++ b/go.mod @@ -22,7 +22,7 @@ require ( github.com/kylemcc/twitter-text-go v0.0.0-20180726194232-7f582f6736ec github.com/lunixbochs/vtclean v1.0.0 // indirect github.com/manifoldco/promptui v0.8.0 - github.com/mattn/go-sqlite3 v1.14.2 + github.com/mattn/go-sqlite3 v1.14.4 github.com/microcosm-cc/bluemonday v1.0.4 github.com/mitchellh/go-wordwrap v1.0.1 github.com/nicksnyder/go-i18n v1.10.0 // indirect diff --git a/go.sum b/go.sum index 6360deb..0eded02 100644 --- a/go.sum +++ b/go.sum @@ -135,6 +135,8 @@ github.com/mattn/go-sqlite3 v1.14.0 h1:mLyGNKR8+Vv9CAU7PphKa2hkEqxxhn8i32J6FPj1/ github.com/mattn/go-sqlite3 v1.14.0/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus= github.com/mattn/go-sqlite3 v1.14.2 h1:A2EQLwjYf/hfYaM20FVjs1UewCTTFR7RmjEHkLjldIA= github.com/mattn/go-sqlite3 v1.14.2/go.mod h1:JIl7NbARA7phWnGvh0LKTyg7S9BA+6gx71ShQilpsus= +github.com/mattn/go-sqlite3 v1.14.4 h1:4rQjbDxdu9fSgI/r3KN72G3c2goxknAqHHgPWWs8UlI= +github.com/mattn/go-sqlite3 v1.14.4/go.mod h1:WVKg1VTActs4Qso6iwGbiFih2UIHo0ENGwNd0Lj+XmI= github.com/microcosm-cc/bluemonday v1.0.2 h1:5lPfLTTAvAbtS0VqT+94yOtFnGfUWYyx0+iToC3Os3s= github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc= github.com/microcosm-cc/bluemonday v1.0.3 h1:EjVH7OqbU219kdm8acbveoclh2zZFqPJTJw6VUlTLAQ= From 667cbb97ed401574892ff89c7397f4d44df48127 Mon Sep 17 00:00:00 2001 From: Darius Kazemi Date: Mon, 12 Oct 2020 20:54:48 -0700 Subject: [PATCH 24/26] Adding scope field to generic OAuth Some OAuth providers (like Mastodon) do not use the default "read_user" scope, instead offering a custom scope. The config.ini for generic OAuth now contains a "scope" field, allowing the admin to set the scope manually (it defaults to "read_user" if blank). --- config/config.go | 1 + oauth.go | 1 + oauth_generic.go | 6 ++++-- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/config/config.go b/config/config.go index faf73fb..cfb5999 100644 --- a/config/config.go +++ b/config/config.go @@ -108,6 +108,7 @@ type ( TokenEndpoint string `ini:"token_endpoint"` InspectEndpoint string `ini:"inspect_endpoint"` AuthEndpoint string `ini:"auth_endpoint"` + Scope string `ini:"scope"` AllowDisconnect bool `ini:"allow_disconnect"` } diff --git a/oauth.go b/oauth.go index e3f65ef..6cbddff 100644 --- a/oauth.go +++ b/oauth.go @@ -265,6 +265,7 @@ func configureGenericOauth(parentHandler *Handler, r *mux.Router, app *App) { AuthLocation: app.Config().GenericOauth.Host + app.Config().GenericOauth.AuthEndpoint, HttpClient: config.DefaultHTTPClient(), CallbackLocation: callbackLocation, + Scope: config.OrDefaultString(app.Config().GenericOauth.Scope, "read_user"), } configureOauthRoutes(parentHandler, r, app, oauthClient, callbackProxy) } diff --git a/oauth_generic.go b/oauth_generic.go index ce65bca..cb82ad0 100644 --- a/oauth_generic.go +++ b/oauth_generic.go @@ -15,6 +15,7 @@ type genericOauthClient struct { ExchangeLocation string InspectLocation string CallbackLocation string + Scope string HttpClient HttpClient } @@ -46,7 +47,7 @@ func (c genericOauthClient) buildLoginURL(state string) (string, error) { q.Set("redirect_uri", c.CallbackLocation) q.Set("response_type", "code") q.Set("state", state) - q.Set("scope", "read_user") + q.Set("scope", c.Scope) u.RawQuery = q.Encode() return u.String(), nil } @@ -55,7 +56,7 @@ func (c genericOauthClient) exchangeOauthCode(ctx context.Context, code string) form := url.Values{} form.Add("grant_type", "authorization_code") form.Add("redirect_uri", c.CallbackLocation) - form.Add("scope", "read_user") + form.Add("scope", c.Scope) form.Add("code", code) req, err := http.NewRequest("POST", c.ExchangeLocation, strings.NewReader(form.Encode())) if err != nil { @@ -110,5 +111,6 @@ func (c genericOauthClient) inspectOauthAccessToken(ctx context.Context, accessT if inspectResponse.Error != "" { return nil, errors.New(inspectResponse.Error) } + return &inspectResponse, nil } From 0eb1a2deecb4e148beaa3078b39c5f1a1cd32662 Mon Sep 17 00:00:00 2001 From: Conor Flynn Date: Mon, 26 Oct 2020 13:50:11 +0000 Subject: [PATCH 25/26] Fixes broken Docker/docker-compose structures. Updates versions and uses maria DB instead of sqlite in the docker-compose. Also fixes things related to networks, generating config, etc. --- Dockerfile | 12 +++++---- config.ini.example | 28 ------------------- docker-compose.yml | 67 ++++++++++++++++++++++++++++------------------ 3 files changed, 48 insertions(+), 59 deletions(-) delete mode 100644 config.ini.example diff --git a/Dockerfile b/Dockerfile index fd6589d..f4b5a0d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,17 +1,19 @@ # Build image -FROM golang:1.13-alpine as build +FROM golang:1.14-alpine as build -RUN apk add --update nodejs nodejs-npm make g++ git sqlite-dev +RUN apk add --update nodejs nodejs-npm make g++ git RUN npm install -g less less-plugin-clean-css -RUN go get -u github.com/jteeuwen/go-bindata/... +RUN go get -u github.com/go-bindata/go-bindata/... RUN mkdir -p /go/src/github.com/writeas/writefreely WORKDIR /go/src/github.com/writeas/writefreely + COPY . . ENV GO111MODULE=on + RUN make build \ - && make ui + && make ui RUN mkdir /stage && \ cp -R /go/bin \ /go/src/github.com/writeas/writefreely/templates \ @@ -22,7 +24,7 @@ RUN mkdir /stage && \ /stage # Final image -FROM alpine:3.11 +FROM alpine:3.12 RUN apk add --no-cache openssl ca-certificates COPY --from=build --chown=daemon:daemon /stage /go diff --git a/config.ini.example b/config.ini.example deleted file mode 100644 index 8b74ddc..0000000 --- a/config.ini.example +++ /dev/null @@ -1,28 +0,0 @@ -[server] -hidden_host = -port = 8080 - -[database] -type = mysql -username = root -password = changeme -database = writefreely -host = db -port = 3306 -tls = false - -[app] -site_name = WriteFreely Example Blog! -host = http://localhost:8080 -theme = write -disable_js = false -webfonts = true -single_user = true -open_registration = false -min_username_len = 3 -max_blogs = 1 -federation = true -public_stats = true -private = false -update_checks = true - diff --git a/docker-compose.yml b/docker-compose.yml index 29a841e..93fe938 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,32 +1,47 @@ version: "3" -services: - web: - build: . - volumes: - - "web-data:/go/src/app" - - "./config.ini.example:/go/src/app/config.ini" - ports: - - "8080:8080" - networks: - - writefreely - depends_on: - - db - restart: unless-stopped - db: - image: "mariadb:latest" - volumes: - - "./schema.sql:/tmp/schema.sql" - - db-data:/var/lib/mysql/data - networks: - - writefreely - environment: - - MYSQL_DATABASE=writefreely - - MYSQL_ROOT_PASSWORD=changeme - restart: unless-stopped volumes: - web-data: + web-keys: db-data: networks: - writefreely: + external_writefreely: + internal_writefreely: + internal: true + +services: + writefreely-web: + container_name: "writefreely-web" + image: "conor-f:writefreely" + + volumes: + - "web-keys:/go/keys" + - "./config.ini:/go/config.ini" + + networks: + - "internal_writefreely" + - "external_writefreely" + + ports: + - "8080:8080" + + depends_on: + - "writefreely-db" + + restart: unless-stopped + + writefreely-db: + container_name: "writefreely-db" + image: "mariadb:latest" + + volumes: + - "db-data:/var/lib/mysql/data" + + networks: + - "internal_writefreely" + + environment: + - MYSQL_DATABASE=writefreely + - MYSQL_ROOT_PASSWORD=changeme + + restart: unless-stopped From 9f925c81386c5a3fd75872256762300a2788988d Mon Sep 17 00:00:00 2001 From: Conor Flynn Date: Mon, 26 Oct 2020 13:52:04 +0000 Subject: [PATCH 26/26] Changes docker-compose image to use writefreely. --- docker-compose.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 93fe938..ef73a9b 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -12,7 +12,7 @@ networks: services: writefreely-web: container_name: "writefreely-web" - image: "conor-f:writefreely" + image: "writefreely:latest" volumes: - "web-keys:/go/keys"