From 25fe5285da016c43baa269f0cec267369fd6df20 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Tue, 8 Oct 2019 09:39:39 -0700
Subject: [PATCH 01/76] lightly style tables in posts

---
 less/core.less | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/less/core.less b/less/core.less
index f4332a9..99aaa0e 100644
--- a/less/core.less
+++ b/less/core.less
@@ -632,6 +632,30 @@ table.classy {
 	}
 }
 
+body#post article table {
+	border-spacing: 0;
+	border-collapse: collapse;
+	th {
+		border-bottom: 2px solid #ccc;
+		text-align: center;
+	}
+	th + th {
+		border-left: 1px solid #ccc;
+	}
+	tr:nth-child(even) {
+		background-color: #f6f6f6;
+	}
+	td + td {
+		border-left: 1px solid #ccc;
+	}
+	tr + tr td {
+		border-top: 1px solid #ccc;
+	}
+	td, th {
+		padding: .25rem .5rem;
+	}
+}
+
 body#collection article, body#subpage article {
 	padding-top: 0;
 	padding-bottom: 0;

From c0317b4e93efab6218617d50ca41c61c61a716e6 Mon Sep 17 00:00:00 2001
From: Nick Gerakines <ngerakines@users.noreply.github.com>
Date: Wed, 15 Jan 2020 13:16:59 -0500
Subject: [PATCH 02/76] Implemented oauth attach functionality, oauth detach
 functionality, and required data migration. T713

---
 account.go                   | 43 +++++++++++++++++++++++------
 database.go                  | 53 ++++++++++++++++++++++++++++++------
 database_test.go             |  4 +--
 migrations/migrations.go     |  1 +
 migrations/v6.go             | 36 ++++++++++++++++++++++++
 oauth.go                     | 29 +++++++++++++++++---
 oauth_test.go                | 14 +++++-----
 routes.go                    |  1 +
 templates/user/settings.tmpl | 22 +++++++++++++++
 9 files changed, 173 insertions(+), 30 deletions(-)
 create mode 100644 migrations/v6.go

diff --git a/account.go b/account.go
index 2dcfd27..3544813 100644
--- a/account.go
+++ b/account.go
@@ -1038,18 +1038,30 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 
 	flashes, _ := getSessionFlashes(app, w, r, nil)
 
+	oauthAccounts, err := app.db.GetOauthAccounts(r.Context(), u.ID)
+	if err != nil {
+		log.Error("Unable to get oauth accounts for settings: %s", err)
+		return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}
+	}
+
 	obj := struct {
 		*UserPage
-		Email     string
-		HasPass   bool
-		IsLogOut  bool
-		Suspended bool
+		Email         string
+		HasPass       bool
+		IsLogOut      bool
+		Suspended     bool
+		OauthAccounts []oauthAccountInfo
+		OauthSlack    bool
+		OauthWriteAs  bool
 	}{
-		UserPage:  NewUserPage(app, r, u, "Account Settings", flashes),
-		Email:     fullUser.EmailClear(app.keys),
-		HasPass:   passIsSet,
-		IsLogOut:  r.FormValue("logout") == "1",
-		Suspended: fullUser.IsSilenced(),
+		UserPage:      NewUserPage(app, r, u, "Account Settings", flashes),
+		Email:         fullUser.EmailClear(app.keys),
+		HasPass:       passIsSet,
+		IsLogOut:      r.FormValue("logout") == "1",
+		Suspended:     fullUser.IsSilenced(),
+		OauthAccounts: oauthAccounts,
+		OauthSlack:    app.Config().SlackOauth.ClientID != "",
+		OauthWriteAs:  app.Config().WriteAsOauth.ClientID != "",
 	}
 
 	showUserPage(w, "settings", obj)
@@ -1094,6 +1106,19 @@ func getTempInfo(app *App, key string, r *http.Request, w http.ResponseWriter) s
 	return s
 }
 
+func removeOauth(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
+	provider := r.FormValue("provider")
+	clientID := r.FormValue("client_id")
+	remoteUserID := r.FormValue("remote_user_id")
+
+	err := app.db.RemoveOauth(r.Context(), u.ID, provider, clientID, remoteUserID)
+	if err != nil {
+		return impart.HTTPError{Status: http.StatusInternalServerError, Message: err.Error()}
+	}
+
+	return impart.HTTPError{Status: http.StatusFound, Message: "/me/settings"}
+}
+
 func prepareUserEmail(input string, emailKey []byte) zero.String {
 	email := zero.NewString("", input != "")
 	if len(input) > 0 {
diff --git a/database.go b/database.go
index ef52d84..cbda701 100644
--- a/database.go
+++ b/database.go
@@ -128,8 +128,10 @@ type writestore interface {
 
 	GetIDForRemoteUser(context.Context, string, string, string) (int64, error)
 	RecordRemoteUserID(context.Context, int64, string, string, string, string) error
-	ValidateOAuthState(context.Context, string) (string, string, error)
-	GenerateOAuthState(context.Context, string, string) (string, error)
+	ValidateOAuthState(context.Context, string) (string, string, int64, error)
+	GenerateOAuthState(context.Context, string, string, int64) (string, error)
+	GetOauthAccounts(ctx context.Context, userID int64) ([]oauthAccountInfo, error)
+	RemoveOauth(ctx context.Context, userID int64, provider string, clientID string, remoteUserID string) error
 
 	DatabaseInitialized() bool
 }
@@ -2462,20 +2464,23 @@ func (db *datastore) GetCollectionLastPostTime(id int64) (*time.Time, error) {
 	return &t, nil
 }
 
-func (db *datastore) GenerateOAuthState(ctx context.Context, provider, clientID string) (string, error) {
+func (db *datastore) GenerateOAuthState(ctx context.Context, provider string, clientID string, attachUser int64) (string, error) {
 	state := store.Generate62RandomString(24)
-	_, err := db.ExecContext(ctx, "INSERT INTO oauth_client_states (state, provider, client_id, used, created_at) VALUES (?, ?, ?, FALSE, NOW())", state, provider, clientID)
+	_, err := db.ExecContext(ctx, "INSERT INTO oauth_client_states (state, provider, client_id, used, created_at, attach_user_id) VALUES (?, ?, ?, FALSE, NOW(), ?)", state, provider, clientID, attachUser)
 	if err != nil {
 		return "", fmt.Errorf("unable to record oauth client state: %w", err)
 	}
 	return state, nil
 }
 
-func (db *datastore) ValidateOAuthState(ctx context.Context, state string) (string, string, error) {
+func (db *datastore) ValidateOAuthState(ctx context.Context, state string) (string, string, int64, error) {
 	var provider string
 	var clientID string
+	var attachUserID int64
 	err := wf_db.RunTransactionWithOptions(ctx, db.DB, &sql.TxOptions{}, func(ctx context.Context, tx *sql.Tx) error {
-		err := tx.QueryRow("SELECT provider, client_id FROM oauth_client_states WHERE state = ? AND used = FALSE", state).Scan(&provider, &clientID)
+		err := tx.
+			QueryRowContext(ctx, "SELECT provider, client_id, attach_user_id FROM oauth_client_states WHERE state = ? AND used = FALSE", state).
+			Scan(&provider, &clientID, &attachUserID)
 		if err != nil {
 			return err
 		}
@@ -2494,9 +2499,9 @@ func (db *datastore) ValidateOAuthState(ctx context.Context, state string) (stri
 		return nil
 	})
 	if err != nil {
-		return "", "", nil
+		return "", "", 0, nil
 	}
-	return provider, clientID, nil
+	return provider, clientID, attachUserID, nil
 }
 
 func (db *datastore) RecordRemoteUserID(ctx context.Context, localUserID int64, remoteUserID, provider, clientID, accessToken string) error {
@@ -2525,6 +2530,33 @@ func (db *datastore) GetIDForRemoteUser(ctx context.Context, remoteUserID, provi
 	return userID, nil
 }
 
+type oauthAccountInfo struct {
+	Provider     string
+	ClientID     string
+	RemoteUserID string
+}
+
+func (db *datastore) GetOauthAccounts(ctx context.Context, userID int64) ([]oauthAccountInfo, error) {
+	rows, err := db.QueryContext(ctx, "SELECT provider, client_id, remote_user_id FROM oauth_users WHERE user_id = ? ", userID)
+	if err != nil {
+		log.Error("Failed selecting from oauth_users: %v", err)
+		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve user oauth accounts."}
+	}
+	defer rows.Close()
+
+	var records []oauthAccountInfo
+	for rows.Next() {
+		info := oauthAccountInfo{}
+		err = rows.Scan(&info.Provider, &info.ClientID, &info.RemoteUserID)
+		if err != nil {
+			log.Error("Failed scanning GetAllUsers() row: %v", err)
+			break
+		}
+		records = append(records, info)
+	}
+	return records, nil
+}
+
 // DatabaseInitialized returns whether or not the current datastore has been
 // initialized with the correct schema.
 // Currently, it checks to see if the `users` table exists.
@@ -2547,6 +2579,11 @@ func (db *datastore) DatabaseInitialized() bool {
 	return true
 }
 
+func (db *datastore) RemoveOauth(ctx context.Context, userID int64, provider string, clientID string, remoteUserID string) error {
+	_, err := db.ExecContext(ctx, `DELETE FROM oauth_users WHERE user_id = ? AND provider = ? AND client_id = ? AND remote_user_id = ?`, userID, provider, clientID, remoteUserID)
+	return err
+}
+
 func stringLogln(log *string, s string, v ...interface{}) {
 	*log += fmt.Sprintf(s+"\n", v...)
 }
diff --git a/database_test.go b/database_test.go
index c4c586a..569d020 100644
--- a/database_test.go
+++ b/database_test.go
@@ -18,13 +18,13 @@ func TestOAuthDatastore(t *testing.T) {
 			driverName: "",
 		}
 
-		state, err := ds.GenerateOAuthState(ctx, "test", "development")
+		state, err := ds.GenerateOAuthState(ctx, "test", "development", 0)
 		assert.NoError(t, err)
 		assert.Len(t, state, 24)
 
 		countRows(t, ctx, db, 1, "SELECT COUNT(*) FROM `oauth_client_states` WHERE `state` = ? AND `used` = false", state)
 
-		_, _, err = ds.ValidateOAuthState(ctx, state)
+		_, _, _, err = ds.ValidateOAuthState(ctx, state)
 		assert.NoError(t, err)
 
 		countRows(t, ctx, db, 1, "SELECT COUNT(*) FROM `oauth_client_states` WHERE `state` = ? AND `used` = true", state)
diff --git a/migrations/migrations.go b/migrations/migrations.go
index 917d912..1aa64cb 100644
--- a/migrations/migrations.go
+++ b/migrations/migrations.go
@@ -61,6 +61,7 @@ var migrations = []Migration{
 	New("support users suspension", supportUserStatus),          // V2 -> V3 (v0.11.0)
 	New("support oauth", oauth),                                 // V3 -> V4
 	New("support slack oauth", oauthSlack),                      // V4 -> v5
+	New("support oauth attach", oauthAttach),                    // V5 -> V6
 }
 
 // CurrentVer returns the current migration version the application is on
diff --git a/migrations/v6.go b/migrations/v6.go
new file mode 100644
index 0000000..9673bc4
--- /dev/null
+++ b/migrations/v6.go
@@ -0,0 +1,36 @@
+package migrations
+
+import (
+	"context"
+	"database/sql"
+
+	wf_db "github.com/writeas/writefreely/db"
+)
+
+func oauthAttach(db *datastore) error {
+	dialect := wf_db.DialectMySQL
+	if db.driverName == driverSQLite {
+		dialect = wf_db.DialectSQLite
+	}
+	return wf_db.RunTransactionWithOptions(context.Background(), db.DB, &sql.TxOptions{}, func(ctx context.Context, tx *sql.Tx) error {
+		builders := []wf_db.SQLBuilder{
+			dialect.
+				AlterTable("oauth_client_states").
+				AddColumn(dialect.
+					Column(
+						"attach_user_id",
+						wf_db.ColumnTypeInteger,
+						wf_db.OptionalInt{Set: true, Value: 24,}).SetNullable(false).SetDefault("0")),
+		}
+		for _, builder := range builders {
+			query, err := builder.ToSQL()
+			if err != nil {
+				return err
+			}
+			if _, err := tx.ExecContext(ctx, query); err != nil {
+				return err
+			}
+		}
+		return nil
+	})
+}
diff --git a/oauth.go b/oauth.go
index caf8189..2223151 100644
--- a/oauth.go
+++ b/oauth.go
@@ -59,8 +59,8 @@ type OAuthDatastoreProvider interface {
 type OAuthDatastore interface {
 	GetIDForRemoteUser(context.Context, string, string, string) (int64, error)
 	RecordRemoteUserID(context.Context, int64, string, string, string, string) error
-	ValidateOAuthState(context.Context, string) (string, string, error)
-	GenerateOAuthState(context.Context, string, string) (string, error)
+	ValidateOAuthState(context.Context, string) (string, string, int64, error)
+	GenerateOAuthState(context.Context, string, string, int64) (string, error)
 
 	CreateUser(*config.Config, *User, string) error
 	GetUserByID(int64) (*User, error)
@@ -96,19 +96,32 @@ type oauthHandler struct {
 
 func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Request) error {
 	ctx := r.Context()
-	state, err := h.DB.GenerateOAuthState(ctx, h.oauthClient.GetProvider(), h.oauthClient.GetClientID())
+
+	var attachUser int64
+	if attach := r.URL.Query().Get("attach"); attach == "t" {
+		user, _ := getUserAndSession(app, r)
+		if user == nil {
+			return impart.HTTPError{http.StatusInternalServerError, "cannot attach auth to user: user not found in session"}
+		}
+		attachUser = user.ID
+	}
+
+	state, err := h.DB.GenerateOAuthState(ctx, h.oauthClient.GetProvider(), h.oauthClient.GetClientID(), attachUser)
 	if err != nil {
+		log.Error("viewOauthInit error: %s", err)
 		return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
 	}
 
 	if h.callbackProxy != nil {
 		if err := h.callbackProxy.register(ctx, state); err != nil {
+			log.Error("viewOauthInit error: %s", err)
 			return impart.HTTPError{http.StatusInternalServerError, "could not register state server"}
 		}
 	}
 
 	location, err := h.oauthClient.buildLoginURL(state)
 	if err != nil {
+		log.Error("viewOauthInit error: %s", err)
 		return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
 	}
 	return impart.HTTPError{http.StatusTemporaryRedirect, location}
@@ -185,7 +198,7 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 	code := r.FormValue("code")
 	state := r.FormValue("state")
 
-	provider, clientID, err := h.DB.ValidateOAuthState(ctx, state)
+	provider, clientID, attachUserID, err := h.DB.ValidateOAuthState(ctx, state)
 	if err != nil {
 		log.Error("Unable to ValidateOAuthState: %s", err)
 		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
@@ -223,6 +236,14 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 		}
 		return nil
 	}
+	if attachUserID > 0 {
+		log.Info("attaching to user %d", attachUserID)
+		err = h.DB.RecordRemoteUserID(r.Context(), attachUserID, tokenInfo.UserID, provider, clientID, tokenResponse.AccessToken)
+		if err != nil {
+			return impart.HTTPError{http.StatusInternalServerError, err.Error()}
+		}
+		return impart.HTTPError{http.StatusFound, "/me/settings"}
+	}
 
 	displayName := tokenInfo.DisplayName
 	if len(displayName) == 0 {
diff --git a/oauth_test.go b/oauth_test.go
index 2e293e7..c23eadd 100644
--- a/oauth_test.go
+++ b/oauth_test.go
@@ -22,8 +22,8 @@ type MockOAuthDatastoreProvider struct {
 }
 
 type MockOAuthDatastore struct {
-	DoGenerateOAuthState func(context.Context, string, string) (string, error)
-	DoValidateOAuthState func(context.Context, string) (string, string, error)
+	DoGenerateOAuthState func(context.Context, string, string, int64) (string, error)
+	DoValidateOAuthState func(context.Context, string) (string, string, int64, error)
 	DoGetIDForRemoteUser func(context.Context, string, string, string) (int64, error)
 	DoCreateUser         func(*config.Config, *User, string) error
 	DoRecordRemoteUserID func(context.Context, int64, string, string, string, string) error
@@ -86,11 +86,11 @@ func (m *MockOAuthDatastoreProvider) Config() *config.Config {
 	return cfg
 }
 
-func (m *MockOAuthDatastore) ValidateOAuthState(ctx context.Context, state string) (string, string, error) {
+func (m *MockOAuthDatastore) ValidateOAuthState(ctx context.Context, state string) (string, string, int64, error) {
 	if m.DoValidateOAuthState != nil {
 		return m.DoValidateOAuthState(ctx, state)
 	}
-	return "", "", nil
+	return "", "", 0, nil
 }
 
 func (m *MockOAuthDatastore) GetIDForRemoteUser(ctx context.Context, remoteUserID, provider, clientID string) (int64, error) {
@@ -125,9 +125,9 @@ func (m *MockOAuthDatastore) GetUserByID(userID int64) (*User, error) {
 	return user, nil
 }
 
-func (m *MockOAuthDatastore) GenerateOAuthState(ctx context.Context, provider string, clientID string) (string, error) {
+func (m *MockOAuthDatastore) GenerateOAuthState(ctx context.Context, provider string, clientID string, attachUserID int64) (string, error) {
 	if m.DoGenerateOAuthState != nil {
-		return m.DoGenerateOAuthState(ctx, provider, clientID)
+		return m.DoGenerateOAuthState(ctx, provider, clientID, attachUserID)
 	}
 	return store.Generate62RandomString(14), nil
 }
@@ -173,7 +173,7 @@ func TestViewOauthInit(t *testing.T) {
 		app := &MockOAuthDatastoreProvider{
 			DoDB: func() OAuthDatastore {
 				return &MockOAuthDatastore{
-					DoGenerateOAuthState: func(ctx context.Context, provider, clientID string) (string, error) {
+					DoGenerateOAuthState: func(ctx context.Context, provider, clientID string, attachUserID int64) (string, error) {
 						return "", fmt.Errorf("pretend unable to write state error")
 					},
 				}
diff --git a/routes.go b/routes.go
index 7784d71..cb6d327 100644
--- a/routes.go
+++ b/routes.go
@@ -101,6 +101,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	me.HandleFunc("/settings", handler.User(viewSettings)).Methods("GET")
 	me.HandleFunc("/invites", handler.User(handleViewUserInvites)).Methods("GET")
 	me.HandleFunc("/logout", handler.Web(viewLogout, UserLevelNone)).Methods("GET")
+	me.HandleFunc("/oauth/remove", handler.User(removeOauth)).Methods("POST")
 
 	write.HandleFunc("/api/me", handler.All(viewMeAPI)).Methods("GET")
 	apiMe := write.PathPrefix("/api/me/").Subrouter()
diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index d5cc33d..2cda7dd 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -66,6 +66,28 @@ h3 { font-weight: normal; }
 			<input type="submit" value="Save changes" tabindex="4" />
 		</div>
 	</form>
+
+	{{ if .OauthAccounts }}
+	    {{ range $oauth_account := .OauthAccounts }}
+		    <form method="post" action="/me/oauth/remove" autocomplete="false">
+		        <input type="hidden" name="provider" value="{{ $oauth_account.Provider }}" />
+		        <input type="hidden" name="client_id" value="{{ $oauth_account.ClientID }}" />
+		        <input type="hidden" name="remote_user_id" value="{{ $oauth_account.RemoteUserID }}" />
+    		    <div class="option">
+    			    <h3>{{ $oauth_account.Provider }} </h3>
+    			    <div class="section">
+    				    <input type="submit" value="Remove" style="margin-left: 1em;" />
+    			    </div>
+    		    </div>
+    	    </form>
+        {{ end }}
+	{{ end }}
+	{{ if .OauthSlack }}
+    	<a class="loginbtn" href="/oauth/slack?attach=t"><img alt="Sign in with Slack" height="40" width="172" src="/img/sign_in_with_slack.png" srcset="/img/sign_in_with_slack.png 1x, /img/sign_in_with_slack@2x.png 2x" /></a>
+    {{ end }}
+    {{ if .OauthWriteAs }}
+        <a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as?attach=t">Link your <strong>Write.as</strong> account.</a>
+    {{ end }}
 </div>
 
 <script>

From 5d834c1cd2138d6bd0d4daf415bdb5221c38bb1c Mon Sep 17 00:00:00 2001
From: Nick Gerakines <ngerakines@users.noreply.github.com>
Date: Wed, 15 Jan 2020 13:37:57 -0500
Subject: [PATCH 03/76] Minor code cleanup on settings page to improve oauth
 account management UI. T713

---
 account.go                   | 19 +++++++++++++--
 templates.go                 |  1 +
 templates/user/settings.tmpl | 45 +++++++++++++++++++++---------------
 3 files changed, 44 insertions(+), 21 deletions(-)

diff --git a/account.go b/account.go
index 3544813..ae3ef87 100644
--- a/account.go
+++ b/account.go
@@ -1038,11 +1038,24 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 
 	flashes, _ := getSessionFlashes(app, w, r, nil)
 
+	enableOauthSlack := app.Config().SlackOauth.ClientID != ""
+	enableOauthWriteAs := app.Config().WriteAsOauth.ClientID != ""
+
 	oauthAccounts, err := app.db.GetOauthAccounts(r.Context(), u.ID)
 	if err != nil {
 		log.Error("Unable to get oauth accounts for settings: %s", err)
 		return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}
 	}
+	for _, oauthAccount := range oauthAccounts {
+		switch oauthAccount.Provider {
+		case "slack":
+			enableOauthSlack = false
+		case "write.as":
+			enableOauthWriteAs = false
+		}
+	}
+
+	displayOauthSection := enableOauthSlack || enableOauthWriteAs || len(oauthAccounts) > 0
 
 	obj := struct {
 		*UserPage
@@ -1050,6 +1063,7 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		HasPass       bool
 		IsLogOut      bool
 		Suspended     bool
+		OauthSection  bool
 		OauthAccounts []oauthAccountInfo
 		OauthSlack    bool
 		OauthWriteAs  bool
@@ -1059,9 +1073,10 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		HasPass:       passIsSet,
 		IsLogOut:      r.FormValue("logout") == "1",
 		Suspended:     fullUser.IsSilenced(),
+		OauthSection:  displayOauthSection,
 		OauthAccounts: oauthAccounts,
-		OauthSlack:    app.Config().SlackOauth.ClientID != "",
-		OauthWriteAs:  app.Config().WriteAsOauth.ClientID != "",
+		OauthSlack:    enableOauthSlack,
+		OauthWriteAs:  enableOauthWriteAs,
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/templates.go b/templates.go
index 968845d..c1a6da8 100644
--- a/templates.go
+++ b/templates.go
@@ -37,6 +37,7 @@ var (
 		"localstr":    localStr,
 		"localhtml":   localHTML,
 		"tolower":     strings.ToLower,
+		"title":       strings.Title,
 	}
 )
 
diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index 2cda7dd..fc76f48 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -67,26 +67,33 @@ h3 { font-weight: normal; }
 		</div>
 	</form>
 
-	{{ if .OauthAccounts }}
-	    {{ range $oauth_account := .OauthAccounts }}
-		    <form method="post" action="/me/oauth/remove" autocomplete="false">
-		        <input type="hidden" name="provider" value="{{ $oauth_account.Provider }}" />
-		        <input type="hidden" name="client_id" value="{{ $oauth_account.ClientID }}" />
-		        <input type="hidden" name="remote_user_id" value="{{ $oauth_account.RemoteUserID }}" />
-    		    <div class="option">
-    			    <h3>{{ $oauth_account.Provider }} </h3>
-    			    <div class="section">
-    				    <input type="submit" value="Remove" style="margin-left: 1em;" />
-    			    </div>
-    		    </div>
-    	    </form>
+    {{ if .OauthSection }}
+        <h1>OAuth Management</h1>
+	    {{ if .OauthAccounts }}
+	        <p>Existing OAuth accounts can be removed from your account.</p>
+	        {{ range $oauth_account := .OauthAccounts }}
+		        <form method="post" action="/me/oauth/remove" autocomplete="false">
+		            <input type="hidden" name="provider" value="{{ $oauth_account.Provider }}" />
+		            <input type="hidden" name="client_id" value="{{ $oauth_account.ClientID }}" />
+		            <input type="hidden" name="remote_user_id" value="{{ $oauth_account.RemoteUserID }}" />
+    		        <div class="option">
+    			        <div class="section">
+        				    <input type="submit" value="Remove {{ $oauth_account.Provider | title }}" style="margin-left: 1em;" />
+    			        </div>
+    		        </div>
+    	        </form>
+            {{ end }}
+	    {{ end }}
+	    {{ if or .OauthSlack .OauthWriteAs }}
+	        <p>
+	        {{ if .OauthSlack }}
+    	        <a class="loginbtn" href="/oauth/slack?attach=t"><img alt="Sign in with Slack" height="40" width="172" src="/img/sign_in_with_slack.png" srcset="/img/sign_in_with_slack.png 1x, /img/sign_in_with_slack@2x.png 2x" /></a>
+            {{ end }}
+            {{ if .OauthWriteAs }}
+                <a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as?attach=t">Link your <strong>Write.as</strong> account.</a>
+            {{ end }}
+            </p>
         {{ end }}
-	{{ end }}
-	{{ if .OauthSlack }}
-    	<a class="loginbtn" href="/oauth/slack?attach=t"><img alt="Sign in with Slack" height="40" width="172" src="/img/sign_in_with_slack.png" srcset="/img/sign_in_with_slack.png 1x, /img/sign_in_with_slack@2x.png 2x" /></a>
-    {{ end }}
-    {{ if .OauthWriteAs }}
-        <a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as?attach=t">Link your <strong>Write.as</strong> account.</a>
     {{ end }}
 </div>
 

From 61734057943075ab8df30ce45c0f580340d0c0ba Mon Sep 17 00:00:00 2001
From: Matti R <matti@mdranta.net>
Date: Mon, 10 Feb 2020 01:46:58 -0500
Subject: [PATCH 04/76] switch to use urfave/cli for cli, which allows for
 auto-manpage generation and bash complete

---
 cmd/writefreely/config.go |  63 ++++++++++
 cmd/writefreely/db.go     |  50 ++++++++
 cmd/writefreely/keys.go   |  40 +++++++
 cmd/writefreely/main.go   | 238 +++++++++++++++++++++-----------------
 cmd/writefreely/user.go   |  89 ++++++++++++++
 cmd/writefreely/web.go    |  49 ++++++++
 go.mod                    |   4 +-
 go.sum                    |   9 ++
 8 files changed, 434 insertions(+), 108 deletions(-)
 create mode 100644 cmd/writefreely/config.go
 create mode 100644 cmd/writefreely/db.go
 create mode 100644 cmd/writefreely/keys.go
 create mode 100644 cmd/writefreely/user.go
 create mode 100644 cmd/writefreely/web.go

diff --git a/cmd/writefreely/config.go b/cmd/writefreely/config.go
new file mode 100644
index 0000000..d572036
--- /dev/null
+++ b/cmd/writefreely/config.go
@@ -0,0 +1,63 @@
+/*
+ * Copyright © 2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package main
+
+import (
+	"github.com/writeas/writefreely"
+
+	"github.com/urfave/cli/v2"
+)
+
+var (
+	cmdConfig cli.Command = cli.Command{
+		Name:  "config",
+		Usage: "config management tools",
+		Subcommands: []*cli.Command{
+			&cmdConfigGenerate,
+			&cmdConfigInteractive,
+		},
+	}
+
+	cmdConfigGenerate cli.Command = cli.Command{
+		Name:    "generate",
+		Aliases: []string{"gen"},
+		Usage:   "Generate a basic configuration",
+		Action: genConfigAction,
+	}
+
+	cmdConfigInteractive cli.Command = cli.Command{
+		Name:    "interactive",
+		Aliases: []string{"i"},
+		Usage:   "Interactive configuration process",
+		Action: interactiveConfigAction,
+		Flags: []cli.Flag{
+			&cli.StringFlag{
+				Name:  "sections",
+				Value: "server db app",
+				Usage: "Which sections of the configuration to go through (requires --config)\n" +
+					"valid values are any combination of 'server', 'db' and 'app' \n" +
+					"example: writefreely --config --sections \"db app\"",
+			},
+		},
+	}
+
+)
+
+func genConfigAction(c *cli.Context) error {
+	app := writefreely.NewApp(c.String("c"))
+	return writefreely.CreateConfig(app)
+}
+
+func interactiveConfigAction(c *cli.Context) error {
+	app := writefreely.NewApp(c.String("c"))
+	writefreely.DoConfig(app, c.String("sections"))
+	return nil
+}
\ No newline at end of file
diff --git a/cmd/writefreely/db.go b/cmd/writefreely/db.go
new file mode 100644
index 0000000..fa5110d
--- /dev/null
+++ b/cmd/writefreely/db.go
@@ -0,0 +1,50 @@
+/*
+ * Copyright © 2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package main
+
+import (
+	"github.com/writeas/writefreely"
+
+	"github.com/urfave/cli/v2"
+)
+
+var (
+	cmdDB cli.Command = cli.Command{
+		Name:  "db",
+		Usage: "db management tools",
+		Subcommands: []*cli.Command{
+			&cmdDBInit,
+			&cmdDBMigrate,
+		},
+	}
+
+	cmdDBInit cli.Command = cli.Command{
+		Name:    "init",
+		Usage:   "Initialize Database",
+		Action: initDBAction,
+	}
+
+	cmdDBMigrate cli.Command = cli.Command{
+		Name:    "migrate",
+		Usage:   "Migrate Database",
+		Action:  migrateDBAction,
+	}
+)
+
+func initDBAction(c *cli.Context) error {
+	app := writefreely.NewApp(c.String("c"))
+	return writefreely.CreateSchema(app)
+}
+
+func migrateDBAction(c *cli.Context) error {
+	app := writefreely.NewApp(c.String("c"))
+	return writefreely.Migrate(app)
+}
\ No newline at end of file
diff --git a/cmd/writefreely/keys.go b/cmd/writefreely/keys.go
new file mode 100644
index 0000000..7e81475
--- /dev/null
+++ b/cmd/writefreely/keys.go
@@ -0,0 +1,40 @@
+/*
+ * Copyright © 2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package main
+
+import (
+	"github.com/writeas/writefreely"
+
+	"github.com/urfave/cli/v2"
+)
+
+var (
+	cmdKeys cli.Command = cli.Command{
+		Name:  "keys",
+		Usage: "key management tools",
+		Subcommands: []*cli.Command{
+			&cmdGenerateKeys,
+		},
+	}
+
+	cmdGenerateKeys cli.Command = cli.Command{
+		Name:    "generate",
+		Aliases: []string{"gen"},
+		Usage:   "Generate encryption and authentication keys",
+		Action: genKeysAction,
+	}
+
+)
+
+func genKeysAction(c *cli.Context) error {
+	app := writefreely.NewApp(c.String("c"))
+	return writefreely.GenerateKeyFiles(app)
+}
\ No newline at end of file
diff --git a/cmd/writefreely/main.go b/cmd/writefreely/main.go
index 7fc2342..55f97be 100644
--- a/cmd/writefreely/main.go
+++ b/cmd/writefreely/main.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018-2019 A Bunch Tell LLC.
+ * Copyright © 2018-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -11,122 +11,154 @@
 package main
 
 import (
-	"flag"
 	"fmt"
 	"os"
 	"strings"
 
-	"github.com/gorilla/mux"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely"
+
+	"github.com/gorilla/mux"
+	"github.com/urfave/cli/v2"
 )
 
 func main() {
-	// General options usable with other commands
-	debugPtr := flag.Bool("debug", false, "Enables debug logging.")
-	configFile := flag.String("c", "config.ini", "The configuration file to use")
+	app := &cli.App{
+		Name:    "WriteFreely",
+		Usage:   "A beautifully pared-down blogging platform",
+		Version: writefreely.FormatVersion(),
+		Action:  legacyActions, // legacy due to use of flags for switching actions
+		Flags: []cli.Flag{
+			&cli.BoolFlag{
+				Name:   "create-config",
+				Value:  false,
+				Usage:  "Generate a basic configuration",
+				Hidden: true,
+			},
+			&cli.BoolFlag{
+				Name:   "config",
+				Value:  false,
+				Usage:  "Interactive configuration process",
+				Hidden: true,
+			},
+			&cli.StringFlag{
+				Name:  "sections",
+				Value: "server db app",
+				Usage: "Which sections of the configuration to go through (requires --config)\n" +
+					"valid values are any combination of 'server', 'db' and 'app' \n" +
+					"example: writefreely --config --sections \"db app\"",
+				Hidden: true,
+			},
+			&cli.BoolFlag{
+				Name:   "gen-keys",
+				Value:  false,
+				Usage:  "Generate encryption and authentication keys",
+				Hidden: true,
+			},
+			&cli.BoolFlag{
+				Name:   "init-db",
+				Value:  false,
+				Usage:  "Initialize app database",
+				Hidden: true,
+			},
+			&cli.BoolFlag{
+				Name:   "migrate",
+				Value:  false,
+				Usage:  "Migrate the database",
+				Hidden: true,
+			},
+			&cli.StringFlag{
+				Name:   "create-admin",
+				Usage:  "Create an admin with the given username:password",
+				Hidden: true,
+			},
+			&cli.StringFlag{
+				Name:   "create-user",
+				Usage:  "Create a regular user with the given username:password",
+				Hidden: true,
+			},
+			&cli.StringFlag{
+				Name:   "delete-user",
+				Usage:  "Delete a user with the given username",
+				Hidden: true,
+			},
+			&cli.StringFlag{
+				Name:   "reset-pass",
+				Usage:  "Reset the given user's password",
+				Hidden: true,
+			},
+		}, // legacy flags (set to hidden to eventually switch to bash-complete compatible format)
+	}
 
-	// Setup actions
-	createConfig := flag.Bool("create-config", false, "Creates a basic configuration and exits")
-	doConfig := flag.Bool("config", false, "Run the configuration process")
-	configSections := flag.String("sections", "server db app", "Which sections of the configuration to go through (requires --config), "+
-		"valid values are any combination of 'server', 'db' and 'app' "+
-		"example: writefreely --config --sections \"db app\"")
-	genKeys := flag.Bool("gen-keys", false, "Generate encryption and authentication keys")
-	createSchema := flag.Bool("init-db", false, "Initialize app database")
-	migrate := flag.Bool("migrate", false, "Migrate the database")
+	defaultFlags := []cli.Flag{
+		&cli.StringFlag{
+			Name:  "c",
+			Value: "config.ini",
+			Usage: "Load configuration from `FILE`",
+		},
+		&cli.BoolFlag{
+			Name:  "debug",
+			Value: false,
+			Usage: "Enables debug logging",
+		},
+	}
 
-	// Admin actions
-	createAdmin := flag.String("create-admin", "", "Create an admin with the given username:password")
-	createUser := flag.String("create-user", "", "Create a regular user with the given username:password")
-	deleteUsername := flag.String("delete-user", "", "Delete a user with the given username")
-	resetPassUser := flag.String("reset-pass", "", "Reset the given user's password")
-	outputVersion := flag.Bool("v", false, "Output the current version")
-	flag.Parse()
+	app.Flags = append(app.Flags, defaultFlags...)
 
-	app := writefreely.NewApp(*configFile)
+	app.Commands = []*cli.Command{
+		&cmdUser,
+		&cmdDB,
+		&cmdConfig,
+		&cmdKeys,
+		&cmdServe,
+	}
 
-	if *outputVersion {
-		writefreely.OutputVersion()
-		os.Exit(0)
-	} else if *createConfig {
-		err := writefreely.CreateConfig(app)
+	err := app.Run(os.Args)
+	if err != nil {
+		log.Error(err.Error())
+		os.Exit(1)
+	}
+}
+
+func legacyActions(c *cli.Context) error {
+	app := writefreely.NewApp(c.String("c"))
+
+	switch true {
+	case c.IsSet("create-config"):
+		return writefreely.CreateConfig(app)
+	case c.IsSet("config"):
+		writefreely.DoConfig(app, c.String("sections"))
+		return nil
+	case c.IsSet("gen-keys"):
+		return writefreely.GenerateKeyFiles(app)
+	case c.IsSet("init-db"):
+		return writefreely.CreateSchema(app)
+	case c.IsSet("migrate"):
+		return writefreely.Migrate(app)
+	case c.IsSet("create-admin"):
+		username, password, err := parseCredentials(c.String("create-admin"))
 		if err != nil {
-			log.Error(err.Error())
-			os.Exit(1)
+			return err
 		}
-		os.Exit(0)
-	} else if *doConfig {
-		writefreely.DoConfig(app, *configSections)
-		os.Exit(0)
-	} else if *genKeys {
-		err := writefreely.GenerateKeyFiles(app)
+		return writefreely.CreateUser(app, username, password, true)
+	case c.IsSet("create-user"):
+		username, password, err := parseCredentials(c.String("create-user"))
 		if err != nil {
-			log.Error(err.Error())
-			os.Exit(1)
+			return err
 		}
-		os.Exit(0)
-	} else if *createSchema {
-		err := writefreely.CreateSchema(app)
-		if err != nil {
-			log.Error(err.Error())
-			os.Exit(1)
-		}
-		os.Exit(0)
-	} else if *createAdmin != "" {
-		username, password, err := userPass(*createAdmin, true)
-		if err != nil {
-			log.Error(err.Error())
-			os.Exit(1)
-		}
-		err = writefreely.CreateUser(app, username, password, true)
-		if err != nil {
-			log.Error(err.Error())
-			os.Exit(1)
-		}
-		os.Exit(0)
-	} else if *createUser != "" {
-		username, password, err := userPass(*createUser, false)
-		if err != nil {
-			log.Error(err.Error())
-			os.Exit(1)
-		}
-		err = writefreely.CreateUser(app, username, password, false)
-		if err != nil {
-			log.Error(err.Error())
-			os.Exit(1)
-		}
-		os.Exit(0)
-	} else if *resetPassUser != "" {
-		err := writefreely.ResetPassword(app, *resetPassUser)
-		if err != nil {
-			log.Error(err.Error())
-			os.Exit(1)
-		}
-		os.Exit(0)
-	} else if *deleteUsername != "" {
-		err := writefreely.DoDeleteAccount(app, *deleteUsername)
-		if err != nil {
-			log.Error(err.Error())
-			os.Exit(1)
-		}
-		os.Exit(0)
-	} else if *migrate {
-		err := writefreely.Migrate(app)
-		if err != nil {
-			log.Error(err.Error())
-			os.Exit(1)
-		}
-		os.Exit(0)
+		return writefreely.CreateUser(app, username, password, false)
+	case c.IsSet("delete-user"):
+		return writefreely.DoDeleteAccount(app, c.String("delete-user"))
+	case c.IsSet("reset-pass"):
+		return writefreely.ResetPassword(app, c.String("reset-pass"))
 	}
 
 	// Initialize the application
 	var err error
 	log.Info("Starting %s...", writefreely.FormatVersion())
-	app, err = writefreely.Initialize(app, *debugPtr)
+	app, err = writefreely.Initialize(app, c.Bool("debug"))
 	if err != nil {
-		log.Error("%s", err)
-		os.Exit(1)
+		return err
 	}
 
 	// Set app routes
@@ -136,20 +168,14 @@ func main() {
 
 	// Serve the application
 	writefreely.Serve(app, r)
+
+	return nil
 }
 
-func userPass(credStr string, isAdmin bool) (user string, pass string, err error) {
-	creds := strings.Split(credStr, ":")
+func parseCredentials(credentialString string) (string, string, error) {
+	creds := strings.Split(credentialString, ":")
 	if len(creds) != 2 {
-		c := "user"
-		if isAdmin {
-			c = "admin"
-		}
-		err = fmt.Errorf("usage: writefreely --create-%s username:password", c)
-		return
+		return "", "", fmt.Errorf("invalid format for passed credentials, must be username:password")
 	}
-
-	user = creds[0]
-	pass = creds[1]
-	return
+	return creds[0], creds[1], nil
 }
diff --git a/cmd/writefreely/user.go b/cmd/writefreely/user.go
new file mode 100644
index 0000000..c87129a
--- /dev/null
+++ b/cmd/writefreely/user.go
@@ -0,0 +1,89 @@
+/*
+ * Copyright © 2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package main
+
+import (
+	"github.com/writeas/writefreely"
+
+	"github.com/urfave/cli/v2"
+)
+
+var (
+	cmdUser cli.Command = cli.Command{
+		Name:  "user",
+		Usage: "user management tools",
+		Subcommands: []*cli.Command{
+			&cmdAddUser,
+			&cmdDelUser,
+			&cmdResetPass,
+			// TODO: possibly add a user list command
+		},
+	}
+
+	cmdAddUser cli.Command = cli.Command{
+		Name:    "add",
+		Usage:   "Add new user",
+		Aliases: []string{"a"},
+		Flags: []cli.Flag{
+			&cli.BoolFlag{
+				Name:  "admin",
+				Value: false,
+				Usage: "Create admin user",
+			},
+		},
+		Action: addUserAction,
+	}
+
+	cmdDelUser cli.Command = cli.Command{
+		Name:    "delete",
+		Usage:   "Delete user",
+		Aliases: []string{"del", "d"},
+		Action:  delUserAction,
+	}
+
+	cmdResetPass cli.Command = cli.Command{
+		Name:    "reset-pass",
+		Usage:   "Reset user's password",
+		Aliases: []string{"resetpass", "reset"},
+		Action:  resetPassAction,
+	}
+)
+
+func addUserAction(c *cli.Context) error {
+	credentials := ""
+	if c.NArg() > 0 {
+		credentials = c.Args().Get(0)
+	}
+	username, password, err := parseCredentials(credentials)
+	if err != nil {
+		return err
+	}
+	app := writefreely.NewApp(c.String("c"))
+	return writefreely.CreateUser(app, username, password, c.Bool("admin"))
+}
+
+func delUserAction(c *cli.Context) error {
+	username := ""
+	if c.NArg() > 0 {
+		username = c.Args().Get(0)
+	}
+	app := writefreely.NewApp(c.String("c"))
+	return writefreely.DoDeleteAccount(app, username)
+}
+
+func resetPassAction(c *cli.Context) error {
+	username := ""
+	if c.NArg() > 0 {
+		username = c.Args().Get(0)
+	}
+	app := writefreely.NewApp(c.String("c"))
+	return writefreely.ResetPassword(app, username)
+}
diff --git a/cmd/writefreely/web.go b/cmd/writefreely/web.go
new file mode 100644
index 0000000..e848f8b
--- /dev/null
+++ b/cmd/writefreely/web.go
@@ -0,0 +1,49 @@
+/*
+ * Copyright © 2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package main
+
+import (
+	"github.com/writeas/web-core/log"
+	"github.com/writeas/writefreely"
+
+	"github.com/gorilla/mux"
+	"github.com/urfave/cli/v2"
+)
+
+var (
+	cmdServe cli.Command = cli.Command{
+		Name:  "serve",
+		Aliases: []string{"web"},
+		Usage: "Run web application",
+		Action: serveAction,
+	}
+)
+
+func serveAction(c *cli.Context) error {
+	// Initialize the application
+	app := writefreely.NewApp(c.String("c"))
+	var err error
+	log.Info("Starting %s...", writefreely.FormatVersion())
+	app, err = writefreely.Initialize(app, c.Bool("debug"))
+	if err != nil {
+		return err
+	}
+
+	// Set app routes
+	r := mux.NewRouter()
+	writefreely.InitRoutes(app, r)
+	app.InitStaticRoutes(r)
+
+	// Serve the application
+	writefreely.Serve(app, r)
+
+	return nil
+}
\ No newline at end of file
diff --git a/go.mod b/go.mod
index 5da3da4..28c7105 100644
--- a/go.mod
+++ b/go.mod
@@ -1,7 +1,6 @@
 module github.com/writeas/writefreely
 
 require (
-	github.com/BurntSushi/toml v0.3.1 // indirect
 	github.com/alecthomas/gometalinter v3.0.0+incompatible // indirect
 	github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf // indirect
 	github.com/captncraig/cors v0.0.0-20180620154129-376d45073b49 // indirect
@@ -22,6 +21,7 @@ require (
 	github.com/guregu/null v3.4.0+incompatible
 	github.com/hashicorp/go-multierror v1.0.0
 	github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2
+	github.com/jteeuwen/go-bindata v3.0.7+incompatible // indirect
 	github.com/jtolds/gls v4.2.1+incompatible // indirect
 	github.com/kylemcc/twitter-text-go v0.0.0-20180726194232-7f582f6736ec
 	github.com/lunixbochs/vtclean v1.0.0 // indirect
@@ -38,6 +38,7 @@ require (
 	github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 // indirect
 	github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c // indirect
 	github.com/stretchr/testify v1.3.0
+	github.com/urfave/cli/v2 v2.1.1
 	github.com/writeas/activity v0.1.2
 	github.com/writeas/activityserve v0.0.0-20191115095800-dd6d19cc8b89
 	github.com/writeas/go-strip-markdown v2.0.1+incompatible
@@ -57,7 +58,6 @@ require (
 	google.golang.org/appengine v1.4.0 // indirect
 	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c // indirect
 	gopkg.in/ini.v1 v1.41.0
-	gopkg.in/yaml.v2 v2.2.2 // indirect
 	src.techknowlogick.com/xgo v0.0.0-20200129005940-d0fae26e014b // indirect
 )
 
diff --git a/go.sum b/go.sum
index 2d433ec..ab220f2 100644
--- a/go.sum
+++ b/go.sum
@@ -22,6 +22,8 @@ github.com/clbanning/mxj v1.8.4 h1:HuhwZtbyvyOw+3Z1AowPkU87JkJUSv751ELWaiTpj8I=
 github.com/clbanning/mxj v1.8.4/go.mod h1:BVjHeAH+rl9rs6f+QIpeRl0tfu10SXn1pUSa5PVGJng=
 github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d h1:U+s90UTSYgptZMwQh2aRr3LuazLJIa+Pg3Kc1ylSYVY=
+github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:maD7wRr/U5Z6m/iR4s+kqSMx2CaBsrgA7czyZG/E6dU=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -71,6 +73,8 @@ github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uP
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2 h1:wIdDEle9HEy7vBPjC6oKz6ejs3Ut+jmsYvuOoAW2pSM=
 github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2/go.mod h1:WtaVKD9TeruTED9ydiaOJU08qGoEPP/LyzTKiD3jEsw=
+github.com/jteeuwen/go-bindata v3.0.7+incompatible h1:91Uy4d9SYVr1kyTJ15wJsog+esAZZl7JmEfTkwmhJts=
+github.com/jteeuwen/go-bindata v3.0.7+incompatible/go.mod h1:JVvhzYOiGBnFSYRyV00iY8q7/0PThjIYav1p9h5dmKs=
 github.com/jtolds/gls v4.2.1+incompatible h1:fSuqC+Gmlu6l/ZYAoZzx2pyucC8Xza35fpRVWLVmUEE=
 github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU=
@@ -112,6 +116,8 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be h1:ta7tUOvsPHVHGom5hKW5VXNc2xZIkfCKP8iaqOyYtUQ=
 github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be/go.mod h1:MIDFMn7db1kT65GmV94GzpX9Qdi7N/pQlwb+AN8wh+Q=
+github.com/russross/blackfriday/v2 v2.0.1 h1:lPqVAte+HuHNfhJ/0LC98ESWRz8afy9tM/0RK8m9o+Q=
+github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 h1:Jpy1PXuP99tXNrhbq2BaPz9B+jNAvH1JPQQpG/9GCXY=
@@ -124,6 +130,9 @@ github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/tsenart/deadcode v0.0.0-20160724212837-210d2dc333e9 h1:vY5WqiEon0ZSTGM3ayVVi+twaHKHDFUVloaQ/wug9/c=
 github.com/tsenart/deadcode v0.0.0-20160724212837-210d2dc333e9/go.mod h1:q+QjxYvZ+fpjMXqs+XEriussHjSYqeXVnAdSV1tkMYk=
+github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
+github.com/urfave/cli/v2 v2.1.1 h1:Qt8FeAtxE/vfdrLmR3rxR6JRE0RoVmbXu8+6kZtYU4k=
+github.com/urfave/cli/v2 v2.1.1/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
 github.com/writeas/activity v0.1.2 h1:Y12B5lIrabfqKE7e7HFCWiXrlfXljr9tlkFm2mp7DgY=
 github.com/writeas/activity v0.1.2/go.mod h1:mYYgiewmEM+8tlifirK/vl6tmB2EbjYaxwb+ndUw5T0=
 github.com/writeas/activityserve v0.0.0-20191008122325-5fc3b48e70c5 h1:nG84xWpxBM8YU/FJchezJqg7yZH8ImSRow6NoYtbSII=

From b0f0de3dde866f3f218c916d0ef70b766dfca1ec Mon Sep 17 00:00:00 2001
From: Matti R <matti@mdranta.net>
Date: Mon, 10 Feb 2020 01:57:57 -0500
Subject: [PATCH 05/76] go mod tidy

---
 go.mod | 1 -
 go.sum | 7 -------
 2 files changed, 8 deletions(-)

diff --git a/go.mod b/go.mod
index 28c7105..fe5b548 100644
--- a/go.mod
+++ b/go.mod
@@ -21,7 +21,6 @@ require (
 	github.com/guregu/null v3.4.0+incompatible
 	github.com/hashicorp/go-multierror v1.0.0
 	github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2
-	github.com/jteeuwen/go-bindata v3.0.7+incompatible // indirect
 	github.com/jtolds/gls v4.2.1+incompatible // indirect
 	github.com/kylemcc/twitter-text-go v0.0.0-20180726194232-7f582f6736ec
 	github.com/lunixbochs/vtclean v1.0.0 // indirect
diff --git a/go.sum b/go.sum
index ab220f2..b0a423a 100644
--- a/go.sum
+++ b/go.sum
@@ -73,8 +73,6 @@ github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uP
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2 h1:wIdDEle9HEy7vBPjC6oKz6ejs3Ut+jmsYvuOoAW2pSM=
 github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2/go.mod h1:WtaVKD9TeruTED9ydiaOJU08qGoEPP/LyzTKiD3jEsw=
-github.com/jteeuwen/go-bindata v3.0.7+incompatible h1:91Uy4d9SYVr1kyTJ15wJsog+esAZZl7JmEfTkwmhJts=
-github.com/jteeuwen/go-bindata v3.0.7+incompatible/go.mod h1:JVvhzYOiGBnFSYRyV00iY8q7/0PThjIYav1p9h5dmKs=
 github.com/jtolds/gls v4.2.1+incompatible h1:fSuqC+Gmlu6l/ZYAoZzx2pyucC8Xza35fpRVWLVmUEE=
 github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU=
@@ -130,15 +128,10 @@ github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/tsenart/deadcode v0.0.0-20160724212837-210d2dc333e9 h1:vY5WqiEon0ZSTGM3ayVVi+twaHKHDFUVloaQ/wug9/c=
 github.com/tsenart/deadcode v0.0.0-20160724212837-210d2dc333e9/go.mod h1:q+QjxYvZ+fpjMXqs+XEriussHjSYqeXVnAdSV1tkMYk=
-github.com/urfave/cli v1.22.2 h1:gsqYFH8bb9ekPA12kRo0hfjngWQjkJPlN9R0N78BoUo=
 github.com/urfave/cli/v2 v2.1.1 h1:Qt8FeAtxE/vfdrLmR3rxR6JRE0RoVmbXu8+6kZtYU4k=
 github.com/urfave/cli/v2 v2.1.1/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
 github.com/writeas/activity v0.1.2 h1:Y12B5lIrabfqKE7e7HFCWiXrlfXljr9tlkFm2mp7DgY=
 github.com/writeas/activity v0.1.2/go.mod h1:mYYgiewmEM+8tlifirK/vl6tmB2EbjYaxwb+ndUw5T0=
-github.com/writeas/activityserve v0.0.0-20191008122325-5fc3b48e70c5 h1:nG84xWpxBM8YU/FJchezJqg7yZH8ImSRow6NoYtbSII=
-github.com/writeas/activityserve v0.0.0-20191008122325-5fc3b48e70c5/go.mod h1:Kz62mzYsCnrFTSTSFLXFj3fGYBQOntmBWTDDq57b46A=
-github.com/writeas/activityserve v0.0.0-20191011072627-3a81f7784d5b h1:rd2wX/bTqD55hxtBjAhwLcUgaQE36c70KX3NzpDAwVI=
-github.com/writeas/activityserve v0.0.0-20191011072627-3a81f7784d5b/go.mod h1:Kz62mzYsCnrFTSTSFLXFj3fGYBQOntmBWTDDq57b46A=
 github.com/writeas/activityserve v0.0.0-20191115095800-dd6d19cc8b89 h1:NJhzq9aTccL3SSSZMrcnYhkD6sObdY9otNZ1X6/ZKNE=
 github.com/writeas/activityserve v0.0.0-20191115095800-dd6d19cc8b89/go.mod h1:Kz62mzYsCnrFTSTSFLXFj3fGYBQOntmBWTDDq57b46A=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible h1:IIqxTM5Jr7RzhigcL6FkrCNfXkvbR+Nbu1ls48pXYcw=

From 7fe281df69c4ac4c029e3664bc13a29c243efa87 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 10 Feb 2020 15:24:39 -0500
Subject: [PATCH 06/76] Use NULL for new attach_user_id column

Ref T713
---
 database.go      | 7 ++++---
 migrations/v7.go | 2 +-
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/database.go b/database.go
index f36f519..a2e5f60 100644
--- a/database.go
+++ b/database.go
@@ -2514,7 +2514,8 @@ func (db *datastore) GetCollectionLastPostTime(id int64) (*time.Time, error) {
 
 func (db *datastore) GenerateOAuthState(ctx context.Context, provider string, clientID string, attachUser int64) (string, error) {
 	state := store.Generate62RandomString(24)
-	_, err := db.ExecContext(ctx, "INSERT INTO oauth_client_states (state, provider, client_id, used, created_at, attach_user_id) VALUES (?, ?, ?, FALSE, NOW(), ?)", state, provider, clientID, attachUser)
+	attachUserVal := sql.NullInt64{Valid: attachUser > 0, Int64: attachUser}
+	_, err := db.ExecContext(ctx, "INSERT INTO oauth_client_states (state, provider, client_id, used, created_at, attach_user_id) VALUES (?, ?, ?, FALSE, NOW(), ?)", state, provider, clientID, attachUserVal)
 	if err != nil {
 		return "", fmt.Errorf("unable to record oauth client state: %w", err)
 	}
@@ -2524,7 +2525,7 @@ func (db *datastore) GenerateOAuthState(ctx context.Context, provider string, cl
 func (db *datastore) ValidateOAuthState(ctx context.Context, state string) (string, string, int64, error) {
 	var provider string
 	var clientID string
-	var attachUserID int64
+	var attachUserID sql.NullInt64
 	err := wf_db.RunTransactionWithOptions(ctx, db.DB, &sql.TxOptions{}, func(ctx context.Context, tx *sql.Tx) error {
 		err := tx.
 			QueryRowContext(ctx, "SELECT provider, client_id, attach_user_id FROM oauth_client_states WHERE state = ? AND used = FALSE", state).
@@ -2549,7 +2550,7 @@ func (db *datastore) ValidateOAuthState(ctx context.Context, state string) (stri
 	if err != nil {
 		return "", "", 0, nil
 	}
-	return provider, clientID, attachUserID, nil
+	return provider, clientID, attachUserID.Int64, nil
 }
 
 func (db *datastore) RecordRemoteUserID(ctx context.Context, localUserID int64, remoteUserID, provider, clientID, accessToken string) error {
diff --git a/migrations/v7.go b/migrations/v7.go
index a7ac567..3090cd9 100644
--- a/migrations/v7.go
+++ b/migrations/v7.go
@@ -20,7 +20,7 @@ func oauthAttach(db *datastore) error {
 					Column(
 						"attach_user_id",
 						wf_db.ColumnTypeInteger,
-						wf_db.OptionalInt{Set: true, Value: 24}).SetNullable(false).SetDefault("0")),
+						wf_db.OptionalInt{Set: true, Value: 24}).SetNullable(true)),
 		}
 		for _, builder := range builders {
 			query, err := builder.ToSQL()

From 33474cb1f1730b5b392e2b3a54d7ffbbb777f389 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Tue, 11 Feb 2020 13:02:10 -0800
Subject: [PATCH 07/76] change to simpler style

---
 less/core.less | 25 +++++++++----------------
 1 file changed, 9 insertions(+), 16 deletions(-)

diff --git a/less/core.less b/less/core.less
index 99aaa0e..67fd08b 100644
--- a/less/core.less
+++ b/less/core.less
@@ -632,26 +632,19 @@ table.classy {
 	}
 }
 
-body#post article table {
+article table {
 	border-spacing: 0;
 	border-collapse: collapse;
+	width: 100%;
 	th {
-		border-bottom: 2px solid #ccc;
-		text-align: center;
+		border-width: 1px 1px 2px 1px;
+		border-style: solid;
+		border-color: #ccc;
 	}
-	th + th {
-		border-left: 1px solid #ccc;
-	}
-	tr:nth-child(even) {
-		background-color: #f6f6f6;
-	}
-	td + td {
-		border-left: 1px solid #ccc;
-	}
-	tr + tr td {
-		border-top: 1px solid #ccc;
-	}
-	td, th {
+	td {
+		border-width: 0 1px 1px 1px;
+		border-style: solid;
+		border-color: #ccc;
 		padding: .25rem .5rem;
 	}
 }

From 71224d68a268a50438e11a69a6850eba00e39300 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 14 Feb 2020 08:40:06 -0500
Subject: [PATCH 08/76] Change line-height to 1.5

---
 less/core.less      | 10 +++++-----
 less/new-core.less  |  4 ++--
 less/post-temp.less |  2 +-
 3 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/less/core.less b/less/core.less
index fe8a28d..83a9d2a 100644
--- a/less/core.less
+++ b/less/core.less
@@ -524,12 +524,12 @@ pre, body#post article, #post .alert, #subpage .alert, body#collection article,
 	margin-bottom: 1em;
 	p {
 		text-align: left;
-		line-height: 1.4;
+		line-height: 1.5;
 	}
 }
 textarea, pre, body#post article, body#collection article p {
 	&.norm, &.sans, &.wrap {
-		line-height: 1.4em;
+		line-height: 1.5;
 		white-space: pre-wrap;       /* CSS 3 */
 		white-space: -moz-pre-wrap;  /* Mozilla, since 1999 */
 		white-space: -pre-wrap;      /* Opera 4-6 */
@@ -644,7 +644,7 @@ body#collection article, body#subpage article {
 	padding-bottom: 0;
 	.book {
 		h2 {
-			font-size: 1.4em;
+			font-size: 1.5;
 		}
 		a.hidden.action {
 			 color: #666;
@@ -813,7 +813,7 @@ input {
 		font-weight: normal;
 	}
 	p {
-		line-height: 1.4;
+		line-height: 1.5;
 	}
 	li {
 		margin: 0.3em 0;
@@ -1007,7 +1007,7 @@ footer.contain-me {
 }
 
 li {
-	line-height: 1.4;
+	line-height: 1.5;
 
 	.item-desc, .prog-lang {
 		font-size: 0.6em;
diff --git a/less/new-core.less b/less/new-core.less
index 802f34d..d618042 100644
--- a/less/new-core.less
+++ b/less/new-core.less
@@ -113,7 +113,7 @@ textarea {
 	ul {
 		margin: 0;
 		padding: 0 0 0 1em;
-		line-height: 1.4;
+		line-height: 1.5;
 
 		&.collections, &.posts, &.integrations {
 			list-style: none;
@@ -206,7 +206,7 @@ code, textarea#embed {
 		font-weight: normal;
 	}
 	p {
-		line-height: 1.4;
+		line-height: 1.5;
 	}
 	li {
 		margin: 0.3em 0;
diff --git a/less/post-temp.less b/less/post-temp.less
index 8173864..1a05280 100644
--- a/less/post-temp.less
+++ b/less/post-temp.less
@@ -58,7 +58,7 @@ body#post article, pre, .hljs {
 	}
 }
 .article-p() {
-	line-height: 1.4em;
+	line-height: 1.5;
 	white-space: pre-wrap;       /* CSS 3 */
 	white-space: -moz-pre-wrap;  /* Mozilla, since 1999 */
 	white-space: -pre-wrap;      /* Opera 4-6 */

From 6f3b502e6567b31b3c5f00866d62c7a301bc5c70 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 22 Feb 2020 19:46:36 -0500
Subject: [PATCH 09/76] Add 'X-Robots-Tag: noindex' header to invite URLs

This instructs search engines to not index invite links.
---
 invites.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/invites.go b/invites.go
index d5d024a..c1c7d95 100644
--- a/invites.go
+++ b/invites.go
@@ -170,6 +170,9 @@ func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 		p.Error = "This invite link has expired."
 	}
 
+	// Tell search engines not to index invite links
+	w.Header().Set("X-Robots-Tag", "noindex")
+
 	// Get error messages
 	session, err := app.sessionStore.Get(r, cookieName)
 	if err != nil {

From 05aad04b21627bd2ef96c820a62eb7f16dde5e12 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 25 Feb 2020 13:13:36 -0500
Subject: [PATCH 10/76] Limit Reader posts by count, not publish date

This changes the Reader to show the 250 most recent posts, with the
5-post-per-author limit still, instead of only posts from the last 3
months.
---
 read.go | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/read.go b/read.go
index d708121..afe5651 100644
--- a/read.go
+++ b/read.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018-2019 A Bunch Tell LLC.
+ * Copyright © 2018-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -33,6 +33,8 @@ const (
 	tlAPIPageLimit   = 10
 	tlMaxAuthorPosts = 5
 	tlPostsPerPage   = 16
+	tlMaxPostCache   = 250
+	tlCacheDur       = 10 * time.Minute
 )
 
 type localTimeline struct {
@@ -60,19 +62,25 @@ type readPublication struct {
 func initLocalTimeline(app *App) {
 	app.timeline = &localTimeline{
 		postsPerPage: tlPostsPerPage,
-		m:            memo.New(app.FetchPublicPosts, 10*time.Minute),
+		m:            memo.New(app.FetchPublicPosts, tlCacheDur),
 	}
 }
 
 // satisfies memo.Func
 func (app *App) FetchPublicPosts() (interface{}, error) {
+	// Conditions
+	limit := fmt.Sprintf("LIMIT %d", tlMaxPostCache)
+	// This is better than the hard limit when limiting posts from individual authors
+	// ageCond := `p.created >= ` + app.db.dateSub(3, "month") + ` AND `
+
 	// Finds all public posts and posts in a public collection published during the owner's active subscription period and within the last 3 months
 	rows, err := app.db.Query(`SELECT p.id, alias, c.title, p.slug, p.title, p.content, p.text_appearance, p.language, p.rtl, p.created, p.updated
 	FROM collections c
 	LEFT JOIN posts p ON p.collection_id = c.id
 	LEFT JOIN users u ON u.id = p.owner_id
-	WHERE c.privacy = 1 AND (p.created >= ` + app.db.dateSub(3, "month") + ` AND p.created <= ` + app.db.now() + ` AND pinned_position IS NULL) AND u.status = 0
-	ORDER BY p.created DESC`)
+	WHERE c.privacy = 1 AND (p.created <= ` + app.db.now() + ` AND pinned_position IS NULL) AND u.status = 0
+	ORDER BY p.created DESC
+	` + limit)
 	if err != nil {
 		log.Error("Failed selecting from posts: %v", err)
 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve collection posts." + err.Error()}

From 6027f7cfdc537b68d08c506eb0dc9a637050fb14 Mon Sep 17 00:00:00 2001
From: CJ Eller <cj@write.as>
Date: Fri, 28 Feb 2020 21:24:52 +0000
Subject: [PATCH 11/76] Fixed pagination for Novel

---
 templates/chorus-collection.tmpl | 4 ++--
 templates/collection.tmpl        | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index 1f89471..b996ca4 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -90,11 +90,11 @@ body#collection header nav.tabs a:first-child {
 
 		{{if gt .TotalPages 1}}<nav id="paging" class="content-container clearfix">
 			{{if or (and .Format.Ascending (lt .CurrentPage .TotalPages)) (isRTL .Direction)}}
-				{{if gt .CurrentPage 1}}<a href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; {{if and .Format.Ascending (lt .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}}</a>{{end}}
+				{{if gt .CurrentPage 1}}<a href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; {{if and .Format.Ascending (le .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}}</a>{{end}}
 				{{if lt .CurrentPage .TotalPages}}<a style="float:right;" href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (lt .CurrentPage .TotalPages)}}Next{{else}}Older{{end}} &#8674;</a>{{end}}
 			{{else}}
 				{{if lt .CurrentPage .TotalPages}}<a href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; Older</a>{{end}}
-				{{if gt .CurrentPage 1}}<a style="float:right;" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">Newer &#8674;</a>{{end}}
+				{{if gt .CurrentPage 1}}<a style="float:right;" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (le .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}} &#8674;</a>{{end}}
 			{{end}}
 		</nav>{{end}}
 
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 89e2e21..ce30dbd 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -90,11 +90,11 @@
 
 		{{if gt .TotalPages 1}}<nav id="paging" class="content-container clearfix">
 			{{if or (and .Format.Ascending (lt .CurrentPage .TotalPages)) (isRTL .Direction)}}
-				{{if gt .CurrentPage 1}}<a href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; {{if and .Format.Ascending (lt .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}}</a>{{end}}
+				{{if gt .CurrentPage 1}}<a href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; {{if and .Format.Ascending (le .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}}</a>{{end}}
 				{{if lt .CurrentPage .TotalPages}}<a style="float:right;" href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (lt .CurrentPage .TotalPages)}}Next{{else}}Older{{end}} &#8674;</a>{{end}}
 			{{else}}
 				{{if lt .CurrentPage .TotalPages}}<a href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; Older</a>{{end}}
-				{{if gt .CurrentPage 1}}<a style="float:right;" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">Newer &#8674;</a>{{end}}
+				{{if gt .CurrentPage 1}}<a style="float:right;" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (le .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}} &#8674;</a>
 			{{end}}
 		</nav>{{end}}
 

From e140fe139f9547b6aacae7702b8bcd87479bd1c7 Mon Sep 17 00:00:00 2001
From: CJ Eller <45696734+cjeller1592@users.noreply.github.com>
Date: Fri, 28 Feb 2020 16:30:13 -0500
Subject: [PATCH 12/76] Add {{end}} on line 97

---
 templates/collection.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index ce30dbd..3694d07 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -94,7 +94,7 @@
 				{{if lt .CurrentPage .TotalPages}}<a style="float:right;" href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (lt .CurrentPage .TotalPages)}}Next{{else}}Older{{end}} &#8674;</a>{{end}}
 			{{else}}
 				{{if lt .CurrentPage .TotalPages}}<a href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; Older</a>{{end}}
-				{{if gt .CurrentPage 1}}<a style="float:right;" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (le .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}} &#8674;</a>
+				{{if gt .CurrentPage 1}}<a style="float:right;" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (le .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}} &#8674;</a>{{end}}
 			{{end}}
 		</nav>{{end}}
 

From b6044120efff4f67dda06e4c3c96b7bb5d6287d5 Mon Sep 17 00:00:00 2001
From: Matti R <matti@mdranta.net>
Date: Mon, 2 Mar 2020 13:59:32 -0500
Subject: [PATCH 13/76] go fmt & update per feedback

---
 cmd/writefreely/config.go | 16 +++++++---------
 cmd/writefreely/db.go     | 12 ++++++------
 cmd/writefreely/keys.go   |  5 ++---
 cmd/writefreely/main.go   |  3 +++
 cmd/writefreely/user.go   |  4 ++--
 cmd/writefreely/web.go    |  8 ++++----
 6 files changed, 24 insertions(+), 24 deletions(-)

diff --git a/cmd/writefreely/config.go b/cmd/writefreely/config.go
index d572036..c5ff455 100644
--- a/cmd/writefreely/config.go
+++ b/cmd/writefreely/config.go
@@ -30,25 +30,23 @@ var (
 		Name:    "generate",
 		Aliases: []string{"gen"},
 		Usage:   "Generate a basic configuration",
-		Action: genConfigAction,
+		Action:  genConfigAction,
 	}
 
 	cmdConfigInteractive cli.Command = cli.Command{
-		Name:    "interactive",
-		Aliases: []string{"i"},
-		Usage:   "Interactive configuration process",
+		Name:   "start",
+		Usage:  "Interactive configuration process",
 		Action: interactiveConfigAction,
 		Flags: []cli.Flag{
 			&cli.StringFlag{
 				Name:  "sections",
 				Value: "server db app",
-				Usage: "Which sections of the configuration to go through (requires --config)\n" +
-					"valid values are any combination of 'server', 'db' and 'app' \n" +
-					"example: writefreely --config --sections \"db app\"",
+				Usage: "Which sections of the configuration to go through\n" +
+					"valid values of sections flag are any combination of 'server', 'db' and 'app' \n" +
+					"example: writefreely config start --sections \"db app\"",
 			},
 		},
 	}
-
 )
 
 func genConfigAction(c *cli.Context) error {
@@ -60,4 +58,4 @@ func interactiveConfigAction(c *cli.Context) error {
 	app := writefreely.NewApp(c.String("c"))
 	writefreely.DoConfig(app, c.String("sections"))
 	return nil
-}
\ No newline at end of file
+}
diff --git a/cmd/writefreely/db.go b/cmd/writefreely/db.go
index fa5110d..badc805 100644
--- a/cmd/writefreely/db.go
+++ b/cmd/writefreely/db.go
@@ -27,15 +27,15 @@ var (
 	}
 
 	cmdDBInit cli.Command = cli.Command{
-		Name:    "init",
-		Usage:   "Initialize Database",
+		Name:   "init",
+		Usage:  "Initialize Database",
 		Action: initDBAction,
 	}
 
 	cmdDBMigrate cli.Command = cli.Command{
-		Name:    "migrate",
-		Usage:   "Migrate Database",
-		Action:  migrateDBAction,
+		Name:   "migrate",
+		Usage:  "Migrate Database",
+		Action: migrateDBAction,
 	}
 )
 
@@ -47,4 +47,4 @@ func initDBAction(c *cli.Context) error {
 func migrateDBAction(c *cli.Context) error {
 	app := writefreely.NewApp(c.String("c"))
 	return writefreely.Migrate(app)
-}
\ No newline at end of file
+}
diff --git a/cmd/writefreely/keys.go b/cmd/writefreely/keys.go
index 7e81475..9028f51 100644
--- a/cmd/writefreely/keys.go
+++ b/cmd/writefreely/keys.go
@@ -29,12 +29,11 @@ var (
 		Name:    "generate",
 		Aliases: []string{"gen"},
 		Usage:   "Generate encryption and authentication keys",
-		Action: genKeysAction,
+		Action:  genKeysAction,
 	}
-
 )
 
 func genKeysAction(c *cli.Context) error {
 	app := writefreely.NewApp(c.String("c"))
 	return writefreely.GenerateKeyFiles(app)
-}
\ No newline at end of file
+}
diff --git a/cmd/writefreely/main.go b/cmd/writefreely/main.go
index 55f97be..45dfb80 100644
--- a/cmd/writefreely/main.go
+++ b/cmd/writefreely/main.go
@@ -23,6 +23,9 @@ import (
 )
 
 func main() {
+	cli.VersionPrinter = func(c *cli.Context) {
+		fmt.Printf("%s\n", c.App.Version)
+	}
 	app := &cli.App{
 		Name:    "WriteFreely",
 		Usage:   "A beautifully pared-down blogging platform",
diff --git a/cmd/writefreely/user.go b/cmd/writefreely/user.go
index c87129a..f6bdd84 100644
--- a/cmd/writefreely/user.go
+++ b/cmd/writefreely/user.go
@@ -29,9 +29,9 @@ var (
 	}
 
 	cmdAddUser cli.Command = cli.Command{
-		Name:    "add",
+		Name:    "create",
 		Usage:   "Add new user",
-		Aliases: []string{"a"},
+		Aliases: []string{"a", "add"},
 		Flags: []cli.Flag{
 			&cli.BoolFlag{
 				Name:  "admin",
diff --git a/cmd/writefreely/web.go b/cmd/writefreely/web.go
index e848f8b..a687548 100644
--- a/cmd/writefreely/web.go
+++ b/cmd/writefreely/web.go
@@ -20,10 +20,10 @@ import (
 
 var (
 	cmdServe cli.Command = cli.Command{
-		Name:  "serve",
+		Name:    "serve",
 		Aliases: []string{"web"},
-		Usage: "Run web application",
-		Action: serveAction,
+		Usage:   "Run web application",
+		Action:  serveAction,
 	}
 )
 
@@ -46,4 +46,4 @@ func serveAction(c *cli.Context) error {
 	writefreely.Serve(app, r)
 
 	return nil
-}
\ No newline at end of file
+}

From 2550804d93ae08c1560144cb2e0ba995fb347704 Mon Sep 17 00:00:00 2001
From: Matti R <matti@mdranta.net>
Date: Mon, 2 Mar 2020 14:07:37 -0500
Subject: [PATCH 14/76] return clear error

---
 cmd/writefreely/user.go | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/cmd/writefreely/user.go b/cmd/writefreely/user.go
index f6bdd84..58ecbfb 100644
--- a/cmd/writefreely/user.go
+++ b/cmd/writefreely/user.go
@@ -11,6 +11,8 @@
 package main
 
 import (
+	"fmt"
+
 	"github.com/writeas/writefreely"
 
 	"github.com/urfave/cli/v2"
@@ -61,6 +63,8 @@ func addUserAction(c *cli.Context) error {
 	credentials := ""
 	if c.NArg() > 0 {
 		credentials = c.Args().Get(0)
+	} else {
+		return fmt.Errorf("No user passed. Example: writefreely user add [USER]:[PASSWORD]")
 	}
 	username, password, err := parseCredentials(credentials)
 	if err != nil {
@@ -74,6 +78,8 @@ func delUserAction(c *cli.Context) error {
 	username := ""
 	if c.NArg() > 0 {
 		username = c.Args().Get(0)
+	} else {
+		return fmt.Errorf("No user passed. Example: writefreely user delete [USER]")
 	}
 	app := writefreely.NewApp(c.String("c"))
 	return writefreely.DoDeleteAccount(app, username)
@@ -83,6 +89,8 @@ func resetPassAction(c *cli.Context) error {
 	username := ""
 	if c.NArg() > 0 {
 		username = c.Args().Get(0)
+	} else {
+		return fmt.Errorf("No user passed. Example: writefreely user reset-pass [USER]")
 	}
 	app := writefreely.NewApp(c.String("c"))
 	return writefreely.ResetPassword(app, username)

From 7aef7069778cb6ea69112a6138334f9efd38ff07 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 12 Feb 2020 15:29:44 -0500
Subject: [PATCH 15/76] Fix Reader nav link on WFModesty + Private instance

(that is, hide the footer nav link when logged out)
---
 templates/include/footer.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/include/footer.tmpl b/templates/include/footer.tmpl
index 16434b9..0f258e7 100644
--- a/templates/include/footer.tmpl
+++ b/templates/include/footer.tmpl
@@ -6,7 +6,7 @@
 				<a class="home" href="/">{{.SiteName}}</a>
 				{{if not .SingleUser}}
 					<a href="/about">about</a>
-					{{if .LocalTimeline}}<a href="/read">reader</a>{{end}}
+					{{if and .LocalTimeline .CanViewReader}}<a href="/read">reader</a>{{end}}
 					{{if .Username}}<a href="https://writefreely.org/guide/{{.OfficialVersion}}" target="guide">writer's guide</a>{{end}}
 					<a href="/privacy">privacy</a>
 					<p style="font-size: 0.9em">powered by <a href="https://writefreely.org">writefreely</a></p>

From 151ec71163aec86b3f7d24c12cb2f150a9aa6c7f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 2 Mar 2020 16:32:04 -0600
Subject: [PATCH 16/76] Land on login form for private instances

---
 app.go              | 4 ++++
 templates/base.tmpl | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/app.go b/app.go
index dd05c95..048c8d0 100644
--- a/app.go
+++ b/app.go
@@ -221,6 +221,10 @@ func handleViewHome(app *App, w http.ResponseWriter, r *http.Request) error {
 			return handleViewPad(app, w, r)
 		}
 
+		if app.cfg.App.Private {
+			return viewLogin(app, w, r)
+		}
+
 		if land := app.cfg.App.LandingPath(); land != "/" {
 			return impart.HTTPError{http.StatusFound, land}
 		}
diff --git a/templates/base.tmpl b/templates/base.tmpl
index 3826917..ef44121 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -48,7 +48,7 @@
 						{{ end }}
 					{{if and (and  .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
 					{{if and (and (and  .Chorus .OpenRegistration) (not .Username)) (or (not .Private) (ne .Landing ""))}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
-					{{if not .Username}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
+					{{if and (not .Username) (not .Private)}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
 					{{ end }}
 				</nav>
 				{{if .Chorus}}{{if .Username}}<div class="right-side" style="font-size: 0.86em;">

From 2db6c33a410202eb441352dba53632db9540fdc9 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 2 Mar 2020 16:34:44 -0600
Subject: [PATCH 17/76] Consolidate /signup page link logic

This moves logic for determining whether or not to show a "Sign up" page
on /signup (i.e. because the `/` route shows another, non-signup page)
into the AppCfg.SignupPath() method. It also changes various signup
links to use this value.
---
 config/config.go    | 10 ++++++++++
 pages/login.tmpl    |  2 +-
 templates/base.tmpl |  2 +-
 3 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/config/config.go b/config/config.go
index 78892bf..a616401 100644
--- a/config/config.go
+++ b/config/config.go
@@ -183,6 +183,16 @@ func (ac *AppCfg) LandingPath() string {
 	return ac.Landing
 }
 
+func (ac AppCfg) SignupPath() string {
+	if !ac.OpenRegistration {
+		return ""
+	}
+	if ac.Chorus || ac.Private || (ac.Landing != "" && ac.Landing != "/") {
+		return "/signup"
+	}
+	return "/"
+}
+
 // Load reads the given configuration file, then parses and returns it as a Config.
 func Load(fname string) (*Config, error) {
 	if fname == "" {
diff --git a/pages/login.tmpl b/pages/login.tmpl
index 345b171..79875c6 100644
--- a/pages/login.tmpl
+++ b/pages/login.tmpl
@@ -65,7 +65,7 @@ hr.short {
 		<input type="submit" id="btn-login" value="Login" />
 	</form>
 
-	{{if and (not .SingleUser) .OpenRegistration}}<p style="text-align:center;font-size:0.9em;margin:3em auto;max-width:26em;">{{if .Message}}{{.Message}}{{else}}<em>No account yet?</em> <a href="/">Sign up</a> to start a blog.{{end}}</p>{{end}}
+	{{if and (not .SingleUser) .OpenRegistration}}<p style="text-align:center;font-size:0.9em;margin:3em auto;max-width:26em;">{{if .Message}}{{.Message}}{{else}}<em>No account yet?</em> <a href="{{.SignupPath}}">Sign up</a> to start a blog.{{end}}</p>{{end}}
 
 <script type="text/javascript">
 function disableSubmit() {
diff --git a/templates/base.tmpl b/templates/base.tmpl
index ef44121..556dfba 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -47,7 +47,7 @@
 					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
 						{{ end }}
 					{{if and (and  .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
-					{{if and (and (and  .Chorus .OpenRegistration) (not .Username)) (or (not .Private) (ne .Landing ""))}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
+					{{if eq .SignupPath "/signup"}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if and (not .Username) (not .Private)}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
 					{{ end }}
 				</nav>

From 5b2612af54595e754529927c3387f75ec54e3325 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 3 Mar 2020 11:26:23 -0600
Subject: [PATCH 18/76] Fix `created_at` default val in v4 migration for SQLite

This previously used a default timestamp value which caused the
migration to fail for SQLite databases.
---
 db/create.go     | 9 +++++++++
 migrations/v4.go | 2 +-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/db/create.go b/db/create.go
index c384778..fc1ab99 100644
--- a/db/create.go
+++ b/db/create.go
@@ -139,6 +139,15 @@ func (c *Column) SetDefault(value string) *Column {
 	return c
 }
 
+func (c *Column) SetDefaultCurrentTimestamp() *Column {
+	def := "NOW()"
+	if c.Dialect == DialectSQLite {
+		def = "CURRENT_TIMESTAMP"
+	}
+	c.Default = OptionalString{Set: true, Value: def}
+	return c
+}
+
 func (c *Column) SetType(t ColumnType) *Column {
 	c.Type = t
 	return c
diff --git a/migrations/v4.go b/migrations/v4.go
index c075dd8..93bfbc1 100644
--- a/migrations/v4.go
+++ b/migrations/v4.go
@@ -29,7 +29,7 @@ func oauth(db *datastore) error {
 			SetIfNotExists(true).
 			Column(dialect.Column("state", wf_db.ColumnTypeVarChar, wf_db.OptionalInt{Set: true, Value: 255})).
 			Column(dialect.Column("used", wf_db.ColumnTypeBool, wf_db.UnsetSize)).
-			Column(dialect.Column("created_at", wf_db.ColumnTypeDateTime, wf_db.UnsetSize).SetDefault("NOW()")).
+			Column(dialect.Column("created_at", wf_db.ColumnTypeDateTime, wf_db.UnsetSize).SetDefaultCurrentTimestamp()).
 			UniqueConstraint("state").
 			ToSQL()
 		if err != nil {

From f1ffcf96ec6f629078fbc1b298d2aa52b95a4dcc Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 3 Mar 2020 11:36:30 -0600
Subject: [PATCH 19/76] Remove user_id and remote_user_id constraints in v4&v5
 migrations

It's not straightforward to remove these constraints in SQLite, so this
just skips it entirely. Since both of these migrations are part of the
same WF release, this should have minimal impact on admins.
---
 migrations/v4.go | 2 --
 migrations/v5.go | 2 --
 2 files changed, 4 deletions(-)

diff --git a/migrations/v4.go b/migrations/v4.go
index 93bfbc1..403a3f0 100644
--- a/migrations/v4.go
+++ b/migrations/v4.go
@@ -18,8 +18,6 @@ func oauth(db *datastore) error {
 			SetIfNotExists(true).
 			Column(dialect.Column("user_id", wf_db.ColumnTypeInteger, wf_db.UnsetSize)).
 			Column(dialect.Column("remote_user_id", wf_db.ColumnTypeInteger, wf_db.UnsetSize)).
-			UniqueConstraint("user_id").
-			UniqueConstraint("remote_user_id").
 			ToSQL()
 		if err != nil {
 			return err
diff --git a/migrations/v5.go b/migrations/v5.go
index 94e3944..0dc5129 100644
--- a/migrations/v5.go
+++ b/migrations/v5.go
@@ -49,8 +49,6 @@ func oauthSlack(db *datastore) error {
 						"access_token",
 						wf_db.ColumnTypeVarChar,
 						wf_db.OptionalInt{Set: true, Value: 512,})),
-			dialect.DropIndex("remote_user_id", "oauth_users"),
-			dialect.DropIndex("user_id", "oauth_users"),
 			dialect.CreateUniqueIndex("oauth_users", "oauth_users", "user_id", "provider", "client_id"),
 		}
 		for _, builder := range builders {

From bb5da1d3f579b4ffa67ca77797d4908b8147e170 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 3 Mar 2020 11:40:56 -0600
Subject: [PATCH 20/76] Break up v5 table ALTERs for SQLite

Combining all operations into a single query was causing problems in
SQLite. This fixes that by breaking them up into separate queries. It
also moves one column length change to only run on MySQL, since SQLite
doesn't need it.
---
 migrations/v5.go | 32 ++++++++++++++++++++++----------
 1 file changed, 22 insertions(+), 10 deletions(-)

diff --git a/migrations/v5.go b/migrations/v5.go
index 0dc5129..dc404e7 100644
--- a/migrations/v5.go
+++ b/migrations/v5.go
@@ -20,30 +20,30 @@ func oauthSlack(db *datastore) error {
 					Column(
 						"provider",
 						wf_db.ColumnTypeVarChar,
-						wf_db.OptionalInt{Set: true, Value: 24,})).
+						wf_db.OptionalInt{Set: true, Value: 24})),
+			dialect.
+				AlterTable("oauth_client_states").
 				AddColumn(dialect.
 					Column(
 						"client_id",
 						wf_db.ColumnTypeVarChar,
-						wf_db.OptionalInt{Set: true, Value: 128,})),
+						wf_db.OptionalInt{Set: true, Value: 128})),
 			dialect.
 				AlterTable("oauth_users").
-				ChangeColumn("remote_user_id",
-					dialect.
-						Column(
-							"remote_user_id",
-							wf_db.ColumnTypeVarChar,
-							wf_db.OptionalInt{Set: true, Value: 128,})).
 				AddColumn(dialect.
 					Column(
 						"provider",
 						wf_db.ColumnTypeVarChar,
-						wf_db.OptionalInt{Set: true, Value: 24,})).
+						wf_db.OptionalInt{Set: true, Value: 24})),
+			dialect.
+				AlterTable("oauth_users").
 				AddColumn(dialect.
 					Column(
 						"client_id",
 						wf_db.ColumnTypeVarChar,
-						wf_db.OptionalInt{Set: true, Value: 128,})).
+						wf_db.OptionalInt{Set: true, Value: 128})),
+			dialect.
+				AlterTable("oauth_users").
 				AddColumn(dialect.
 					Column(
 						"access_token",
@@ -51,6 +51,18 @@ func oauthSlack(db *datastore) error {
 						wf_db.OptionalInt{Set: true, Value: 512,})),
 			dialect.CreateUniqueIndex("oauth_users", "oauth_users", "user_id", "provider", "client_id"),
 		}
+
+		if dialect != wf_db.DialectSQLite {
+			// This updates the length of the `remote_user_id` column. It isn't needed for SQLite databases.
+			builders = append(builders, dialect.
+				AlterTable("oauth_users").
+				ChangeColumn("remote_user_id",
+					dialect.
+						Column(
+							"remote_user_id",
+							wf_db.ColumnTypeVarChar,
+							wf_db.OptionalInt{Set: true, Value: 128})))
+		}
 		for _, builder := range builders {
 			query, err := builder.ToSQL()
 			if err != nil {

From 471ef4d4032469d9bb8b96f381ecd7b5852f590e Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 3 Mar 2020 11:43:46 -0600
Subject: [PATCH 21/76] Fix "NOT NULL column with NULL" error in v5 SQLite
 migration

Previously, this migration would cause the error: "Cannot add a NOT NULL
column with default value NULL". This fixes that by setting the default
value for new columns to '' (empty string). It updates the query builder
to support this, too.
---
 db/create.go     |  7 +++++--
 migrations/v5.go | 11 ++++++-----
 2 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/db/create.go b/db/create.go
index fc1ab99..9032770 100644
--- a/db/create.go
+++ b/db/create.go
@@ -177,7 +177,11 @@ func (c *Column) String() (string, error) {
 
 	if c.Default.Set {
 		str.WriteString(" DEFAULT ")
-		str.WriteString(c.Default.Value)
+		val := c.Default.Value
+		if val == "" {
+			val = "''"
+		}
+		str.WriteString(val)
 	}
 
 	if c.PrimaryKey {
@@ -250,4 +254,3 @@ func (b *CreateTableSqlBuilder) ToSQL() (string, error) {
 
 	return str.String(), nil
 }
-
diff --git a/migrations/v5.go b/migrations/v5.go
index dc404e7..88ddd28 100644
--- a/migrations/v5.go
+++ b/migrations/v5.go
@@ -20,35 +20,35 @@ func oauthSlack(db *datastore) error {
 					Column(
 						"provider",
 						wf_db.ColumnTypeVarChar,
-						wf_db.OptionalInt{Set: true, Value: 24})),
+						wf_db.OptionalInt{Set: true, Value: 24}).SetDefault("")),
 			dialect.
 				AlterTable("oauth_client_states").
 				AddColumn(dialect.
 					Column(
 						"client_id",
 						wf_db.ColumnTypeVarChar,
-						wf_db.OptionalInt{Set: true, Value: 128})),
+						wf_db.OptionalInt{Set: true, Value: 128}).SetDefault("")),
 			dialect.
 				AlterTable("oauth_users").
 				AddColumn(dialect.
 					Column(
 						"provider",
 						wf_db.ColumnTypeVarChar,
-						wf_db.OptionalInt{Set: true, Value: 24})),
+						wf_db.OptionalInt{Set: true, Value: 24}).SetDefault("")),
 			dialect.
 				AlterTable("oauth_users").
 				AddColumn(dialect.
 					Column(
 						"client_id",
 						wf_db.ColumnTypeVarChar,
-						wf_db.OptionalInt{Set: true, Value: 128})),
+						wf_db.OptionalInt{Set: true, Value: 128}).SetDefault("")),
 			dialect.
 				AlterTable("oauth_users").
 				AddColumn(dialect.
 					Column(
 						"access_token",
 						wf_db.ColumnTypeVarChar,
-						wf_db.OptionalInt{Set: true, Value: 512,})),
+						wf_db.OptionalInt{Set: true, Value: 512}).SetDefault("")),
 			dialect.CreateUniqueIndex("oauth_users", "oauth_users", "user_id", "provider", "client_id"),
 		}
 
@@ -63,6 +63,7 @@ func oauthSlack(db *datastore) error {
 							wf_db.ColumnTypeVarChar,
 							wf_db.OptionalInt{Set: true, Value: 128})))
 		}
+
 		for _, builder := range builders {
 			query, err := builder.ToSQL()
 			if err != nil {

From 83b2c5a21ba0dea22ca278b0cf2befbbedafbb08 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 3 Mar 2020 11:46:51 -0600
Subject: [PATCH 22/76] Fix unique index on v5 SQLite migration

This index needed a unique name in order for this query to succeed.
---
 migrations/v5.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/migrations/v5.go b/migrations/v5.go
index 88ddd28..adc48da 100644
--- a/migrations/v5.go
+++ b/migrations/v5.go
@@ -49,7 +49,7 @@ func oauthSlack(db *datastore) error {
 						"access_token",
 						wf_db.ColumnTypeVarChar,
 						wf_db.OptionalInt{Set: true, Value: 512}).SetDefault("")),
-			dialect.CreateUniqueIndex("oauth_users", "oauth_users", "user_id", "provider", "client_id"),
+			dialect.CreateUniqueIndex("oauth_users_uk", "oauth_users", "user_id", "provider", "client_id"),
 		}
 
 		if dialect != wf_db.DialectSQLite {

From 61ddcff2c035ffd7aacf5a15d14eee5e046759d8 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 3 Mar 2020 11:47:38 -0600
Subject: [PATCH 23/76] Add copyright notices to fixed files

---
 db/create.go     | 10 ++++++++++
 migrations/v4.go | 10 ++++++++++
 migrations/v5.go | 10 ++++++++++
 3 files changed, 30 insertions(+)

diff --git a/db/create.go b/db/create.go
index 9032770..648f93a 100644
--- a/db/create.go
+++ b/db/create.go
@@ -1,3 +1,13 @@
+/*
+ * Copyright © 2019-2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
 package db
 
 import (
diff --git a/migrations/v4.go b/migrations/v4.go
index 403a3f0..fbfe2b5 100644
--- a/migrations/v4.go
+++ b/migrations/v4.go
@@ -1,3 +1,13 @@
+/*
+ * Copyright © 2019-2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
 package migrations
 
 import (
diff --git a/migrations/v5.go b/migrations/v5.go
index adc48da..f93d067 100644
--- a/migrations/v5.go
+++ b/migrations/v5.go
@@ -1,3 +1,13 @@
+/*
+ * Copyright © 2019-2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
 package migrations
 
 import (

From 32f3fcb8595945db1766cf78a84265efc2e08a5d Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 3 Mar 2020 11:48:04 -0600
Subject: [PATCH 24/76] Skip IF [TABLE] NOT EXISTS on v4 migrations

We'd like these queries to fail correctly if the tables exist.
---
 migrations/v4.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/migrations/v4.go b/migrations/v4.go
index fbfe2b5..7d73f96 100644
--- a/migrations/v4.go
+++ b/migrations/v4.go
@@ -25,7 +25,7 @@ func oauth(db *datastore) error {
 	return wf_db.RunTransactionWithOptions(context.Background(), db.DB, &sql.TxOptions{}, func(ctx context.Context, tx *sql.Tx) error {
 		createTableUsersOauth, err := dialect.
 			Table("oauth_users").
-			SetIfNotExists(true).
+			SetIfNotExists(false).
 			Column(dialect.Column("user_id", wf_db.ColumnTypeInteger, wf_db.UnsetSize)).
 			Column(dialect.Column("remote_user_id", wf_db.ColumnTypeInteger, wf_db.UnsetSize)).
 			ToSQL()
@@ -34,7 +34,7 @@ func oauth(db *datastore) error {
 		}
 		createTableOauthClientState, err := dialect.
 			Table("oauth_client_states").
-			SetIfNotExists(true).
+			SetIfNotExists(false).
 			Column(dialect.Column("state", wf_db.ColumnTypeVarChar, wf_db.OptionalInt{Set: true, Value: 255})).
 			Column(dialect.Column("used", wf_db.ColumnTypeBool, wf_db.UnsetSize)).
 			Column(dialect.Column("created_at", wf_db.ColumnTypeDateTime, wf_db.UnsetSize).SetDefaultCurrentTimestamp()).

From eda267e30aa7a4af797b7405c5aa809fea0c53a4 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 4 Mar 2020 10:14:33 -0600
Subject: [PATCH 25/76] Revert accidental h2 font-size change

---
 less/core.less | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/less/core.less b/less/core.less
index 83a9d2a..147d714 100644
--- a/less/core.less
+++ b/less/core.less
@@ -644,7 +644,7 @@ body#collection article, body#subpage article {
 	padding-bottom: 0;
 	.book {
 		h2 {
-			font-size: 1.5;
+			font-size: 1.4em;
 		}
 		a.hidden.action {
 			 color: #666;

From 2aeb994b04ebdb2370f16cfbc7cf4dc16c3684e4 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 9 Mar 2020 15:01:01 -0500
Subject: [PATCH 26/76] Don't show date on pinned post page

Ref T669
---
 templates/chorus-collection-post.tmpl | 2 +-
 templates/collection-post.tmpl        | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index 0418767..dcea457 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -58,7 +58,7 @@ body#post header {
 		{{if .Silenced}}
 			{{template "user-silenced"}}
 		{{end}}
-		<article id="post-body" class="{{.Font}} h-entry">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name{{if $.Collection.Format.ShowDates}} dated{{end}}">{{.FormattedDisplayTitle}}</h2>{{end}}{{if $.Collection.Format.ShowDates}}<time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
+		<article id="post-body" class="{{.Font}} h-entry">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name{{if $.Collection.Format.ShowDates}} dated{{end}}">{{.FormattedDisplayTitle}}</h2>{{end}}{{if and $.Collection.Format.ShowDates (not .IsPinned)}}<time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
 
 		{{ if .Collection.ShowFooterBranding }}
 		<footer dir="ltr">
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index 83c7874..629c8a5 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -62,7 +62,7 @@
 		{{if .Silenced}}
 			{{template "user-silenced"}}
 		{{end}}
-		<article id="post-body" class="{{.Font}} h-entry {{if not .IsFound}}error-page{{end}}">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name{{if $.Collection.Format.ShowDates}} dated{{end}}">{{.FormattedDisplayTitle}}</h2>{{end}}{{if $.Collection.Format.ShowDates}}<time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
+		<article id="post-body" class="{{.Font}} h-entry {{if not .IsFound}}error-page{{end}}">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name{{if $.Collection.Format.ShowDates}} dated{{end}}">{{.FormattedDisplayTitle}}</h2>{{end}}{{if and $.Collection.Format.ShowDates (not .IsPinned)}}<time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
 
 		{{ if .Collection.ShowFooterBranding }}
 		<footer dir="ltr"><hr><nav><p style="font-size: 0.9em">{{localhtml "published with write.as" .Language.String}}</p></nav></footer>

From c292512b9df697e6a1c4230657dc8a15caa8b847 Mon Sep 17 00:00:00 2001
From: Kyle Robbertze <kyle@paddatrapper.com>
Date: Wed, 11 Mar 2020 12:51:12 +0200
Subject: [PATCH 27/76] add Gitlab OAuth

---
 account.go       |   2 +
 config/config.go |  11 +++++
 database.go      |   2 +-
 oauth.go         |  29 +++++++++++-
 oauth_gitlab.go  | 116 +++++++++++++++++++++++++++++++++++++++++++++++
 pages/login.tmpl |   9 +++-
 routes.go        |   1 +
 7 files changed, 167 insertions(+), 3 deletions(-)
 create mode 100644 oauth_gitlab.go

diff --git a/account.go b/account.go
index 5dba924..ad58235 100644
--- a/account.go
+++ b/account.go
@@ -308,6 +308,7 @@ func viewLogin(app *App, w http.ResponseWriter, r *http.Request) error {
 		LoginUsername string
 		OauthSlack    bool
 		OauthWriteAs  bool
+		OauthGitlab   bool
 	}{
 		pageForReq(app, r),
 		r.FormValue("to"),
@@ -316,6 +317,7 @@ func viewLogin(app *App, w http.ResponseWriter, r *http.Request) error {
 		getTempInfo(app, "login-user", r, w),
 		app.Config().SlackOauth.ClientID != "",
 		app.Config().WriteAsOauth.ClientID != "",
+		app.Config().GitlabOauth.ClientID != "",
 	}
 
 	if earlyError != "" {
diff --git a/config/config.go b/config/config.go
index 78892bf..1d82a0e 100644
--- a/config/config.go
+++ b/config/config.go
@@ -69,6 +69,16 @@ type (
 		CallbackProxyAPI string `ini:"callback_proxy_api"`
 	}
 
+	GitlabOauthCfg struct {
+		ClientID         string `ini:"client_id"`
+		ClientSecret     string `ini:"client_secret"`
+		AuthLocation     string `ini:"auth_location"`
+		TokenLocation    string `ini:"token_location"`
+		InspectLocation  string `ini:"inspect_location"`
+		CallbackProxy    string `ini:"callback_proxy"`
+		CallbackProxyAPI string `ini:"callback_proxy_api"`
+	}
+
 	SlackOauthCfg struct {
 		ClientID         string `ini:"client_id"`
 		ClientSecret     string `ini:"client_secret"`
@@ -128,6 +138,7 @@ type (
 		App          AppCfg          `ini:"app"`
 		SlackOauth   SlackOauthCfg   `ini:"oauth.slack"`
 		WriteAsOauth WriteAsOauthCfg `ini:"oauth.writeas"`
+		GitlabOauth  GitlabOauthCfg  `ini:"oauth.gitlab"`
 	}
 )
 
diff --git a/database.go b/database.go
index cea7a97..f5e4564 100644
--- a/database.go
+++ b/database.go
@@ -2512,7 +2512,7 @@ func (db *datastore) GetCollectionLastPostTime(id int64) (*time.Time, error) {
 
 func (db *datastore) GenerateOAuthState(ctx context.Context, provider, clientID string) (string, error) {
 	state := store.Generate62RandomString(24)
-	_, err := db.ExecContext(ctx, "INSERT INTO oauth_client_states (state, provider, client_id, used, created_at) VALUES (?, ?, ?, FALSE, NOW())", state, provider, clientID)
+	_, err := db.ExecContext(ctx, "INSERT INTO oauth_client_states (state, provider, client_id, used, created_at) VALUES (?, ?, ?, FALSE, " + db.now() + ")", state, provider, clientID)
 	if err != nil {
 		return "", fmt.Errorf("unable to record oauth client state: %w", err)
 	}
diff --git a/oauth.go b/oauth.go
index caf8189..0893fcd 100644
--- a/oauth.go
+++ b/oauth.go
@@ -149,7 +149,7 @@ func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) {
 				callbackLocation: app.Config().App.Host + "/oauth/callback/write.as",
 				httpClient:       config.DefaultHTTPClient(),
 			}
-			callbackLocation = app.Config().SlackOauth.CallbackProxy
+			callbackLocation = app.Config().WriteAsOauth.CallbackProxy
 		}
 
 		oauthClient := writeAsOauthClient{
@@ -165,6 +165,33 @@ func configureWriteAsOauth(parentHandler *Handler, r *mux.Router, app *App) {
 	}
 }
 
+func configureGitlabOauth(parentHandler *Handler, r *mux.Router, app *App) {
+	if app.Config().GitlabOauth.ClientID != "" {
+		callbackLocation := app.Config().App.Host + "/oauth/callback/gitlab"
+
+		var callbackProxy *callbackProxyClient = nil
+		if app.Config().GitlabOauth.CallbackProxy != "" {
+			callbackProxy = &callbackProxyClient{
+				server:           app.Config().GitlabOauth.CallbackProxyAPI,
+				callbackLocation: app.Config().App.Host + "/oauth/callback/gitlab",
+				httpClient:       config.DefaultHTTPClient(),
+			}
+			callbackLocation = app.Config().GitlabOauth.CallbackProxy
+		}
+
+		oauthClient := gitlabOauthClient{
+			ClientID:         app.Config().GitlabOauth.ClientID,
+			ClientSecret:     app.Config().GitlabOauth.ClientSecret,
+			ExchangeLocation: config.OrDefaultString(app.Config().GitlabOauth.TokenLocation, gitlabExchangeLocation),
+			InspectLocation:  config.OrDefaultString(app.Config().GitlabOauth.InspectLocation, gitlabIdentityLocation),
+			AuthLocation:     config.OrDefaultString(app.Config().GitlabOauth.AuthLocation, gitlabAuthLocation),
+			HttpClient:       config.DefaultHTTPClient(),
+			CallbackLocation: callbackLocation,
+		}
+		configureOauthRoutes(parentHandler, r, app, oauthClient, callbackProxy)
+	}
+}
+
 func configureOauthRoutes(parentHandler *Handler, r *mux.Router, app *App, oauthClient oauthClient, callbackProxy *callbackProxyClient) {
 	handler := &oauthHandler{
 		Config:        app.Config(),
diff --git a/oauth_gitlab.go b/oauth_gitlab.go
new file mode 100644
index 0000000..e5138d4
--- /dev/null
+++ b/oauth_gitlab.go
@@ -0,0 +1,116 @@
+package writefreely
+
+import (
+	"context"
+	"errors"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+type gitlabOauthClient struct {
+	ClientID         string
+	ClientSecret     string
+	AuthLocation     string
+	ExchangeLocation string
+	InspectLocation  string
+	CallbackLocation string
+	HttpClient       HttpClient
+}
+
+var _ oauthClient = gitlabOauthClient{}
+
+const (
+	gitlabAuthLocation     = "https://gitlab.com/oauth/authorize"
+	gitlabExchangeLocation = "https://gitlab.com/oauth/token"
+	gitlabIdentityLocation = "https://gitlab.com/api/v4/user"
+)
+
+func (c gitlabOauthClient) GetProvider() string {
+	return "gitlab"
+}
+
+func (c gitlabOauthClient) GetClientID() string {
+	return c.ClientID
+}
+
+func (c gitlabOauthClient) GetCallbackLocation() string {
+	return c.CallbackLocation
+}
+
+func (c gitlabOauthClient) buildLoginURL(state string) (string, error) {
+	u, err := url.Parse(c.AuthLocation)
+	if err != nil {
+		return "", err
+	}
+	q := u.Query()
+	q.Set("client_id", c.ClientID)
+	q.Set("redirect_uri", c.CallbackLocation)
+	q.Set("response_type", "code")
+	q.Set("state", state)
+	q.Set("scope", "read_user")
+	u.RawQuery = q.Encode()
+	return u.String(), nil
+}
+
+func (c gitlabOauthClient) exchangeOauthCode(ctx context.Context, code string) (*TokenResponse, error) {
+	form := url.Values{}
+	form.Add("grant_type", "authorization_code")
+	form.Add("redirect_uri", c.CallbackLocation)
+	form.Add("scope", "read_user")
+	form.Add("code", code)
+	req, err := http.NewRequest("POST", c.ExchangeLocation, strings.NewReader(form.Encode()))
+	if err != nil {
+		return nil, err
+	}
+	req.WithContext(ctx)
+	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")
+	req.SetBasicAuth(c.ClientID, c.ClientSecret)
+
+	resp, err := c.HttpClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return nil, errors.New("unable to exchange code for access token")
+	}
+
+	var tokenResponse TokenResponse
+	if err := limitedJsonUnmarshal(resp.Body, tokenRequestMaxLen, &tokenResponse); err != nil {
+		return nil, err
+	}
+	if tokenResponse.Error != "" {
+		return nil, errors.New(tokenResponse.Error)
+	}
+	return &tokenResponse, nil
+}
+
+func (c gitlabOauthClient) inspectOauthAccessToken(ctx context.Context, accessToken string) (*InspectResponse, error) {
+	req, err := http.NewRequest("GET", c.InspectLocation, nil)
+	if err != nil {
+		return nil, err
+	}
+	req.WithContext(ctx)
+	req.Header.Set("User-Agent", "writefreely")
+	req.Header.Set("Accept", "application/json")
+	req.Header.Set("Authorization", "Bearer "+accessToken)
+
+	resp, err := c.HttpClient.Do(req)
+	if err != nil {
+		return nil, err
+	}
+	if resp.StatusCode != http.StatusOK {
+		return nil, errors.New("unable to inspect access token")
+	}
+
+	var inspectResponse InspectResponse
+	if err := limitedJsonUnmarshal(resp.Body, infoRequestMaxLen, &inspectResponse); err != nil {
+		return nil, err
+	}
+	if inspectResponse.Error != "" {
+		return nil, errors.New(inspectResponse.Error)
+	}
+	return &inspectResponse, nil
+}
diff --git a/pages/login.tmpl b/pages/login.tmpl
index 345b171..a988615 100644
--- a/pages/login.tmpl
+++ b/pages/login.tmpl
@@ -32,6 +32,10 @@ hr.short {
 	box-sizing: border-box;
 	font-size: 17px;
 }
+#gitlab-login {
+	box-sizing: border-box;
+	font-size: 17px;
+}
 </style>
 {{end}}
 {{define "content"}}
@@ -42,7 +46,7 @@ hr.short {
 		{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 	</ul>{{end}}
 
-	{{ if or .OauthSlack .OauthWriteAs }}
+	{{ if or .OauthSlack .OauthWriteAs .OauthGitlab }}
 		<div class="row content-container signinbtns">
 		{{ if .OauthSlack }}
 			<a class="loginbtn" href="/oauth/slack"><img alt="Sign in with Slack" height="40" width="172" src="/img/sign_in_with_slack.png" srcset="/img/sign_in_with_slack.png 1x, /img/sign_in_with_slack@2x.png 2x" /></a>
@@ -50,6 +54,9 @@ hr.short {
 		{{ if .OauthWriteAs }}
 			<a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as">Sign in with <strong>Write.as</strong></a>
 		{{ end }}
+		{{ if .OauthGitlab }}
+			<a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab">Sign in with <strong>GitLab</strong></a>
+		{{ end }}
 		</div>
 
 		<div class="or">
diff --git a/routes.go b/routes.go
index 523cc30..20f0eca 100644
--- a/routes.go
+++ b/routes.go
@@ -75,6 +75,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 
 	configureSlackOauth(handler, write, apper.App())
 	configureWriteAsOauth(handler, write, apper.App())
+	configureGitlabOauth(handler, write, apper.App())
 
 	// Set up dyamic page handlers
 	// Handle auth

From 26b6ed5f4facf28b123c58e35faa75b8ff098478 Mon Sep 17 00:00:00 2001
From: Kyle Robbertze <kyle@paddatrapper.com>
Date: Mon, 16 Mar 2020 10:00:04 +0200
Subject: [PATCH 28/76] simplify gitlab oauth config

---
 account.go       | 2 ++
 config/config.go | 5 ++---
 oauth.go         | 7 ++++---
 oauth_gitlab.go  | 5 ++---
 pages/login.tmpl | 2 +-
 5 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/account.go b/account.go
index ad58235..04aa61d 100644
--- a/account.go
+++ b/account.go
@@ -309,6 +309,7 @@ func viewLogin(app *App, w http.ResponseWriter, r *http.Request) error {
 		OauthSlack    bool
 		OauthWriteAs  bool
 		OauthGitlab   bool
+		GitlabHost    string
 	}{
 		pageForReq(app, r),
 		r.FormValue("to"),
@@ -318,6 +319,7 @@ func viewLogin(app *App, w http.ResponseWriter, r *http.Request) error {
 		app.Config().SlackOauth.ClientID != "",
 		app.Config().WriteAsOauth.ClientID != "",
 		app.Config().GitlabOauth.ClientID != "",
+		config.OrDefaultString(app.Config().GitlabOauth.DisplayName, gitlabDisplayName),
 	}
 
 	if earlyError != "" {
diff --git a/config/config.go b/config/config.go
index 1d82a0e..40dbd4d 100644
--- a/config/config.go
+++ b/config/config.go
@@ -72,9 +72,8 @@ type (
 	GitlabOauthCfg struct {
 		ClientID         string `ini:"client_id"`
 		ClientSecret     string `ini:"client_secret"`
-		AuthLocation     string `ini:"auth_location"`
-		TokenLocation    string `ini:"token_location"`
-		InspectLocation  string `ini:"inspect_location"`
+		Host             string `ini:"host"`
+		DisplayName      string `ini:"display_name"`
 		CallbackProxy    string `ini:"callback_proxy"`
 		CallbackProxyAPI string `ini:"callback_proxy_api"`
 	}
diff --git a/oauth.go b/oauth.go
index 0893fcd..a344bde 100644
--- a/oauth.go
+++ b/oauth.go
@@ -179,12 +179,13 @@ func configureGitlabOauth(parentHandler *Handler, r *mux.Router, app *App) {
 			callbackLocation = app.Config().GitlabOauth.CallbackProxy
 		}
 
+        address := config.OrDefaultString(app.Config().GitlabOauth.Host, gitlabHost)
 		oauthClient := gitlabOauthClient{
 			ClientID:         app.Config().GitlabOauth.ClientID,
 			ClientSecret:     app.Config().GitlabOauth.ClientSecret,
-			ExchangeLocation: config.OrDefaultString(app.Config().GitlabOauth.TokenLocation, gitlabExchangeLocation),
-			InspectLocation:  config.OrDefaultString(app.Config().GitlabOauth.InspectLocation, gitlabIdentityLocation),
-			AuthLocation:     config.OrDefaultString(app.Config().GitlabOauth.AuthLocation, gitlabAuthLocation),
+			ExchangeLocation: address + "/oauth/token",
+			InspectLocation:  address + "/api/v4/user",
+			AuthLocation:     address + "/oauth/authorize",
 			HttpClient:       config.DefaultHTTPClient(),
 			CallbackLocation: callbackLocation,
 		}
diff --git a/oauth_gitlab.go b/oauth_gitlab.go
index e5138d4..8931978 100644
--- a/oauth_gitlab.go
+++ b/oauth_gitlab.go
@@ -21,9 +21,8 @@ type gitlabOauthClient struct {
 var _ oauthClient = gitlabOauthClient{}
 
 const (
-	gitlabAuthLocation     = "https://gitlab.com/oauth/authorize"
-	gitlabExchangeLocation = "https://gitlab.com/oauth/token"
-	gitlabIdentityLocation = "https://gitlab.com/api/v4/user"
+    gitlabHost        = "https://gitlab.com"
+    gitlabDisplayName = "GitLab"
 )
 
 func (c gitlabOauthClient) GetProvider() string {
diff --git a/pages/login.tmpl b/pages/login.tmpl
index a988615..f08dbf7 100644
--- a/pages/login.tmpl
+++ b/pages/login.tmpl
@@ -55,7 +55,7 @@ hr.short {
 			<a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as">Sign in with <strong>Write.as</strong></a>
 		{{ end }}
 		{{ if .OauthGitlab }}
-			<a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab">Sign in with <strong>GitLab</strong></a>
+			<a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab">Sign in with <strong>{{ .GitlabDisplayName }}</strong></a>
 		{{ end }}
 		</div>
 

From 3e1019f29dee69994a16c1890fe8547c1aecc6a8 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 17 Mar 2020 10:24:30 -0400
Subject: [PATCH 29/76] Fix text contrast ratio on pinned post links

This also darkens the text color of the blog description, to
differentiate it from the pinned links.
---
 less/new-core.less | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/less/new-core.less b/less/new-core.less
index d618042..87d8158 100644
--- a/less/new-core.less
+++ b/less/new-core.less
@@ -1,4 +1,4 @@
-@actionNavColor: #999;
+@actionNavColor: #767676;
 
 body {
 	margin: 0;
@@ -58,7 +58,7 @@ header {
 	}
 	p {
 		&.description {
-			color: #666;
+			color: #444;
 			font-size: 1.1em;
 			margin-top: 0.5em;
 			line-height: 1.5;

From f4c106beaff5db5ea9f4a4e9b049b8339b09a875 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 17 Mar 2020 10:31:44 -0400
Subject: [PATCH 30/76] Fix text contrast ratio in blockquote

This darkens the text slightly to get a contrast ratio over 4.5:1.
---
 less/post-temp.less | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/less/post-temp.less b/less/post-temp.less
index 1a05280..7ab5d92 100644
--- a/less/post-temp.less
+++ b/less/post-temp.less
@@ -49,7 +49,7 @@ body#post article, pre, .hljs {
 	border-left: 4px solid #ddd;
 	padding: 0 1em;
 	margin: 0.5em;
-	color: #777;
+	color: #767676;
 	display: inline-block;
 
 	p {

From a9bed9fea9fa90f95309738acd3b60f45d860fa4 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 17 Mar 2020 13:13:05 -0400
Subject: [PATCH 31/76] Prevent nil pointer panic from ActivityObject() method

Previously, we might potentially return a nil activitystreams.Object,
which would crash the app. This fixes that.
---
 posts.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/posts.go b/posts.go
index 35e9bd3..5d9b9f8 100644
--- a/posts.go
+++ b/posts.go
@@ -1182,7 +1182,7 @@ func (p *PublicPost) ActivityObject(app *App) *activitystreams.Object {
 		actorIRI, err := app.db.GetProfilePageFromHandle(app, handle)
 		if err != nil {
 			log.Info("Can't find this user either in the database nor in the remote instance")
-			return nil
+			continue
 		}
 		mentionedUsers[handle] = actorIRI
 	}

From 471a9e06026f6597ea3e4715671e5cc0297a09f4 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 17 Mar 2020 13:42:09 -0400
Subject: [PATCH 32/76] Store AP handles consistently

This ensures handles are always stored without leading @ symbol.
---
 database.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/database.go b/database.go
index f5e4564..19476e8 100644
--- a/database.go
+++ b/database.go
@@ -2605,6 +2605,7 @@ func handleFailedPostInsert(err error) error {
 }
 
 func (db *datastore) GetProfilePageFromHandle(app *App, handle string) (string, error) {
+	handle = strings.TrimLeft(handle, "@")
 	actorIRI := ""
 	remoteUser, err := getRemoteUserFromHandle(app, handle)
 	if err != nil {

From 97aec9c158de685478662e14945a6326b18ebc53 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 17 Mar 2020 13:42:51 -0400
Subject: [PATCH 33/76] Fix error / info logging around AP mentions

This fixes log formatting and makes verbiage consistent & concise.
---
 database.go  | 6 +++---
 posts.go     | 2 +-
 webfinger.go | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/database.go b/database.go
index 19476e8..bd6b5d6 100644
--- a/database.go
+++ b/database.go
@@ -2618,21 +2618,21 @@ func (db *datastore) GetProfilePageFromHandle(app *App, handle string) (string,
 		if errRemoteUser == nil {
 			_, err := app.db.Exec("UPDATE remoteusers SET handle = ? WHERE actor_id = ?", handle, actorIRI)
 			if err != nil {
-				log.Error("Can't update handle (" + handle + ") in database for user " + actorIRI)
+				log.Error("Couldn't update handle '%s' for user %s", handle, actorIRI)
 			}
 		} else {
 			// this probably means we don't have the user in the table so let's try to insert it
 			// here we need to ask the server for the inboxes
 			remoteActor, err := activityserve.NewRemoteActor(actorIRI)
 			if err != nil {
-				log.Error("Couldn't fetch remote actor", err)
+				log.Error("Couldn't fetch remote actor: %v", err)
 			}
 			if debugging {
 				log.Info("%s %s %s %s", actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
 			}
 			_, err = app.db.Exec("INSERT INTO remoteusers (actor_id, inbox, shared_inbox, handle) VALUES(?, ?, ?, ?)", actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
 			if err != nil {
-				log.Error("Can't insert remote user in database", err)
+				log.Error("Couldn't insert remote user: %v", err)
 				return "", err
 			}
 		}
diff --git a/posts.go b/posts.go
index 5d9b9f8..c632ba9 100644
--- a/posts.go
+++ b/posts.go
@@ -1181,7 +1181,7 @@ func (p *PublicPost) ActivityObject(app *App) *activitystreams.Object {
 	for _, handle := range mentions {
 		actorIRI, err := app.db.GetProfilePageFromHandle(app, handle)
 		if err != nil {
-			log.Info("Can't find this user either in the database nor in the remote instance")
+			log.Info("Couldn't find this user locally or remotely")
 			continue
 		}
 		mentionedUsers[handle] = actorIRI
diff --git a/webfinger.go b/webfinger.go
index 61f6867..993272f 100644
--- a/webfinger.go
+++ b/webfinger.go
@@ -101,20 +101,20 @@ func RemoteLookup(handle string) string {
 	parts := strings.Split(handle, "@")
 	resp, err := http.Get("https://" + parts[1] + "/.well-known/webfinger?resource=acct:" + handle)
 	if err != nil {
-		log.Error("Error performing webfinger request", err)
+		log.Error("Error on webfinger request: %v", err)
 		return ""
 	}
 
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
-		log.Error("Error reading webfinger response", err)
+		log.Error("Error on webfinger response: %v", err)
 		return ""
 	}
 
 	var result webfinger.Resource
 	err = json.Unmarshal(body, &result)
 	if err != nil {
-		log.Error("Unsupported webfinger response received: %v", err)
+		log.Error("Unable to parse webfinger response: %v", err)
 		return ""
 	}
 

From ac522ed600f52ee33564a6fcc94f5da6e81e33cc Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 17 Mar 2020 13:43:25 -0400
Subject: [PATCH 34/76] Reuse mention regex

This makes the app less error-prone by avoiding a regexp.MustCompile()
call in the ActivityObject() method, saves CPU work, and reuses code.
---
 posts.go | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/posts.go b/posts.go
index c632ba9..15176b7 100644
--- a/posts.go
+++ b/posts.go
@@ -1175,8 +1175,7 @@ func (p *PublicPost) ActivityObject(app *App) *activitystreams.Object {
 
 	stripper := bluemonday.StrictPolicy()
 	content := stripper.Sanitize(p.Content)
-	mentionRegex := regexp.MustCompile(`@[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]+\b`)
-	mentions := mentionRegex.FindAllString(content, -1)
+	mentions := mentionReg.FindAllString(content, -1)
 
 	for _, handle := range mentions {
 		actorIRI, err := app.db.GetProfilePageFromHandle(app, handle)

From 79a968f425bfd7853e19475dd2ed1cbadc24d7a0 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 18 Mar 2020 16:05:26 -0400
Subject: [PATCH 35/76] Fix login.tmpl rendering

This passes in the correct field named GitlabDisplayName.
---
 account.go       | 16 ++++++++--------
 pages/login.tmpl |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/account.go b/account.go
index 04aa61d..3fbb1f2 100644
--- a/account.go
+++ b/account.go
@@ -302,14 +302,14 @@ func viewLogin(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	p := &struct {
 		page.StaticPage
-		To            string
-		Message       template.HTML
-		Flashes       []template.HTML
-		LoginUsername string
-		OauthSlack    bool
-		OauthWriteAs  bool
-		OauthGitlab   bool
-		GitlabHost    string
+		To                string
+		Message           template.HTML
+		Flashes           []template.HTML
+		LoginUsername     string
+		OauthSlack        bool
+		OauthWriteAs      bool
+		OauthGitlab       bool
+		GitlabDisplayName string
 	}{
 		pageForReq(app, r),
 		r.FormValue("to"),
diff --git a/pages/login.tmpl b/pages/login.tmpl
index f08dbf7..6a75d13 100644
--- a/pages/login.tmpl
+++ b/pages/login.tmpl
@@ -55,7 +55,7 @@ hr.short {
 			<a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as">Sign in with <strong>Write.as</strong></a>
 		{{ end }}
 		{{ if .OauthGitlab }}
-			<a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab">Sign in with <strong>{{ .GitlabDisplayName }}</strong></a>
+			<a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab">Sign in with <strong>{{.GitlabDisplayName}}</strong></a>
 		{{ end }}
 		</div>
 

From 0285a9b0bd638296696bcb6ce49eef6138a803d9 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 18 Mar 2020 16:14:05 -0400
Subject: [PATCH 36/76] Show 503 page on collections under high load

This acknowledges "too many connections" and "max user connections"
errors in MySQL and propagates the error up the chain so we can notify
the user and return the correct HTTP code.
---
 database-no-sqlite.go | 10 ++++++++++
 database.go           |  4 ++++
 errors.go             |  2 ++
 handle.go             |  7 +++++++
 pages/503.tmpl        |  7 +++++++
 5 files changed, 30 insertions(+)
 create mode 100644 pages/503.tmpl

diff --git a/database-no-sqlite.go b/database-no-sqlite.go
index 03d1a32..f2c7ffc 100644
--- a/database-no-sqlite.go
+++ b/database-no-sqlite.go
@@ -40,3 +40,13 @@ func (db *datastore) isIgnorableError(err error) bool {
 
 	return false
 }
+
+func (db *datastore) isHighLoadError(err error) bool {
+	if db.driverName == driverMySQL {
+		if mysqlErr, ok := err.(*mysql.MySQLError); ok {
+			return mysqlErr.Number == mySQLErrMaxUserConns || mysqlErr.Number == mySQLErrTooManyConns
+		}
+	}
+
+	return false
+}
diff --git a/database.go b/database.go
index f5e4564..3ed0920 100644
--- a/database.go
+++ b/database.go
@@ -39,6 +39,8 @@ import (
 const (
 	mySQLErrDuplicateKey = 1062
 	mySQLErrCollationMix = 1267
+	mySQLErrTooManyConns = 1040
+	mySQLErrMaxUserConns = 1203
 
 	driverMySQL  = "mysql"
 	driverSQLite = "sqlite3"
@@ -793,6 +795,8 @@ func (db *datastore) GetCollectionBy(condition string, value interface{}) (*Coll
 	switch {
 	case err == sql.ErrNoRows:
 		return nil, impart.HTTPError{http.StatusNotFound, "Collection doesn't exist."}
+	case db.isHighLoadError(err):
+		return nil, ErrUnavailable
 	case err != nil:
 		log.Error("Failed selecting from collections: %v", err)
 		return nil, err
diff --git a/errors.go b/errors.go
index b62fc9e..579386b 100644
--- a/errors.go
+++ b/errors.go
@@ -37,6 +37,8 @@ var (
 	ErrInternalGeneral       = impart.HTTPError{http.StatusInternalServerError, "The humans messed something up. They've been notified."}
 	ErrInternalCookieSession = impart.HTTPError{http.StatusInternalServerError, "Could not get cookie session."}
 
+	ErrUnavailable = impart.HTTPError{http.StatusServiceUnavailable, "Service temporarily unavailable due to high load."}
+
 	ErrCollectionNotFound     = impart.HTTPError{http.StatusNotFound, "Collection doesn't exist."}
 	ErrCollectionGone         = impart.HTTPError{http.StatusGone, "This blog was unpublished."}
 	ErrCollectionPageNotFound = impart.HTTPError{http.StatusNotFound, "Collection page doesn't exist."}
diff --git a/handle.go b/handle.go
index 0fcc483..4915420 100644
--- a/handle.go
+++ b/handle.go
@@ -83,6 +83,7 @@ type ErrorPages struct {
 	NotFound            *template.Template
 	Gone                *template.Template
 	InternalServerError *template.Template
+	UnavailableError    *template.Template
 	Blank               *template.Template
 }
 
@@ -94,6 +95,7 @@ func NewHandler(apper Apper) *Handler {
 			NotFound:            template.Must(template.New("").Parse("{{define \"base\"}}<html><head><title>404</title></head><body><p>Not found.</p></body></html>{{end}}")),
 			Gone:                template.Must(template.New("").Parse("{{define \"base\"}}<html><head><title>410</title></head><body><p>Gone.</p></body></html>{{end}}")),
 			InternalServerError: template.Must(template.New("").Parse("{{define \"base\"}}<html><head><title>500</title></head><body><p>Internal server error.</p></body></html>{{end}}")),
+			UnavailableError:    template.Must(template.New("").Parse("{{define \"base\"}}<html><head><title>503</title></head><body><p>Service is temporarily unavailable.</p></body></html>{{end}}")),
 			Blank:               template.Must(template.New("").Parse("{{define \"base\"}}<html><head><title>{{.Title}}</title></head><body><p>{{.Content}}</p></body></html>{{end}}")),
 		},
 		sessionStore: apper.App().SessionStore(),
@@ -111,6 +113,7 @@ func NewWFHandler(apper Apper) *Handler {
 		NotFound:            pages["404-general.tmpl"],
 		Gone:                pages["410.tmpl"],
 		InternalServerError: pages["500.tmpl"],
+		UnavailableError:    pages["503.tmpl"],
 		Blank:               pages["blank.tmpl"],
 	})
 	return h
@@ -763,6 +766,10 @@ func (h *Handler) handleHTTPError(w http.ResponseWriter, r *http.Request, err er
 			log.Info("handleHTTPErorr internal error render")
 			h.errors.InternalServerError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))
 			return
+		} else if err.Status == http.StatusServiceUnavailable {
+			w.WriteHeader(err.Status)
+			h.errors.UnavailableError.ExecuteTemplate(w, "base", pageForReq(h.app.App(), r))
+			return
 		} else if err.Status == http.StatusAccepted {
 			impart.WriteSuccess(w, "", err.Status)
 			return
diff --git a/pages/503.tmpl b/pages/503.tmpl
new file mode 100644
index 0000000..70c6c78
--- /dev/null
+++ b/pages/503.tmpl
@@ -0,0 +1,7 @@
+{{define "head"}}<title>Temporarily Unavailable &mdash; {{.SiteMetaName}}</title>{{end}}
+{{define "content"}}
+		<div class="error-page">
+			<p class="msg">The words aren't coming to me. &#x1F5C5;</p>
+			<p>We couldn't serve this page due to high server load. This should only be temporary.</p>
+		</div>
+{{end}}

From 9e25979e378cfe4ab51472369034848f899789ac Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 18 Mar 2020 16:17:06 -0400
Subject: [PATCH 37/76] Run go fmt on modified GitLab files

---
 database.go     | 2 +-
 oauth.go        | 2 +-
 oauth_gitlab.go | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/database.go b/database.go
index f5e4564..6beea1a 100644
--- a/database.go
+++ b/database.go
@@ -2512,7 +2512,7 @@ func (db *datastore) GetCollectionLastPostTime(id int64) (*time.Time, error) {
 
 func (db *datastore) GenerateOAuthState(ctx context.Context, provider, clientID string) (string, error) {
 	state := store.Generate62RandomString(24)
-	_, err := db.ExecContext(ctx, "INSERT INTO oauth_client_states (state, provider, client_id, used, created_at) VALUES (?, ?, ?, FALSE, " + db.now() + ")", state, provider, clientID)
+	_, err := db.ExecContext(ctx, "INSERT INTO oauth_client_states (state, provider, client_id, used, created_at) VALUES (?, ?, ?, FALSE, "+db.now()+")", state, provider, clientID)
 	if err != nil {
 		return "", fmt.Errorf("unable to record oauth client state: %w", err)
 	}
diff --git a/oauth.go b/oauth.go
index a344bde..0aff0f3 100644
--- a/oauth.go
+++ b/oauth.go
@@ -179,7 +179,7 @@ func configureGitlabOauth(parentHandler *Handler, r *mux.Router, app *App) {
 			callbackLocation = app.Config().GitlabOauth.CallbackProxy
 		}
 
-        address := config.OrDefaultString(app.Config().GitlabOauth.Host, gitlabHost)
+		address := config.OrDefaultString(app.Config().GitlabOauth.Host, gitlabHost)
 		oauthClient := gitlabOauthClient{
 			ClientID:         app.Config().GitlabOauth.ClientID,
 			ClientSecret:     app.Config().GitlabOauth.ClientSecret,
diff --git a/oauth_gitlab.go b/oauth_gitlab.go
index 8931978..c9c74aa 100644
--- a/oauth_gitlab.go
+++ b/oauth_gitlab.go
@@ -21,8 +21,8 @@ type gitlabOauthClient struct {
 var _ oauthClient = gitlabOauthClient{}
 
 const (
-    gitlabHost        = "https://gitlab.com"
-    gitlabDisplayName = "GitLab"
+	gitlabHost        = "https://gitlab.com"
+	gitlabDisplayName = "GitLab"
 )
 
 func (c gitlabOauthClient) GetProvider() string {

From f9cd87ae3a3fbc10af9e46ad768e60df9cb3fc17 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 19 Mar 2020 13:43:07 -0400
Subject: [PATCH 38/76] Log handle on GetProfilePageFromHandle err

---
 posts.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/posts.go b/posts.go
index 15176b7..82907ba 100644
--- a/posts.go
+++ b/posts.go
@@ -1180,7 +1180,7 @@ func (p *PublicPost) ActivityObject(app *App) *activitystreams.Object {
 	for _, handle := range mentions {
 		actorIRI, err := app.db.GetProfilePageFromHandle(app, handle)
 		if err != nil {
-			log.Info("Couldn't find this user locally or remotely")
+			log.Info("Couldn't find user '%s' locally or remotely", handle)
 			continue
 		}
 		mentionedUsers[handle] = actorIRI

From 048e8a5e13033f50cce02986498fb58d9c114341 Mon Sep 17 00:00:00 2001
From: Nick Gerakines <nick.gerakines@gmail.com>
Date: Fri, 20 Mar 2020 18:07:18 -0400
Subject: [PATCH 39/76] Added error messaging when user attempts to attach a
 slack account to a user that already has the slack account attached. Added
 GitLab to settings page as oauth option.

---
 account.go                   | 10 ++++++++--
 go.mod                       |  2 ++
 go.sum                       |  4 ++++
 oauth.go                     | 19 ++++++++++++++-----
 templates/user/settings.tmpl |  3 +++
 5 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/account.go b/account.go
index 2ae5bf1..e6ddc7b 100644
--- a/account.go
+++ b/account.go
@@ -27,6 +27,7 @@ import (
 	"github.com/writeas/web-core/auth"
 	"github.com/writeas/web-core/data"
 	"github.com/writeas/web-core/log"
+
 	"github.com/writeas/writefreely/author"
 	"github.com/writeas/writefreely/config"
 	"github.com/writeas/writefreely/page"
@@ -70,7 +71,7 @@ func canUserInvite(cfg *config.Config, isAdmin bool) bool {
 }
 
 func (up *UserPage) SetMessaging(u *User) {
-	//up.NeedsAuth = app.db.DoesUserNeedAuth(u.ID)
+	// up.NeedsAuth = app.db.DoesUserNeedAuth(u.ID)
 }
 
 const (
@@ -1044,6 +1045,7 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 
 	enableOauthSlack := app.Config().SlackOauth.ClientID != ""
 	enableOauthWriteAs := app.Config().WriteAsOauth.ClientID != ""
+	enableOauthGitLab := app.Config().GitlabOauth.ClientID != ""
 
 	oauthAccounts, err := app.db.GetOauthAccounts(r.Context(), u.ID)
 	if err != nil {
@@ -1056,10 +1058,12 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 			enableOauthSlack = false
 		case "write.as":
 			enableOauthWriteAs = false
+		case "gitlab":
+			enableOauthGitLab = false
 		}
 	}
 
-	displayOauthSection := enableOauthSlack || enableOauthWriteAs || len(oauthAccounts) > 0
+	displayOauthSection := enableOauthSlack || enableOauthWriteAs || enableOauthGitLab || len(oauthAccounts) > 0
 
 	obj := struct {
 		*UserPage
@@ -1071,6 +1075,7 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		OauthAccounts []oauthAccountInfo
 		OauthSlack    bool
 		OauthWriteAs  bool
+		OauthGitLab   bool
 	}{
 		UserPage:      NewUserPage(app, r, u, "Account Settings", flashes),
 		Email:         fullUser.EmailClear(app.keys),
@@ -1081,6 +1086,7 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		OauthAccounts: oauthAccounts,
 		OauthSlack:    enableOauthSlack,
 		OauthWriteAs:  enableOauthWriteAs,
+		OauthGitLab:   enableOauthGitLab,
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/go.mod b/go.mod
index fe5b548..bb23137 100644
--- a/go.mod
+++ b/go.mod
@@ -21,6 +21,7 @@ require (
 	github.com/guregu/null v3.4.0+incompatible
 	github.com/hashicorp/go-multierror v1.0.0
 	github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2
+	github.com/jteeuwen/go-bindata v3.0.7+incompatible // indirect
 	github.com/jtolds/gls v4.2.1+incompatible // indirect
 	github.com/kylemcc/twitter-text-go v0.0.0-20180726194232-7f582f6736ec
 	github.com/lunixbochs/vtclean v1.0.0 // indirect
@@ -51,6 +52,7 @@ require (
 	github.com/writeas/slug v1.2.0
 	github.com/writeas/web-core v1.2.0
 	github.com/writefreely/go-nodeinfo v1.2.0
+	golang.org/dl v0.0.0-20200319204010-bf12898a6070 // indirect
 	golang.org/x/crypto v0.0.0-20200109152110-61a87790db17
 	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
 	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67 // indirect
diff --git a/go.sum b/go.sum
index b0a423a..1de5654 100644
--- a/go.sum
+++ b/go.sum
@@ -73,6 +73,8 @@ github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uP
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
 github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2 h1:wIdDEle9HEy7vBPjC6oKz6ejs3Ut+jmsYvuOoAW2pSM=
 github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2/go.mod h1:WtaVKD9TeruTED9ydiaOJU08qGoEPP/LyzTKiD3jEsw=
+github.com/jteeuwen/go-bindata v3.0.7+incompatible h1:91Uy4d9SYVr1kyTJ15wJsog+esAZZl7JmEfTkwmhJts=
+github.com/jteeuwen/go-bindata v3.0.7+incompatible/go.mod h1:JVvhzYOiGBnFSYRyV00iY8q7/0PThjIYav1p9h5dmKs=
 github.com/jtolds/gls v4.2.1+incompatible h1:fSuqC+Gmlu6l/ZYAoZzx2pyucC8Xza35fpRVWLVmUEE=
 github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU=
@@ -165,6 +167,8 @@ github.com/writeas/web-core v1.2.0 h1:CYqvBd+byi1cK4mCr1NZ6CjILuMOFmiFecv+OACcmG
 github.com/writeas/web-core v1.2.0/go.mod h1:vTYajviuNBAxjctPp2NUYdgjofywVkxUGpeaERF3SfI=
 github.com/writefreely/go-nodeinfo v1.2.0 h1:La+YbTCvmpTwFhBSlebWDDL81N88Qf/SCAvRLR7F8ss=
 github.com/writefreely/go-nodeinfo v1.2.0/go.mod h1:UTvE78KpcjYOlRHupZIiSEFcXHioTXuacCbHU+CAcPg=
+golang.org/dl v0.0.0-20200319204010-bf12898a6070 h1:m3RoSUFYtel4F/gCw0tosY5Exe7hm2NbeNv/737FbSo=
+golang.org/dl v0.0.0-20200319204010-bf12898a6070/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ=
 golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59 h1:hk3yo72LXLapY9EXVttc3Z1rLOxT9IuAPPX3GpY2+jo=
 golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
diff --git a/oauth.go b/oauth.go
index 59350bd..80f3e1d 100644
--- a/oauth.go
+++ b/oauth.go
@@ -4,17 +4,19 @@ import (
 	"context"
 	"encoding/json"
 	"fmt"
-	"github.com/gorilla/mux"
-	"github.com/gorilla/sessions"
-	"github.com/writeas/impart"
-	"github.com/writeas/web-core/log"
-	"github.com/writeas/writefreely/config"
 	"io"
 	"io/ioutil"
 	"net/http"
 	"net/url"
 	"strings"
 	"time"
+
+	"github.com/gorilla/mux"
+	"github.com/gorilla/sessions"
+	"github.com/writeas/impart"
+	"github.com/writeas/web-core/log"
+
+	"github.com/writeas/writefreely/config"
 )
 
 // TokenResponse contains data returned when a token is created either
@@ -252,6 +254,13 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
 	}
 
+	if localUserID != -1 && attachUserID > 0 {
+		if err = addSessionFlash(app, w, r, "Slack account is already attached to a user.", nil); err != nil {
+			return impart.HTTPError{Status: http.StatusInternalServerError, Message: err.Error()}
+		}
+		return impart.HTTPError{http.StatusFound, "/me/settings"}
+	}
+
 	if localUserID != -1 {
 		user, err := h.DB.GetUserByID(localUserID)
 		if err != nil {
diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index 3b91c83..14f8e47 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -92,6 +92,9 @@ h3 { font-weight: normal; }
             {{ if .OauthWriteAs }}
                 <a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as?attach=t">Link your <strong>Write.as</strong> account.</a>
             {{ end }}
+            {{ if .OauthGitLab }}
+                <a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab?attach=t">Link your <strong>GitLab</strong> account.</a>
+            {{ end }}
             </p>
         {{ end }}
     {{ end }}

From 9dbba9d8c7eca98461532fbfaecc2bd93db3e4b1 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 24 Mar 2020 07:59:00 -0400
Subject: [PATCH 40/76] Make `handle` column in remoteusers NULL

This alters the V6 migration to make the column NULLable. Anyone who has already run this migration will need to manually update their database.
---
 activitypub.go   | 5 ++++-
 migrations/v6.go | 4 ++--
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index c3df29f..d2980ff 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -708,7 +708,8 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 
 func getRemoteUser(app *App, actorID string) (*RemoteUser, error) {
 	u := RemoteUser{ActorID: actorID}
-	err := app.db.QueryRow("SELECT id, inbox, shared_inbox, handle FROM remoteusers WHERE actor_id = ?", actorID).Scan(&u.ID, &u.Inbox, &u.SharedInbox, &u.Handle)
+	var handle sql.NullString
+	err := app.db.QueryRow("SELECT id, inbox, shared_inbox, handle FROM remoteusers WHERE actor_id = ?", actorID).Scan(&u.ID, &u.Inbox, &u.SharedInbox, &handle)
 	switch {
 	case err == sql.ErrNoRows:
 		return nil, impart.HTTPError{http.StatusNotFound, "No remote user with that ID."}
@@ -717,6 +718,8 @@ func getRemoteUser(app *App, actorID string) (*RemoteUser, error) {
 		return nil, err
 	}
 
+	u.Handle = handle.String
+
 	return &u, nil
 }
 
diff --git a/migrations/v6.go b/migrations/v6.go
index c6f5012..8e0be78 100644
--- a/migrations/v6.go
+++ b/migrations/v6.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2019 A Bunch Tell LLC.
+ * Copyright © 2019-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -13,7 +13,7 @@ package migrations
 func supportActivityPubMentions(db *datastore) error {
 	t, err := db.Begin()
 
-	_, err = t.Exec(`ALTER TABLE remoteusers ADD COLUMN handle ` + db.typeVarChar(255) + ` DEFAULT '' NOT NULL`)
+	_, err = t.Exec(`ALTER TABLE remoteusers ADD COLUMN handle ` + db.typeVarChar(255) + ` NULL`)
 	if err != nil {
 		t.Rollback()
 		return err

From b25e80bb1bae924f2eefd791f677f4d97903c2bd Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 24 Mar 2020 09:07:27 -0400
Subject: [PATCH 41/76] Show configured GitLab name on Account page

This includes the chosen GitLab display name in the button text.
---
 account.go                   | 40 +++++++++++++++++++-----------------
 templates/user/settings.tmpl |  2 +-
 2 files changed, 22 insertions(+), 20 deletions(-)

diff --git a/account.go b/account.go
index e6ddc7b..d32f503 100644
--- a/account.go
+++ b/account.go
@@ -1067,26 +1067,28 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 
 	obj := struct {
 		*UserPage
-		Email         string
-		HasPass       bool
-		IsLogOut      bool
-		Silenced      bool
-		OauthSection  bool
-		OauthAccounts []oauthAccountInfo
-		OauthSlack    bool
-		OauthWriteAs  bool
-		OauthGitLab   bool
+		Email             string
+		HasPass           bool
+		IsLogOut          bool
+		Silenced          bool
+		OauthSection      bool
+		OauthAccounts     []oauthAccountInfo
+		OauthSlack        bool
+		OauthWriteAs      bool
+		OauthGitLab       bool
+		GitLabDisplayName string
 	}{
-		UserPage:      NewUserPage(app, r, u, "Account Settings", flashes),
-		Email:         fullUser.EmailClear(app.keys),
-		HasPass:       passIsSet,
-		IsLogOut:      r.FormValue("logout") == "1",
-		Silenced:      fullUser.IsSilenced(),
-		OauthSection:  displayOauthSection,
-		OauthAccounts: oauthAccounts,
-		OauthSlack:    enableOauthSlack,
-		OauthWriteAs:  enableOauthWriteAs,
-		OauthGitLab:   enableOauthGitLab,
+		UserPage:          NewUserPage(app, r, u, "Account Settings", flashes),
+		Email:             fullUser.EmailClear(app.keys),
+		HasPass:           passIsSet,
+		IsLogOut:          r.FormValue("logout") == "1",
+		Silenced:          fullUser.IsSilenced(),
+		OauthSection:      displayOauthSection,
+		OauthAccounts:     oauthAccounts,
+		OauthSlack:        enableOauthSlack,
+		OauthWriteAs:      enableOauthWriteAs,
+		OauthGitLab:       enableOauthGitLab,
+		GitLabDisplayName: config.OrDefaultString(app.Config().GitlabOauth.DisplayName, gitlabDisplayName),
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index 14f8e47..e4209d7 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -93,7 +93,7 @@ h3 { font-weight: normal; }
                 <a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as?attach=t">Link your <strong>Write.as</strong> account.</a>
             {{ end }}
             {{ if .OauthGitLab }}
-                <a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab?attach=t">Link your <strong>GitLab</strong> account.</a>
+                <a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab?attach=t">Link your <strong>{{.GitLabDisplayName}}</strong> account</a>
             {{ end }}
             </p>
         {{ end }}

From d7d4cd907ed91c56ebf28eeaeb7ea27ac2bd331d Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 24 Mar 2020 09:09:14 -0400
Subject: [PATCH 42/76] Tweak "account already attached" verbiage

---
 oauth.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oauth.go b/oauth.go
index 80f3e1d..9073f75 100644
--- a/oauth.go
+++ b/oauth.go
@@ -255,7 +255,7 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 	}
 
 	if localUserID != -1 && attachUserID > 0 {
-		if err = addSessionFlash(app, w, r, "Slack account is already attached to a user.", nil); err != nil {
+		if err = addSessionFlash(app, w, r, "This Slack account is already attached to another user.", nil); err != nil {
 			return impart.HTTPError{Status: http.StatusInternalServerError, Message: err.Error()}
 		}
 		return impart.HTTPError{http.StatusFound, "/me/settings"}

From 5d01f49ce9019c899aab5b354011453743e9ac5c Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 24 Mar 2020 10:33:45 -0400
Subject: [PATCH 43/76] Move /me/oauth/remove endpoint to /api/me/oauth/remove

---
 routes.go                    | 2 +-
 templates/user/settings.tmpl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/routes.go b/routes.go
index 764e36f..b34bd3d 100644
--- a/routes.go
+++ b/routes.go
@@ -105,7 +105,6 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	me.HandleFunc("/settings", handler.User(viewSettings)).Methods("GET")
 	me.HandleFunc("/invites", handler.User(handleViewUserInvites)).Methods("GET")
 	me.HandleFunc("/logout", handler.Web(viewLogout, UserLevelNone)).Methods("GET")
-	me.HandleFunc("/oauth/remove", handler.User(removeOauth)).Methods("POST")
 
 	write.HandleFunc("/api/me", handler.All(viewMeAPI)).Methods("GET")
 	apiMe := write.PathPrefix("/api/me/").Subrouter()
@@ -116,6 +115,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	apiMe.HandleFunc("/self", handler.All(updateSettings)).Methods("POST")
 	apiMe.HandleFunc("/invites", handler.User(handleCreateUserInvite)).Methods("POST")
 	apiMe.HandleFunc("/import", handler.User(handleImport)).Methods("POST")
+	apiMe.HandleFunc("/oauth/remove", handler.User(removeOauth)).Methods("POST")
 
 	// Sign up validation
 	write.HandleFunc("/api/alias", handler.All(handleUsernameCheck)).Methods("POST")
diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index e4209d7..a403feb 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -72,7 +72,7 @@ h3 { font-weight: normal; }
 	    {{ if .OauthAccounts }}
 	        <p>Existing OAuth accounts can be removed from your account.</p>
 	        {{ range $oauth_account := .OauthAccounts }}
-		        <form method="post" action="/me/oauth/remove" autocomplete="false">
+		        <form method="post" action="/api/me/oauth/remove" autocomplete="false">
 		            <input type="hidden" name="provider" value="{{ $oauth_account.Provider }}" />
 		            <input type="hidden" name="client_id" value="{{ $oauth_account.ClientID }}" />
 		            <input type="hidden" name="remote_user_id" value="{{ $oauth_account.RemoteUserID }}" />

From 491a1148ee503c4bd709493f00017da8fdf9fd1d Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 24 Mar 2020 10:41:53 -0400
Subject: [PATCH 44/76] Restyle OAuth account management section

- Break up linked / to-link sections
- Add logos for all services
- Lay out buttons horizontally
- Tweak the copy

Ref T713
---
 static/img/mark/gitlab.png   | Bin 0 -> 1005 bytes
 static/img/mark/slack.png    | Bin 0 -> 2291 bytes
 static/img/mark/writeas.png  | Bin 0 -> 2884 bytes
 templates/user/settings.tmpl |  66 +++++++++++++++++++++++++----------
 4 files changed, 47 insertions(+), 19 deletions(-)
 create mode 100644 static/img/mark/gitlab.png
 create mode 100644 static/img/mark/slack.png
 create mode 100644 static/img/mark/writeas.png

diff --git a/static/img/mark/gitlab.png b/static/img/mark/gitlab.png
new file mode 100644
index 0000000000000000000000000000000000000000..214b0ad3d6d836234b25127184fe75338b981eeb
GIT binary patch
literal 1005
zcmeAS@N?(olHy`uVBq!ia0vp^3qY8I8A$FCoG#D6z{nlo6XN<IQvFSk#!Fv~=iVBR
zoHd_%XukB*cpIwmF<Sk7xCRJCXuJv5c;c%0Hdy0zfW|9-jaLC0A0pJ>g=swV)O_l$
z`884fLxjfbK#g}H8n65`-i4{Z1{&z60W=n9CXoB32&CZ8Vl@!zSNoHz_NP<rPoLVK
zMzt^T>VKxH{aK*)r(ErKw%V^uwLf#z{uHSF=~eqPN$t-xwLcwdf9ll!l&JlgsrIKw
z?avgoKXXBhccB_U1wT^N|8%Q?P^;RXiE4kk)PT<TmaP6~Hi-Rag4&;IwLi1KMgiF~
z)c!Pp?FAY;9V`np4X6v~7@+I~wZjv>DgZ-=u_VYZn8D%MjWiG^$=lt9p@UV{1IXbl
z@Q5sCVBi)8VMc~ob0mO*>?NMQuIx{kCHORSzKKg-XJBB8_H=O!skrs_=3YPPK!LW0
znr@3YJvg+yOd^^D*t;||L=;q9CUQx=`|rnbBk}s~>VL<I)BNYW*PVF&+~SEk@AX_b
z6k7zG;KZh`p8@3`Cfq!}eC}fVoz)IywksqK?^7=q+!0<^aGrg~`CFD}^ql^MH>fXV
z_pfO<bIbDA<lS60de#+hm{YEuyEvcaf^fxwTb9!7`*-LRa4RrJ*tFL+<gh;ZFH&*j
zmgVARc0KMpOeYw`&L+w$L^DYqXtD%qj8<TtVGB~nyG86&l9ivBg~m09wFXawv*+7H
zFv%Z@`0>0diF1mS!&HMe!o~3pD;U=4r}K+QFZjVEev7qh@A{fn!}$vX79Db0aD~;6
zL;uje?iK!7Kc4JLX?=V?&YSh&G1FA*1y|VnTFVvh#~w;&*)w&DL3QI{ZQH963r_Is
zeyA&1X?5Tt*YwN#-mhd0WA?hob$MTw!$pRrVg}AT<}<E&K3iqp@^FiN?dy)7{;?=S
zEaP8*kg!_g*4p4BEe7vafBctg@z_Yd;^jl-s;)H#d}}^&hgaMVc(AyuwN-GzV*R3G
z3ASCI+78X0u;KUbshjf)>SwV1s<AebTg2q>{%a~%`ZvM7J{-#%_V(LO&R^<Kq_389
z@Va_i!{<-O4k;Ft-T$!lPSFPo^Zofh-jx<LniSVQWZNKk|9NbZ|Bg2``&YKwX@tve
z*xkO&?N>}9d(J8MFI)Bhysln4EsFd4fo<2Wi?3_Y{bko-FW!HqzdPUeQ^r^Q+gF)Z
xUYz$-R%8E)yHCD^tay1Y51s}fso}+5^BW4eZYQ(4_5)KMgQu&X%Q~loCIBTb!}$OJ

literal 0
HcmV?d00001

diff --git a/static/img/mark/slack.png b/static/img/mark/slack.png
new file mode 100644
index 0000000000000000000000000000000000000000..33b4abcd4c0361d7e44dbf0f822a5f878e2f36f8
GIT binary patch
literal 2291
zcmb7GhgXx?6919_k%SI0AXOAZIzh?<DKCJ4(n}CnF}f5{NQiU|5{jS{1qB5GiHm}?
z7(t}t2Pm*e@kuolL*FHoAR36Y7vFjR!2a%;J7?z3nRD)M?##J&U7T!%5l0XJ00`UL
zS-bHx^_LtH;O*&yL0UW|aQU3AHE{52QCrI%@;riJcHZFtfRy|t5a3CnG|vf-uy?e9
z&%>le)R6A-RV@H;h+=R3Z;u$p>J;&cR1ma#gE;JSPJ@Q2)5)QWeYKm|P&S}W%-XQo
zj{;xooL+-+Y;1fq_mYG^p!+K~Zrh1fdj)5+(j`adeqz1P(F(IXXyx?7DnlA=!AhDx
zvCXH%Z=ULUKbam&yAfPtT5H;@-@LO!(J3s7{WhO}aWOwXZc#=|{2!tGv7te`)rDgZ
zD-$9?3^mVLg^=t@GaG-WK&QwsOADe@hZzWFN&AGL9K?k3B5(u76bX}%?kST9hggjX
ze1{Mrl@yi55^uba@qB4fIs$(UPSj%SvCrmvBEhF*_3SN~Hf^RpwY9HeiDESQCfpYi
z(#j6y)6Oe-s;Cbpkkv^|4%-}9nS;?<xAdpE(jpcD&q`h=;iboqgbg)=99~3dHaimf
zn34<m*eVp!9K7ULxtgw`bps$*C$cXk8o11ECLlUe%RgSLZaC&+K<Ta=kFp)>nP23;
zcdH;lUVOwJ5<*>zM$=n*FZ*pZYTjAk;19I<>D*AkXBn&JkNJNjLdSPUlU=%oct*fU
zN<XpYOtff6LkZmh5^~E+oL^U+>oJ=c)eM!c6Me%%fok$_TJV+z#Wk|?0K$RT*jPd`
z)RV{9ZH>}6At~@Bc3Ue;;Fc&^9zS$KswhnJ+7AI9W$qw)QIW^BETxR%26G8Q$@9~3
z3A=vPRPFOpmg14^NQ_m5AGq_a?eM!!sW6!IK$%1dDFk+t{tiAabey7?pg~}8v5=|@
ze<^g!8juT@yEpl{jdP$M^SXI%UZ!z`GjtuAisq6T<o)0hq4kTOm1ZXHM88|}FzXCD
zo)8Z?(R4=D%UZh4$^Cw(3eK0nxH7J=^7SQ<BH30K<NPW#vq7B*4Qf84s+g`s9)un6
znZyxlPz`ud&MQx#a!YStv8bwU3RGmtwV^=4L{Z$TZfF^RBYmH+=cabCR;`QTr-=z`
zi2Aq>yu9TAZp}`J^`_~X|8=5#ykETJ+e^E!E2@a)JHbEpJ-UnQs(V*WSK9YS5cn`w
zjIpcBWJtvj_iKt+n)g+P8$?KLU`q|%B=J=6*<^X_L43uR3CsXQbJj8Yu<abLQU>wn
z9gSkWWXlZrbeAC|@OqD_UiI`6@5D2`{dF|&u~|W?`u@xtWmy$}gvxtPz0qf2L&wD+
za$tcR#_8UI``wFXlWV0#_RRCBh0)njr-aY7u_q}3O*8+(JKLSuzO=1i>@&Mr5?Dkv
z?<hE?>!1%R7_Ii5q>S9w75!h5W%eqsNcD$(+Z|2o*=;nWM8~FOaY0mvTyQwrm|0px
zp4=i@Wu)j0%@W`#e=J8Opf}6kM=#(ah6bX+bn~V;L8d2Dl)%VGyrx-!QAVqUgygu1
zF!%3I{ycioD1qE`=3S@IbZG8if+*T#X|q#d#Tg*NbmoLvO`;jlps6?EUEQ2Ph!>^!
zT$LewmtthVK0#poXVOTShd<J@bTjL>1R4*;LdPFy`X8*8Ot!{!RvFF+8*VQsANTIT
zMToogec9B(Ue!}$9%y5$GH!Z8svOxS8*9t(I8+Dm!R?j5lmpCDjNb3_xm@j=)MH+$
z$!cBDj~N8kVen&DDvnYIdmDuH_9h<)2!6e_iEcag9^(bX!}onu$$3g~2Gi3!RrlFu
zNHWTGTQ@YKJg=75H#2-Mkn66Uxkn#04$C=4!^cBlVYgaZxAHNzZJU8pYSnyBsPL%A
z(DN5u80={i8BXI6uBBTuiGgn#{m`PA#NHdkFl#Rl5ZnQcF<Y+JQ{1crYC=JdxbCQV
zy`7{RxH?8)xIn5t`5G8k5HMcPM`9+HYDz;oA01-G++4rWVw9O$ZJLbn<1}iD;85Y5
z8~nP)8qa_BTfh;&2OW>oPXB2BRtjWx97+B;)N+uj*Zv8Mw%PKfYWb>Dj07)fFZv(#
zeRVS0_IJj;+EOhPNNLXpx+*jmStdAch(p2kzTO5&1U^8-v$55^UUD?!rT{S~yteKV
zOF-AV$B%Eovw^G24k)VJb?SS<F3ctAs8dE_OA=`fhgu$L`j;*LHui2N4uwvqjlGda
z;3I9@CoDzx6@6O-cD22GZuzb^`N(XUPiN8YD-+&+w7j27BJxO0W}8e4&%?loyPg(+
z-`T@8*}^t8n6;e0(=I9(axW+58HNsr228Rt=|owAr8>xCLK}~y3*_<9RFPkh=Jk8}
zxx&^l!`3xf7v@;MDFqQR@uyjWOA7O3{l%O)S&g}61K~&$<^6Aj`i5G}n%YLI?aTj<
zu1s29ZE?x>oQ_b?8P_#3VT=NwG|Vn3m*my9@1%W#w4L(mUru~+)dGG#T9z$}r}M(S
z02TEq&_ypOTAd<+LT;ba3$iE&&U%<^_|;YbXZ=MqC=%tD2i9Bxm9qsXa1q@FGYRK)
zcdiTIOD#h_%TOe1BbRM?gFH?WEA#l5kp>-~?{lI3t)9+(zf_}CDoZ+D3_YKJb*)iY
z1^MM-KlW;%s(ji@Cj>r;o73x;8Tt5gt>X{ZFS1421tupcTAzi#!Z_k9!Ob$vR=2@|
zykOE-WXuaQffe3$&G_kc*cf@DM_TdHJ*1_&ch94^z1&=qGwkGU>%yiSz1melsp7U_
z@&;$R2o$F#r6!$KWVY(=9M{d#^oLC?>FYn_%=8b|FK1hDyu*i0rM6PLP~cBE$$&0G
zq!RSJds4oYlJqT#1DX~KNKY$mtp5?7$L^s8-E;y_y^nl&-xI*z#>tw7#V7t3Xk9AG

literal 0
HcmV?d00001

diff --git a/static/img/mark/writeas.png b/static/img/mark/writeas.png
new file mode 100644
index 0000000000000000000000000000000000000000..777885b4ecbea9c4d81a88256b001dc93583beda
GIT binary patch
literal 2884
zcmb^z2UnBX@=Ia}9UDdrpe`L25f$l8$<h==dJmvd0-8liAOZ<1unK|#p?9Uo3IqcJ
zOZ!lSrwfD@5_&Y0l^Qx4%8NhYo%80NxpU5(nYnZ4OnY+6%2Y(~j3592BIaf$w|TVa
zC-U?0?nIieDv$7aTbh~xhd)nIYk3-vBY-n=e#p~c{6xq##auj(i3l;jiAK!8PKzo*
zDu+VY03bMEZenbQA6uSu#kt!{b+4^zpTFs<m{G?}s#mSoEqAkUEy9z|!D0oKi~iN}
z8AkYSqNTdNp!+qA`L;eGz50#2%G@MP#&4f)I_ZZIj0-kpR=-MzzAF{*|E3xg`A!UL
zf9+=96rn0AHE(+-+pDaUQ1hmhcKC+t0y*~offobmT^k9GC4L?PWpdAx22%8Zz~pDz
ztQQOkBiCf4s|9AhBVcR!W^1bl&C&mXTAD1Cm~B)qTDXs`Rj02dk=R||g>cr;Lg^2M
z4X|BFjNVGCz^>OwqI+kM--XO}(H1s&Tvl7U5wdHXKh=E&vxDa|ipYcE-kgngG%{aD
zrw|Mvc@kOkt)Y+3e$t9LU`rE4ijSic-7n5+G!p^6N+p2Wq+Hb6Qg<9Zv?VA`JbyvV
zPfZPOHK1Y#{BUUBAT>eE^F(_Xxpsi`%GP|9g&M?)f3IoYp~Ua$`=A-I87JIPCm}ul
z7EMtI9&!<eZw5WEU!939VtUY)Bq^kR8H^K!(d9rcvMkEuz%}?m5|X6i?K8Dr5$)T!
z_gIu!h<G$11N^lzx#`t?oSU$(2|SuE&Hd=X5@r3(%*sDedPh;6)HwBZe+8!U-T>nj
z*mH`u=LVUuNS1hhCi=*PH0rWlf3uDVUX?woOG0`3M3-O1h}5dXz!7NLlHiS1D)<RL
zJ9`NeOrmX%OZKKr-{@rJR^&g=BzD9OMxLT&r&tiUc1!1iZH*(E>MF|6a!;)wZFy_!
zv$g8&4r*G>_0_$$k0BOv?cd5|orO){1`GkvnXIT>GP*I8<e4PR8hbLKn}>s(Ms1jo
z=p5P9&K;Pi9S(rHNsO&j-^g`<wvpG?vAj<^0zb&H2q81yHri!g1dmf*iM~AIC{@W<
z9i5}GcxmamRZap4k;Re^01n9B4y3$A36l+qtsfeTRnA1h%hqld$$bcIKfPKXErKG}
zs#~+0<5yl@;FFJ-2)D?G9%Z50Gz+BBz2J9=v6vJeM2-#c!_{~<vi@}h?DcW<U6$~B
zU&G(3;-el&zSaMhcF8RgOOg@j4g@Z!RY>9Q_AUAXg*EJls;}!BXzMLIslt#(aVG{p
zef6;@$js^mAHrp~=y?oUXWwLU+0%SyPNr<rUthKrbA<EKif<AW!k(UhV;Wrr&0e-1
zM`vf)s@D002)Q3kz9&YxbkW*zzP0#BA!P1O<7P24OJ5N5-fJy-ccbj~MUoOT%t4jw
z2ILU;@@$`!v;_713gIQSrpTRZ2uxtl1>|ENI_E)0b#(PC5SF)|P29V2zFS_QAp_?h
zzp!J2p+YH64dTzc;AHKGgXPs0rQe4=3<`mo?ygNZAM1CJ5$qOIxtPs(i((!{J-h{R
zdgDtBBKg<#4+i^NDA~%J4^}QH_b(sp>4fE$r^v6XYU_$L*R^LLDcG|%z$tA1*3z{o
zxz>D|xC9he#odr+k$IllJt-OfBCV;44~t(2_X$kmNluIE5%Y6|Y(DqT<$R0R4j5fM
zWyu<IIZqWCqFmPSpTjWZM&82kseHqVxv7zY6&_>CLZ|Xv*wa*DCqs>;MD>56{o!Ev
zrR}WeS02_r9IM|H#hy_F7BLDqPt2J#MREW+);U9~%HZp&T5~0nF=25s-{a+vAilnm
z?MGqImZPYRYA7X|&WUCTyf2$`q1ZahMD=&41^o!3n;QO@`3M4mmajd^ef@McAy~g#
z&+60~5l%>^=o`BdzgJDemS&zBL+mny;hy*A=2D2%v1#;)A=2G?9c2)Cdywf7Kn#r$
zIZOQGk3U@Fw~Sf|1uunT?qugm@$Bn+x$;~6Wip^(sz}atL)AL0hV$c>L{c_H#fjQM
zQ*Y%u?q3>{e%`ZbQ`us9d4jO|A63dsEvQ$2dHwXX>|jD1AF0_N^DOL2w<Wk?EOo4T
zI2vzG?S$WRQSf8`xja-*5X7slB^xLuZgVts`9pl%Nup1`L<EBzd;T7;$L`*HnP_%)
z#(lZ6d0@hn>6M$PViWT9*x~A<BJJ6>W<T6Byw-pY#uD5QGELV)rnYrPiQ_7|+NZ6V
zXFBA-7t3IsSFth&31=}0sg%-NLChxlA=yA_)r;TB6C3w?U=M;>daI4j$rg4E5J%f&
zd=#wt*tKT~(b}eS?lU&@j&gclU=LMg_UmF}QiBGJkq6XYdcl&XB6^><S=%G&goFRs
z6xq-aZW3CX>WpWIg1E`X^pOMZx$8MQh<7mB{D*z%=|0^4q#(Ga0%yP;@X4x+5&rET
zRgz;#vzmTYaA_LNF@>%VLnK%JeAR1dD2bwO`SF9l859NA3l*J8A&gT9h6dzyIXBa`
z{ZHYn_SKy`7!SFp@n)WphYHh~Bcqe;!n&aTxIXvlQvb+Ub@GS_Bx^F5HD3VPRbT3B
z$W~%h!7o{_XI9cR%$xN7%`X2y=R681Jj=Ep3=7+dK{WQ2PS3>F%tY>72b23&4h(_z
z)dj!F8fC54&xAyZ@wb26?e%h`z>Qk<Y|A*!NJ0X!9X|8z+8`1=ky~ChIyyN$#&hCx
zXzHmZ`R+SQMUSZ54FP5qzb0%^r<sdX0jQ1<ZGA=C=M8BPgAbA_(Djf4tk8%uWc57T
zs)P4pHq+iDV*58Wm_t*g3nZ&pp|Qrw-w=gL<K9|Joy?viPzFyjE=cw2GV5dL!X1ny
z3-)Ebb#-K86}34g8A=J$Xi50-CXOo>_C~#-v)Z|(!761>>}_ErPPN_|Zx$h(0X6)7
zKitz9;xw)rYBsdXSA^}Kwk`LK>g@gd6**b~YACd;osbJK<kRn|09ZmEW%ib7rFVGN
zGUr$F35NE9%C5F&$9;J3*MPVACFHUv#G#htCqM|Q*70Q43<11O@?ZLTxRdfYGHL0b
zLp5a%bw3q)ak5b81{M`|z?d$+-Yj%KR}^a9-F0Ufr&`oFv_CFR{1#c8Xn$R*v!DtY
z(t>XBxBXiAPq<)YTjnRtIqiBdT-P3wb>Hw~UI8VOLYnz96}mk1OABux1tc$Wl~x*x
zcX)%o9+p_K{=?fxT2;|nmw)_YI1~78t&b;<3Hfbgv<ZU3@4RC)NHs@v`y4`OTUFqd
ztAzAd*oxM;b17s&aEacx00M3vxPmE6dhd;hSgosNnlur2sVXt=9UDZ<>k}4YiU8F<
z;yO6ATbMF|LQ!j3dacOQMA+^Fo%S}O>F(X^1!*`YESJK*Yv3@fWR2n+qUrmR5t3%x
zw{dbfTcfsBV8vxhUB(8ur}q21FEJLw%b}k~B54bpqnuZ|WlYAi0%N=aF3QmqJ1M4X
zIA&o);l^)BpRQBCI@hZcrNl=m&zzg2gb=}EIi!&$bXsOyiOO}S@3VQSuC5)l=qC)$
zPhK>srd9SuM5YI#a^uHQs1p+qoG~-beKJ@?rjW{n?FlxAEYAJZ;OfiB&14OIAFejH
vOBhR)^;fo;8Vl_(=WaTf{I8JgaR~3(VBe36y)DAqcL8&>l}YtAOzeLF$uw;F

literal 0
HcmV?d00001

diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index a403feb..8ade8ad 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -4,7 +4,13 @@
 <style type="text/css">
 .option { margin: 2em 0em; }
 h3 { font-weight: normal; }
-.section > *:not(input) { font-size: 0.86em; }
+.section p, .section label {
+	font-size: 0.86em;
+}
+.oauth-provider img {
+	max-height: 2.75em;
+	vertical-align: middle;
+}
 </style>
 <div class="content-container snug">
 	{{if .Silenced}}
@@ -62,41 +68,63 @@ h3 { font-weight: normal; }
 			</div>
 		</div>
 
-		<div class="option" style="text-align: center; margin-top: 4em;">
+		<div class="option" style="text-align: center;">
 			<input type="submit" value="Save changes" tabindex="4" />
 		</div>
 	</form>
 
     {{ if .OauthSection }}
-        <h1>OAuth Management</h1>
+		<hr />
+
 	    {{ if .OauthAccounts }}
-	        <p>Existing OAuth accounts can be removed from your account.</p>
+		<div class="option">
+			<h2>Linked Accounts</h2>
+			<p>These are your linked external accounts.</p>
 	        {{ range $oauth_account := .OauthAccounts }}
 		        <form method="post" action="/api/me/oauth/remove" autocomplete="false">
 		            <input type="hidden" name="provider" value="{{ $oauth_account.Provider }}" />
 		            <input type="hidden" name="client_id" value="{{ $oauth_account.ClientID }}" />
 		            <input type="hidden" name="remote_user_id" value="{{ $oauth_account.RemoteUserID }}" />
-    		        <div class="option">
-    			        <div class="section">
-        				    <input type="submit" value="Remove {{ $oauth_account.Provider | title }}" style="margin-left: 1em;" />
-    			        </div>
-    		        </div>
+					<div class="section oauth-provider">
+						<img src="/img/mark/{{$oauth_account.Provider}}.png" alt="{{ $oauth_account.Provider | title }}" />
+						<input type="submit" value="Remove {{ $oauth_account.Provider | title }}" />
+					</div>
     	        </form>
             {{ end }}
-	    {{ end }}
-	    {{ if or .OauthSlack .OauthWriteAs }}
-	        <p>
+		</div>
+		{{ end }}
+		{{ if or .OauthSlack .OauthWriteAs .OauthGitLab }}
+		<div class="option">
+			<h2>Link External Accounts</h2>
+			<p>Connect additional accounts to enable logging in with those providers, instead of using your username and password.</p>
+			<div class="row">
+			{{ if .OauthWriteAs }}
+				<div class="section oauth-provider">
+					<img src="/img/mark/writeas.png" alt="Write.as" />
+					<a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as?attach=t">
+						Link <strong>Write.as</strong>
+					</a>
+				</div>
+			{{ end }}
 	        {{ if .OauthSlack }}
-    	        <a class="loginbtn" href="/oauth/slack?attach=t"><img alt="Sign in with Slack" height="40" width="172" src="/img/sign_in_with_slack.png" srcset="/img/sign_in_with_slack.png 1x, /img/sign_in_with_slack@2x.png 2x" /></a>
-            {{ end }}
-            {{ if .OauthWriteAs }}
-                <a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as?attach=t">Link your <strong>Write.as</strong> account.</a>
+				<div class="section oauth-provider">
+					<img src="/img/mark/slack.png" alt="Slack" />
+					<a class="btn cta loginbtn" href="/oauth/slack?attach=t">
+						Link <strong>Slack</strong>
+					</a>
+				</div>
             {{ end }}
             {{ if .OauthGitLab }}
-                <a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab?attach=t">Link your <strong>{{.GitLabDisplayName}}</strong> account</a>
+				<div class="section oauth-provider">
+					<img src="/img/mark/gitlab.png" alt="GitLab" />
+					<a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab?attach=t">
+						Link <strong>{{.GitLabDisplayName}}</strong>
+					</a>
+				</div>
             {{ end }}
-            </p>
-        {{ end }}
+			</div>
+		</div>
+		{{ end }}
     {{ end }}
 </div>
 

From 540d716d295259e38efa894023b6cf42e54788f1 Mon Sep 17 00:00:00 2001
From: CJ Eller <45696734+cjeller1592@users.noreply.github.com>
Date: Fri, 27 Mar 2020 11:22:16 -0400
Subject: [PATCH 45/76] Apply review edits

---
 templates/collection.tmpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 3694d07..3abcc83 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -89,12 +89,12 @@
 			{{template "posts" .}}
 
 		{{if gt .TotalPages 1}}<nav id="paging" class="content-container clearfix">
-			{{if or (and .Format.Ascending (lt .CurrentPage .TotalPages)) (isRTL .Direction)}}
+			{{if or (and .Format.Ascending (le .CurrentPage .TotalPages)) (isRTL .Direction)}}
 				{{if gt .CurrentPage 1}}<a href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; {{if and .Format.Ascending (le .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}}</a>{{end}}
 				{{if lt .CurrentPage .TotalPages}}<a style="float:right;" href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (lt .CurrentPage .TotalPages)}}Next{{else}}Older{{end}} &#8674;</a>{{end}}
 			{{else}}
 				{{if lt .CurrentPage .TotalPages}}<a href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; Older</a>{{end}}
-				{{if gt .CurrentPage 1}}<a style="float:right;" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (le .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}} &#8674;</a>{{end}}
+				{{if gt .CurrentPage 1}}<a style="float:right;" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">Newer &#8674;</a>{{end}}
 			{{end}}
 		</nav>{{end}}
 

From f11e6ed843cf1dfdc52bb075c1767e4ea205cee8 Mon Sep 17 00:00:00 2001
From: CJ Eller <45696734+cjeller1592@users.noreply.github.com>
Date: Fri, 27 Mar 2020 11:22:35 -0400
Subject: [PATCH 46/76] Apply review edits to chorus-collection

---
 templates/chorus-collection.tmpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index b996ca4..a8e806c 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -89,12 +89,12 @@ body#collection header nav.tabs a:first-child {
 			{{template "posts" .}}
 
 		{{if gt .TotalPages 1}}<nav id="paging" class="content-container clearfix">
-			{{if or (and .Format.Ascending (lt .CurrentPage .TotalPages)) (isRTL .Direction)}}
+			{{if or (and .Format.Ascending (le .CurrentPage .TotalPages)) (isRTL .Direction)}}
 				{{if gt .CurrentPage 1}}<a href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; {{if and .Format.Ascending (le .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}}</a>{{end}}
 				{{if lt .CurrentPage .TotalPages}}<a style="float:right;" href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (lt .CurrentPage .TotalPages)}}Next{{else}}Older{{end}} &#8674;</a>{{end}}
 			{{else}}
 				{{if lt .CurrentPage .TotalPages}}<a href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; Older</a>{{end}}
-				{{if gt .CurrentPage 1}}<a style="float:right;" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (le .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}} &#8674;</a>{{end}}
+				{{if gt .CurrentPage 1}}<a style="float:right;" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">Newer &#8674;</a>{{end}}
 			{{end}}
 		</nav>{{end}}
 

From 07debec8d5b6957b736ad07cfb7dc081d38fe024 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 27 Mar 2020 11:48:20 -0400
Subject: [PATCH 47/76] Add new err func to wflib and sqlite builds

---
 database-lib.go    |  4 ++++
 database-sqlite.go | 12 +++++++++++-
 2 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/database-lib.go b/database-lib.go
index b6b4be2..8b28577 100644
--- a/database-lib.go
+++ b/database-lib.go
@@ -22,3 +22,7 @@ func (db *datastore) isDuplicateKeyErr(err error) bool {
 func (db *datastore) isIgnorableError(err error) bool {
 	return false
 }
+
+func (db *datastore) isHighLoadError(err error) bool {
+	return false
+}
diff --git a/database-sqlite.go b/database-sqlite.go
index bd77e6a..10e701e 100644
--- a/database-sqlite.go
+++ b/database-sqlite.go
@@ -1,7 +1,7 @@
 // +build sqlite,!wflib
 
 /*
- * Copyright © 2019 A Bunch Tell LLC.
+ * Copyright © 2019-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -60,3 +60,13 @@ func (db *datastore) isIgnorableError(err error) bool {
 
 	return false
 }
+
+func (db *datastore) isHighLoadError(err error) bool {
+	if db.driverName == driverMySQL {
+		if mysqlErr, ok := err.(*mysql.MySQLError); ok {
+			return mysqlErr.Number == mySQLErrMaxUserConns || mysqlErr.Number == mySQLErrTooManyConns
+		}
+	}
+
+	return false
+}

From 599e7669d0ea5b082f4b65754e976557d36d0970 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 27 Mar 2020 12:19:59 -0400
Subject: [PATCH 48/76] Add CSS cache busting to templates in release

---
 Makefile                  |  1 +
 scripts/invalidate-css.sh | 37 +++++++++++++++++++++++++++++++++++++
 2 files changed, 38 insertions(+)
 create mode 100755 scripts/invalidate-css.sh

diff --git a/Makefile b/Makefile
index 85f02d3..05bc1c6 100644
--- a/Makefile
+++ b/Makefile
@@ -86,6 +86,7 @@ release : clean ui assets
 	cp -r templates $(BUILDPATH)
 	cp -r pages $(BUILDPATH)
 	cp -r static $(BUILDPATH)
+	scripts/invalidate-css.sh $(BUILDPATH)
 	mkdir $(BUILDPATH)/keys
 	$(MAKE) build-linux
 	mv build/$(BINARY_NAME)-linux-amd64 $(BUILDPATH)/$(BINARY_NAME)
diff --git a/scripts/invalidate-css.sh b/scripts/invalidate-css.sh
new file mode 100755
index 0000000..c411f70
--- /dev/null
+++ b/scripts/invalidate-css.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+#
+#	Copyright © 2020 A Bunch Tell LLC.
+#
+#	This file is part of WriteFreely.
+#
+#	WriteFreely is free software: you can redistribute it and/or modify
+#	it under the terms of the GNU Affero General Public License, included
+#	in the LICENSE file in this source code package.
+#
+###############################################################################
+#
+# WriteFreely CSS invalidation script
+#
+# usage: ./invalidate-css.sh <build-directory>
+#
+# This script provides an automated way to invalidate stylesheets cached in the
+# browser. It uses the last git commit hashes of the most frequently modified
+# LESS files in the project and appends them to the stylesheet `href` in all
+# template files.
+#
+# This is designed to be used when building a WriteFreely release.
+#
+###############################################################################
+
+# Get parent build directory from first argument
+buildDir=$1
+
+# Get short hash of each primary LESS file's last commit
+cssHash=$(git log -n 1 --pretty=format:%h -- less/core.less)
+cssNewHash=$(git log -n 1 --pretty=format:%h -- less/new-core.less)
+cssPadHash=$(git log -n 1 --pretty=format:%h -- less/pad.less)
+
+echo "Adding write.css version ($cssHash $cssNewHash $cssPadHash) to .tmpl files..."
+cd "$buildDir/templates" || exit 1
+find . -type f -name "*.tmpl" -print0 | xargs -0 sed -i "s/write.css/write.css?${cssHash}${cssNewHash}${cssPadHash}/g"
+find . -type f -name "*.tmpl" -print0 | xargs -0 sed -i "s/{{.Theme}}.css/{{.Theme}}.css?${cssHash}${cssNewHash}${cssPadHash}/g"
\ No newline at end of file

From c2417399a45ee3a78b42c6e755f6994c40789d35 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 27 Mar 2020 12:53:48 -0400
Subject: [PATCH 49/76] Bump version to 0.12.0

---
 app.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.go b/app.go
index 048c8d0..ca92192 100644
--- a/app.go
+++ b/app.go
@@ -56,7 +56,7 @@ var (
 	debugging bool
 
 	// Software version can be set from git env using -ldflags
-	softwareVer = "0.11.2"
+	softwareVer = "0.12.0"
 
 	// DEPRECATED VARS
 	isSingleUser bool

From d6cb178eb634b0a9db267ed750292860882704ce Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 28 Mar 2020 13:30:44 -0400
Subject: [PATCH 50/76] Use writeas/impart v1.1.1

This doesn't change the actual underlying dependency; it simply uses the
current, most recent tag for the impart library.
---
 go.mod | 2 +-
 go.sum | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index bb23137..d6e005a 100644
--- a/go.mod
+++ b/go.mod
@@ -44,7 +44,7 @@ require (
 	github.com/writeas/go-strip-markdown v2.0.1+incompatible
 	github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2
 	github.com/writeas/httpsig v1.0.0
-	github.com/writeas/impart v1.1.1-0.20191230230525-d3c45ced010d
+	github.com/writeas/impart v1.1.1
 	github.com/writeas/import v0.2.0
 	github.com/writeas/monday v0.0.0-20181024183321-54a7dd579219
 	github.com/writeas/nerds v1.0.0
diff --git a/go.sum b/go.sum
index 1de5654..a7b693a 100644
--- a/go.sum
+++ b/go.sum
@@ -150,6 +150,8 @@ github.com/writeas/impart v1.1.0 h1:nPnoO211VscNkp/gnzir5UwCDEvdHThL5uELU60NFSE=
 github.com/writeas/impart v1.1.0/go.mod h1:g0MpxdnTOHHrl+Ca/2oMXUHJ0PcRAEWtkCzYCJUXC9Y=
 github.com/writeas/impart v1.1.1-0.20191230230525-d3c45ced010d h1:PK7DOj3JE6MGf647esPrKzXEHFjGWX2hl22uX79ixaE=
 github.com/writeas/impart v1.1.1-0.20191230230525-d3c45ced010d/go.mod h1:g0MpxdnTOHHrl+Ca/2oMXUHJ0PcRAEWtkCzYCJUXC9Y=
+github.com/writeas/impart v1.1.1 h1:RyA9+CqbdbDuz53k+nXCWUY+NlEkdyw6+nWanxSBl5o=
+github.com/writeas/impart v1.1.1/go.mod h1:g0MpxdnTOHHrl+Ca/2oMXUHJ0PcRAEWtkCzYCJUXC9Y=
 github.com/writeas/import v0.2.0 h1:Ov23JW9Rnjxk06rki1Spar45bNX647HhwhAZj3flJiY=
 github.com/writeas/import v0.2.0/go.mod h1:gFe0Pl7ZWYiXbI0TJxeMMyylPGZmhVvCfQxhMEc8CxM=
 github.com/writeas/monday v0.0.0-20181024183321-54a7dd579219 h1:baEp0631C8sT2r/hqwypIw2snCFZa6h7U6TojoLHu/c=

From 9f1dd7a1382bbc3db22ade2aa0f20e19a421fc2b Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 9 Apr 2020 13:00:29 -0400
Subject: [PATCH 51/76] Use latest writeas/activityserve library

This fixes a 500 error / panic caused by ActivityPub actors without an
`inbox` or `outbox` attribute.
---
 go.mod | 2 +-
 go.sum | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index d6e005a..f827e2e 100644
--- a/go.mod
+++ b/go.mod
@@ -40,7 +40,7 @@ require (
 	github.com/stretchr/testify v1.3.0
 	github.com/urfave/cli/v2 v2.1.1
 	github.com/writeas/activity v0.1.2
-	github.com/writeas/activityserve v0.0.0-20191115095800-dd6d19cc8b89
+	github.com/writeas/activityserve v0.0.0-20200409150223-d7ab3eaa4481
 	github.com/writeas/go-strip-markdown v2.0.1+incompatible
 	github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2
 	github.com/writeas/httpsig v1.0.0
diff --git a/go.sum b/go.sum
index a7b693a..6affb2c 100644
--- a/go.sum
+++ b/go.sum
@@ -136,6 +136,8 @@ github.com/writeas/activity v0.1.2 h1:Y12B5lIrabfqKE7e7HFCWiXrlfXljr9tlkFm2mp7Dg
 github.com/writeas/activity v0.1.2/go.mod h1:mYYgiewmEM+8tlifirK/vl6tmB2EbjYaxwb+ndUw5T0=
 github.com/writeas/activityserve v0.0.0-20191115095800-dd6d19cc8b89 h1:NJhzq9aTccL3SSSZMrcnYhkD6sObdY9otNZ1X6/ZKNE=
 github.com/writeas/activityserve v0.0.0-20191115095800-dd6d19cc8b89/go.mod h1:Kz62mzYsCnrFTSTSFLXFj3fGYBQOntmBWTDDq57b46A=
+github.com/writeas/activityserve v0.0.0-20200409150223-d7ab3eaa4481 h1:BiSivIxLQFcKoUorpNN3rNwwFG5bITPnqUSyIccfdh0=
+github.com/writeas/activityserve v0.0.0-20200409150223-d7ab3eaa4481/go.mod h1:4akDJSl+sSp+QhrQKMqzAqdV1gJ1pPx6XPI77zgMM8o=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible h1:IIqxTM5Jr7RzhigcL6FkrCNfXkvbR+Nbu1ls48pXYcw=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible/go.mod h1:Rsyu10ZhbEK9pXdk8V6MVnZmTzRG0alMNLMwa0J01fE=
 github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2 h1:DUsp4OhdfI+e6iUqcPQlwx8QYXuUDsToTz/x82D3Zuo=

From e51e58386ebd7299f5f18de1ab6aee6c057f968c Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 9 Apr 2020 13:49:44 -0400
Subject: [PATCH 52/76] Update versions in migrations.go

---
 migrations/migrations.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/migrations/migrations.go b/migrations/migrations.go
index a5eea2d..31ae43c 100644
--- a/migrations/migrations.go
+++ b/migrations/migrations.go
@@ -61,8 +61,8 @@ var migrations = []Migration{
 	New("support users suspension", supportUserStatus),              // V2 -> V3 (v0.11.0)
 	New("support oauth", oauth),                                     // V3 -> V4
 	New("support slack oauth", oauthSlack),                          // V4 -> v5
-	New("support ActivityPub mentions", supportActivityPubMentions), // V5 -> V6 (v0.12.0)
-	New("support oauth attach", oauthAttach),                        // V6 -> V7
+	New("support ActivityPub mentions", supportActivityPubMentions), // V5 -> V6
+	New("support oauth attach", oauthAttach),                        // V6 -> V7 (v0.12.0)
 }
 
 // CurrentVer returns the current migration version the application is on

From 5de4d2086bba965333b2a70beeea532e9f2daece Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 9 Apr 2020 13:54:26 -0400
Subject: [PATCH 53/76] Optimize Drafts retrieval

This adds a database index to speed up retrieval of Drafts.

It is untested with SQLite.
---
 migrations/migrations.go |  1 +
 migrations/v8.go         | 29 +++++++++++++++++++++++++++++
 2 files changed, 30 insertions(+)
 create mode 100644 migrations/v8.go

diff --git a/migrations/migrations.go b/migrations/migrations.go
index 31ae43c..da2a443 100644
--- a/migrations/migrations.go
+++ b/migrations/migrations.go
@@ -63,6 +63,7 @@ var migrations = []Migration{
 	New("support slack oauth", oauthSlack),                          // V4 -> v5
 	New("support ActivityPub mentions", supportActivityPubMentions), // V5 -> V6
 	New("support oauth attach", oauthAttach),                        // V6 -> V7 (v0.12.0)
+	New("optimize drafts retrieval", optimizeDrafts),                // V7 -> V8
 }
 
 // CurrentVer returns the current migration version the application is on
diff --git a/migrations/v8.go b/migrations/v8.go
new file mode 100644
index 0000000..5ef991f
--- /dev/null
+++ b/migrations/v8.go
@@ -0,0 +1,29 @@
+/*
+ * Copyright © 2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package migrations
+
+func optimizeDrafts(db *datastore) error {
+	t, err := db.Begin()
+
+	_, err = t.Exec(`ALTER TABLE posts ADD INDEX(owner_id, id)`)
+	if err != nil {
+		t.Rollback()
+		return err
+	}
+
+	err = t.Commit()
+	if err != nil {
+		t.Rollback()
+		return err
+	}
+
+	return nil
+}

From 1c5a0099b66f948e7e12bb4e09e5dd80f68051b0 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 14 Apr 2020 07:27:44 -0400
Subject: [PATCH 54/76] Fix empty date showing on collection 404 page

---
 templates/collection-post.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index 629c8a5..5b27963 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -62,7 +62,7 @@
 		{{if .Silenced}}
 			{{template "user-silenced"}}
 		{{end}}
-		<article id="post-body" class="{{.Font}} h-entry {{if not .IsFound}}error-page{{end}}">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name{{if $.Collection.Format.ShowDates}} dated{{end}}">{{.FormattedDisplayTitle}}</h2>{{end}}{{if and $.Collection.Format.ShowDates (not .IsPinned)}}<time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
+		<article id="post-body" class="{{.Font}} h-entry {{if not .IsFound}}error-page{{end}}">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name{{if $.Collection.Format.ShowDates}} dated{{end}}">{{.FormattedDisplayTitle}}</h2>{{end}}{{if and $.Collection.Format.ShowDates (not .IsPinned) .IsFound}}<time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
 
 		{{ if .Collection.ShowFooterBranding }}
 		<footer dir="ltr"><hr><nav><p style="font-size: 0.9em">{{localhtml "published with write.as" .Language.String}}</p></nav></footer>

From 5e4ed5d9bcf28a57dc756e95bac244e66d72c354 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 15 Apr 2020 12:28:55 -0400
Subject: [PATCH 55/76] Remove extraneous @context fields on AP outbox

---
 activitypub.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/activitypub.go b/activitypub.go
index d2980ff..db42726 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -160,6 +160,7 @@ func handleFetchCollectionOutbox(app *App, w http.ResponseWriter, r *http.Reques
 		pp.Collection = res
 		o := pp.ActivityObject(app)
 		a := activitystreams.NewCreateActivity(o)
+		a.Context = nil
 		ocp.OrderedItems = append(ocp.OrderedItems, *a)
 	}
 

From 671c7e99a5b97ef8b3dc95e2ea6daa52458130b9 Mon Sep 17 00:00:00 2001
From: "Joice M. Joseph" <joice@moolekkari.net>
Date: Thu, 16 Apr 2020 09:34:16 +0530
Subject: [PATCH 56/76] fix: #297 - tls for mysql connetions

---
 app.go             | 2 +-
 config.ini.example | 1 +
 config/config.go   | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/app.go b/app.go
index ca92192..fa7dfae 100644
--- a/app.go
+++ b/app.go
@@ -748,7 +748,7 @@ func connectToDatabase(app *App) {
 	var db *sql.DB
 	var err error
 	if app.cfg.Database.Type == driverMySQL {
-		db, err = sql.Open(app.cfg.Database.Type, fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8mb4&parseTime=true&loc=%s", app.cfg.Database.User, app.cfg.Database.Password, app.cfg.Database.Host, app.cfg.Database.Port, app.cfg.Database.Database, url.QueryEscape(time.Local.String())))
+		db, err = sql.Open(app.cfg.Database.Type, fmt.Sprintf("%s:%s@tcp(%s:%d)/%s?charset=utf8mb4&parseTime=true&loc=%s&tls=%t", app.cfg.Database.User, app.cfg.Database.Password, app.cfg.Database.Host, app.cfg.Database.Port, app.cfg.Database.Database, url.QueryEscape(time.Local.String()), app.cfg.Database.TLS))
 		db.SetMaxOpenConns(50)
 	} else if app.cfg.Database.Type == driverSQLite {
 		if !SQLiteEnabled {
diff --git a/config.ini.example b/config.ini.example
index 7ac944e..8b74ddc 100644
--- a/config.ini.example
+++ b/config.ini.example
@@ -9,6 +9,7 @@ password = changeme
 database = writefreely
 host     = db
 port     = 3306
+tls      = false
 
 [app]
 site_name         = WriteFreely Example Blog!
diff --git a/config/config.go b/config/config.go
index 520dd59..58dfbd3 100644
--- a/config/config.go
+++ b/config/config.go
@@ -57,6 +57,7 @@ type (
 		Database string `ini:"database"`
 		Host     string `ini:"host"`
 		Port     int    `ini:"port"`
+		TLS      bool   `ini:"tls"`
 	}
 
 	WriteAsOauthCfg struct {

From 93c2773412a4f23bf64a267f3a042d26ca5adc80 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 20 Apr 2020 15:26:53 -0400
Subject: [PATCH 57/76] Prevent account creation via OAuth when registration is
 closed

---
 oauth.go | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/oauth.go b/oauth.go
index 9073f75..d3e31e4 100644
--- a/oauth.go
+++ b/oauth.go
@@ -240,7 +240,7 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
 	}
 
-	// Now that we have the access token, let's use it real quick to make sur
+	// Now that we have the access token, let's use it real quick to make sure
 	// it really really works.
 	tokenInfo, err := h.oauthClient.inspectOauthAccessToken(ctx, tokenResponse.AccessToken)
 	if err != nil {
@@ -262,6 +262,7 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 	}
 
 	if localUserID != -1 {
+		// Existing user, so log in now
 		user, err := h.DB.GetUserByID(localUserID)
 		if err != nil {
 			log.Error("Unable to GetUserByID %d: %s", localUserID, err)
@@ -282,6 +283,13 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 		return impart.HTTPError{http.StatusFound, "/me/settings"}
 	}
 
+	// New user registration below.
+	// First, verify that user is allowed to register
+	if !app.cfg.App.OpenRegistration {
+		addSessionFlash(app, w, r, ErrUserNotFound.Error(), nil)
+		return impart.HTTPError{http.StatusFound, "/login"}
+	}
+
 	displayName := tokenInfo.DisplayName
 	if len(displayName) == 0 {
 		displayName = tokenInfo.Username

From ca4a576c31679599371de51173fe1eb9fddc6257 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 20 Apr 2020 18:18:23 -0400
Subject: [PATCH 58/76] Support OAuth registration with invite code

This adds any OAuth login buttons to the invite signup page, stores the invite code for the flow duration, and associates the new user with it once successfully registered.

It enables invite-only instances with OAuth-based registration.
---
 database.go              | 20 ++++++++--------
 database_test.go         |  4 ++--
 invites.go               | 16 ++++++++++++-
 less/app.less            |  1 +
 less/login.less          | 45 ++++++++++++++++++++++++++++++++++++
 migrations/migrations.go |  3 ++-
 migrations/v8.go         | 45 ++++++++++++++++++++++++++++++++++++
 oauth.go                 | 49 +++++++++++++++++++++++++++++++++++-----
 oauth_signup.go          | 13 +++++++++++
 oauth_test.go            | 14 ++++++------
 pages/login.tmpl         | 33 ---------------------------
 pages/signup-oauth.tmpl  |  1 +
 pages/signup.tmpl        | 19 ++++++++++++++++
 13 files changed, 204 insertions(+), 59 deletions(-)
 create mode 100644 less/login.less
 create mode 100644 migrations/v8.go

diff --git a/database.go b/database.go
index 128e436..a1e8642 100644
--- a/database.go
+++ b/database.go
@@ -132,8 +132,8 @@ type writestore interface {
 
 	GetIDForRemoteUser(context.Context, string, string, string) (int64, error)
 	RecordRemoteUserID(context.Context, int64, string, string, string, string) error
-	ValidateOAuthState(context.Context, string) (string, string, int64, error)
-	GenerateOAuthState(context.Context, string, string, int64) (string, error)
+	ValidateOAuthState(context.Context, string) (string, string, int64, string, error)
+	GenerateOAuthState(context.Context, string, string, int64, string) (string, error)
 	GetOauthAccounts(ctx context.Context, userID int64) ([]oauthAccountInfo, error)
 	RemoveOauth(ctx context.Context, userID int64, provider string, clientID string, remoteUserID string) error
 
@@ -2516,24 +2516,26 @@ func (db *datastore) GetCollectionLastPostTime(id int64) (*time.Time, error) {
 	return &t, nil
 }
 
-func (db *datastore) GenerateOAuthState(ctx context.Context, provider string, clientID string, attachUser int64) (string, error) {
+func (db *datastore) GenerateOAuthState(ctx context.Context, provider string, clientID string, attachUser int64, inviteCode string) (string, error) {
 	state := store.Generate62RandomString(24)
 	attachUserVal := sql.NullInt64{Valid: attachUser > 0, Int64: attachUser}
-	_, err := db.ExecContext(ctx, "INSERT INTO oauth_client_states (state, provider, client_id, used, created_at, attach_user_id) VALUES (?, ?, ?, FALSE, "+db.now()+", ?)", state, provider, clientID, attachUserVal)
+	inviteCodeVal := sql.NullString{Valid: inviteCode != "", String: inviteCode}
+	_, err := db.ExecContext(ctx, "INSERT INTO oauth_client_states (state, provider, client_id, used, created_at, attach_user_id, invite_code) VALUES (?, ?, ?, FALSE, "+db.now()+", ?, ?)", state, provider, clientID, attachUserVal, inviteCodeVal)
 	if err != nil {
 		return "", fmt.Errorf("unable to record oauth client state: %w", err)
 	}
 	return state, nil
 }
 
-func (db *datastore) ValidateOAuthState(ctx context.Context, state string) (string, string, int64, error) {
+func (db *datastore) ValidateOAuthState(ctx context.Context, state string) (string, string, int64, string, error) {
 	var provider string
 	var clientID string
 	var attachUserID sql.NullInt64
+	var inviteCode sql.NullString
 	err := wf_db.RunTransactionWithOptions(ctx, db.DB, &sql.TxOptions{}, func(ctx context.Context, tx *sql.Tx) error {
 		err := tx.
-			QueryRowContext(ctx, "SELECT provider, client_id, attach_user_id FROM oauth_client_states WHERE state = ? AND used = FALSE", state).
-			Scan(&provider, &clientID, &attachUserID)
+			QueryRowContext(ctx, "SELECT provider, client_id, attach_user_id, invite_code FROM oauth_client_states WHERE state = ? AND used = FALSE", state).
+			Scan(&provider, &clientID, &attachUserID, &inviteCode)
 		if err != nil {
 			return err
 		}
@@ -2552,9 +2554,9 @@ func (db *datastore) ValidateOAuthState(ctx context.Context, state string) (stri
 		return nil
 	})
 	if err != nil {
-		return "", "", 0, nil
+		return "", "", 0, "", nil
 	}
-	return provider, clientID, attachUserID.Int64, nil
+	return provider, clientID, attachUserID.Int64, inviteCode.String, nil
 }
 
 func (db *datastore) RecordRemoteUserID(ctx context.Context, localUserID int64, remoteUserID, provider, clientID, accessToken string) error {
diff --git a/database_test.go b/database_test.go
index 569d020..c114077 100644
--- a/database_test.go
+++ b/database_test.go
@@ -18,13 +18,13 @@ func TestOAuthDatastore(t *testing.T) {
 			driverName: "",
 		}
 
-		state, err := ds.GenerateOAuthState(ctx, "test", "development", 0)
+		state, err := ds.GenerateOAuthState(ctx, "test", "development", 0, "")
 		assert.NoError(t, err)
 		assert.Len(t, state, 24)
 
 		countRows(t, ctx, db, 1, "SELECT COUNT(*) FROM `oauth_client_states` WHERE `state` = ? AND `used` = false", state)
 
-		_, _, _, err = ds.ValidateOAuthState(ctx, state)
+		_, _, _, _, err = ds.ValidateOAuthState(ctx, state)
 		assert.NoError(t, err)
 
 		countRows(t, ctx, db, 1, "SELECT COUNT(*) FROM `oauth_client_states` WHERE `state` = ? AND `used` = true", state)
diff --git a/invites.go b/invites.go
index c1c7d95..10416b2 100644
--- a/invites.go
+++ b/invites.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2019 A Bunch Tell LLC.
+ * Copyright © 2019-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -42,6 +42,18 @@ func (i Invite) Expired() bool {
 	return i.Expires != nil && i.Expires.Before(time.Now())
 }
 
+func (i Invite) Active(db *datastore) bool {
+	if i.Expired() {
+		return false
+	}
+	if i.MaxUses.Valid && i.MaxUses.Int64 > 0 {
+		if c := db.GetUsersInvitedCount(i.ID); c >= i.MaxUses.Int64 {
+			return false
+		}
+	}
+	return true
+}
+
 func (i Invite) ExpiresFriendly() string {
 	return i.Expires.Format("January 2, 2006, 3:04 PM")
 }
@@ -161,9 +173,11 @@ func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 		Error   string
 		Flashes []template.HTML
 		Invite  string
+		OAuth   *OAuthButtons
 	}{
 		StaticPage: pageForReq(app, r),
 		Invite:     inviteCode,
+		OAuth:      NewOAuthButtons(app.cfg),
 	}
 
 	if expired {
diff --git a/less/app.less b/less/app.less
index ec3472d..e1cf5ea 100644
--- a/less/app.less
+++ b/less/app.less
@@ -5,6 +5,7 @@
 @import "post-temp";
 @import "effects";
 @import "admin";
+@import "login";
 @import "pages/error";
 @import "lib/elements";
 @import "lib/material";
diff --git a/less/login.less b/less/login.less
new file mode 100644
index 0000000..57efee5
--- /dev/null
+++ b/less/login.less
@@ -0,0 +1,45 @@
+/*
+ * Copyright © 2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+.row.signinbtns {
+	justify-content: space-evenly;
+	font-size: 1em;
+	margin-top: 3em;
+	margin-bottom: 2em;
+
+	.loginbtn {
+		height: 40px;
+	}
+
+	#writeas-login, #gitlab-login {
+		box-sizing: border-box;
+		font-size: 17px;
+	}
+}
+
+.or {
+	text-align: center;
+	margin-bottom: 3.5em;
+
+	p {
+		display: inline-block;
+		background-color: white;
+		padding: 0 1em;
+	}
+
+	hr {
+		margin-top: -1.6em;
+		margin-bottom: 0;
+	}
+
+	hr.short {
+		max-width: 30rem;
+	}
+}
\ No newline at end of file
diff --git a/migrations/migrations.go b/migrations/migrations.go
index 31ae43c..a0b3f25 100644
--- a/migrations/migrations.go
+++ b/migrations/migrations.go
@@ -62,7 +62,8 @@ var migrations = []Migration{
 	New("support oauth", oauth),                                     // V3 -> V4
 	New("support slack oauth", oauthSlack),                          // V4 -> v5
 	New("support ActivityPub mentions", supportActivityPubMentions), // V5 -> V6
-	New("support oauth attach", oauthAttach),                        // V6 -> V7 (v0.12.0)
+	New("support oauth attach", oauthAttach),                        // V6 -> V7
+	New("support oauth via invite", oauthInvites),                   // V7 -> V8 (v0.12.0)
 }
 
 // CurrentVer returns the current migration version the application is on
diff --git a/migrations/v8.go b/migrations/v8.go
new file mode 100644
index 0000000..2318c4e
--- /dev/null
+++ b/migrations/v8.go
@@ -0,0 +1,45 @@
+/*
+ * Copyright © 2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package migrations
+
+import (
+	"context"
+	"database/sql"
+
+	wf_db "github.com/writeas/writefreely/db"
+)
+
+func oauthInvites(db *datastore) error {
+	dialect := wf_db.DialectMySQL
+	if db.driverName == driverSQLite {
+		dialect = wf_db.DialectSQLite
+	}
+	return wf_db.RunTransactionWithOptions(context.Background(), db.DB, &sql.TxOptions{}, func(ctx context.Context, tx *sql.Tx) error {
+		builders := []wf_db.SQLBuilder{
+			dialect.
+				AlterTable("oauth_client_states").
+				AddColumn(dialect.Column("invite_code", wf_db.ColumnTypeChar, wf_db.OptionalInt{
+					Set:   true,
+					Value: 6,
+				}).SetNullable(true)),
+		}
+		for _, builder := range builders {
+			query, err := builder.ToSQL()
+			if err != nil {
+				return err
+			}
+			if _, err := tx.ExecContext(ctx, query); err != nil {
+				return err
+			}
+		}
+		return nil
+	})
+}
diff --git a/oauth.go b/oauth.go
index d3e31e4..b5c88aa 100644
--- a/oauth.go
+++ b/oauth.go
@@ -1,3 +1,13 @@
+/*
+ * Copyright © 2019-2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
 package writefreely
 
 import (
@@ -15,10 +25,27 @@ import (
 	"github.com/gorilla/sessions"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/log"
-
 	"github.com/writeas/writefreely/config"
 )
 
+// OAuthButtons holds display information for different OAuth providers we support.
+type OAuthButtons struct {
+	SlackEnabled      bool
+	WriteAsEnabled    bool
+	GitLabEnabled     bool
+	GitLabDisplayName string
+}
+
+// NewOAuthButtons creates a new OAuthButtons struct based on our app configuration.
+func NewOAuthButtons(cfg *config.Config) *OAuthButtons {
+	return &OAuthButtons{
+		SlackEnabled:      cfg.SlackOauth.ClientID != "",
+		WriteAsEnabled:    cfg.WriteAsOauth.ClientID != "",
+		GitLabEnabled:     cfg.GitlabOauth.ClientID != "",
+		GitLabDisplayName: config.OrDefaultString(cfg.GitlabOauth.DisplayName, gitlabDisplayName),
+	}
+}
+
 // TokenResponse contains data returned when a token is created either
 // through a code exchange or using a refresh token.
 type TokenResponse struct {
@@ -61,8 +88,8 @@ type OAuthDatastoreProvider interface {
 type OAuthDatastore interface {
 	GetIDForRemoteUser(context.Context, string, string, string) (int64, error)
 	RecordRemoteUserID(context.Context, int64, string, string, string, string) error
-	ValidateOAuthState(context.Context, string) (string, string, int64, error)
-	GenerateOAuthState(context.Context, string, string, int64) (string, error)
+	ValidateOAuthState(context.Context, string) (string, string, int64, string, error)
+	GenerateOAuthState(context.Context, string, string, int64, string) (string, error)
 
 	CreateUser(*config.Config, *User, string) error
 	GetUserByID(int64) (*User, error)
@@ -108,7 +135,7 @@ func (h oauthHandler) viewOauthInit(app *App, w http.ResponseWriter, r *http.Req
 		attachUser = user.ID
 	}
 
-	state, err := h.DB.GenerateOAuthState(ctx, h.oauthClient.GetProvider(), h.oauthClient.GetClientID(), attachUser)
+	state, err := h.DB.GenerateOAuthState(ctx, h.oauthClient.GetProvider(), h.oauthClient.GetClientID(), attachUser, r.FormValue("invite_code"))
 	if err != nil {
 		log.Error("viewOauthInit error: %s", err)
 		return impart.HTTPError{http.StatusInternalServerError, "could not prepare oauth redirect url"}
@@ -228,7 +255,7 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 	code := r.FormValue("code")
 	state := r.FormValue("state")
 
-	provider, clientID, attachUserID, err := h.DB.ValidateOAuthState(ctx, state)
+	provider, clientID, attachUserID, inviteCode, err := h.DB.ValidateOAuthState(ctx, state)
 	if err != nil {
 		log.Error("Unable to ValidateOAuthState: %s", err)
 		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
@@ -285,7 +312,16 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 
 	// New user registration below.
 	// First, verify that user is allowed to register
-	if !app.cfg.App.OpenRegistration {
+	if inviteCode != "" {
+		// Verify invite code is valid
+		i, err := app.db.GetUserInvite(inviteCode)
+		if err != nil {
+			return impart.HTTPError{http.StatusInternalServerError, err.Error()}
+		}
+		if !i.Active(app.db) {
+			return impart.HTTPError{http.StatusNotFound, "Invite link has expired."}
+		}
+	} else if !app.cfg.App.OpenRegistration {
 		addSessionFlash(app, w, r, ErrUserNotFound.Error(), nil)
 		return impart.HTTPError{http.StatusFound, "/login"}
 	}
@@ -303,6 +339,7 @@ func (h oauthHandler) viewOauthCallback(app *App, w http.ResponseWriter, r *http
 		TokenRemoteUser: tokenInfo.UserID,
 		Provider:        provider,
 		ClientID:        clientID,
+		InviteCode:      inviteCode,
 	}
 	tp.TokenHash = tp.HashTokenParams(h.Config.Server.HashSeed)
 
diff --git a/oauth_signup.go b/oauth_signup.go
index 220afbd..cbe4f60 100644
--- a/oauth_signup.go
+++ b/oauth_signup.go
@@ -38,6 +38,7 @@ type viewOauthSignupVars struct {
 	Provider        string
 	ClientID        string
 	TokenHash       string
+	InviteCode      string
 
 	LoginUsername string
 	Alias         string // TODO: rename this to match the data it represents: the collection title
@@ -57,6 +58,7 @@ const (
 	oauthParamAlias             = "alias"
 	oauthParamEmail             = "email"
 	oauthParamPassword          = "password"
+	oauthParamInviteCode        = "invite_code"
 )
 
 type oauthSignupPageParams struct {
@@ -68,6 +70,7 @@ type oauthSignupPageParams struct {
 	ClientID        string
 	Provider        string
 	TokenHash       string
+	InviteCode      string
 }
 
 func (p oauthSignupPageParams) HashTokenParams(key string) string {
@@ -92,6 +95,7 @@ func (h oauthHandler) viewOauthSignup(app *App, w http.ResponseWriter, r *http.R
 		TokenRemoteUser: r.FormValue(oauthParamTokenRemoteUserID),
 		ClientID:        r.FormValue(oauthParamClientID),
 		Provider:        r.FormValue(oauthParamProvider),
+		InviteCode:      r.FormValue(oauthParamInviteCode),
 	}
 	if tp.HashTokenParams(h.Config.Server.HashSeed) != r.FormValue(oauthParamHash) {
 		return impart.HTTPError{Status: http.StatusBadRequest, Message: "Request has been tampered with."}
@@ -128,6 +132,14 @@ func (h oauthHandler) viewOauthSignup(app *App, w http.ResponseWriter, r *http.R
 		return h.showOauthSignupPage(app, w, r, tp, err)
 	}
 
+	// Log invite if needed
+	if tp.InviteCode != "" {
+		err = app.db.CreateInvitedUser(tp.InviteCode, newUser.ID)
+		if err != nil {
+			return err
+		}
+	}
+
 	err = h.DB.RecordRemoteUserID(r.Context(), newUser.ID, r.FormValue(oauthParamTokenRemoteUserID), r.FormValue(oauthParamProvider), r.FormValue(oauthParamClientID), r.FormValue(oauthParamAccessToken))
 	if err != nil {
 		return h.showOauthSignupPage(app, w, r, tp, err)
@@ -195,6 +207,7 @@ func (h oauthHandler) showOauthSignupPage(app *App, w http.ResponseWriter, r *ht
 		Provider:        tp.Provider,
 		ClientID:        tp.ClientID,
 		TokenHash:       tp.TokenHash,
+		InviteCode:      tp.InviteCode,
 
 		LoginUsername: username,
 		Alias:         collTitle,
diff --git a/oauth_test.go b/oauth_test.go
index c23eadd..1bd86af 100644
--- a/oauth_test.go
+++ b/oauth_test.go
@@ -22,8 +22,8 @@ type MockOAuthDatastoreProvider struct {
 }
 
 type MockOAuthDatastore struct {
-	DoGenerateOAuthState func(context.Context, string, string, int64) (string, error)
-	DoValidateOAuthState func(context.Context, string) (string, string, int64, error)
+	DoGenerateOAuthState func(context.Context, string, string, int64, string) (string, error)
+	DoValidateOAuthState func(context.Context, string) (string, string, int64, string, error)
 	DoGetIDForRemoteUser func(context.Context, string, string, string) (int64, error)
 	DoCreateUser         func(*config.Config, *User, string) error
 	DoRecordRemoteUserID func(context.Context, int64, string, string, string, string) error
@@ -86,11 +86,11 @@ func (m *MockOAuthDatastoreProvider) Config() *config.Config {
 	return cfg
 }
 
-func (m *MockOAuthDatastore) ValidateOAuthState(ctx context.Context, state string) (string, string, int64, error) {
+func (m *MockOAuthDatastore) ValidateOAuthState(ctx context.Context, state string) (string, string, int64, string, error) {
 	if m.DoValidateOAuthState != nil {
 		return m.DoValidateOAuthState(ctx, state)
 	}
-	return "", "", 0, nil
+	return "", "", 0, "", nil
 }
 
 func (m *MockOAuthDatastore) GetIDForRemoteUser(ctx context.Context, remoteUserID, provider, clientID string) (int64, error) {
@@ -125,9 +125,9 @@ func (m *MockOAuthDatastore) GetUserByID(userID int64) (*User, error) {
 	return user, nil
 }
 
-func (m *MockOAuthDatastore) GenerateOAuthState(ctx context.Context, provider string, clientID string, attachUserID int64) (string, error) {
+func (m *MockOAuthDatastore) GenerateOAuthState(ctx context.Context, provider string, clientID string, attachUserID int64, inviteCode string) (string, error) {
 	if m.DoGenerateOAuthState != nil {
-		return m.DoGenerateOAuthState(ctx, provider, clientID, attachUserID)
+		return m.DoGenerateOAuthState(ctx, provider, clientID, attachUserID, inviteCode)
 	}
 	return store.Generate62RandomString(14), nil
 }
@@ -173,7 +173,7 @@ func TestViewOauthInit(t *testing.T) {
 		app := &MockOAuthDatastoreProvider{
 			DoDB: func() OAuthDatastore {
 				return &MockOAuthDatastore{
-					DoGenerateOAuthState: func(ctx context.Context, provider, clientID string, attachUserID int64) (string, error) {
+					DoGenerateOAuthState: func(ctx context.Context, provider, clientID string, attachUserID int64, inviteCode string) (string, error) {
 						return "", fmt.Errorf("pretend unable to write state error")
 					},
 				}
diff --git a/pages/login.tmpl b/pages/login.tmpl
index 94087f3..5a338a4 100644
--- a/pages/login.tmpl
+++ b/pages/login.tmpl
@@ -3,39 +3,6 @@
 <meta itemprop="description" content="Log in to {{.SiteName}}.">
 <style>
 input{margin-bottom:0.5em;}
-.or {
-	text-align: center;
-	margin-bottom: 3.5em;
-}
-.or p {
-	display: inline-block;
-	background-color: white;
-	padding: 0 1em;
-}
-.or hr {
-	margin-top: -1.6em;
-	margin-bottom: 0;
-}
-hr.short {
-	max-width: 30rem;
-}
-.row.signinbtns {
-	justify-content: space-evenly;
-	font-size: 1em;
-	margin-top: 3em;
-	margin-bottom: 2em;
-}
-.loginbtn {
-	height: 40px;
-}
-#writeas-login {
-	box-sizing: border-box;
-	font-size: 17px;
-}
-#gitlab-login {
-	box-sizing: border-box;
-	font-size: 17px;
-}
 </style>
 {{end}}
 {{define "content"}}
diff --git a/pages/signup-oauth.tmpl b/pages/signup-oauth.tmpl
index ecf5db0..e02b89d 100644
--- a/pages/signup-oauth.tmpl
+++ b/pages/signup-oauth.tmpl
@@ -74,6 +74,7 @@ form dd {
 	        <input type="hidden" name="provider" value="{{ .Provider }}" />
 	        <input type="hidden" name="client_id" value="{{ .ClientID }}" />
 	        <input type="hidden" name="signature" value="{{ .TokenHash }}" />
+	        {{if .InviteCode}}<input type="hidden" name="invite_code" value="{{ .InviteCode }}" />{{end}}
 
             <dl class="billing">
                 <label>
diff --git a/pages/signup.tmpl b/pages/signup.tmpl
index 7c8707c..c17aee3 100644
--- a/pages/signup.tmpl
+++ b/pages/signup.tmpl
@@ -70,6 +70,25 @@ form dd {
 		</ul>{{end}}
 
 		<div id="billing">
+			{{ if or .OAuth.SlackEnabled .OAuth.WriteAsEnabled .OAuth.GitLabEnabled }}
+				<div class="row content-container signinbtns">
+					{{ if .OAuth.SlackEnabled }}
+						<a class="loginbtn" href="/oauth/slack{{if .Invite}}?invite_code={{.Invite}}{{end}}"><img alt="Sign in with Slack" height="40" width="172" src="/img/sign_in_with_slack.png" srcset="/img/sign_in_with_slack.png 1x, /img/sign_in_with_slack@2x.png 2x" /></a>
+					{{ end }}
+					{{ if .OAuth.WriteAsEnabled }}
+						<a class="btn cta loginbtn" id="writeas-login" href="/oauth/write.as{{if .Invite}}?invite_code={{.Invite}}{{end}}">Sign in with <strong>Write.as</strong></a>
+					{{ end }}
+					{{ if .OAuth.GitLabEnabled }}
+						<a class="btn cta loginbtn" id="gitlab-login" href="/oauth/gitlab{{if .Invite}}?invite_code={{.Invite}}{{end}}">Sign in with <strong>{{.OAuth.GitLabDisplayName}}</strong></a>
+					{{ end }}
+				</div>
+
+				<div class="or">
+					<p>or</p>
+					<hr class="short" />
+				</div>
+			{{ end }}
+
 			<form action="/auth/signup" method="POST" id="signup-form" onsubmit="return signup()">
 				<input type="hidden" name="invite_code" value="{{.Invite}}" />
 				<dl class="billing">

From 5400f416c016a22f570ad4af061d298038b925f2 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 20 Apr 2020 18:21:01 -0400
Subject: [PATCH 59/76] Reduce db calls on normal invite-based signup

This removes an unnecessary database call after creating a user, and documents `db.CreateUser()` to make it clear that extra calls are unnecessary.
---
 account.go  | 8 ++------
 database.go | 1 +
 2 files changed, 3 insertions(+), 6 deletions(-)

diff --git a/account.go b/account.go
index d32f503..f3399e4 100644
--- a/account.go
+++ b/account.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018-2019 A Bunch Tell LLC.
+ * Copyright © 2018-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -168,11 +168,7 @@ func signupWithRegistration(app *App, signup userRegistration, w http.ResponseWr
 
 	// Log invite if needed
 	if signup.InviteCode != "" {
-		cu, err := app.db.GetUserForAuth(signup.Alias)
-		if err != nil {
-			return nil, err
-		}
-		err = app.db.CreateInvitedUser(signup.InviteCode, cu.ID)
+		err = app.db.CreateInvitedUser(signup.InviteCode, u.ID)
 		if err != nil {
 			return nil, err
 		}
diff --git a/database.go b/database.go
index a1e8642..0eee612 100644
--- a/database.go
+++ b/database.go
@@ -178,6 +178,7 @@ func (db *datastore) dateSub(l int, unit string) string {
 	return fmt.Sprintf("DATE_SUB(NOW(), INTERVAL %d %s)", l, unit)
 }
 
+// CreateUser creates a new user in the database from the given User, UPDATING it in the process with the user's ID.
 func (db *datastore) CreateUser(cfg *config.Config, u *User, collectionTitle string) error {
 	if db.PostIDExists(u.Username) {
 		return impart.HTTPError{http.StatusConflict, "Invalid collection name."}

From 7b7df5535ed8063d1685fdf5de812f4b2f96eafe Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 21 Apr 2020 07:31:23 -0400
Subject: [PATCH 60/76] Run go fmt on oauth_test.go

---
 oauth_test.go | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/oauth_test.go b/oauth_test.go
index 1bd86af..96f65b2 100644
--- a/oauth_test.go
+++ b/oauth_test.go
@@ -119,9 +119,7 @@ func (m *MockOAuthDatastore) GetUserByID(userID int64) (*User, error) {
 	if m.DoGetUserByID != nil {
 		return m.DoGetUserByID(userID)
 	}
-	user := &User{
-
-	}
+	user := &User{}
 	return user, nil
 }
 

From 0127e38ed0416483887c9015ae5a12610574fbcf Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 21 Apr 2020 13:00:36 -0400
Subject: [PATCH 61/76] Reorder App Settings page and improve descriptions

---
 templates/user/admin/app-settings.tmpl | 88 +++++++++++++-------------
 1 file changed, 44 insertions(+), 44 deletions(-)

diff --git a/templates/user/admin/app-settings.tmpl b/templates/user/admin/app-settings.tmpl
index 3e0fdf7..1de4ca8 100644
--- a/templates/user/admin/app-settings.tmpl
+++ b/templates/user/admin/app-settings.tmpl
@@ -42,7 +42,7 @@ p.docs {
 		<div class="features row">
 			<div>
 				Host
-				<p>The address where your site lives.</p>
+				<p>The public address where users will access your site, starting with <code>http://</code> or <code>https://</code>.</p>
 			</div>
 			<div>{{.Config.Host}}</div>
 		</div>
@@ -56,24 +56,57 @@ p.docs {
 		<div class="features row">
 			<div{{if .Config.SingleUser}} class="invisible"{{end}}>
 				Landing Page
-				<p>The page that logged-out visitors will see first. This should be a path, e.g. <code>/read</code></p>
+				<p>The page that logged-out visitors will see first. This should be an absolute path like: <code>/read</code></p>
 			</div>
 			<div{{if .Config.SingleUser}} class="invisible"{{end}}><input type="text" name="landing" id="landing" class="inline" value="{{.Config.Landing}}" style="width: 14em;"/></div>
 		</div>
 		<div class="features row">
 			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="open_registration">
 					Open Registrations
-					<p>Whether or not registration is open to anyone who visits the site.</p>
+					<p>Allow anyone who visits the site to create an account.</p>
 				</label></div>
 			<div{{if .Config.SingleUser}} class="invisible"{{end}}><input type="checkbox" name="open_registration" id="open_registration" {{if .Config.OpenRegistration}}checked="checked"{{end}} />
 			</div>
 		</div>
 		<div class="features row">
-			<div><label for="min_username_len">
-					Minimum Username Length
-					<p>The minimum number of characters allowed in a username. (Recommended: 2 or more.)</p>
+			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="user_invites">
+					Allow invitations from...
+					<p>Choose who is allowed to invite new people.</p>
 				</label></div>
-			<div><input type="number" name="min_username_len" id="min_username_len" class="inline" min="1" max="100" value="{{.Config.MinUsernameLen}}"/></div>
+			<div{{if .Config.SingleUser}} class="invisible"{{end}}>
+				<select name="user_invites" id="user_invites">
+					<option value="none" {{if eq .Config.UserInvites ""}}selected="selected"{{end}}>No one</option>
+					<option value="admin" {{if eq .Config.UserInvites "admin"}}selected="selected"{{end}}>Only Admins</option>
+					<option value="user" {{if eq .Config.UserInvites "user"}}selected="selected"{{end}}>All Users</option>
+				</select>
+			</div>
+		</div>
+		<div class="features row">
+			<div><label for="private">
+					Private Instance
+					<p>Limit site access to people with an account.</p>
+				</label></div>
+			<div><input type="checkbox" name="private" id="private" {{if .Config.Private}}checked="checked"{{end}} /></div>
+		</div>
+		<div class="features row">
+			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="local_timeline">
+					Reader
+					<p>Show a feed of user posts for anyone who chooses to share there.</p>
+				</label></div>
+			<div{{if .Config.SingleUser}} class="invisible"{{end}}><input type="checkbox" name="local_timeline" id="local_timeline" {{if .Config.LocalTimeline}}checked="checked"{{end}} /></div>
+		</div>
+		<div class="features row">
+			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="default_visibility">
+					Default blog visibility
+					<p>The default setting for new accounts and blogs.</p>
+				</label></div>
+			<div{{if .Config.SingleUser}} class="invisible"{{end}}>
+				<select name="default_visibility" id="default_visibility">
+					<option value="unlisted" {{if eq .Config.DefaultVisibility "unlisted"}}selected="selected"{{end}}>Unlisted</option>
+					<option value="public" {{if eq .Config.DefaultVisibility "public"}}selected="selected"{{end}}>Public</option>
+					<option value="private" {{if eq .Config.DefaultVisibility "private"}}selected="selected"{{end}}>Private</option>
+				</select>
+			</div>
 		</div>
 		<div class="features row">
 			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="max_blogs">
@@ -97,44 +130,11 @@ p.docs {
 			<div><input type="checkbox" name="public_stats" id="public_stats" {{if .Config.PublicStats}}checked="checked"{{end}} /></div>
 		</div>
 		<div class="features row">
-			<div><label for="private">
-					Private Instance
-					<p>Make this instance accessible only to those with an account.</p>
+			<div><label for="min_username_len">
+					Minimum Username Length
+					<p>The minimum number of characters allowed in a username. (Recommended: 2 or more.)</p>
 				</label></div>
-			<div><input type="checkbox" name="private" id="private" {{if .Config.Private}}checked="checked"{{end}} /></div>
-		</div>
-		<div class="features row">
-			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="local_timeline">
-					Reader
-					<p>Show a feed of user posts for anyone who chooses to share there.</p>
-				</label></div>
-			<div{{if .Config.SingleUser}} class="invisible"{{end}}><input type="checkbox" name="local_timeline" id="local_timeline" {{if .Config.LocalTimeline}}checked="checked"{{end}} /></div>
-		</div>
-		<div class="features row">
-			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="user_invites">
-					Allow invitations from...
-					<p>Choose who on this instance can invite new people.</p>
-				</label></div>
-			<div{{if .Config.SingleUser}} class="invisible"{{end}}>
-				<select name="user_invites" id="user_invites">
-					<option value="none" {{if eq .Config.UserInvites ""}}selected="selected"{{end}}>No one</option>
-					<option value="admin" {{if eq .Config.UserInvites "admin"}}selected="selected"{{end}}>Only Admins</option>
-					<option value="user" {{if eq .Config.UserInvites "user"}}selected="selected"{{end}}>All Users</option>
-				</select>
-			</div>
-		</div>
-		<div class="features row">
-			<div{{if .Config.SingleUser}} class="invisible"{{end}}><label for="default_visibility">
-					Default blog visibility
-					<p>The default setting for new accounts and blogs.</p>
-				</label></div>
-			<div{{if .Config.SingleUser}} class="invisible"{{end}}>
-				<select name="default_visibility" id="default_visibility">
-					<option value="unlisted" {{if eq .Config.DefaultVisibility "unlisted"}}selected="selected"{{end}}>Unlisted</option>
-					<option value="public" {{if eq .Config.DefaultVisibility "public"}}selected="selected"{{end}}>Public</option>
-					<option value="private" {{if eq .Config.DefaultVisibility "private"}}selected="selected"{{end}}>Private</option>
-				</select>
-			</div>
+			<div><input type="number" name="min_username_len" id="min_username_len" class="inline" min="1" max="100" value="{{.Config.MinUsernameLen}}"/></div>
 		</div>
 		<div class="features row">
 			<input type="submit" value="Save Settings" />

From 37ccf69d81fa24c3d53369ffdf048f3b6b9d280b Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 21 Apr 2020 13:01:08 -0400
Subject: [PATCH 62/76] Increase App Settings checkbox and select sizes

---
 templates/user/admin/app-settings.tmpl | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/templates/user/admin/app-settings.tmpl b/templates/user/admin/app-settings.tmpl
index 1de4ca8..4bd87da 100644
--- a/templates/user/admin/app-settings.tmpl
+++ b/templates/user/admin/app-settings.tmpl
@@ -15,6 +15,13 @@ form dt {
 p.docs {
 	font-size: 0.86em;
 }
+input[type=checkbox] {
+	height: 1em;
+	width: 1em;
+}
+select {
+	font-size: 1em;
+}
 </style>
 
 <div class="content-container snug">

From b97038e696a469caa6defb70957577206f18d1ad Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 21 Apr 2020 13:01:39 -0400
Subject: [PATCH 63/76] Better describe usage stats in setup process

---
 config/setup.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/config/setup.go b/config/setup.go
index fd5a632..08c479f 100644
--- a/config/setup.go
+++ b/config/setup.go
@@ -356,7 +356,7 @@ func Configure(fname string, configSections string) (*SetupData, error) {
 		if data.Config.App.Federation {
 			selPrompt = promptui.Select{
 				Templates: selTmpls,
-				Label:     "Federation usage stats",
+				Label:     "Usage stats (active users, posts)",
 				Items:     []string{"Public", "Private"},
 			}
 			_, fedStatsType, err := selPrompt.Run()

From 0c6d3e45e464810cefd413243f2a91977b4d7baf Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 21 Apr 2020 13:04:19 -0400
Subject: [PATCH 64/76] Update Go modules

---
 go.mod | 11 +++--------
 go.sum | 35 ++++++++++++++---------------------
 2 files changed, 17 insertions(+), 29 deletions(-)

diff --git a/go.mod b/go.mod
index f827e2e..b31cb62 100644
--- a/go.mod
+++ b/go.mod
@@ -3,19 +3,15 @@ module github.com/writeas/writefreely
 require (
 	github.com/alecthomas/gometalinter v3.0.0+incompatible // indirect
 	github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf // indirect
-	github.com/captncraig/cors v0.0.0-20180620154129-376d45073b49 // indirect
 	github.com/clbanning/mxj v1.8.4 // indirect
-	github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 // indirect
 	github.com/dustin/go-humanize v1.0.0
 	github.com/fatih/color v1.7.0
-	github.com/go-fed/httpsig v0.1.1-0.20190924171022-f4c36041199d // indirect
 	github.com/go-sql-driver/mysql v1.4.1
 	github.com/go-test/deep v1.0.1 // indirect
 	github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
-	github.com/gologme/log v0.0.0-20181207131047-4e5d8ccb38e8 // indirect
 	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
 	github.com/gorilla/feeds v1.1.0
-	github.com/gorilla/mux v1.7.0
+	github.com/gorilla/mux v1.7.4
 	github.com/gorilla/schema v1.0.2
 	github.com/gorilla/sessions v1.2.0
 	github.com/guregu/null v3.4.0+incompatible
@@ -42,7 +38,7 @@ require (
 	github.com/writeas/activity v0.1.2
 	github.com/writeas/activityserve v0.0.0-20200409150223-d7ab3eaa4481
 	github.com/writeas/go-strip-markdown v2.0.1+incompatible
-	github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2
+	github.com/writeas/go-webfinger v1.1.0
 	github.com/writeas/httpsig v1.0.0
 	github.com/writeas/impart v1.1.1
 	github.com/writeas/import v0.2.0
@@ -52,13 +48,12 @@ require (
 	github.com/writeas/slug v1.2.0
 	github.com/writeas/web-core v1.2.0
 	github.com/writefreely/go-nodeinfo v1.2.0
-	golang.org/dl v0.0.0-20200319204010-bf12898a6070 // indirect
 	golang.org/x/crypto v0.0.0-20200109152110-61a87790db17
 	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
 	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67 // indirect
 	google.golang.org/appengine v1.4.0 // indirect
 	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c // indirect
-	gopkg.in/ini.v1 v1.41.0
+	gopkg.in/ini.v1 v1.55.0
 	src.techknowlogick.com/xgo v0.0.0-20200129005940-d0fae26e014b // indirect
 )
 
diff --git a/go.sum b/go.sum
index 6affb2c..c0bb24e 100644
--- a/go.sum
+++ b/go.sum
@@ -9,8 +9,8 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZq
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
 github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
-github.com/captncraig/cors v0.0.0-20180620154129-376d45073b49 h1:jWNY1NDg6a/c8RSXkai7IX6UOhir0LD39I4Dukg+4Ks=
-github.com/captncraig/cors v0.0.0-20180620154129-376d45073b49/go.mod h1:EIlIeMufZ8nqdUhnesledB15xLRl4wIJUppwDLPrdrQ=
+github.com/captncraig/cors v0.0.0-20190703115713-e80254a89df1 h1:AFSJaASPGYNbkUa5c8ZybrcW9pP3Cy7+z5dnpcc/qG8=
+github.com/captncraig/cors v0.0.0-20190703115713-e80254a89df1/go.mod h1:EIlIeMufZ8nqdUhnesledB15xLRl4wIJUppwDLPrdrQ=
 github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
 github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
 github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
@@ -27,8 +27,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.0-20190314233015-f79a8a8ca69d/go.mod h1:ma
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 h1:74lLNRzvsdIlkTgfDSMuaPjBr4cf6k7pwQQANm/yLKU=
-github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
+github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5 h1:RAV05c0xOkJ3dZGS0JFybxFKZ2WMLabgx3uXnd7rpGs=
+github.com/dchest/uniuri v0.0.0-20200228104902-7aecb25e1fe5/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
@@ -37,8 +37,8 @@ github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/go-fed/httpsig v0.1.0 h1:6F2OxRVnNTN4OPN+Mc2jxs2WEay9/qiHT/jphlvAwIY=
 github.com/go-fed/httpsig v0.1.0/go.mod h1:T56HUNYZUQ1AGUzhAYPugZfp36sKApVnGBgKlIY+aIE=
-github.com/go-fed/httpsig v0.1.1-0.20190924171022-f4c36041199d h1:+uoOvOnNDgsYbWtAij4xP6Rgir3eJGjocFPxBJETU/U=
-github.com/go-fed/httpsig v0.1.1-0.20190924171022-f4c36041199d/go.mod h1:T56HUNYZUQ1AGUzhAYPugZfp36sKApVnGBgKlIY+aIE=
+github.com/go-fed/httpsig v0.1.1-0.20200204213531-0ef28562fabe h1:U71giCx5NjRn4Lb71UuprPHqhjxGv3Jqonb9fgcaJH8=
+github.com/go-fed/httpsig v0.1.1-0.20200204213531-0ef28562fabe/go.mod h1:T56HUNYZUQ1AGUzhAYPugZfp36sKApVnGBgKlIY+aIE=
 github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-test/deep v1.0.1 h1:UQhStjbkDClarlmv0am7OXXO4/GaPdCGiUiMTvi28sg=
@@ -47,8 +47,8 @@ github.com/golang/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:tluoj9z5200j
 github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1 h1:6DVPu65tee05kY0/rciBQ47ue+AnuY8KTayV6VHikIo=
 github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
-github.com/gologme/log v0.0.0-20181207131047-4e5d8ccb38e8 h1:WD8iJ37bRNwvETMfVTusVSAi0WdXTpfNVGY2aHycNKY=
-github.com/gologme/log v0.0.0-20181207131047-4e5d8ccb38e8/go.mod h1:gq31gQ8wEHkR+WekdWsqDuf8pXTUZA9BnnzTuPz1Y9U=
+github.com/gologme/log v1.2.0 h1:Ya5Ip/KD6FX7uH0S31QO87nCCSucKtF44TLbTtO7V4c=
+github.com/gologme/log v1.2.0/go.mod h1:gq31gQ8wEHkR+WekdWsqDuf8pXTUZA9BnnzTuPz1Y9U=
 github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf h1:7+FW5aGwISbqUtkfmIpZJGRgNFg2ioYPvFaUxdqpDsg=
 github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf/go.mod h1:RpwtwJQFrIEPstU94h88MWPXP2ektJZ8cZ0YntAmXiE=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg=
@@ -57,8 +57,8 @@ github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc h1:cJlkeAx
 github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU=
 github.com/gorilla/feeds v1.1.0 h1:pcgLJhbdYgaUESnj3AmXPcB7cS3vy63+jC/TI14AGXk=
 github.com/gorilla/feeds v1.1.0/go.mod h1:Nk0jZrvPFZX1OBe5NPiddPw7CfwF6Q9eqzaBbaightA=
-github.com/gorilla/mux v1.7.0 h1:tOSd0UKHQd6urX6ApfOn4XdBMY6Sh1MfxV3kmaazO+U=
-github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/mux v1.7.4 h1:VuZ8uybHlWmqV03+zRzdwKL4tUnIp1MAQtp1mIFE1bc=
+github.com/gorilla/mux v1.7.4/go.mod h1:DVbg23sWSpFRCP0SfiEN6jmj59UnW/n46BH5rLB71So=
 github.com/gorilla/schema v1.0.2 h1:sAgNfOcNYvdDSrzGHVy9nzCQahG+qmsg+nE8dK85QRA=
 github.com/gorilla/schema v1.0.2/go.mod h1:kgLaKoK1FELgZqMAVxx/5cbj0kT+57qxUrAlIO2eleU=
 github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
@@ -134,14 +134,12 @@ github.com/urfave/cli/v2 v2.1.1 h1:Qt8FeAtxE/vfdrLmR3rxR6JRE0RoVmbXu8+6kZtYU4k=
 github.com/urfave/cli/v2 v2.1.1/go.mod h1:SE9GqnLQmjVa0iPEY0f1w3ygNIYcIJ0OKPMoW2caLfQ=
 github.com/writeas/activity v0.1.2 h1:Y12B5lIrabfqKE7e7HFCWiXrlfXljr9tlkFm2mp7DgY=
 github.com/writeas/activity v0.1.2/go.mod h1:mYYgiewmEM+8tlifirK/vl6tmB2EbjYaxwb+ndUw5T0=
-github.com/writeas/activityserve v0.0.0-20191115095800-dd6d19cc8b89 h1:NJhzq9aTccL3SSSZMrcnYhkD6sObdY9otNZ1X6/ZKNE=
-github.com/writeas/activityserve v0.0.0-20191115095800-dd6d19cc8b89/go.mod h1:Kz62mzYsCnrFTSTSFLXFj3fGYBQOntmBWTDDq57b46A=
 github.com/writeas/activityserve v0.0.0-20200409150223-d7ab3eaa4481 h1:BiSivIxLQFcKoUorpNN3rNwwFG5bITPnqUSyIccfdh0=
 github.com/writeas/activityserve v0.0.0-20200409150223-d7ab3eaa4481/go.mod h1:4akDJSl+sSp+QhrQKMqzAqdV1gJ1pPx6XPI77zgMM8o=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible h1:IIqxTM5Jr7RzhigcL6FkrCNfXkvbR+Nbu1ls48pXYcw=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible/go.mod h1:Rsyu10ZhbEK9pXdk8V6MVnZmTzRG0alMNLMwa0J01fE=
-github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2 h1:DUsp4OhdfI+e6iUqcPQlwx8QYXuUDsToTz/x82D3Zuo=
-github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2/go.mod h1:w2VxyRO/J5vfNjJHYVubsjUGHd3RLDoVciz0DE3ApOc=
+github.com/writeas/go-webfinger v1.1.0 h1:MzNyt0ry/GMsRmJGftn2o9mPwqK1Q5MLdh4VuJCfb1Q=
+github.com/writeas/go-webfinger v1.1.0/go.mod h1:w2VxyRO/J5vfNjJHYVubsjUGHd3RLDoVciz0DE3ApOc=
 github.com/writeas/go-writeas v1.1.0 h1:WHGm6wriBkxYAOGbvriXH8DlMUGOi6jhSZLUZKQ+4mQ=
 github.com/writeas/go-writeas v1.1.0/go.mod h1:oh9U1rWaiE0p3kzdKwwvOpNXgp0P0IELI7OLOwV4fkA=
 github.com/writeas/go-writeas/v2 v2.0.2 h1:akvdMg89U5oBJiCkBwOXljVLTqP354uN6qnG2oOMrbk=
@@ -150,8 +148,6 @@ github.com/writeas/httpsig v1.0.0 h1:peIAoIA3DmlP8IG8tMNZqI4YD1uEnWBmkcC9OFPjt3A
 github.com/writeas/httpsig v1.0.0/go.mod h1:7ClMGSrSVXJbmiLa17bZ1LrG1oibGZmUMlh3402flPY=
 github.com/writeas/impart v1.1.0 h1:nPnoO211VscNkp/gnzir5UwCDEvdHThL5uELU60NFSE=
 github.com/writeas/impart v1.1.0/go.mod h1:g0MpxdnTOHHrl+Ca/2oMXUHJ0PcRAEWtkCzYCJUXC9Y=
-github.com/writeas/impart v1.1.1-0.20191230230525-d3c45ced010d h1:PK7DOj3JE6MGf647esPrKzXEHFjGWX2hl22uX79ixaE=
-github.com/writeas/impart v1.1.1-0.20191230230525-d3c45ced010d/go.mod h1:g0MpxdnTOHHrl+Ca/2oMXUHJ0PcRAEWtkCzYCJUXC9Y=
 github.com/writeas/impart v1.1.1 h1:RyA9+CqbdbDuz53k+nXCWUY+NlEkdyw6+nWanxSBl5o=
 github.com/writeas/impart v1.1.1/go.mod h1:g0MpxdnTOHHrl+Ca/2oMXUHJ0PcRAEWtkCzYCJUXC9Y=
 github.com/writeas/import v0.2.0 h1:Ov23JW9Rnjxk06rki1Spar45bNX647HhwhAZj3flJiY=
@@ -171,8 +167,6 @@ github.com/writeas/web-core v1.2.0 h1:CYqvBd+byi1cK4mCr1NZ6CjILuMOFmiFecv+OACcmG
 github.com/writeas/web-core v1.2.0/go.mod h1:vTYajviuNBAxjctPp2NUYdgjofywVkxUGpeaERF3SfI=
 github.com/writefreely/go-nodeinfo v1.2.0 h1:La+YbTCvmpTwFhBSlebWDDL81N88Qf/SCAvRLR7F8ss=
 github.com/writefreely/go-nodeinfo v1.2.0/go.mod h1:UTvE78KpcjYOlRHupZIiSEFcXHioTXuacCbHU+CAcPg=
-golang.org/dl v0.0.0-20200319204010-bf12898a6070 h1:m3RoSUFYtel4F/gCw0tosY5Exe7hm2NbeNv/737FbSo=
-golang.org/dl v0.0.0-20200319204010-bf12898a6070/go.mod h1:IUMfjQLJQd4UTqG1Z90tenwKoCX93Gn3MAQJMOSBsDQ=
 golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59 h1:hk3yo72LXLapY9EXVttc3Z1rLOxT9IuAPPX3GpY2+jo=
 golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
@@ -204,11 +198,10 @@ gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c/go.mo
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/ini.v1 v1.41.0 h1:Ka3ViY6gNYSKiVy71zXBEqKplnV35ImDLVG+8uoIklE=
-gopkg.in/ini.v1 v1.41.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.55.0 h1:E8yzL5unfpW3M6fz/eB7Cb5MQAYSZ7GKo4Qth+N2sgQ=
+gopkg.in/ini.v1 v1.55.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0 h1:POO/ycCATvegFmVuPpQzZFJ+pGZeX22Ufu6fibxDVjU=
 gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-src.techknowlogick.com/xgo v0.0.0-20200129005940-d0fae26e014b h1:rPAdjgXks4ToezTjygsnKZroxKVnA1L35DSpsJXPtfc=
 src.techknowlogick.com/xgo v0.0.0-20200129005940-d0fae26e014b/go.mod h1:31CE1YKtDOrKTk9PSnjTpe6YbO6W/0LTYZ1VskL09oU=

From cf3d5588c2a9ff6ed26bbac2edcf481541fbaa31 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 22 Apr 2020 09:17:25 -0400
Subject: [PATCH 65/76] Move unique OAuth username creation to client-side

Now, on OAuth signup form, we create a unique username with random appended string only if there's a conflict.
Previously, this was always happening during the Slack OAuth flow. This has the benefit of preventing username collisions for all OAuth providers.
---
 oauth_slack.go          |  4 +---
 pages/signup-oauth.tmpl | 17 +++++++++++++++--
 2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/oauth_slack.go b/oauth_slack.go
index 35db156..c881ab6 100644
--- a/oauth_slack.go
+++ b/oauth_slack.go
@@ -13,8 +13,6 @@ package writefreely
 import (
 	"context"
 	"errors"
-	"fmt"
-	"github.com/writeas/nerds/store"
 	"github.com/writeas/slug"
 	"net/http"
 	"net/url"
@@ -167,7 +165,7 @@ func (c slackOauthClient) inspectOauthAccessToken(ctx context.Context, accessTok
 func (resp slackUserIdentityResponse) InspectResponse() *InspectResponse {
 	return &InspectResponse{
 		UserID:      resp.User.ID,
-		Username:    fmt.Sprintf("%s-%s", slug.Make(resp.User.Name), store.GenerateRandomString("0123456789bcdfghjklmnpqrstvwxyz", 5)),
+		Username:    slug.Make(resp.User.Name),
 		DisplayName: resp.User.Name,
 		Email:       resp.User.Email,
 	}
diff --git a/pages/signup-oauth.tmpl b/pages/signup-oauth.tmpl
index e02b89d..8ba65b4 100644
--- a/pages/signup-oauth.tmpl
+++ b/pages/signup-oauth.tmpl
@@ -130,7 +130,7 @@ var $aliasSite = document.getElementById('alias-site');
 var aliasOK = true;
 var typingTimer;
 var doneTypingInterval = 750;
-var doneTyping = function() {
+var doneTyping = function(genID) {
     // Check on username
     var alias = $alias.el.value;
     if (alias != "") {
@@ -153,6 +153,11 @@ var doneTyping = function() {
                     $aliasSite.className = $aliasSite.className.replace(/(?:^|\s)error(?!\S)/g, '');
                     $aliasSite.innerHTML = '{{ if .Federation }}@<strong>' + data.data + '</strong>@{{.FriendlyHost}}{{ else }}{{.FriendlyHost}}/<strong>' + data.data + '</strong>/{{ end }}';
                 } else {
+                    if (genID === true) {
+                        $alias.el.value = alias + "-" + randStr(4);
+                        doneTyping();
+                        return;
+                    }
                     aliasOK = false;
                     $alias.setClass('error');
                     $aliasSite.className = 'error';
@@ -170,6 +175,14 @@ $alias.on('keyup input', function() {
     clearTimeout(typingTimer);
     typingTimer = setTimeout(doneTyping, doneTypingInterval);
 });
-doneTyping();
+function randStr(len) {
+    var res = '';
+    var chars = '23456789bcdfghjklmnpqrstvwxyz';
+    for (var i=0; i<len; i++) {
+        res += chars.charAt(Math.floor(Math.random() * chars.length));
+    }
+    return res;
+}
+doneTyping(true);
 </script>
 {{end}}

From fd97539f85da69412e98d1a534f35fbb8b466268 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 22 Apr 2020 09:26:42 -0400
Subject: [PATCH 66/76] Mention unset password on failed login

(when it applies)
---
 account.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/account.go b/account.go
index f3399e4..56a4f84 100644
--- a/account.go
+++ b/account.go
@@ -489,6 +489,9 @@ func login(app *App, w http.ResponseWriter, r *http.Request) error {
 				return impart.HTTPError{http.StatusPreconditionFailed, "This user never added a password or email address. Please contact us for help."}
 			}
 		}
+		if len(u.HashedPass) == 0 {
+			return impart.HTTPError{http.StatusUnauthorized, "This user never set a password. Perhaps try logging in via OAuth?"}
+		}
 		if !auth.Authenticated(u.HashedPass, []byte(signin.Pass)) {
 			return impart.HTTPError{http.StatusUnauthorized, "Incorrect password."}
 		}

From 308b1a72825cdb0cd36ddd91429ad4195d475ab8 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 22 Apr 2020 09:27:19 -0400
Subject: [PATCH 67/76] Remove "login" verbiage on OAuth signup page

Change it to reflect that this is the final step in the signup flow.
---
 pages/signup-oauth.tmpl | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/pages/signup-oauth.tmpl b/pages/signup-oauth.tmpl
index 8ba65b4..fcd70d2 100644
--- a/pages/signup-oauth.tmpl
+++ b/pages/signup-oauth.tmpl
@@ -1,6 +1,4 @@
-{{define "head"}}<title>Log in &mdash; {{.SiteName}}</title>
-<meta name="description" content="Log in to {{.SiteName}}.">
-<meta itemprop="description" content="Log in to {{.SiteName}}.">
+{{define "head"}}<title>Finish Creating Account &mdash; {{.SiteName}}</title>
 <style>input{margin-bottom:0.5em;}</style>
 <style type="text/css">
 h2 {
@@ -58,7 +56,7 @@ form dd {
 {{end}}
 {{define "content"}}
 <div id="pricing" class="tight content-container">
-	<h1>Log in to {{.SiteName}}</h1>
+	<h1>Finish creating account</h1>
 
 	{{if .Flashes}}<ul class="errors">
 		{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
@@ -97,7 +95,7 @@ form dd {
                     </dd>
                 </label>
                 <dt>
-                    <input type="submit" id="btn-login" value="Login" />
+                    <input type="submit" id="btn-login" value="Next" />
                 </dt>
             </dl>
         </form>

From f15acf3880575ceafad5d6a38baf207953a6b719 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 22 Apr 2020 09:27:33 -0400
Subject: [PATCH 68/76] Reduce vertical margin around OAuth buttons

---
 less/login.less | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/less/login.less b/less/login.less
index 57efee5..473d26f 100644
--- a/less/login.less
+++ b/less/login.less
@@ -11,8 +11,8 @@
 .row.signinbtns {
 	justify-content: space-evenly;
 	font-size: 1em;
-	margin-top: 3em;
-	margin-bottom: 2em;
+	margin-top: 2em;
+	margin-bottom: 1em;
 
 	.loginbtn {
 		height: 40px;

From 8e16bac12c5bf166452436856acd5d8f82e25a52 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 22 Apr 2020 13:43:29 -0400
Subject: [PATCH 69/76] Update README

Includes a better description, features, install and license sections, and a screenshot.
---
 README.md | 69 ++++++++++++++++++++++++++-----------------------------
 1 file changed, 32 insertions(+), 37 deletions(-)

diff --git a/README.md b/README.md
index 68da89b..163eab7 100644
--- a/README.md
+++ b/README.md
@@ -7,81 +7,76 @@
 	<a href="https://github.com/writeas/writefreely/releases/">
 		<img src="https://img.shields.io/github/release/writeas/writefreely.svg" alt="Latest release" />
 	</a>
-	<a href="https://goreportcard.com/report/github.com/writeas/writefreely">
-		<img src="https://goreportcard.com/badge/github.com/writeas/writefreely" alt="Go Report Card" />
-	</a>
 	<a href="https://travis-ci.org/writeas/writefreely">
 		<img src="https://travis-ci.org/writeas/writefreely.svg" alt="Build status" />
 	</a>
 	<a href="https://github.com/writeas/writefreely/releases/latest">
 		<img src="https://img.shields.io/github/downloads/writeas/writefreely/total.svg" />
 	</a>
+	<a href="https://goreportcard.com/report/github.com/writeas/writefreely">
+		<img src="https://goreportcard.com/badge/github.com/writeas/writefreely" alt="Go Report Card" />
+	</a>
 	<a href="https://hub.docker.com/r/writeas/writefreely/">
 		<img src="https://img.shields.io/docker/pulls/writeas/writefreely.svg" />
 	</a>
 </p>
 &nbsp;
 
-WriteFreely is a beautifully pared-down blogging platform that's simple on the surface, yet powerful underneath.
+WriteFreely is free and open source software for building **a writing space** on the web &mdash; whether a publication, internal blog, or writing community in the fediverse.
 
-It's designed to be flexible and share your writing widely, so it's built around plain text and can publish to the _fediverse_ via ActivityPub. It's easy to install and light enough to run on a Raspberry Pi.
+![](https://writefreely.org/img/screens/pencil-reader.png)
 
-[Try the editor](https://write.as/new)
+[Try the writing experience](https://write.as/new)
 
 [Find an instance](https://writefreely.org/instances)
 
 ## Features
 
-* Start a blog for yourself, or host a community of writers
-* Form larger federated networks, and interact over modern protocols like ActivityPub
-* Write on a fast, dead-simple, and distraction-free editor
-* [Format text](https://howto.write.as/getting-started) with Markdown
-* [Organize posts](https://howto.write.as/organization) with hashtags
-* Create [static pages](https://howto.write.as/creating-a-static-page)
-* Publish drafts and let others proofread them by sharing a private link
-* Create multiple lightweight blogs under a single account
-* Export all data in plain text files
-* Read a stream of other posts in your writing community
-* Build more advanced apps and extensions with the [well-documented API](https://developers.write.as/docs/api/)
-* Designed around user privacy and consent
+### Made for writing
 
-## Hosting
+Built on a plain, auto-saving editor, WriteFreely gives you a distraction-free writing environment. Once published, your words are front and center, and easy to read.
 
-We offer two kinds of hosting services that make WriteFreely deployment painless: [Write.as Pro](https://write.as/pro) for individuals, and [Write.as for Teams](https://write.as/for/teams) for businesses. Besides saving you time and effort, both services directly fund WriteFreely development and ensure the long-term sustainability of our open source work.
+### A connected community
 
-### [![Write.as Pro](https://writefreely.org/img/writeas-pro-readme.png)](https://write.as/pro)
+Start writing together, publicly or privately. Connect with other communities, whether running WriteFreely, [Plume](https://joinplu.me/), or other ActivityPub-powered software. And bring members on board from your existing platforms, thanks to our OAuth 2.0 support.
 
-Start a personal blog on [Write.as](https://write.as), our flagship instance. Built to eliminate setup friction and preserve your privacy, Write.as helps you start a blog in seconds. It supports custom domains (with SSL) and multiple blogs / pen names per account. [Read more here](https://write.as/pro).
+### Intuitive organization
 
-### [![Write.as for Teams](https://writefreely.org/img/writeas-for-teams-readme.png)](https://write.as/for/teams)
+Categorize articles [with hashtags](https://writefreely.org/docs/latest/writer/hashtags), and create static pages from normal posts by [_pinning_ them](https://writefreely.org/docs/latest/writer/static) to your blog. Create draft posts and publish to multiple blogs from one account.
 
-[Write.as for Teams](https://write.as/for/teams) gives your organization, business, or [open source project](https://write.as/for/open-source) a clutter-free space to share updates or proposals and build your collective knowledge. We take care of hosting, upgrades, backups, and maintenance so your team can focus on writing.
+### International
+
+Blog elements are localized in 20+ languages, and WriteFreely includes first-class support for non-Latin and right-to-left (RTL) script languages.
+
+### Private by default
+
+WriteFreely collects minimal data, and never publicizes more than a writer consents to. Writers can seamlessly create multiple blogs from a single account for different pen names or purposes without publicly revealing their association.
+
+<h2><a href="https://write.as/writefreely"><img src="https://writefreely.org/img/writeas-readme.png" height="32px" alt="Write.as" /></a></h2>
+
+The quickest way to deploy WriteFreely is with [Write.as](https://write.as/writefreely), a hosted service from the team behind WriteFreely. You'll get fully-managed installation, backup, upgrades, and maintenance — and directly fund our free software work ❤️
+
+[**Learn more on Write.as**](https://write.as/writefreely).
 
 ## Quick start
 
-WriteFreely has minimal requirements to get up and running — you only need to be able to run an executable.
+WriteFreely deploys as a static binary on any platform and architecture that Go supports. Just use our built-in SQLite support, or add a MySQL database, and you'll be up and running!
 
-> **Note** this is currently alpha software. We're quickly moving out of this v0.x stage, but while we're in it, there are no guarantees that this is ready for production use.
+For common platforms, start with our [pre-built binaries](https://github.com/writeas/writefreely/releases/) and head over to our [installation guide](https://writefreely.org/start) to get started.
 
-To get started, head over to our [Getting Started guide](https://writefreely.org/start). For production use, jump to the [Running in Production](https://writefreely.org/start#production) section.
+### Packages
 
-## Packages
-
-WriteFreely is available in these package repositories:
+You can also find WriteFreely in these package repositories, thanks to our wonderful community!
 
 * [Arch User Repository](https://aur.archlinux.org/packages/writefreely/)
 
 ## Documentation
 
-Read our full [documentation on WriteFreely.org](https://writefreely.org/docs). Help us improve by contributing to the [writefreely/documentation](https://github.com/writefreely/documentation) repo.
+Read our full [documentation on WriteFreely.org](https://writefreely.org/docs) &mdash;️ and help us improve by contributing to the [writefreely/documentation](https://github.com/writefreely/documentation) repo.
 
 ## Development
 
-Ready to hack on your site? Get started with our [developer guide](https://writefreely.org/docs/latest/developer/setup).
-
-## Docker
-
-Read about using Docker in the [documentation](https://writefreely.org/docs/latest/admin/docker).
+Start hacking on WriteFreely with our [developer setup guide](https://writefreely.org/docs/latest/developer/setup). For Docker support, see our [Docker guide](https://writefreely.org/docs/latest/admin/docker).
 
 ## Contributing
 
@@ -91,4 +86,4 @@ Before contributing anything, please read our [Contributing Guide](https://githu
 
 ## License
 
-Licensed under the AGPL.
+Copyright © 2018-2020 [A Bunch Tell LLC](https://abunchtell.com) and contributing authors. Licensed under the [AGPL](https://github.com/writeas/writefreely/blob/develop/LICENSE).

From dc7b5df90eb1260e6aaf188b2a3ccb3356296bb1 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 28 Apr 2020 10:50:51 -0400
Subject: [PATCH 70/76] Update saturday library to support number+letter
 hashtags

Previously, a hashtag like #100DaysToOffload wouldn't automatically turn
into a clickable link. This fixes that by updating to the latest version
of the satuday library.
---
 go.mod | 2 +-
 go.sum | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index b31cb62..1989258 100644
--- a/go.mod
+++ b/go.mod
@@ -44,7 +44,7 @@ require (
 	github.com/writeas/import v0.2.0
 	github.com/writeas/monday v0.0.0-20181024183321-54a7dd579219
 	github.com/writeas/nerds v1.0.0
-	github.com/writeas/saturday v1.7.1
+	github.com/writeas/saturday v1.7.2-0.20200427193424-392b95a03320
 	github.com/writeas/slug v1.2.0
 	github.com/writeas/web-core v1.2.0
 	github.com/writefreely/go-nodeinfo v1.2.0
diff --git a/go.sum b/go.sum
index c0bb24e..87b5281 100644
--- a/go.sum
+++ b/go.sum
@@ -161,6 +161,8 @@ github.com/writeas/openssl-go v1.0.0/go.mod h1:WsKeK5jYl0B5y8ggOmtVjbmb+3rEGqSD2
 github.com/writeas/saturday v1.6.0/go.mod h1:ETE1EK6ogxptJpAgUbcJD0prAtX48bSloie80+tvnzQ=
 github.com/writeas/saturday v1.7.1 h1:lYo1EH6CYyrFObQoA9RNWHVlpZA5iYL5Opxo7PYAnZE=
 github.com/writeas/saturday v1.7.1/go.mod h1:ETE1EK6ogxptJpAgUbcJD0prAtX48bSloie80+tvnzQ=
+github.com/writeas/saturday v1.7.2-0.20200427193424-392b95a03320 h1:PozPZ29CQ/xt6ym/+FvIz+KvKEObSSc5ye+95zbTjVU=
+github.com/writeas/saturday v1.7.2-0.20200427193424-392b95a03320/go.mod h1:ETE1EK6ogxptJpAgUbcJD0prAtX48bSloie80+tvnzQ=
 github.com/writeas/slug v1.2.0 h1:EMQ+cwLiOcA6EtFwUgyw3Ge18x9uflUnOnR6bp/J+/g=
 github.com/writeas/slug v1.2.0/go.mod h1:RE8shOqQP3YhsfsQe0L3RnuejfQ4Mk+JjY5YJQFubfQ=
 github.com/writeas/web-core v1.2.0 h1:CYqvBd+byi1cK4mCr1NZ6CjILuMOFmiFecv+OACcmG0=

From b9c467558c1a616d5a1bb3784e4e22c5402dad6f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 6 May 2020 14:08:25 -0400
Subject: [PATCH 71/76] Return transaction Begin error in v9 migration

---
 migrations/v9.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/migrations/v9.go b/migrations/v9.go
index 5ef991f..3766cbe 100644
--- a/migrations/v9.go
+++ b/migrations/v9.go
@@ -12,6 +12,10 @@ package migrations
 
 func optimizeDrafts(db *datastore) error {
 	t, err := db.Begin()
+	if err != nil {
+		t.Rollback()
+		return err
+	}
 
 	_, err = t.Exec(`ALTER TABLE posts ADD INDEX(owner_id, id)`)
 	if err != nil {

From 5fe1dd173172b9dd5eb87343ca680f4d5ba878dc Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 6 May 2020 14:08:48 -0400
Subject: [PATCH 72/76] Add SQLite query for v9 migration

---
 migrations/v9.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/migrations/v9.go b/migrations/v9.go
index 3766cbe..c6b832e 100644
--- a/migrations/v9.go
+++ b/migrations/v9.go
@@ -17,7 +17,11 @@ func optimizeDrafts(db *datastore) error {
 		return err
 	}
 
-	_, err = t.Exec(`ALTER TABLE posts ADD INDEX(owner_id, id)`)
+	if db.driverName == driverSQLite {
+		_, err = t.Exec(`CREATE INDEX key_owner_post_id ON posts (owner_id, id)`)
+	} else {
+		_, err = t.Exec(`ALTER TABLE posts ADD INDEX(owner_id, id)`)
+	}
 	if err != nil {
 		t.Rollback()
 		return err

From 9d854c17c17e63e592f0704d794056dc2bfcd262 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 15 May 2020 13:47:58 -0400
Subject: [PATCH 73/76] Only log "No to!" when debugging

Fixes #311
---
 activitypub.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/activitypub.go b/activitypub.go
index db42726..328284f 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -397,7 +397,9 @@ func handleFetchCollectionInbox(app *App, w http.ResponseWriter, r *http.Request
 
 	go func() {
 		if to == nil {
-			log.Error("No to! %v", err)
+			if debugging {
+				log.Error("No `to` value!")
+			}
 			return
 		}
 

From cceea03076619f689798cc153ba1288aac8cdd71 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 8 Jun 2020 13:37:02 -0400
Subject: [PATCH 74/76] Ignore "collation mix" errors in
 GetCollectionRedirect()

---
 database.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/database.go b/database.go
index 0eee612..fb6a5c2 100644
--- a/database.go
+++ b/database.go
@@ -2023,7 +2023,7 @@ func (db *datastore) RemoveCollectionRedirect(t *sql.Tx, alias string) error {
 func (db *datastore) GetCollectionRedirect(alias string) (new string) {
 	row := db.QueryRow("SELECT new_alias FROM collectionredirects WHERE prev_alias = ?", alias)
 	err := row.Scan(&new)
-	if err != nil && err != sql.ErrNoRows {
+	if err != nil && err != sql.ErrNoRows && !db.isIgnorableError(err) {
 		log.Error("Failed selecting from collectionredirects: %v", err)
 	}
 	return

From 9624c4db0015134ea485427d7fa1254b370df887 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 11 Jun 2020 11:45:12 -0400
Subject: [PATCH 75/76] Show warning in editor when local draft is out of date

Fixes #41
---
 less/pad.less       | 38 ++++++++++++++++++++++++++++++++++++++
 posts.go            | 21 +++++++++++++++------
 static/js/h.js      | 18 ++++++++++++++++--
 templates/bare.tmpl | 31 ++++++++++++++++++++++++++++++-
 templates/pad.tmpl  | 31 ++++++++++++++++++++++++++++++-
 5 files changed, 129 insertions(+), 10 deletions(-)

diff --git a/less/pad.less b/less/pad.less
index a132b30..d3e4350 100644
--- a/less/pad.less
+++ b/less/pad.less
@@ -361,6 +361,24 @@ body#pad {
     z-index: 10;
 }
 
+body#pad .alert {
+	position: fixed;
+	bottom: 0.25em;
+	left: 2em;
+	right: 2em;
+	font-size: 1.1em;
+
+	&#edited-elsewhere {
+		&.hidden {
+			display: none;
+		}
+
+		a {
+			font-weight: bold;
+		}
+	}
+}
+
 @media all and (max-height: 500px) {
 	body#pad {
 		textarea {
@@ -425,6 +443,10 @@ body#pad {
 			padding-left: 10%;
 			padding-right: 10%;
 		}
+		.alert {
+			left: 10%;
+			right: 10%;
+		}
 	}
 }
 @media all and (min-width: 60em) {
@@ -433,6 +455,10 @@ body#pad {
 			padding-left: 15%;
 			padding-right: 15%;
 		}
+		.alert {
+			left: 15%;
+			right: 15%;
+		}
 	}
 }
 @media all and (min-width: 70em) {
@@ -441,6 +467,10 @@ body#pad {
 			padding-left: 20%;
 			padding-right: 20%;
 		}
+		.alert {
+			left: 20%;
+			right: 20%;
+		}
 	}
 }
 @media all and (min-width: 85em) {
@@ -449,6 +479,10 @@ body#pad {
 			padding-left: 25%;
 			padding-right: 25%;
 		}
+		.alert {
+			left: 25%;
+			right: 25%;
+		}
 	}
 }
 @media all and (min-width: 105em) {
@@ -457,6 +491,10 @@ body#pad {
 			padding-left: 30%;
 			padding-right: 30%;
 		}
+		.alert {
+			left: 30%;
+			right: 30%;
+		}
 	}
 }
 @media (pointer: coarse) {
diff --git a/posts.go b/posts.go
index 82907ba..5c69659 100644
--- a/posts.go
+++ b/posts.go
@@ -135,6 +135,7 @@ type (
 		Views        int64
 		Font         string
 		Created      time.Time
+		Updated      time.Time
 		IsRTL        sql.NullBool
 		Language     sql.NullString
 		OwnerID      int64
@@ -1240,9 +1241,9 @@ func getRawPost(app *App, friendlyID string) *RawPost {
 	var isRTL sql.NullBool
 	var lang sql.NullString
 	var ownerID sql.NullInt64
-	var created time.Time
+	var created, updated time.Time
 
-	err := app.db.QueryRow("SELECT title, content, text_appearance, language, rtl, created, owner_id FROM posts WHERE id = ?", friendlyID).Scan(&title, &content, &font, &lang, &isRTL, &created, &ownerID)
+	err := app.db.QueryRow("SELECT title, content, text_appearance, language, rtl, created, updated, owner_id FROM posts WHERE id = ?", friendlyID).Scan(&title, &content, &font, &lang, &isRTL, &created, &updated, &ownerID)
 	switch {
 	case err == sql.ErrNoRows:
 		return &RawPost{Content: "", Found: false, Gone: false}
@@ -1250,7 +1251,7 @@ func getRawPost(app *App, friendlyID string) *RawPost {
 		return &RawPost{Content: "", Found: true, Gone: false}
 	}
 
-	return &RawPost{Title: title, Content: content, Font: font, Created: created, IsRTL: isRTL, Language: lang, OwnerID: ownerID.Int64, Found: true, Gone: content == ""}
+	return &RawPost{Title: title, Content: content, Font: font, Created: created, Updated: updated, IsRTL: isRTL, Language: lang, OwnerID: ownerID.Int64, Found: true, Gone: content == ""}
 
 }
 
@@ -1259,15 +1260,15 @@ func getRawCollectionPost(app *App, slug, collAlias string) *RawPost {
 	var id, title, content, font string
 	var isRTL sql.NullBool
 	var lang sql.NullString
-	var created time.Time
+	var created, updated time.Time
 	var ownerID null.Int
 	var views int64
 	var err error
 
 	if app.cfg.App.SingleUser {
-		err = app.db.QueryRow("SELECT id, title, content, text_appearance, language, rtl, view_count, created, owner_id FROM posts WHERE slug = ? AND collection_id = 1", slug).Scan(&id, &title, &content, &font, &lang, &isRTL, &views, &created, &ownerID)
+		err = app.db.QueryRow("SELECT id, title, content, text_appearance, language, rtl, view_count, created, updated, owner_id FROM posts WHERE slug = ? AND collection_id = 1", slug).Scan(&id, &title, &content, &font, &lang, &isRTL, &views, &created, &updated, &ownerID)
 	} else {
-		err = app.db.QueryRow("SELECT id, title, content, text_appearance, language, rtl, view_count, created, owner_id FROM posts WHERE slug = ? AND collection_id = (SELECT id FROM collections WHERE alias = ?)", slug, collAlias).Scan(&id, &title, &content, &font, &lang, &isRTL, &views, &created, &ownerID)
+		err = app.db.QueryRow("SELECT id, title, content, text_appearance, language, rtl, view_count, created, updated, owner_id FROM posts WHERE slug = ? AND collection_id = (SELECT id FROM collections WHERE alias = ?)", slug, collAlias).Scan(&id, &title, &content, &font, &lang, &isRTL, &views, &created, &updated, &ownerID)
 	}
 	switch {
 	case err == sql.ErrNoRows:
@@ -1283,6 +1284,7 @@ func getRawCollectionPost(app *App, slug, collAlias string) *RawPost {
 		Content:  content,
 		Font:     font,
 		Created:  created,
+		Updated:  updated,
 		IsRTL:    isRTL,
 		Language: lang,
 		OwnerID:  ownerID.Int64,
@@ -1543,6 +1545,13 @@ func (rp *RawPost) Created8601() string {
 	return rp.Created.Format("2006-01-02T15:04:05Z")
 }
 
+func (rp *RawPost) Updated8601() string {
+	if rp.Updated.IsZero() {
+		return ""
+	}
+	return rp.Updated.Format("2006-01-02T15:04:05Z")
+}
+
 var imageURLRegex = regexp.MustCompile(`(?i)[^ ]+\.(gif|png|jpg|jpeg|image)$`)
 
 func (p *Post) extractImages() {
diff --git a/static/js/h.js b/static/js/h.js
index 49720be..6375af0 100644
--- a/static/js/h.js
+++ b/static/js/h.js
@@ -116,13 +116,27 @@ var H = {
 	save: function($el, key) {
 		localStorage.setItem(key, $el.el.value);
 	},
-	load: function($el, key, onlyLoadPopulated) {
+	load: function($el, key, onlyLoadPopulated, postUpdated) {
 		var val = localStorage.getItem(key);
 		if (onlyLoadPopulated && val == null) {
 			// Do nothing
-			return;
+			return true;
 		}
 		$el.el.value = val;
+		if (postUpdated != null) {
+			var lastLocalPublishStr = localStorage.getItem(key+'-published');
+			if (lastLocalPublishStr != null && lastLocalPublishStr != '') {
+				try {
+					var lastLocalPublish = new Date(lastLocalPublishStr);
+					if (postUpdated > lastLocalPublish) {
+						return false;
+					}
+				} catch (e) {
+					console.error("unable to parse draft updated time");
+				}
+			}
+		}
+		return true;
 	},
 	set: function(key, value) {
 		localStorage.setItem(key, value);
diff --git a/templates/bare.tmpl b/templates/bare.tmpl
index a4194c9..d2c8bc0 100644
--- a/templates/bare.tmpl
+++ b/templates/bare.tmpl
@@ -16,6 +16,8 @@
 		<textarea id="writer" placeholder="Write..." class="{{.Post.Font}}" autofocus>{{if .Post.Title}}# {{.Post.Title}}
 
 {{end}}{{.Post.Content}}</textarea>
+
+		<div class="alert success hidden" id="edited-elsewhere">This post has been updated elsewhere since you last published! <a href="#" id="erase-edit">Delete draft and reload</a>.</div>
 		
 		<header id="tools">
 			<div id="clip">
@@ -36,6 +38,7 @@
 		<script>
 		var $writer = H.getEl('writer');
 		var $btnPublish = H.getEl('publish');
+		var $btnEraseEdit = H.getEl('edited-elsewhere');
 		var $wc = H.getEl("wc");
 		var updateWordCount = function() {
 			var words = 0;
@@ -58,7 +61,17 @@
 		};
 		{{if .Post.Id}}var draftDoc = 'draft{{.Post.Id}}';
 		var origDoc = '{{.Post.Content}}';{{else}}var draftDoc = 'lastDoc';{{end}}
-		H.load($writer, draftDoc, true);
+		var updatedStr = '{{.Post.Updated8601}}';
+		var updated = null;
+		if (updatedStr != '') {
+			updated = new Date(updatedStr);
+		}
+		var ok = H.load($writer, draftDoc, true, updated);
+		if (!ok) {
+			// Show "edited elsewhere" warning
+			$btnEraseEdit.el.classList.remove('hidden');
+		}
+		var defaultTimeSet = false;
 		updateWordCount();
 		
 		var typingTimer;
@@ -130,6 +143,7 @@
 						data = JSON.parse(http.responseText);
 						id = data.data.id;
 						nextURL = '{{if .SingleUser}}/d{{end}}/'+id;
+						localStorage.setItem('draft'+id+'-published', new Date().toISOString());
 
 						{{ if not .Post.Id }}
 							// Post created
@@ -198,6 +212,13 @@
 				publish(content, selectedFont);
 			}
 		});
+		H.getEl('erase-edit').on('click', function(e) {
+			e.preventDefault();
+			H.remove(draftDoc);
+			H.remove(draftDoc+'-published');
+			justPublished = true; // Block auto-save
+			location.reload();
+		});
 
 		WebFontConfig = {
 			custom: { families: [ 'Lora:400,700:latin' ], urls: [ '/css/fonts.css' ] }
@@ -207,12 +228,20 @@
 		var doneTyping = function() {
 			if (draftDoc == 'lastDoc' || $writer.el.value != origDoc) {
 				H.save($writer, draftDoc);
+				if (!defaultTimeSet) {
+					var lastLocalPublishStr = localStorage.getItem(draftDoc+'-published');
+					if (lastLocalPublishStr == null || lastLocalPublishStr == '') {
+						localStorage.setItem(draftDoc+'-published', updatedStr);
+					}
+					defaultTimeSet = true;
+				}
 				updateWordCount();
 			}
 		};
 		window.addEventListener('beforeunload', function(e) {
 			if (draftDoc != 'lastDoc' && $writer.el.value == origDoc) {
 				H.remove(draftDoc);
+				H.remove(draftDoc+'-published');
 			} else if (!justPublished) {
 				doneTyping();
 			}
diff --git a/templates/pad.tmpl b/templates/pad.tmpl
index d55c549..4afc1a6 100644
--- a/templates/pad.tmpl
+++ b/templates/pad.tmpl
@@ -16,6 +16,8 @@
 		<textarea id="writer" placeholder="Write..." class="{{.Post.Font}}" autofocus>{{if .Post.Title}}# {{.Post.Title}}
 
 {{end}}{{.Post.Content}}</textarea>
+
+		<div class="alert success hidden" id="edited-elsewhere">This post has been updated elsewhere since you last published! <a href="#" id="erase-edit">Delete draft and reload</a>.</div>
 		
 		<header id="tools">
 			<div id="clip">
@@ -88,6 +90,7 @@
 		}
 		var $writer = H.getEl('writer');
 		var $btnPublish = H.getEl('publish');
+		var $btnEraseEdit = H.getEl('edited-elsewhere');
 		var $wc = H.getEl("wc");
 		var updateWordCount = function() {
 			var words = 0;
@@ -110,7 +113,17 @@
 		};
 		{{if .Post.Id}}var draftDoc = 'draft{{.Post.Id}}';
 		var origDoc = '{{.Post.Content}}';{{else}}var draftDoc = 'lastDoc';{{end}}
-		H.load($writer, draftDoc, true);
+		var updatedStr = '{{.Post.Updated8601}}';
+		var updated = null;
+		if (updatedStr != '') {
+			updated = new Date(updatedStr);
+		}
+		var ok = H.load($writer, draftDoc, true, updated);
+		if (!ok) {
+			// Show "edited elsewhere" warning
+			$btnEraseEdit.el.classList.remove('hidden');
+		}
+		var defaultTimeSet = false;
 		updateWordCount();
 		
 		var typingTimer;
@@ -190,6 +203,7 @@
 						data = JSON.parse(http.responseText);
 						id = data.data.id;
 						nextURL = '{{if .SingleUser}}/d{{end}}/'+id;
+						localStorage.setItem('draft'+id+'-published', new Date().toISOString());
 
 						{{ if not .Post.Id }}
 							// Post created
@@ -258,6 +272,13 @@
 				publish(content, selectedFont);
 			}
 		});
+		H.getEl('erase-edit').on('click', function(e) {
+			e.preventDefault();
+			H.remove(draftDoc);
+			H.remove(draftDoc+'-published');
+			justPublished = true; // Block auto-save
+			location.reload();
+		});
 
 		H.getEl('toggle-theme').on('click', function(e) {
 			e.preventDefault();
@@ -338,12 +359,20 @@
 		var doneTyping = function() {
 			if (draftDoc == 'lastDoc' || $writer.el.value != origDoc) {
 				H.save($writer, draftDoc);
+				if (!defaultTimeSet) {
+					var lastLocalPublishStr = localStorage.getItem(draftDoc+'-published');
+					if (lastLocalPublishStr == null || lastLocalPublishStr == '') {
+						localStorage.setItem(draftDoc+'-published', updatedStr);
+					}
+					defaultTimeSet = true;
+				}
 				updateWordCount();
 			}
 		};
 		window.addEventListener('beforeunload', function(e) {
 			if (draftDoc != 'lastDoc' && $writer.el.value == origDoc) {
 				H.remove(draftDoc);
+				H.remove(draftDoc+'-published');
 			} else if (!justPublished) {
 				doneTyping();
 			}

From 591bb0866c852d620d9652759e1f881bc11ebfc0 Mon Sep 17 00:00:00 2001
From: CJ Eller <cj@write.as>
Date: Mon, 22 Jun 2020 20:33:52 +0000
Subject: [PATCH 76/76] Add footer and header element

---
 postrender.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/postrender.go b/postrender.go
index 83fb5ad..69052ea 100644
--- a/postrender.go
+++ b/postrender.go
@@ -172,6 +172,7 @@ func getSanitizationPolicy() *bluemonday.Policy {
 	policy.AllowAttrs("target").OnElements("a")
 	policy.AllowAttrs("title").OnElements("abbr")
 	policy.AllowAttrs("style", "class", "id").Globally()
+	policy.AllowElements("header", "footer")
 	policy.AllowURLSchemes("http", "https", "mailto", "xmpp")
 	return policy
 }