From 6b336e22aacea2a8b6d335557cc292352621b404 Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Sun, 27 Jun 2021 17:57:07 -0400 Subject: [PATCH 01/48] Log user out when authenticated as deleted user Now when we check for the user at certain times and find that the user doesn't exist in the database, we log them out and send them back to the home page. --- account.go | 17 ++++++++++++++++- database.go | 2 +- handle.go | 10 ++++++++-- invites.go | 3 +++ pad.go | 3 +++ session.go | 9 +++++---- 6 files changed, 36 insertions(+), 8 deletions(-) diff --git a/account.go b/account.go index 72d12ee..eaf3eaf 100644 --- a/account.go +++ b/account.go @@ -787,6 +787,9 @@ func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) err silenced, err := app.db.IsUserSilenced(u.ID) if err != nil { + if err == ErrUserNotFound { + return err + } log.Error("view articles: %v", err) } d := struct { @@ -822,7 +825,10 @@ func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request) silenced, err := app.db.IsUserSilenced(u.ID) if err != nil { - log.Error("view collections %v", err) + if err == ErrUserNotFound { + return err + } + log.Error("view collections: %v", err) return fmt.Errorf("view collections: %v", err) } d := struct { @@ -861,6 +867,9 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques silenced, err := app.db.IsUserSilenced(u.ID) if err != nil { + if err == ErrUserNotFound { + return err + } log.Error("view edit collection %v", err) return fmt.Errorf("view edit collection: %v", err) } @@ -1037,6 +1046,9 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error silenced, err := app.db.IsUserSilenced(u.ID) if err != nil { + if err == ErrUserNotFound { + return err + } log.Error("view stats: %v", err) return err } @@ -1070,6 +1082,9 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) error { fullUser, err := app.db.GetUserByID(u.ID) if err != nil { + if err == ErrUserNotFound { + return err + } log.Error("Unable to get user for settings: %s", err) return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."} } diff --git a/database.go b/database.go index fefc3c1..5c3a84f 100644 --- a/database.go +++ b/database.go @@ -332,7 +332,7 @@ func (db *datastore) IsUserSilenced(id int64) (bool, error) { err := db.QueryRow("SELECT status FROM users WHERE id = ?", id).Scan(&u.Status) switch { case err == sql.ErrNoRows: - return false, fmt.Errorf("is user silenced: %v", ErrUserNotFound) + return false, ErrUserNotFound case err != nil: log.Error("Couldn't SELECT user status: %v", err) return false, fmt.Errorf("is user silenced: %v", err) diff --git a/handle.go b/handle.go index 1cbf114..9e9821c 100644 --- a/handle.go +++ b/handle.go @@ -155,8 +155,14 @@ func (h *Handler) User(f userHandlerFunc) http.HandlerFunc { err := f(h.app.App(), u, w, r) if err == nil { status = http.StatusOK - } else if err, ok := err.(impart.HTTPError); ok { - status = err.Status + } else if impErr, ok := err.(impart.HTTPError); ok { + status = impErr.Status + if impErr == ErrUserNotFound { + log.Info("Logged-in user not found. Logging out.") + sendRedirect(w, http.StatusFound, "/me/logout?to="+h.app.App().cfg.App.LandingPath()) + // Reset err so handleHTTPError does nothing + err = nil + } } else { status = http.StatusInternalServerError } diff --git a/invites.go b/invites.go index 4024634..70eaa42 100644 --- a/invites.go +++ b/invites.go @@ -78,6 +78,9 @@ func handleViewUserInvites(app *App, u *User, w http.ResponseWriter, r *http.Req p.Silenced, err = app.db.IsUserSilenced(u.ID) if err != nil { + if err == ErrUserNotFound { + return err + } log.Error("view invites: %v", err) } diff --git a/pad.go b/pad.go index d150334..695d5d2 100644 --- a/pad.go +++ b/pad.go @@ -55,6 +55,9 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error { } appData.Silenced, err = app.db.IsUserSilenced(appData.User.ID) if err != nil { + if err == ErrUserNotFound { + return err + } log.Error("Unable to get user status for Pad: %v", err) } } diff --git a/session.go b/session.go index 81d628f..5584565 100644 --- a/session.go +++ b/session.go @@ -130,12 +130,13 @@ func saveUserSession(app *App, r *http.Request, w http.ResponseWriter) error { return err } -func getFullUserSession(app *App, r *http.Request) *User { +func getFullUserSession(app *App, r *http.Request) (*User, error) { u := getUserSession(app, r) if u == nil { - return nil + return nil, nil } - u, _ = app.db.GetUserByID(u.ID) - return u + var err error + u, err = app.db.GetUserByID(u.ID) + return u, err } From 5be1938a8aca2f1a30531355d4f25dcc5839468e Mon Sep 17 00:00:00 2001 From: mnlg Date: Thu, 5 Aug 2021 16:53:20 +0200 Subject: [PATCH 02/48] Fix Gopher collections query --- database.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/database.go b/database.go index f474ae9..3af063d 100644 --- a/database.go +++ b/database.go @@ -1688,7 +1688,7 @@ func (db *datastore) GetPublicCollections(hostName string) (*[]Collection, error FROM collections c LEFT JOIN users u ON u.id = c.owner_id WHERE c.privacy = 1 AND u.status = 0 - ORDER BY id ASC`) + ORDER BY title ASC`) if err != nil { log.Error("Failed selecting public collections: %v", err) return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve public collections."} From ae7e42e24e2d66142298bd4bdd3145b3619a0cc2 Mon Sep 17 00:00:00 2001 From: mnlg Date: Thu, 12 Aug 2021 20:23:44 +0200 Subject: [PATCH 03/48] Fix date format in anonymous posts --- database.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/database.go b/database.go index f474ae9..f441c46 100644 --- a/database.go +++ b/database.go @@ -1833,7 +1833,7 @@ func (db *datastore) GetAnonymousPosts(u *User, page int) (*[]PublicPost, error) if page > 0 { limitStr = fmt.Sprintf(" LIMIT %d, %d", start, pagePosts) } - rows, err := db.Query("SELECT id, view_count, title, created, updated, content FROM posts WHERE owner_id = ? AND collection_id IS NULL ORDER BY created DESC"+limitStr, u.ID) + rows, err := db.Query("SELECT id, view_count, title, language, created, updated, content FROM posts WHERE owner_id = ? AND collection_id IS NULL ORDER BY created DESC"+limitStr, u.ID) if err != nil { log.Error("Failed selecting from posts: %v", err) return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve user anonymous posts."} @@ -1843,7 +1843,7 @@ func (db *datastore) GetAnonymousPosts(u *User, page int) (*[]PublicPost, error) posts := []PublicPost{} for rows.Next() { p := Post{} - err = rows.Scan(&p.ID, &p.ViewCount, &p.Title, &p.Created, &p.Updated, &p.Content) + err = rows.Scan(&p.ID, &p.ViewCount, &p.Title, &p.Language, &p.Created, &p.Updated, &p.Content) if err != nil { log.Error("Failed scanning row: %v", err) break From cc69f9f2f1d69fdf7ea0159d7b7f3c43bd463a07 Mon Sep 17 00:00:00 2001 From: HeartDev <88726114+lt3Dev@users.noreply.github.com> Date: Sat, 21 Aug 2021 08:57:25 +0000 Subject: [PATCH 04/48] Templates: use relative URLs for static assets I noticed most asset links use relative URLs, except for a few. This commit remedies this inconsistency. OpenGraph embeds were not changed, because in my experience, some embed scrapers require absolute URLs. Motivation: The site I use has an onion and a clearnet version, and currently, visiting the onion loads fonts, styles, and the favicon over the clearnet. --- templates/base.tmpl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/templates/base.tmpl b/templates/base.tmpl index 604d0ff..389f303 100644 --- a/templates/base.tmpl +++ b/templates/base.tmpl @@ -2,8 +2,8 @@ {{ template "head" . }} - - + + @@ -86,7 +86,7 @@ {{end}} {{else}} - {{if .WebFonts}}{{end}} + {{if .WebFonts}}{{end}} {{end}} {{end}} From 44bfd4573e2f1e6c20686b68cd336f321b836f4f Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Mon, 23 Aug 2021 14:07:25 -0400 Subject: [PATCH 05/48] Support keyboard navigation on pad publish target dropdown --- templates/pad.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/pad.tmpl b/templates/pad.tmpl index 8da063e..aff281d 100644 --- a/templates/pad.tmpl +++ b/templates/pad.tmpl @@ -24,7 +24,7 @@ {{if not .SingleUser}}

{{end}}