From 81847fbbcc66e215c76bf745923836a75631e34f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 5 Aug 2019 09:27:51 -0400
Subject: [PATCH 01/90] Land on Blogs page when SimpleNav is enabled

This shows the Blogs page instead of the Editor to logged in users on
the `/` path when the new `simple_nav` config option is enabled.

Ref T680
---
 app.go           | 7 ++++++-
 config/config.go | 1 +
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/app.go b/app.go
index 1fa6f8a..6d6a689 100644
--- a/app.go
+++ b/app.go
@@ -193,7 +193,12 @@ func handleViewHome(app *App, w http.ResponseWriter, r *http.Request) error {
 		// Show correct page based on user auth status and configured landing path
 		u := getUserSession(app, r)
 		if u != nil {
-			// User is logged in, so show the Pad
+			// User is logged in, so show the Pad or Blogs page, depending on config
+			if app.cfg.App.SimpleNav {
+				// Simple nav, so home page is Blogs page
+				return viewCollections(app, u, w, r)
+			}
+			// Default config, so home page is editor
 			return handleViewPad(app, w, r)
 		}
 
diff --git a/config/config.go b/config/config.go
index f46282e..d026a74 100644
--- a/config/config.go
+++ b/config/config.go
@@ -68,6 +68,7 @@ type (
 		JSDisabled bool   `ini:"disable_js"`
 		WebFonts   bool   `ini:"webfonts"`
 		Landing    string `ini:"landing"`
+		SimpleNav  bool   `ini:"simple_nav"`
 
 		// Users
 		SingleUser       bool `ini:"single_user"`

From 90ad50c7f5c30f45065798304cf7708a47ac9342 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 5 Aug 2019 09:34:47 -0400
Subject: [PATCH 02/90] Use normal nav on user pages when SimpleNav

This shows About, Reader, Log out links on backend user pages when
logged in. It also adds "New post" buttons on the backend pages and
blogs.
---
 less/core.less                     | 25 +++++++++++++++++++++++++
 templates/base.tmpl                |  2 +-
 templates/collection.tmpl          |  1 +
 templates/user/include/header.tmpl | 23 ++++++++++++++++++++---
 4 files changed, 47 insertions(+), 4 deletions(-)

diff --git a/less/core.less b/less/core.less
index 7e39f35..b1b8301 100644
--- a/less/core.less
+++ b/less/core.less
@@ -405,6 +405,31 @@ body {
 	}
 }
 
+nav#full-nav {
+	margin: 0;
+
+	.left-side {
+		display: inline-block;
+
+		a:first-child {
+			margin-left: 0;
+		}
+	}
+
+	.right-side {
+		float: right;
+	}
+}
+
+nav#full-nav a.simple-btn {
+	font-family: @sansFont;
+	border: 1px solid #ccc !important;
+	padding: .5rem 1rem;
+	margin: 0;
+	.rounded(.25em);
+	text-decoration: none;
+}
+
 .post-title {
 	a {
 		&:link {
diff --git a/templates/base.tmpl b/templates/base.tmpl
index 775dac9..c1f17ad 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -19,7 +19,7 @@
 				<nav class="tabs">
 					<a href="/about"{{if eq .Path "/about"}} class="selected"{{end}}>About</a>
 					{{if and (and (not .SingleUser) .LocalTimeline) .CanViewReader}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
-					{{if and (not .SingleUser) (not .Username)}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{end}}
+					{{if and (not .SingleUser) (not .Username)}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
 				</nav>
 			</nav>
 			{{end}}
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 18942a9..364ba15 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -48,6 +48,7 @@
 					{{else}}
 					<li><a href="/#{{.Alias}}" class="write">{{.SiteName}}</a></li>
 					{{end}}
+					{{if .SimpleNav}}<li><a href="/new#{{.Alias}}">New Post</a></li>{{end}}
 					<li><a href="/me/c/{{.Alias}}">Customize</a></li>
 					<li><a href="/me/c/{{.Alias}}/stats">Stats</a></li>
 					<li class="separator"><hr /></li>
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 312d0b8..93020e2 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -38,7 +38,13 @@
 			</nav>
 		</nav>
 		{{else}}
-		<h1><a href="/" title="Return to editor">{{.SiteName}}</a></h1>
+		{{ if .SimpleNav }}<nav id="full-nav">
+			<div class="left-side">
+				<h1><a href="/" title="Return to editor">{{.SiteName}}</a></h1>
+			</div>
+		{{ else }}
+			<h1><a href="/" title="Return to editor">{{.SiteName}}</a></h1>
+		{{ end }}
 		<nav id="user-nav">
 			<nav class="dropdown-nav">
 				<ul><li><a>{{.Username}}</a> <img class="ic-18dp" src="/img/ic_down_arrow_dark@2x.png" /><ul>
@@ -52,10 +58,21 @@
 				</ul>
 			</nav>
 			<nav class="tabs">
-				<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>
-				<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>
+				{{if .SimpleNav}}
+					<a href="/about">About</a>
+					{{if and (and (not .SingleUser) .LocalTimeline) .CanViewReader}}<a href="/read">Reader</a>{{end}}
+					<a href="/me/logout">Log out</a>
+				{{else}}
+					<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>
+					<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>
+				{{end}}
 			</nav>
 		</nav>
+		{{if .SimpleNav}}<div class="right-side">
+					<a class="simple-btn" href="/new">New Post</a>
+				</div>
+			</nav>
+		{{end}}
 		{{end}}
 	</header>
 	<div id="official-writing">

From 1d25784d20537923889eb8a36d7efc2cfbdace32 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 5 Aug 2019 09:54:05 -0400
Subject: [PATCH 03/90] Add `bare` editor option

This adds a new editor template that strips away most of the
customization features in the default editor and includes only:

- publishing
- editing
- viewing word count

It also restricts publishing to a user's first collection, so it's
optimized for instances that only allow users to have a single
collection and don't use Drafts.

Ref T680 T677
---
 less/core.less      |   2 +-
 less/pad-theme.less |   4 +-
 less/pad.less       |   7 ++
 templates/bare.tmpl | 235 ++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 245 insertions(+), 3 deletions(-)
 create mode 100644 templates/bare.tmpl

diff --git a/less/core.less b/less/core.less
index b1b8301..f4332a9 100644
--- a/less/core.less
+++ b/less/core.less
@@ -421,7 +421,7 @@ nav#full-nav {
 	}
 }
 
-nav#full-nav a.simple-btn {
+nav#full-nav a.simple-btn, .tool button {
 	font-family: @sansFont;
 	border: 1px solid #ccc !important;
 	padding: .5rem 1rem;
diff --git a/less/pad-theme.less b/less/pad-theme.less
index af1f95c..a8f668e 100644
--- a/less/pad-theme.less
+++ b/less/pad-theme.less
@@ -63,7 +63,7 @@ body#pad, body#pad-sub {
 				}
 			}
 			#belt {
-				a {
+				a, button {
 					color: #000;
 				}
 			}
@@ -100,7 +100,7 @@ body#pad, body#pad-sub {
 				}
 			}
 			#belt {
-				a {
+				a, button {
 					color: white;
 				}
 			}
diff --git a/less/pad.less b/less/pad.less
index d37c6bc..a132b30 100644
--- a/less/pad.less
+++ b/less/pad.less
@@ -222,6 +222,13 @@ body#pad, body#pad-sub {
 					font-style: italic;
 				}
 			}
+			button {
+				font-family: @sansFont;
+				background-color: transparent;
+				padding-top: 0.25rem;
+				padding-bottom: 0.25rem;
+				border: 0;
+			}
 		}
 	}
 }
diff --git a/templates/bare.tmpl b/templates/bare.tmpl
new file mode 100644
index 0000000..1398a47
--- /dev/null
+++ b/templates/bare.tmpl
@@ -0,0 +1,235 @@
+{{define "pad"}}<!DOCTYPE HTML>
+<html>
+	<head>
+
+		<title>{{if .Editing}}Editing {{if .Post.Title}}{{.Post.Title}}{{else}}{{.Post.Id}}{{end}}{{else}}New Post{{end}} &mdash; {{.SiteName}}</title>
+		
+		<link rel="stylesheet" type="text/css" href="/css/write.css" />
+		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+
+		<meta name="google" value="notranslate">
+	</head>
+	<body id="pad" class="light">
+
+		<div id="overlay"></div>
+		
+		<textarea id="writer" placeholder="Write..." class="{{.Post.Font}}" autofocus>{{if .Post.Title}}# {{.Post.Title}}
+
+{{end}}{{.Post.Content}}</textarea>
+		
+		<header id="tools">
+			<div id="clip">
+				{{if not .SingleUser}}<h1><a href="/me/c/" title="View blogs">{{.SiteName}}</a></h1>{{end}}
+				<nav id="target" {{if .SingleUser}}style="margin-left:0"{{end}}><ul>
+						<li>{{if .Blogs}}<a href="{{$c := index .Blogs 0}}{{$c.CanonicalURL}}">My Posts</a>{{else}}<a>Draft</a>{{end}}</li>
+				</ul></nav>
+				<span id="wc" class="hidden if-room room-4">0 words</span>
+			</div>
+			<noscript style="margin-left: 2em;"><strong>NOTE</strong>: for now, you'll need Javascript enabled to post.</noscript>
+			<div id="belt">
+				{{if .Editing}}<div class="tool hidden if-room"><a href="{{if .EditCollection}}{{.EditCollection.CanonicalURL}}{{.Post.Slug}}/edit/meta{{else}}/{{if .SingleUser}}d/{{end}}{{.Post.Id}}/meta{{end}}" title="Edit post metadata" id="edit-meta"><img class="ic-24dp" src="/img/ic_info_dark@2x.png" /></a></div>{{end}}
+				<div class="tool"><button title="Publish your writing" id="publish" style="font-weight: bold">Post</button></div>
+			</div>
+		</header>
+
+		<script src="/js/h.js"></script>
+		<script>
+		var $writer = H.getEl('writer');
+		var $btnPublish = H.getEl('publish');
+		var $wc = H.getEl("wc");
+		var updateWordCount = function() {
+			var words = 0;
+			var val = $writer.el.value.trim();
+			if (val != '') {
+				words = $writer.el.value.trim().replace(/\s+/gi, ' ').split(' ').length;
+			}
+			$wc.el.innerText = words + " word" + (words != 1 ? "s" : "");
+		};
+		var setButtonStates = function() {
+			if (!canPublish) {
+				$btnPublish.el.className = 'disabled';
+				return;
+			}
+			if ($writer.el.value.length === 0 || (draftDoc != 'lastDoc' && $writer.el.value == origDoc)) {
+				$btnPublish.el.className = 'disabled';
+			} else {
+				$btnPublish.el.className = '';
+			}
+		};
+		{{if .Post.Id}}var draftDoc = 'draft{{.Post.Id}}';
+		var origDoc = '{{.Post.Content}}';{{else}}var draftDoc = 'lastDoc';{{end}}
+		H.load($writer, draftDoc, true);
+		updateWordCount();
+		
+		var typingTimer;
+		var doneTypingInterval = 200;
+
+		var posts;
+		{{if and .Post.Id (not .Post.Slug)}}
+		var token = null;
+		var curPostIdx;
+		posts = JSON.parse(H.get('posts', '[]'));
+		for (var i=0; i<posts.length; i++) {
+			if (posts[i].id == "{{.Post.Id}}") {
+				token = posts[i].token;
+				break;
+			}
+		}
+		var canPublish = token != null;
+		{{else}}var canPublish = true;{{end}}
+		var publishing = false;
+		var justPublished = false;
+
+		var publish = function(content, font) {
+			{{if and (and .Post.Id (not .Post.Slug)) (not .User)}}
+			if (!token) {
+				alert("You don't have permission to update this post.");
+				return;
+			}
+			{{end}}
+			publishing = true;
+			$btnPublish.el.textContent = 'Posting...';
+			$btnPublish.el.disabled = true;
+
+			var http = new XMLHttpRequest();
+			var lang = navigator.languages ? navigator.languages[0] : (navigator.language || navigator.userLanguage);
+			lang = lang.substring(0, 2);
+			var post = H.getTitleStrict(content);
+
+			var params = {
+				body: post.content,
+				title: post.title,
+				font: font,
+				lang: lang
+			};
+			{{ if .Post.Slug }}
+			var url = "/api/collections/{{.EditCollection.Alias}}/posts/{{.Post.Id}}";
+			{{ else if .Post.Id }}
+			var url = "/api/posts/{{.Post.Id}}";
+			if (typeof token === 'undefined' || !token) {
+				token = "";
+			}
+			params.token = token;
+			{{ else }}
+			var url = "/api/posts";
+			var postTarget = '{{if .Blogs}}{{$c := index .Blogs 0}}{{$c.Alias}}{{else}}anonymous{{end}}';
+			if (postTarget != 'anonymous') {
+				url = "/api/collections/" + postTarget + "/posts";
+			}
+			{{ end }}
+
+			http.open("POST", url, true);
+
+			// Send the proper header information along with the request
+			http.setRequestHeader("Content-type", "application/json");
+
+			http.onreadystatechange = function() {
+				if (http.readyState == 4) {
+					publishing = false;
+					if (http.status == 200 || http.status == 201) {
+						data = JSON.parse(http.responseText);
+						id = data.data.id;
+						nextURL = '{{if .SingleUser}}/d{{end}}/'+id;
+
+						{{ if not .Post.Id }}
+							// Post created
+							if (postTarget != 'anonymous') {
+							  nextURL = {{if not .SingleUser}}'/'+postTarget+{{end}}'/'+data.data.slug;
+							}
+							editToken = data.data.token;
+
+							{{ if not .User }}if (postTarget == 'anonymous') {
+								// Save the data
+								var posts = JSON.parse(H.get('posts', '[]'));
+
+								{{if .Post.Id}}var newPost = H.createPost("{{.Post.Id}}", token, content);
+								for (var i=0; i<posts.length; i++) {
+									if (posts[i].id == "{{.Post.Id}}") {
+										posts[i].title = newPost.title;
+										posts[i].summary = newPost.summary;
+										break;
+									}
+								}
+								nextURL = "/pad/posts";{{else}}posts.push(H.createPost(id, editToken, content));{{end}}
+
+								H.set('posts', JSON.stringify(posts));
+							}
+							{{ end }}
+						{{ end }}
+
+						justPublished = true;
+						if (draftDoc != 'lastDoc') {
+							H.remove(draftDoc);
+							{{if .Editing}}H.remove('draft{{.Post.Id}}font');{{end}}
+						} else {
+							H.set(draftDoc, '');
+						}
+
+						{{if .EditCollection}}
+						window.location = '{{.EditCollection.CanonicalURL}}{{.Post.Slug}}';
+						{{else}}
+						window.location = nextURL;
+						{{end}}
+					} else {
+						$btnPublish.el.textContent = 'Post';
+						alert("Failed to post. Please try again.");
+					}
+				}
+			}
+			http.send(JSON.stringify(params));
+		};
+
+		setButtonStates();
+		$writer.on('keyup input', function() {
+			setButtonStates();
+			clearTimeout(typingTimer);
+			typingTimer = setTimeout(doneTyping, doneTypingInterval);
+		}, false);
+		$writer.on('keydown', function(e) {
+			clearTimeout(typingTimer);
+			if (e.keyCode == 13 && (e.metaKey || e.ctrlKey)) {
+				$btnPublish.el.click();
+			}
+		});
+		$btnPublish.on('click', function(e) {
+			e.preventDefault();
+			if (!publishing && $writer.el.value) {
+				var content = $writer.el.value;
+				publish(content, selectedFont);
+			}
+		});
+
+		WebFontConfig = {
+			custom: { families: [ 'Lora:400,700:latin' ], urls: [ '/css/fonts.css' ] }
+		};
+		var selectedFont = H.get('{{if .Editing}}draft{{.Post.Id}}font{{else}}padFont{{end}}', '{{.Post.Font}}');
+
+		var doneTyping = function() {
+			if (draftDoc == 'lastDoc' || $writer.el.value != origDoc) {
+				H.save($writer, draftDoc);
+				updateWordCount();
+			}
+		};
+		window.addEventListener('beforeunload', function(e) {
+			if (draftDoc != 'lastDoc' && $writer.el.value == origDoc) {
+				H.remove(draftDoc);
+			} else if (!justPublished) {
+				doneTyping();
+			}
+		});
+
+		try {
+		  (function() {
+			var wf=document.createElement('script');
+			wf.src = '/js/webfont.js';
+			wf.type='text/javascript';
+			wf.async='true';
+			var s=document.getElementsByTagName('script')[0];
+			s.parentNode.insertBefore(wf, s);
+		  })();
+		} catch (e) {
+		  // whatevs
+		}
+		</script>
+	</body>
+</html>{{end}}

From 17f7bc1becd321810694105535b5bc9ce892ddac Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 6 Aug 2019 09:15:05 -0400
Subject: [PATCH 04/90] Move user navigation to its own template section

Ref T681
---
 templates/user/include/header.tmpl | 37 ++++++++++++++++--------------
 1 file changed, 20 insertions(+), 17 deletions(-)

diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 93020e2..5f29646 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -1,20 +1,4 @@
-{{define "header"}}<!DOCTYPE HTML>
-<html>
-<head>
-	<meta charset="utf-8">
-
-	<title>{{.PageTitle}} {{if .Separator}}{{.Separator}}{{else}}&mdash;{{end}} {{.SiteName}}</title>
-
-	<link rel="stylesheet" type="text/css" href="/css/write.css" />
-	<link rel="shortcut icon" href="/favicon.ico" />
-	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
-	<meta name="theme-color" content="#888888" />
-	<meta name="apple-mobile-web-app-title" content="{{.SiteName}}">
-	<link rel="apple-touch-icon" sizes="152x152" href="/img/touch-icon-152.png">
-	<link rel="apple-touch-icon" sizes="167x167" href="/img/touch-icon-167.png">
-	<link rel="apple-touch-icon" sizes="180x180" href="/img/touch-icon-180.png">
-</head>
-<body id="me">
+{{define "user-navigation"}}
 	<header{{if .SingleUser}} class="singleuser"{{end}}>
 		{{if .SingleUser}}
 		<nav id="user-nav">
@@ -75,6 +59,25 @@
 		{{end}}
 		{{end}}
 	</header>
+{{end}}
+{{define "header"}}<!DOCTYPE HTML>
+<html>
+<head>
+	<meta charset="utf-8">
+
+	<title>{{.PageTitle}} {{if .Separator}}{{.Separator}}{{else}}&mdash;{{end}} {{.SiteName}}</title>
+
+	<link rel="stylesheet" type="text/css" href="/css/write.css" />
+	<link rel="shortcut icon" href="/favicon.ico" />
+	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+	<meta name="theme-color" content="#888888" />
+	<meta name="apple-mobile-web-app-title" content="{{.SiteName}}">
+	<link rel="apple-touch-icon" sizes="152x152" href="/img/touch-icon-152.png">
+	<link rel="apple-touch-icon" sizes="167x167" href="/img/touch-icon-167.png">
+	<link rel="apple-touch-icon" sizes="180x180" href="/img/touch-icon-180.png">
+</head>
+<body id="me">
+	{{template "user-navigation" .}}
 	<div id="official-writing">
 {{end}}
 

From cd27a370275aaae63e98a2fa46e7c133091dba6e Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 6 Aug 2019 10:42:43 -0400
Subject: [PATCH 05/90] Display current tag on Reader

i.e. current tag a user is browsing, when they are.
---
 read.go             | 2 ++
 templates/read.tmpl | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/read.go b/read.go
index 3bc91c7..683f124 100644
--- a/read.go
+++ b/read.go
@@ -47,6 +47,7 @@ type readPublication struct {
 	Posts       *[]PublicPost
 	CurrentPage int
 	TotalPages  int
+	SelTopic    string
 }
 
 func initLocalTimeline(app *App) {
@@ -201,6 +202,7 @@ func showLocalTimeline(app *App, w http.ResponseWriter, r *http.Request, page in
 		&posts,
 		page,
 		ttlPages,
+		tag,
 	}
 
 	err := templates["read"].ExecuteTemplate(w, "base", d)
diff --git a/templates/read.tmpl b/templates/read.tmpl
index cd03b9d..e7527bc 100644
--- a/templates/read.tmpl
+++ b/templates/read.tmpl
@@ -76,7 +76,7 @@
 {{define "content"}}
 	<div class="content-container snug" style="max-width: 40rem;">
 		<h1 style="text-align:center">Reader</h1>
-		<p>Read the latest posts from {{.SiteName}}. {{if .Username}}To showcase your writing here, go to your <a href="/me/c/">blog</a> settings and select the <em>Public</em> option.{{end}}</p>
+		<p{{if .SelTopic}} style="text-align:center"{{end}}>{{if .SelTopic}}#{{.SelTopic}} posts{{else}}Read the latest posts from {{.SiteName}}. {{if .Username}}To showcase your writing here, go to your <a href="/me/c/">blog</a> settings and select the <em>Public</em> option.{{end}}{{end}}</p>
 	</div>
 		<div id="wrapper">
 		{{ if gt (len .Posts) 0 }}

From 5f28eb55a5ca16c5a5c6c1b0db23558f18b19da9 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 6 Aug 2019 15:59:14 -0400
Subject: [PATCH 06/90] Update golang.org/x/crypto in go.mod

---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index cc5fc57..5e040ba 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
 	github.com/writeas/slug v1.2.0
 	github.com/writeas/web-core v1.0.0
 	github.com/writefreely/go-nodeinfo v1.2.0
-	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f // indirect
+	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f
 	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
 	golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 // indirect
 	golang.org/x/sys v0.0.0-20190209173611-3b5209105503 // indirect

From 1a80cd3c02ed53f6509ebf7012fc445e5122b628 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 7 Aug 2019 09:00:16 -0400
Subject: [PATCH 07/90] Add site-wide navigation on colls when chorus = true

This adds a new config value: `chorus` that signifies an instance is
more about the Reader view than individual blogs / writers. When
enabled, user navigation will show on all pages, including About,
Reader, and Privacy (ref T680).

It also uses different collection templates that keep the instance-wide
navigation at the top of the page, instead of the author's name --
again, branded more for the collective than the individual.

Ref T681
---
 account.go                            |   9 +-
 app.go                                |   2 +
 collections.go                        |  10 +-
 config/config.go                      |   1 +
 page/page.go                          |   2 +
 posts.go                              |  11 +-
 read.go                               |  17 +-
 templates.go                          |   7 +-
 templates/base.tmpl                   |  26 ++-
 templates/chorus-collection-post.tmpl | 150 +++++++++++++++++
 templates/chorus-collection.tmpl      | 230 ++++++++++++++++++++++++++
 templates/read.tmpl                   |   5 +
 templates/user/include/header.tmpl    |  10 +-
 13 files changed, 464 insertions(+), 16 deletions(-)
 create mode 100644 templates/chorus-collection-post.tmpl
 create mode 100644 templates/chorus-collection.tmpl

diff --git a/account.go b/account.go
index d8ea0df..66a3fa0 100644
--- a/account.go
+++ b/account.go
@@ -21,6 +21,7 @@ import (
 	"github.com/writeas/web-core/data"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/author"
+	"github.com/writeas/writefreely/config"
 	"github.com/writeas/writefreely/page"
 	"html/template"
 	"net/http"
@@ -58,11 +59,15 @@ func NewUserPage(app *App, r *http.Request, u *User, title string, flashes []str
 	up.Flashes = flashes
 	up.Path = r.URL.Path
 	up.IsAdmin = u.IsAdmin()
-	up.CanInvite = app.cfg.App.UserInvites != "" &&
-		(up.IsAdmin || app.cfg.App.UserInvites != "admin")
+	up.CanInvite = canUserInvite(app.cfg, up.IsAdmin)
 	return up
 }
 
+func canUserInvite(cfg *config.Config, isAdmin bool) bool {
+	return cfg.App.UserInvites != "" &&
+		(isAdmin || cfg.App.UserInvites != "admin")
+}
+
 func (up *UserPage) SetMessaging(u *User) {
 	//up.NeedsAuth = app.db.DoesUserNeedAuth(u.ID)
 }
diff --git a/app.go b/app.go
index 6d6a689..68ba7c7 100644
--- a/app.go
+++ b/app.go
@@ -317,6 +317,8 @@ func pageForReq(app *App, r *http.Request) page.StaticPage {
 		u = getUserSession(app, r)
 		if u != nil {
 			p.Username = u.Username
+			p.IsAdmin = u != nil && u.IsAdmin()
+			p.CanInvite = canUserInvite(app.cfg, p.IsAdmin)
 		}
 	}
 	p.CanViewReader = !app.cfg.App.Private || u != nil
diff --git a/collections.go b/collections.go
index 1a8ceca..0d2549a 100644
--- a/collections.go
+++ b/collections.go
@@ -525,6 +525,8 @@ type CollectionPage struct {
 	Username       string
 	Collections    *[]Collection
 	PinnedPosts    *[]PublicPost
+	IsAdmin        bool
+	CanInvite      bool
 }
 
 func (c *CollectionObj) ScriptDisplay() template.JS {
@@ -737,6 +739,8 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 		IsCustomDomain:    cr.isCustomDomain,
 		IsWelcome:         r.FormValue("greeting") != "",
 	}
+	displayPage.IsAdmin = u != nil && u.IsAdmin()
+	displayPage.CanInvite = canUserInvite(app.cfg, displayPage.IsAdmin)
 	var owner *User
 	if u != nil {
 		displayPage.Username = u.Username
@@ -768,7 +772,11 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 	// TODO: fix this mess of collections inside collections
 	displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj)
 
-	err = templates["collection"].ExecuteTemplate(w, "collection", displayPage)
+	collTmpl := "collection"
+	if app.cfg.App.Chorus {
+		collTmpl = "chorus-collection"
+	}
+	err = templates[collTmpl].ExecuteTemplate(w, "collection", displayPage)
 	if err != nil {
 		log.Error("Unable to render collection index: %v", err)
 	}
diff --git a/config/config.go b/config/config.go
index d026a74..9a1db52 100644
--- a/config/config.go
+++ b/config/config.go
@@ -69,6 +69,7 @@ type (
 		WebFonts   bool   `ini:"webfonts"`
 		Landing    string `ini:"landing"`
 		SimpleNav  bool   `ini:"simple_nav"`
+		Chorus     bool   `ini:"chorus"`
 
 		// Users
 		SingleUser       bool `ini:"single_user"`
diff --git a/page/page.go b/page/page.go
index 2af5322..15f09a9 100644
--- a/page/page.go
+++ b/page/page.go
@@ -28,6 +28,8 @@ type StaticPage struct {
 	Values        map[string]string
 	Flashes       []string
 	CanViewReader bool
+	IsAdmin       bool
+	CanInvite     bool
 }
 
 // SanitizeHost alters the StaticPage to contain a real hostname. This is
diff --git a/posts.go b/posts.go
index 07902ce..b1ce20f 100644
--- a/posts.go
+++ b/posts.go
@@ -1345,15 +1345,24 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
 			IsPinned       bool
 			IsCustomDomain bool
 			PinnedPosts    *[]PublicPost
+			IsAdmin        bool
+			CanInvite      bool
 		}{
 			PublicPost:     p,
 			StaticPage:     pageForReq(app, r),
 			IsOwner:        cr.isCollOwner,
 			IsCustomDomain: cr.isCustomDomain,
 		}
+		tp.IsAdmin = u != nil && u.IsAdmin()
+		tp.CanInvite = canUserInvite(app.cfg, tp.IsAdmin)
 		tp.PinnedPosts, _ = app.db.GetPinnedPosts(coll)
 		tp.IsPinned = len(*tp.PinnedPosts) > 0 && PostsContains(tp.PinnedPosts, p)
-		if err := templates["collection-post"].ExecuteTemplate(w, "post", tp); err != nil {
+
+		postTmpl := "collection-post"
+		if app.cfg.App.Chorus {
+			postTmpl = "chorus-collection-post"
+		}
+		if err := templates[postTmpl].ExecuteTemplate(w, "post", tp); err != nil {
 			log.Error("Error in collection-post template: %v", err)
 		}
 	}
diff --git a/read.go b/read.go
index 683f124..fa350fa 100644
--- a/read.go
+++ b/read.go
@@ -48,6 +48,8 @@ type readPublication struct {
 	CurrentPage int
 	TotalPages  int
 	SelTopic    string
+	IsAdmin     bool
+	CanInvite   bool
 }
 
 func initLocalTimeline(app *App) {
@@ -198,11 +200,16 @@ func showLocalTimeline(app *App, w http.ResponseWriter, r *http.Request, page in
 	}
 
 	d := &readPublication{
-		pageForReq(app, r),
-		&posts,
-		page,
-		ttlPages,
-		tag,
+		StaticPage:  pageForReq(app, r),
+		Posts:       &posts,
+		CurrentPage: page,
+		TotalPages:  ttlPages,
+		SelTopic:    tag,
+	}
+	if app.cfg.App.Chorus {
+		u := getUserSession(app, r)
+		d.IsAdmin = u != nil && u.IsAdmin()
+		d.CanInvite = canUserInvite(app.cfg, d.IsAdmin)
 	}
 
 	err := templates["read"].ExecuteTemplate(w, "base", d)
diff --git a/templates.go b/templates.go
index 7a45c45..6e9a008 100644
--- a/templates.go
+++ b/templates.go
@@ -64,11 +64,14 @@ func initTemplate(parentDir, name string) {
 		filepath.Join(parentDir, templatesDir, "include", "footer.tmpl"),
 		filepath.Join(parentDir, templatesDir, "base.tmpl"),
 	}
-	if name == "collection" || name == "collection-tags" {
+	if name == "collection" || name == "collection-tags" || name == "chorus-collection" {
 		// These pages list out collection posts, so we also parse templatesDir + "include/posts.tmpl"
 		files = append(files, filepath.Join(parentDir, templatesDir, "include", "posts.tmpl"))
 	}
-	if name == "collection" || name == "collection-tags" || name == "collection-post" || name == "post" {
+	if name == "chorus-collection" || name == "chorus-collection-post" {
+		files = append(files, filepath.Join(parentDir, templatesDir, "user", "include", "header.tmpl"))
+	}
+	if name == "collection" || name == "collection-tags" || name == "collection-post" || name == "post" || name == "chorus-collection" || name == "chorus-collection-post" {
 		files = append(files, filepath.Join(parentDir, templatesDir, "include", "post-render.tmpl"))
 	}
 	templates[name] = template.Must(template.New("").Funcs(funcMap).ParseFiles(files...))
diff --git a/templates/base.tmpl b/templates/base.tmpl
index c1f17ad..41b0f2a 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -13,14 +13,38 @@
 	<body {{template "body-attrs" .}}>
 		<div id="overlay"></div>
 		<header>
-			<h2><a href="/">{{.SiteName}}</a></h2>
+			{{ if .SimpleNav }}<nav id="full-nav">
+				<div class="left-side">
+					<h2><a href="/">{{.SiteName}}</a></h2>
+				</div>
+			{{ else }}
+				<h2><a href="/">{{.SiteName}}</a></h2>
+			{{ end }}
 			{{if not .SingleUser}}
 			<nav id="user-nav">
+				{{if and .Chorus .Username}}
+				<nav class="dropdown-nav">
+					<ul><li><a>{{.Username}}</a> <img class="ic-18dp" src="/img/ic_down_arrow_dark@2x.png" /><ul>
+							{{if .IsAdmin}}<li><a href="/admin">Admin dashboard</a></li>{{end}}
+							<li><a href="/me/settings">Account settings</a></li>
+							<li><a href="/me/export">Export</a></li>
+							{{if .CanInvite}}<li><a href="/me/invites">Invite people</a></li>{{end}}
+							<li class="separator"><hr /></li>
+							<li><a href="/me/logout">Log out</a></li>
+						</ul></li>
+					</ul>
+				</nav>
+				{{end}}
 				<nav class="tabs">
 					<a href="/about"{{if eq .Path "/about"}} class="selected"{{end}}>About</a>
 					{{if and (and (not .SingleUser) .LocalTimeline) .CanViewReader}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
 					{{if and (not .SingleUser) (not .Username)}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
 				</nav>
+				{{if .SimpleNav}}{{if .Username}}<div class="right-side" style="font-size: 0.86em;">
+							<a class="simple-btn" href="/new">New Post</a>
+						</div>{{end}}
+					</nav>
+				{{end}}
 			</nav>
 			{{end}}
 		</header>
diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
new file mode 100644
index 0000000..392ebe6
--- /dev/null
+++ b/templates/chorus-collection-post.tmpl
@@ -0,0 +1,150 @@
+{{define "post"}}<!DOCTYPE HTML>
+<html {{if .Language.Valid}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">
+	<head prefix="og: http://ogp.me/ns# article: http://ogp.me/ns/article#">
+		<meta charset="utf-8">
+
+		<title>{{.PlainDisplayTitle}} {{localhtml "title dash" .Language.String}} {{.Collection.DisplayTitle}}</title>
+		
+		<link rel="stylesheet" type="text/css" href="/css/write.css" />
+		<link rel="shortcut icon" href="/favicon.ico" />
+		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+		<link rel="canonical" href="{{.CanonicalURL}}" />
+		<meta name="generator" content="WriteFreely">
+		<meta name="title" content="{{.PlainDisplayTitle}} {{localhtml "title dash" .Language.String}} {{if .Collection.Title}}{{.Collection.Title}}{{else}}{{.Collection.Alias}}{{end}}">
+		<meta name="description" content="{{.Summary}}">
+		{{if gt .Views 1}}<meta name="twitter:label1" value="Views">
+		<meta name="twitter:data1" value="{{largeNumFmt .Views}}">{{end}}
+		<meta name="author" content="{{.Collection.Title}}" />
+		<meta itemprop="description" content="{{.Summary}}">
+		<meta itemprop="datePublished" content="{{.CreatedDate}}" />
+		<meta name="twitter:card" content="summary">
+		<meta name="twitter:description" content="{{.Summary}}">
+		<meta name="twitter:title" content="{{.PlainDisplayTitle}} {{localhtml "title dash" .Language.String}} {{if .Collection.Title}}{{.Collection.Title}}{{else}}{{.Collection.Alias}}{{end}}">
+		{{if gt (len .Images) 0}}<meta name="twitter:image" content="{{index .Images 0}}">{{else}}<meta name="twitter:image" content="{{.Collection.AvatarURL}}">{{end}}
+		<meta property="og:title" content="{{.PlainDisplayTitle}}" />
+		<meta property="og:description" content="{{.Summary}}" />
+		<meta property="og:site_name" content="{{.Collection.DisplayTitle}}" />
+		<meta property="og:type" content="article" />
+		<meta property="og:url" content="{{.CanonicalURL}}" />
+		<meta property="og:updated_time" content="{{.Created8601}}" />
+		{{range .Images}}<meta property="og:image" content="{{.}}" />{{else}}<meta property="og:image" content="{{.Collection.AvatarURL}}">{{end}}
+		<meta property="article:published_time" content="{{.Created8601}}">
+		{{if .Collection.StyleSheet}}<style type="text/css">{{.Collection.StyleSheetDisplay}}</style>{{end}}
+	<style type="text/css">
+body footer {
+	max-width: 40rem;
+	margin: 0 auto;
+}
+body#post header {
+	padding: 1em 1rem;
+}
+article time.dt-published {
+	display: block;
+	color: #666;
+}
+body#post article h2#title{
+	margin-bottom: 0.5em;
+}
+article time.dt-published {
+	margin-bottom: 1em;
+}
+	</style>
+
+		{{if .Collection.RenderMathJax}}
+		  <!-- Add mathjax logic -->
+  		  {{template "mathjax" . }}
+		{{end}}
+
+		<!-- Add highlighting logic -->
+		{{template "highlighting" .}}
+
+	</head>
+	<body id="post">
+		
+		<div id="overlay"></div>
+
+		{{template "user-navigation" .}}
+		
+		<article id="post-body" class="{{.Font}} h-entry">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name">{{.FormattedDisplayTitle}}</h2>{{end}}{{/* TODO: check format: if .Collection.Format.ShowDates*/}}<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time><div class="e-content">{{.HTMLContent}}</div></article>
+
+		{{ if .Collection.ShowFooterBranding }}
+		<footer dir="ltr">
+			<p style="text-align: left">Published by <a rel="author" href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a>
+				{{ if .IsOwner }} &middot; <span class="views" dir="ltr"><strong>{{largeNumFmt .Views}}</strong> {{pluralize "view" "views" .Views}}</span>
+				&middot; <a class="xtra-feature" href="/{{if not .SingleUser}}{{.Collection.Alias}}/{{end}}{{.Slug.String}}/edit" dir="{{.Direction}}">Edit</a>
+				{{if .IsPinned}} &middot; <a class="xtra-feature unpin" href="/{{.Collection.Alias}}/{{.Slug.String}}/unpin" dir="{{.Direction}}" onclick="unpinPost(event, '{{.ID}}')">Unpin</a>{{end}}
+				{{ end }}
+			</p>
+			<nav>
+				{{if .PinnedPosts}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{end}}
+			</nav>
+			<hr>
+			<nav><p style="font-size: 0.9em">{{localhtml "published with write.as" .Language.String}}</p></nav>
+		</footer>
+		{{ end }}
+	</body>
+	
+	{{if .Collection.CanShowScript}}
+		{{range .Collection.ExternalScripts}}<script type="text/javascript" src="{{.}}" async></script>{{end}}
+		{{if .Collection.Script}}<script type="text/javascript">{{.Collection.ScriptDisplay}}</script>{{end}}
+	{{end}}
+	<script type="text/javascript">
+
+var pinning = false;
+function unpinPost(e, postID) {
+	e.preventDefault();
+	if (pinning) {
+		return;
+	}
+	pinning = true;
+
+	var $header = document.getElementsByTagName('header')[0];
+	var callback = function() {
+		// Hide current page
+		var $pinnedNavLink = $header.getElementsByTagName('nav')[0].querySelector('.pinned.selected');
+		$pinnedNavLink.style.display = 'none';
+	};
+
+	var $pinBtn = $header.getElementsByClassName('unpin')[0];
+	$pinBtn.innerHTML = '...';
+
+	var http = new XMLHttpRequest();
+	var url = "/api/collections/{{.Collection.Alias}}/unpin";
+	var params = [ { "id": postID } ];
+	http.open("POST", url, true);
+	http.setRequestHeader("Content-type", "application/json");
+	http.onreadystatechange = function() {
+		if (http.readyState == 4) {
+			pinning = false;
+			if (http.status == 200) {
+				callback();
+				$pinBtn.style.display = 'none';
+				$pinBtn.innerHTML = 'Pin';
+			} else if (http.status == 409) {
+				$pinBtn.innerHTML = 'Unpin';
+			} else {
+				$pinBtn.innerHTML = 'Unpin';
+				alert("Failed to unpin." + (http.status>=500?" Please try again.":""));
+			}
+		}
+	}
+	http.send(JSON.stringify(params));
+};
+
+	try { // Fonts
+	  WebFontConfig = {
+		custom: { families: [ 'Lora:400,700:latin', 'Open+Sans:400,700:latin' ], urls: [ '/css/fonts.css' ] }
+	  };
+	  (function() {
+		var wf = document.createElement('script');
+		wf.src = '/js/webfont.js';
+		wf.type = 'text/javascript';
+		wf.async = 'true';
+		var s = document.getElementsByTagName('script')[0];
+		s.parentNode.insertBefore(wf, s);
+	  })();
+	} catch (e) { /* ¯\_(ツ)_/¯ */ }
+	</script>
+</html>{{end}}
diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
new file mode 100644
index 0000000..06695b1
--- /dev/null
+++ b/templates/chorus-collection.tmpl
@@ -0,0 +1,230 @@
+{{define "collection"}}<!DOCTYPE HTML>
+<html {{if .Language}}lang="{{.Language}}"{{end}} dir="{{.Direction}}">
+	<head>
+		<meta charset="utf-8">
+
+		<title>{{.DisplayTitle}}{{if not .SingleUser}} &mdash; {{.SiteName}}{{end}}</title>
+		
+		<link rel="stylesheet" type="text/css" href="/css/write.css" />
+		<link rel="shortcut icon" href="/favicon.ico" />
+		<link rel="canonical" href="{{.CanonicalURL}}">
+		{{if gt .CurrentPage 1}}<link rel="prev" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">{{end}}
+		{{if lt .CurrentPage .TotalPages}}<link rel="next" href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">{{end}}
+		{{if not .IsPrivate}}<link rel="alternate" type="application/rss+xml" title="{{.DisplayTitle}} &raquo; Feed" href="{{.CanonicalURL}}feed/" />{{end}}
+		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+
+		<meta name="generator" content="WriteFreely">
+		<meta name="description" content="{{.Description}}">
+		<meta itemprop="name" content="{{.DisplayTitle}}">
+		<meta itemprop="description" content="{{.Description}}">
+		<meta name="twitter:card" content="summary">
+		<meta name="twitter:title" content="{{.DisplayTitle}}">
+		<meta name="twitter:image" content="{{.AvatarURL}}">
+		<meta name="twitter:description" content="{{.Description}}">
+		<meta property="og:title" content="{{.DisplayTitle}}" />
+		<meta property="og:site_name" content="{{.DisplayTitle}}" />
+		<meta property="og:type" content="article" />
+		<meta property="og:url" content="{{.CanonicalURL}}" />
+		<meta property="og:description" content="{{.Description}}" />
+		<meta property="og:image" content="{{.AvatarURL}}">
+		{{if .StyleSheet}}<style type="text/css">{{.StyleSheetDisplay}}</style>{{end}}
+	<style type="text/css">
+body#collection header {
+	max-width: 40em;
+	margin: 1em auto;
+    text-align: left;
+	padding: 0;
+}
+body#collection header.multiuser {
+    max-width: 100%;
+    margin: 1em;
+}
+body#collection header nav:not(.pinned-posts) {
+	display: inline;
+}
+body#collection header nav.dropdown-nav,
+body#collection header nav.tabs,
+body#collection header nav.tabs a:first-child {
+	margin: 0 0 0 1em;
+}
+	</style>
+
+		{{if .RenderMathJax}}
+		  <!-- Add mathjax logic -->
+		  {{template "mathjax" .}}
+		{{end}}
+
+		<!-- Add highlighting logic -->
+		{{template "highlighting" . }}
+
+	</head>
+	<body id="collection" itemscope itemtype="http://schema.org/WebPage">
+		{{template "user-navigation" .}}
+		
+		<header>
+		<h1 dir="{{.Direction}}" id="blog-title"><a href="/{{if .IsTopLevel}}{{else}}{{.Prefix}}{{.Alias}}/{{end}}" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
+		{{if .Description}}<p class="description p-note">{{.Description}}</p>{{end}}
+		{{/*if not .Public/*}}
+			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
+		{{/*end*/}}
+		{{if .PinnedPosts}}<nav class="pinned-posts">
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+		{{end}}
+		</header>
+		
+		{{if .Posts}}<section id="wrapper" itemscope itemtype="http://schema.org/Blog">{{else}}<div id="wrapper">{{end}}
+
+			{{if .IsWelcome}}
+			<div id="welcome">
+				<h2>Welcome, <strong>{{.Username}}</strong>!</h2>
+				<p>This is your new blog.</p>
+				<p><a class="simple-cta" href="/#{{.Alias}}">Start writing</a>, or <a class="simple-cta" href="/me/c/{{.Alias}}">customize</a> your blog.</p>
+				<p>Check out our <a class="simple-cta" href="https://guides.write.as/writing/?pk_campaign=welcome">writing guide</a> to see what else you can do, and <a class="simple-cta" href="/contact">get in touch</a> anytime with questions or feedback.</p>
+			</div>
+			{{end}}
+
+			{{template "posts" .}}
+
+		{{if gt .TotalPages 1}}<nav id="paging" class="content-container clearfix">
+			{{if or (and .Format.Ascending (lt .CurrentPage .TotalPages)) (isRTL .Direction)}}
+				{{if gt .CurrentPage 1}}<a href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; {{if and .Format.Ascending (lt .CurrentPage .TotalPages)}}Previous{{else}}Newer{{end}}</a>{{end}}
+				{{if lt .CurrentPage .TotalPages}}<a style="float:right;" href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">{{if and .Format.Ascending (lt .CurrentPage .TotalPages)}}Next{{else}}Older{{end}} &#8674;</a>{{end}}
+			{{else}}
+				{{if lt .CurrentPage .TotalPages}}<a href="{{.NextPageURL .Prefix .CurrentPage .IsTopLevel}}">&#8672; Older</a>{{end}}
+				{{if gt .CurrentPage 1}}<a style="float:right;" href="{{.PrevPageURL .Prefix .CurrentPage .IsTopLevel}}">Newer &#8674;</a>{{end}}
+			{{end}}
+		</nav>{{end}}
+
+		{{if .Posts}}</section>{{else}}</div>{{end}}
+
+		{{if .ShowFooterBranding }}
+		<footer>
+			<hr />
+			<nav dir="ltr">
+				{{if not .SingleUser}}<a class="home pubd" href="/">{{.SiteName}}</a> &middot; {{end}}powered by <a style="margin-left:0" href="https://writefreely.org">writefreely</a>
+			</nav>
+		</footer>
+		{{ end }}
+	</body>
+
+	{{if .CanShowScript}}
+		{{range .ExternalScripts}}<script type="text/javascript" src="{{.}}" async></script>{{end}}
+		{{if .Script}}<script type="text/javascript">{{.ScriptDisplay}}</script>{{end}}
+	{{end}}
+	<script src="/js/h.js"></script>
+	<script src="/js/postactions.js"></script>
+	<script type="text/javascript">
+var deleting = false;
+function delPost(e, id, owned) {
+	e.preventDefault();
+	if (deleting) {
+		return;
+	}
+
+	// TODO: UNDO!
+	if (window.confirm('Are you sure you want to delete this post?')) {
+		// AJAX
+		deletePost(id, "", function() {
+			// Remove post from list
+			var $postEl = document.getElementById('post-' + id);
+			$postEl.parentNode.removeChild($postEl);
+			// TODO: add next post from this collection at the bottom
+		});
+	}
+}
+
+var deletePost = function(postID, token, callback) {
+	deleting = true;
+
+	var $delBtn = document.getElementById('post-' + postID).getElementsByClassName('delete action')[0];
+	$delBtn.innerHTML = '...';
+
+	var http = new XMLHttpRequest();
+	var url = "/api/posts/" + postID;
+	http.open("DELETE", url, true);
+	http.onreadystatechange = function() {
+		if (http.readyState == 4) {
+			deleting = false;
+			if (http.status == 204) {
+				callback();
+			} else if (http.status == 409) {
+				$delBtn.innerHTML = 'delete';
+				alert("Post is synced to another account. Delete the post from that account instead.");
+				// TODO: show "remove" button instead of "delete" now
+				// Persist that state.
+				// Have it remove the post locally only.
+			} else {
+				$delBtn.innerHTML = 'delete';
+				alert("Failed to delete." + (http.status>=500?" Please try again.":""));
+			}
+		}
+	}
+	http.send();
+};
+
+var pinning = false;
+function pinPost(e, postID, slug, title) {
+	e.preventDefault();
+	if (pinning) {
+		return;
+	}
+	pinning = true;
+
+	var callback = function() {
+		// Visibly remove post from collection
+		var $postEl = document.getElementById('post-' + postID);
+		$postEl.parentNode.removeChild($postEl);
+		var $header = document.getElementsByTagName('header')[0];
+		var $pinnedNavs = $header.getElementsByTagName('nav');
+		// Add link to nav
+		var link = '<a class="pinned" href="/{{.Alias}}/'+slug+'">'+title+'</a>';
+		if ($pinnedNavs.length == 0) {
+			$header.insertAdjacentHTML("beforeend", '<nav>'+link+'</nav>');
+		} else {
+			$pinnedNavs[0].insertAdjacentHTML("beforeend", link);
+		}
+	};
+
+	var $pinBtn = document.getElementById('post-' + postID).getElementsByClassName('pin action')[0];
+	$pinBtn.innerHTML = '...';
+
+	var http = new XMLHttpRequest();
+	var url = "/api/collections/{{.Alias}}/pin";
+	var params = [ { "id": postID } ];
+	http.open("POST", url, true);
+	http.setRequestHeader("Content-type", "application/json");
+	http.onreadystatechange = function() {
+		if (http.readyState == 4) {
+			pinning = false;
+			if (http.status == 200) {
+				callback();
+			} else if (http.status == 409) {
+				$pinBtn.innerHTML = 'pin';
+				alert("Post is synced to another account. Delete the post from that account instead.");
+				// TODO: show "remove" button instead of "delete" now
+				// Persist that state.
+				// Have it remove the post locally only.
+			} else {
+				$pinBtn.innerHTML = 'pin';
+				alert("Failed to pin." + (http.status>=500?" Please try again.":""));
+			}
+		}
+	}
+	http.send(JSON.stringify(params));
+};
+
+	try {
+	  WebFontConfig = {
+		custom: { families: [ 'Lora:400,700:latin', 'Open+Sans:400,700:latin' ], urls: [ '/css/fonts.css' ] }
+	  };
+	  (function() {
+		var wf = document.createElement('script');
+		wf.src = '/js/webfont.js';
+		wf.type = 'text/javascript';
+		wf.async = 'true';
+		var s = document.getElementsByTagName('script')[0];
+		s.parentNode.insertBefore(wf, s);
+	  })();
+	} catch (e) {}
+	</script>
+</html>{{end}}
diff --git a/templates/read.tmpl b/templates/read.tmpl
index e7527bc..28d2fd1 100644
--- a/templates/read.tmpl
+++ b/templates/read.tmpl
@@ -65,11 +65,16 @@
 		}
 		body#collection header nav {
 			display: inline !important;
+		}
+		body#collection header nav:not(#full-nav):not(#user-nav) {
 			margin: 0 0 0 1em !important;
 		}
 		header nav#user-nav {
 			margin-left: 0 !important;
 		}
+		body#collection header nav.tabs a:first-child {
+			margin-left: 1em;
+		}
 		</style>
 {{end}}
 {{define "body-attrs"}}id="collection"{{end}}
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 5f29646..1ebc6ac 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -1,5 +1,5 @@
 {{define "user-navigation"}}
-	<header{{if .SingleUser}} class="singleuser"{{end}}>
+	<header class="{{if .SingleUser}}singleuser{{else}}multiuser{{end}}">
 		{{if .SingleUser}}
 		<nav id="user-nav">
 			<nav class="dropdown-nav">
@@ -30,6 +30,7 @@
 			<h1><a href="/" title="Return to editor">{{.SiteName}}</a></h1>
 		{{ end }}
 		<nav id="user-nav">
+			{{if .Username}}
 			<nav class="dropdown-nav">
 				<ul><li><a>{{.Username}}</a> <img class="ic-18dp" src="/img/ic_down_arrow_dark@2x.png" /><ul>
 						{{if .IsAdmin}}<li><a href="/admin">Admin dashboard</a></li>{{end}}
@@ -41,20 +42,21 @@
 					</ul></li>
 				</ul>
 			</nav>
+			{{end}}
 			<nav class="tabs">
 				{{if .SimpleNav}}
 					<a href="/about">About</a>
 					{{if and (and (not .SingleUser) .LocalTimeline) .CanViewReader}}<a href="/read">Reader</a>{{end}}
-					<a href="/me/logout">Log out</a>
+					{{if .Username}}<a href="/me/logout">Log out</a>{{else}}<a href="/login">Log in</a>{{end}}
 				{{else}}
 					<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>
 					<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>
 				{{end}}
 			</nav>
 		</nav>
-		{{if .SimpleNav}}<div class="right-side">
+		{{if .SimpleNav}}{{if .Username}}<div class="right-side">
 					<a class="simple-btn" href="/new">New Post</a>
-				</div>
+				</div>{{end}}
 			</nav>
 		{{end}}
 		{{end}}

From ff7828c55827cc69b5a2a698a4a119075b6f5a9e Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 7 Aug 2019 09:26:07 -0400
Subject: [PATCH 08/90] Link hashtags to Reader when Chorus mode enabled

instead of linking to posts only on a user's blog.

Ref T681
---
 activitypub.go |  8 ++++----
 app.go         |  6 +++---
 collections.go |  6 +++---
 database.go    | 13 +++++++------
 export.go      |  2 +-
 feed.go        |  6 +++---
 postrender.go  | 23 ++++++++++++++---------
 posts.go       | 19 ++++++++++++-------
 read.go        |  4 ++--
 sitemap.go     |  2 +-
 10 files changed, 50 insertions(+), 39 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index 997609d..e37fb97 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -129,10 +129,10 @@ func handleFetchCollectionOutbox(app *App, w http.ResponseWriter, r *http.Reques
 	ocp := activitystreams.NewOrderedCollectionPage(accountRoot, "outbox", res.TotalPosts, p)
 	ocp.OrderedItems = []interface{}{}
 
-	posts, err := app.db.GetPosts(c, p, false, true, false)
+	posts, err := app.db.GetPosts(app.cfg, c, p, false, true, false)
 	for _, pp := range *posts {
 		pp.Collection = res
-		o := pp.ActivityObject()
+		o := pp.ActivityObject(app.cfg)
 		a := activitystreams.NewCreateActivity(o)
 		ocp.OrderedItems = append(ocp.OrderedItems, *a)
 	}
@@ -524,7 +524,7 @@ func deleteFederatedPost(app *App, p *PublicPost, collID int64) error {
 	}
 	p.Collection.hostName = app.cfg.App.Host
 	actor := p.Collection.PersonObject(collID)
-	na := p.ActivityObject()
+	na := p.ActivityObject(app.cfg)
 
 	// Add followers
 	p.Collection.ID = collID
@@ -570,7 +570,7 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 		}
 	}
 	actor := p.Collection.PersonObject(collID)
-	na := p.ActivityObject()
+	na := p.ActivityObject(app.cfg)
 
 	// Add followers
 	p.Collection.ID = collID
diff --git a/app.go b/app.go
index 68ba7c7..9525a07 100644
--- a/app.go
+++ b/app.go
@@ -224,14 +224,14 @@ func handleViewHome(app *App, w http.ResponseWriter, r *http.Request) error {
 		log.Error("unable to get landing banner: %v", err)
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get banner: %v", err)}
 	}
-	p.Banner = template.HTML(applyMarkdown([]byte(banner.Content), ""))
+	p.Banner = template.HTML(applyMarkdown([]byte(banner.Content), "", app.cfg))
 
 	content, err := getLandingBody(app)
 	if err != nil {
 		log.Error("unable to get landing content: %v", err)
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get content: %v", err)}
 	}
-	p.Content = template.HTML(applyMarkdown([]byte(content.Content), ""))
+	p.Content = template.HTML(applyMarkdown([]byte(content.Content), "", app.cfg))
 
 	// Get error messages
 	session, err := app.sessionStore.Get(r, cookieName)
@@ -279,7 +279,7 @@ func handleTemplatedPage(app *App, w http.ResponseWriter, r *http.Request, t *te
 			return err
 		}
 		p.ContentTitle = c.Title.String
-		p.Content = template.HTML(applyMarkdown([]byte(c.Content), ""))
+		p.Content = template.HTML(applyMarkdown([]byte(c.Content), "", app.cfg))
 		p.PlainContent = shortPostDescription(stripmd.Strip(c.Content))
 		if !c.Updated.IsZero() {
 			p.Updated = c.Updated.Format("January 2, 2006")
diff --git a/collections.go b/collections.go
index 0d2549a..b8454e1 100644
--- a/collections.go
+++ b/collections.go
@@ -496,7 +496,7 @@ func fetchCollectionPosts(app *App, w http.ResponseWriter, r *http.Request) erro
 		}
 	}
 
-	posts, err := app.db.GetPosts(c, page, isCollOwner, false, false)
+	posts, err := app.db.GetPosts(app.cfg, c, page, isCollOwner, false, false)
 	if err != nil {
 		return err
 	}
@@ -730,7 +730,7 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 		return impart.HTTPError{http.StatusFound, redirURL}
 	}
 
-	coll.Posts, _ = app.db.GetPosts(c, page, cr.isCollOwner, false, false)
+	coll.Posts, _ = app.db.GetPosts(app.cfg, c, page, cr.isCollOwner, false, false)
 
 	// Serve collection
 	displayPage := CollectionPage{
@@ -825,7 +825,7 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 
 	coll := newDisplayCollection(c, cr, page)
 
-	coll.Posts, _ = app.db.GetPostsTagged(c, tag, page, cr.isCollOwner)
+	coll.Posts, _ = app.db.GetPostsTagged(app.cfg, c, tag, page, cr.isCollOwner)
 	if coll.Posts != nil && len(*coll.Posts) == 0 {
 		return ErrCollectionPageNotFound
 	}
diff --git a/database.go b/database.go
index 1ea9872..9d4891d 100644
--- a/database.go
+++ b/database.go
@@ -29,6 +29,7 @@ import (
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/web-core/query"
 	"github.com/writeas/writefreely/author"
+	"github.com/writeas/writefreely/config"
 	"github.com/writeas/writefreely/key"
 )
 
@@ -105,8 +106,8 @@ type writestore interface {
 	ClaimPosts(userID int64, collAlias string, posts *[]ClaimPostRequest) (*[]ClaimPostResult, error)
 
 	GetPostsCount(c *CollectionObj, includeFuture bool)
-	GetPosts(c *Collection, page int, includeFuture, forceRecentFirst, includePinned bool) (*[]PublicPost, error)
-	GetPostsTagged(c *Collection, tag string, page int, includeFuture bool) (*[]PublicPost, error)
+	GetPosts(cfg *config.Config, c *Collection, page int, includeFuture, forceRecentFirst, includePinned bool) (*[]PublicPost, error)
+	GetPostsTagged(cfg *config.Config, c *Collection, tag string, page int, includeFuture bool) (*[]PublicPost, error)
 
 	GetAPFollowers(c *Collection) (*[]RemoteUser, error)
 	GetAPActorKeys(collectionID int64) ([]byte, []byte)
@@ -1067,7 +1068,7 @@ func (db *datastore) GetPostsCount(c *CollectionObj, includeFuture bool) {
 // It will return future posts if `includeFuture` is true.
 // It will include only standard (non-pinned) posts unless `includePinned` is true.
 // TODO: change includeFuture to isOwner, since that's how it's used
-func (db *datastore) GetPosts(c *Collection, page int, includeFuture, forceRecentFirst, includePinned bool) (*[]PublicPost, error) {
+func (db *datastore) GetPosts(cfg *config.Config, c *Collection, page int, includeFuture, forceRecentFirst, includePinned bool) (*[]PublicPost, error) {
 	collID := c.ID
 
 	cf := c.NewFormat()
@@ -1112,7 +1113,7 @@ func (db *datastore) GetPosts(c *Collection, page int, includeFuture, forceRecen
 			break
 		}
 		p.extractData()
-		p.formatContent(c, includeFuture)
+		p.formatContent(cfg, c, includeFuture)
 
 		posts = append(posts, p.processPost())
 	}
@@ -1128,7 +1129,7 @@ func (db *datastore) GetPosts(c *Collection, page int, includeFuture, forceRecen
 // given tag.
 // It will return future posts if `includeFuture` is true.
 // TODO: change includeFuture to isOwner, since that's how it's used
-func (db *datastore) GetPostsTagged(c *Collection, tag string, page int, includeFuture bool) (*[]PublicPost, error) {
+func (db *datastore) GetPostsTagged(cfg *config.Config, c *Collection, tag string, page int, includeFuture bool) (*[]PublicPost, error) {
 	collID := c.ID
 
 	cf := c.NewFormat()
@@ -1176,7 +1177,7 @@ func (db *datastore) GetPostsTagged(c *Collection, tag string, page int, include
 			break
 		}
 		p.extractData()
-		p.formatContent(c, includeFuture)
+		p.formatContent(cfg, c, includeFuture)
 
 		posts = append(posts, p.processPost())
 	}
diff --git a/export.go b/export.go
index 47a2603..b30b59d 100644
--- a/export.go
+++ b/export.go
@@ -118,7 +118,7 @@ func compileFullExport(app *App, u *User) *ExportUser {
 	var collObjs []CollectionObj
 	for _, c := range *colls {
 		co := &CollectionObj{Collection: c}
-		co.Posts, err = app.db.GetPosts(&c, 0, true, false, true)
+		co.Posts, err = app.db.GetPosts(app.cfg, &c, 0, true, false, true)
 		if err != nil {
 			log.Error("unable to get collection posts: %v", err)
 		}
diff --git a/feed.go b/feed.go
index dd82c33..32feb82 100644
--- a/feed.go
+++ b/feed.go
@@ -55,9 +55,9 @@ func ViewFeed(app *App, w http.ResponseWriter, req *http.Request) error {
 
 	tag := mux.Vars(req)["tag"]
 	if tag != "" {
-		coll.Posts, _ = app.db.GetPostsTagged(c, tag, 1, false)
+		coll.Posts, _ = app.db.GetPostsTagged(app.cfg, c, tag, 1, false)
 	} else {
-		coll.Posts, _ = app.db.GetPosts(c, 1, false, true, false)
+		coll.Posts, _ = app.db.GetPosts(app.cfg, c, 1, false, true, false)
 	}
 
 	author := ""
@@ -94,7 +94,7 @@ func ViewFeed(app *App, w http.ResponseWriter, req *http.Request) error {
 			Title:       title,
 			Link:        &Link{Href: permalink},
 			Description: "<![CDATA[" + stripmd.Strip(p.Content) + "]]>",
-			Content:     applyMarkdown([]byte(p.Content), ""),
+			Content:     applyMarkdown([]byte(p.Content), "", app.cfg),
 			Author:      &Author{author, ""},
 			Created:     p.Created,
 			Updated:     p.Updated,
diff --git a/postrender.go b/postrender.go
index af715be..193b979 100644
--- a/postrender.go
+++ b/postrender.go
@@ -16,6 +16,7 @@ import (
 	stripmd "github.com/writeas/go-strip-markdown"
 	"github.com/writeas/saturday"
 	"github.com/writeas/web-core/stringmanip"
+	"github.com/writeas/writefreely/config"
 	"github.com/writeas/writefreely/parse"
 	"html"
 	"html/template"
@@ -34,27 +35,27 @@ var (
 	markeddownReg   = regexp.MustCompile("<p>(.+)</p>")
 )
 
-func (p *Post) formatContent(c *Collection, isOwner bool) {
+func (p *Post) formatContent(cfg *config.Config, c *Collection, isOwner bool) {
 	baseURL := c.CanonicalURL()
 	if !isSingleUser {
 		baseURL = "/" + c.Alias + "/"
 	}
 	p.HTMLTitle = template.HTML(applyBasicMarkdown([]byte(p.Title.String)))
-	p.HTMLContent = template.HTML(applyMarkdown([]byte(p.Content), baseURL))
+	p.HTMLContent = template.HTML(applyMarkdown([]byte(p.Content), baseURL, cfg))
 	if exc := strings.Index(string(p.Content), "<!--more-->"); exc > -1 {
-		p.HTMLExcerpt = template.HTML(applyMarkdown([]byte(p.Content[:exc]), baseURL))
+		p.HTMLExcerpt = template.HTML(applyMarkdown([]byte(p.Content[:exc]), baseURL, cfg))
 	}
 }
 
-func (p *PublicPost) formatContent(isOwner bool) {
-	p.Post.formatContent(&p.Collection.Collection, isOwner)
+func (p *PublicPost) formatContent(cfg *config.Config, isOwner bool) {
+	p.Post.formatContent(cfg, &p.Collection.Collection, isOwner)
 }
 
-func applyMarkdown(data []byte, baseURL string) string {
-	return applyMarkdownSpecial(data, false, baseURL)
+func applyMarkdown(data []byte, baseURL string, cfg *config.Config) string {
+	return applyMarkdownSpecial(data, false, baseURL, cfg)
 }
 
-func applyMarkdownSpecial(data []byte, skipNoFollow bool, baseURL string) string {
+func applyMarkdownSpecial(data []byte, skipNoFollow bool, baseURL string, cfg *config.Config) string {
 	mdExtensions := 0 |
 		blackfriday.EXTENSION_TABLES |
 		blackfriday.EXTENSION_FENCED_CODE |
@@ -74,7 +75,11 @@ func applyMarkdownSpecial(data []byte, skipNoFollow bool, baseURL string) string
 	md := blackfriday.Markdown([]byte(data), blackfriday.HtmlRenderer(htmlFlags, "", ""), mdExtensions)
 	if baseURL != "" {
 		// Replace special text generated by Markdown parser
-		md = []byte(hashtagReg.ReplaceAll(md, []byte("<a href=\""+baseURL+"tag:$1\" class=\"hashtag\"><span>#</span><span class=\"p-category\">$1</span></a>")))
+		tagPrefix := baseURL + "tag:"
+		if cfg.App.Chorus {
+			tagPrefix = "/read/t/"
+		}
+		md = []byte(hashtagReg.ReplaceAll(md, []byte("<a href=\""+tagPrefix+"$1\" class=\"hashtag\"><span>#</span><span class=\"p-category\">$1</span></a>")))
 	}
 	// Strip out bad HTML
 	policy := getSanitizationPolicy()
diff --git a/posts.go b/posts.go
index b1ce20f..5a5c100 100644
--- a/posts.go
+++ b/posts.go
@@ -35,6 +35,7 @@ import (
 	"github.com/writeas/web-core/i18n"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/web-core/tags"
+	"github.com/writeas/writefreely/config"
 	"github.com/writeas/writefreely/page"
 	"github.com/writeas/writefreely/parse"
 )
@@ -376,7 +377,7 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 			Direction:   d,
 		}
 		if !isRaw {
-			post.HTMLContent = template.HTML(applyMarkdown([]byte(content), ""))
+			post.HTMLContent = template.HTML(applyMarkdown([]byte(content), "", app.cfg))
 		}
 	}
 
@@ -1032,7 +1033,7 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 
 		p.Collection = &CollectionObj{Collection: *coll}
-		po := p.ActivityObject()
+		po := p.ActivityObject(app.cfg)
 		po.Context = []interface{}{activitystreams.Namespace}
 		return impart.RenderActivityJSON(w, po, http.StatusOK)
 	}
@@ -1067,7 +1068,7 @@ func (p *PublicPost) CanonicalURL() string {
 	return p.Collection.CanonicalURL() + p.Slug.String
 }
 
-func (p *PublicPost) ActivityObject() *activitystreams.Object {
+func (p *PublicPost) ActivityObject(cfg *config.Config) *activitystreams.Object {
 	o := activitystreams.NewArticleObject()
 	o.ID = p.Collection.FederatedAPIBase() + "api/posts/" + p.ID
 	o.Published = p.Created
@@ -1078,7 +1079,7 @@ func (p *PublicPost) ActivityObject() *activitystreams.Object {
 	}
 	o.Name = p.DisplayTitle()
 	if p.HTMLContent == template.HTML("") {
-		p.formatContent(false)
+		p.formatContent(cfg, false)
 	}
 	o.Content = string(p.HTMLContent)
 	if p.Language.Valid {
@@ -1093,7 +1094,11 @@ func (p *PublicPost) ActivityObject() *activitystreams.Object {
 		if isSingleUser {
 			tagBaseURL = p.Collection.CanonicalURL() + "tag:"
 		} else {
-			tagBaseURL = fmt.Sprintf("%s/%s/tag:", p.Collection.hostName, p.Collection.Alias)
+			if cfg.App.Chorus {
+				tagBaseURL = fmt.Sprintf("%s/read/t/", p.Collection.hostName)
+			} else {
+				tagBaseURL = fmt.Sprintf("%s/%s/tag:", p.Collection.hostName, p.Collection.Alias)
+			}
 		}
 		for _, t := range p.Tags {
 			o.Tag = append(o.Tag, activitystreams.Tag{
@@ -1330,14 +1335,14 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
 		fmt.Fprint(w, p.Content)
 	} else if strings.Contains(r.Header.Get("Accept"), "application/activity+json") {
 		p.extractData()
-		ap := p.ActivityObject()
+		ap := p.ActivityObject(app.cfg)
 		ap.Context = []interface{}{activitystreams.Namespace}
 		return impart.RenderActivityJSON(w, ap, http.StatusOK)
 	} else {
 		p.extractData()
 		p.Content = strings.Replace(p.Content, "<!--more-->", "", 1)
 		// TODO: move this to function
-		p.formatContent(cr.isCollOwner)
+		p.formatContent(app.cfg, cr.isCollOwner)
 		tp := struct {
 			*PublicPost
 			page.StaticPage
diff --git a/read.go b/read.go
index fa350fa..3efb89d 100644
--- a/read.go
+++ b/read.go
@@ -100,7 +100,7 @@ func (app *App) FetchPublicPosts() (interface{}, error) {
 		}
 
 		p.extractData()
-		p.HTMLContent = template.HTML(applyMarkdown([]byte(p.Content), ""))
+		p.HTMLContent = template.HTML(applyMarkdown([]byte(p.Content), "", app.cfg))
 		fp := p.processPost()
 		if isCollectionPost {
 			fp.Collection = &CollectionObj{Collection: *c}
@@ -295,7 +295,7 @@ func viewLocalTimelineFeed(app *App, w http.ResponseWriter, req *http.Request) e
 			Title:       title,
 			Link:        &Link{Href: permalink},
 			Description: "<![CDATA[" + stripmd.Strip(p.Content) + "]]>",
-			Content:     applyMarkdown([]byte(p.Content), ""),
+			Content:     applyMarkdown([]byte(p.Content), "", app.cfg),
 			Author:      &Author{author, ""},
 			Created:     p.Created,
 			Updated:     p.Updated,
diff --git a/sitemap.go b/sitemap.go
index 4dfd953..00e148f 100644
--- a/sitemap.go
+++ b/sitemap.go
@@ -66,7 +66,7 @@ func handleViewSitemap(app *App, w http.ResponseWriter, r *http.Request) error {
 	host = c.CanonicalURL()
 
 	sm := buildSitemap(host, pre)
-	posts, err := app.db.GetPosts(c, 0, false, false, false)
+	posts, err := app.db.GetPosts(app.cfg, c, 0, false, false, false)
 	if err != nil {
 		log.Error("Error getting posts: %v", err)
 		return err

From cb28c95689bcb7fac919d32f50be120269031e7b Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 5 Aug 2019 10:24:55 -0400
Subject: [PATCH 09/90] Send new user to pad with SimpleNav

Previously, they would've been dropped onto the Blogs page.

Ref T680
---
 unregisteredusers.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/unregisteredusers.go b/unregisteredusers.go
index 91daba5..550c83b 100644
--- a/unregisteredusers.go
+++ b/unregisteredusers.go
@@ -47,6 +47,9 @@ func handleWebSignup(app *App, w http.ResponseWriter, r *http.Request) error {
 	ur.Normalize = true
 
 	to := "/"
+	if app.cfg.App.SimpleNav {
+		to = "/new"
+	}
 	if ur.InviteCode != "" {
 		to = "/invite/" + ur.InviteCode
 	}

From 7b42efb9d93dc53a9c893aea1a4911d1f2881a53 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 9 Aug 2019 11:16:38 -0400
Subject: [PATCH 10/90] Enable customizing Reader page

This makes it possible to edit the title and introductory text at the
top of the Reader view.

Ref T684
---
 admin.go                            |  7 ++++++-
 pages.go                            | 27 +++++++++++++++++++++++++++
 read.go                             | 12 +++++++++++-
 templates/read.tmpl                 |  4 ++--
 templates/user/admin/pages.tmpl     |  3 +++
 templates/user/admin/view-page.tmpl |  4 +++-
 6 files changed, 52 insertions(+), 5 deletions(-)

diff --git a/admin.go b/admin.go
index fe19ad5..4269bcc 100644
--- a/admin.go
+++ b/admin.go
@@ -319,6 +319,8 @@ func handleViewAdminPage(app *App, u *User, w http.ResponseWriter, r *http.Reque
 		}
 		p.Content, err = getLandingBody(app)
 		p.Content.ID = "landing"
+	} else if slug == "reader" {
+		p.Content, err = getReaderSection(app)
 	} else {
 		p.Content, err = app.db.GetDynamicContent(slug)
 	}
@@ -342,7 +344,7 @@ func handleAdminUpdateSite(app *App, u *User, w http.ResponseWriter, r *http.Req
 	id := vars["page"]
 
 	// Validate
-	if id != "about" && id != "privacy" && id != "landing" {
+	if id != "about" && id != "privacy" && id != "landing" && id != "reader" {
 		return impart.HTTPError{http.StatusNotFound, "No such page."}
 	}
 
@@ -356,6 +358,9 @@ func handleAdminUpdateSite(app *App, u *User, w http.ResponseWriter, r *http.Req
 			return impart.HTTPError{http.StatusFound, "/admin/page/" + id + m}
 		}
 		err = app.db.UpdateDynamicContent("landing-body", "", r.FormValue("content"), "section")
+	} else if id == "reader" {
+		// Update sections with titles
+		err = app.db.UpdateDynamicContent(id, r.FormValue("title"), r.FormValue("content"), "section")
 	} else {
 		// Update page
 		err = app.db.UpdateDynamicContent(id, r.FormValue("title"), r.FormValue("content"), "page")
diff --git a/pages.go b/pages.go
index 405b34f..d8f034b 100644
--- a/pages.go
+++ b/pages.go
@@ -135,3 +135,30 @@ WriteFreely can communicate with other federated platforms like Mastodon, so peo
 	}
 	return ""
 }
+
+func getReaderSection(app *App) (*instanceContent, error) {
+	c, err := app.db.GetDynamicContent("reader")
+	if err != nil {
+		return nil, err
+	}
+	if c == nil {
+		c = &instanceContent{
+			ID:      "reader",
+			Type:    "section",
+			Content: defaultReaderBanner(app.cfg),
+			Updated: defaultPageUpdatedTime,
+		}
+	}
+	if !c.Title.Valid {
+		c.Title = defaultReaderTitle(app.cfg)
+	}
+	return c, nil
+}
+
+func defaultReaderTitle(cfg *config.Config) sql.NullString {
+	return sql.NullString{String: "Reader", Valid: true}
+}
+
+func defaultReaderBanner(cfg *config.Config) string {
+	return "Read the latest posts from " + cfg.App.SiteName + "."
+}
diff --git a/read.go b/read.go
index 3efb89d..ec0305a 100644
--- a/read.go
+++ b/read.go
@@ -50,6 +50,10 @@ type readPublication struct {
 	SelTopic    string
 	IsAdmin     bool
 	CanInvite   bool
+
+	// Customizable page content
+	ContentTitle string
+	Content      template.HTML
 }
 
 func initLocalTimeline(app *App) {
@@ -211,8 +215,14 @@ func showLocalTimeline(app *App, w http.ResponseWriter, r *http.Request, page in
 		d.IsAdmin = u != nil && u.IsAdmin()
 		d.CanInvite = canUserInvite(app.cfg, d.IsAdmin)
 	}
+	c, err := getReaderSection(app)
+	if err != nil {
+		return err
+	}
+	d.ContentTitle = c.Title.String
+	d.Content = template.HTML(applyMarkdown([]byte(c.Content), "", app.cfg))
 
-	err := templates["read"].ExecuteTemplate(w, "base", d)
+	err = templates["read"].ExecuteTemplate(w, "base", d)
 	if err != nil {
 		log.Error("Unable to render reader: %v", err)
 		fmt.Fprintf(w, ":(")
diff --git a/templates/read.tmpl b/templates/read.tmpl
index 28d2fd1..9541ab5 100644
--- a/templates/read.tmpl
+++ b/templates/read.tmpl
@@ -80,8 +80,8 @@
 {{define "body-attrs"}}id="collection"{{end}}
 {{define "content"}}
 	<div class="content-container snug" style="max-width: 40rem;">
-		<h1 style="text-align:center">Reader</h1>
-		<p{{if .SelTopic}} style="text-align:center"{{end}}>{{if .SelTopic}}#{{.SelTopic}} posts{{else}}Read the latest posts from {{.SiteName}}. {{if .Username}}To showcase your writing here, go to your <a href="/me/c/">blog</a> settings and select the <em>Public</em> option.{{end}}{{end}}</p>
+		<h1>{{.ContentTitle}}</h1>
+		<p{{if .SelTopic}} style="text-align:center"{{end}}>{{if .SelTopic}}#{{.SelTopic}} posts{{else}}{{.Content}}{{end}}</p>
 	</div>
 		<div id="wrapper">
 		{{ if gt (len .Posts) 0 }}
diff --git a/templates/user/admin/pages.tmpl b/templates/user/admin/pages.tmpl
index 25f7984..7a9e66a 100644
--- a/templates/user/admin/pages.tmpl
+++ b/templates/user/admin/pages.tmpl
@@ -20,6 +20,9 @@ table.classy.export .disabled, table.classy.export a {
 		<tr>
 			<td colspan="2"><a href="/admin/page/landing">Home</a></td>
 		</tr>
+		{{if .LocalTimeline}}<tr>
+			<td colspan="2"><a href="/admin/page/reader">Reader</a></td>
+		</tr>{{end}}
 		{{range .Pages}}
 		<tr>
 			<td><a href="/admin/page/{{.ID}}">{{if .Title.Valid}}{{.Title.String}}{{else}}{{.ID}}{{end}}</a></td>
diff --git a/templates/user/admin/view-page.tmpl b/templates/user/admin/view-page.tmpl
index 6d98b9d..161e40b 100644
--- a/templates/user/admin/view-page.tmpl
+++ b/templates/user/admin/view-page.tmpl
@@ -31,6 +31,8 @@ input[type=text] {
 	<p class="page-desc content-desc">Describe what your instance is <a href="/about" target="page">about</a>.</p>
 	{{else if eq .Content.ID "privacy"}}
 	<p class="page-desc content-desc">Outline your <a href="/privacy" target="page">privacy policy</a>.</p>
+	{{else if eq .Content.ID "reader"}}
+	<p class="page-desc content-desc">Customize your <a href="/read" target="page">Reader</a> page.</p>
 	{{else if eq .Content.ID "landing"}}
 	<p class="page-desc content-desc">Customize your <a href="/?landing=1" target="page">home page</a>.</p>
 	{{end}}
@@ -38,7 +40,7 @@ input[type=text] {
 	{{if .Message}}<p>{{.Message}}</p>{{end}}
 
 	<form method="post" action="/admin/update/{{.Content.ID}}" onsubmit="savePage(this)">
-		{{if eq .Content.Type "section"}}
+		{{if .Banner}}
 		<label for="banner">
 			Banner
 		</label>

From 006b7a86eaec03de45c7c6e52d7f79577ba08353 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 9 Aug 2019 11:32:53 -0400
Subject: [PATCH 11/90] Show Reader on home route in chorus mode

Ref T681
---
 app.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/app.go b/app.go
index d8ec70f..002bd6e 100644
--- a/app.go
+++ b/app.go
@@ -185,26 +185,26 @@ func (app *App) ReqLog(r *http.Request, status int, timeSince time.Duration) str
 	return fmt.Sprintf("\"%s %s\" %d %s \"%s\"", r.Method, r.RequestURI, status, timeSince, r.UserAgent())
 }
 
-// handleViewHome shows page at root path. Will be the Pad if logged in and the
-// catch-all landing page otherwise.
+// handleViewHome shows page at root path. It checks the configuration and
+// authentication state to show the correct page.
 func handleViewHome(app *App, w http.ResponseWriter, r *http.Request) error {
 	if app.cfg.App.SingleUser {
 		// Render blog index
 		return handleViewCollection(app, w, r)
 	}
 
+	if app.cfg.App.Chorus {
+		// This instance is focused on reading, so show Reader on home route
+		return viewLocalTimeline(app, w, r)
+	}
+
 	// Multi-user instance
 	forceLanding := r.FormValue("landing") == "1"
 	if !forceLanding {
 		// Show correct page based on user auth status and configured landing path
 		u := getUserSession(app, r)
 		if u != nil {
-			// User is logged in, so show the Pad or Blogs page, depending on config
-			if app.cfg.App.SimpleNav {
-				// Simple nav, so home page is Blogs page
-				return viewCollections(app, u, w, r)
-			}
-			// Default config, so home page is editor
+			// User is logged in, so show the Pad
 			return handleViewPad(app, w, r)
 		}
 

From f821dbaac49b6a08989c8034160171ab7ff57d7c Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 9 Aug 2019 12:00:46 -0400
Subject: [PATCH 12/90] Support dedicated signup page in chorus mode

This adds a Sign Up link to site navigation and shows the
otherwise-landing page on /signup when in chorus mode.

Ref T681
---
 app.go                             | 6 ++++++
 routes.go                          | 1 +
 templates/base.tmpl                | 1 +
 templates/user/include/header.tmpl | 1 +
 4 files changed, 9 insertions(+)

diff --git a/app.go b/app.go
index 002bd6e..8b630df 100644
--- a/app.go
+++ b/app.go
@@ -213,6 +213,12 @@ func handleViewHome(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
+	return handleViewLanding(app, w, r)
+}
+
+func handleViewLanding(app *App, w http.ResponseWriter, r *http.Request) error {
+	forceLanding := r.FormValue("landing") == "1"
+
 	p := struct {
 		page.StaticPage
 		Flashes []template.HTML
diff --git a/routes.go b/routes.go
index 724c532..777492b 100644
--- a/routes.go
+++ b/routes.go
@@ -150,6 +150,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 
 	// Handle special pages first
 	write.HandleFunc("/login", handler.Web(viewLogin, UserLevelNoneRequired))
+	write.HandleFunc("/signup", handler.Web(handleViewLanding, UserLevelNoneRequired))
 	write.HandleFunc("/invite/{code}", handler.Web(handleViewInvite, UserLevelNoneRequired)).Methods("GET")
 	// TODO: show a reader-specific 404 page if the function is disabled
 	write.HandleFunc("/read", handler.Web(viewLocalTimeline, UserLevelReader))
diff --git a/templates/base.tmpl b/templates/base.tmpl
index 41b0f2a..34fcf22 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -38,6 +38,7 @@
 				<nav class="tabs">
 					<a href="/about"{{if eq .Path "/about"}} class="selected"{{end}}>About</a>
 					{{if and (and (not .SingleUser) .LocalTimeline) .CanViewReader}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
+					{{if and (and (and (not .SingleUser) .Chorus) .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if and (not .SingleUser) (not .Username)}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
 				</nav>
 				{{if .SimpleNav}}{{if .Username}}<div class="right-side" style="font-size: 0.86em;">
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 1ebc6ac..2b522a8 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -47,6 +47,7 @@
 				{{if .SimpleNav}}
 					<a href="/about">About</a>
 					{{if and (and (not .SingleUser) .LocalTimeline) .CanViewReader}}<a href="/read">Reader</a>{{end}}
+					{{if and (and (and (not .SingleUser) .Chorus) .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if .Username}}<a href="/me/logout">Log out</a>{{else}}<a href="/login">Log in</a>{{end}}
 				{{else}}
 					<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>

From 603839fda720c3b0802cf78b8ddc6f6e726a2a59 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 9 Aug 2019 12:04:55 -0400
Subject: [PATCH 13/90] Add link to Posts in user backend pages when chorus

This provides easy navigation to the logged in user's posts, since
there's no direct link to their blog otherwise.

Ref T681
---
 templates/base.tmpl                | 1 +
 templates/user/include/header.tmpl | 1 +
 2 files changed, 2 insertions(+)

diff --git a/templates/base.tmpl b/templates/base.tmpl
index 34fcf22..4aa302c 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -36,6 +36,7 @@
 				</nav>
 				{{end}}
 				<nav class="tabs">
+					{{if and (and (not .SingleUser) .Chorus) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>Posts</a>{{end}}
 					<a href="/about"{{if eq .Path "/about"}} class="selected"{{end}}>About</a>
 					{{if and (and (not .SingleUser) .LocalTimeline) .CanViewReader}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
 					{{if and (and (and (not .SingleUser) .Chorus) .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 2b522a8..3557d2d 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -45,6 +45,7 @@
 			{{end}}
 			<nav class="tabs">
 				{{if .SimpleNav}}
+					{{if and (and (not .SingleUser) .Chorus) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>Posts</a>{{end}}
 					<a href="/about">About</a>
 					{{if and (and (not .SingleUser) .LocalTimeline) .CanViewReader}}<a href="/read">Reader</a>{{end}}
 					{{if and (and (and (not .SingleUser) .Chorus) .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}

From da423fa1bc95b6707ae9922a9efcb0e6afcacbe1 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 9 Aug 2019 13:45:19 -0400
Subject: [PATCH 14/90] Move Reader to Home link in nav when chorus

Also, refactor navigation bar template logic to be simpler and easier to
understand.

Ref T681
---
 templates/base.tmpl                | 14 ++++++++++----
 templates/user/include/header.tmpl | 12 +++++++++---
 2 files changed, 19 insertions(+), 7 deletions(-)

diff --git a/templates/base.tmpl b/templates/base.tmpl
index 4aa302c..958e24e 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -36,11 +36,17 @@
 				</nav>
 				{{end}}
 				<nav class="tabs">
-					{{if and (and (not .SingleUser) .Chorus) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>Posts</a>{{end}}
+					{{ if and .SimpleNav (not .SingleUser) }}
+					{{if and (and .LocalTimeline .CanViewReader) .Chorus}}<a href="/"{{if eq .Path "/"}} class="selected"{{end}}>Home</a>{{end}}
+					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
+					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>Posts</a>{{end}}
+					{{ end }}
 					<a href="/about"{{if eq .Path "/about"}} class="selected"{{end}}>About</a>
-					{{if and (and (not .SingleUser) .LocalTimeline) .CanViewReader}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
-					{{if and (and (and (not .SingleUser) .Chorus) .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
-					{{if and (not .SingleUser) (not .Username)}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
+					{{ if not .SingleUser }}
+					{{if and (and  .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
+					{{if and (and  .Chorus .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
+					{{if not .Username}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
+					{{ end }}
 				</nav>
 				{{if .SimpleNav}}{{if .Username}}<div class="right-side" style="font-size: 0.86em;">
 							<a class="simple-btn" href="/new">New Post</a>
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 3557d2d..5b77bb2 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -45,11 +45,17 @@
 			{{end}}
 			<nav class="tabs">
 				{{if .SimpleNav}}
-					{{if and (and (not .SingleUser) .Chorus) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>Posts</a>{{end}}
+					{{ if not .SingleUser }}
+					{{if and (and .LocalTimeline .CanViewReader) .Chorus}}<a href="/"{{if eq .Path "/"}} class="selected"{{end}}>Home</a>{{end}}
+					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
+					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>Posts</a>{{end}}
+					{{ end }}
 					<a href="/about">About</a>
-					{{if and (and (not .SingleUser) .LocalTimeline) .CanViewReader}}<a href="/read">Reader</a>{{end}}
-					{{if and (and (and (not .SingleUser) .Chorus) .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
+					{{ if not .SingleUser }}
+					{{if and (and .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read">Reader</a>{{end}}
+					{{if and (and .Chorus .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if .Username}}<a href="/me/logout">Log out</a>{{else}}<a href="/login">Log in</a>{{end}}
+					{{ end }}
 				{{else}}
 					<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>
 					<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>

From 9dc15f569c9f50c3f4a2d8fea76d64ea0d7145b7 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 9 Aug 2019 13:52:07 -0400
Subject: [PATCH 15/90] Move About nav link next to Home

Ref T681
---
 templates/base.tmpl                | 4 ++--
 templates/user/include/header.tmpl | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/base.tmpl b/templates/base.tmpl
index 958e24e..dac1692 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -38,11 +38,11 @@
 				<nav class="tabs">
 					{{ if and .SimpleNav (not .SingleUser) }}
 					{{if and (and .LocalTimeline .CanViewReader) .Chorus}}<a href="/"{{if eq .Path "/"}} class="selected"{{end}}>Home</a>{{end}}
-					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
-					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>Posts</a>{{end}}
 					{{ end }}
 					<a href="/about"{{if eq .Path "/about"}} class="selected"{{end}}>About</a>
 					{{ if not .SingleUser }}
+					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
+					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>My Posts</a>{{end}}
 					{{if and (and  .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
 					{{if and (and  .Chorus .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if not .Username}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 5b77bb2..07808b0 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -47,11 +47,11 @@
 				{{if .SimpleNav}}
 					{{ if not .SingleUser }}
 					{{if and (and .LocalTimeline .CanViewReader) .Chorus}}<a href="/"{{if eq .Path "/"}} class="selected"{{end}}>Home</a>{{end}}
-					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
-					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>Posts</a>{{end}}
 					{{ end }}
 					<a href="/about">About</a>
 					{{ if not .SingleUser }}
+					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
+					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>My Posts</a>{{end}}
 					{{if and (and .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read">Reader</a>{{end}}
 					{{if and (and .Chorus .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if .Username}}<a href="/me/logout">Log out</a>{{else}}<a href="/login">Log in</a>{{end}}

From df56060f994735b78c38535997d735d9b6d446cb Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 9 Aug 2019 13:53:41 -0400
Subject: [PATCH 16/90] Add DisableDrafts option and adjust nav

This shows Drafts in the SimpleNav menu, when both enabled. It also
hides Drafts in the non-SimpleNav menu when disabled.

Ref T679
---
 config/config.go                   | 5 ++++-
 templates/base.tmpl                | 1 +
 templates/user/include/header.tmpl | 3 ++-
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/config/config.go b/config/config.go
index ae6af04..84bae86 100644
--- a/config/config.go
+++ b/config/config.go
@@ -70,7 +70,10 @@ type (
 		Landing    string `ini:"landing"`
 		SimpleNav  bool   `ini:"simple_nav"`
 		WFModesty  bool   `ini:"wf_modesty"`
-		Chorus     bool   `ini:"chorus"`
+
+		// Site functionality
+		Chorus        bool `ini:"chorus"`
+		DisableDrafts bool `ini:"disable_drafts"`
 
 		// Users
 		SingleUser       bool `ini:"single_user"`
diff --git a/templates/base.tmpl b/templates/base.tmpl
index dac1692..920a36a 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -43,6 +43,7 @@
 					{{ if not .SingleUser }}
 					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
 					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>My Posts</a>{{end}}
+					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
 					{{if and (and  .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
 					{{if and (and  .Chorus .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if not .Username}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 07808b0..8322193 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -52,13 +52,14 @@
 					{{ if not .SingleUser }}
 					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
 					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>My Posts</a>{{end}}
+					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
 					{{if and (and .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read">Reader</a>{{end}}
 					{{if and (and .Chorus .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if .Username}}<a href="/me/logout">Log out</a>{{else}}<a href="/login">Log in</a>{{end}}
 					{{ end }}
 				{{else}}
 					<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>
-					<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>
+					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
 				{{end}}
 			</nav>
 		</nav>

From fda2929aed7c14020ae3bbc146afca12b0c0342a Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 9 Aug 2019 13:59:55 -0400
Subject: [PATCH 17/90] Show New Post button when Chorus, not SimpleNav

Ref T681
---
 templates/base.tmpl                | 4 ++--
 templates/user/include/header.tmpl | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/base.tmpl b/templates/base.tmpl
index 920a36a..678ada8 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -13,7 +13,7 @@
 	<body {{template "body-attrs" .}}>
 		<div id="overlay"></div>
 		<header>
-			{{ if .SimpleNav }}<nav id="full-nav">
+			{{ if .Chorus }}<nav id="full-nav">
 				<div class="left-side">
 					<h2><a href="/">{{.SiteName}}</a></h2>
 				</div>
@@ -49,7 +49,7 @@
 					{{if not .Username}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
 					{{ end }}
 				</nav>
-				{{if .SimpleNav}}{{if .Username}}<div class="right-side" style="font-size: 0.86em;">
+				{{if .Chorus}}{{if .Username}}<div class="right-side" style="font-size: 0.86em;">
 							<a class="simple-btn" href="/new">New Post</a>
 						</div>{{end}}
 					</nav>
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 8322193..5923c83 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -22,7 +22,7 @@
 			</nav>
 		</nav>
 		{{else}}
-		{{ if .SimpleNav }}<nav id="full-nav">
+		{{ if .Chorus }}<nav id="full-nav">
 			<div class="left-side">
 				<h1><a href="/" title="Return to editor">{{.SiteName}}</a></h1>
 			</div>
@@ -63,7 +63,7 @@
 				{{end}}
 			</nav>
 		</nav>
-		{{if .SimpleNav}}{{if .Username}}<div class="right-side">
+		{{if .Chorus}}{{if .Username}}<div class="right-side">
 					<a class="simple-btn" href="/new">New Post</a>
 				</div>{{end}}
 			</nav>

From 130116092113e17f76fdec327c2e7f3fa3bface0 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 9 Aug 2019 11:15:36 -0700
Subject: [PATCH 18/90] fix tar bombs

this changes the release targets in the Makefile to use a subdirectory
of the format BINARYNAME_GITREV so extracting the archive results in a
single directory.
---
 Makefile | 48 +++++++++++++++++++++++++-----------------------
 1 file changed, 25 insertions(+), 23 deletions(-)

diff --git a/Makefile b/Makefile
index c88ac79..66fb4c5 100644
--- a/Makefile
+++ b/Makefile
@@ -7,6 +7,7 @@ GOBUILD=$(GOCMD) build $(LDFLAGS)
 GOTEST=$(GOCMD) test $(LDFLAGS)
 GOGET=$(GOCMD) get
 BINARY_NAME=writefreely
+TAR_NAME=$(BINARY_NAME)_$(GITREV)
 DOCKERCMD=docker
 IMAGE_NAME=writeas/writefreely
 TMPBIN=./tmp
@@ -69,39 +70,40 @@ install : build
 	cd less/; $(MAKE) install $(MFLAGS)
 
 release : clean ui assets
-	mkdir build
-	cp -r templates build
-	cp -r pages build
-	cp -r static build
-	mkdir build/keys
+	mkdir -p build/$(TAR_NAME)
+	cp -r templates build/$(TAR_NAME)
+	cp -r pages build/$(TAR_NAME)
+	cp -r static build/$(TAR_NAME)
+	mkdir build/$(TAR_NAME)/keys
 	$(MAKE) build-linux
-	mv build/$(BINARY_NAME)-linux-amd64 build/$(BINARY_NAME)
-	cd build; tar -cvzf ../$(BINARY_NAME)_$(GITREV)_linux_amd64.tar.gz *
-	rm build/$(BINARY_NAME)
+	mv build/$(BINARY_NAME)-linux-amd64 build/$(TAR_NAME)/$(BINARY_NAME)
+	tar -cvzf $(TAR_NAME)_linux_amd64.tar.gz -C build $(TAR_NAME)
+	rm build/$(TAR_NAME)/$(BINARY_NAME)
 	$(MAKE) build-arm7
-	mv build/$(BINARY_NAME)-linux-arm-7 build/$(BINARY_NAME)
-	cd build; tar -cvzf ../$(BINARY_NAME)_$(GITREV)_linux_arm7.tar.gz *
-	rm build/$(BINARY_NAME)
+	mv build/$(BINARY_NAME)-linux-arm-7 build/$(TAR_NAME)/$(BINARY_NAME)
+	tar -cvzf $(TAR_NAME)_linux_arm7.tar.gz -C build $(TAR_NAME)
+	rm build/$(TAR_NAME)/$(BINARY_NAME)
 	$(MAKE) build-darwin
-	mv build/$(BINARY_NAME)-darwin-10.6-amd64 build/$(BINARY_NAME)
-	cd build; tar -cvzf ../$(BINARY_NAME)_$(GITREV)_macos_amd64.tar.gz *
-	rm build/$(BINARY_NAME)
+	mv build/$(BINARY_NAME)-darwin-10.6-amd64 build/$(TAR_NAME)/$(BINARY_NAME)
+	tar -cvzf $(TAR_NAME)_macos_amd64.tar.gz -C build $(TAR_NAME)
+	rm build/$(TAR_NAME)/$(BINARY_NAME)
 	$(MAKE) build-windows
-	mv build/$(BINARY_NAME)-windows-4.0-amd64.exe build/$(BINARY_NAME).exe
-	cd build; zip -r ../$(BINARY_NAME)_$(GITREV)_windows_amd64.zip ./*
+	mv build/$(BINARY_NAME)-windows-4.0-amd64.exe build/$(TAR_NAME)/$(BINARY_NAME).exe
+	cd build; zip -r ../$(TAR_NAME)_windows_amd64.zip ./$(TAR_NAME)
+	rm build/$(TAR_NAME)/$(BINARY_NAME)
 	$(MAKE) build-docker
 	$(MAKE) release-docker
 
 # This assumes you're on linux/amd64
 release-linux : clean ui
-	mkdir build
-	cp -r templates build
-	cp -r pages build
-	cp -r static build
-	mkdir build/keys
+	mkdir -p build/$(TAR_NAME)
+	cp -r templates build/$(TAR_NAME)
+	cp -r pages build/$(TAR_NAME)
+	cp -r static build/$(TAR_NAME)
+	mkdir build/$(TAR_NAME)/keys
 	$(MAKE) build-no-sqlite
-	mv cmd/writefreely/$(BINARY_NAME) build/$(BINARY_NAME)
-	cd build; tar -cvzf ../$(BINARY_NAME)_$(GITREV)_linux_amd64.tar.gz *
+	mv cmd/writefreely/$(BINARY_NAME) build/$(TAR_NAME)/$(BINARY_NAME)
+	tar -cvzf $(TAR_NAME)_linux_amd64.tar.gz -C build $(TAR_NAME)
 
 release-docker :
 	$(DOCKERCMD) push $(IMAGE_NAME)

From 3c104cb3aa3c1164e0337ea11cc7c41dbd5643e8 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 9 Aug 2019 11:31:42 -0700
Subject: [PATCH 19/90] check for lessc executable in any location

previously the checks were explicit locations which does not work when
using something like nvm to manage node packages and versions.

this checks for the executable and sets the script variable LESSC to the
full path of the one found.
if none was found the make command will error.
---
 less/Makefile | 13 ++++---------
 1 file changed, 4 insertions(+), 9 deletions(-)

diff --git a/less/Makefile b/less/Makefile
index e81258a..5e51b4d 100644
--- a/less/Makefile
+++ b/less/Makefile
@@ -1,13 +1,8 @@
-ifeq ($(shell which lessc),/usr/bin/lessc)
-	LESSC=/usr/bin/lessc
-else ifeq ($(shell which lessc),/usr/local/bin/lessc)
-	LESSC=/usr/local/bin/lessc
-else ifeq ($(shell which lessc),/bin/lessc)
-	LESSC=/bin/lessc
-else
-	LESSC=node_modules/.bin/lessc
+LESSC := $(shell command -v lessc 2> /dev/null)
+
+ifndef LESSC
+	$(error "less is not installed, please run install-less.sh")
 endif
-export LESSC
 
 CSSDIR=../static/css/
 

From d8405680b4e1720a020b86a94a4684700d0c2e9c Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 9 Aug 2019 14:57:09 -0400
Subject: [PATCH 20/90] Respect `private` setting with home page Reader

Ref T681
---
 app.go | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/app.go b/app.go
index 8b630df..1e24c75 100644
--- a/app.go
+++ b/app.go
@@ -193,16 +193,20 @@ func handleViewHome(app *App, w http.ResponseWriter, r *http.Request) error {
 		return handleViewCollection(app, w, r)
 	}
 
-	if app.cfg.App.Chorus {
-		// This instance is focused on reading, so show Reader on home route
-		return viewLocalTimeline(app, w, r)
-	}
-
 	// Multi-user instance
 	forceLanding := r.FormValue("landing") == "1"
 	if !forceLanding {
 		// Show correct page based on user auth status and configured landing path
 		u := getUserSession(app, r)
+
+		if app.cfg.App.Chorus {
+			// This instance is focused on reading, so show Reader on home route if not
+			// private or a private-instance user is logged in.
+			if !app.cfg.App.Private || u != nil {
+				return viewLocalTimeline(app, w, r)
+			}
+		}
+
 		if u != nil {
 			// User is logged in, so show the Pad
 			return handleViewPad(app, w, r)

From 047ad0323b12c702cef5ebcfde3af88fa0c3d610 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 9 Aug 2019 14:58:17 -0400
Subject: [PATCH 21/90] Don't show user pages in nav when unauth'd

Ref T681 T680
---
 templates/base.tmpl                | 2 ++
 templates/user/include/header.tmpl | 4 +++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/templates/base.tmpl b/templates/base.tmpl
index 678ada8..f8b66c8 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -41,9 +41,11 @@
 					{{ end }}
 					<a href="/about"{{if eq .Path "/about"}} class="selected"{{end}}>About</a>
 					{{ if not .SingleUser }}
+						{{ if .Username }}
 					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
 					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>My Posts</a>{{end}}
 					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
+						{{ end }}
 					{{if and (and  .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
 					{{if and (and  .Chorus .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if not .Username}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 5923c83..9d5bb54 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -50,9 +50,11 @@
 					{{ end }}
 					<a href="/about">About</a>
 					{{ if not .SingleUser }}
+						{{ if .Username }}
 					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
-					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>My Posts</a>{{end}}
+					{{if and .Chorus (eq .MaxBlogs 1)}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>My Posts</a>{{end}}
 					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
+						{{ end }}
 					{{if and (and .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read">Reader</a>{{end}}
 					{{if and (and .Chorus .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if .Username}}<a href="/me/logout">Log out</a>{{else}}<a href="/login">Log in</a>{{end}}

From 95a98234eb9dc3fe893515673543b7b759fb558f Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 9 Aug 2019 14:04:15 -0700
Subject: [PATCH 22/90] fix panic on duplicate remoteuser key

this changes handleFetchCollectionInbox to log _all_ errors after
attempting to insert an actor in the remoteusers table. previously
checking for all errors _except_ duplicate keys would cause a panic if
an actor made a request to follow while already having followed.
---
 activitypub.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index 997609d..d47a7ea 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -375,11 +375,11 @@ func handleFetchCollectionInbox(app *App, w http.ResponseWriter, r *http.Request
 				// Add follower locally, since it wasn't found before
 				res, err := t.Exec("INSERT INTO remoteusers (actor_id, inbox, shared_inbox) VALUES (?, ?, ?)", fullActor.ID, fullActor.Inbox, fullActor.Endpoints.SharedInbox)
 				if err != nil {
-					if !app.db.isDuplicateKeyErr(err) {
-						t.Rollback()
-						log.Error("Couldn't add new remoteuser in DB: %v\n", err)
-						return
-					}
+					// if duplicate key, res will be nil and panic on
+					// res.LastInsertId below
+					t.Rollback()
+					log.Error("Couldn't add new remoteuser in DB: %v\n", err)
+					return
 				}
 
 				followerID, err = res.LastInsertId()

From 7a53af355e57f0730891ac3782e17e35629f95b9 Mon Sep 17 00:00:00 2001
From: Daniel Watkins <daniel@daniel-watkins.co.uk>
Date: Sat, 10 Aug 2019 12:02:38 -0400
Subject: [PATCH 23/90] Emit the server software and version to the log on
 startup

---
 app.go                  | 7 ++++++-
 cmd/writefreely/main.go | 1 +
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/app.go b/app.go
index dec0ef2..c52f59d 100644
--- a/app.go
+++ b/app.go
@@ -486,9 +486,14 @@ func ConnectToDatabase(app *App) error {
 	return nil
 }
 
+// FormatVersion constructs the version string for the application
+func FormatVersion() string {
+	return serverSoftware + " " + softwareVer
+}
+
 // OutputVersion prints out the version of the application.
 func OutputVersion() {
-	fmt.Println(serverSoftware + " " + softwareVer)
+	fmt.Println(FormatVersion())
 }
 
 // NewApp creates a new app instance.
diff --git a/cmd/writefreely/main.go b/cmd/writefreely/main.go
index 10cd7d6..48993c7 100644
--- a/cmd/writefreely/main.go
+++ b/cmd/writefreely/main.go
@@ -113,6 +113,7 @@ func main() {
 
 	// Initialize the application
 	var err error
+	log.Info("Starting %s...", writefreely.FormatVersion())
 	app, err = writefreely.Initialize(app, *debugPtr)
 	if err != nil {
 		log.Error("%s", err)

From b373aad29874384d6d4d58f14019387d8ebc7758 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Mon, 12 Aug 2019 09:58:30 -0700
Subject: [PATCH 24/90] prevent future posts from showing in pins

this changes GetPinnedPosts to accept an includeFutre bool, which
returns future dated pinned posts when true.
---
 collections.go | 14 ++++++++++++--
 database.go    | 12 +++++++++---
 go.mod         |  2 +-
 posts.go       |  6 +++++-
 4 files changed, 27 insertions(+), 7 deletions(-)

diff --git a/collections.go b/collections.go
index aee74f7..7eb3741 100644
--- a/collections.go
+++ b/collections.go
@@ -769,6 +769,7 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 			displayPage.Collections = pubColls
 		}
 	}
+	isOwner := owner != nil
 	if owner == nil {
 		// Current user doesn't own collection; retrieve owner information
 		owner, err = app.db.GetUserByID(coll.OwnerID)
@@ -782,7 +783,11 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 
 	// Add more data
 	// TODO: fix this mess of collections inside collections
-	displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj)
+	if isOwner {
+		displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, true)
+	} else {
+		displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, false)
+	}
 
 	err = templates["collection"].ExecuteTemplate(w, "collection", displayPage)
 	if err != nil {
@@ -866,6 +871,7 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 			displayPage.Collections = pubColls
 		}
 	}
+	isOwner := owner != nil
 	if owner == nil {
 		// Current user doesn't own collection; retrieve owner information
 		owner, err = app.db.GetUserByID(coll.OwnerID)
@@ -878,7 +884,11 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 	coll.Owner = displayPage.Owner
 	// Add more data
 	// TODO: fix this mess of collections inside collections
-	displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj)
+	if isOwner {
+		displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, true)
+	} else {
+		displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, false)
+	}
 
 	err = templates["collection-tags"].ExecuteTemplate(w, "collection-tags", displayPage)
 	if err != nil {
diff --git a/database.go b/database.go
index 34c5234..d3ff338 100644
--- a/database.go
+++ b/database.go
@@ -94,7 +94,7 @@ type writestore interface {
 
 	UpdatePostPinState(pinned bool, postID string, collID, ownerID, pos int64) error
 	GetLastPinnedPostPos(collID int64) int64
-	GetPinnedPosts(coll *CollectionObj) (*[]PublicPost, error)
+	GetPinnedPosts(coll *CollectionObj, includeFuture bool) (*[]PublicPost, error)
 	RemoveCollectionRedirect(t *sql.Tx, alias string) error
 	GetCollectionRedirect(alias string) (new string)
 	IsCollectionAttributeOn(id int64, attr string) bool
@@ -1533,9 +1533,15 @@ func (db *datastore) GetLastPinnedPostPos(collID int64) int64 {
 	return lastPos.Int64
 }
 
-func (db *datastore) GetPinnedPosts(coll *CollectionObj) (*[]PublicPost, error) {
+func (db *datastore) GetPinnedPosts(coll *CollectionObj, includeFuture bool) (*[]PublicPost, error) {
 	// FIXME: sqlite-backed instances don't include ellipsis on truncated titles
-	rows, err := db.Query("SELECT id, slug, title, "+db.clip("content", 80)+", pinned_position FROM posts WHERE collection_id = ? AND pinned_position IS NOT NULL ORDER BY pinned_position ASC", coll.ID)
+	rows := &sql.Rows{}
+	var err error
+	if includeFuture {
+		rows, err = db.Query("SELECT id, slug, title, "+db.clip("content", 80)+", pinned_position FROM posts WHERE collection_id = ? AND pinned_position IS NOT NULL ORDER BY pinned_position ASC", coll.ID)
+	} else {
+		rows, err = db.Query("SELECT id, slug, title, "+db.clip("content", 80)+", pinned_position FROM posts WHERE collection_id = ? AND pinned_position IS NOT NULL AND created <= "+db.now()+" ORDER BY pinned_position ASC", coll.ID)
+	}
 	if err != nil {
 		log.Error("Failed selecting pinned posts: %v", err)
 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve pinned posts."}
diff --git a/go.mod b/go.mod
index cc5fc57..5e040ba 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
 	github.com/writeas/slug v1.2.0
 	github.com/writeas/web-core v1.0.0
 	github.com/writefreely/go-nodeinfo v1.2.0
-	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f // indirect
+	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f
 	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
 	golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 // indirect
 	golang.org/x/sys v0.0.0-20190209173611-3b5209105503 // indirect
diff --git a/posts.go b/posts.go
index 2f3606f..edef6fb 100644
--- a/posts.go
+++ b/posts.go
@@ -1380,7 +1380,11 @@ Are you sure it was ever here?`,
 			IsCustomDomain: cr.isCustomDomain,
 			IsFound:        postFound,
 		}
-		tp.PinnedPosts, _ = app.db.GetPinnedPosts(coll)
+		if p.IsOwner {
+			tp.PinnedPosts, _ = app.db.GetPinnedPosts(coll, true)
+		} else {
+			tp.PinnedPosts, _ = app.db.GetPinnedPosts(coll, false)
+		}
 		tp.IsPinned = len(*tp.PinnedPosts) > 0 && PostsContains(tp.PinnedPosts, p)
 
 		if !postFound {

From ca957c4b6d59a1d32eae911ba30571d064d53b61 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Mon, 12 Aug 2019 12:35:17 -0700
Subject: [PATCH 25/90] fix missing collection hostname

GetCollections and GetPublishableCollections now take a hostname
parameter to allow setting the collecion hostname.

All collections used in memory now have their hostname set.
---
 account.go     | 21 +++++++++++----------
 admin.go       | 11 ++++++-----
 collections.go |  6 ++++--
 database.go    | 11 ++++++-----
 export.go      |  2 +-
 go.mod         |  2 +-
 pad.go         |  7 ++++---
 postrender.go  | 12 +++++++-----
 8 files changed, 40 insertions(+), 32 deletions(-)

diff --git a/account.go b/account.go
index 1cf259b..c69e2fe 100644
--- a/account.go
+++ b/account.go
@@ -13,6 +13,13 @@ package writefreely
 import (
 	"encoding/json"
 	"fmt"
+	"html/template"
+	"net/http"
+	"regexp"
+	"strings"
+	"sync"
+	"time"
+
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
 	"github.com/guregu/null/zero"
@@ -22,12 +29,6 @@ import (
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/author"
 	"github.com/writeas/writefreely/page"
-	"html/template"
-	"net/http"
-	"regexp"
-	"strings"
-	"sync"
-	"time"
 )
 
 type (
@@ -546,7 +547,7 @@ func getVerboseAuthUser(app *App, token string, u *User, verbose bool) *AuthUser
 		if err != nil {
 			log.Error("Login: Unable to get user posts: %v", err)
 		}
-		colls, err := app.db.GetCollections(u)
+		colls, err := app.db.GetCollections(u, app.cfg.App.Host)
 		if err != nil {
 			log.Error("Login: Unable to get user collections: %v", err)
 		}
@@ -716,7 +717,7 @@ func viewMyCollectionsAPI(app *App, u *User, w http.ResponseWriter, r *http.Requ
 		return ErrBadRequestedType
 	}
 
-	p, err := app.db.GetCollections(u)
+	p, err := app.db.GetCollections(u, app.cfg.App.Host)
 	if err != nil {
 		return err
 	}
@@ -739,7 +740,7 @@ func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		log.Error("unable to fetch flashes: %v", err)
 	}
 
-	c, err := app.db.GetPublishableCollections(u)
+	c, err := app.db.GetPublishableCollections(u, app.cfg.App.Host)
 	if err != nil {
 		log.Error("unable to fetch collections: %v", err)
 	}
@@ -762,7 +763,7 @@ func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 }
 
 func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
-	c, err := app.db.GetCollections(u)
+	c, err := app.db.GetCollections(u, app.cfg.App.Host)
 	if err != nil {
 		log.Error("unable to fetch collections: %v", err)
 		return fmt.Errorf("No collections")
diff --git a/admin.go b/admin.go
index fe19ad5..a27a068 100644
--- a/admin.go
+++ b/admin.go
@@ -13,16 +13,17 @@ package writefreely
 import (
 	"database/sql"
 	"fmt"
+	"net/http"
+	"runtime"
+	"strconv"
+	"time"
+
 	"github.com/gogits/gogs/pkg/tool"
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/auth"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/config"
-	"net/http"
-	"runtime"
-	"strconv"
-	"time"
 )
 
 var (
@@ -195,7 +196,7 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 		p.LastPost = lp.Format("January 2, 2006, 3:04 PM")
 	}
 
-	colls, err := app.db.GetCollections(p.User)
+	colls, err := app.db.GetCollections(p.User, app.cfg.App.Host)
 	if err != nil {
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user's collections: %v", err)}
 	}
diff --git a/collections.go b/collections.go
index aee74f7..997d4d7 100644
--- a/collections.go
+++ b/collections.go
@@ -724,6 +724,8 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 		return err
 	}
 
+	c.hostName = app.cfg.App.Host
+
 	// Serve ActivityStreams data now, if requested
 	if strings.Contains(r.Header.Get("Accept"), "application/activity+json") {
 		ac := c.PersonObject()
@@ -762,7 +764,7 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 			owner = u
 			displayPage.CanPin = true
 
-			pubColls, err := app.db.GetPublishableCollections(owner)
+			pubColls, err := app.db.GetPublishableCollections(owner, app.cfg.App.Host)
 			if err != nil {
 				log.Error("unable to fetch collections: %v", err)
 			}
@@ -859,7 +861,7 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 			owner = u
 			displayPage.CanPin = true
 
-			pubColls, err := app.db.GetPublishableCollections(owner)
+			pubColls, err := app.db.GetPublishableCollections(owner, app.cfg.App.Host)
 			if err != nil {
 				log.Error("unable to fetch collections: %v", err)
 			}
diff --git a/database.go b/database.go
index 34c5234..c980225 100644
--- a/database.go
+++ b/database.go
@@ -65,8 +65,8 @@ type writestore interface {
 	ChangeSettings(app *App, u *User, s *userSettings) error
 	ChangePassphrase(userID int64, sudo bool, curPass string, hashedPass []byte) error
 
-	GetCollections(u *User) (*[]Collection, error)
-	GetPublishableCollections(u *User) (*[]Collection, error)
+	GetCollections(u *User, hostName string) (*[]Collection, error)
+	GetPublishableCollections(u *User, hostName string) (*[]Collection, error)
 	GetMeStats(u *User) userMeStats
 	GetTotalCollections() (int64, error)
 	GetTotalPosts() (int64, error)
@@ -1559,7 +1559,7 @@ func (db *datastore) GetPinnedPosts(coll *CollectionObj) (*[]PublicPost, error)
 	return &posts, nil
 }
 
-func (db *datastore) GetCollections(u *User) (*[]Collection, error) {
+func (db *datastore) GetCollections(u *User, hostName string) (*[]Collection, error) {
 	rows, err := db.Query("SELECT id, alias, title, description, privacy, view_count FROM collections WHERE owner_id = ? ORDER BY id ASC", u.ID)
 	if err != nil {
 		log.Error("Failed selecting from collections: %v", err)
@@ -1575,6 +1575,7 @@ func (db *datastore) GetCollections(u *User) (*[]Collection, error) {
 			log.Error("Failed scanning row: %v", err)
 			break
 		}
+		c.hostName = hostName
 		c.URL = c.CanonicalURL()
 		c.Public = c.IsPublic()
 
@@ -1588,8 +1589,8 @@ func (db *datastore) GetCollections(u *User) (*[]Collection, error) {
 	return &colls, nil
 }
 
-func (db *datastore) GetPublishableCollections(u *User) (*[]Collection, error) {
-	c, err := db.GetCollections(u)
+func (db *datastore) GetPublishableCollections(u *User, hostName string) (*[]Collection, error) {
+	c, err := db.GetCollections(u, hostName)
 	if err != nil {
 		return nil, err
 	}
diff --git a/export.go b/export.go
index 47a2603..86855e2 100644
--- a/export.go
+++ b/export.go
@@ -104,7 +104,7 @@ func compileFullExport(app *App, u *User) *ExportUser {
 		User: u,
 	}
 
-	colls, err := app.db.GetCollections(u)
+	colls, err := app.db.GetCollections(u, app.cfg.App.Host)
 	if err != nil {
 		log.Error("unable to fetch collections: %v", err)
 	}
diff --git a/go.mod b/go.mod
index cc5fc57..5e040ba 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
 	github.com/writeas/slug v1.2.0
 	github.com/writeas/web-core v1.0.0
 	github.com/writefreely/go-nodeinfo v1.2.0
-	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f // indirect
+	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f
 	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
 	golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 // indirect
 	golang.org/x/sys v0.0.0-20190209173611-3b5209105503 // indirect
diff --git a/pad.go b/pad.go
index 1545b4f..b806615 100644
--- a/pad.go
+++ b/pad.go
@@ -11,12 +11,13 @@
 package writefreely
 
 import (
+	"net/http"
+	"strings"
+
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/page"
-	"net/http"
-	"strings"
 )
 
 func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
@@ -47,7 +48,7 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 	var err error
 	if appData.User != nil {
-		appData.Blogs, err = app.db.GetPublishableCollections(appData.User)
+		appData.Blogs, err = app.db.GetPublishableCollections(appData.User, app.cfg.App.Host)
 		if err != nil {
 			log.Error("Unable to get user's blogs for Pad: %v", err)
 		}
diff --git a/postrender.go b/postrender.go
index af715be..93c2089 100644
--- a/postrender.go
+++ b/postrender.go
@@ -12,17 +12,18 @@ package writefreely
 
 import (
 	"fmt"
-	"github.com/microcosm-cc/bluemonday"
-	stripmd "github.com/writeas/go-strip-markdown"
-	"github.com/writeas/saturday"
-	"github.com/writeas/web-core/stringmanip"
-	"github.com/writeas/writefreely/parse"
 	"html"
 	"html/template"
 	"regexp"
 	"strings"
 	"unicode"
 	"unicode/utf8"
+
+	"github.com/microcosm-cc/bluemonday"
+	stripmd "github.com/writeas/go-strip-markdown"
+	blackfriday "github.com/writeas/saturday"
+	"github.com/writeas/web-core/stringmanip"
+	"github.com/writeas/writefreely/parse"
 )
 
 var (
@@ -36,6 +37,7 @@ var (
 
 func (p *Post) formatContent(c *Collection, isOwner bool) {
 	baseURL := c.CanonicalURL()
+	// TODO: redundant
 	if !isSingleUser {
 		baseURL = "/" + c.Alias + "/"
 	}

From 1d80e47e074a32d480e4fe65f59f08d27b437f0d Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Mon, 12 Aug 2019 13:51:29 -0700
Subject: [PATCH 26/90] change subdirectory to writefreely

instead of writefreely_versionstring
---
 Makefile | 52 ++++++++++++++++++++++++++--------------------------
 1 file changed, 26 insertions(+), 26 deletions(-)

diff --git a/Makefile b/Makefile
index 66fb4c5..c85cf6f 100644
--- a/Makefile
+++ b/Makefile
@@ -7,7 +7,7 @@ GOBUILD=$(GOCMD) build $(LDFLAGS)
 GOTEST=$(GOCMD) test $(LDFLAGS)
 GOGET=$(GOCMD) get
 BINARY_NAME=writefreely
-TAR_NAME=$(BINARY_NAME)_$(GITREV)
+BUILDPATH=build/$(BINARY_NAME)
 DOCKERCMD=docker
 IMAGE_NAME=writeas/writefreely
 TMPBIN=./tmp
@@ -70,40 +70,40 @@ install : build
 	cd less/; $(MAKE) install $(MFLAGS)
 
 release : clean ui assets
-	mkdir -p build/$(TAR_NAME)
-	cp -r templates build/$(TAR_NAME)
-	cp -r pages build/$(TAR_NAME)
-	cp -r static build/$(TAR_NAME)
-	mkdir build/$(TAR_NAME)/keys
+	mkdir -p $(BUILDPATH)
+	cp -r templates $(BUILDPATH)
+	cp -r pages $(BUILDPATH)
+	cp -r static $(BUILDPATH)
+	mkdir $(BUILDPATH)/keys
 	$(MAKE) build-linux
-	mv build/$(BINARY_NAME)-linux-amd64 build/$(TAR_NAME)/$(BINARY_NAME)
-	tar -cvzf $(TAR_NAME)_linux_amd64.tar.gz -C build $(TAR_NAME)
-	rm build/$(TAR_NAME)/$(BINARY_NAME)
+	mv build/$(BINARY_NAME)-linux-amd64 $(BUILDPATH)/$(BINARY_NAME)
+	tar -cvzf $(BINARY_NAME)_$(GIT_REV)_linux_amd64.tar.gz -C build $(BINARY_NAME)
+	rm $(BUILDPATH)/$(BINARY_NAME)
 	$(MAKE) build-arm7
-	mv build/$(BINARY_NAME)-linux-arm-7 build/$(TAR_NAME)/$(BINARY_NAME)
-	tar -cvzf $(TAR_NAME)_linux_arm7.tar.gz -C build $(TAR_NAME)
-	rm build/$(TAR_NAME)/$(BINARY_NAME)
+	mv build/$(BINARY_NAME)-linux-arm-7 $(BUILDPATH)/$(BINARY_NAME)
+	tar -cvzf $(BINARY_NAME)_$(GITREV)_linux_arm7.tar.gz -C build $(BINARY_NAME)
+	rm $(BUILDPATH)/$(BINARY_NAME)
 	$(MAKE) build-darwin
-	mv build/$(BINARY_NAME)-darwin-10.6-amd64 build/$(TAR_NAME)/$(BINARY_NAME)
-	tar -cvzf $(TAR_NAME)_macos_amd64.tar.gz -C build $(TAR_NAME)
-	rm build/$(TAR_NAME)/$(BINARY_NAME)
+	mv build/$(BINARY_NAME)-darwin-10.6-amd64 $(BUILDPATH)/$(BINARY_NAME)
+	tar -cvzf $(BINARY_NAME)_$(GITREV)_macos_amd64.tar.gz -C build $(BINARY_NAME)
+	rm $(BUILDPATH)/$(BINARY_NAME)
 	$(MAKE) build-windows
-	mv build/$(BINARY_NAME)-windows-4.0-amd64.exe build/$(TAR_NAME)/$(BINARY_NAME).exe
-	cd build; zip -r ../$(TAR_NAME)_windows_amd64.zip ./$(TAR_NAME)
-	rm build/$(TAR_NAME)/$(BINARY_NAME)
+	mv build/$(BINARY_NAME)-windows-4.0-amd64.exe $(BUILDPATH)/$(BINARY_NAME).exe
+	cd build; zip -r ../$(BINARY_NAME)_$(GITREV)_windows_amd64.zip ./$(BINARY_NAME)
+	rm $(BUILDPATH)/$(BINARY_NAME)
 	$(MAKE) build-docker
 	$(MAKE) release-docker
 
 # This assumes you're on linux/amd64
-release-linux : clean ui
-	mkdir -p build/$(TAR_NAME)
-	cp -r templates build/$(TAR_NAME)
-	cp -r pages build/$(TAR_NAME)
-	cp -r static build/$(TAR_NAME)
-	mkdir build/$(TAR_NAME)/keys
+release-linux : clean
+	mkdir -p $(BUILDPATH)
+	cp -r templates $(BUILDPATH)
+	cp -r pages $(BUILDPATH)
+	cp -r static $(BUILDPATH)
+	mkdir $(BUILDPATH)/keys
 	$(MAKE) build-no-sqlite
-	mv cmd/writefreely/$(BINARY_NAME) build/$(TAR_NAME)/$(BINARY_NAME)
-	tar -cvzf $(TAR_NAME)_linux_amd64.tar.gz -C build $(TAR_NAME)
+	mv cmd/writefreely/$(BINARY_NAME) $(BUILDPATH)/$(BINARY_NAME)
+	tar -cvzf $(BINARY_NAME)_$(GITREV)_linux_amd64.tar.gz -C build $(BINARY_NAME)
 
 release-docker :
 	$(DOCKERCMD) push $(IMAGE_NAME)

From f241d694258fd1c501249a09a00930b86be35d51 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Mon, 12 Aug 2019 14:12:35 -0700
Subject: [PATCH 27/90] reduce GetPinnedPosts calls to single line

---
 collections.go | 12 ++----------
 posts.go       |  6 +-----
 2 files changed, 3 insertions(+), 15 deletions(-)

diff --git a/collections.go b/collections.go
index 7eb3741..adf89d4 100644
--- a/collections.go
+++ b/collections.go
@@ -783,11 +783,7 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 
 	// Add more data
 	// TODO: fix this mess of collections inside collections
-	if isOwner {
-		displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, true)
-	} else {
-		displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, false)
-	}
+	displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, isOwner)
 
 	err = templates["collection"].ExecuteTemplate(w, "collection", displayPage)
 	if err != nil {
@@ -884,11 +880,7 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 	coll.Owner = displayPage.Owner
 	// Add more data
 	// TODO: fix this mess of collections inside collections
-	if isOwner {
-		displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, true)
-	} else {
-		displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, false)
-	}
+	displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, isOwner)
 
 	err = templates["collection-tags"].ExecuteTemplate(w, "collection-tags", displayPage)
 	if err != nil {
diff --git a/posts.go b/posts.go
index edef6fb..a1383fa 100644
--- a/posts.go
+++ b/posts.go
@@ -1380,11 +1380,7 @@ Are you sure it was ever here?`,
 			IsCustomDomain: cr.isCustomDomain,
 			IsFound:        postFound,
 		}
-		if p.IsOwner {
-			tp.PinnedPosts, _ = app.db.GetPinnedPosts(coll, true)
-		} else {
-			tp.PinnedPosts, _ = app.db.GetPinnedPosts(coll, false)
-		}
+		tp.PinnedPosts, _ = app.db.GetPinnedPosts(coll, p.IsOwner)
 		tp.IsPinned = len(*tp.PinnedPosts) > 0 && PostsContains(tp.PinnedPosts, p)
 
 		if !postFound {

From 55dc1917fe477e263caa616594b8a886214957e0 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Mon, 12 Aug 2019 14:13:02 -0700
Subject: [PATCH 28/90] use established future posts pattern

---
 database.go | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/database.go b/database.go
index d3ff338..1eea6bb 100644
--- a/database.go
+++ b/database.go
@@ -1535,13 +1535,11 @@ func (db *datastore) GetLastPinnedPostPos(collID int64) int64 {
 
 func (db *datastore) GetPinnedPosts(coll *CollectionObj, includeFuture bool) (*[]PublicPost, error) {
 	// FIXME: sqlite-backed instances don't include ellipsis on truncated titles
-	rows := &sql.Rows{}
-	var err error
-	if includeFuture {
-		rows, err = db.Query("SELECT id, slug, title, "+db.clip("content", 80)+", pinned_position FROM posts WHERE collection_id = ? AND pinned_position IS NOT NULL ORDER BY pinned_position ASC", coll.ID)
-	} else {
-		rows, err = db.Query("SELECT id, slug, title, "+db.clip("content", 80)+", pinned_position FROM posts WHERE collection_id = ? AND pinned_position IS NOT NULL AND created <= "+db.now()+" ORDER BY pinned_position ASC", coll.ID)
+	timeCondition := ""
+	if !includeFuture {
+		timeCondition = "AND created <= " + db.now()
 	}
+	rows, err := db.Query("SELECT id, slug, title, "+db.clip("content", 80)+", pinned_position FROM posts WHERE collection_id = ? AND pinned_position IS NOT NULL "+timeCondition+" ORDER BY pinned_position ASC", coll.ID)
 	if err != nil {
 		log.Error("Failed selecting pinned posts: %v", err)
 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve pinned posts."}

From 8a29a4dfc94b91a753391c4752b1ea4116d97ef6 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 14 Aug 2019 23:14:34 -0400
Subject: [PATCH 29/90] Link to home page in bare editor in chorus mode

Ref T681
---
 templates/bare.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/bare.tmpl b/templates/bare.tmpl
index 1398a47..a4194c9 100644
--- a/templates/bare.tmpl
+++ b/templates/bare.tmpl
@@ -19,7 +19,7 @@
 		
 		<header id="tools">
 			<div id="clip">
-				{{if not .SingleUser}}<h1><a href="/me/c/" title="View blogs">{{.SiteName}}</a></h1>{{end}}
+				{{if not .SingleUser}}<h1>{{if .Chorus}}<a href="/" title="Home">{{else}}<a href="/me/c/" title="View blogs">{{end}}{{.SiteName}}</a></h1>{{end}}
 				<nav id="target" {{if .SingleUser}}style="margin-left:0"{{end}}><ul>
 						<li>{{if .Blogs}}<a href="{{$c := index .Blogs 0}}{{$c.CanonicalURL}}">My Posts</a>{{else}}<a>Draft</a>{{end}}</li>
 				</ul></nav>

From 55808233fd322373452f0c41240b542470251e6c Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 14 Aug 2019 23:25:02 -0400
Subject: [PATCH 30/90] Fix logic for showing sign up link

This prevents the link from showing when an instance lands on the sign
up page anyway.

Ref T681
---
 templates/base.tmpl                | 2 +-
 templates/user/include/header.tmpl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/base.tmpl b/templates/base.tmpl
index f8b66c8..aae7850 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -47,7 +47,7 @@
 					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
 						{{ end }}
 					{{if and (and  .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read"{{if eq .Path "/read"}} class="selected"{{end}}>Reader</a>{{end}}
-					{{if and (and  .Chorus .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
+					{{if and (and (and  .Chorus .OpenRegistration) (not .Username)) (or (not .Private) (ne .Landing ""))}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if not .Username}}<a href="/login"{{if eq .Path "/login"}} class="selected"{{end}}>Log in</a>{{else if .SimpleNav}}<a href="/me/logout">Log out</a>{{end}}
 					{{ end }}
 				</nav>
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 9d5bb54..0feca89 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -56,7 +56,7 @@
 					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
 						{{ end }}
 					{{if and (and .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read">Reader</a>{{end}}
-					{{if and (and .Chorus .OpenRegistration) (not .Username)}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
+					{{if and (and (and .Chorus .OpenRegistration) (not .Username)) (or (not .Private) (ne .Landing ""))}}<a href="/signup"{{if eq .Path "/signup"}} class="selected"{{end}}>Sign up</a>{{end}}
 					{{if .Username}}<a href="/me/logout">Log out</a>{{else}}<a href="/login">Log in</a>{{end}}
 					{{ end }}
 				{{else}}

From 42a22193355b6cbcf9e7d31bc93f52f63916721c Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Thu, 22 Aug 2019 10:48:58 -0700
Subject: [PATCH 31/90] add ui back to target release linux

---
 Makefile | 2 +-
 go.mod   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Makefile b/Makefile
index c85cf6f..f1a99b8 100644
--- a/Makefile
+++ b/Makefile
@@ -95,7 +95,7 @@ release : clean ui assets
 	$(MAKE) release-docker
 
 # This assumes you're on linux/amd64
-release-linux : clean
+release-linux : clean ui
 	mkdir -p $(BUILDPATH)
 	cp -r templates $(BUILDPATH)
 	cp -r pages $(BUILDPATH)
diff --git a/go.mod b/go.mod
index cc5fc57..5e040ba 100644
--- a/go.mod
+++ b/go.mod
@@ -63,7 +63,7 @@ require (
 	github.com/writeas/slug v1.2.0
 	github.com/writeas/web-core v1.0.0
 	github.com/writefreely/go-nodeinfo v1.2.0
-	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f // indirect
+	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f
 	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
 	golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 // indirect
 	golang.org/x/sys v0.0.0-20190209173611-3b5209105503 // indirect

From 6e9000659c4a93e40034773f8b2b4f02c3962359 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Thu, 22 Aug 2019 12:16:37 -0700
Subject: [PATCH 32/90] fix typo in Makefile GITREV release target

---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index f1a99b8..757bcfd 100644
--- a/Makefile
+++ b/Makefile
@@ -77,7 +77,7 @@ release : clean ui assets
 	mkdir $(BUILDPATH)/keys
 	$(MAKE) build-linux
 	mv build/$(BINARY_NAME)-linux-amd64 $(BUILDPATH)/$(BINARY_NAME)
-	tar -cvzf $(BINARY_NAME)_$(GIT_REV)_linux_amd64.tar.gz -C build $(BINARY_NAME)
+	tar -cvzf $(BINARY_NAME)_$(GITREV)_linux_amd64.tar.gz -C build $(BINARY_NAME)
 	rm $(BUILDPATH)/$(BINARY_NAME)
 	$(MAKE) build-arm7
 	mv build/$(BINARY_NAME)-linux-arm-7 $(BUILDPATH)/$(BINARY_NAME)

From 77f7b4a522cf2dd522a64a86b32dee245f1cfd6f Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Wed, 28 Aug 2019 12:37:45 -0700
Subject: [PATCH 33/90] Add account suspension features

This renders all requests for that user's posts, collections and related
ActivityPub endpoints with 404 responses.

While suspended, users may not create or edit posts or collections.

User status is listed in the admin user page

Admin view of user details shows status and now has a button to activate
or suspend a user.
---
 account.go                          | 29 +++++++-----
 activitypub.go                      | 40 ++++++++++++++++
 admin.go                            | 34 ++++++++++++--
 collections.go                      | 34 +++++++++++++-
 database.go                         | 51 ++++++++++++++++----
 errors.go                           |  5 +-
 feed.go                             | 14 +++++-
 invites.go                          | 13 +++--
 migrations/migrations.go            |  2 +
 migrations/v3.go                    | 29 ++++++++++++
 pad.go                              | 22 +++++++--
 posts.go                            | 73 +++++++++++++++++++++++++++--
 read.go                             | 14 +++---
 routes.go                           |  8 ++--
 schema.sql                          |  1 +
 sqlite.sql                          |  3 +-
 templates/edit-meta.tmpl            |  4 ++
 templates/pad.tmpl                  |  6 ++-
 templates/user/admin/users.tmpl     |  5 ++
 templates/user/admin/view-user.tmpl | 32 +++++++++++++
 templates/user/settings.tmpl        |  6 +++
 users.go                            |  1 +
 webfinger.go                        | 11 ++++-
 23 files changed, 381 insertions(+), 56 deletions(-)
 create mode 100644 migrations/v3.go

diff --git a/account.go b/account.go
index 1cf259b..49700b4 100644
--- a/account.go
+++ b/account.go
@@ -13,6 +13,13 @@ package writefreely
 import (
 	"encoding/json"
 	"fmt"
+	"html/template"
+	"net/http"
+	"regexp"
+	"strings"
+	"sync"
+	"time"
+
 	"github.com/gorilla/mux"
 	"github.com/gorilla/sessions"
 	"github.com/guregu/null/zero"
@@ -22,12 +29,6 @@ import (
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/author"
 	"github.com/writeas/writefreely/page"
-	"html/template"
-	"net/http"
-	"regexp"
-	"strings"
-	"sync"
-	"time"
 )
 
 type (
@@ -1011,14 +1012,16 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 
 	obj := struct {
 		*UserPage
-		Email    string
-		HasPass  bool
-		IsLogOut bool
+		Email     string
+		HasPass   bool
+		IsLogOut  bool
+		Suspended bool
 	}{
-		UserPage: NewUserPage(app, r, u, "Account Settings", flashes),
-		Email:    fullUser.EmailClear(app.keys),
-		HasPass:  passIsSet,
-		IsLogOut: r.FormValue("logout") == "1",
+		UserPage:  NewUserPage(app, r, u, "Account Settings", flashes),
+		Email:     fullUser.EmailClear(app.keys),
+		HasPass:   passIsSet,
+		IsLogOut:  r.FormValue("logout") == "1",
+		Suspended: fullUser.Suspended,
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/activitypub.go b/activitypub.go
index 997609d..c10838d 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -80,6 +80,14 @@ func handleFetchCollectionActivities(app *App, w http.ResponseWriter, r *http.Re
 	if err != nil {
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("fetch collection inbox: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	p := c.PersonObject()
@@ -105,6 +113,14 @@ func handleFetchCollectionOutbox(app *App, w http.ResponseWriter, r *http.Reques
 	if err != nil {
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("fetch collection inbox: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	if app.cfg.App.SingleUser {
@@ -158,6 +174,14 @@ func handleFetchCollectionFollowers(app *App, w http.ResponseWriter, r *http.Req
 	if err != nil {
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("fetch collection inbox: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	accountRoot := c.FederatedAccount()
@@ -204,6 +228,14 @@ func handleFetchCollectionFollowing(app *App, w http.ResponseWriter, r *http.Req
 	if err != nil {
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("fetch collection inbox: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	accountRoot := c.FederatedAccount()
@@ -238,6 +270,14 @@ func handleFetchCollectionInbox(app *App, w http.ResponseWriter, r *http.Request
 		// TODO: return Reject?
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("fetch collection inbox: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	if debugging {
diff --git a/admin.go b/admin.go
index fe19ad5..dc8580d 100644
--- a/admin.go
+++ b/admin.go
@@ -13,16 +13,17 @@ package writefreely
 import (
 	"database/sql"
 	"fmt"
+	"net/http"
+	"runtime"
+	"strconv"
+	"time"
+
 	"github.com/gogits/gogs/pkg/tool"
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/auth"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/config"
-	"net/http"
-	"runtime"
-	"strconv"
-	"time"
 )
 
 var (
@@ -229,6 +230,31 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	return nil
 }
 
+func handleAdminToggleUserSuspended(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
+	vars := mux.Vars(r)
+	username := vars["username"]
+	if username == "" {
+		return impart.HTTPError{http.StatusFound, "/admin/users"}
+	}
+
+	userToToggle, err := app.db.GetUserForAuth(username)
+	if err != nil {
+		log.Error("failed to get user: %v", err)
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user from username: %v", err)}
+	}
+	if userToToggle.Suspended {
+		err = app.db.SetUserSuspended(userToToggle.ID, false)
+	} else {
+		err = app.db.SetUserSuspended(userToToggle.ID, true)
+	}
+	if err != nil {
+		log.Error("toggle user suspended: %v", err)
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not toggle user suspended: %v")}
+	}
+	// TODO: invalidate sessions
+	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s#status", username)}
+}
+
 func handleViewAdminPages(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
 	p := struct {
 		*UserPage
diff --git a/collections.go b/collections.go
index aee74f7..95dd808 100644
--- a/collections.go
+++ b/collections.go
@@ -379,6 +379,7 @@ func newCollection(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 
 	var userID int64
+	var err error
 	if reqJSON && !c.Web {
 		accessToken = r.Header.Get("Authorization")
 		if accessToken == "" {
@@ -395,6 +396,14 @@ func newCollection(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 		userID = u.ID
 	}
+	suspended, err := app.db.IsUserSuspended(userID)
+	if err != nil {
+		log.Error("new collection: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrUserSuspended
+	}
 
 	if !author.IsValidUsername(app.cfg, c.Alias) {
 		return impart.HTTPError{http.StatusPreconditionFailed, "Collection alias isn't valid."}
@@ -724,6 +733,15 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 		return err
 	}
 
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("view collection: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	// Serve ActivityStreams data now, if requested
 	if strings.Contains(r.Header.Get("Accept"), "application/activity+json") {
 		ac := c.PersonObject()
@@ -824,6 +842,10 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 		return err
 	}
 
+	if u.Suspended {
+		return ErrCollectionNotFound
+	}
+
 	page := getCollectionPage(vars)
 
 	c, err := processCollectionPermissions(app, cr, u, w, r)
@@ -916,7 +938,6 @@ func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error
 	if reqJSON && !isWeb {
 		// Ensure an access token was given
 		accessToken := r.Header.Get("Authorization")
-		u = &User{}
 		u.ID = app.db.GetUserID(accessToken)
 		if u.ID == -1 {
 			return ErrBadAccessToken
@@ -928,6 +949,16 @@ func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error
 		}
 	}
 
+	suspended, err := app.db.IsUserSuspended(u.ID)
+	if err != nil {
+		log.Error("existing collection: get user suspended status: %v", err)
+		return ErrInternalGeneral
+	}
+
+	if suspended {
+		return ErrUserSuspended
+	}
+
 	if r.Method == "DELETE" {
 		err := app.db.DeleteCollection(collAlias, u.ID)
 		if err != nil {
@@ -940,7 +971,6 @@ func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error
 	}
 
 	c := SubmittedCollection{OwnerID: uint64(u.ID)}
-	var err error
 
 	if reqJSON {
 		// Decode JSON request
diff --git a/database.go b/database.go
index 34c5234..150a74f 100644
--- a/database.go
+++ b/database.go
@@ -296,7 +296,7 @@ func (db *datastore) CreateCollection(cfg *config.Config, alias, title string, u
 func (db *datastore) GetUserByID(id int64) (*User, error) {
 	u := &User{ID: id}
 
-	err := db.QueryRow("SELECT username, password, email, created FROM users WHERE id = ?", id).Scan(&u.Username, &u.HashedPass, &u.Email, &u.Created)
+	err := db.QueryRow("SELECT username, password, email, created, suspended FROM users WHERE id = ?", id).Scan(&u.Username, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
 	switch {
 	case err == sql.ErrNoRows:
 		return nil, ErrUserNotFound
@@ -308,6 +308,23 @@ func (db *datastore) GetUserByID(id int64) (*User, error) {
 	return u, nil
 }
 
+// IsUserSuspended returns true if the user account associated with id is
+// currently suspended.
+func (db *datastore) IsUserSuspended(id int64) (bool, error) {
+	u := &User{ID: id}
+
+	err := db.QueryRow("SELECT suspended FROM users WHERE id = ?", id).Scan(&u.Suspended)
+	switch {
+	case err == sql.ErrNoRows:
+		return false, ErrUserNotFound
+	case err != nil:
+		log.Error("Couldn't SELECT user password: %v", err)
+		return false, err
+	}
+
+	return u.Suspended, nil
+}
+
 // DoesUserNeedAuth returns true if the user hasn't provided any methods for
 // authenticating with the account, such a passphrase or email address.
 // Any errors are reported to admin and silently quashed, returning false as the
@@ -347,7 +364,7 @@ func (db *datastore) IsUserPassSet(id int64) (bool, error) {
 func (db *datastore) GetUserForAuth(username string) (*User, error) {
 	u := &User{Username: username}
 
-	err := db.QueryRow("SELECT id, password, email, created FROM users WHERE username = ?", username).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created)
+	err := db.QueryRow("SELECT id, password, email, created, suspended FROM users WHERE username = ?", username).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
 	switch {
 	case err == sql.ErrNoRows:
 		// Check if they've entered the wrong, unnormalized username
@@ -370,7 +387,7 @@ func (db *datastore) GetUserForAuth(username string) (*User, error) {
 func (db *datastore) GetUserForAuthByID(userID int64) (*User, error) {
 	u := &User{ID: userID}
 
-	err := db.QueryRow("SELECT id, password, email, created FROM users WHERE id = ?", u.ID).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created)
+	err := db.QueryRow("SELECT id, password, email, created, suspended FROM users WHERE id = ?", u.ID).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
 	switch {
 	case err == sql.ErrNoRows:
 		return nil, ErrUserNotFound
@@ -1624,7 +1641,11 @@ func (db *datastore) GetMeStats(u *User) userMeStats {
 }
 
 func (db *datastore) GetTotalCollections() (collCount int64, err error) {
-	err = db.QueryRow(`SELECT COUNT(*) FROM collections`).Scan(&collCount)
+	err = db.QueryRow(`
+	SELECT COUNT(*) 
+	FROM collections c
+	LEFT JOIN users u ON u.id = c.owner_id
+	WHERE u.suspended = 0`).Scan(&collCount)
 	if err != nil {
 		log.Error("Unable to fetch collections count: %v", err)
 	}
@@ -1632,7 +1653,11 @@ func (db *datastore) GetTotalCollections() (collCount int64, err error) {
 }
 
 func (db *datastore) GetTotalPosts() (postCount int64, err error) {
-	err = db.QueryRow(`SELECT COUNT(*) FROM posts`).Scan(&postCount)
+	err = db.QueryRow(`
+	SELECT COUNT(*)
+	FROM posts p
+	LEFT JOIN users u ON u.id = p.owner_id
+	WHERE u.Suspended = 0`).Scan(&postCount)
 	if err != nil {
 		log.Error("Unable to fetch posts count: %v", err)
 	}
@@ -2341,17 +2366,17 @@ func (db *datastore) GetAllUsers(page uint) (*[]User, error) {
 		limitStr = fmt.Sprintf("%d, %d", (page-1)*adminUsersPerPage, adminUsersPerPage)
 	}
 
-	rows, err := db.Query("SELECT id, username, created FROM users ORDER BY created DESC LIMIT " + limitStr)
+	rows, err := db.Query("SELECT id, username, created, suspended FROM users ORDER BY created DESC LIMIT " + limitStr)
 	if err != nil {
-		log.Error("Failed selecting from posts: %v", err)
-		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve user posts."}
+		log.Error("Failed selecting from users: %v", err)
+		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve all users."}
 	}
 	defer rows.Close()
 
 	users := []User{}
 	for rows.Next() {
 		u := User{}
-		err = rows.Scan(&u.ID, &u.Username, &u.Created)
+		err = rows.Scan(&u.ID, &u.Username, &u.Created, &u.Suspended)
 		if err != nil {
 			log.Error("Failed scanning GetAllUsers() row: %v", err)
 			break
@@ -2388,6 +2413,14 @@ func (db *datastore) GetUserLastPostTime(id int64) (*time.Time, error) {
 	return &t, nil
 }
 
+func (db *datastore) SetUserSuspended(id int64, suspend bool) error {
+	_, err := db.Exec("UPDATE users SET suspended = ? WHERE id = ?", suspend, id)
+	if err != nil {
+		return fmt.Errorf("failed to update user suspended status: %v", err)
+	}
+	return nil
+}
+
 func (db *datastore) GetCollectionLastPostTime(id int64) (*time.Time, error) {
 	var t time.Time
 	err := db.QueryRow("SELECT created FROM posts WHERE collection_id = ? ORDER BY created DESC LIMIT 1", id).Scan(&t)
diff --git a/errors.go b/errors.go
index 0092b7f..fa7304f 100644
--- a/errors.go
+++ b/errors.go
@@ -11,8 +11,9 @@
 package writefreely
 
 import (
-	"github.com/writeas/impart"
 	"net/http"
+
+	"github.com/writeas/impart"
 )
 
 // Commonly returned HTTP errors
@@ -46,6 +47,8 @@ var (
 
 	ErrUserNotFound      = impart.HTTPError{http.StatusNotFound, "User doesn't exist."}
 	ErrUserNotFoundEmail = impart.HTTPError{http.StatusNotFound, "Please enter your username instead of your email address."}
+
+	ErrUserSuspended = impart.HTTPError{http.StatusForbidden, "Account is suspended, contact the administrator."}
 )
 
 // Post operation errors
diff --git a/feed.go b/feed.go
index dd82c33..353b1b9 100644
--- a/feed.go
+++ b/feed.go
@@ -12,12 +12,13 @@ package writefreely
 
 import (
 	"fmt"
+	"net/http"
+	"time"
+
 	. "github.com/gorilla/feeds"
 	"github.com/gorilla/mux"
 	stripmd "github.com/writeas/go-strip-markdown"
 	"github.com/writeas/web-core/log"
-	"net/http"
-	"time"
 )
 
 func ViewFeed(app *App, w http.ResponseWriter, req *http.Request) error {
@@ -34,6 +35,15 @@ func ViewFeed(app *App, w http.ResponseWriter, req *http.Request) error {
 	if err != nil {
 		return nil
 	}
+
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("view feed: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrCollectionNotFound
+	}
 	c.hostName = app.cfg.App.Host
 
 	if c.IsPrivate() || c.IsProtected() {
diff --git a/invites.go b/invites.go
index 561255f..93b82b4 100644
--- a/invites.go
+++ b/invites.go
@@ -12,15 +12,16 @@ package writefreely
 
 import (
 	"database/sql"
+	"html/template"
+	"net/http"
+	"strconv"
+	"time"
+
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/nerds/store"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/page"
-	"html/template"
-	"net/http"
-	"strconv"
-	"time"
 )
 
 type Invite struct {
@@ -77,6 +78,10 @@ func handleCreateUserInvite(app *App, u *User, w http.ResponseWriter, r *http.Re
 	muVal := r.FormValue("uses")
 	expVal := r.FormValue("expires")
 
+	if u.Suspended {
+		return ErrUserSuspended
+	}
+
 	var err error
 	var maxUses int
 	if muVal != "0" {
diff --git a/migrations/migrations.go b/migrations/migrations.go
index 70e4b7b..de3f487 100644
--- a/migrations/migrations.go
+++ b/migrations/migrations.go
@@ -13,6 +13,7 @@ package migrations
 
 import (
 	"database/sql"
+
 	"github.com/writeas/web-core/log"
 )
 
@@ -57,6 +58,7 @@ func (m *migration) Migrate(db *datastore) error {
 var migrations = []Migration{
 	New("support user invites", supportUserInvites),             // -> V1 (v0.8.0)
 	New("support dynamic instance pages", supportInstancePages), // V1 -> V2 (v0.9.0)
+	New("support users suspension", supportUserSuspension),      // V2 -> V3 ()
 }
 
 // CurrentVer returns the current migration version the application is on
diff --git a/migrations/v3.go b/migrations/v3.go
new file mode 100644
index 0000000..c7c00a9
--- /dev/null
+++ b/migrations/v3.go
@@ -0,0 +1,29 @@
+/*
+ * Copyright © 2019 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package migrations
+
+func supportUserSuspension(db *datastore) error {
+	t, err := db.Begin()
+
+	_, err = t.Exec(`ALTER TABLE users ADD COLUMN suspended ` + db.typeBool() + ` DEFAULT '0' NOT NULL`)
+	if err != nil {
+		t.Rollback()
+		return err
+	}
+
+	err = t.Commit()
+	if err != nil {
+		t.Rollback()
+		return err
+	}
+
+	return nil
+}
diff --git a/pad.go b/pad.go
index 1545b4f..8a54b76 100644
--- a/pad.go
+++ b/pad.go
@@ -11,12 +11,13 @@
 package writefreely
 
 import (
+	"net/http"
+	"strings"
+
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/page"
-	"net/http"
-	"strings"
 )
 
 func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
@@ -34,9 +35,10 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 	appData := &struct {
 		page.StaticPage
-		Post  *RawPost
-		User  *User
-		Blogs *[]Collection
+		Post      *RawPost
+		User      *User
+		Blogs     *[]Collection
+		Suspended bool
 
 		Editing        bool        // True if we're modifying an existing post
 		EditCollection *Collection // Collection of the post we're editing, if any
@@ -51,6 +53,10 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
 		if err != nil {
 			log.Error("Unable to get user's blogs for Pad: %v", err)
 		}
+		appData.Suspended, err = app.db.IsUserSuspended(appData.User.ID)
+		if err != nil {
+			log.Error("Unable to get users suspension status for Pad: %v", err)
+		}
 	}
 
 	padTmpl := app.cfg.App.Editor
@@ -121,12 +127,18 @@ func handleViewMeta(app *App, w http.ResponseWriter, r *http.Request) error {
 		EditCollection *Collection // Collection of the post we're editing, if any
 		Flashes        []string
 		NeedsToken     bool
+		Suspended      bool
 	}{
 		StaticPage: pageForReq(app, r),
 		Post:       &RawPost{Font: "norm"},
 		User:       getUserSession(app, r),
 	}
 	var err error
+	appData.Suspended, err = app.db.IsUserSuspended(appData.User.ID)
+	if err != nil {
+		log.Error("view meta: get user suspended status: %v", err)
+		return ErrInternalGeneral
+	}
 
 	if action == "" && slug == "" {
 		return ErrPostNotFound
diff --git a/posts.go b/posts.go
index 2f3606f..2d64808 100644
--- a/posts.go
+++ b/posts.go
@@ -380,6 +380,16 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
+	suspended, err := app.db.IsUserSuspended(ownerID.Int64)
+	if err != nil {
+		log.Error("view post: get collection owner: %v", err)
+		return ErrInternalGeneral
+	}
+
+	if suspended {
+		return ErrPostNotFound
+	}
+
 	// Check if post has been unpublished
 	if content == "" {
 		gone = true
@@ -496,6 +506,15 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	} else {
 		userID = app.db.GetUserID(accessToken)
 	}
+	suspended, err := app.db.IsUserSuspended(userID)
+	if err != nil {
+		log.Error("new post: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrUserSuspended
+	}
+
 	if userID == -1 {
 		return ErrNotLoggedIn
 	}
@@ -508,7 +527,7 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	var p *SubmittedPost
 	if reqJSON {
 		decoder := json.NewDecoder(r.Body)
-		err := decoder.Decode(&p)
+		err = decoder.Decode(&p)
 		if err != nil {
 			log.Error("Couldn't parse new post JSON request: %v\n", err)
 			return ErrBadJSON
@@ -554,7 +573,6 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	var newPost *PublicPost = &PublicPost{}
 	var coll *Collection
-	var err error
 	if accessToken != "" {
 		newPost, err = app.db.CreateOwnedPost(p, accessToken, collAlias, app.cfg.App.Host)
 	} else {
@@ -662,6 +680,15 @@ func existingPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
+	suspended, err := app.db.IsUserSuspended(userID)
+	if err != nil {
+		log.Error("existing post: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrUserSuspended
+	}
+
 	// Modify post struct
 	p.ID = postID
 
@@ -856,11 +883,20 @@ func addPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		ownerID = u.ID
 	}
 
+	suspended, err := app.db.IsUserSuspended(ownerID)
+	if err != nil {
+		log.Error("add post: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrUserSuspended
+	}
+
 	// Parse claimed posts in format:
 	// [{"id": "...", "token": "..."}]
 	var claims *[]ClaimPostRequest
 	decoder := json.NewDecoder(r.Body)
-	err := decoder.Decode(&claims)
+	err = decoder.Decode(&claims)
 	if err != nil {
 		return ErrBadJSONArray
 	}
@@ -950,13 +986,22 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		userID = u.ID
 	}
 
+	suspended, err := app.db.IsUserSuspended(userID)
+	if err != nil {
+		log.Error("pin post: get user: %v", err)
+		return ErrInternalGeneral
+	}
+	if suspended {
+		return ErrUserSuspended
+	}
+
 	// Parse request
 	var posts []struct {
 		ID       string `json:"id"`
 		Position int64  `json:"position"`
 	}
 	decoder := json.NewDecoder(r.Body)
-	err := decoder.Decode(&posts)
+	err = decoder.Decode(&posts)
 	if err != nil {
 		return ErrBadJSONArray
 	}
@@ -992,6 +1037,7 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	var collID int64
+	var ownerID int64
 	var coll *Collection
 	var err error
 	vars := mux.Vars(r)
@@ -1007,12 +1053,22 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
 			return err
 		}
 		collID = coll.ID
+		ownerID = coll.OwnerID
 	}
 
 	p, err := app.db.GetPost(vars["post"], collID)
 	if err != nil {
 		return err
 	}
+	suspended, err := app.db.IsUserSuspended(ownerID)
+	if err != nil {
+		log.Error("fetch post: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+
+	if suspended {
+		return ErrPostNotFound
+	}
 
 	p.extractData()
 
@@ -1270,6 +1326,15 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
 	}
 	c.hostName = app.cfg.App.Host
 
+	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("view collection post: get owner: %v", err)
+		return ErrInternalGeneral
+	}
+
+	if suspended {
+		return ErrPostNotFound
+	}
 	// Check collection permissions
 	if c.IsPrivate() && (u == nil || u.ID != c.OwnerID) {
 		return ErrPostNotFound
diff --git a/read.go b/read.go
index 3bc91c7..e7d1e55 100644
--- a/read.go
+++ b/read.go
@@ -13,6 +13,12 @@ package writefreely
 import (
 	"database/sql"
 	"fmt"
+	"html/template"
+	"math"
+	"net/http"
+	"strconv"
+	"time"
+
 	. "github.com/gorilla/feeds"
 	"github.com/gorilla/mux"
 	stripmd "github.com/writeas/go-strip-markdown"
@@ -20,11 +26,6 @@ import (
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/web-core/memo"
 	"github.com/writeas/writefreely/page"
-	"html/template"
-	"math"
-	"net/http"
-	"strconv"
-	"time"
 )
 
 const (
@@ -62,7 +63,8 @@ func (app *App) FetchPublicPosts() (interface{}, error) {
 	rows, err := app.db.Query(`SELECT p.id, alias, c.title, p.slug, p.title, p.content, p.text_appearance, p.language, p.rtl, p.created, p.updated
 	FROM collections c
 	LEFT JOIN posts p ON p.collection_id = c.id
-	WHERE c.privacy = 1 AND (p.created >= ` + app.db.dateSub(3, "month") + ` AND p.created <= ` + app.db.now() + ` AND pinned_position IS NULL)
+	LEFT JOIN users u ON u.id = p.owner_id
+	WHERE c.privacy = 1 AND (p.created >= ` + app.db.dateSub(3, "month") + ` AND p.created <= ` + app.db.now() + ` AND pinned_position IS NULL) AND u.suspended = 0
 	ORDER BY p.created DESC`)
 	if err != nil {
 		log.Error("Failed selecting from posts: %v", err)
diff --git a/routes.go b/routes.go
index 724c532..e7014cd 100644
--- a/routes.go
+++ b/routes.go
@@ -11,13 +11,14 @@
 package writefreely
 
 import (
+	"net/http"
+	"path/filepath"
+	"strings"
+
 	"github.com/gorilla/mux"
 	"github.com/writeas/go-webfinger"
 	"github.com/writeas/web-core/log"
 	"github.com/writefreely/go-nodeinfo"
-	"net/http"
-	"path/filepath"
-	"strings"
 )
 
 // InitStaticRoutes adds routes for serving static files.
@@ -143,6 +144,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET")
 	write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET")
 	write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET")
+	write.HandleFunc("/admin/user/{username}", handler.Admin(handleAdminToggleUserSuspended)).Methods("POST")
 	write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET")
 	write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET")
 	write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST")
diff --git a/schema.sql b/schema.sql
index b3fae97..3a79736 100644
--- a/schema.sql
+++ b/schema.sql
@@ -225,6 +225,7 @@ CREATE TABLE IF NOT EXISTS `users` (
   `password` char(60) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
   `email` varbinary(255) DEFAULT NULL,
   `created` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  `suspended` tinyint(1) NOT NULL DEFAULT 0,
   PRIMARY KEY (`id`),
   UNIQUE KEY `username` (`username`)
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
diff --git a/sqlite.sql b/sqlite.sql
index 90989ed..920ffed 100644
--- a/sqlite.sql
+++ b/sqlite.sql
@@ -214,7 +214,8 @@ CREATE TABLE IF NOT EXISTS `users` (
   username TEXT NOT NULL UNIQUE,
   password TEXT NOT NULL,
   email TEXT DEFAULT NULL,
-  created DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
+  created DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
+  suspended INTEGER NOT NULL DEFAULT 0
 );
 
 -- --------------------------------------------------------
diff --git a/templates/edit-meta.tmpl b/templates/edit-meta.tmpl
index 8d96b15..6707e68 100644
--- a/templates/edit-meta.tmpl
+++ b/templates/edit-meta.tmpl
@@ -269,6 +269,10 @@
 		<script src="/js/h.js"></script>
 		<script>
 function updateMeta() {
+	if ({{.Suspended}}) {
+		alert('Your account is currently supsended, editing posts is disabled.');
+		return
+	}
 	document.getElementById('create-error').style.display = 'none';
 	var $created = document.getElementById('created');
 	var dateStr = $created.value.trim();
diff --git a/templates/pad.tmpl b/templates/pad.tmpl
index 914d921..4be311e 100644
--- a/templates/pad.tmpl
+++ b/templates/pad.tmpl
@@ -131,8 +131,12 @@
 		{{else}}var canPublish = true;{{end}}
 		var publishing = false;
 		var justPublished = false;
-
+		var suspended = {{.Suspended}};
 		var publish = function(content, font) {
+			if (suspended === true) {
+				alert("Your account is currently suspended, posting is disabled.");
+				return;
+			}
 			{{if and (and .Post.Id (not .Post.Slug)) (not .User)}}
 			if (!token) {
 				alert("You don't have permission to update this post.");
diff --git a/templates/user/admin/users.tmpl b/templates/user/admin/users.tmpl
index b59104c..bcd3728 100644
--- a/templates/user/admin/users.tmpl
+++ b/templates/user/admin/users.tmpl
@@ -11,12 +11,17 @@
 			<th>User</th>
 			<th>Joined</th>
 			<th>Type</th>
+			<th>Status</th>
 		</tr>
 		{{range .Users}}
 		<tr>
 			<td><a href="/admin/user/{{.Username}}">{{.Username}}</a></td>
 			<td>{{.CreatedFriendly}}</td>
 			<td style="text-align:center">{{if .IsAdmin}}Admin{{else}}User{{end}}</td>
+			<td style="text-align:center">
+				<a 
+				href="/admin/user/{{.Username}}#status"
+				title="View or change account status">{{if .Suspended}}suspended{{else}}active{{end}}</a></td>
 		</tr>
 		{{end}}
 	</table>
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 2a74e5b..a3d96d5 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -7,6 +7,24 @@ table.classy th {
 h3 {
 	font-weight: normal;
 }
+td.active-suspend {
+	display: flex;
+	align-items: center;
+}
+
+td.active-suspend > input[type="submit"] {
+	margin-left: auto;
+	margin-right: 5%;
+}
+
+@media only screen and (max-width: 500px) {
+	td.active-suspend {
+		flex-wrap: wrap;
+	}
+	td.active-suspend > input[type="submit"] {
+		margin: auto;
+	}
+}
 </style>
 <div class="snug content-container">
 	{{template "admin-header" .}}
@@ -38,6 +56,20 @@ h3 {
 			<th>Last Post</th>
 			<td>{{if .LastPost}}{{.LastPost}}{{else}}Never{{end}}</td>
 		</tr>
+		<tr>
+			<form action="/admin/user/{{.User.Username}}" method="POST">
+				<a id="status"/>
+				<th>Status</th>
+				{{if .User.Suspended}}
+				<td class="active-suspend"><p>User is currently Suspended</p><input type="submit" value="Activate"/></td>
+				{{else}}
+				<td class="active-suspend">
+					<p>User is currently Active</p>
+					<input class="danger" type="submit" value="Suspend" {{if .User.IsAdmin}}disabled{{end}}/>
+				</td>
+				{{end}}
+			</form>
+		</tr>
 	</table>
 
 	<h2>Blogs</h2>
diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index fd204a5..822d091 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -12,6 +12,12 @@ h3 { font-weight: normal; }
 		{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 	</ul>{{end}}
 
+	{{if .Suspended}}
+	<div class="alert info">
+		<p>This account is currently suspended.</p>
+		<p>Please contact the instance administrator to discuss reactivation.</p>
+	</div>
+	{{end}}
 	{{ if .IsLogOut }}
 	<div class="alert info">
 		<p class="introduction">Please add an <strong>email address</strong> and/or <strong>passphrase</strong> so you can log in again later.</p>
diff --git a/users.go b/users.go
index d5e9a91..e8be252 100644
--- a/users.go
+++ b/users.go
@@ -59,6 +59,7 @@ type (
 		HasPass    bool        `json:"has_pass"`
 		Email      zero.String `json:"email"`
 		Created    time.Time   `json:"created"`
+		Suspended  bool        `json:"suspended"`
 
 		clearEmail string `json:"email"`
 	}
diff --git a/webfinger.go b/webfinger.go
index c95d88e..19116c6 100644
--- a/webfinger.go
+++ b/webfinger.go
@@ -11,11 +11,12 @@
 package writefreely
 
 import (
+	"net/http"
+
 	"github.com/writeas/go-webfinger"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/config"
-	"net/http"
 )
 
 type wfResolver struct {
@@ -37,6 +38,14 @@ func (wfr wfResolver) FindUser(username string, host, requestHost string, r []we
 		log.Error("Unable to get blog: %v", err)
 		return nil, err
 	}
+	suspended, err := wfr.db.IsUserSuspended(c.OwnerID)
+	if err != nil {
+		log.Error("webfinger find user: check is suspended: %v", err)
+		return nil, err
+	}
+	if suspended {
+		return nil, wfUserNotFoundErr
+	}
 	c.hostName = wfr.cfg.App.Host
 	if wfr.cfg.App.SingleUser {
 		// Ensure handle matches user-chosen one on single-user blogs

From 954e57897bd335fba16864aa8ed24f16faeaaddb Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 3 Sep 2019 17:40:02 -0400
Subject: [PATCH 34/90] Fix unpinning on chorus post page

---
 templates/chorus-collection-post.tmpl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index 392ebe6..bab2e31 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -100,14 +100,14 @@ function unpinPost(e, postID) {
 	}
 	pinning = true;
 
-	var $header = document.getElementsByTagName('header')[0];
+	var $footer = document.getElementsByTagName('footer')[0];
 	var callback = function() {
 		// Hide current page
-		var $pinnedNavLink = $header.getElementsByTagName('nav')[0].querySelector('.pinned.selected');
+		var $pinnedNavLink = $footer.getElementsByTagName('nav')[0].querySelector('.pinned.selected');
 		$pinnedNavLink.style.display = 'none';
 	};
 
-	var $pinBtn = $header.getElementsByClassName('unpin')[0];
+	var $pinBtn = $footer.getElementsByClassName('unpin')[0];
 	$pinBtn.innerHTML = '...';
 
 	var http = new XMLHttpRequest();

From 8ec25f1fb49ad720569716d3afb1b21581850470 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 3 Sep 2019 17:42:23 -0400
Subject: [PATCH 35/90] Fix pinning on chorus collection page

Previously, the new pinned post link would appear in the site header,
instead of the blog header.
---
 templates/chorus-collection.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index 06695b1..e36d3b5 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -174,7 +174,7 @@ function pinPost(e, postID, slug, title) {
 		// Visibly remove post from collection
 		var $postEl = document.getElementById('post-' + postID);
 		$postEl.parentNode.removeChild($postEl);
-		var $header = document.getElementsByTagName('header')[0];
+		var $header = document.querySelector('header:not(.multiuser)');
 		var $pinnedNavs = $header.getElementsByTagName('nav');
 		// Add link to nav
 		var link = '<a class="pinned" href="/{{.Alias}}/'+slug+'">'+title+'</a>';

From 4419632f83da051c48f98d74760d24658d065942 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 3 Sep 2019 17:56:27 -0400
Subject: [PATCH 36/90] Fix false login state on failed login

Previously, a failed login would change the site-wide navigation so that
it looked like the user was logged in, even though they weren't. This
fixes that.
---
 account.go       | 8 ++++----
 pages/login.tmpl | 4 ++--
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/account.go b/account.go
index 357bae5..a3eb39d 100644
--- a/account.go
+++ b/account.go
@@ -309,10 +309,10 @@ func viewLogin(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	p := &struct {
 		page.StaticPage
-		To       string
-		Message  template.HTML
-		Flashes  []template.HTML
-		Username string
+		To            string
+		Message       template.HTML
+		Flashes       []template.HTML
+		LoginUsername string
 	}{
 		pageForReq(app, r),
 		r.FormValue("to"),
diff --git a/pages/login.tmpl b/pages/login.tmpl
index 9b58523..1c8e862 100644
--- a/pages/login.tmpl
+++ b/pages/login.tmpl
@@ -12,8 +12,8 @@
 	</ul>{{end}}
 
 	<form action="/auth/login" method="post" style="text-align: center;margin-top:1em;" onsubmit="disableSubmit()">
-		<input type="text" name="alias" placeholder="Username" value="{{.Username}}" {{if not .Username}}autofocus{{end}} /><br />
-		<input type="password" name="pass" placeholder="Password" {{if .Username}}autofocus{{end}} /><br />
+		<input type="text" name="alias" placeholder="Username" value="{{.LoginUsername}}" {{if not .LoginUsername}}autofocus{{end}} /><br />
+		<input type="password" name="pass" placeholder="Password" {{if .LoginUsername}}autofocus{{end}} /><br />
 		{{if .To}}<input type="hidden" name="to" value="{{.To}}" />{{end}}
 		<input type="submit" id="btn-login" value="Login" />
 	</form>

From 6396749f314bee72f351525696a9afd3411d6690 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 6 Sep 2019 19:49:15 -0700
Subject: [PATCH 37/90] default pad tempate on all pad renders

this fixes a bug where if the `editor` config is set to an unsupported
value there is a nil pointer error and the pad fails to render when
editing only, not on a new post.
---
 pad.go | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/pad.go b/pad.go
index 1545b4f..3857e38 100644
--- a/pad.go
+++ b/pad.go
@@ -11,12 +11,13 @@
 package writefreely
 
 import (
+	"net/http"
+	"strings"
+
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/page"
-	"net/http"
-	"strings"
 )
 
 func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
@@ -54,16 +55,13 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 
 	padTmpl := app.cfg.App.Editor
-	if padTmpl == "" {
+	if templates[padTmpl] == nil {
+		log.Info("No template '%s' found. Falling back to default 'pad' template.", padTmpl)
 		padTmpl = "pad"
 	}
 
 	if action == "" && slug == "" {
 		// Not editing any post; simply render the Pad
-		if templates[padTmpl] == nil {
-			log.Info("No template '%s' found. Falling back to default 'pad' template.", padTmpl)
-			padTmpl = "pad"
-		}
 		if err = templates[padTmpl].ExecuteTemplate(w, "pad", appData); err != nil {
 			log.Error("Unable to execute template: %v", err)
 		}

From 151e996387660245c8b4fc0524921c1590c7c4d1 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 10 Sep 2019 21:21:45 +0200
Subject: [PATCH 38/90] Use new isOwner var in tests

With the var there now, this makes the code a bit more readable.
---
 collections.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/collections.go b/collections.go
index adf89d4..bf52862 100644
--- a/collections.go
+++ b/collections.go
@@ -770,7 +770,7 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 		}
 	}
 	isOwner := owner != nil
-	if owner == nil {
+	if !isOwner {
 		// Current user doesn't own collection; retrieve owner information
 		owner, err = app.db.GetUserByID(coll.OwnerID)
 		if err != nil {
@@ -868,7 +868,7 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 		}
 	}
 	isOwner := owner != nil
-	if owner == nil {
+	if !isOwner {
 		// Current user doesn't own collection; retrieve owner information
 		owner, err = app.db.GetUserByID(coll.OwnerID)
 		if err != nil {

From c7a90d2ace4adb33f8e8eb405545000cb02bccf0 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 10 Sep 2019 22:07:14 +0200
Subject: [PATCH 39/90] Fix blog post links when `chorus` enabled

This ensures the "new post" link under each blog on the user Blogs page
goes to /new instead of /.

Ref T681
---
 templates/user/collections.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/user/collections.tmpl b/templates/user/collections.tmpl
index 6ce4b75..481fd8f 100644
--- a/templates/user/collections.tmpl
+++ b/templates/user/collections.tmpl
@@ -13,7 +13,7 @@
 		<a class="title" href="/{{.Alias}}/">{{if .Title}}{{.Title}}{{else}}{{.Alias}}{{end}}</a>
 	</h3> 
 	<h4>
-		<a class="action new-post" href="/#{{.Alias}}">new post</a>
+		<a class="action new-post" href="{{if $.Chorus}}/new{{else}}/{{end}}#{{.Alias}}">new post</a>
 		<a class="action" href="/me/c/{{.Alias}}">customize</a>
 		<a class="action" href="/me/c/{{.Alias}}/stats">stats</a>
 	</h4>

From feba200916f5b87889dd9ffdb5f9a384120860f8 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Wed, 11 Sep 2019 12:50:04 -0700
Subject: [PATCH 40/90] remove gogs/gogs/pkg/tool dependency

this borrows some code from github.com/gogs/gogs/pkg/tool to avoid
pulling it in as a dependency, along with many other indirect deps.
---
 admin.go |  39 +++++++++--------
 go.mod   |  20 ---------
 go.sum   |  42 -------------------
 stats.go | 124 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 4 files changed, 143 insertions(+), 82 deletions(-)
 create mode 100644 stats.go

diff --git a/admin.go b/admin.go
index f316e3e..0aee818 100644
--- a/admin.go
+++ b/admin.go
@@ -18,7 +18,6 @@ import (
 	"strconv"
 	"time"
 
-	"github.com/gogits/gogs/pkg/tool"
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/auth"
@@ -408,37 +407,37 @@ func handleAdminUpdateConfig(apper Apper, u *User, w http.ResponseWriter, r *htt
 }
 
 func updateAppStats() {
-	sysStatus.Uptime = tool.TimeSincePro(appStartTime)
+	sysStatus.Uptime = timeSincePro(appStartTime)
 
 	m := new(runtime.MemStats)
 	runtime.ReadMemStats(m)
 	sysStatus.NumGoroutine = runtime.NumGoroutine()
 
-	sysStatus.MemAllocated = tool.FileSize(int64(m.Alloc))
-	sysStatus.MemTotal = tool.FileSize(int64(m.TotalAlloc))
-	sysStatus.MemSys = tool.FileSize(int64(m.Sys))
+	sysStatus.MemAllocated = fileSize(int64(m.Alloc))
+	sysStatus.MemTotal = fileSize(int64(m.TotalAlloc))
+	sysStatus.MemSys = fileSize(int64(m.Sys))
 	sysStatus.Lookups = m.Lookups
 	sysStatus.MemMallocs = m.Mallocs
 	sysStatus.MemFrees = m.Frees
 
-	sysStatus.HeapAlloc = tool.FileSize(int64(m.HeapAlloc))
-	sysStatus.HeapSys = tool.FileSize(int64(m.HeapSys))
-	sysStatus.HeapIdle = tool.FileSize(int64(m.HeapIdle))
-	sysStatus.HeapInuse = tool.FileSize(int64(m.HeapInuse))
-	sysStatus.HeapReleased = tool.FileSize(int64(m.HeapReleased))
+	sysStatus.HeapAlloc = fileSize(int64(m.HeapAlloc))
+	sysStatus.HeapSys = fileSize(int64(m.HeapSys))
+	sysStatus.HeapIdle = fileSize(int64(m.HeapIdle))
+	sysStatus.HeapInuse = fileSize(int64(m.HeapInuse))
+	sysStatus.HeapReleased = fileSize(int64(m.HeapReleased))
 	sysStatus.HeapObjects = m.HeapObjects
 
-	sysStatus.StackInuse = tool.FileSize(int64(m.StackInuse))
-	sysStatus.StackSys = tool.FileSize(int64(m.StackSys))
-	sysStatus.MSpanInuse = tool.FileSize(int64(m.MSpanInuse))
-	sysStatus.MSpanSys = tool.FileSize(int64(m.MSpanSys))
-	sysStatus.MCacheInuse = tool.FileSize(int64(m.MCacheInuse))
-	sysStatus.MCacheSys = tool.FileSize(int64(m.MCacheSys))
-	sysStatus.BuckHashSys = tool.FileSize(int64(m.BuckHashSys))
-	sysStatus.GCSys = tool.FileSize(int64(m.GCSys))
-	sysStatus.OtherSys = tool.FileSize(int64(m.OtherSys))
+	sysStatus.StackInuse = fileSize(int64(m.StackInuse))
+	sysStatus.StackSys = fileSize(int64(m.StackSys))
+	sysStatus.MSpanInuse = fileSize(int64(m.MSpanInuse))
+	sysStatus.MSpanSys = fileSize(int64(m.MSpanSys))
+	sysStatus.MCacheInuse = fileSize(int64(m.MCacheInuse))
+	sysStatus.MCacheSys = fileSize(int64(m.MCacheSys))
+	sysStatus.BuckHashSys = fileSize(int64(m.BuckHashSys))
+	sysStatus.GCSys = fileSize(int64(m.GCSys))
+	sysStatus.OtherSys = fileSize(int64(m.OtherSys))
 
-	sysStatus.NextGC = tool.FileSize(int64(m.NextGC))
+	sysStatus.NextGC = fileSize(int64(m.NextGC))
 	sysStatus.LastGC = fmt.Sprintf("%.1fs", float64(time.Now().UnixNano()-int64(m.LastGC))/1000/1000/1000)
 	sysStatus.PauseTotalNs = fmt.Sprintf("%.1fs", float64(m.PauseTotalNs)/1000/1000/1000)
 	sysStatus.PauseNs = fmt.Sprintf("%.3fs", float64(m.PauseNs[(m.NumGC+255)%256])/1000/1000/1000)
diff --git a/go.mod b/go.mod
index 5e040ba..9c67aeb 100644
--- a/go.mod
+++ b/go.mod
@@ -2,25 +2,14 @@ module github.com/writeas/writefreely
 
 require (
 	github.com/BurntSushi/toml v0.3.1 // indirect
-	github.com/Unknwon/com v0.0.0-20181010210213-41959bdd855f // indirect
-	github.com/Unknwon/i18n v0.0.0-20171114194641-b64d33658966 // indirect
 	github.com/alecthomas/gometalinter v3.0.0+incompatible // indirect
 	github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf // indirect
-	github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737 // indirect
 	github.com/captncraig/cors v0.0.0-20180620154129-376d45073b49 // indirect
 	github.com/clbanning/mxj v1.8.4 // indirect
 	github.com/dustin/go-humanize v1.0.0
 	github.com/fatih/color v1.7.0
-	github.com/go-macaron/cache v0.0.0-20151013081102-561735312776 // indirect
-	github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191 // indirect
-	github.com/go-macaron/session v0.0.0-20190131233854-0a0a789bf193 // indirect
 	github.com/go-sql-driver/mysql v1.4.1
 	github.com/go-test/deep v1.0.1 // indirect
-	github.com/gogits/gogs v0.11.86
-	github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561 // indirect
-	github.com/gogs/go-libravatar v0.0.0-20161120025154-cd1abbd55d09 // indirect
-	github.com/gogs/gogs v0.11.86 // indirect
-	github.com/gogs/minwinsvc v0.0.0-20170301035411-95be6356811a // indirect
 	github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
 	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
 	github.com/gorilla/feeds v1.1.0
@@ -28,17 +17,13 @@ require (
 	github.com/gorilla/schema v1.0.2
 	github.com/gorilla/sessions v1.1.3
 	github.com/guregu/null v3.4.0+incompatible
-	github.com/ikeikeikeike/go-sitemap-generator v1.0.1
 	github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2
-	github.com/imdario/mergo v0.3.7 // indirect
-	github.com/jteeuwen/go-bindata v3.0.7+incompatible // indirect
 	github.com/jtolds/gls v4.2.1+incompatible // indirect
 	github.com/kylemcc/twitter-text-go v0.0.0-20180726194232-7f582f6736ec
 	github.com/lunixbochs/vtclean v1.0.0 // indirect
 	github.com/manifoldco/promptui v0.3.2
 	github.com/mattn/go-colorable v0.1.0 // indirect
 	github.com/mattn/go-sqlite3 v1.10.0
-	github.com/mcuadros/go-version v0.0.0-20180611085657-6d5863ca60fa // indirect
 	github.com/microcosm-cc/bluemonday v1.0.2
 	github.com/mitchellh/go-wordwrap v1.0.0
 	github.com/nicksnyder/go-i18n v1.10.0 // indirect
@@ -46,7 +31,6 @@ require (
 	github.com/pelletier/go-toml v1.2.0 // indirect
 	github.com/pkg/errors v0.8.1 // indirect
 	github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be // indirect
-	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
 	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
 	github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 // indirect
 	github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c // indirect
@@ -70,11 +54,7 @@ require (
 	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67 // indirect
 	google.golang.org/appengine v1.4.0 // indirect
 	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c // indirect
-	gopkg.in/bufio.v1 v1.0.0-20140618132640-567b2bfa514e // indirect
-	gopkg.in/clog.v1 v1.2.0 // indirect
 	gopkg.in/ini.v1 v1.41.0
-	gopkg.in/macaron.v1 v1.3.2 // indirect
-	gopkg.in/redis.v2 v2.3.2 // indirect
 	gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0 // indirect
 	gopkg.in/yaml.v2 v2.2.2 // indirect
 )
diff --git a/go.sum b/go.sum
index 8898bec..ec1e19d 100644
--- a/go.sum
+++ b/go.sum
@@ -1,9 +1,5 @@
 github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
 github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
-github.com/Unknwon/com v0.0.0-20181010210213-41959bdd855f h1:m1tYqjD/N0vF/S8s/ZKz/eccUr8RAAcrOK2MhXeTegA=
-github.com/Unknwon/com v0.0.0-20181010210213-41959bdd855f/go.mod h1:KYCjqMOeHpNuTOiFQU6WEcTG7poCJrUs0YgyHNtn1no=
-github.com/Unknwon/i18n v0.0.0-20171114194641-b64d33658966 h1:Mp8GNJ/tdTZIEdLdZfykEJaL3mTyEYrSzYNcdoQKpJk=
-github.com/Unknwon/i18n v0.0.0-20171114194641-b64d33658966/go.mod h1:SFtfq0zFPsENI7DpE87QM2hcYu5QQ0fRdCgP+P1Hrqo=
 github.com/alecthomas/gometalinter v2.0.11+incompatible/go.mod h1:qfIpQGGz3d+NmgyPBqv+LSh50emm1pt72EtcX2vKYQk=
 github.com/alecthomas/gometalinter v3.0.0+incompatible h1:e9Zfvfytsw/e6Kd/PYd75wggK+/kX5Xn8IYDUKyc5fU=
 github.com/alecthomas/gometalinter v3.0.0+incompatible/go.mod h1:qfIpQGGz3d+NmgyPBqv+LSh50emm1pt72EtcX2vKYQk=
@@ -11,8 +7,6 @@ github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZq
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
 github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
-github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737 h1:rRISKWyXfVxvoa702s91Zl5oREZTrR3yv+tXrrX7G/g=
-github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737/go.mod h1:PmM6Mmwb0LSuEubjR8N7PtNe1KxZLtOUHtbeikc5h60=
 github.com/captncraig/cors v0.0.0-20180620154129-376d45073b49 h1:jWNY1NDg6a/c8RSXkai7IX6UOhir0LD39I4Dukg+4Ks=
 github.com/captncraig/cors v0.0.0-20180620154129-376d45073b49/go.mod h1:EIlIeMufZ8nqdUhnesledB15xLRl4wIJUppwDLPrdrQ=
 github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
@@ -36,26 +30,10 @@ github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5Kwzbycv
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/go-fed/httpsig v0.1.0/go.mod h1:T56HUNYZUQ1AGUzhAYPugZfp36sKApVnGBgKlIY+aIE=
-github.com/go-macaron/cache v0.0.0-20151013081102-561735312776 h1:UYIHS1r0WotqB5cIa0PAiV0m6GzD9rDBcn4alp5JgCw=
-github.com/go-macaron/cache v0.0.0-20151013081102-561735312776/go.mod h1:hHAsZm/oBZVcY+S7qdQL6Vbg5VrXF6RuKGuqsszt3Ok=
-github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191 h1:NjHlg70DuOkcAMqgt0+XA+NHwtu66MkTVVgR4fFWbcI=
-github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191/go.mod h1:VFI2o2q9kYsC4o7VP1HrEVosiZZTd+MVT3YZx4gqvJw=
-github.com/go-macaron/session v0.0.0-20190131233854-0a0a789bf193 h1:z/nqwd+ql/r6Q3QGnwNd6B89UjPytM0be5pDQV9TuWw=
-github.com/go-macaron/session v0.0.0-20190131233854-0a0a789bf193/go.mod h1:ScEJm9Gk+ez5JJTml5WlBIqavAfuE5nF8e4Gvyz/X+A=
 github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-test/deep v1.0.1 h1:UQhStjbkDClarlmv0am7OXXO4/GaPdCGiUiMTvi28sg=
 github.com/go-test/deep v1.0.1/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
-github.com/gogits/gogs v0.11.86 h1:IujCpA+F/mYDXTcqdy593rl2donWakAWoL2HYZn7spw=
-github.com/gogits/gogs v0.11.86/go.mod h1:H8FMbPPb+o/TgI6YnmQmT8nmEIHypXDau+f2CChYoCk=
-github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561 h1:aBzukfDxQlCTVS0NBUjI5YA3iVeaZ9Tb5PxNrrIP1xs=
-github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561/go.mod h1:Pcatq5tYkCW2Q6yrR2VRHlbHpZ/R4/7qyL1TCF7vl14=
-github.com/gogs/go-libravatar v0.0.0-20161120025154-cd1abbd55d09 h1:UdOSIHZpkYcajRbfebBYzFDsL3SuqObH3bvKYBqgKmI=
-github.com/gogs/go-libravatar v0.0.0-20161120025154-cd1abbd55d09/go.mod h1:Zas3BtO88pk1cwUfEYlvnl/CRwh0ybDxRWSwRjG8I3w=
-github.com/gogs/gogs v0.11.86 h1:D+dXuY/6XjJ2t74W/dxo7ogx5+xW05Va8sJiQSS4WXA=
-github.com/gogs/gogs v0.11.86/go.mod h1:qlbvdn16XTC6q7eR+thjW+OLdN+mi2PBZ8KqVT39T88=
-github.com/gogs/minwinsvc v0.0.0-20170301035411-95be6356811a h1:8DZwxETOVWIinYxDK+i6L+rMb7eGATGaakD6ZucfHVk=
-github.com/gogs/minwinsvc v0.0.0-20170301035411-95be6356811a/go.mod h1:TUIZ+29jodWQ8Gk6Pvtg4E09aMsc3C/VLZiVYfUhWQU=
 github.com/golang/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1 h1:6DVPu65tee05kY0/rciBQ47ue+AnuY8KTayV6VHikIo=
 github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
@@ -80,14 +58,8 @@ github.com/gorilla/sessions v1.1.3 h1:uXoZdcdA5XdXF3QzuSlheVRUvjl+1rKY7zBXL68L9R
 github.com/gorilla/sessions v1.1.3/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
 github.com/guregu/null v3.4.0+incompatible h1:a4mw37gBO7ypcBlTJeZGuMpSxxFTV9qFfFKgWxQSGaM=
 github.com/guregu/null v3.4.0+incompatible/go.mod h1:ePGpQaN9cw0tj45IR5E5ehMvsFlLlQZAkkOXZurJ3NM=
-github.com/ikeikeikeike/go-sitemap-generator v1.0.1 h1:49Fn8gro/B12vCY8pf5/+/Jpr3kwB9TvP0MSymo69SY=
-github.com/ikeikeikeike/go-sitemap-generator v1.0.1/go.mod h1:QI+zWsz6yQyxkG9LWNcnu0f7aiAE5tPdsZOsICgmd1c=
 github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2 h1:wIdDEle9HEy7vBPjC6oKz6ejs3Ut+jmsYvuOoAW2pSM=
 github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2/go.mod h1:WtaVKD9TeruTED9ydiaOJU08qGoEPP/LyzTKiD3jEsw=
-github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI=
-github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
-github.com/jteeuwen/go-bindata v3.0.7+incompatible h1:91Uy4d9SYVr1kyTJ15wJsog+esAZZl7JmEfTkwmhJts=
-github.com/jteeuwen/go-bindata v3.0.7+incompatible/go.mod h1:JVvhzYOiGBnFSYRyV00iY8q7/0PThjIYav1p9h5dmKs=
 github.com/jtolds/gls v4.2.1+incompatible h1:fSuqC+Gmlu6l/ZYAoZzx2pyucC8Xza35fpRVWLVmUEE=
 github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU=
@@ -113,8 +85,6 @@ github.com/mattn/go-isatty v0.0.4 h1:bnP0vzxcAdeI1zdubAl5PjU6zsERjGZb7raWodagDYs
 github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
 github.com/mattn/go-sqlite3 v1.10.0 h1:jbhqpg7tQe4SupckyijYiy0mJJ/pRyHvXf7JdWK860o=
 github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
-github.com/mcuadros/go-version v0.0.0-20180611085657-6d5863ca60fa h1:XvNrttGMJfVrUqblGju4IkjYXwx6l5OAAyjaIsydzsk=
-github.com/mcuadros/go-version v0.0.0-20180611085657-6d5863ca60fa/go.mod h1:76rfSfYPWj01Z85hUf/ituArm797mNKcvINh1OlsZKo=
 github.com/microcosm-cc/bluemonday v1.0.2 h1:5lPfLTTAvAbtS0VqT+94yOtFnGfUWYyx0+iToC3Os3s=
 github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
 github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
@@ -131,8 +101,6 @@ github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZb
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be h1:ta7tUOvsPHVHGom5hKW5VXNc2xZIkfCKP8iaqOyYtUQ=
 github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be/go.mod h1:MIDFMn7db1kT65GmV94GzpX9Qdi7N/pQlwb+AN8wh+Q=
-github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca h1:NugYot0LIVPxTvN8n+Kvkn6TrbMyxQiuvKdEwFdR9vI=
-github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca/go.mod h1:uugorj2VCxiV1x+LzaIdVa9b4S4qGAcH6cbhh4qVxOU=
 github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
 github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
 github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 h1:Jpy1PXuP99tXNrhbq2BaPz9B+jNAvH1JPQQpG/9GCXY=
@@ -167,8 +135,6 @@ github.com/writeas/slug v1.2.0 h1:EMQ+cwLiOcA6EtFwUgyw3Ge18x9uflUnOnR6bp/J+/g=
 github.com/writeas/slug v1.2.0/go.mod h1:RE8shOqQP3YhsfsQe0L3RnuejfQ4Mk+JjY5YJQFubfQ=
 github.com/writeas/web-core v1.0.0 h1:5VKkCakQgdKZcbfVKJXtRpc5VHrkflusCl/KRCPzpQ0=
 github.com/writeas/web-core v1.0.0/go.mod h1:Si3chV7VWgY8CsV+3gRolMXSO2Vx1ZFAQ/mkrpvmyEE=
-github.com/writefreely/go-nodeinfo v1.1.0 h1:dp/ieEu0/gTeNKFvJTYhzBBouyFn7aiWtWzkb8J1JLg=
-github.com/writefreely/go-nodeinfo v1.1.0/go.mod h1:UTvE78KpcjYOlRHupZIiSEFcXHioTXuacCbHU+CAcPg=
 github.com/writefreely/go-nodeinfo v1.2.0 h1:La+YbTCvmpTwFhBSlebWDDL81N88Qf/SCAvRLR7F8ss=
 github.com/writefreely/go-nodeinfo v1.2.0/go.mod h1:UTvE78KpcjYOlRHupZIiSEFcXHioTXuacCbHU+CAcPg=
 golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59 h1:hk3yo72LXLapY9EXVttc3Z1rLOxT9IuAPPX3GpY2+jo=
@@ -195,19 +161,11 @@ google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO50
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c h1:vTxShRUnK60yd8DZU+f95p1zSLj814+5CuEh7NjF2/Y=
 gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c/go.mod h1:3HH7i1SgMqlzxCcBmUHW657sD4Kvv9sC3HpL3YukzwA=
-gopkg.in/bufio.v1 v1.0.0-20140618132640-567b2bfa514e h1:wGA78yza6bu/mWcc4QfBuIEHEtc06xdiU0X8sY36yUU=
-gopkg.in/bufio.v1 v1.0.0-20140618132640-567b2bfa514e/go.mod h1:xsQCaysVCudhrYTfzYWe577fCe7Ceci+6qjO2Rdc0Z4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
 gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/clog.v1 v1.2.0 h1:BHfwHRNQy497iBNsRBassPixSAxRbn2z5KVkdBFbwxc=
-gopkg.in/clog.v1 v1.2.0/go.mod h1:L6fgdpdhFgKX4eGuDvt+N6X2GwZE160NRrIHzvaF8ZM=
 gopkg.in/ini.v1 v1.41.0 h1:Ka3ViY6gNYSKiVy71zXBEqKplnV35ImDLVG+8uoIklE=
 gopkg.in/ini.v1 v1.41.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/macaron.v1 v1.3.2 h1:AvWIaPmwBUA87/OWzePkoxeaw6YJWDfBt1pDFPBnLf8=
-gopkg.in/macaron.v1 v1.3.2/go.mod h1:PrsiawTWAGZs6wFbT5hlr7SQ2Ns9h7cUVtcUu4lQOVo=
-gopkg.in/redis.v2 v2.3.2 h1:GPVIIB/JnL1wvfULefy3qXmPu1nfNu2d0yA09FHgwfs=
-gopkg.in/redis.v2 v2.3.2/go.mod h1:4wl9PJ/CqzeHk3LVq1hNLHH8krm3+AXEgut4jVc++LU=
 gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0 h1:POO/ycCATvegFmVuPpQzZFJ+pGZeX22Ufu6fibxDVjU=
 gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
diff --git a/stats.go b/stats.go
new file mode 100644
index 0000000..72b99be
--- /dev/null
+++ b/stats.go
@@ -0,0 +1,124 @@
+package writefreely
+
+import (
+	"fmt"
+	"math"
+	"strings"
+	"time"
+)
+
+// Borrowed from github.com/gogs/gogs/pkg/tool
+
+// Seconds-based time units
+const (
+	Minute = 60
+	Hour   = 60 * Minute
+	Day    = 24 * Hour
+	Week   = 7 * Day
+	Month  = 30 * Day
+	Year   = 12 * Month
+)
+
+func computeTimeDiff(diff int64) (int64, string) {
+	diffStr := ""
+	switch {
+	case diff <= 0:
+		diff = 0
+		diffStr = "now"
+	case diff < 2:
+		diff = 0
+		diffStr = "1 second"
+	case diff < 1*Minute:
+		diffStr = fmt.Sprintf("%d seconds", diff)
+		diff = 0
+
+	case diff < 2*Minute:
+		diff -= 1 * Minute
+		diffStr = "1 minute"
+	case diff < 1*Hour:
+		diffStr = fmt.Sprintf("%d minutes", diff/Minute)
+		diff -= diff / Minute * Minute
+
+	case diff < 2*Hour:
+		diff -= 1 * Hour
+		diffStr = "1 hour"
+	case diff < 1*Day:
+		diffStr = fmt.Sprintf("%d hours", diff/Hour)
+		diff -= diff / Hour * Hour
+
+	case diff < 2*Day:
+		diff -= 1 * Day
+		diffStr = "1 day"
+	case diff < 1*Week:
+		diffStr = fmt.Sprintf("%d days", diff/Day)
+		diff -= diff / Day * Day
+
+	case diff < 2*Week:
+		diff -= 1 * Week
+		diffStr = "1 week"
+	case diff < 1*Month:
+		diffStr = fmt.Sprintf("%d weeks", diff/Week)
+		diff -= diff / Week * Week
+
+	case diff < 2*Month:
+		diff -= 1 * Month
+		diffStr = "1 month"
+	case diff < 1*Year:
+		diffStr = fmt.Sprintf("%d months", diff/Month)
+		diff -= diff / Month * Month
+
+	case diff < 2*Year:
+		diff -= 1 * Year
+		diffStr = "1 year"
+	default:
+		diffStr = fmt.Sprintf("%d years", diff/Year)
+		diff = 0
+	}
+	return diff, diffStr
+}
+
+// timeSincePro calculates the time interval and generate full user-friendly string.
+func timeSincePro(then time.Time) string {
+	now := time.Now()
+	diff := now.Unix() - then.Unix()
+
+	if then.After(now) {
+		return "future"
+	}
+
+	var timeStr, diffStr string
+	for {
+		if diff == 0 {
+			break
+		}
+
+		diff, diffStr = computeTimeDiff(diff)
+		timeStr += ", " + diffStr
+	}
+	return strings.TrimPrefix(timeStr, ", ")
+}
+
+func logn(n, b float64) float64 {
+	return math.Log(n) / math.Log(b)
+}
+
+func humanateBytes(s uint64, base float64, sizes []string) string {
+	if s < 10 {
+		return fmt.Sprintf("%d B", s)
+	}
+	e := math.Floor(logn(float64(s), base))
+	suffix := sizes[int(e)]
+	val := float64(s) / math.Pow(base, math.Floor(e))
+	f := "%.0f"
+	if val < 10 {
+		f = "%.1f"
+	}
+
+	return fmt.Sprintf(f+" %s", val, suffix)
+}
+
+// fileSize calculates the file size and generate user-friendly string.
+func fileSize(s int64) string {
+	sizes := []string{"B", "KB", "MB", "GB", "TB", "PB", "EB"}
+	return humanateBytes(uint64(s), 1024, sizes)
+}

From 66b0945b70d6227309e8f7ccabaed8a2aec94acd Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 13 Sep 2019 07:11:48 -0400
Subject: [PATCH 41/90] Add copyright header to copied Gogs code

---
 stats.go | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/stats.go b/stats.go
index 72b99be..36ca0f0 100644
--- a/stats.go
+++ b/stats.go
@@ -1,3 +1,7 @@
+// Copyright 2014-2018 The Gogs Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style license that can be
+// found in the LICENSE file of the Gogs project (github.com/gogs/gogs).
+
 package writefreely
 
 import (

From 0286dcf214c161d0f30cabe6dabf93b821d64c0d Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 13 Sep 2019 08:22:38 -0700
Subject: [PATCH 42/90] move tool from gogs into appstats pkg

---
 admin.go                         | 39 ++++++++++++++++----------------
 stats.go => appstats/appstats.go | 10 ++++----
 2 files changed, 25 insertions(+), 24 deletions(-)
 rename stats.go => appstats/appstats.go (91%)

diff --git a/admin.go b/admin.go
index 0aee818..fdbb82f 100644
--- a/admin.go
+++ b/admin.go
@@ -22,6 +22,7 @@ import (
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/auth"
 	"github.com/writeas/web-core/log"
+	"github.com/writeas/writefreely/appstats"
 	"github.com/writeas/writefreely/config"
 )
 
@@ -407,37 +408,37 @@ func handleAdminUpdateConfig(apper Apper, u *User, w http.ResponseWriter, r *htt
 }
 
 func updateAppStats() {
-	sysStatus.Uptime = timeSincePro(appStartTime)
+	sysStatus.Uptime = appstats.TimeSincePro(appStartTime)
 
 	m := new(runtime.MemStats)
 	runtime.ReadMemStats(m)
 	sysStatus.NumGoroutine = runtime.NumGoroutine()
 
-	sysStatus.MemAllocated = fileSize(int64(m.Alloc))
-	sysStatus.MemTotal = fileSize(int64(m.TotalAlloc))
-	sysStatus.MemSys = fileSize(int64(m.Sys))
+	sysStatus.MemAllocated = appstats.FileSize(int64(m.Alloc))
+	sysStatus.MemTotal = appstats.FileSize(int64(m.TotalAlloc))
+	sysStatus.MemSys = appstats.FileSize(int64(m.Sys))
 	sysStatus.Lookups = m.Lookups
 	sysStatus.MemMallocs = m.Mallocs
 	sysStatus.MemFrees = m.Frees
 
-	sysStatus.HeapAlloc = fileSize(int64(m.HeapAlloc))
-	sysStatus.HeapSys = fileSize(int64(m.HeapSys))
-	sysStatus.HeapIdle = fileSize(int64(m.HeapIdle))
-	sysStatus.HeapInuse = fileSize(int64(m.HeapInuse))
-	sysStatus.HeapReleased = fileSize(int64(m.HeapReleased))
+	sysStatus.HeapAlloc = appstats.FileSize(int64(m.HeapAlloc))
+	sysStatus.HeapSys = appstats.FileSize(int64(m.HeapSys))
+	sysStatus.HeapIdle = appstats.FileSize(int64(m.HeapIdle))
+	sysStatus.HeapInuse = appstats.FileSize(int64(m.HeapInuse))
+	sysStatus.HeapReleased = appstats.FileSize(int64(m.HeapReleased))
 	sysStatus.HeapObjects = m.HeapObjects
 
-	sysStatus.StackInuse = fileSize(int64(m.StackInuse))
-	sysStatus.StackSys = fileSize(int64(m.StackSys))
-	sysStatus.MSpanInuse = fileSize(int64(m.MSpanInuse))
-	sysStatus.MSpanSys = fileSize(int64(m.MSpanSys))
-	sysStatus.MCacheInuse = fileSize(int64(m.MCacheInuse))
-	sysStatus.MCacheSys = fileSize(int64(m.MCacheSys))
-	sysStatus.BuckHashSys = fileSize(int64(m.BuckHashSys))
-	sysStatus.GCSys = fileSize(int64(m.GCSys))
-	sysStatus.OtherSys = fileSize(int64(m.OtherSys))
+	sysStatus.StackInuse = appstats.FileSize(int64(m.StackInuse))
+	sysStatus.StackSys = appstats.FileSize(int64(m.StackSys))
+	sysStatus.MSpanInuse = appstats.FileSize(int64(m.MSpanInuse))
+	sysStatus.MSpanSys = appstats.FileSize(int64(m.MSpanSys))
+	sysStatus.MCacheInuse = appstats.FileSize(int64(m.MCacheInuse))
+	sysStatus.MCacheSys = appstats.FileSize(int64(m.MCacheSys))
+	sysStatus.BuckHashSys = appstats.FileSize(int64(m.BuckHashSys))
+	sysStatus.GCSys = appstats.FileSize(int64(m.GCSys))
+	sysStatus.OtherSys = appstats.FileSize(int64(m.OtherSys))
 
-	sysStatus.NextGC = fileSize(int64(m.NextGC))
+	sysStatus.NextGC = appstats.FileSize(int64(m.NextGC))
 	sysStatus.LastGC = fmt.Sprintf("%.1fs", float64(time.Now().UnixNano()-int64(m.LastGC))/1000/1000/1000)
 	sysStatus.PauseTotalNs = fmt.Sprintf("%.1fs", float64(m.PauseTotalNs)/1000/1000/1000)
 	sysStatus.PauseNs = fmt.Sprintf("%.3fs", float64(m.PauseNs[(m.NumGC+255)%256])/1000/1000/1000)
diff --git a/stats.go b/appstats/appstats.go
similarity index 91%
rename from stats.go
rename to appstats/appstats.go
index 36ca0f0..bf27c7b 100644
--- a/stats.go
+++ b/appstats/appstats.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a MIT-style license that can be
 // found in the LICENSE file of the Gogs project (github.com/gogs/gogs).
 
-package writefreely
+package appstats
 
 import (
 	"fmt"
@@ -81,8 +81,8 @@ func computeTimeDiff(diff int64) (int64, string) {
 	return diff, diffStr
 }
 
-// timeSincePro calculates the time interval and generate full user-friendly string.
-func timeSincePro(then time.Time) string {
+// TimeSincePro calculates the time interval and generate full user-friendly string.
+func TimeSincePro(then time.Time) string {
 	now := time.Now()
 	diff := now.Unix() - then.Unix()
 
@@ -121,8 +121,8 @@ func humanateBytes(s uint64, base float64, sizes []string) string {
 	return fmt.Sprintf(f+" %s", val, suffix)
 }
 
-// fileSize calculates the file size and generate user-friendly string.
-func fileSize(s int64) string {
+// FileSize calculates the file size and generate user-friendly string.
+func FileSize(s int64) string {
 	sizes := []string{"B", "KB", "MB", "GB", "TB", "PB", "EB"}
 	return humanateBytes(uint64(s), 1024, sizes)
 }

From d954b7c8e3884fb032dc869ea93a3d18fc9daff6 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 13 Sep 2019 10:58:17 -0700
Subject: [PATCH 43/90] add user invite instructions

this adds a new page with instructions for sharing user invites

if a user clicks the link for one of their own invite codes they are
directed to a page with clear instructions for it's use.

if a user clicks another users link they are redirectec to their account
settings witha flash telling them they do not need to register.
---
 database.go                             | 13 +++++++++++
 invites.go                              | 29 +++++++++++++++++++++----
 routes.go                               |  9 ++++----
 templates/user/invite-instructions.tmpl | 25 +++++++++++++++++++++
 4 files changed, 68 insertions(+), 8 deletions(-)
 create mode 100644 templates/user/invite-instructions.tmpl

diff --git a/database.go b/database.go
index 730bb60..a3235b6 100644
--- a/database.go
+++ b/database.go
@@ -2257,6 +2257,19 @@ func (db *datastore) GetUserInvite(id string) (*Invite, error) {
 	return &i, nil
 }
 
+// IsUsersInvite returns true if the user with ID created the invite with code
+// and an error other than sql no rows, if any. Will return false in the event
+// of an error.
+func (db *datastore) IsUsersInvite(code string, userID int64) (bool, error) {
+	var id string
+	err := db.QueryRow("SELECT id FROM userinvites WHERE id = ? AND owner_id = ?", code, userID).Scan(&id)
+	if err != nil && err != sql.ErrNoRows {
+		log.Error("Failed selecting invite: %v", err)
+		return false, err
+	}
+	return id != "", nil
+}
+
 func (db *datastore) GetUsersInvitedCount(id string) int64 {
 	var count int64
 	err := db.QueryRow("SELECT COUNT(*) FROM usersinvited WHERE invite_id = ?", id).Scan(&count)
diff --git a/invites.go b/invites.go
index 561255f..1e58ac3 100644
--- a/invites.go
+++ b/invites.go
@@ -12,15 +12,16 @@ package writefreely
 
 import (
 	"database/sql"
+	"html/template"
+	"net/http"
+	"strconv"
+	"time"
+
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/nerds/store"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/page"
-	"html/template"
-	"net/http"
-	"strconv"
-	"time"
 )
 
 type Invite struct {
@@ -109,6 +110,26 @@ func handleCreateUserInvite(app *App, u *User, w http.ResponseWriter, r *http.Re
 func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 	inviteCode := mux.Vars(r)["code"]
 
+	if u := getUserSession(app, r); u != nil {
+		// check if invite belongs to another user
+		// error can be ignored as not important in this case
+		if ownInvite, _ := app.db.IsUsersInvite(inviteCode, u.ID); !ownInvite {
+			addSessionFlash(app, w, r, "No need for an invite, You are already registered.", nil)
+			// show homepage
+			return impart.HTTPError{http.StatusFound, "/me/settings"}
+		}
+		// show invite instructions
+		p := struct {
+			*UserPage
+			InviteID string
+		}{
+			UserPage: NewUserPage(app, r, u, "Invite Instructions", nil),
+			InviteID: inviteCode,
+		}
+		showUserPage(w, "invite-instructions", p)
+		return nil
+	}
+
 	i, err := app.db.GetUserInvite(inviteCode)
 	if err != nil {
 		return err
diff --git a/routes.go b/routes.go
index 777492b..0113e93 100644
--- a/routes.go
+++ b/routes.go
@@ -11,13 +11,14 @@
 package writefreely
 
 import (
+	"net/http"
+	"path/filepath"
+	"strings"
+
 	"github.com/gorilla/mux"
 	"github.com/writeas/go-webfinger"
 	"github.com/writeas/web-core/log"
 	"github.com/writefreely/go-nodeinfo"
-	"net/http"
-	"path/filepath"
-	"strings"
 )
 
 // InitStaticRoutes adds routes for serving static files.
@@ -151,7 +152,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	// Handle special pages first
 	write.HandleFunc("/login", handler.Web(viewLogin, UserLevelNoneRequired))
 	write.HandleFunc("/signup", handler.Web(handleViewLanding, UserLevelNoneRequired))
-	write.HandleFunc("/invite/{code}", handler.Web(handleViewInvite, UserLevelNoneRequired)).Methods("GET")
+	write.HandleFunc("/invite/{code}", handler.Web(handleViewInvite, UserLevelOptional)).Methods("GET")
 	// TODO: show a reader-specific 404 page if the function is disabled
 	write.HandleFunc("/read", handler.Web(viewLocalTimeline, UserLevelReader))
 	RouteRead(handler, UserLevelReader, write.PathPrefix("/read").Subrouter())
diff --git a/templates/user/invite-instructions.tmpl b/templates/user/invite-instructions.tmpl
new file mode 100644
index 0000000..8bd2a30
--- /dev/null
+++ b/templates/user/invite-instructions.tmpl
@@ -0,0 +1,25 @@
+{{define "invite-instructions"}}
+{{template "header" .}}
+<style>
+  .copy-link {
+    width: 100%;
+    margin: 2em 0;
+    text-align: center;
+    font-size-adjust: .7;
+    color: #555;
+  }
+</style>
+<div class="snug content-container">
+	<h1>Invite Instructions</h1>
+  <p>This is a special link that you can send to anyone you want to join <em>{{ .SiteName }}</em>. Copy the link below and paste it into an email, instant message, or text message and send it to the person you want. When they navigate to the link, they'll be able to create an account.</p>
+  <input
+  class="copy-link"
+  type="text"
+  name="invite-url"
+  value="{{$.Host}}/invite/{{.InviteID}}"
+  onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);"
+  readonly/>
+</div>
+
+{{template "footer" .}}
+{{end}}

From a6c1f4ae410fd525cbca6944269e8e57c06d2e9b Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Wed, 18 Sep 2019 08:21:33 -0700
Subject: [PATCH 44/90] allow titles for abbreviation elements

this allows abbreviation elements to keep their title attributes when
containing special characters.
---
 postrender.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/postrender.go b/postrender.go
index 9ea6a7e..83fb5ad 100644
--- a/postrender.go
+++ b/postrender.go
@@ -170,6 +170,7 @@ func getSanitizationPolicy() *bluemonday.Policy {
 	policy.AllowAttrs("controls", "loop", "muted", "autoplay").OnElements("video")
 	policy.AllowAttrs("controls", "loop", "muted", "autoplay", "preload").OnElements("audio")
 	policy.AllowAttrs("target").OnElements("a")
+	policy.AllowAttrs("title").OnElements("abbr")
 	policy.AllowAttrs("style", "class", "id").Globally()
 	policy.AllowURLSchemes("http", "https", "mailto", "xmpp")
 	return policy

From f87371b594ce78fa191c841e0fbf821b4b0839ab Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Wed, 18 Sep 2019 12:39:53 -0700
Subject: [PATCH 45/90] update IsJSON to check for Accept header

this changes the helper IsJSON to take a request instead of a string,
allowing to check multiple headers. In this case both Content-Type and
Accept.
---
 account.go           | 16 ++++++++--------
 collections.go       |  6 +++---
 handle.go            |  2 +-
 posts.go             |  4 ++--
 request.go           | 12 ++++++++----
 unregisteredusers.go |  7 ++++---
 6 files changed, 26 insertions(+), 21 deletions(-)

diff --git a/account.go b/account.go
index 2a66ecf..920fc9d 100644
--- a/account.go
+++ b/account.go
@@ -85,7 +85,7 @@ func apiSignup(app *App, w http.ResponseWriter, r *http.Request) error {
 }
 
 func signup(app *App, w http.ResponseWriter, r *http.Request) (*AuthUser, error) {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 
 	// Get params
 	var ur userRegistration
@@ -120,7 +120,7 @@ func signup(app *App, w http.ResponseWriter, r *http.Request) (*AuthUser, error)
 }
 
 func signupWithRegistration(app *App, signup userRegistration, w http.ResponseWriter, r *http.Request) (*AuthUser, error) {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 
 	// Validate required params (alias)
 	if signup.Alias == "" {
@@ -377,7 +377,7 @@ func webLogin(app *App, w http.ResponseWriter, r *http.Request) error {
 var loginAttemptUsers = sync.Map{}
 
 func login(app *App, w http.ResponseWriter, r *http.Request) error {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 	oneTimeToken := r.FormValue("with")
 	verbose := r.FormValue("all") == "true" || r.FormValue("verbose") == "1" || r.FormValue("verbose") == "true" || (reqJSON && oneTimeToken != "")
 
@@ -580,7 +580,7 @@ func viewExportOptions(app *App, u *User, w http.ResponseWriter, r *http.Request
 func viewExportPosts(app *App, w http.ResponseWriter, r *http.Request) ([]byte, string, error) {
 	var filename string
 	var u = &User{}
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 	if reqJSON {
 		// Use given Authorization header
 		accessToken := r.Header.Get("Authorization")
@@ -662,7 +662,7 @@ func viewExportFull(app *App, w http.ResponseWriter, r *http.Request) ([]byte, s
 }
 
 func viewMeAPI(app *App, w http.ResponseWriter, r *http.Request) error {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 	uObj := struct {
 		ID       int64  `json:"id,omitempty"`
 		Username string `json:"username,omitempty"`
@@ -686,7 +686,7 @@ func viewMeAPI(app *App, w http.ResponseWriter, r *http.Request) error {
 }
 
 func viewMyPostsAPI(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 	if !reqJSON {
 		return ErrBadRequestedType
 	}
@@ -717,7 +717,7 @@ func viewMyPostsAPI(app *App, u *User, w http.ResponseWriter, r *http.Request) e
 }
 
 func viewMyCollectionsAPI(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 	if !reqJSON {
 		return ErrBadRequestedType
 	}
@@ -822,7 +822,7 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques
 }
 
 func updateSettings(app *App, w http.ResponseWriter, r *http.Request) error {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 
 	var s userSettings
 	var u *User
diff --git a/collections.go b/collections.go
index c095ecb..cdf3d5c 100644
--- a/collections.go
+++ b/collections.go
@@ -338,7 +338,7 @@ func (c *Collection) RenderMathJax() bool {
 }
 
 func newCollection(app *App, w http.ResponseWriter, r *http.Request) error {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 	alias := r.FormValue("alias")
 	title := r.FormValue("title")
 
@@ -454,7 +454,7 @@ func fetchCollection(app *App, w http.ResponseWriter, r *http.Request) error {
 	c.hostName = app.cfg.App.Host
 
 	// Redirect users who aren't requesting JSON
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 	if !reqJSON {
 		return impart.HTTPError{http.StatusFound, c.CanonicalURL()}
 	}
@@ -919,7 +919,7 @@ func handleCollectionPostRedirect(app *App, w http.ResponseWriter, r *http.Reque
 }
 
 func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 	vars := mux.Vars(r)
 	collAlias := vars["alias"]
 	isWeb := r.FormValue("web") == "1"
diff --git a/handle.go b/handle.go
index 99c23ae..7e410f5 100644
--- a/handle.go
+++ b/handle.go
@@ -772,7 +772,7 @@ func (h *Handler) handleError(w http.ResponseWriter, r *http.Request, err error)
 		return
 	}
 
-	if IsJSON(r.Header.Get("Content-Type")) {
+	if IsJSON(r) {
 		impart.WriteError(w, impart.HTTPError{http.StatusInternalServerError, "This is an unhelpful error message for a miscellaneous internal error."})
 		return
 	}
diff --git a/posts.go b/posts.go
index 88730f7..1f35eda 100644
--- a/posts.go
+++ b/posts.go
@@ -472,7 +472,7 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 //   /posts?collection={alias}
 // ? /collections/{alias}/posts
 func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 	vars := mux.Vars(r)
 	collAlias := vars["alias"]
 	if collAlias == "" {
@@ -598,7 +598,7 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
 }
 
 func existingPost(app *App, w http.ResponseWriter, r *http.Request) error {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 	vars := mux.Vars(r)
 	postID := vars["post"]
 
diff --git a/request.go b/request.go
index 4939f9c..2eb29f5 100644
--- a/request.go
+++ b/request.go
@@ -10,9 +10,13 @@
 
 package writefreely
 
-import "mime"
+import (
+	"mime"
+	"net/http"
+)
 
-func IsJSON(h string) bool {
-	ct, _, _ := mime.ParseMediaType(h)
-	return ct == "application/json"
+func IsJSON(r *http.Request) bool {
+	ct, _, _ := mime.ParseMediaType(r.Header.Get("Content-Type"))
+	accept := r.Header.Get("Accept")
+	return ct == "application/json" || accept == "application/json"
 }
diff --git a/unregisteredusers.go b/unregisteredusers.go
index 550c83b..b6f6ce6 100644
--- a/unregisteredusers.go
+++ b/unregisteredusers.go
@@ -13,13 +13,14 @@ package writefreely
 import (
 	"database/sql"
 	"encoding/json"
+	"net/http"
+
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/log"
-	"net/http"
 )
 
 func handleWebSignup(app *App, w http.ResponseWriter, r *http.Request) error {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 
 	// Get params
 	var ur userRegistration
@@ -71,7 +72,7 @@ func handleWebSignup(app *App, w http.ResponseWriter, r *http.Request) error {
 // { "username": "asdf" }
 // result: { code: 204 }
 func handleUsernameCheck(app *App, w http.ResponseWriter, r *http.Request) error {
-	reqJSON := IsJSON(r.Header.Get("Content-Type"))
+	reqJSON := IsJSON(r)
 
 	// Get params
 	var d struct {

From 0066fecc20ef0bd120ab732e70b4f9791328424a Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 18 Sep 2019 17:06:40 -0400
Subject: [PATCH 46/90] Fix LESSC assignment in less/Makefile

---
 less/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/less/Makefile b/less/Makefile
index 5e51b4d..85a64f3 100644
--- a/less/Makefile
+++ b/less/Makefile
@@ -1,4 +1,4 @@
-LESSC := $(shell command -v lessc 2> /dev/null)
+LESSC=$(shell command -v lessc 2> /dev/null)
 
 ifndef LESSC
 	$(error "less is not installed, please run install-less.sh")

From d129894ba76e7b5a4850b9e3f98e39b4e8cd3242 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Wed, 18 Sep 2019 15:56:22 -0700
Subject: [PATCH 47/90] fix check for missing less

---
 less/Makefile | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/less/Makefile b/less/Makefile
index 85a64f3..3484e29 100644
--- a/less/Makefile
+++ b/less/Makefile
@@ -1,15 +1,13 @@
-LESSC=$(shell command -v lessc 2> /dev/null)
-
-ifndef LESSC
-	$(error "less is not installed, please run install-less.sh")
+ifeq (,$(shell command -v lessc 2> /dev/null))
+$(error "less is not installed, please run install-less.sh")
 endif
 
 CSSDIR=../static/css/
 
 all :
-	$(LESSC) app.less --clean-css="--s1 --advanced" $(CSSDIR)write.css
-	$(LESSC) fonts.less --clean-css="--s1 --advanced" $(CSSDIR)fonts.css
-	$(LESSC) icons.less --clean-css="--s1 --advanced" $(CSSDIR)icons.css
+	lessc app.less --clean-css="--s1 --advanced" $(CSSDIR)write.css
+	lessc fonts.less --clean-css="--s1 --advanced" $(CSSDIR)fonts.css
+	lessc icons.less --clean-css="--s1 --advanced" $(CSSDIR)icons.css
 
 install :
 	./install-less.sh

From 9d0027ec53506d35ede4d20b993e0ab198d66eea Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 20 Sep 2019 09:17:47 -0700
Subject: [PATCH 48/90] don't need less to install less

---
 less/Makefile | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/less/Makefile b/less/Makefile
index 3484e29..3d0c4b2 100644
--- a/less/Makefile
+++ b/less/Makefile
@@ -1,12 +1,9 @@
-ifeq (,$(shell command -v lessc 2> /dev/null))
-$(error "less is not installed, please run install-less.sh")
-endif
-
 CSSDIR=../static/css/
 
 all :
-	lessc app.less --clean-css="--s1 --advanced" $(CSSDIR)write.css
-	lessc fonts.less --clean-css="--s1 --advanced" $(CSSDIR)fonts.css
+	ifeq (,$(shell command -v lessc 2> /dev/null))
+	$(error "less is not installed, please run install-less.sh")
+	endif
 	lessc icons.less --clean-css="--s1 --advanced" $(CSSDIR)icons.css
 
 install :

From 43849d95d301bab16a15b92ba6eb658d1c9c1ea8 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 20 Sep 2019 10:06:49 -0700
Subject: [PATCH 49/90] add back all generation steps

accidentally removed two lines from make all

fix check when trying to install lessc
---
 less/Makefile | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/less/Makefile b/less/Makefile
index 3d0c4b2..da6be71 100644
--- a/less/Makefile
+++ b/less/Makefile
@@ -1,9 +1,11 @@
 CSSDIR=../static/css/
 
 all :
-	ifeq (,$(shell command -v lessc 2> /dev/null))
-	$(error "less is not installed, please run install-less.sh")
-	endif
+ifeq (,$(shell command -v lessc 2> /dev/null))
+$(error "less is not installed, please run install-less.sh")
+endif
+	lessc app.less --clean-css="--s1 --advanced" $(CSSDIR)write.css
+	lessc fonts.less --clean-css="--s1 --advanced" $(CSSDIR)fonts.css
 	lessc icons.less --clean-css="--s1 --advanced" $(CSSDIR)icons.css
 
 install :

From cb78fd227ecb2deba835cb423a6153e89c842cca Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 20 Sep 2019 10:17:58 -0700
Subject: [PATCH 50/90] use inline bash instead

---
 less/Makefile | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/less/Makefile b/less/Makefile
index da6be71..1278c0a 100644
--- a/less/Makefile
+++ b/less/Makefile
@@ -1,9 +1,7 @@
 CSSDIR=../static/css/
 
 all :
-ifeq (,$(shell command -v lessc 2> /dev/null))
-$(error "less is not installed, please run install-less.sh")
-endif
+	@command -v lessc >/dev/null 2>&1 || { echo >&2 "less is not installed, please run install-less.sh."; exit 1; }
 	lessc app.less --clean-css="--s1 --advanced" $(CSSDIR)write.css
 	lessc fonts.less --clean-css="--s1 --advanced" $(CSSDIR)fonts.css
 	lessc icons.less --clean-css="--s1 --advanced" $(CSSDIR)icons.css

From a01e2808906fb77db8516fcb393f9d8f009704b8 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Fri, 20 Sep 2019 18:22:01 -0400
Subject: [PATCH 51/90] Tweak "LESS not installed" message

---
 less/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/less/Makefile b/less/Makefile
index 1278c0a..117e9b2 100644
--- a/less/Makefile
+++ b/less/Makefile
@@ -1,7 +1,7 @@
 CSSDIR=../static/css/
 
 all :
-	@command -v lessc >/dev/null 2>&1 || { echo >&2 "less is not installed, please run install-less.sh."; exit 1; }
+	@command -v lessc >/dev/null 2>&1 || { echo >&2 "lessc is not installed, please run: make install or: less/install-less.sh"; exit 1; }
 	lessc app.less --clean-css="--s1 --advanced" $(CSSDIR)write.css
 	lessc fonts.less --clean-css="--s1 --advanced" $(CSSDIR)fonts.css
 	lessc icons.less --clean-css="--s1 --advanced" $(CSSDIR)icons.css

From 891b15b8a8e077e27a19b9384d0bc4470b7bb5f6 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 23 Sep 2019 09:19:21 -0400
Subject: [PATCH 52/90] Always return invite errors

This ensures we see a 404 page when looking up an invalid invite URL,
even if the user is logged in.

Ref T690
---
 invites.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/invites.go b/invites.go
index 1e58ac3..1bd75e6 100644
--- a/invites.go
+++ b/invites.go
@@ -110,6 +110,11 @@ func handleCreateUserInvite(app *App, u *User, w http.ResponseWriter, r *http.Re
 func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 	inviteCode := mux.Vars(r)["code"]
 
+	i, err := app.db.GetUserInvite(inviteCode)
+	if err != nil {
+		return err
+	}
+
 	if u := getUserSession(app, r); u != nil {
 		// check if invite belongs to another user
 		// error can be ignored as not important in this case
@@ -130,11 +135,6 @@ func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 		return nil
 	}
 
-	i, err := app.db.GetUserInvite(inviteCode)
-	if err != nil {
-		return err
-	}
-
 	p := struct {
 		page.StaticPage
 		Error   string

From 7e9e3cb7eb728d5da35da6bd9089a8b2c6bfd0b9 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 23 Sep 2019 09:45:36 -0400
Subject: [PATCH 53/90] Show status on logged-in expired invite links

Ref T690
---
 invites.go                              | 18 +++++++++++-------
 templates/user/invite-instructions.tmpl | 20 ++++++++++++--------
 2 files changed, 23 insertions(+), 15 deletions(-)

diff --git a/invites.go b/invites.go
index 1bd75e6..f7dcd7a 100644
--- a/invites.go
+++ b/invites.go
@@ -115,6 +115,13 @@ func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 		return err
 	}
 
+	expired := i.Expired()
+	if !expired && i.MaxUses.Valid && i.MaxUses.Int64 > 0 {
+		// Invite has a max-use number, so check if we're past that limit
+		i.uses = app.db.GetUsersInvitedCount(inviteCode)
+		expired = i.uses >= i.MaxUses.Int64
+	}
+
 	if u := getUserSession(app, r); u != nil {
 		// check if invite belongs to another user
 		// error can be ignored as not important in this case
@@ -123,13 +130,16 @@ func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 			// show homepage
 			return impart.HTTPError{http.StatusFound, "/me/settings"}
 		}
+
 		// show invite instructions
 		p := struct {
 			*UserPage
 			InviteID string
+			Expired bool
 		}{
 			UserPage: NewUserPage(app, r, u, "Invite Instructions", nil),
 			InviteID: inviteCode,
+			Expired:  expired,
 		}
 		showUserPage(w, "invite-instructions", p)
 		return nil
@@ -145,16 +155,10 @@ func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 		Invite:     inviteCode,
 	}
 
-	if i.Expired() {
+	if expired {
 		p.Error = "This invite link has expired."
 	}
 
-	if i.MaxUses.Valid && i.MaxUses.Int64 > 0 {
-		if c := app.db.GetUsersInvitedCount(inviteCode); c >= i.MaxUses.Int64 {
-			p.Error = "This invite link has expired."
-		}
-	}
-
 	// Get error messages
 	session, err := app.sessionStore.Get(r, cookieName)
 	if err != nil {
diff --git a/templates/user/invite-instructions.tmpl b/templates/user/invite-instructions.tmpl
index 8bd2a30..a70acd8 100644
--- a/templates/user/invite-instructions.tmpl
+++ b/templates/user/invite-instructions.tmpl
@@ -11,14 +11,18 @@
 </style>
 <div class="snug content-container">
 	<h1>Invite Instructions</h1>
-  <p>This is a special link that you can send to anyone you want to join <em>{{ .SiteName }}</em>. Copy the link below and paste it into an email, instant message, or text message and send it to the person you want. When they navigate to the link, they'll be able to create an account.</p>
-  <input
-  class="copy-link"
-  type="text"
-  name="invite-url"
-  value="{{$.Host}}/invite/{{.InviteID}}"
-  onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);"
-  readonly/>
+	{{ if .Expired }}
+		<p style="font-style: italic">This invite link is expired.</p>
+	{{ else }}
+		<p>This is a special link that you can send to anyone you want to join <em>{{ .SiteName }}</em>. Copy the link below and paste it into an email, instant message, or text message and send it to the person you want. When they navigate to the link, they'll be able to create an account.</p>
+		<input
+		class="copy-link"
+		type="text"
+		name="invite-url"
+		value="{{$.Host}}/invite/{{.InviteID}}"
+		onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);"
+		readonly/>
+	{{ end }}
 </div>
 
 {{template "footer" .}}

From f01b439ff531b88230640b78ae6bd7e1a1210d36 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 23 Sep 2019 10:02:36 -0400
Subject: [PATCH 54/90] Tweak invite page title and intro

Ref T690
---
 invites.go                              |  2 +-
 templates/user/invite-instructions.tmpl | 12 +++---------
 2 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/invites.go b/invites.go
index f7dcd7a..f9c5cce 100644
--- a/invites.go
+++ b/invites.go
@@ -137,7 +137,7 @@ func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 			InviteID string
 			Expired bool
 		}{
-			UserPage: NewUserPage(app, r, u, "Invite Instructions", nil),
+			UserPage: NewUserPage(app, r, u, "Invite to "+app.cfg.App.SiteName, nil),
 			InviteID: inviteCode,
 			Expired:  expired,
 		}
diff --git a/templates/user/invite-instructions.tmpl b/templates/user/invite-instructions.tmpl
index a70acd8..c99680a 100644
--- a/templates/user/invite-instructions.tmpl
+++ b/templates/user/invite-instructions.tmpl
@@ -10,18 +10,12 @@
   }
 </style>
 <div class="snug content-container">
-	<h1>Invite Instructions</h1>
+	<h1>Invite to {{.SiteName}}</h1>
 	{{ if .Expired }}
 		<p style="font-style: italic">This invite link is expired.</p>
 	{{ else }}
-		<p>This is a special link that you can send to anyone you want to join <em>{{ .SiteName }}</em>. Copy the link below and paste it into an email, instant message, or text message and send it to the person you want. When they navigate to the link, they'll be able to create an account.</p>
-		<input
-		class="copy-link"
-		type="text"
-		name="invite-url"
-		value="{{$.Host}}/invite/{{.InviteID}}"
-		onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);"
-		readonly/>
+		<p>Copy the link below and send it to anyone that you want to join <em>{{ .SiteName }}</em>. You could paste it into an email, instant message, text message, or write it down on paper. Anyone who navigates to this special page will be able to create an account.</p>
+		<input class="copy-link" type="text" name="invite-url" value="{{$.Host}}/invite/{{.InviteID}}" onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);" readonly />
 	{{ end }}
 </div>
 

From 26a4f48e8b3b33fbfd79cc207052364fd9f5e08d Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 23 Sep 2019 10:04:45 -0400
Subject: [PATCH 55/90] Add expiration information to invite help

This uses the Invite fetched from the database to explain a bit more
about how the invite URL expires. It also reduces some space around the
input box.

Ref T690
---
 invites.go                              |  4 ++--
 templates/user/invite-instructions.tmpl | 13 +++++++++++--
 2 files changed, 13 insertions(+), 4 deletions(-)

diff --git a/invites.go b/invites.go
index f9c5cce..2320906 100644
--- a/invites.go
+++ b/invites.go
@@ -134,11 +134,11 @@ func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 		// show invite instructions
 		p := struct {
 			*UserPage
-			InviteID string
+			Invite  *Invite
 			Expired bool
 		}{
 			UserPage: NewUserPage(app, r, u, "Invite to "+app.cfg.App.SiteName, nil),
-			InviteID: inviteCode,
+			Invite:   i,
 			Expired:  expired,
 		}
 		showUserPage(w, "invite-instructions", p)
diff --git a/templates/user/invite-instructions.tmpl b/templates/user/invite-instructions.tmpl
index c99680a..a32eac0 100644
--- a/templates/user/invite-instructions.tmpl
+++ b/templates/user/invite-instructions.tmpl
@@ -3,7 +3,7 @@
 <style>
   .copy-link {
     width: 100%;
-    margin: 2em 0;
+    margin: 1em 0;
     text-align: center;
     font-size-adjust: .7;
     color: #555;
@@ -15,7 +15,16 @@
 		<p style="font-style: italic">This invite link is expired.</p>
 	{{ else }}
 		<p>Copy the link below and send it to anyone that you want to join <em>{{ .SiteName }}</em>. You could paste it into an email, instant message, text message, or write it down on paper. Anyone who navigates to this special page will be able to create an account.</p>
-		<input class="copy-link" type="text" name="invite-url" value="{{$.Host}}/invite/{{.InviteID}}" onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);" readonly />
+		<input class="copy-link" type="text" name="invite-url" value="{{$.Host}}/invite/{{.Invite.ID}}" onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);" readonly />
+		<p>
+			{{ if gt .Invite.MaxUses.Int64 0 }}
+				{{if eq .Invite.MaxUses.Int64 1}}Only <strong>one</strong> user{{else}}Up to <strong>{{.Invite.MaxUses.Int64}}</strong> users{{end}} can sign up with this link.
+				{{if gt .Invite.Uses 0}}So far, <strong>{{.Invite.Uses}}</strong> {{pluralize "person has" "people have" .Invite.Uses}} used it.{{end}}
+				{{if .Invite.Expires}}It expires on <strong>{{.Invite.ExpiresFriendly}}</strong>.{{end}}
+			{{ else }}
+				It can be used as many times as you like{{if .Invite.Expires}} before <strong>{{.Invite.ExpiresFriendly}}</strong>, when it expires{{end}}.
+			{{ end }}
+		</p>
 	{{ end }}
 </div>
 

From ddce177784613f8d11e1fb8ef1cc830822d5b927 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 23 Sep 2019 10:21:03 -0400
Subject: [PATCH 56/90] Fix invite input box size in non-Firefox browsers

font-size-adjust is still a flag-enabled feature in Chrome 77, and
doesn't have widespread support across browsers. So instead this uses
font-size to make the text large enough.

Ref T690
---
 templates/user/invite-instructions.tmpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/user/invite-instructions.tmpl b/templates/user/invite-instructions.tmpl
index a32eac0..e31e778 100644
--- a/templates/user/invite-instructions.tmpl
+++ b/templates/user/invite-instructions.tmpl
@@ -3,9 +3,9 @@
 <style>
   .copy-link {
     width: 100%;
-    margin: 1em 0;
+    margin: 1rem 0;
     text-align: center;
-    font-size-adjust: .7;
+    font-size: 1.2em;
     color: #555;
   }
 </style>

From c6564b3d168fdaa7813aa9ce442f35fd8a89d562 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 23 Sep 2019 10:31:38 -0400
Subject: [PATCH 57/90] Shorten invite-instructions.tmpl filename

---
 invites.go                                                    | 2 +-
 templates/user/{invite-instructions.tmpl => invite-help.tmpl} | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 rename templates/user/{invite-instructions.tmpl => invite-help.tmpl} (97%)

diff --git a/invites.go b/invites.go
index 2320906..3e19d7e 100644
--- a/invites.go
+++ b/invites.go
@@ -141,7 +141,7 @@ func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 			Invite:   i,
 			Expired:  expired,
 		}
-		showUserPage(w, "invite-instructions", p)
+		showUserPage(w, "invite-help", p)
 		return nil
 	}
 
diff --git a/templates/user/invite-instructions.tmpl b/templates/user/invite-help.tmpl
similarity index 97%
rename from templates/user/invite-instructions.tmpl
rename to templates/user/invite-help.tmpl
index e31e778..978cfad 100644
--- a/templates/user/invite-instructions.tmpl
+++ b/templates/user/invite-help.tmpl
@@ -1,4 +1,4 @@
-{{define "invite-instructions"}}
+{{define "invite-help"}}
 {{template "header" .}}
 <style>
   .copy-link {

From 5a9182f688d02364cb52b19fdaf56969c0190590 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 23 Sep 2019 10:44:23 -0400
Subject: [PATCH 58/90] Tweak "already invited" message

Ref T690
---
 invites.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/invites.go b/invites.go
index 3e19d7e..4e1f5fa 100644
--- a/invites.go
+++ b/invites.go
@@ -126,7 +126,7 @@ func handleViewInvite(app *App, w http.ResponseWriter, r *http.Request) error {
 		// check if invite belongs to another user
 		// error can be ignored as not important in this case
 		if ownInvite, _ := app.db.IsUsersInvite(inviteCode, u.ID); !ownInvite {
-			addSessionFlash(app, w, r, "No need for an invite, You are already registered.", nil)
+			addSessionFlash(app, w, r, "You're already registered and logged in.", nil)
 			// show homepage
 			return impart.HTTPError{http.StatusFound, "/me/settings"}
 		}

From 02dd1909459f06c085448ad8a231961820c8c940 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Wed, 2 Oct 2019 10:20:51 -0700
Subject: [PATCH 59/90] T697 default to user's first blog instead of draft

---
 templates/pad.tmpl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/pad.tmpl b/templates/pad.tmpl
index 914d921..ea4246c 100644
--- a/templates/pad.tmpl
+++ b/templates/pad.tmpl
@@ -25,10 +25,10 @@
 						{{else}}<li><a id="publish-to"><span id="target-name">Draft</span> <img class="ic-18dp" src="/img/ic_down_arrow_dark@2x.png" /></a>
 						<ul>
 							<li class="menu-heading">Publish to...</li>
-							<li class="target selected" id="anonymous"><a href="#anonymous"><i class="material-icons md-18">description</i> <em>Draft</em></a></li>
-							{{if .Blogs}}{{range .Blogs}}
-							<li class="target" id="blog-{{.Alias}}"><a href="#{{.Alias}}"><i class="material-icons md-18">public</i> {{if .Title}}{{.Title}}{{else}}{{.Alias}}{{end}}</a></li>
+							{{if .Blogs}}{{range $idx, $el := .Blogs}}
+								<li class="target{{if eq $idx 0}} selected{{end}}" id="blog-{{$el.Alias}}"><a href="#{{$el.Alias}}"><i class="material-icons md-18">public</i> {{if $el.Title}}{{$el.Title}}{{else}}{{$el.Alias}}{{end}}</a></li>
 							{{end}}{{end}}
+							<li class="target" id="blog-anonymous"><a href="#anonymous"><i class="material-icons md-18">description</i> <em>Draft</em></a></li>
 							<li id="user-separator" class="separator"><hr /></li>
 						{{ if .SingleUser }}
 							<li><a href="/"><i class="material-icons md-18">launch</i> View Blog</a></li>
@@ -278,7 +278,7 @@
 				document.getElementById('target-name').innerText = newText.join(' ');
 			});
 		}
-		var postTarget = H.get('postTarget', 'anonymous');
+		var postTarget = H.get('postTarget', '{{if .Blogs}}{{$blog := index .Blogs 0}}{{$blog.Alias}}{{else}}anonymous{{end}}');
 		if (location.hash != '') {
 			postTarget = location.hash.substring(1);
 			// TODO: pushState to /pad (or whatever the URL is) so we live on a clean URL

From aa9efc7b37219066ac767049b1c77e2d52fbc634 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Thu, 3 Oct 2019 13:41:50 -0700
Subject: [PATCH 60/90] allow admin to reset user passwords

this adds a new button when viewing a user as an admin, that will
generate and store a new password for the user
---
 admin.go                            | 56 +++++++++++++++++++++++++----
 routes.go                           |  1 +
 templates/user/admin/view-user.tmpl | 45 ++++++++++++++++++++++-
 3 files changed, 94 insertions(+), 8 deletions(-)

diff --git a/admin.go b/admin.go
index fdbb82f..5b3acab 100644
--- a/admin.go
+++ b/admin.go
@@ -16,12 +16,14 @@ import (
 	"net/http"
 	"runtime"
 	"strconv"
+	"strings"
 	"time"
 
 	"github.com/gorilla/mux"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/auth"
 	"github.com/writeas/web-core/log"
+	"github.com/writeas/web-core/passgen"
 	"github.com/writeas/writefreely/appstats"
 	"github.com/writeas/writefreely/config"
 )
@@ -167,25 +169,34 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 
 	p := struct {
 		*UserPage
-		Config  config.AppCfg
-		Message string
+		Config      config.AppCfg
+		Message     string
+		OwnUserPage bool
 
-		User     *User
-		Colls    []inspectedCollection
-		LastPost string
-
-		TotalPosts int64
+		User        *User
+		Colls       []inspectedCollection
+		LastPost    string
+		NewPassword string
+		TotalPosts  int64
 	}{
 		Config:  app.cfg.App,
 		Message: r.FormValue("m"),
 		Colls:   []inspectedCollection{},
 	}
 
+	flashes, _ := getSessionFlashes(app, w, r, nil)
+	for _, flash := range flashes {
+		if strings.HasPrefix(flash, "SUCCESS: ") {
+			p.NewPassword = strings.TrimPrefix(flash, "SUCCESS: ")
+		}
+	}
+
 	var err error
 	p.User, err = app.db.GetUserForAuth(username)
 	if err != nil {
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user: %v", err)}
 	}
+	p.OwnUserPage = u.ID == p.User.ID
 	p.UserPage = NewUserPage(app, r, u, p.User.Username, nil)
 	p.TotalPosts = app.db.GetUserPostsCount(p.User.ID)
 	lp, err := app.db.GetUserLastPostTime(p.User.ID)
@@ -230,6 +241,37 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	return nil
 }
 
+func handleAdminResetUserPass(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
+	vars := mux.Vars(r)
+	username := vars["username"]
+	if username == "" {
+		return impart.HTTPError{http.StatusFound, "/admin/users"}
+	}
+	// Generate new random password since none supplied
+	pass := passgen.New()
+	hashedPass, err := auth.HashPass([]byte(pass))
+	if err != nil {
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not create password hash: %v", err)}
+	}
+
+	userIDVal := r.FormValue("user")
+	log.Info("ADMIN: Changing user %s password", userIDVal)
+	id, err := strconv.Atoi(userIDVal)
+	if err != nil {
+		return impart.HTTPError{http.StatusBadRequest, fmt.Sprintf("Invalid user ID: %v", err)}
+	}
+
+	err = app.db.ChangePassphrase(int64(id), true, "", hashedPass)
+	if err != nil {
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not update passphrase: %v", err)}
+	}
+	log.Info("ADMIN: Successfully changed.")
+
+	addSessionFlash(app, w, r, fmt.Sprintf("SUCCESS: %s", pass), nil)
+
+	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s", username)}
+}
+
 func handleViewAdminPages(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
 	p := struct {
 		*UserPage
diff --git a/routes.go b/routes.go
index 0113e93..003b7d1 100644
--- a/routes.go
+++ b/routes.go
@@ -144,6 +144,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET")
 	write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET")
 	write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET")
+	write.HandleFunc("/admin/user/{username}", handler.Admin(handleAdminResetUserPass)).Methods("POST")
 	write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET")
 	write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET")
 	write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST")
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 2a74e5b..211297d 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -7,12 +7,32 @@ table.classy th {
 h3 {
 	font-weight: normal;
 }
+input.copy-text {
+	text-align: center;
+	    font-size: 1.2em;
+	    color: #555;
+	margin-left: 1rem;
+}
+button[type="submit"].danger {
+	padding-left: 2rem;
+	padding-right: 2rem;
+}
 </style>
 <div class="snug content-container">
 	{{template "admin-header" .}}
 
 	<h2 id="posts-header">{{.User.Username}}</h2>
-
+	{{if .NewPassword}}<p class="alert success">New password for user <strong>{{.User.Username}}</strong> is
+		<input
+		type="text"
+		class="copy-text"
+		value="{{.NewPassword}}"
+		onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);"
+		readonly />
+		<br/><br/>
+		You must share this new password with the user, this is the only time it will be displayed.
+		</p>
+	{{end}}
 	<table class="classy export">
 		<tr>
 			<th>No.</th>
@@ -38,6 +58,21 @@ h3 {
 			<th>Last Post</th>
 			<td>{{if .LastPost}}{{.LastPost}}{{else}}Never{{end}}</td>
 		</tr>
+		<tr>
+			<th>Password</th>
+			<td>
+				{{if not .OwnUserPage}}
+					<form id="reset-form" action="/admin/user/{{.User.Username}}" method="post" autocomplete="false">
+					<input type="hidden" name="user" value="{{.User.ID}}"/>
+					<button
+					class="danger"
+					type="submit">Reset</button>
+				</form>
+				{{else}}
+				<a href="/me/settings" title="Go to reset password page">Change your password</a>
+				{{end}}
+			</td>
+		</tr>
 	</table>
 
 	<h2>Blogs</h2>
@@ -83,5 +118,13 @@ h3 {
 	{{end}}
 </div>
 
+<script type="text/javascript">
+	form = document.getElementById("reset-form");
+	form.addEventListener('submit', function(e) {
+		e.preventDefault();
+		agreed = confirm("Really reset password for {{.User.Username}}?\nYou will have to record and share the new password with them.");
+		if (agreed === true) { form.submit();}
+	});
+</script>
 {{template "footer" .}}
 {{end}}

From f85f0751a3a7480bc29450cf42a4360c31ff3083 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 25 Oct 2019 12:04:24 -0700
Subject: [PATCH 61/90] address PR comments

- update error messages to be correct
- move suspended message into template and include for other pages
- check suspended status on all relevant pages and show message if
logged in user is suspended.
- fix possible nil pointer error
- remove changes to db schema files
- add version comment to migration
- add UserStatus type with UserActive and UserSuspended
- change database table to use status column instead of suspended
- update toggle suspended handler to be toggle status in prep for
possible future inclusion of further user statuses
---
 account.go                            | 29 ++++++++++++++++++++++++++-
 activitypub.go                        | 10 ++++-----
 admin.go                              | 13 ++++++------
 collections.go                        | 26 +++++++++++++-----------
 database.go                           | 29 ++++++++++++++-------------
 invites.go                            |  2 +-
 migrations/migrations.go              |  2 +-
 migrations/v3.go                      |  4 ++--
 posts.go                              | 22 +++++++++++---------
 read.go                               |  2 +-
 routes.go                             |  2 +-
 schema.sql                            |  1 -
 sqlite.sql                            |  3 +--
 templates.go                          | 12 +++++++----
 templates/chorus-collection-post.tmpl |  3 +++
 templates/chorus-collection.tmpl      |  3 +++
 templates/collection-post.tmpl        |  3 +++
 templates/collection-tags.tmpl        |  3 +++
 templates/collection.tmpl             |  3 +++
 templates/password-collection.tmpl    |  3 +++
 templates/post.tmpl                   |  3 +++
 templates/user/admin/users.tmpl       |  2 +-
 templates/user/admin/view-user.tmpl   |  4 ++--
 templates/user/articles.tmpl          |  3 +++
 templates/user/collection.tmpl        |  3 +++
 templates/user/collections.tmpl       |  3 +++
 templates/user/include/suspended.tmpl |  6 ++++++
 templates/user/settings.tmpl          |  9 +++------
 templates/user/stats.tmpl             |  3 +++
 users.go                              |  9 ++++++++-
 30 files changed, 148 insertions(+), 72 deletions(-)
 create mode 100644 templates/user/include/suspended.tmpl

diff --git a/account.go b/account.go
index c3d55ba..0faa7bb 100644
--- a/account.go
+++ b/account.go
@@ -750,14 +750,20 @@ func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		log.Error("unable to fetch collections: %v", err)
 	}
 
+	suspended, err := app.db.IsUserSuspended(u.ID)
+	if err != nil {
+		log.Error("view articles: %v", err)
+	}
 	d := struct {
 		*UserPage
 		AnonymousPosts *[]PublicPost
 		Collections    *[]Collection
+		Suspended      bool
 	}{
 		UserPage:       NewUserPage(app, r, u, u.Username+"'s Posts", f),
 		AnonymousPosts: p,
 		Collections:    c,
+		Suspended:      suspended,
 	}
 	d.UserPage.SetMessaging(u)
 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
@@ -779,6 +785,11 @@ func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request)
 	uc, _ := app.db.GetUserCollectionCount(u.ID)
 	// TODO: handle any errors
 
+	suspended, err := app.db.IsUserSuspended(u.ID)
+	if err != nil {
+		log.Error("view collections %v", err)
+		return fmt.Errorf("view collections: %v", err)
+	}
 	d := struct {
 		*UserPage
 		Collections *[]Collection
@@ -786,11 +797,13 @@ func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request)
 		UsedCollections, TotalCollections int
 
 		NewBlogsDisabled bool
+		Suspended        bool
 	}{
 		UserPage:         NewUserPage(app, r, u, u.Username+"'s Blogs", f),
 		Collections:      c,
 		UsedCollections:  int(uc),
 		NewBlogsDisabled: !app.cfg.App.CanCreateBlogs(uc),
+		Suspended:        suspended,
 	}
 	d.UserPage.SetMessaging(u)
 	showUserPage(w, "collections", d)
@@ -808,13 +821,20 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques
 		return ErrCollectionNotFound
 	}
 
+	suspended, err := app.db.IsUserSuspended(u.ID)
+	if err != nil {
+		log.Error("view edit collection %v", err)
+		return fmt.Errorf("view edit collection: %v", err)
+	}
 	flashes, _ := getSessionFlashes(app, w, r, nil)
 	obj := struct {
 		*UserPage
 		*Collection
+		Suspended bool
 	}{
 		UserPage:   NewUserPage(app, r, u, "Edit "+c.DisplayTitle(), flashes),
 		Collection: c,
+		Suspended:  suspended,
 	}
 
 	showUserPage(w, "collection", obj)
@@ -976,17 +996,24 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
 		titleStats = c.DisplayTitle() + " "
 	}
 
+	suspended, err := app.db.IsUserSuspended(u.ID)
+	if err != nil {
+		log.Error("view stats: %v", err)
+		return err
+	}
 	obj := struct {
 		*UserPage
 		VisitsBlog  string
 		Collection  *Collection
 		TopPosts    *[]PublicPost
 		APFollowers int
+		Suspended   bool
 	}{
 		UserPage:   NewUserPage(app, r, u, titleStats+"Stats", flashes),
 		VisitsBlog: alias,
 		Collection: c,
 		TopPosts:   topPosts,
+		Suspended:  suspended,
 	}
 	if app.cfg.App.Federation {
 		folls, err := app.db.GetAPFollowers(c)
@@ -1026,7 +1053,7 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		Email:     fullUser.EmailClear(app.keys),
 		HasPass:   passIsSet,
 		IsLogOut:  r.FormValue("logout") == "1",
-		Suspended: fullUser.Suspended,
+		Suspended: fullUser.Status == UserSuspended,
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/activitypub.go b/activitypub.go
index 06b0468..eeaa1fa 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -82,7 +82,7 @@ func handleFetchCollectionActivities(app *App, w http.ResponseWriter, r *http.Re
 	}
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("fetch collection inbox: get owner: %v", err)
+		log.Error("fetch collection activities: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -115,7 +115,7 @@ func handleFetchCollectionOutbox(app *App, w http.ResponseWriter, r *http.Reques
 	}
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("fetch collection inbox: get owner: %v", err)
+		log.Error("fetch collection outbox: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -176,7 +176,7 @@ func handleFetchCollectionFollowers(app *App, w http.ResponseWriter, r *http.Req
 	}
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("fetch collection inbox: get owner: %v", err)
+		log.Error("fetch collection followers: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -230,7 +230,7 @@ func handleFetchCollectionFollowing(app *App, w http.ResponseWriter, r *http.Req
 	}
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("fetch collection inbox: get owner: %v", err)
+		log.Error("fetch collection following: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -272,7 +272,7 @@ func handleFetchCollectionInbox(app *App, w http.ResponseWriter, r *http.Request
 	}
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("fetch collection inbox: get owner: %v", err)
+		log.Error("fetch collection inbox: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
diff --git a/admin.go b/admin.go
index 1d94987..65afd5f 100644
--- a/admin.go
+++ b/admin.go
@@ -230,28 +230,27 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	return nil
 }
 
-func handleAdminToggleUserSuspended(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
+func handleAdminToggleUserStatus(app *App, u *User, w http.ResponseWriter, r *http.Request) error {
 	vars := mux.Vars(r)
 	username := vars["username"]
 	if username == "" {
 		return impart.HTTPError{http.StatusFound, "/admin/users"}
 	}
 
-	userToToggle, err := app.db.GetUserForAuth(username)
+	user, err := app.db.GetUserForAuth(username)
 	if err != nil {
 		log.Error("failed to get user: %v", err)
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user from username: %v", err)}
 	}
-	if userToToggle.Suspended {
-		err = app.db.SetUserSuspended(userToToggle.ID, false)
+	if user.Status == UserSuspended {
+		err = app.db.SetUserStatus(user.ID, UserActive)
 	} else {
-		err = app.db.SetUserSuspended(userToToggle.ID, true)
+		err = app.db.SetUserStatus(user.ID, UserSuspended)
 	}
 	if err != nil {
 		log.Error("toggle user suspended: %v", err)
-		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not toggle user suspended: %v")}
+		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not toggle user status: %v")}
 	}
-	// TODO: invalidate sessions
 	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s#status", username)}
 }
 
diff --git a/collections.go b/collections.go
index c4cefeb..38ec6f1 100644
--- a/collections.go
+++ b/collections.go
@@ -71,6 +71,7 @@ type (
 		CurrentPage int
 		TotalPages  int
 		Format      *CollectionFormat
+		Suspended   bool
 	}
 	SubmittedCollection struct {
 		// Data used for updating a given collection
@@ -398,7 +399,7 @@ func newCollection(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 	suspended, err := app.db.IsUserSuspended(userID)
 	if err != nil {
-		log.Error("new collection: get user: %v", err)
+		log.Error("new collection: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -486,6 +487,7 @@ func fetchCollection(app *App, w http.ResponseWriter, r *http.Request) error {
 			res.Owner = u
 		}
 	}
+	// TODO: check suspended
 	app.db.GetPostsCount(res, isCollOwner)
 	// Strip non-public information
 	res.Collection.ForPublic()
@@ -738,14 +740,10 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("view collection: get owner: %v", err)
+		log.Error("view collection: %v", err)
 		return ErrInternalGeneral
 	}
 
-	if suspended {
-		return ErrCollectionNotFound
-	}
-
 	// Serve ActivityStreams data now, if requested
 	if strings.Contains(r.Header.Get("Accept"), "application/activity+json") {
 		ac := c.PersonObject()
@@ -802,6 +800,10 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 			log.Error("Error getting user for collection: %v", err)
 		}
 	}
+	if !isOwner && suspended {
+		return ErrCollectionNotFound
+	}
+	displayPage.Suspended = isOwner && suspended
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 
@@ -853,10 +855,6 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 		return err
 	}
 
-	if u.Suspended {
-		return ErrCollectionNotFound
-	}
-
 	page := getCollectionPage(vars)
 
 	c, err := processCollectionPermissions(app, cr, u, w, r)
@@ -908,6 +906,10 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 			log.Error("Error getting user for collection: %v", err)
 		}
 	}
+	if !isOwner && u.Status == UserSuspended {
+		return ErrCollectionNotFound
+	}
+	displayPage.Suspended = u.Status == UserSuspended
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 	// Add more data
@@ -946,7 +948,7 @@ func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error
 	collAlias := vars["alias"]
 	isWeb := r.FormValue("web") == "1"
 
-	var u *User
+	u := &User{}
 	if reqJSON && !isWeb {
 		// Ensure an access token was given
 		accessToken := r.Header.Get("Authorization")
@@ -963,7 +965,7 @@ func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error
 
 	suspended, err := app.db.IsUserSuspended(u.ID)
 	if err != nil {
-		log.Error("existing collection: get user suspended status: %v", err)
+		log.Error("existing collection: %v", err)
 		return ErrInternalGeneral
 	}
 
diff --git a/database.go b/database.go
index b465e68..4b0c702 100644
--- a/database.go
+++ b/database.go
@@ -296,7 +296,7 @@ func (db *datastore) CreateCollection(cfg *config.Config, alias, title string, u
 func (db *datastore) GetUserByID(id int64) (*User, error) {
 	u := &User{ID: id}
 
-	err := db.QueryRow("SELECT username, password, email, created, suspended FROM users WHERE id = ?", id).Scan(&u.Username, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
+	err := db.QueryRow("SELECT username, password, email, created, status FROM users WHERE id = ?", id).Scan(&u.Username, &u.HashedPass, &u.Email, &u.Created, &u.Status)
 	switch {
 	case err == sql.ErrNoRows:
 		return nil, ErrUserNotFound
@@ -313,16 +313,16 @@ func (db *datastore) GetUserByID(id int64) (*User, error) {
 func (db *datastore) IsUserSuspended(id int64) (bool, error) {
 	u := &User{ID: id}
 
-	err := db.QueryRow("SELECT suspended FROM users WHERE id = ?", id).Scan(&u.Suspended)
+	err := db.QueryRow("SELECT status FROM users WHERE id = ?", id).Scan(&u.Status)
 	switch {
 	case err == sql.ErrNoRows:
-		return false, ErrUserNotFound
+		return false, fmt.Errorf("is user suspended: %v", ErrUserNotFound)
 	case err != nil:
 		log.Error("Couldn't SELECT user password: %v", err)
-		return false, err
+		return false, fmt.Errorf("is user suspended: %v", err)
 	}
 
-	return u.Suspended, nil
+	return u.Status == UserSuspended, nil
 }
 
 // DoesUserNeedAuth returns true if the user hasn't provided any methods for
@@ -364,7 +364,7 @@ func (db *datastore) IsUserPassSet(id int64) (bool, error) {
 func (db *datastore) GetUserForAuth(username string) (*User, error) {
 	u := &User{Username: username}
 
-	err := db.QueryRow("SELECT id, password, email, created, suspended FROM users WHERE username = ?", username).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
+	err := db.QueryRow("SELECT id, password, email, created, status FROM users WHERE username = ?", username).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Status)
 	switch {
 	case err == sql.ErrNoRows:
 		// Check if they've entered the wrong, unnormalized username
@@ -387,7 +387,7 @@ func (db *datastore) GetUserForAuth(username string) (*User, error) {
 func (db *datastore) GetUserForAuthByID(userID int64) (*User, error) {
 	u := &User{ID: userID}
 
-	err := db.QueryRow("SELECT id, password, email, created, suspended FROM users WHERE id = ?", u.ID).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Suspended)
+	err := db.QueryRow("SELECT id, password, email, created, status FROM users WHERE id = ?", u.ID).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created, &u.Status)
 	switch {
 	case err == sql.ErrNoRows:
 		return nil, ErrUserNotFound
@@ -1650,7 +1650,7 @@ func (db *datastore) GetTotalCollections() (collCount int64, err error) {
 	SELECT COUNT(*) 
 	FROM collections c
 	LEFT JOIN users u ON u.id = c.owner_id
-	WHERE u.suspended = 0`).Scan(&collCount)
+	WHERE u.status = 0`).Scan(&collCount)
 	if err != nil {
 		log.Error("Unable to fetch collections count: %v", err)
 	}
@@ -1662,7 +1662,7 @@ func (db *datastore) GetTotalPosts() (postCount int64, err error) {
 	SELECT COUNT(*)
 	FROM posts p
 	LEFT JOIN users u ON u.id = p.owner_id
-	WHERE u.Suspended = 0`).Scan(&postCount)
+	WHERE u.status = 0`).Scan(&postCount)
 	if err != nil {
 		log.Error("Unable to fetch posts count: %v", err)
 	}
@@ -2384,7 +2384,7 @@ func (db *datastore) GetAllUsers(page uint) (*[]User, error) {
 		limitStr = fmt.Sprintf("%d, %d", (page-1)*adminUsersPerPage, adminUsersPerPage)
 	}
 
-	rows, err := db.Query("SELECT id, username, created, suspended FROM users ORDER BY created DESC LIMIT " + limitStr)
+	rows, err := db.Query("SELECT id, username, created, status FROM users ORDER BY created DESC LIMIT " + limitStr)
 	if err != nil {
 		log.Error("Failed selecting from users: %v", err)
 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve all users."}
@@ -2394,7 +2394,7 @@ func (db *datastore) GetAllUsers(page uint) (*[]User, error) {
 	users := []User{}
 	for rows.Next() {
 		u := User{}
-		err = rows.Scan(&u.ID, &u.Username, &u.Created, &u.Suspended)
+		err = rows.Scan(&u.ID, &u.Username, &u.Created, &u.Status)
 		if err != nil {
 			log.Error("Failed scanning GetAllUsers() row: %v", err)
 			break
@@ -2431,10 +2431,11 @@ func (db *datastore) GetUserLastPostTime(id int64) (*time.Time, error) {
 	return &t, nil
 }
 
-func (db *datastore) SetUserSuspended(id int64, suspend bool) error {
-	_, err := db.Exec("UPDATE users SET suspended = ? WHERE id = ?", suspend, id)
+// SetUserStatus changes a user's status in the database. see Users.UserStatus
+func (db *datastore) SetUserStatus(id int64, status UserStatus) error {
+	_, err := db.Exec("UPDATE users SET status = ? WHERE id = ?", status, id)
 	if err != nil {
-		return fmt.Errorf("failed to update user suspended status: %v", err)
+		return fmt.Errorf("failed to update user status: %v", err)
 	}
 	return nil
 }
diff --git a/invites.go b/invites.go
index adff49a..8f341ec 100644
--- a/invites.go
+++ b/invites.go
@@ -78,7 +78,7 @@ func handleCreateUserInvite(app *App, u *User, w http.ResponseWriter, r *http.Re
 	muVal := r.FormValue("uses")
 	expVal := r.FormValue("expires")
 
-	if u.Suspended {
+	if u.Status == UserSuspended {
 		return ErrUserSuspended
 	}
 
diff --git a/migrations/migrations.go b/migrations/migrations.go
index de3f487..0799f8e 100644
--- a/migrations/migrations.go
+++ b/migrations/migrations.go
@@ -58,7 +58,7 @@ func (m *migration) Migrate(db *datastore) error {
 var migrations = []Migration{
 	New("support user invites", supportUserInvites),             // -> V1 (v0.8.0)
 	New("support dynamic instance pages", supportInstancePages), // V1 -> V2 (v0.9.0)
-	New("support users suspension", supportUserSuspension),      // V2 -> V3 ()
+	New("support users suspension", supportUserStatus),          // V2 -> V3 (v0.11.0)
 }
 
 // CurrentVer returns the current migration version the application is on
diff --git a/migrations/v3.go b/migrations/v3.go
index c7c00a9..b5351da 100644
--- a/migrations/v3.go
+++ b/migrations/v3.go
@@ -10,10 +10,10 @@
 
 package migrations
 
-func supportUserSuspension(db *datastore) error {
+func supportUserStatus(db *datastore) error {
 	t, err := db.Begin()
 
-	_, err = t.Exec(`ALTER TABLE users ADD COLUMN suspended ` + db.typeBool() + ` DEFAULT '0' NOT NULL`)
+	_, err = t.Exec(`ALTER TABLE users ADD COLUMN status ` + db.typeInt() + ` DEFAULT '0' NOT NULL`)
 	if err != nil {
 		t.Rollback()
 		return err
diff --git a/posts.go b/posts.go
index 33d4638..15d93c8 100644
--- a/posts.go
+++ b/posts.go
@@ -383,7 +383,7 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	suspended, err := app.db.IsUserSuspended(ownerID.Int64)
 	if err != nil {
-		log.Error("view post: get collection owner: %v", err)
+		log.Error("view post: %v", err)
 		return ErrInternalGeneral
 	}
 
@@ -509,7 +509,7 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 	suspended, err := app.db.IsUserSuspended(userID)
 	if err != nil {
-		log.Error("new post: get user: %v", err)
+		log.Error("new post: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -683,7 +683,7 @@ func existingPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	suspended, err := app.db.IsUserSuspended(userID)
 	if err != nil {
-		log.Error("existing post: get user: %v", err)
+		log.Error("existing post: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -886,7 +886,7 @@ func addPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	suspended, err := app.db.IsUserSuspended(ownerID)
 	if err != nil {
-		log.Error("add post: get user: %v", err)
+		log.Error("add post: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -989,7 +989,7 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	suspended, err := app.db.IsUserSuspended(userID)
 	if err != nil {
-		log.Error("pin post: get user: %v", err)
+		log.Error("pin post: %v", err)
 		return ErrInternalGeneral
 	}
 	if suspended {
@@ -1063,7 +1063,7 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 	suspended, err := app.db.IsUserSuspended(ownerID)
 	if err != nil {
-		log.Error("fetch post: get owner: %v", err)
+		log.Error("fetch post: %v", err)
 		return ErrInternalGeneral
 	}
 
@@ -1333,13 +1333,10 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
 
 	suspended, err := app.db.IsUserSuspended(c.OwnerID)
 	if err != nil {
-		log.Error("view collection post: get owner: %v", err)
+		log.Error("view collection post: %v", err)
 		return ErrInternalGeneral
 	}
 
-	if suspended {
-		return ErrPostNotFound
-	}
 	// Check collection permissions
 	if c.IsPrivate() && (u == nil || u.ID != c.OwnerID) {
 		return ErrPostNotFound
@@ -1396,6 +1393,9 @@ Are you sure it was ever here?`,
 	p.Collection = coll
 	p.IsTopLevel = app.cfg.App.SingleUser
 
+	if !p.IsOwner && suspended {
+		return ErrPostNotFound
+	}
 	// Check if post has been unpublished
 	if p.Content == "" && p.Title.String == "" {
 		return impart.HTTPError{http.StatusGone, "Post was unpublished."}
@@ -1445,12 +1445,14 @@ Are you sure it was ever here?`,
 			IsFound        bool
 			IsAdmin        bool
 			CanInvite      bool
+			Suspended      bool
 		}{
 			PublicPost:     p,
 			StaticPage:     pageForReq(app, r),
 			IsOwner:        cr.isCollOwner,
 			IsCustomDomain: cr.isCustomDomain,
 			IsFound:        postFound,
+			Suspended:      suspended,
 		}
 		tp.IsAdmin = u != nil && u.IsAdmin()
 		tp.CanInvite = canUserInvite(app.cfg, tp.IsAdmin)
diff --git a/read.go b/read.go
index 86664b5..6d0c8a7 100644
--- a/read.go
+++ b/read.go
@@ -71,7 +71,7 @@ func (app *App) FetchPublicPosts() (interface{}, error) {
 	FROM collections c
 	LEFT JOIN posts p ON p.collection_id = c.id
 	LEFT JOIN users u ON u.id = p.owner_id
-	WHERE c.privacy = 1 AND (p.created >= ` + app.db.dateSub(3, "month") + ` AND p.created <= ` + app.db.now() + ` AND pinned_position IS NULL) AND u.suspended = 0
+	WHERE c.privacy = 1 AND (p.created >= ` + app.db.dateSub(3, "month") + ` AND p.created <= ` + app.db.now() + ` AND pinned_position IS NULL) AND u.status = 0
 	ORDER BY p.created DESC`)
 	if err != nil {
 		log.Error("Failed selecting from posts: %v", err)
diff --git a/routes.go b/routes.go
index 510a539..1ff250f 100644
--- a/routes.go
+++ b/routes.go
@@ -144,7 +144,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET")
 	write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET")
 	write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET")
-	write.HandleFunc("/admin/user/{username}", handler.Admin(handleAdminToggleUserSuspended)).Methods("POST")
+	write.HandleFunc("/admin/user/{username}/status", handler.Admin(handleAdminToggleUserStatus)).Methods("POST")
 	write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET")
 	write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET")
 	write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST")
diff --git a/schema.sql b/schema.sql
index 3a79736..b3fae97 100644
--- a/schema.sql
+++ b/schema.sql
@@ -225,7 +225,6 @@ CREATE TABLE IF NOT EXISTS `users` (
   `password` char(60) CHARACTER SET latin1 COLLATE latin1_bin NOT NULL,
   `email` varbinary(255) DEFAULT NULL,
   `created` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  `suspended` tinyint(1) NOT NULL DEFAULT 0,
   PRIMARY KEY (`id`),
   UNIQUE KEY `username` (`username`)
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
diff --git a/sqlite.sql b/sqlite.sql
index 920ffed..90989ed 100644
--- a/sqlite.sql
+++ b/sqlite.sql
@@ -214,8 +214,7 @@ CREATE TABLE IF NOT EXISTS `users` (
   username TEXT NOT NULL UNIQUE,
   password TEXT NOT NULL,
   email TEXT DEFAULT NULL,
-  created DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP,
-  suspended INTEGER NOT NULL DEFAULT 0
+  created DATETIME NOT NULL DEFAULT CURRENT_TIMESTAMP
 );
 
 -- --------------------------------------------------------
diff --git a/templates.go b/templates.go
index 6e9a008..968845d 100644
--- a/templates.go
+++ b/templates.go
@@ -11,10 +11,6 @@
 package writefreely
 
 import (
-	"github.com/dustin/go-humanize"
-	"github.com/writeas/web-core/l10n"
-	"github.com/writeas/web-core/log"
-	"github.com/writeas/writefreely/config"
 	"html/template"
 	"io"
 	"io/ioutil"
@@ -22,6 +18,11 @@ import (
 	"os"
 	"path/filepath"
 	"strings"
+
+	"github.com/dustin/go-humanize"
+	"github.com/writeas/web-core/l10n"
+	"github.com/writeas/web-core/log"
+	"github.com/writeas/writefreely/config"
 )
 
 var (
@@ -63,6 +64,7 @@ func initTemplate(parentDir, name string) {
 		filepath.Join(parentDir, templatesDir, name+".tmpl"),
 		filepath.Join(parentDir, templatesDir, "include", "footer.tmpl"),
 		filepath.Join(parentDir, templatesDir, "base.tmpl"),
+		filepath.Join(parentDir, templatesDir, "user", "include", "suspended.tmpl"),
 	}
 	if name == "collection" || name == "collection-tags" || name == "chorus-collection" {
 		// These pages list out collection posts, so we also parse templatesDir + "include/posts.tmpl"
@@ -86,6 +88,7 @@ func initPage(parentDir, path, key string) {
 		path,
 		filepath.Join(parentDir, templatesDir, "include", "footer.tmpl"),
 		filepath.Join(parentDir, templatesDir, "base.tmpl"),
+		filepath.Join(parentDir, templatesDir, "user", "include", "suspended.tmpl"),
 	))
 }
 
@@ -98,6 +101,7 @@ func initUserPage(parentDir, path, key string) {
 		path,
 		filepath.Join(parentDir, templatesDir, "user", "include", "header.tmpl"),
 		filepath.Join(parentDir, templatesDir, "user", "include", "footer.tmpl"),
+		filepath.Join(parentDir, templatesDir, "user", "include", "suspended.tmpl"),
 	))
 }
 
diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index bab2e31..58e514f 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -65,6 +65,9 @@ article time.dt-published {
 
 		{{template "user-navigation" .}}
 		
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		<article id="post-body" class="{{.Font}} h-entry">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name">{{.FormattedDisplayTitle}}</h2>{{end}}{{/* TODO: check format: if .Collection.Format.ShowDates*/}}<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time><div class="e-content">{{.HTMLContent}}</div></article>
 
 		{{ if .Collection.ShowFooterBranding }}
diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index e36d3b5..5f4d418 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -61,6 +61,9 @@ body#collection header nav.tabs a:first-child {
 	<body id="collection" itemscope itemtype="http://schema.org/WebPage">
 		{{template "user-navigation" .}}
 		
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		<header>
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="/{{if .IsTopLevel}}{{else}}{{.Prefix}}{{.Alias}}/{{end}}" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
 		{{if .Description}}<p class="description p-note">{{.Description}}</p>{{end}}
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index 7075226..4398804 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -59,6 +59,9 @@
 			</nav>
 		</header>
 		
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		<article id="post-body" class="{{.Font}} h-entry {{if not .IsFound}}error-page{{end}}">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name">{{.FormattedDisplayTitle}}</h2>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
 
 		{{ if .Collection.ShowFooterBranding }}
diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl
index 7cad3b7..5e2e2d3 100644
--- a/templates/collection-tags.tmpl
+++ b/templates/collection-tags.tmpl
@@ -53,6 +53,9 @@
 			</nav>
 		</header>
 		
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		{{if .Posts}}<section id="wrapper" itemscope itemtype="http://schema.org/Blog">{{else}}<div id="wrapper">{{end}}
 			<h1>{{.Tag}}</h1>
 			{{template "posts" .}}
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 36a266b..5a33bba 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -62,6 +62,9 @@
 		</ul></nav>{{end}}
 		
 		<header>
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		<h1 dir="{{.Direction}}" id="blog-title">{{if .Posts}}{{else}}<span class="writeas-prefix"><a href="/">write.as</a></span> {{end}}<a href="/{{if .IsTopLevel}}{{else}}{{.Prefix}}{{.Alias}}/{{end}}" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
 		{{if .Description}}<p class="description p-note">{{.Description}}</p>{{end}}
 		{{/*if not .Public/*}}
diff --git a/templates/password-collection.tmpl b/templates/password-collection.tmpl
index e0b755d..73c4465 100644
--- a/templates/password-collection.tmpl
+++ b/templates/password-collection.tmpl
@@ -25,6 +25,9 @@
 
 	</head>
 	<body id="collection" itemscope itemtype="http://schema.org/WebPage">
+		{{if .Suspended}}
+			{{template "user-supsended"}}
+		{{end}}
 		<header>
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="/{{.Alias}}/" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
 		</header>
diff --git a/templates/post.tmpl b/templates/post.tmpl
index dd1375e..74135a3 100644
--- a/templates/post.tmpl
+++ b/templates/post.tmpl
@@ -36,6 +36,9 @@
 	</head>
 	<body id="post">
 
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		<header>
 			<h1 dir="{{.Direction}}"><a href="/">{{.SiteName}}</a></h1>
 			<nav>
diff --git a/templates/user/admin/users.tmpl b/templates/user/admin/users.tmpl
index bcd3728..6d5d6f7 100644
--- a/templates/user/admin/users.tmpl
+++ b/templates/user/admin/users.tmpl
@@ -21,7 +21,7 @@
 			<td style="text-align:center">
 				<a 
 				href="/admin/user/{{.Username}}#status"
-				title="View or change account status">{{if .Suspended}}suspended{{else}}active{{end}}</a></td>
+				title="View or change account status">{{if eq .Status 1}}suspended{{else}}active{{end}}</a></td>
 		</tr>
 		{{end}}
 	</table>
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index a3d96d5..01eb1f0 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -57,10 +57,10 @@ td.active-suspend > input[type="submit"] {
 			<td>{{if .LastPost}}{{.LastPost}}{{else}}Never{{end}}</td>
 		</tr>
 		<tr>
-			<form action="/admin/user/{{.User.Username}}" method="POST">
+			<form action="/admin/user/{{.User.Username}}/status" method="POST">
 				<a id="status"/>
 				<th>Status</th>
-				{{if .User.Suspended}}
+				{{if eq .User.Status 1}}
 				<td class="active-suspend"><p>User is currently Suspended</p><input type="submit" value="Activate"/></td>
 				{{else}}
 				<td class="active-suspend">
diff --git a/templates/user/articles.tmpl b/templates/user/articles.tmpl
index 67d3e0b..3edb89c 100644
--- a/templates/user/articles.tmpl
+++ b/templates/user/articles.tmpl
@@ -6,6 +6,9 @@
 {{if .Flashes}}<ul class="errors">
 	{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 </ul>{{end}}
+{{if .Suspended}}
+	{{template "user-suspended"}}
+{{end}}
 
 <h2 id="posts-header">drafts</h2>
 
diff --git a/templates/user/collection.tmpl b/templates/user/collection.tmpl
index 8af3bda..edd06c1 100644
--- a/templates/user/collection.tmpl
+++ b/templates/user/collection.tmpl
@@ -8,6 +8,9 @@
 <div class="content-container snug">
 	<div id="overlay"></div>
 
+	{{if .Suspended}}
+		{{template "user-suspended"}}
+	{{end}}
 	<h2>Customize {{.DisplayTitle}} <a href="{{if .SingleUser}}/{{else}}/{{.Alias}}/{{end}}">view blog</a></h2>
 
 	{{if .Flashes}}<ul class="errors">
diff --git a/templates/user/collections.tmpl b/templates/user/collections.tmpl
index 481fd8f..7f6e83c 100644
--- a/templates/user/collections.tmpl
+++ b/templates/user/collections.tmpl
@@ -7,6 +7,9 @@
 	{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 </ul>{{end}}
 
+{{if .Suspended}}
+	{{template "user-suspended"}}
+{{end}}
 <h2>blogs</h2>
 <ul class="atoms collections">
 	{{range $i, $el := .Collections}}<li class="collection"><h3>
diff --git a/templates/user/include/suspended.tmpl b/templates/user/include/suspended.tmpl
new file mode 100644
index 0000000..b1e42c8
--- /dev/null
+++ b/templates/user/include/suspended.tmpl
@@ -0,0 +1,6 @@
+{{define "user-suspended"}}
+<div class="alert info">
+	<p>This account is currently suspended.</p>
+	<p>Please contact the instance administrator to discuss reactivation.</p>
+</div>
+{{end}}
diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index 822d091..d5cc33d 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -7,17 +7,14 @@ h3 { font-weight: normal; }
 .section > *:not(input) { font-size: 0.86em; }
 </style>
 <div class="content-container snug regular">
+	{{if .Suspended}}
+		{{template "user-suspended"}}
+	{{end}}
 	<h2>{{if .IsLogOut}}Before you go...{{else}}Account Settings {{if .IsAdmin}}<a href="/admin">admin settings</a>{{end}}{{end}}</h2>
 	{{if .Flashes}}<ul class="errors">
 		{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 	</ul>{{end}}
 
-	{{if .Suspended}}
-	<div class="alert info">
-		<p>This account is currently suspended.</p>
-		<p>Please contact the instance administrator to discuss reactivation.</p>
-	</div>
-	{{end}}
 	{{ if .IsLogOut }}
 	<div class="alert info">
 		<p class="introduction">Please add an <strong>email address</strong> and/or <strong>passphrase</strong> so you can log in again later.</p>
diff --git a/templates/user/stats.tmpl b/templates/user/stats.tmpl
index f5588fb..705f1e0 100644
--- a/templates/user/stats.tmpl
+++ b/templates/user/stats.tmpl
@@ -17,6 +17,9 @@ td.none {
 </style>
 
 <div class="content-container snug">
+	{{if .Suspended}}
+		{{template "user-suspended"}}
+	{{end}}
 	<h2 id="posts-header">{{if .Collection}}{{.Collection.DisplayTitle}} {{end}}Stats</h2>
 
 	<p>Stats for all time.</p>
diff --git a/users.go b/users.go
index e8be252..05b5bb4 100644
--- a/users.go
+++ b/users.go
@@ -19,6 +19,13 @@ import (
 	"github.com/writeas/writefreely/key"
 )
 
+type UserStatus int
+
+const (
+	UserActive = iota
+	UserSuspended
+)
+
 type (
 	userCredentials struct {
 		Alias string `json:"alias" schema:"alias"`
@@ -59,7 +66,7 @@ type (
 		HasPass    bool        `json:"has_pass"`
 		Email      zero.String `json:"email"`
 		Created    time.Time   `json:"created"`
-		Suspended  bool        `json:"suspended"`
+		Status     UserStatus  `json:"status"`
 
 		clearEmail string `json:"email"`
 	}

From 5429ca4ab09258c264468d510dd6246abe385d9e Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 25 Oct 2019 13:40:32 -0700
Subject: [PATCH 62/90] add check for suspended user on single posts

also fix logic bug in posts.go viewCollectionPost checking the page
owner
---
 posts.go | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/posts.go b/posts.go
index 15d93c8..6974a4f 100644
--- a/posts.go
+++ b/posts.go
@@ -387,10 +387,6 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		return ErrInternalGeneral
 	}
 
-	if suspended {
-		return ErrPostNotFound
-	}
-
 	// Check if post has been unpublished
 	if content == "" {
 		gone = true
@@ -438,9 +434,10 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		page := struct {
 			*AnonymousPost
 			page.StaticPage
-			Username string
-			IsOwner  bool
-			SiteURL  string
+			Username  string
+			IsOwner   bool
+			SiteURL   string
+			Suspended bool
 		}{
 			AnonymousPost: post,
 			StaticPage:    pageForReq(app, r),
@@ -451,6 +448,10 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 			page.IsOwner = ownerID.Valid && ownerID.Int64 == u.ID
 		}
 
+		if !page.IsOwner && suspended {
+			return ErrPostNotFound
+		}
+		page.Suspended = suspended
 		err = templates["post"].ExecuteTemplate(w, "post", page)
 		if err != nil {
 			log.Error("Post template execute error: %v", err)
@@ -1389,7 +1390,7 @@ Are you sure it was ever here?`,
 			return err
 		}
 	}
-	p.IsOwner = owner != nil && p.OwnerID.Valid && owner.ID == p.OwnerID.Int64
+	p.IsOwner = owner != nil && p.OwnerID.Valid && u.ID == p.OwnerID.Int64
 	p.Collection = coll
 	p.IsTopLevel = app.cfg.App.SingleUser
 

From bf4f8793832df63f2e426ac9edc556029d6a738b Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 4 Nov 2019 14:06:24 -0500
Subject: [PATCH 63/90] Update hosting options in README

Now: Write.as Pro and Write.as for Teams
---
 README.md | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 4f0b6bb..68da89b 100644
--- a/README.md
+++ b/README.md
@@ -47,15 +47,15 @@ It's designed to be flexible and share your writing widely, so it's built around
 
 ## Hosting
 
-We offer two kinds of hosting services that make WriteFreely deployment painless: [Write.as](https://write.as) for individuals, and [WriteFreely.host](https://writefreely.host) for communities. Besides saving you time, as a customer you directly help fund WriteFreely development.
+We offer two kinds of hosting services that make WriteFreely deployment painless: [Write.as Pro](https://write.as/pro) for individuals, and [Write.as for Teams](https://write.as/for/teams) for businesses. Besides saving you time and effort, both services directly fund WriteFreely development and ensure the long-term sustainability of our open source work.
 
-### [![Write.as](https://write.as/img/writeas-wf-readme.png)](https://write.as/)
+### [![Write.as Pro](https://writefreely.org/img/writeas-pro-readme.png)](https://write.as/pro)
 
-Start a personal blog on [Write.as](https://write.as), our flagship instance. Built to eliminate setup friction and preserve your privacy, Write.as helps you start a blog in seconds. It supports custom domains (with SSL) and multiple blogs / pen names per account. [Read more here](https://write.as/pricing).
+Start a personal blog on [Write.as](https://write.as), our flagship instance. Built to eliminate setup friction and preserve your privacy, Write.as helps you start a blog in seconds. It supports custom domains (with SSL) and multiple blogs / pen names per account. [Read more here](https://write.as/pro).
 
-### [![WriteFreely.host](https://writefreely.host/img/wfhost-wf-readme.png)](https://writefreely.host)
+### [![Write.as for Teams](https://writefreely.org/img/writeas-for-teams-readme.png)](https://write.as/for/teams)
 
-[WriteFreely.host](https://writefreely.host) makes it easy to start a close-knit community — to share knowledge, complement your Mastodon instance, or publish updates in your organization. We take care of the hosting, upgrades, backups, and maintenance so you can focus on writing.
+[Write.as for Teams](https://write.as/for/teams) gives your organization, business, or [open source project](https://write.as/for/open-source) a clutter-free space to share updates or proposals and build your collective knowledge. We take care of hosting, upgrades, backups, and maintenance so your team can focus on writing.
 
 ## Quick start
 

From da7dcfee6affa0dc02255bcbd6669dce606dbd26 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 7 Nov 2019 14:07:00 +0900
Subject: [PATCH 64/90] Move admin template IsSuspended logic into method

This adds a User.IsSuspended() method and uses it when displaying the
user's status on admin pages, instead of doing a magic number check.
This should also help in the future, in case this logic ever changes.

Ref T661
---
 templates/user/admin/users.tmpl     |  5 ++---
 templates/user/admin/view-user.tmpl | 11 ++++++-----
 users.go                            |  4 ++++
 3 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/templates/user/admin/users.tmpl b/templates/user/admin/users.tmpl
index 6d5d6f7..03a3f6c 100644
--- a/templates/user/admin/users.tmpl
+++ b/templates/user/admin/users.tmpl
@@ -19,9 +19,8 @@
 			<td>{{.CreatedFriendly}}</td>
 			<td style="text-align:center">{{if .IsAdmin}}Admin{{else}}User{{end}}</td>
 			<td style="text-align:center">
-				<a 
-				href="/admin/user/{{.Username}}#status"
-				title="View or change account status">{{if eq .Status 1}}suspended{{else}}active{{end}}</a></td>
+				<a href="/admin/user/{{.Username}}#status" title="View or change account status">{{if .IsSuspended}}suspended{{else}}active{{end}}</a>
+			</td>
 		</tr>
 		{{end}}
 	</table>
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 01eb1f0..9226c39 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -60,14 +60,15 @@ td.active-suspend > input[type="submit"] {
 			<form action="/admin/user/{{.User.Username}}/status" method="POST">
 				<a id="status"/>
 				<th>Status</th>
-				{{if eq .User.Status 1}}
-				<td class="active-suspend"><p>User is currently Suspended</p><input type="submit" value="Activate"/></td>
-				{{else}}
 				<td class="active-suspend">
-					<p>User is currently Active</p>
+				{{if .User.IsSuspended}}
+					<p>Suspended</p>
+					<input type="submit" value="Activate"/>
+				{{else}}
+					<p>Active</p>
 					<input class="danger" type="submit" value="Suspend" {{if .User.IsAdmin}}disabled{{end}}/>
-				</td>
 				{{end}}
+				</td>
 			</form>
 		</tr>
 	</table>
diff --git a/users.go b/users.go
index 05b5bb4..5eb2e61 100644
--- a/users.go
+++ b/users.go
@@ -126,3 +126,7 @@ func (u *User) IsAdmin() bool {
 	// TODO: get this from database
 	return u.ID == 1
 }
+
+func (u *User) IsSuspended() bool {
+	return u.Status&UserSuspended != 0
+}

From c9f72198310078a01ee00810210a22a1493c6fe1 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 7 Nov 2019 16:49:52 +0900
Subject: [PATCH 65/90] Move user status in list out of <a>

The link here is a little redundant, and might make people think that it
actually changes the status by clicking on it.
---
 templates/user/admin/users.tmpl | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/templates/user/admin/users.tmpl b/templates/user/admin/users.tmpl
index 03a3f6c..df840b2 100644
--- a/templates/user/admin/users.tmpl
+++ b/templates/user/admin/users.tmpl
@@ -18,9 +18,7 @@
 			<td><a href="/admin/user/{{.Username}}">{{.Username}}</a></td>
 			<td>{{.CreatedFriendly}}</td>
 			<td style="text-align:center">{{if .IsAdmin}}Admin{{else}}User{{end}}</td>
-			<td style="text-align:center">
-				<a href="/admin/user/{{.Username}}#status" title="View or change account status">{{if .IsSuspended}}suspended{{else}}active{{end}}</a>
-			</td>
+			<td style="text-align:center">{{if .IsSuspended}}Suspended{{else}}Active{{end}}</td>
 		</tr>
 		{{end}}
 	</table>

From 280c32afdce41c473a5844ee6553ff03544750f6 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 7 Nov 2019 16:59:02 +0900
Subject: [PATCH 66/90] Confirm suspension before submitting the form

This also includes a bit of explanation about what suspending a user
actually does.

Ref T661
---
 templates/user/admin/view-user.tmpl | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 9226c39..3b13c33 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -57,7 +57,7 @@ td.active-suspend > input[type="submit"] {
 			<td>{{if .LastPost}}{{.LastPost}}{{else}}Never{{end}}</td>
 		</tr>
 		<tr>
-			<form action="/admin/user/{{.User.Username}}/status" method="POST">
+			<form action="/admin/user/{{.User.Username}}/status" method="POST" {{if not .User.IsSuspended}}onsubmit="return confirmSuspend()"{{end}}>
 				<a id="status"/>
 				<th>Status</th>
 				<td class="active-suspend">
@@ -116,5 +116,11 @@ td.active-suspend > input[type="submit"] {
 	{{end}}
 </div>
 
+<script type="text/javascript">
+function confirmSuspend() {
+	return confirm("Suspend this user? They'll still be able to log in and access their posts, but no one else will be able to see them anymore. You can reverse this decision at any time.");
+}
+</script>
+
 {{template "footer" .}}
 {{end}}

From 619b10c3e5f4f4e28752dbe302a632ea92c0d84a Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 7 Nov 2019 17:09:43 +0900
Subject: [PATCH 67/90] Fix "suspended" message location on Drafts

Previously it was above the header.

Ref T661
---
 templates/post.tmpl | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/post.tmpl b/templates/post.tmpl
index 74135a3..52d53a9 100644
--- a/templates/post.tmpl
+++ b/templates/post.tmpl
@@ -35,10 +35,6 @@
 		{{template "highlighting" .}}
 	</head>
 	<body id="post">
-
-		{{if .Suspended}}
-			{{template "user-suspended"}}
-		{{end}}
 		<header>
 			<h1 dir="{{.Direction}}"><a href="/">{{.SiteName}}</a></h1>
 			<nav>
@@ -52,6 +48,10 @@
 				{{ end }}
 			</nav>
 		</header>
+
+		{{if .Suspended}}
+			{{template "user-suspended"}}
+		{{end}}
 		
 		<article class="{{.Font}} h-entry">{{if .Title}}<h2 id="title" class="p-name">{{.Title}}</h2>{{end}}{{ if .IsPlainText }}<p id="post-body" class="e-content">{{.Content}}</p>{{ else }}<div id="post-body" class="e-content">{{.HTMLContent}}</div>{{ end }}</article>
 

From e1149cd1e95154e4e72aca606e5582ad5dcbc7cf Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 7 Nov 2019 17:24:04 +0900
Subject: [PATCH 68/90] Fix URLs in CSV exports

This includes the instance's hostname in calls to export a CSV file and
PublicPost.CanonicalURL().

It also fixes a panic in that method during CSV export caused by draft
posts.
---
 account.go | 2 +-
 export.go  | 5 +++--
 posts.go   | 6 +++---
 read.go    | 2 +-
 4 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/account.go b/account.go
index 920fc9d..180e9b0 100644
--- a/account.go
+++ b/account.go
@@ -625,7 +625,7 @@ func viewExportPosts(app *App, w http.ResponseWriter, r *http.Request) ([]byte,
 
 	// Export as CSV
 	if strings.HasSuffix(r.URL.Path, ".csv") {
-		data = exportPostsCSV(u, posts)
+		data = exportPostsCSV(app.cfg.App.Host, u, posts)
 		return data, filename, err
 	}
 	if strings.HasSuffix(r.URL.Path, ".zip") {
diff --git a/export.go b/export.go
index 3b5ac49..592bc0c 100644
--- a/export.go
+++ b/export.go
@@ -20,7 +20,7 @@ import (
 	"github.com/writeas/web-core/log"
 )
 
-func exportPostsCSV(u *User, posts *[]PublicPost) []byte {
+func exportPostsCSV(hostName string, u *User, posts *[]PublicPost) []byte {
 	var b bytes.Buffer
 
 	r := [][]string{
@@ -30,8 +30,9 @@ func exportPostsCSV(u *User, posts *[]PublicPost) []byte {
 		var blog string
 		if p.Collection != nil {
 			blog = p.Collection.Alias
+			p.Collection.hostName = hostName
 		}
-		f := []string{p.ID, p.Slug.String, blog, p.CanonicalURL(), p.Created8601(), p.Title.String, strings.Replace(p.Content, "\n", "\\n", -1)}
+		f := []string{p.ID, p.Slug.String, blog, p.CanonicalURL(hostName), p.Created8601(), p.Title.String, strings.Replace(p.Content, "\n", "\\n", -1)}
 		r = append(r, f)
 	}
 
diff --git a/posts.go b/posts.go
index 1f35eda..d004296 100644
--- a/posts.go
+++ b/posts.go
@@ -1061,9 +1061,9 @@ func (p *Post) processPost() PublicPost {
 	return *res
 }
 
-func (p *PublicPost) CanonicalURL() string {
+func (p *PublicPost) CanonicalURL(hostName string) string {
 	if p.Collection == nil || p.Collection.Alias == "" {
-		return p.Collection.hostName + "/" + p.ID
+		return hostName + "/" + p.ID
 	}
 	return p.Collection.CanonicalURL() + p.Slug.String
 }
@@ -1072,7 +1072,7 @@ func (p *PublicPost) ActivityObject(cfg *config.Config) *activitystreams.Object
 	o := activitystreams.NewArticleObject()
 	o.ID = p.Collection.FederatedAPIBase() + "api/posts/" + p.ID
 	o.Published = p.Created
-	o.URL = p.CanonicalURL()
+	o.URL = p.CanonicalURL(cfg.App.Host)
 	o.AttributedTo = p.Collection.FederatedAccount()
 	o.CC = []string{
 		p.Collection.FederatedAccount() + "/followers",
diff --git a/read.go b/read.go
index ec0305a..df24621 100644
--- a/read.go
+++ b/read.go
@@ -293,7 +293,7 @@ func viewLocalTimelineFeed(app *App, w http.ResponseWriter, req *http.Request) e
 		}
 
 		title = p.PlainDisplayTitle()
-		permalink = p.CanonicalURL()
+		permalink = p.CanonicalURL(app.cfg.App.Host)
 		if p.Collection != nil {
 			author = p.Collection.Title
 		} else {

From c0b75f6b65e375b04a100ca6b9963e579d4282d5 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Fri, 8 Nov 2019 08:47:03 -0800
Subject: [PATCH 69/90] pass hostname to canonical url in post templates

the change to take a hostname in Post.CanonicalURL broke a few template
using that function. This adds a Hostname string to the Post being
passed to templates and passes it to calls to Post.CanonicalURL
---
 posts.go                              | 2 ++
 templates/chorus-collection-post.tmpl | 6 +++---
 templates/chorus-collection.tmpl      | 2 +-
 templates/collection-post.tmpl        | 6 +++---
 templates/collection-tags.tmpl        | 2 +-
 templates/collection.tmpl             | 2 +-
 templates/read.tmpl                   | 8 ++++----
 7 files changed, 15 insertions(+), 13 deletions(-)

diff --git a/posts.go b/posts.go
index d004296..6cb76a2 100644
--- a/posts.go
+++ b/posts.go
@@ -1380,12 +1380,14 @@ Are you sure it was ever here?`,
 			IsFound        bool
 			IsAdmin        bool
 			CanInvite      bool
+			Hostname       string
 		}{
 			PublicPost:     p,
 			StaticPage:     pageForReq(app, r),
 			IsOwner:        cr.isCollOwner,
 			IsCustomDomain: cr.isCustomDomain,
 			IsFound:        postFound,
+			Hostname:       app.cfg.App.Host,
 		}
 		tp.IsAdmin = u != nil && u.IsAdmin()
 		tp.CanInvite = canUserInvite(app.cfg, tp.IsAdmin)
diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index bab2e31..d229c62 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -8,7 +8,7 @@
 		<link rel="stylesheet" type="text/css" href="/css/write.css" />
 		<link rel="shortcut icon" href="/favicon.ico" />
 		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
-		<link rel="canonical" href="{{.CanonicalURL}}" />
+		<link rel="canonical" href="{{.CanonicalURL .Hostname}}" />
 		<meta name="generator" content="WriteFreely">
 		<meta name="title" content="{{.PlainDisplayTitle}} {{localhtml "title dash" .Language.String}} {{if .Collection.Title}}{{.Collection.Title}}{{else}}{{.Collection.Alias}}{{end}}">
 		<meta name="description" content="{{.Summary}}">
@@ -25,7 +25,7 @@
 		<meta property="og:description" content="{{.Summary}}" />
 		<meta property="og:site_name" content="{{.Collection.DisplayTitle}}" />
 		<meta property="og:type" content="article" />
-		<meta property="og:url" content="{{.CanonicalURL}}" />
+		<meta property="og:url" content="{{.CanonicalURL .Hostname}}" />
 		<meta property="og:updated_time" content="{{.Created8601}}" />
 		{{range .Images}}<meta property="og:image" content="{{.}}" />{{else}}<meta property="og:image" content="{{.Collection.AvatarURL}}">{{end}}
 		<meta property="article:published_time" content="{{.Created8601}}">
@@ -77,7 +77,7 @@ article time.dt-published {
 			</p>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 			<hr>
diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index e36d3b5..ebee403 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -68,7 +68,7 @@ body#collection header nav.tabs a:first-child {
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav class="pinned-posts">
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index 7075226..a4084b3 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -9,7 +9,7 @@
 		<link rel="shortcut icon" href="/favicon.ico" />
 		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
 		{{ if .IsFound }}
-		<link rel="canonical" href="{{.CanonicalURL}}" />
+		<link rel="canonical" href="{{.CanonicalURL .Hostname}}" />
 		<meta name="generator" content="WriteFreely">
 		<meta name="title" content="{{.PlainDisplayTitle}} {{localhtml "title dash" .Language.String}} {{if .Collection.Title}}{{.Collection.Title}}{{else}}{{.Collection.Alias}}{{end}}">
 		<meta name="description" content="{{.Summary}}">
@@ -26,7 +26,7 @@
 		<meta property="og:description" content="{{.Summary}}" />
 		<meta property="og:site_name" content="{{.Collection.DisplayTitle}}" />
 		<meta property="og:type" content="article" />
-		<meta property="og:url" content="{{.CanonicalURL}}" />
+		<meta property="og:url" content="{{.CanonicalURL .Hostname}}" />
 		<meta property="og:updated_time" content="{{.Created8601}}" />
 		{{range .Images}}<meta property="og:image" content="{{.}}" />{{else}}<meta property="og:image" content="{{.Collection.AvatarURL}}">{{end}}
 		<meta property="article:published_time" content="{{.Created8601}}">
@@ -50,7 +50,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a rel="author" href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 				{{ if and .IsOwner .IsFound }}<span class="views" dir="ltr"><strong>{{largeNumFmt .Views}}</strong> {{pluralize "view" "views" .Views}}</span>
 				<a class="xtra-feature" href="/{{if not .SingleUser}}{{.Collection.Alias}}/{{end}}{{.Slug.String}}/edit" dir="{{.Direction}}">Edit</a>
diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl
index 7cad3b7..039e071 100644
--- a/templates/collection-tags.tmpl
+++ b/templates/collection-tags.tmpl
@@ -48,7 +48,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.DisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.DisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 		</header>
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 36a266b..fa66f69 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -68,7 +68,7 @@
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav>
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		
diff --git a/templates/read.tmpl b/templates/read.tmpl
index 9541ab5..91fbeb4 100644
--- a/templates/read.tmpl
+++ b/templates/read.tmpl
@@ -87,17 +87,17 @@
 		{{ if gt (len .Posts) 0 }}
 		<section itemscope itemtype="http://schema.org/Blog">
 			{{range .Posts}}<article class="{{.Font}} h-entry" itemscope itemtype="http://schema.org/BlogPosting">
-			{{if .Title.String}}<h2 class="post-title" itemprop="name" class="p-name"><a href="{{if .Slug.String}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL}}.md{{end}}" itemprop="url" class="u-url">{{.PlainDisplayTitle}}</a></h2>
+			{{if .Title.String}}<h2 class="post-title" itemprop="name" class="p-name"><a href="{{if .Slug.String}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}" itemprop="url" class="u-url">{{.PlainDisplayTitle}}</a></h2>
 			<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{if not .Title.String}}<a href="{{.Collection.CanonicalURL}}{{.Slug.String}}" itemprop="url">{{end}}{{.DisplayDate}}{{if not .Title.String}}</a>{{end}}</time>
 			{{else}}
-			<h2 class="post-title" itemprop="name"><time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL}}.md{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time></h2>
+			<h2 class="post-title" itemprop="name"><time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time></h2>
 			{{end}}
 			<p class="source">{{if .Collection}}from <a href="{{.Collection.CanonicalURL}}">{{.Collection.DisplayTitle}}</a>{{else}}<em>Anonymous</em>{{end}}</p>
 			{{if .Excerpt}}<div class="p-summary" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{.Excerpt}}</div>
 		
-			<a class="read-more" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{else}}<div class="e-content preview" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{ if not .HTMLContent }}<p id="post-body" class="e-content preview">{{.Content}}</p>{{ else }}{{.HTMLContent}}{{ end }}<div class="over">&nbsp;</div></div>
+			<a class="read-more" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{else}}<div class="e-content preview" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{ if not .HTMLContent }}<p id="post-body" class="e-content preview">{{.Content}}</p>{{ else }}{{.HTMLContent}}{{ end }}<div class="over">&nbsp;</div></div>
 			
-			<a class="read-more maybe" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{end}}</article>
+			<a class="read-more maybe" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{end}}</article>
 			{{end}}
 		</section>
 		{{ else }}

From f66d5bf1e8fa35330f52c2bb6b58f9720831029b Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Sat, 9 Nov 2019 11:41:39 -0800
Subject: [PATCH 70/90] use .Host instead of adding .Hostname

---
 posts.go                              | 2 --
 templates/chorus-collection-post.tmpl | 6 +++---
 templates/chorus-collection.tmpl      | 2 +-
 templates/collection-post.tmpl        | 6 +++---
 templates/collection-tags.tmpl        | 2 +-
 templates/collection.tmpl             | 2 +-
 templates/read.tmpl                   | 8 ++++----
 7 files changed, 13 insertions(+), 15 deletions(-)

diff --git a/posts.go b/posts.go
index 6cb76a2..d004296 100644
--- a/posts.go
+++ b/posts.go
@@ -1380,14 +1380,12 @@ Are you sure it was ever here?`,
 			IsFound        bool
 			IsAdmin        bool
 			CanInvite      bool
-			Hostname       string
 		}{
 			PublicPost:     p,
 			StaticPage:     pageForReq(app, r),
 			IsOwner:        cr.isCollOwner,
 			IsCustomDomain: cr.isCustomDomain,
 			IsFound:        postFound,
-			Hostname:       app.cfg.App.Host,
 		}
 		tp.IsAdmin = u != nil && u.IsAdmin()
 		tp.CanInvite = canUserInvite(app.cfg, tp.IsAdmin)
diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index d229c62..18fb632 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -8,7 +8,7 @@
 		<link rel="stylesheet" type="text/css" href="/css/write.css" />
 		<link rel="shortcut icon" href="/favicon.ico" />
 		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
-		<link rel="canonical" href="{{.CanonicalURL .Hostname}}" />
+		<link rel="canonical" href="{{.CanonicalURL .Host}}" />
 		<meta name="generator" content="WriteFreely">
 		<meta name="title" content="{{.PlainDisplayTitle}} {{localhtml "title dash" .Language.String}} {{if .Collection.Title}}{{.Collection.Title}}{{else}}{{.Collection.Alias}}{{end}}">
 		<meta name="description" content="{{.Summary}}">
@@ -25,7 +25,7 @@
 		<meta property="og:description" content="{{.Summary}}" />
 		<meta property="og:site_name" content="{{.Collection.DisplayTitle}}" />
 		<meta property="og:type" content="article" />
-		<meta property="og:url" content="{{.CanonicalURL .Hostname}}" />
+		<meta property="og:url" content="{{.CanonicalURL .Host}}" />
 		<meta property="og:updated_time" content="{{.Created8601}}" />
 		{{range .Images}}<meta property="og:image" content="{{.}}" />{{else}}<meta property="og:image" content="{{.Collection.AvatarURL}}">{{end}}
 		<meta property="article:published_time" content="{{.Created8601}}">
@@ -77,7 +77,7 @@ article time.dt-published {
 			</p>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 			<hr>
diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index ebee403..14d5fbd 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -68,7 +68,7 @@ body#collection header nav.tabs a:first-child {
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav class="pinned-posts">
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index a4084b3..4af5cb8 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -9,7 +9,7 @@
 		<link rel="shortcut icon" href="/favicon.ico" />
 		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
 		{{ if .IsFound }}
-		<link rel="canonical" href="{{.CanonicalURL .Hostname}}" />
+		<link rel="canonical" href="{{.CanonicalURL .Host}}" />
 		<meta name="generator" content="WriteFreely">
 		<meta name="title" content="{{.PlainDisplayTitle}} {{localhtml "title dash" .Language.String}} {{if .Collection.Title}}{{.Collection.Title}}{{else}}{{.Collection.Alias}}{{end}}">
 		<meta name="description" content="{{.Summary}}">
@@ -26,7 +26,7 @@
 		<meta property="og:description" content="{{.Summary}}" />
 		<meta property="og:site_name" content="{{.Collection.DisplayTitle}}" />
 		<meta property="og:type" content="article" />
-		<meta property="og:url" content="{{.CanonicalURL .Hostname}}" />
+		<meta property="og:url" content="{{.CanonicalURL .Host}}" />
 		<meta property="og:updated_time" content="{{.Created8601}}" />
 		{{range .Images}}<meta property="og:image" content="{{.}}" />{{else}}<meta property="og:image" content="{{.Collection.AvatarURL}}">{{end}}
 		<meta property="article:published_time" content="{{.Created8601}}">
@@ -50,7 +50,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a rel="author" href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 				{{ if and .IsOwner .IsFound }}<span class="views" dir="ltr"><strong>{{largeNumFmt .Views}}</strong> {{pluralize "view" "views" .Views}}</span>
 				<a class="xtra-feature" href="/{{if not .SingleUser}}{{.Collection.Alias}}/{{end}}{{.Slug.String}}/edit" dir="{{.Direction}}">Edit</a>
diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl
index 039e071..ff9c2b9 100644
--- a/templates/collection-tags.tmpl
+++ b/templates/collection-tags.tmpl
@@ -48,7 +48,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.DisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.DisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 		</header>
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index fa66f69..34eb076 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -68,7 +68,7 @@
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav>
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		
diff --git a/templates/read.tmpl b/templates/read.tmpl
index 91fbeb4..f1cbf29 100644
--- a/templates/read.tmpl
+++ b/templates/read.tmpl
@@ -87,17 +87,17 @@
 		{{ if gt (len .Posts) 0 }}
 		<section itemscope itemtype="http://schema.org/Blog">
 			{{range .Posts}}<article class="{{.Font}} h-entry" itemscope itemtype="http://schema.org/BlogPosting">
-			{{if .Title.String}}<h2 class="post-title" itemprop="name" class="p-name"><a href="{{if .Slug.String}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}" itemprop="url" class="u-url">{{.PlainDisplayTitle}}</a></h2>
+			{{if .Title.String}}<h2 class="post-title" itemprop="name" class="p-name"><a href="{{if .Slug.String}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}.md{{end}}" itemprop="url" class="u-url">{{.PlainDisplayTitle}}</a></h2>
 			<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{if not .Title.String}}<a href="{{.Collection.CanonicalURL}}{{.Slug.String}}" itemprop="url">{{end}}{{.DisplayDate}}{{if not .Title.String}}</a>{{end}}</time>
 			{{else}}
-			<h2 class="post-title" itemprop="name"><time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time></h2>
+			<h2 class="post-title" itemprop="name"><time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}.md{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time></h2>
 			{{end}}
 			<p class="source">{{if .Collection}}from <a href="{{.Collection.CanonicalURL}}">{{.Collection.DisplayTitle}}</a>{{else}}<em>Anonymous</em>{{end}}</p>
 			{{if .Excerpt}}<div class="p-summary" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{.Excerpt}}</div>
 		
-			<a class="read-more" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{else}}<div class="e-content preview" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{ if not .HTMLContent }}<p id="post-body" class="e-content preview">{{.Content}}</p>{{ else }}{{.HTMLContent}}{{ end }}<div class="over">&nbsp;</div></div>
+			<a class="read-more" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{else}}<div class="e-content preview" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{ if not .HTMLContent }}<p id="post-body" class="e-content preview">{{.Content}}</p>{{ else }}{{.HTMLContent}}{{ end }}<div class="over">&nbsp;</div></div>
 			
-			<a class="read-more maybe" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Hostname}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{end}}</article>
+			<a class="read-more maybe" href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}.md{{end}}">{{localstr "Read more..." .Language.String}}</a>{{end}}</article>
 			{{end}}
 		</section>
 		{{ else }}

From 2c2ee0c00cd80e199678ac53adac25d6ff5803a3 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 15:16:04 +0900
Subject: [PATCH 71/90] Tweak "suspended" notification copy

---
 templates/user/include/suspended.tmpl | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/templates/user/include/suspended.tmpl b/templates/user/include/suspended.tmpl
index b1e42c8..e5d9be8 100644
--- a/templates/user/include/suspended.tmpl
+++ b/templates/user/include/suspended.tmpl
@@ -1,6 +1,5 @@
 {{define "user-suspended"}}
 <div class="alert info">
-	<p>This account is currently suspended.</p>
-	<p>Please contact the instance administrator to discuss reactivation.</p>
+	<p><strong>Your account is suspended.</strong> You can still access all of your posts and blogs, but no one else can currently see them.</p>
 </div>
 {{end}}

From 6e09fcb9e2a3088c9c5ad1cbbbb5cc5947d2122a Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 16:02:22 +0900
Subject: [PATCH 72/90] Change password reset endpoint to
 /admin/user/{Username}/passphrase

Ref T695
---
 routes.go                           | 2 +-
 templates/user/admin/view-user.tmpl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/routes.go b/routes.go
index 003b7d1..de19ff2 100644
--- a/routes.go
+++ b/routes.go
@@ -144,7 +144,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET")
 	write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET")
 	write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET")
-	write.HandleFunc("/admin/user/{username}", handler.Admin(handleAdminResetUserPass)).Methods("POST")
+	write.HandleFunc("/admin/user/{username}/passphrase", handler.Admin(handleAdminResetUserPass)).Methods("POST")
 	write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET")
 	write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET")
 	write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST")
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 211297d..91fdaf1 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -62,7 +62,7 @@ button[type="submit"].danger {
 			<th>Password</th>
 			<td>
 				{{if not .OwnUserPage}}
-					<form id="reset-form" action="/admin/user/{{.User.Username}}" method="post" autocomplete="false">
+					<form id="reset-form" action="/admin/user/{{.User.Username}}/passphrase" method="post" autocomplete="false">
 					<input type="hidden" name="user" value="{{.User.ID}}"/>
 					<button
 					class="danger"

From 6d4ec0b17db8f27673f91a7c2fa20229a93527f3 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 16:06:03 +0900
Subject: [PATCH 73/90] Remove extra OwnUserPage field

Move logic into template, rather than add another field to the page.

Ref T695
---
 admin.go                            | 6 ++----
 templates/user/admin/view-user.tmpl | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/admin.go b/admin.go
index 5b3acab..c5f5646 100644
--- a/admin.go
+++ b/admin.go
@@ -169,9 +169,8 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 
 	p := struct {
 		*UserPage
-		Config      config.AppCfg
-		Message     string
-		OwnUserPage bool
+		Config  config.AppCfg
+		Message string
 
 		User        *User
 		Colls       []inspectedCollection
@@ -196,7 +195,6 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	if err != nil {
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user: %v", err)}
 	}
-	p.OwnUserPage = u.ID == p.User.ID
 	p.UserPage = NewUserPage(app, r, u, p.User.Username, nil)
 	p.TotalPosts = app.db.GetUserPostsCount(p.User.ID)
 	lp, err := app.db.GetUserLastPostTime(p.User.ID)
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 91fdaf1..ac1f8bd 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -61,7 +61,7 @@ button[type="submit"].danger {
 		<tr>
 			<th>Password</th>
 			<td>
-				{{if not .OwnUserPage}}
+				{{if ne .Username .User.Username}}
 					<form id="reset-form" action="/admin/user/{{.User.Username}}/passphrase" method="post" autocomplete="false">
 					<input type="hidden" name="user" value="{{.User.ID}}"/>
 					<button

From f673f9b562fad6141155a48eff438a05ea03358e Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 18:01:08 +0900
Subject: [PATCH 74/90] Reset password to sorta-sensical string

This resets user password to something random that also reminds the user
they should change it immediately after logging in, instead of a
completely random jumble of characters.

Ref T695
---
 admin.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/admin.go b/admin.go
index c5f5646..b155321 100644
--- a/admin.go
+++ b/admin.go
@@ -246,7 +246,7 @@ func handleAdminResetUserPass(app *App, u *User, w http.ResponseWriter, r *http.
 		return impart.HTTPError{http.StatusFound, "/admin/users"}
 	}
 	// Generate new random password since none supplied
-	pass := passgen.New()
+	pass := passgen.NewWordish()
 	hashedPass, err := auth.HashPass([]byte(pass))
 	if err != nil {
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not create password hash: %v", err)}

From 422c16f39a6c7969f21d633e7946689e782ea391 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 18:03:19 +0900
Subject: [PATCH 75/90] Tweak admin user pass reset success copy

This also adjusts the style and includes the user's password, so the
admin can easily notify them.

Ref T695
---
 admin.go                            |  2 ++
 templates/user/admin/view-user.tmpl | 23 ++++++++++-------------
 2 files changed, 12 insertions(+), 13 deletions(-)

diff --git a/admin.go b/admin.go
index b155321..5f7d0c7 100644
--- a/admin.go
+++ b/admin.go
@@ -177,6 +177,7 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 		LastPost    string
 		NewPassword string
 		TotalPosts  int64
+		ClearEmail  string
 	}{
 		Config:  app.cfg.App,
 		Message: r.FormValue("m"),
@@ -187,6 +188,7 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	for _, flash := range flashes {
 		if strings.HasPrefix(flash, "SUCCESS: ") {
 			p.NewPassword = strings.TrimPrefix(flash, "SUCCESS: ")
+			p.ClearEmail = u.EmailClear(app.keys)
 		}
 	}
 
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index ac1f8bd..c1d7615 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -9,9 +9,10 @@ h3 {
 }
 input.copy-text {
 	text-align: center;
-	    font-size: 1.2em;
-	    color: #555;
-	margin-left: 1rem;
+	font-size: 1.2em;
+	color: #555;
+	width: 100%;
+	box-sizing: border-box;
 }
 button[type="submit"].danger {
 	padding-left: 2rem;
@@ -22,16 +23,12 @@ button[type="submit"].danger {
 	{{template "admin-header" .}}
 
 	<h2 id="posts-header">{{.User.Username}}</h2>
-	{{if .NewPassword}}<p class="alert success">New password for user <strong>{{.User.Username}}</strong> is
-		<input
-		type="text"
-		class="copy-text"
-		value="{{.NewPassword}}"
-		onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);"
-		readonly />
-		<br/><br/>
-		You must share this new password with the user, this is the only time it will be displayed.
-		</p>
+	{{if .NewPassword}}<div class="alert success">
+		<p>This user's password has been reset to:</p>
+		<p><input type="text" class="copy-text" value="{{.NewPassword}}" onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);" readonly /></p>
+		<p>They can use this new password to log in to their account. <strong>This will only be shown once</strong>, so be sure to copy it and send it to them now.</p>
+		{{if .User.Email}}<p>Their email address is: <a href="mailto:{{.ClearEmail}}">{{.ClearEmail}}</a></p>{{end}}
+		</div>
 	{{end}}
 	<table class="classy export">
 		<tr>

From 3e8d1014d9c831bd5fe95d68d5f7da61ca8e766f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 18:04:20 +0900
Subject: [PATCH 76/90] Tweak admin reset confirmation copy

Also updates some whitespace in the JS.

Ref T695
---
 templates/user/admin/view-user.tmpl | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index c1d7615..5198903 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -119,8 +119,10 @@ button[type="submit"].danger {
 	form = document.getElementById("reset-form");
 	form.addEventListener('submit', function(e) {
 		e.preventDefault();
-		agreed = confirm("Really reset password for {{.User.Username}}?\nYou will have to record and share the new password with them.");
-		if (agreed === true) { form.submit();}
+		agreed = confirm("Reset this user's password? This will generate a new temporary password that you'll need to share with them, and invalidate their old one.");
+		if (agreed === true) {
+			form.submit();
+		}
 	});
 </script>
 {{template "footer" .}}

From d5dd007ff738bf75181ef698ad4645580fe69210 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 21:37:02 +0900
Subject: [PATCH 77/90] Change Reset Password button style

Ref T695
---
 templates/user/admin/view-user.tmpl | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 5198903..720a714 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -14,10 +14,6 @@ input.copy-text {
 	width: 100%;
 	box-sizing: border-box;
 }
-button[type="submit"].danger {
-	padding-left: 2rem;
-	padding-right: 2rem;
-}
 </style>
 <div class="snug content-container">
 	{{template "admin-header" .}}
@@ -59,11 +55,9 @@ button[type="submit"].danger {
 			<th>Password</th>
 			<td>
 				{{if ne .Username .User.Username}}
-					<form id="reset-form" action="/admin/user/{{.User.Username}}/passphrase" method="post" autocomplete="false">
+				<form id="reset-form" action="/admin/user/{{.User.Username}}/passphrase" method="post" autocomplete="false">
 					<input type="hidden" name="user" value="{{.User.ID}}"/>
-					<button
-					class="danger"
-					type="submit">Reset</button>
+					<button type="submit">Reset</button>
 				</form>
 				{{else}}
 				<a href="/me/settings" title="Go to reset password page">Change your password</a>

From a9b5bb2f6baba201c561868fdb31aeca789853c7 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 21:40:49 +0900
Subject: [PATCH 78/90] Fix reset user's email address display

Previously, this had bad template logic and showed the wrong email address.

Ref T695
---
 admin.go                            | 16 ++++++++--------
 templates/user/admin/view-user.tmpl |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/admin.go b/admin.go
index 5f7d0c7..3b05bd4 100644
--- a/admin.go
+++ b/admin.go
@@ -184,19 +184,19 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 		Colls:   []inspectedCollection{},
 	}
 
-	flashes, _ := getSessionFlashes(app, w, r, nil)
-	for _, flash := range flashes {
-		if strings.HasPrefix(flash, "SUCCESS: ") {
-			p.NewPassword = strings.TrimPrefix(flash, "SUCCESS: ")
-			p.ClearEmail = u.EmailClear(app.keys)
-		}
-	}
-
 	var err error
 	p.User, err = app.db.GetUserForAuth(username)
 	if err != nil {
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user: %v", err)}
 	}
+
+	flashes, _ := getSessionFlashes(app, w, r, nil)
+	for _, flash := range flashes {
+		if strings.HasPrefix(flash, "SUCCESS: ") {
+			p.NewPassword = strings.TrimPrefix(flash, "SUCCESS: ")
+			p.ClearEmail = p.User.EmailClear(app.keys)
+		}
+	}
 	p.UserPage = NewUserPage(app, r, u, p.User.Username, nil)
 	p.TotalPosts = app.db.GetUserPostsCount(p.User.ID)
 	lp, err := app.db.GetUserLastPostTime(p.User.ID)
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 720a714..4157fca 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -23,7 +23,7 @@ input.copy-text {
 		<p>This user's password has been reset to:</p>
 		<p><input type="text" class="copy-text" value="{{.NewPassword}}" onfocus="if (this.select) this.select(); else this.setSelectionRange(0, this.value.length);" readonly /></p>
 		<p>They can use this new password to log in to their account. <strong>This will only be shown once</strong>, so be sure to copy it and send it to them now.</p>
-		{{if .User.Email}}<p>Their email address is: <a href="mailto:{{.ClearEmail}}">{{.ClearEmail}}</a></p>{{end}}
+		{{if .ClearEmail}}<p>Their email address is: <a href="mailto:{{.ClearEmail}}">{{.ClearEmail}}</a></p>{{end}}
 		</div>
 	{{end}}
 	<table class="classy export">

From d4206cd5f8bb4883eca6a856fc19f54a7df29b1b Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 11 Nov 2019 23:19:23 +0900
Subject: [PATCH 79/90] Move to web-core v1.2.0

---
 go.mod | 2 +-
 go.sum | 2 ++
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 9c67aeb..88af8c9 100644
--- a/go.mod
+++ b/go.mod
@@ -45,7 +45,7 @@ require (
 	github.com/writeas/openssl-go v1.0.0 // indirect
 	github.com/writeas/saturday v1.7.1
 	github.com/writeas/slug v1.2.0
-	github.com/writeas/web-core v1.0.0
+	github.com/writeas/web-core v1.2.0
 	github.com/writefreely/go-nodeinfo v1.2.0
 	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f
 	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
diff --git a/go.sum b/go.sum
index ec1e19d..b256223 100644
--- a/go.sum
+++ b/go.sum
@@ -135,6 +135,8 @@ github.com/writeas/slug v1.2.0 h1:EMQ+cwLiOcA6EtFwUgyw3Ge18x9uflUnOnR6bp/J+/g=
 github.com/writeas/slug v1.2.0/go.mod h1:RE8shOqQP3YhsfsQe0L3RnuejfQ4Mk+JjY5YJQFubfQ=
 github.com/writeas/web-core v1.0.0 h1:5VKkCakQgdKZcbfVKJXtRpc5VHrkflusCl/KRCPzpQ0=
 github.com/writeas/web-core v1.0.0/go.mod h1:Si3chV7VWgY8CsV+3gRolMXSO2Vx1ZFAQ/mkrpvmyEE=
+github.com/writeas/web-core v1.2.0 h1:CYqvBd+byi1cK4mCr1NZ6CjILuMOFmiFecv+OACcmG0=
+github.com/writeas/web-core v1.2.0/go.mod h1:vTYajviuNBAxjctPp2NUYdgjofywVkxUGpeaERF3SfI=
 github.com/writefreely/go-nodeinfo v1.2.0 h1:La+YbTCvmpTwFhBSlebWDDL81N88Qf/SCAvRLR7F8ss=
 github.com/writefreely/go-nodeinfo v1.2.0/go.mod h1:UTvE78KpcjYOlRHupZIiSEFcXHioTXuacCbHU+CAcPg=
 golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59 h1:hk3yo72LXLapY9EXVttc3Z1rLOxT9IuAPPX3GpY2+jo=

From f7550a0da8f6782dd12a683844394aca3b8e117b Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 00:04:36 +0900
Subject: [PATCH 80/90] Change more suspension check logic

From u.Status == UserSuspended to u.IsSuspended()

Ref T661
---
 account.go     | 2 +-
 admin.go       | 2 +-
 collections.go | 4 ++--
 database.go    | 2 +-
 invites.go     | 2 +-
 5 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/account.go b/account.go
index 0faa7bb..25f1e0d 100644
--- a/account.go
+++ b/account.go
@@ -1053,7 +1053,7 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		Email:     fullUser.EmailClear(app.keys),
 		HasPass:   passIsSet,
 		IsLogOut:  r.FormValue("logout") == "1",
-		Suspended: fullUser.Status == UserSuspended,
+		Suspended: fullUser.IsSuspended(),
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/admin.go b/admin.go
index 65afd5f..2e5b8a5 100644
--- a/admin.go
+++ b/admin.go
@@ -242,7 +242,7 @@ func handleAdminToggleUserStatus(app *App, u *User, w http.ResponseWriter, r *ht
 		log.Error("failed to get user: %v", err)
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user from username: %v", err)}
 	}
-	if user.Status == UserSuspended {
+	if user.IsSuspended() {
 		err = app.db.SetUserStatus(user.ID, UserActive)
 	} else {
 		err = app.db.SetUserStatus(user.ID, UserSuspended)
diff --git a/collections.go b/collections.go
index 38ec6f1..fe9d89f 100644
--- a/collections.go
+++ b/collections.go
@@ -906,10 +906,10 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 			log.Error("Error getting user for collection: %v", err)
 		}
 	}
-	if !isOwner && u.Status == UserSuspended {
+	if !isOwner && u.IsSuspended() {
 		return ErrCollectionNotFound
 	}
-	displayPage.Suspended = u.Status == UserSuspended
+	displayPage.Suspended = u.IsSuspended()
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 	// Add more data
diff --git a/database.go b/database.go
index 4b0c702..4b4f4dc 100644
--- a/database.go
+++ b/database.go
@@ -322,7 +322,7 @@ func (db *datastore) IsUserSuspended(id int64) (bool, error) {
 		return false, fmt.Errorf("is user suspended: %v", err)
 	}
 
-	return u.Status == UserSuspended, nil
+	return u.IsSuspended(), nil
 }
 
 // DoesUserNeedAuth returns true if the user hasn't provided any methods for
diff --git a/invites.go b/invites.go
index 8f341ec..5f04c69 100644
--- a/invites.go
+++ b/invites.go
@@ -78,7 +78,7 @@ func handleCreateUserInvite(app *App, u *User, w http.ResponseWriter, r *http.Re
 	muVal := r.FormValue("uses")
 	expVal := r.FormValue("expires")
 
-	if u.Status == UserSuspended {
+	if u.IsSuspended() {
 		return ErrUserSuspended
 	}
 

From c3f76a3ab84026dd4431e1b081c089fae8fd484f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 00:16:44 +0900
Subject: [PATCH 81/90] Change "suspend" to "silence" where user-facing

This puts the verbiage more in line with what the feature does, and
leaves room for other moderation controls in the future.

NOTE: this includes no backend refactoring, which may be confusing. We
should rename things to fit ASAP.

Ref T661
---
 errors.go                             |  2 +-
 templates/pad.tmpl                    |  2 +-
 templates/user/admin/users.tmpl       |  2 +-
 templates/user/admin/view-user.tmpl   | 12 ++++++------
 templates/user/include/suspended.tmpl |  2 +-
 5 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/errors.go b/errors.go
index fa7304f..c0d435c 100644
--- a/errors.go
+++ b/errors.go
@@ -48,7 +48,7 @@ var (
 	ErrUserNotFound      = impart.HTTPError{http.StatusNotFound, "User doesn't exist."}
 	ErrUserNotFoundEmail = impart.HTTPError{http.StatusNotFound, "Please enter your username instead of your email address."}
 
-	ErrUserSuspended = impart.HTTPError{http.StatusForbidden, "Account is suspended, contact the administrator."}
+	ErrUserSuspended = impart.HTTPError{http.StatusForbidden, "Account is silenced."}
 )
 
 // Post operation errors
diff --git a/templates/pad.tmpl b/templates/pad.tmpl
index 4be311e..0b73b94 100644
--- a/templates/pad.tmpl
+++ b/templates/pad.tmpl
@@ -134,7 +134,7 @@
 		var suspended = {{.Suspended}};
 		var publish = function(content, font) {
 			if (suspended === true) {
-				alert("Your account is currently suspended, posting is disabled.");
+				alert("Your account is silenced, so you can't publish or update posts.");
 				return;
 			}
 			{{if and (and .Post.Id (not .Post.Slug)) (not .User)}}
diff --git a/templates/user/admin/users.tmpl b/templates/user/admin/users.tmpl
index df840b2..fb69d3a 100644
--- a/templates/user/admin/users.tmpl
+++ b/templates/user/admin/users.tmpl
@@ -18,7 +18,7 @@
 			<td><a href="/admin/user/{{.Username}}">{{.Username}}</a></td>
 			<td>{{.CreatedFriendly}}</td>
 			<td style="text-align:center">{{if .IsAdmin}}Admin{{else}}User{{end}}</td>
-			<td style="text-align:center">{{if .IsSuspended}}Suspended{{else}}Active{{end}}</td>
+			<td style="text-align:center">{{if .IsSilenced}}Silenced{{else}}Active{{end}}</td>
 		</tr>
 		{{end}}
 	</table>
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 3b13c33..dc7b2ef 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -57,16 +57,16 @@ td.active-suspend > input[type="submit"] {
 			<td>{{if .LastPost}}{{.LastPost}}{{else}}Never{{end}}</td>
 		</tr>
 		<tr>
-			<form action="/admin/user/{{.User.Username}}/status" method="POST" {{if not .User.IsSuspended}}onsubmit="return confirmSuspend()"{{end}}>
+			<form action="/admin/user/{{.User.Username}}/status" method="POST" {{if not .User.IsSilenced}}onsubmit="return confirmSilence()"{{end}}>
 				<a id="status"/>
 				<th>Status</th>
 				<td class="active-suspend">
 				{{if .User.IsSuspended}}
-					<p>Suspended</p>
-					<input type="submit" value="Activate"/>
+					<p>Silenced</p>
+					<input type="submit" value="Unsilence"/>
 				{{else}}
 					<p>Active</p>
-					<input class="danger" type="submit" value="Suspend" {{if .User.IsAdmin}}disabled{{end}}/>
+					<input class="danger" type="submit" value="Silence" {{if .User.IsAdmin}}disabled{{end}}/>
 				{{end}}
 				</td>
 			</form>
@@ -117,8 +117,8 @@ td.active-suspend > input[type="submit"] {
 </div>
 
 <script type="text/javascript">
-function confirmSuspend() {
-	return confirm("Suspend this user? They'll still be able to log in and access their posts, but no one else will be able to see them anymore. You can reverse this decision at any time.");
+function confirmSilence() {
+	return confirm("Silence this user? They'll still be able to log in and access their posts, but no one else will be able to see them anymore. You can reverse this decision at any time.");
 }
 </script>
 
diff --git a/templates/user/include/suspended.tmpl b/templates/user/include/suspended.tmpl
index e5d9be8..76906de 100644
--- a/templates/user/include/suspended.tmpl
+++ b/templates/user/include/suspended.tmpl
@@ -1,5 +1,5 @@
 {{define "user-suspended"}}
 <div class="alert info">
-	<p><strong>Your account is suspended.</strong> You can still access all of your posts and blogs, but no one else can currently see them.</p>
+	<p><strong>Your account has been silenced.</strong> You can still access all of your posts and blogs, but no one else can currently see them.</p>
 </div>
 {{end}}

From 7f96e8c38421689b2e1d39056fae4bf90a0e2bc7 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 00:40:16 +0900
Subject: [PATCH 82/90] Rename UserSuspended to UserSilenced

Some of the work needed to have the backend match user-facing wording.

Ref T661
---
 account.go                          | 2 +-
 admin.go                            | 4 ++--
 collections.go                      | 4 ++--
 database.go                         | 2 +-
 invites.go                          | 2 +-
 templates/user/admin/view-user.tmpl | 2 +-
 users.go                            | 6 +++---
 7 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/account.go b/account.go
index 25f1e0d..5fb87f0 100644
--- a/account.go
+++ b/account.go
@@ -1053,7 +1053,7 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		Email:     fullUser.EmailClear(app.keys),
 		HasPass:   passIsSet,
 		IsLogOut:  r.FormValue("logout") == "1",
-		Suspended: fullUser.IsSuspended(),
+		Suspended: fullUser.IsSilenced(),
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/admin.go b/admin.go
index 2e5b8a5..e624bfb 100644
--- a/admin.go
+++ b/admin.go
@@ -242,10 +242,10 @@ func handleAdminToggleUserStatus(app *App, u *User, w http.ResponseWriter, r *ht
 		log.Error("failed to get user: %v", err)
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user from username: %v", err)}
 	}
-	if user.IsSuspended() {
+	if user.IsSilenced() {
 		err = app.db.SetUserStatus(user.ID, UserActive)
 	} else {
-		err = app.db.SetUserStatus(user.ID, UserSuspended)
+		err = app.db.SetUserStatus(user.ID, UserSilenced)
 	}
 	if err != nil {
 		log.Error("toggle user suspended: %v", err)
diff --git a/collections.go b/collections.go
index fe9d89f..3e86f30 100644
--- a/collections.go
+++ b/collections.go
@@ -906,10 +906,10 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 			log.Error("Error getting user for collection: %v", err)
 		}
 	}
-	if !isOwner && u.IsSuspended() {
+	if !isOwner && u.IsSilenced() {
 		return ErrCollectionNotFound
 	}
-	displayPage.Suspended = u.IsSuspended()
+	displayPage.Suspended = u.IsSilenced()
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 	// Add more data
diff --git a/database.go b/database.go
index 4b4f4dc..d78d888 100644
--- a/database.go
+++ b/database.go
@@ -322,7 +322,7 @@ func (db *datastore) IsUserSuspended(id int64) (bool, error) {
 		return false, fmt.Errorf("is user suspended: %v", err)
 	}
 
-	return u.IsSuspended(), nil
+	return u.IsSilenced(), nil
 }
 
 // DoesUserNeedAuth returns true if the user hasn't provided any methods for
diff --git a/invites.go b/invites.go
index 5f04c69..1dba7bd 100644
--- a/invites.go
+++ b/invites.go
@@ -78,7 +78,7 @@ func handleCreateUserInvite(app *App, u *User, w http.ResponseWriter, r *http.Re
 	muVal := r.FormValue("uses")
 	expVal := r.FormValue("expires")
 
-	if u.IsSuspended() {
+	if u.IsSilenced() {
 		return ErrUserSuspended
 	}
 
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index dc7b2ef..be50b12 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -61,7 +61,7 @@ td.active-suspend > input[type="submit"] {
 				<a id="status"/>
 				<th>Status</th>
 				<td class="active-suspend">
-				{{if .User.IsSuspended}}
+				{{if .User.IsSilenced}}
 					<p>Silenced</p>
 					<input type="submit" value="Unsilence"/>
 				{{else}}
diff --git a/users.go b/users.go
index 5eb2e61..9b5c99c 100644
--- a/users.go
+++ b/users.go
@@ -23,7 +23,7 @@ type UserStatus int
 
 const (
 	UserActive = iota
-	UserSuspended
+	UserSilenced
 )
 
 type (
@@ -127,6 +127,6 @@ func (u *User) IsAdmin() bool {
 	return u.ID == 1
 }
 
-func (u *User) IsSuspended() bool {
-	return u.Status&UserSuspended != 0
+func (u *User) IsSilenced() bool {
+	return u.Status&UserSilenced != 0
 }

From 5644e8d2516fd92df3158d3d875279293b130ff0 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 00:41:45 +0900
Subject: [PATCH 83/90] Fix "silenced" alert styles on more pages

- Tagged posts
- Collection index

Ref T661
---
 less/core.less | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/less/core.less b/less/core.less
index f4332a9..8844c84 100644
--- a/less/core.less
+++ b/less/core.less
@@ -516,10 +516,17 @@ abbr {
 body#collection article p, body#subpage article p {
 	.article-p;
 }
-pre, body#post article, body#collection article, body#subpage article, body#subpage #wrapper h1 {
+pre, body#post article, #post .alert, #subpage .alert, body#collection article, body#subpage article, body#subpage #wrapper h1 {
 	max-width: 40rem;
 	margin: 0 auto;
 }
+#collection header .alert, #post .alert, #subpage .alert {
+	margin-bottom: 1em;
+	p {
+		text-align: left;
+		line-height: 1.4;
+	}
+}
 textarea, pre, body#post article, body#collection article p {
 	&.norm, &.sans, &.wrap {
 		line-height: 1.4em;

From 8f24da94a62a0afdbe25ed692e35b84008b10c94 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 00:47:49 +0900
Subject: [PATCH 84/90] Bump version to 0.11.0

---
 app.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.go b/app.go
index 514c7c8..9b01bc6 100644
--- a/app.go
+++ b/app.go
@@ -56,7 +56,7 @@ var (
 	debugging bool
 
 	// Software version can be set from git env using -ldflags
-	softwareVer = "0.10.0"
+	softwareVer = "0.11.0"
 
 	// DEPRECATED VARS
 	isSingleUser bool

From 79f35a0ccdf6bc7b6b5008b33b4d570ba4992f07 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 08:03:00 +0900
Subject: [PATCH 85/90] Fix collection template issues introduced in #205

This fixes a template rendering issue caused by bad references to $.Host
in pinned posts links on single-user instances.

Closes #207
---
 templates/chorus-collection-post.tmpl | 2 +-
 templates/chorus-collection.tmpl      | 2 +-
 templates/collection-post.tmpl        | 2 +-
 templates/collection-tags.tmpl        | 2 +-
 templates/collection.tmpl             | 2 +-
 5 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index a6b6102..b9df8ad 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -80,7 +80,7 @@ article time.dt-published {
 			</p>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL $.Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 			<hr>
diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index 504e54f..8250287 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -71,7 +71,7 @@ body#collection header nav.tabs a:first-child {
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav class="pinned-posts">
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL $.Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index e24c6dd..a194cf4 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -50,7 +50,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a rel="author" href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned{{if eq .Slug.String $.Slug.String}} selected{{end}}" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL $.Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}
 				{{end}}
 				{{ if and .IsOwner .IsFound }}<span class="views" dir="ltr"><strong>{{largeNumFmt .Views}}</strong> {{pluralize "view" "views" .Views}}</span>
 				<a class="xtra-feature" href="/{{if not .SingleUser}}{{.Collection.Alias}}/{{end}}{{.Slug.String}}/edit" dir="{{.Direction}}">Edit</a>
diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl
index 2618f3d..f209162 100644
--- a/templates/collection-tags.tmpl
+++ b/templates/collection-tags.tmpl
@@ -48,7 +48,7 @@
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="{{if .IsTopLevel}}/{{else}}/{{.Collection.Alias}}/{{end}}" class="h-card p-author">{{.Collection.DisplayTitle}}</a></h1>
 			<nav>
 				{{if .PinnedPosts}}
-				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.DisplayTitle}}</a>{{end}}
+				{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Collection.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL $.Host}}{{end}}">{{.DisplayTitle}}</a>{{end}}
 				{{end}}
 			</nav>
 		</header>
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 47dc24d..b87ce87 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -71,7 +71,7 @@
 			<!--p class="meta-note"><span>Private collection</span>. Only you can see this page.</p-->
 		{{/*end*/}}
 		{{if .PinnedPosts}}<nav>
-			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
+			{{range .PinnedPosts}}<a class="pinned" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{.CanonicalURL $.Host}}{{end}}">{{.PlainDisplayTitle}}</a>{{end}}</nav>
 		{{end}}
 		</header>
 		

From 80362000feedae19e51bbc7ab7afb4283a762361 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 08:07:51 +0900
Subject: [PATCH 86/90] Skip logging default pad template fallback

This reduces unnecessary logging by not showing the "no template" line
when the `editor` config value is empty (default).
---
 pad.go | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pad.go b/pad.go
index db356c4..37d1c9b 100644
--- a/pad.go
+++ b/pad.go
@@ -61,7 +61,9 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	padTmpl := app.cfg.App.Editor
 	if templates[padTmpl] == nil {
-		log.Info("No template '%s' found. Falling back to default 'pad' template.", padTmpl)
+		if padTmpl != "" {
+			log.Info("No template '%s' found. Falling back to default 'pad' template.", padTmpl)
+		}
 		padTmpl = "pad"
 	}
 

From 3d49baf39a0f84f5282de6dcb7297a88fa1ebbf2 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 16:49:38 +0900
Subject: [PATCH 87/90] Improve non-chorus site-wide header

This adds a Reader tab when necessary while logged in, and generally
keeps the navigation consistent for logged-in users, particularly in
regard to the Reader:

- Now includes user buttons and dropdown
- Makes header on user pages consistent with Reader page
---
 templates/base.tmpl                | 6 +++---
 templates/user/include/header.tmpl | 6 ++----
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/templates/base.tmpl b/templates/base.tmpl
index aae7850..3826917 100644
--- a/templates/base.tmpl
+++ b/templates/base.tmpl
@@ -22,7 +22,7 @@
 			{{ end }}
 			{{if not .SingleUser}}
 			<nav id="user-nav">
-				{{if and .Chorus .Username}}
+				{{if .Username}}
 				<nav class="dropdown-nav">
 					<ul><li><a>{{.Username}}</a> <img class="ic-18dp" src="/img/ic_down_arrow_dark@2x.png" /><ul>
 							{{if .IsAdmin}}<li><a href="/admin">Admin dashboard</a></li>{{end}}
@@ -39,10 +39,10 @@
 					{{ if and .SimpleNav (not .SingleUser) }}
 					{{if and (and .LocalTimeline .CanViewReader) .Chorus}}<a href="/"{{if eq .Path "/"}} class="selected"{{end}}>Home</a>{{end}}
 					{{ end }}
-					<a href="/about"{{if eq .Path "/about"}} class="selected"{{end}}>About</a>
+					{{if or .Chorus (not .Username)}}<a href="/about"{{if eq .Path "/about"}} class="selected"{{end}}>About</a>{{end}}
 					{{ if not .SingleUser }}
 						{{ if .Username }}
-					{{if gt .MaxBlogs 1}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
+					{{if or (not .Chorus) (gt .MaxBlogs 1)}}<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>{{end}}
 					{{if and (and .Chorus (eq .MaxBlogs 1)) .Username}}<a href="/{{.Username}}/"{{if eq .Path (printf "/%s/" .Username)}} class="selected"{{end}}>My Posts</a>{{end}}
 					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
 						{{ end }}
diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
index 0feca89..c53ac33 100644
--- a/templates/user/include/header.tmpl
+++ b/templates/user/include/header.tmpl
@@ -22,13 +22,10 @@
 			</nav>
 		</nav>
 		{{else}}
-		{{ if .Chorus }}<nav id="full-nav">
+		<nav id="full-nav">
 			<div class="left-side">
 				<h1><a href="/" title="Return to editor">{{.SiteName}}</a></h1>
 			</div>
-		{{ else }}
-			<h1><a href="/" title="Return to editor">{{.SiteName}}</a></h1>
-		{{ end }}
 		<nav id="user-nav">
 			{{if .Username}}
 			<nav class="dropdown-nav">
@@ -62,6 +59,7 @@
 				{{else}}
 					<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>
 					{{if not .DisableDrafts}}<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>{{end}}
+					{{if and (and .LocalTimeline .CanViewReader) (not .Chorus)}}<a href="/read">Reader</a>{{end}}
 				{{end}}
 			</nav>
 		</nav>

From 278e4f6242d1f01d20d2feb811a89c1d25bd6e64 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 16:53:52 +0900
Subject: [PATCH 88/90] Bump version to 0.11.1

---
 app.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app.go b/app.go
index 9b01bc6..018ce37 100644
--- a/app.go
+++ b/app.go
@@ -56,7 +56,7 @@ var (
 	debugging bool
 
 	// Software version can be set from git env using -ldflags
-	softwareVer = "0.11.0"
+	softwareVer = "0.11.1"
 
 	// DEPRECATED VARS
 	isSingleUser bool

From 2899d98cfd9f9ae092b962a451c150424de97e2a Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 19:43:41 +0900
Subject: [PATCH 89/90] Fix collection post 500 when not logged in

This reverts some code from 5429ca4a, which broke collection post
loading on blog posts when not logged in.
---
 posts.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/posts.go b/posts.go
index 2a6fe74..6410735 100644
--- a/posts.go
+++ b/posts.go
@@ -1390,7 +1390,7 @@ Are you sure it was ever here?`,
 			return err
 		}
 	}
-	p.IsOwner = owner != nil && p.OwnerID.Valid && u.ID == p.OwnerID.Int64
+	p.IsOwner = owner != nil && p.OwnerID.Valid && owner.ID == p.OwnerID.Int64
 	p.Collection = coll
 	p.IsTopLevel = app.cfg.App.SingleUser
 

From bd99044e9c92b40ff7f816c667c1adeb72911ff9 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 12 Nov 2019 20:01:14 +0900
Subject: [PATCH 90/90] Fix 500 on tags page

This fixes a panic from a nil user when calling u.IsSuspended().
Instead, this checks and calls IsSuspended() on `owner`.
---
 collections.go | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/collections.go b/collections.go
index 54ddc8a..b85f0a4 100644
--- a/collections.go
+++ b/collections.go
@@ -905,11 +905,11 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 			// Log the error and just continue
 			log.Error("Error getting user for collection: %v", err)
 		}
+		if owner.IsSilenced() {
+			return ErrCollectionNotFound
+		}
 	}
-	if !isOwner && u.IsSilenced() {
-		return ErrCollectionNotFound
-	}
-	displayPage.Suspended = u.IsSilenced()
+	displayPage.Suspended = owner != nil && owner.IsSilenced()
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 	// Add more data