Commit Graph

162 Commits

Author SHA1 Message Date
Matt Baer 7e3eb9a87b
Merge pull request #319 from writeas/silo-mentions
Support AP-style mentions of centralized social media accounts
2020-08-13 12:36:42 -04:00
Matt Baer 7fa78c2255 Move fakeAPInstances to web-core/silobridge package
This adds support for mentioning profiles on the following sites:

- deviantart.com
- facebook.com
- flickr.com
- github.com
- instagram.com
- reddit.com
- wattpad.com
- youtube.com
2020-08-13 12:33:35 -04:00
Matt Baer 7eeba4dc9e Limit initial draft post loading to 10 posts
Ref T401
2020-07-30 16:28:21 -04:00
Matt Baer 849e5b8503
Merge pull request #330 from writeas/post-signatures
Support post signatures

Ref T582
2020-07-30 11:53:27 -04:00
Matt Baer 6dbc753ecb Merge branch 'develop' into gopher 2020-07-23 11:47:49 -04:00
Matt Baer a25664bb97 Support post signatures
This enables users to add a signature to all blog posts, and update it from a single location.

Requires database migration with: writefreely db migrate

Closes T582
2020-06-23 16:24:45 -04:00
Matt Baer 507acc7e1c Support AP-style mentions of centralized social media accounts
This allows users to mention users on the following non-ActivityPub
social media sites:

- twitter.com
- medium.com

It also adds missing error handling in federatePost().
2020-06-08 13:50:43 -04:00
Matt Baer cceea03076 Ignore "collation mix" errors in GetCollectionRedirect() 2020-06-08 13:37:02 -04:00
prichier 724ab34006 Fix: option name from allow_logout to allow_disconnect 2020-06-06 23:52:26 +02:00
prichier fe7ff38bd8 Manage generic Oauth buttons on Account Settings
Add generic Oauth allow_logout option
2020-05-31 04:09:14 +02:00
Matt Baer 5400f416c0 Reduce db calls on normal invite-based signup
This removes an unnecessary database call after creating a user, and documents `db.CreateUser()` to make it clear that extra calls are unnecessary.
2020-04-20 18:21:01 -04:00
Matt Baer ca4a576c31 Support OAuth registration with invite code
This adds any OAuth login buttons to the invite signup page, stores the invite code for the flow duration, and associates the new user with it once successfully registered.

It enables invite-only instances with OAuth-based registration.
2020-04-20 18:18:23 -04:00
Matt Baer dbd7eff7ea
Merge pull request #284 from writeas/high-load-error-page
Show 503 page on blogs under high load
2020-03-27 11:52:28 -04:00
Matt Baer 1d25b38eb7
Merge pull request #282 from writeas/patch-ap-mentions
Clean up ActivityPub mentions
2020-03-27 09:07:57 -04:00
Matt Baer cf4f08b264 Merge branch 'develop' into T713-oauth-account-management 2020-03-19 12:02:33 -04:00
Matt Baer 9e25979e37 Run go fmt on modified GitLab files 2020-03-18 16:17:06 -04:00
Matt Baer 0285a9b0bd Show 503 page on collections under high load
This acknowledges "too many connections" and "max user connections"
errors in MySQL and propagates the error up the chain so we can notify
the user and return the correct HTTP code.
2020-03-18 16:14:05 -04:00
Matt Baer 97aec9c158 Fix error / info logging around AP mentions
This fixes log formatting and makes verbiage consistent & concise.
2020-03-17 13:42:51 -04:00
Matt Baer 471a9e0602 Store AP handles consistently
This ensures handles are always stored without leading @ symbol.
2020-03-17 13:42:09 -04:00
Kyle Robbertze c292512b9d add Gitlab OAuth 2020-03-12 10:50:55 +02:00
Matt Baer 6aa8de3a4b Add Gopher support
This adds gopher support to WriteFreely -- both single- and multi-user
instances. It is off by default, but can be enabled with the new
`gopher_port` config value in the `[server]` section.

When enabled, multi-user instances will show all public blogs at
gopher://[host]:[gopher_port]/ -- otherwise, blogs are accessible at
gopher://[host]:[gopher_port]/[blog]/

This is just a proof of concept for now. We still need to handle some
edge cases and different configurations, like private instances.

Ref T559
2020-03-01 20:12:47 -05:00
Matt Baer 7fe281df69 Use NULL for new attach_user_id column
Ref T713
2020-02-10 15:24:39 -05:00
Matt Baer f846cada4b Merge branch 'develop' into T713-oauth-account-management 2020-02-09 14:05:12 -05:00
Matt Baer f70c1dfaa5 Merge branch 'develop' into rename-account-suspend 2020-02-09 11:14:51 -05:00
Matt Baer 468bbf2187 Merge branch 'develop' into rename-account-suspend 2020-02-09 11:14:14 -05:00
Matt Baer 1a10bb3ed6 Merge pull request #252 from writeas/fix-mix-of-collations
Restrict /invite/{code} route to valid chars
2020-02-08 15:25:15 -05:00
Matt Baer af14bcbb78 Clean up oauth_users table on account deletion
Ref T319
2020-02-08 13:51:38 -05:00
Matt Baer c9faff178d Don't float posts on account deletion
Ref T319
2020-02-08 13:51:14 -05:00
Matt Baer 9d360f0e41 Merge branch 'develop' into T319-delete-account 2020-02-08 13:42:46 -05:00
Matt Baer 9589612d0e Add TODOs for improving GetProfilePageFromHandle() 2020-02-08 13:05:54 -05:00
Matt Baer bb63e64883 Clean up getProfilePageFromHandle
- Export the func
- Remove commented-out code
- Use log, not fmt for debug messages
- Remove named return parameters
- Use standard var naming schemes
- Fix spacing in queries and remove unnecessary chars
2020-02-08 12:10:47 -05:00
Matt Baer 68d63d3fef Merge branch 'develop' into activitypub-mentions 2020-02-08 11:51:18 -05:00
Matt Baer 51700cc7da Ignore "mix of collations" error on invite SELECT
This adds the `isIgnorableError` method and calls it when error checking
in `GetUserInvite()`, returning "not found" if the rror comes up.
2020-01-30 10:36:29 +01:00
Nick Gerakines c0317b4e93 Implemented oauth attach functionality, oauth detach functionality, and required data migration. T713 2020-01-15 13:16:59 -05:00
Nick Gerakines 9170c84617 Merged in final changes from PR 225 into T705-oauth-slack. T710 2019-12-31 11:48:08 -05:00
Nick Gerakines b5f716135b Changed oauth table names per PR feedback. T705 2019-12-31 11:28:05 -05:00
Nick Gerakines cf87ae9096 Code cleanup in prep for PR. T710 2019-12-30 13:32:06 -05:00
Nick Gerakines 462f87919a Feature complete on MVP slack auth integration. T710 2019-12-28 15:15:47 -05:00
Nick Gerakines 13121cb266 Merging T705-oauth into T710-oauth-slack. T705,T710 2019-12-27 13:40:11 -05:00
Nick Gerakines 4266154749 Code cleanup from PR 255 feedback. T705 2019-12-27 13:35:48 -05:00
Nick Gerakines bf3b6a5ba0 Unit tests, integration testing, and code cleanup for oauth support. Part of T705. 2019-12-23 14:30:32 -05:00
Nick Gerakines 7a0863f71b Added oauth handlers and tests with mocks. Part of T705. 2019-12-19 11:51:19 -05:00
Matt Baer d8df15855c Merge branch 'develop' into activitypub-mentions 2019-11-26 13:19:20 -05:00
Rob Loranger 7e014ca659
Rename Suspend status to Silence
This changes all variables and functions from using Suspend{ed} to using
Silence{d} as well as documentation, errors and logging.
2019-11-11 15:25:19 -08:00
Matt Baer 7f96e8c384 Rename UserSuspended to UserSilenced
Some of the work needed to have the backend match user-facing wording.

Ref T661
2019-11-12 00:41:25 +09:00
Matt Baer f7550a0da8 Change more suspension check logic
From u.Status == UserSuspended to u.IsSuspended()

Ref T661
2019-11-12 00:04:36 +09:00
Rob Loranger 41166e5c35
CLI delete account by username and delete posts
this changed the CLI flag to use the username instead of the userID
leaving the underlying database function as is.

also now posts are all deleted with no option to skip as this is likely
never needed.
2019-11-05 09:14:20 -08:00
Rob Loranger c87ca11a52
add account deletion
CLI only but backend supports calls from app.db.DeleteAccount already

takes --delete-account user_id_number with optional --posts to also
delete posts. if --posts is omitted all user posts will be updated to
anonymous posts
2019-10-31 15:20:18 -07:00
Rob Loranger f85f0751a3
address PR comments
- update error messages to be correct
- move suspended message into template and include for other pages
- check suspended status on all relevant pages and show message if
logged in user is suspended.
- fix possible nil pointer error
- remove changes to db schema files
- add version comment to migration
- add UserStatus type with UserActive and UserSuspended
- change database table to use status column instead of suspended
- update toggle suspended handler to be toggle status in prep for
possible future inclusion of further user statuses
2019-10-25 12:04:24 -07:00
Matt Baer 9873fc443f Merge branch 'develop' into T661-disable-accounts 2019-10-24 13:22:26 -04:00
Michael Demetriou db14f04b59 Redirects from the intermediate page work and if there's an old mention
there it updates the table to include the handle.

migrations WIP
2019-10-10 16:04:43 +03:00
Rob Loranger d954b7c8e3
add user invite instructions
this adds a new page with instructions for sharing user invites

if a user clicks the link for one of their own invite codes they are
directed to a page with clear instructions for it's use.

if a user clicks another users link they are redirectec to their account
settings witha flash telling them they do not need to register.
2019-09-13 10:58:17 -07:00
Matt Baer 40ffb3a5f9 Merge branch 'develop' into chorus 2019-09-10 21:41:28 +02:00
Matt Baer 9256293123
Merge pull request #169 from writeas/future-pins
prevent future posts from showing in pins
2019-09-10 21:37:28 +02:00
Matt Baer ca388d6536 Merge branch 'develop' into chorus 2019-09-09 17:26:40 +02:00
Rob Loranger 77f7b4a522
Add account suspension features
This renders all requests for that user's posts, collections and related
ActivityPub endpoints with 404 responses.

While suspended, users may not create or edit posts or collections.

User status is listed in the admin user page

Admin view of user details shows status and now has a button to activate
or suspend a user.
2019-08-29 09:09:11 -07:00
Rob Loranger 55dc1917fe
use established future posts pattern 2019-08-12 14:13:02 -07:00
Rob Loranger ca957c4b6d
fix missing collection hostname
GetCollections and GetPublishableCollections now take a hostname
parameter to allow setting the collecion hostname.

All collections used in memory now have their hostname set.
2019-08-12 12:35:17 -07:00
Rob Loranger b373aad298
prevent future posts from showing in pins
this changes GetPinnedPosts to accept an includeFutre bool, which
returns future dated pinned posts when true.
2019-08-12 09:58:30 -07:00
Matt Baer deec914ccb Merge branch 'develop' into chorus 2019-08-08 07:55:49 -04:00
Matt Baer adfcc82241
Merge pull request #148 from writeas/default-visibility
Support setting default blog visibility on instance

Resolves T675
2019-08-07 17:44:37 -04:00
Matt Baer f8d57d9e75 Return correct `public` state on collection creation
(in returned JSON data)

Ref T675
2019-08-07 16:22:35 -04:00
Matt Baer afadf6fdf6 Set default visibility in datastore.CreateCollection
instead of updating it later. This is more correct behavior, prevents an
additional query, and ensures that potential collection-creation when
claiming posts also respects the default (which it didn't before).

Ref T675
2019-08-07 16:20:32 -04:00
Matt Baer df078c569d Accept config.Config in datastore.CreateUser()
instead of App

Ref T675
2019-08-07 16:19:35 -04:00
Matt Baer 3cc397ad76 Merge branch 'develop' into chorus 2019-08-07 10:58:34 -04:00
Matt Baer ff7828c558 Link hashtags to Reader when Chorus mode enabled
instead of linking to posts only on a user's blog.

Ref T681
2019-08-07 09:40:07 -04:00
Matt Baer a75b45f060 Support configuring default collection visibility
This adds a new `default_visibility` config value that lets an instance
admin set the visibility of newly created collections.

Ref T675
2019-07-31 22:18:40 -04:00
Matt Baer f6f116d672 Fix missing hostname when publishing via API
This fixes a bug that occurred only when publishing via API and
authenticating via token (rather than cookie).

Previously, the instance's hostname wouldn't be added to the Collection
that got passed around after retrieving the owned post, meaning an
incomplete URL was returned in the API response, and federation failed due
to the missing host.
2019-07-22 14:02:53 -04:00
Matt Baer 909976dd90 Don't consider post unpublished when title exists
Previously, you could create a post with a title but no body, e.g. by
publishing via email. This would still show the post on a blog, but
would give a 410 Gone page when trying to access the page.

This issue originally reported on the forum:
https://discuss.write.as/t/removing-post-unpublished-by-author-post/725
2019-07-14 12:59:33 -04:00
Matt Baer 00a8f8c951
Merge pull request #119 from qwazix/develop
Half-fix of #96
2019-06-27 09:29:25 -04:00
Matt Baer a10a4e9a28 Merge branch 'develop' into librarization 2019-06-13 20:39:52 -04:00
Matt Baer 758269e3d8 Move key generation and Keychain to key pkg
Ref T613
2019-06-13 13:47:28 -04:00
Michael Demetriou 9570388d1d Fix #96
This solves the error 500 on the /api/me endpoint.

Replace token search query `=` with `LIKE` to fix sqlite complaining about
no valid tokens. Also checked with MySQL and it still works after the change.
2019-06-11 20:18:58 +03:00
Noëlle Anthony f271e53925 Update GetPosts() docstring 2019-05-29 12:03:01 -04:00
Noëlle Anthony 95e84a1d0e Change GetPosts() to have includePinned parameter, change all calls to match 2019-05-28 14:54:56 -04:00
Matt Baer 9e43b04f04 Make Keychain struct public 2019-05-12 17:20:24 -04:00
Matt Baer d8937e89a8 Make App struct public 2019-05-12 17:19:38 -04:00
Matt Baer 9cb0f80921 Support changing instance page titles
Now admins can choose a title for their About and Privacy pages; now
editable through the instance page editor.

This adds `title` and `content_type` fields to the `appcontent` table,
requiring a migration by running `writefreely --migrate`

The content_type field specifies that items we're currently storing in
this table are all "page"s; queries for fetching these have been updated
to filter for this type. In the future, this field will be used to
indicate when an item is a stylesheet (ref T563) or other supported
type.

Ref T566
2019-04-11 13:56:07 -04:00
Matt Baer a850fa14cd Move instance page editing to dedicated section
This adds a "Pages" section to the admin part of the site, and enables
admins to edit the pre-defined About and Privacy pages there, instead of
on the dashboard itself.

It also restructures how these pages get sent around in the backend and
lays the groundwork for dynamically adding static pages. The backend
changes were made with more customization in mind, such as an
instance-wide custom stylesheet (T563).

Ref T566
2019-04-06 13:23:22 -04:00
Matt Baer 372b4e5dcd Fix nil pointer when navigating to bad invite URL
Previously when looking up an invite ID that doesn't exist, the database
call wouldn't communicate its non-existence in a standard way --
returning a nil object and nil error. Now the database call returns a
404 error, so handlers can show the correct page.
2019-02-27 06:15:42 -05:00
Matt Baer 70e823d6ab Support user invites
This includes:

- A new `user_invites` config value that determines who can generate
  invite links
- A new page for generating invite links, with new user navigation link
- A new /invite/ path that allows anyone to sign up via unique invite
  link, even if registrations are closed
- Tracking who (of registered users) has been invited by whom

It requires an updated database with `writefreely --migrate` in order to
work.

This closes T556
2019-01-18 00:05:50 -05:00
Matt Baer 062ae0e16a Initialize db on single-user instance config
This fixes the --config step so that when setting up a single-user
instance for the first time (and creating the admin user as part of the
process), the database is automatically initialized before creating that
user.

This removes the need for the --init-db command after --config when
setting up single-user instances.

It fixes #59: "no such table: users" error during the --config step on
single-user instances that haven't previously run --init-db.
2019-01-13 09:08:47 -05:00
Matt Baer 8a555567a6 Fix tagged posts SQLite query
SQLite doesn't have an `RLIKE` function, so the query for hashtagged
posts was failing before. This adds a `regexp` function to SQLite and
correctly retrieves all posts on a blog with the requested hashtag.

This closes #55
2019-01-07 11:55:23 -05:00
Matt Baer 1c58c64c7c Fix SQLite deadlock when creating user
This avoids reading from the database after a transaction has been
started in CreateUser(), fixing the deadlock that occurred before.

Closes #53
2019-01-06 21:30:34 -05:00
Matt Baer bf7d422039 Add pager to admin user list
This enables paging through the entire list of users.

Ref T553
2019-01-05 09:37:53 -05:00
Matt Baer 3d301c97e9 Fix admin user paging query 2019-01-05 08:47:42 -05:00
Matt Baer 0e722de82c Add admin user list
This enables admins on multi-user instances to see all users registered,
and view the details of each, including:

- Username
- Join date
- Total posts
- Last post date
- All blogs
  - Public info
  - Views
  - Total posts
  - Last post date
  - Fediverse followers count

This is the foundation for future user moderation features.

Ref T553
2019-01-04 22:28:29 -05:00
Matt Baer fca3019e4b Support building without SQLite support
This adds a new `sqlite` build tag that you should include only if you
want SQLite3 support built in. Both `make run` and `make release` create
builds with SQLite included.
2019-01-03 17:57:06 -05:00
Matt Baer 3ae45bc156 Fix spacing around copyright notices 2018-12-31 01:05:26 -05:00
Matt Baer 1274914207 Add copyright / license notices to .go files 2018-12-24 12:45:15 -05:00
Matt Baer 25a68d0c0e Add Reader section
This adds a "Reader" section of the site for admins who want to enable
it for their instance. That means visitors can go to /read and see who
has publicly shared their writing. They can also follow all public posts
via RSS by going to /read/feed/. Writers on an instance with this
`local_timeline` setting enabled can publish to the timeline by going
into their blog settings and choosing the "Public" visibility setting.

The `local_timeline` feature is disabled by default, as is the Public
setting on writer blogs. Enabling it adds a "Reader" navigation item and
enables the reader endpoints. This feature will also consume more
memory, as public posts are cached in memory for 10 minutes.

These changes include code ported over from Read.Write.as, and thus
include some experimental features like filtering public posts by tags
and authors. These features aren't well-tested or complete.

Closes T554
2018-12-10 16:08:07 -05:00
Matt Baer c6851fee50 Fix duplicate key checks in SQLite
Ref T529
2018-12-08 13:25:20 -05:00
Matt Baer 4b780361bf Fix upsert queries on SQLite
Ref T529
2018-12-08 12:58:45 -05:00
Matt Baer 026604b3dd Fix pinned post content truncation with SQLite
This extracts the LEFT/SUBSTR logic into its own datastore.clip() method
that also works correctly with SQLite.

Ref T529
2018-12-08 12:54:49 -05:00
Matt Baer daaa4564bb Fix post `created` date in SQLite
We store times in UTC in all other places, but the post.Created logic
when creating a post meant that dates were being stored in a user's
local timezone. This fixes that.

Ref T529
2018-12-08 12:51:27 -05:00
Matt Baer 6f4c004e8c Fix SQLite date format string
The formatted string was invalid before, causing date parsing to fail.
This fixes that.

Ref T529
2018-12-08 12:28:52 -05:00
Matt Baer bc1b3fdfb7 Move NOW() calls to datastore.now() method
Ref T529
2018-12-08 12:15:16 -05:00
Ben Overmyer 6cb86214d7 SQLite support added. 2018-12-01 12:07:25 -06:00
Matt Baer be2c7ef86b Show instance stats on About page
This also moves the stats database logic out of nodeinfo.go and into
database.go.
2018-11-21 14:08:47 -05:00
Matt Baer bdc4f270f8 Support editing About and Privacy pages from Admin panel
This allows admin to edit these pages from the web, using Markdown. It
also dynamically loads information on those pages now, and makes loading
`pages` templates a little easier to find in the code / more explicit.

It requires this new schema change:

CREATE TABLE IF NOT EXISTS `appcontent` (
  `id` varchar(36) NOT NULL,
  `content` mediumtext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
  `updated` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

This closes T533
2018-11-18 21:58:50 -05:00