2021-09-24 00:12:46 +00:00
|
|
|
package website
|
|
|
|
|
|
|
|
import (
|
|
|
|
"context"
|
|
|
|
"encoding/base64"
|
|
|
|
"errors"
|
|
|
|
"fmt"
|
|
|
|
"net/http"
|
|
|
|
"strconv"
|
|
|
|
"time"
|
|
|
|
|
|
|
|
"git.handmade.network/hmn/hmn/src/auth"
|
|
|
|
"git.handmade.network/hmn/hmn/src/config"
|
|
|
|
"git.handmade.network/hmn/hmn/src/db"
|
2021-12-09 02:04:15 +00:00
|
|
|
"git.handmade.network/hmn/hmn/src/hmndata"
|
2021-09-24 00:12:46 +00:00
|
|
|
"git.handmade.network/hmn/hmn/src/hmnurl"
|
|
|
|
"git.handmade.network/hmn/hmn/src/models"
|
|
|
|
"git.handmade.network/hmn/hmn/src/oops"
|
|
|
|
"git.handmade.network/hmn/hmn/src/templates"
|
|
|
|
"github.com/google/uuid"
|
|
|
|
"github.com/jackc/pgx/v4/pgxpool"
|
|
|
|
)
|
|
|
|
|
|
|
|
type AdminAtomFeedData struct {
|
|
|
|
Title string
|
|
|
|
Subtitle string
|
|
|
|
|
|
|
|
HomepageUrl string
|
|
|
|
AtomFeedUrl string
|
|
|
|
FeedUrl string
|
|
|
|
|
|
|
|
CopyrightStatement string
|
|
|
|
SiteVersion string
|
|
|
|
Updated time.Time
|
|
|
|
FeedID string
|
|
|
|
|
|
|
|
Posts []templates.PostListItem
|
|
|
|
}
|
|
|
|
|
|
|
|
func AdminAtomFeed(c *RequestContext) ResponseData {
|
|
|
|
creds := fmt.Sprintf("%s:%s", config.Config.Admin.AtomUsername, config.Config.Admin.AtomPassword)
|
|
|
|
expectedAuth := fmt.Sprintf("Basic %s", base64.StdEncoding.EncodeToString([]byte(creds)))
|
|
|
|
auth, hasAuth := c.Req.Header["Authorization"]
|
2021-09-24 00:37:08 +00:00
|
|
|
if !hasAuth {
|
|
|
|
res := ResponseData{
|
|
|
|
StatusCode: http.StatusUnauthorized,
|
|
|
|
}
|
|
|
|
res.Header().Set("WWW-Authenticate", "Basic realm=\"Admin\"")
|
|
|
|
return res
|
|
|
|
} else if auth[0] != expectedAuth {
|
2021-09-24 00:12:46 +00:00
|
|
|
return FourOhFour(c)
|
|
|
|
}
|
|
|
|
|
|
|
|
feedData := AdminAtomFeedData{
|
|
|
|
HomepageUrl: hmnurl.BuildHomepage(),
|
|
|
|
CopyrightStatement: fmt.Sprintf("Copyright (C) 2014-%d Handmade.Network and its contributors", time.Now().Year()),
|
|
|
|
SiteVersion: "2.0",
|
2021-09-24 00:39:59 +00:00
|
|
|
Title: "Handmade Network Admin feed",
|
2021-09-24 00:12:46 +00:00
|
|
|
Subtitle: "Unapproved user posts",
|
|
|
|
FeedID: uuid.NewSHA1(uuid.NameSpaceURL, []byte(hmnurl.BuildAdminAtomFeed())).URN(),
|
|
|
|
AtomFeedUrl: hmnurl.BuildAdminAtomFeed(),
|
|
|
|
FeedUrl: hmnurl.BuildAdminApprovalQueue(),
|
|
|
|
}
|
|
|
|
|
|
|
|
unapprovedPosts, err := fetchUnapprovedPosts(c)
|
|
|
|
if err != nil {
|
|
|
|
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to fetch unapproved posts"))
|
|
|
|
}
|
|
|
|
|
|
|
|
c.Perf.StartBlock("SQL", "Fetch subforum tree")
|
|
|
|
subforumTree := models.GetFullSubforumTree(c.Context(), c.Conn)
|
|
|
|
lineageBuilder := models.MakeSubforumLineageBuilder(subforumTree)
|
|
|
|
c.Perf.EndBlock()
|
|
|
|
|
|
|
|
for _, post := range unapprovedPosts {
|
|
|
|
postItem := MakePostListItem(
|
|
|
|
lineageBuilder,
|
|
|
|
&post.Project,
|
|
|
|
&post.Thread,
|
|
|
|
&post.Post,
|
|
|
|
&post.Author,
|
|
|
|
false,
|
|
|
|
true,
|
|
|
|
c.Theme,
|
|
|
|
)
|
|
|
|
|
|
|
|
postItem.PostTypePrefix = fmt.Sprintf("ADMIN::UNAPPROVED: %s", postItem.PostTypePrefix)
|
|
|
|
postItem.UUID = uuid.NewSHA1(uuid.NameSpaceURL, []byte(postItem.Url)).URN()
|
|
|
|
postItem.LastEditDate = post.CurrentVersion.Date
|
|
|
|
feedData.Posts = append(feedData.Posts, postItem)
|
|
|
|
}
|
|
|
|
if len(feedData.Posts) > 0 {
|
|
|
|
feedData.Updated = feedData.Posts[0].Date
|
|
|
|
} else {
|
|
|
|
feedData.Updated = time.Now()
|
|
|
|
}
|
|
|
|
var res ResponseData
|
|
|
|
res.MustWriteTemplate("admin_atom.xml", feedData, c.Perf)
|
|
|
|
return res
|
|
|
|
}
|
|
|
|
|
|
|
|
const (
|
|
|
|
ApprovalQueueActionApprove string = "approve"
|
|
|
|
ApprovalQueueActionSpammer string = "spammer"
|
|
|
|
)
|
|
|
|
|
|
|
|
type postWithTitle struct {
|
|
|
|
templates.Post
|
|
|
|
Title string
|
|
|
|
}
|
|
|
|
|
|
|
|
type adminApprovalQueueData struct {
|
|
|
|
templates.BaseData
|
|
|
|
|
|
|
|
Posts []postWithTitle
|
|
|
|
SubmitUrl string
|
|
|
|
ApprovalAction string
|
|
|
|
SpammerAction string
|
|
|
|
}
|
|
|
|
|
|
|
|
func AdminApprovalQueue(c *RequestContext) ResponseData {
|
|
|
|
c.Perf.StartBlock("SQL", "Fetch subforum tree")
|
|
|
|
subforumTree := models.GetFullSubforumTree(c.Context(), c.Conn)
|
|
|
|
lineageBuilder := models.MakeSubforumLineageBuilder(subforumTree)
|
|
|
|
c.Perf.EndBlock()
|
|
|
|
|
|
|
|
posts, err := fetchUnapprovedPosts(c)
|
|
|
|
if err != nil {
|
|
|
|
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to fetch unapproved posts"))
|
|
|
|
}
|
|
|
|
|
|
|
|
data := adminApprovalQueueData{
|
|
|
|
BaseData: getBaseDataAutocrumb(c, "Admin approval queue"),
|
|
|
|
SubmitUrl: hmnurl.BuildAdminApprovalQueue(),
|
|
|
|
ApprovalAction: ApprovalQueueActionApprove,
|
|
|
|
SpammerAction: ApprovalQueueActionSpammer,
|
|
|
|
}
|
|
|
|
for _, p := range posts {
|
|
|
|
post := templates.PostToTemplate(&p.Post, &p.Author, c.Theme)
|
|
|
|
post.AddContentVersion(p.CurrentVersion, &p.Author) // NOTE(asaf): Don't care about editors here
|
2021-12-09 02:04:15 +00:00
|
|
|
post.Url = UrlForGenericPost(hmndata.UrlContextForProject(&p.Project), &p.Thread, &p.Post, lineageBuilder)
|
2021-09-24 00:12:46 +00:00
|
|
|
data.Posts = append(data.Posts, postWithTitle{
|
|
|
|
Post: post,
|
|
|
|
Title: p.Thread.Title,
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
var res ResponseData
|
|
|
|
res.MustWriteTemplate("admin_approval_queue.html", data, c.Perf)
|
|
|
|
return res
|
|
|
|
}
|
|
|
|
|
|
|
|
func AdminApprovalQueueSubmit(c *RequestContext) ResponseData {
|
|
|
|
err := c.Req.ParseForm()
|
|
|
|
if err != nil {
|
|
|
|
return c.ErrorResponse(http.StatusBadRequest, oops.New(err, "failed to parse admin approval form"))
|
|
|
|
}
|
|
|
|
action := c.Req.Form.Get("action")
|
|
|
|
userIdStr := c.Req.Form.Get("user_id")
|
|
|
|
userId, err := strconv.Atoi(userIdStr)
|
|
|
|
if err != nil {
|
|
|
|
return RejectRequest(c, "User id can't be parsed")
|
|
|
|
}
|
|
|
|
|
|
|
|
u, err := db.QueryOne(c.Context(), c.Conn, models.User{},
|
|
|
|
`
|
|
|
|
SELECT $columns FROM auth_user WHERE id = $1
|
|
|
|
`,
|
|
|
|
userId,
|
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
if errors.Is(err, db.NotFound) {
|
|
|
|
return RejectRequest(c, "User not found")
|
|
|
|
} else {
|
2021-12-13 16:58:26 +00:00
|
|
|
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to fetch user"))
|
2021-09-24 00:12:46 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
user := u.(*models.User)
|
|
|
|
|
|
|
|
whatHappened := ""
|
|
|
|
if action == ApprovalQueueActionApprove {
|
|
|
|
_, err := c.Conn.Exec(c.Context(),
|
|
|
|
`
|
|
|
|
UPDATE auth_user
|
|
|
|
SET status = $1
|
|
|
|
WHERE id = $2
|
|
|
|
`,
|
|
|
|
models.UserStatusApproved,
|
|
|
|
user.ID,
|
|
|
|
)
|
|
|
|
if err != nil {
|
2021-12-13 16:58:26 +00:00
|
|
|
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to set user to approved"))
|
2021-09-24 00:12:46 +00:00
|
|
|
}
|
|
|
|
whatHappened = fmt.Sprintf("%s approved successfully", user.Username)
|
|
|
|
} else if action == ApprovalQueueActionSpammer {
|
|
|
|
_, err := c.Conn.Exec(c.Context(),
|
|
|
|
`
|
|
|
|
UPDATE auth_user
|
|
|
|
SET status = $1
|
|
|
|
WHERE id = $2
|
|
|
|
`,
|
|
|
|
models.UserStatusBanned,
|
|
|
|
user.ID,
|
|
|
|
)
|
|
|
|
if err != nil {
|
2021-12-13 16:58:26 +00:00
|
|
|
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to set user to banned"))
|
2021-09-24 00:12:46 +00:00
|
|
|
}
|
|
|
|
err = auth.DeleteSessionForUser(c.Context(), c.Conn, user.Username)
|
|
|
|
if err != nil {
|
2021-12-13 16:58:26 +00:00
|
|
|
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to log out user"))
|
2021-09-24 00:12:46 +00:00
|
|
|
}
|
|
|
|
err = deleteAllPostsForUser(c.Context(), c.Conn, user.ID)
|
2021-12-13 16:58:26 +00:00
|
|
|
if err != nil {
|
|
|
|
return c.ErrorResponse(http.StatusInternalServerError, oops.New(err, "failed to delete spammer's posts"))
|
|
|
|
}
|
2021-09-24 00:12:46 +00:00
|
|
|
whatHappened = fmt.Sprintf("%s banned successfully", user.Username)
|
|
|
|
} else {
|
|
|
|
whatHappened = fmt.Sprintf("Unrecognized action: %s", action)
|
|
|
|
}
|
|
|
|
|
|
|
|
res := c.Redirect(hmnurl.BuildAdminApprovalQueue(), http.StatusSeeOther)
|
|
|
|
res.AddFutureNotice("success", whatHappened)
|
|
|
|
return res
|
|
|
|
}
|
|
|
|
|
|
|
|
type UnapprovedPost struct {
|
|
|
|
Project models.Project `db:"project"`
|
|
|
|
Thread models.Thread `db:"thread"`
|
|
|
|
Post models.Post `db:"post"`
|
|
|
|
CurrentVersion models.PostVersion `db:"ver"`
|
|
|
|
Author models.User `db:"author"`
|
|
|
|
}
|
|
|
|
|
|
|
|
func fetchUnapprovedPosts(c *RequestContext) ([]*UnapprovedPost, error) {
|
|
|
|
it, err := db.Query(c.Context(), c.Conn, UnapprovedPost{},
|
|
|
|
`
|
|
|
|
SELECT $columns
|
|
|
|
FROM
|
|
|
|
handmade_post AS post
|
|
|
|
JOIN handmade_project AS project ON post.project_id = project.id
|
|
|
|
JOIN handmade_thread AS thread ON post.thread_id = thread.id
|
|
|
|
JOIN handmade_postversion AS ver ON ver.id = post.current_id
|
|
|
|
JOIN auth_user AS author ON author.id = post.author_id
|
|
|
|
WHERE
|
|
|
|
NOT thread.deleted
|
2021-12-13 16:58:26 +00:00
|
|
|
AND NOT post.deleted
|
|
|
|
AND author.status = ANY($1)
|
2021-09-24 00:12:46 +00:00
|
|
|
ORDER BY post.postdate DESC
|
|
|
|
`,
|
2021-12-13 16:58:26 +00:00
|
|
|
[]models.UserStatus{models.UserStatusConfirmed},
|
2021-09-24 00:12:46 +00:00
|
|
|
)
|
|
|
|
if err != nil {
|
|
|
|
return nil, oops.New(err, "failed to fetch unapproved posts")
|
|
|
|
}
|
|
|
|
var res []*UnapprovedPost
|
2021-12-15 01:36:37 +00:00
|
|
|
for _, iresult := range it {
|
2021-09-24 00:12:46 +00:00
|
|
|
res = append(res, iresult.(*UnapprovedPost))
|
|
|
|
}
|
|
|
|
return res, nil
|
|
|
|
}
|
|
|
|
|
|
|
|
func deleteAllPostsForUser(ctx context.Context, conn *pgxpool.Pool, userId int) error {
|
|
|
|
tx, err := conn.Begin(ctx)
|
|
|
|
if err != nil {
|
|
|
|
return oops.New(err, "failed to start transaction")
|
|
|
|
}
|
|
|
|
defer tx.Rollback(ctx)
|
|
|
|
type toDelete struct {
|
|
|
|
ThreadID int `db:"thread.id"`
|
|
|
|
PostID int `db:"post.id"`
|
|
|
|
}
|
|
|
|
it, err := db.Query(ctx, tx, toDelete{},
|
|
|
|
`
|
|
|
|
SELECT $columns
|
|
|
|
FROM
|
|
|
|
handmade_post as post
|
|
|
|
JOIN handmade_thread AS thread ON post.thread_id = thread.id
|
|
|
|
JOIN auth_user AS author ON author.id = post.author_id
|
|
|
|
WHERE author.id = $1
|
|
|
|
`,
|
|
|
|
userId,
|
|
|
|
)
|
|
|
|
|
|
|
|
if err != nil {
|
|
|
|
return oops.New(err, "failed to fetch posts to delete for user")
|
|
|
|
}
|
|
|
|
|
2021-12-15 01:36:37 +00:00
|
|
|
for _, iResult := range it {
|
2021-09-24 00:12:46 +00:00
|
|
|
row := iResult.(*toDelete)
|
2021-12-09 02:04:15 +00:00
|
|
|
hmndata.DeletePost(ctx, tx, row.ThreadID, row.PostID)
|
2021-09-24 00:12:46 +00:00
|
|
|
}
|
|
|
|
err = tx.Commit(ctx)
|
|
|
|
if err != nil {
|
|
|
|
return oops.New(err, "failed to commit transaction")
|
|
|
|
}
|
|
|
|
return nil
|
|
|
|
}
|