a
/
gosora
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
gosora/common/routes_common.go

571 lines
19 KiB
Go
Raw Normal View History

Finished moving the files into the subpackage, this should open more doors to us. Moved more queries out of the global stmt holder. Refactored several things.
2017-11-11 04:06:16 +00:00
package common
Add a per-user theme switcher. The CSS might be slightly broken in the themes, that'll be fixed in a follow-up commit. Added basic support for server sync. Re-added a few missing defers. Renamed TO-DO to TODO across the entire codebase. Renamed StaticForumStore to MemoryForumStore. The ForumStore is now built on a sync.Map with a view slice for generating /forums rather than a slice. Renamed many more functions and variables to satisfy the linter. increase_post_user_stats() and decrease_post_user_stats() are now methods on the User struct. We also fix a bug where they take the moderator's score rather than the target user's into account when recalculating their level after a post / topic is deleted. Transitioned the topic list to CSS Grid for Tempra Simple, with a float fallback. Cosmo and Cosmo Conflux are now hidden from the theme list. Fixed more data races. Added more debug data to the template compiler logs.
2017-09-10 16:57:22 +00:00
We don't want middleware in user.go
2017-09-10 17:05:13 +00:00
import (
adjust path
2022-02-21 03:53:13 +00:00
"crypto/subtle"
"html"
"io"
"net"
"net/http"
"os"
"regexp"
"strconv"
"strings"
"time"
more converts
2022-02-21 03:32:53 +00:00
adjust path
2022-02-21 03:53:13 +00:00
"git.tuxpa.in/a/gosora/common/phrases"
"git.tuxpa.in/a/gosora/uutils"
We don't want middleware in user.go
2017-09-10 17:05:13 +00:00
)
// nolint
var PreRoute func(http.ResponseWriter, *http.Request) (User, bool) = preRoute
Added the GroupStore. Renamed the *Store methods. Added more functionality to some of the DataStores. Added DataCache interfaces in addition to the DataStores to help curb their unrelenting growth and confusing APIs. Fixed a crash bug in the ForumStore getters. Fixed three tests. Added more tests. Temporary Group permissions should now be applied properly. Improved the Tempra Conflux theme. Moved the topic deletion logic into the TopicStore. Tweaked the permission checks on the member routes to make them more sensible.
2017-09-15 22:20:01 +00:00
// TODO: Come up with a better middleware solution
We don't want middleware in user.go
2017-09-10 17:05:13 +00:00
// nolint We need these types so people can tell what they are without scrolling to the bottom of the file
Fixed the Go Version in the Travis file. Added the Go and Database versions to the Control Panel Debug Page. Renamed common.TopicsPage to common.TopicListPage. Renamed *HeaderVars to *Header. Added the Paginator struct and refactored the code to use it. io.Writers are now used instead of http.ResponseWriters in transpiled templates for greater flexibility. Added the alert, menu_alerts, and menu_item templates. Added support for more integer types in the arithmetic functions for the transpiled templates. Exported AccSelectBuilder. Added an Each method to AccSelectBuilder. Added column quoting to the order by portions of queries for the MySQL Adapter. Began work on the client side rendering of alerts. Began work on the Menu Manager and associated functionality.
2018-04-22 12:33:56 +00:00
var PanelUserCheck func(http.ResponseWriter, *http.Request, *User) (*Header, PanelStats, RouteError) = panelUserCheck
Finished moving the files into the subpackage, this should open more doors to us. Moved more queries out of the global stmt holder. Refactored several things.
2017-11-11 04:06:16 +00:00
var SimplePanelUserCheck func(http.ResponseWriter, *http.Request, *User) (*HeaderLite, RouteError) = simplePanelUserCheck
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
var SimpleForumUserCheck func(w http.ResponseWriter, r *http.Request, u *User, fid int) (headerLite *HeaderLite, err RouteError) = simpleForumUserCheck
Eliminate zone and prescript allocs in userCheck2().
2021-05-10 07:53:52 +00:00
var ForumUserCheck func(h *Header, w http.ResponseWriter, r *http.Request, u *User, fid int) (err RouteError) = forumUserCheck
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
var SimpleUserCheck func(w http.ResponseWriter, r *http.Request, u *User) (headerLite *HeaderLite, err RouteError) = simpleUserCheck
var UserCheck func(w http.ResponseWriter, r *http.Request, u *User) (h *Header, err RouteError) = userCheck
var UserCheckNano func(w http.ResponseWriter, r *http.Request, u *User, nano int64) (h *Header, err RouteError) = userCheck2
avoid double indirect for header in simple_forum_check_pre_perms hook avoid double indirect for header in forum_check_pre_perms hook use hookgen for forum_check_pre_perms hook
2020-05-26 01:46:02 +00:00
func simpleForumUserCheck(w http.ResponseWriter, r *http.Request, u *User, fid int) (h *HeaderLite, rerr RouteError) {
more converts
2022-02-21 03:32:53 +00:00
h, rerr = SimpleUserCheck(w, r, u)
if rerr != nil {
return h, rerr
}
if !Forums.Exists(fid) {
return nil, PreError("The target forum doesn't exist.", w, r)
}
// Is there a better way of doing the skip AND the success flag on this hook like multiple returns?
/*skip, rerr := h.Hooks.VhookSkippable("simple_forum_check_pre_perms", w, r, u, &fid, h)
if skip || rerr != nil {
return h, rerr
}*/
skip, rerr := H_simple_forum_check_pre_perms_hook(h.Hooks, w, r, u, &fid, h)
if skip || rerr != nil {
return h, rerr
}
fp, err := FPStore.Get(fid, u.Group)
if err == ErrNoRows {
fp = BlankForumPerms()
} else if err != nil {
return h, InternalError(err, w, r)
}
cascadeForumPerms(fp, u)
return h, nil
We don't want middleware in user.go
2017-09-10 17:05:13 +00:00
}
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func forumUserCheck(h *Header, w http.ResponseWriter, r *http.Request, u *User, fid int) (rerr RouteError) {
more converts
2022-02-21 03:32:53 +00:00
if !Forums.Exists(fid) {
return NotFound(w, r, h)
}
/*skip, rerr := h.Hooks.VhookSkippable("forum_check_pre_perms", w, r, u, &fid, h)
if skip || rerr != nil {
return rerr
}*/
/*skip, rerr := VhookSkippableTest(h.Hooks, "forum_check_pre_perms", w, r, u, &fid, h)
if skip || rerr != nil {
return rerr
}*/
skip, rerr := H_forum_check_pre_perms_hook(h.Hooks, w, r, u, &fid, h)
if skip || rerr != nil {
return rerr
}
fp, err := FPStore.Get(fid, u.Group)
if err == ErrNoRows {
fp = BlankForumPerms()
} else if err != nil {
return InternalError(err, w, r)
}
cascadeForumPerms(fp, u)
h.CurrentUser = u // TODO: Use a pointer instead for CurrentUser, so we don't have to do this
return rerr
Moved the forum permission cascade logic into it's own function. Removed some redundant queries. Refactored the router generator.
2017-10-31 07:26:44 +00:00
}
// TODO: Put this on the user instance? Do we really want forum specific logic in there? Maybe, a method which spits a new pointer with the same contents as user?
Shorten more things.
2019-08-31 22:59:00 +00:00
func cascadeForumPerms(fp *ForumPerms, u *User) {
more converts
2022-02-21 03:32:53 +00:00
if fp.Overrides && !u.IsSuperAdmin {
u.Perms.ViewTopic = fp.ViewTopic
u.Perms.LikeItem = fp.LikeItem
u.Perms.CreateTopic = fp.CreateTopic
u.Perms.EditTopic = fp.EditTopic
u.Perms.DeleteTopic = fp.DeleteTopic
u.Perms.CreateReply = fp.CreateReply
u.Perms.EditReply = fp.EditReply
u.Perms.DeleteReply = fp.DeleteReply
u.Perms.PinTopic = fp.PinTopic
u.Perms.CloseTopic = fp.CloseTopic
u.Perms.MoveTopic = fp.MoveTopic
if len(fp.ExtData) != 0 {
for name, perm := range fp.ExtData {
u.PluginPerms[name] = perm
}
}
}
We don't want middleware in user.go
2017-09-10 17:05:13 +00:00
}
// Even if they have the right permissions, the control panel is only open to supermods+. There are many areas without subpermissions which assume that the current user is a supermod+ and admins are extremely unlikely to give these permissions to someone who isn't at-least a supermod to begin with
// TODO: Do a panel specific theme?
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func panelUserCheck(w http.ResponseWriter, r *http.Request, u *User) (h *Header, stats PanelStats, rerr RouteError) {
more converts
2022-02-21 03:32:53 +00:00
theme := GetThemeByReq(r)
h = &Header{
Site: Site,
Settings: SettingBox.Load().(SettingMap),
//Themes: Themes,
ThemesSlice: ThemesSlice,
Theme: theme,
CurrentUser: u,
Hooks: GetHookTable(),
Zone: "panel",
Writer: w,
IsoCode: phrases.GetLangPack().IsoCode,
//StartedAt: time.Now(),
StartedAt: uutils.Nanotime(),
}
// TODO: We should probably initialise header.ExtData
// ? - Should we only show this in debug mode? It might be useful for detecting issues in production, if we show it there as-well
//if user.IsAdmin {
//h.StartedAt = time.Now()
//}
h.AddSheet(theme.Name + "/main.css")
h.AddSheet(theme.Name + "/panel.css")
if len(theme.Resources) > 0 {
rlist := theme.Resources
for _, res := range rlist {
if res.LocID == LocGlobal || res.LocID == LocPanel {
if res.Type == ResTypeSheet {
h.AddSheet(res.Name)
} else if res.Type == ResTypeScript {
if res.Async {
h.AddScriptAsync(res.Name)
} else {
h.AddScript(res.Name)
}
}
}
}
}
//h := w.Header()
//h.Set("Content-Security-Policy", "default-src 'self'")
// TODO: GDPR. Add a global control panel notice warning the admins of staff members who don't have 2FA enabled
stats.Users = Users.Count()
stats.Groups = Groups.Count()
stats.Forums = Forums.Count()
stats.Pages = Pages.Count()
stats.Settings = len(h.Settings)
stats.WordFilters = WordFilters.EstCount()
stats.Themes = len(Themes)
stats.Reports = 0 // TODO: Do the report count. Only show open threads?
addPreScript := func(name string, i int) {
// TODO: Optimise this by removing a superfluous string alloc
if theme.OverridenMap != nil {
//fmt.Printf("name %+v\n", name)
//fmt.Printf("theme.OverridenMap %+v\n", theme.OverridenMap)
if _, ok := theme.OverridenMap[name]; ok {
tname := "_" + theme.Name
//fmt.Printf("tname %+v\n", tname)
h.AddPreScriptAsync("tmpl_" + name + tname + ".js")
return
}
}
//fmt.Printf("tname %+v\n", tname)
h.AddPreScriptAsync(ucstrs[i])
}
addPreScript("alert", 3)
addPreScript("notice", 4)
return h, stats, nil
We don't want middleware in user.go
2017-09-10 17:05:13 +00:00
}
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func simplePanelUserCheck(w http.ResponseWriter, r *http.Request, u *User) (lite *HeaderLite, rerr RouteError) {
more converts
2022-02-21 03:32:53 +00:00
return SimpleUserCheck(w, r, u)
Added the GroupStore. Renamed the *Store methods. Added more functionality to some of the DataStores. Added DataCache interfaces in addition to the DataStores to help curb their unrelenting growth and confusing APIs. Fixed a crash bug in the ForumStore getters. Fixed three tests. Added more tests. Temporary Group permissions should now be applied properly. Improved the Tempra Conflux theme. Moved the topic deletion logic into the TopicStore. Tweaked the permission checks on the member routes to make them more sensible.
2017-09-15 22:20:01 +00:00
}
Renamed the middleware functions.
2017-09-10 17:39:16 +00:00
// SimpleUserCheck is back from the grave, yay :D
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func simpleUserCheck(w http.ResponseWriter, r *http.Request, u *User) (lite *HeaderLite, rerr RouteError) {
more converts
2022-02-21 03:32:53 +00:00
return &HeaderLite{
Site: Site,
Settings: SettingBox.Load().(SettingMap),
Hooks: GetHookTable(),
}, nil
We don't want middleware in user.go
2017-09-10 17:05:13 +00:00
}
Oops, need to generate a cached copy of each theme's lists in Hyperdrive. Renamed common.getTheme to common.GetThemeByReq.
2019-04-29 12:23:17 +00:00
func GetThemeByReq(r *http.Request) *Theme {
more converts
2022-02-21 03:32:53 +00:00
theme := &Theme{Name: ""}
cookie, e := r.Cookie("current_theme")
if e == nil {
inTheme, ok := Themes[html.EscapeString(cookie.Value)]
if ok && !theme.HideFromThemes {
theme = inTheme
}
}
if theme.Name == "" {
theme = Themes[DefaultThemeBox.Load().(string)]
}
return theme
The moderation logs can now be localised. Error pages which call CustomError should now stick on the theme the user chose rather than the global fallback theme. Move the theme fetching logic out of userCheck and panelUserCheck and into it's own function. Split prepResources out of userCheck, so that errors can make use of it. Fixed a bug where no scripts or stylesheets would run on error pages. Fixed a bug where unknown topics would point to /user/ rather than /topic/ Added the panel_logs_moderation_action_topic_stick phrase. Added the panel_logs_moderation_action_topic_unstick phrase. Added the panel_logs_moderation_action_topic_lock phrase. Added the panel_logs_moderation_action_topic_unlock phrase. Added the panel_logs_moderation_action_topic_delete phrase. Added the panel_logs_moderation_action_topic_move phrase. Added the panel_logs_moderation_action_topic_move_dest phrase. Added the panel_logs_moderation_action_topic_unknown phrase. Added the panel_logs_moderation_action_reply_delete phrase. Added the panel_logs_moderation_action_user_ban phrase. Added the panel_logs_moderation_action_user_unban phrase. Added the panel_logs_moderation_action_user_activate phrase. Added the panel_logs_moderation_action_unknown phrase. Added the user_unknown phrase.
2019-04-18 01:00:39 +00:00
}
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func userCheck(w http.ResponseWriter, r *http.Request, u *User) (h *Header, rerr RouteError) {
more converts
2022-02-21 03:32:53 +00:00
return userCheck2(w, r, u, uutils.Nanotime())
optimise route perf tracking expand route perf tracking to more routes
2020-02-29 01:10:39 +00:00
}
The moderation logs can now be localised. Error pages which call CustomError should now stick on the theme the user chose rather than the global fallback theme. Move the theme fetching logic out of userCheck and panelUserCheck and into it's own function. Split prepResources out of userCheck, so that errors can make use of it. Fixed a bug where no scripts or stylesheets would run on error pages. Fixed a bug where unknown topics would point to /user/ rather than /topic/ Added the panel_logs_moderation_action_topic_stick phrase. Added the panel_logs_moderation_action_topic_unstick phrase. Added the panel_logs_moderation_action_topic_lock phrase. Added the panel_logs_moderation_action_topic_unlock phrase. Added the panel_logs_moderation_action_topic_delete phrase. Added the panel_logs_moderation_action_topic_move phrase. Added the panel_logs_moderation_action_topic_move_dest phrase. Added the panel_logs_moderation_action_topic_unknown phrase. Added the panel_logs_moderation_action_reply_delete phrase. Added the panel_logs_moderation_action_user_ban phrase. Added the panel_logs_moderation_action_user_unban phrase. Added the panel_logs_moderation_action_user_activate phrase. Added the panel_logs_moderation_action_unknown phrase. Added the user_unknown phrase.
2019-04-18 01:00:39 +00:00
// TODO: Add the ability for admins to restrict certain themes to certain groups?
// ! Be careful about firing errors off here as CustomError uses this
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func userCheck2(w http.ResponseWriter, r *http.Request, u *User, nano int64) (h *Header, rerr RouteError) {
more converts
2022-02-21 03:32:53 +00:00
theme := GetThemeByReq(r)
h = &Header{
Site: Site,
Settings: SettingBox.Load().(SettingMap),
//Themes: Themes,
ThemesSlice: ThemesSlice,
Theme: theme,
CurrentUser: u, // ! Some things rely on this being a pointer downstream from this function
Hooks: GetHookTable(),
Zone: ucstrs[0],
Writer: w,
IsoCode: phrases.GetLangPack().IsoCode,
StartedAt: nano,
}
// TODO: Optimise this by avoiding accessing a map string index
if !u.Loggedin {
h.GoogSiteVerify = h.Settings["google_site_verify"].(string)
}
if u.IsBanned {
h.AddNotice("account_banned")
}
if u.Loggedin && !u.Active {
h.AddNotice("account_inactive")
}
/*h.Scripts, _ = StrSlicePool.Get().([]string)
if h.Scripts != nil {
h.Scripts = h.Scripts[:0]
}
h.PreScriptsAsync, _ = StrSlicePool.Get().([]string)
if h.PreScriptsAsync != nil {
h.PreScriptsAsync = h.PreScriptsAsync[:0]
}*/
// An optimisation so we don't populate StartedAt for users who shouldn't see the stat anyway
// ? - Should we only show this in debug mode? It might be useful for detecting issues in production, if we show it there as-well
//if u.IsAdmin {
//h.StartedAt = time.Now()
//}
//PrepResources(u,h,theme)
return h, nil
The moderation logs can now be localised. Error pages which call CustomError should now stick on the theme the user chose rather than the global fallback theme. Move the theme fetching logic out of userCheck and panelUserCheck and into it's own function. Split prepResources out of userCheck, so that errors can make use of it. Fixed a bug where no scripts or stylesheets would run on error pages. Fixed a bug where unknown topics would point to /user/ rather than /topic/ Added the panel_logs_moderation_action_topic_stick phrase. Added the panel_logs_moderation_action_topic_unstick phrase. Added the panel_logs_moderation_action_topic_lock phrase. Added the panel_logs_moderation_action_topic_unlock phrase. Added the panel_logs_moderation_action_topic_delete phrase. Added the panel_logs_moderation_action_topic_move phrase. Added the panel_logs_moderation_action_topic_move_dest phrase. Added the panel_logs_moderation_action_topic_unknown phrase. Added the panel_logs_moderation_action_reply_delete phrase. Added the panel_logs_moderation_action_user_ban phrase. Added the panel_logs_moderation_action_user_unban phrase. Added the panel_logs_moderation_action_user_activate phrase. Added the panel_logs_moderation_action_unknown phrase. Added the user_unknown phrase.
2019-04-18 01:00:39 +00:00
}
add python and go user agents. add new bot class for python, go and curl to reduce resource usage. don't push canonicals for loggedin users try to avoid pushing google site verify when it isn't necessary give ahrefs the semrush treatment
2020-03-22 04:37:45 +00:00
func PrepResources(u *User, h *Header, theme *Theme) {
more converts
2022-02-21 03:32:53 +00:00
h.AddSheet(theme.Name + "/main.css")
if len(theme.Resources) > 0 {
rlist := theme.Resources
for _, res := range rlist {
if res.Loggedin && !u.Loggedin {
continue
}
if res.LocID == LocGlobal || res.LocID == LocFront {
if res.Type == ResTypeSheet {
h.AddSheet(res.Name)
} else if res.Type == ResTypeScript {
if res.Async {
h.AddScriptAsync(res.Name)
} else {
h.AddScript(res.Name)
}
}
}
}
}
addPreScript := func(name string, i int) {
// TODO: Optimise this by removing a superfluous string alloc
if theme.OverridenMap != nil {
//fmt.Printf("name %+v\n", name)
//fmt.Printf("theme.OverridenMap %+v\n", theme.OverridenMap)
if _, ok := theme.OverridenMap[name]; ok {
tname := "_" + theme.Name
//fmt.Printf("tname %+v\n", tname)
h.AddPreScriptAsync("tmpl_" + name + tname + ".js")
return
}
}
//fmt.Printf("tname %+v\n", tname)
h.AddPreScriptAsync(ucstrs[i])
}
addPreScript("topics_topic", 1)
addPreScript("paginator", 2)
addPreScript("alert", 3)
addPreScript("notice", 4)
if u.Loggedin {
addPreScript("topic_c_edit_post", 5)
addPreScript("topic_c_attach_item", 6)
addPreScript("topic_c_poll_input", 7)
}
We don't want middleware in user.go
2017-09-10 17:05:13 +00:00
}
Eliminate zone and prescript allocs in userCheck2().
2021-05-10 07:53:52 +00:00
func pstr(name string) string {
more converts
2022-02-21 03:32:53 +00:00
return "tmpl_" + name + ".js"
Eliminate zone and prescript allocs in userCheck2().
2021-05-10 07:53:52 +00:00
}
var ucstrs = [...]string{
more converts
2022-02-21 03:32:53 +00:00
"frontend",
Eliminate zone and prescript allocs in userCheck2().
2021-05-10 07:53:52 +00:00
more converts
2022-02-21 03:32:53 +00:00
pstr("topics_topic"),
pstr("paginator"),
pstr("alert"),
pstr("notice"),
Eliminate zone and prescript allocs in userCheck2().
2021-05-10 07:53:52 +00:00
more converts
2022-02-21 03:32:53 +00:00
pstr("topic_c_edit_post"),
pstr("topic_c_attach_item"),
pstr("topic_c_poll_input"),
Eliminate zone and prescript allocs in userCheck2().
2021-05-10 07:53:52 +00:00
}
We don't want middleware in user.go
2017-09-10 17:05:13 +00:00
func preRoute(w http.ResponseWriter, r *http.Request) (User, bool) {
more converts
2022-02-21 03:32:53 +00:00
userptr, halt := Auth.SessionCheck(w, r)
if halt {
return *userptr, false
}
var usercpy *User = BlankUser()
*usercpy = *userptr
usercpy.Init() // TODO: Can we reduce the amount of work we do here?
// TODO: Add a config setting to disable this header
// TODO: Have this header cover more things
if Config.SslSchema {
w.Header().Set("Content-Security-Policy", "upgrade-insecure-requests")
}
// TODO: WIP. Refactor this to eliminate the unnecessary query
// TODO: Better take proxies into consideration
if !Config.DisableIP {
var host string
// TODO: Prefer Cf-Connecting-Ip header, fewer shenanigans
if Site.HasProxy {
// TODO: Check the right-most IP, might get tricky with multiple proxies, maybe have a setting for the number of hops we jump through
xForwardedFor := r.Header.Get("X-Forwarded-For")
if xForwardedFor != "" {
forwardedFor := strings.Split(xForwardedFor, ",")
// TODO: Check if this is a valid IP Address, reject if not
host = forwardedFor[len(forwardedFor)-1]
}
}
if host == "" {
var e error
host, _, e = net.SplitHostPort(r.RemoteAddr)
if e != nil {
_ = PreError("Bad IP", w, r)
return *usercpy, false
}
}
if !Config.DisableLastIP && usercpy.Loggedin && host != usercpy.GetIP() {
mon := time.Now().Month()
e := usercpy.UpdateIP(strconv.Itoa(int(mon)) + "-" + host)
if e != nil {
_ = InternalError(e, w, r)
return *usercpy, false
}
}
usercpy.LastIP = host
}
return *usercpy, true
We don't want middleware in user.go
2017-09-10 17:05:13 +00:00
}
More work on Cosora, we have a screenshot of it up now, although it's super experimental at the moment. This commit might be a little broken, another is coming to fix things up! The topics list is now paginated. Refactored the error handling system. Added the Trumboyg WYSIWYG editor for Cosora. Moved Delete() out of the TopicStore and into *Topic You can now bulk delete and bulk lock topics on Cosora. h1s are now formatted properly on Firefox. Added more ARIA Labels. SuperModOnly is now a piece of middleware for the Control Panel routes. Refactored and extended the router generator. Improved the SEO for the paginators. Added bits of Microdata to improve SEO further. Wrote benchmarks for users.Get() and users.BypassGet() More errors are caught now. You can now attach pcss files to posts. Improved the error logging for JavaScript. Topic list avatars now link to the associated profiles. Added last poster avatars to the forum list.
2017-10-30 09:57:08 +00:00
Eliminate zone and prescript allocs in userCheck2().
2021-05-10 07:53:52 +00:00
func UploadAvatar(w http.ResponseWriter, r *http.Request, u *User, tuid int) (ext string, ferr RouteError) {
more converts
2022-02-21 03:32:53 +00:00
// We don't want multiple files
// TODO: Are we doing this correctly?
filenameMap := make(map[string]bool)
for _, fheaders := range r.MultipartForm.File {
for _, hdr := range fheaders {
if hdr.Filename == "" {
continue
}
filenameMap[hdr.Filename] = true
}
}
if len(filenameMap) > 1 {
return "", LocalError("You may only upload one avatar", w, r, u)
}
for _, fheaders := range r.MultipartForm.File {
for _, hdr := range fheaders {
if hdr.Filename == "" {
continue
}
inFile, err := hdr.Open()
if err != nil {
return "", LocalError("Upload failed", w, r, u)
}
defer inFile.Close()
if ext == "" {
extarr := strings.Split(hdr.Filename, ".")
if len(extarr) < 2 {
return "", LocalError("Bad file", w, r, u)
}
ext = extarr[len(extarr)-1]
// TODO: Can we do this without a regex?
reg, err := regexp.Compile("[^A-Za-z0-9]+")
if err != nil {
return "", LocalError("Bad file extension", w, r, u)
}
ext = reg.ReplaceAllString(ext, "")
ext = strings.ToLower(ext)
if !ImageFileExts.Contains(ext) {
return "", LocalError("You can only use an image for your avatar", w, r, u)
}
}
// TODO: Centralise this string, so we don't have to change it in two different places when it changes
outFile, err := os.Create("./uploads/avatar_" + strconv.Itoa(tuid) + "." + ext)
if err != nil {
return "", LocalError("Upload failed [File Creation Failed]", w, r, u)
}
defer outFile.Close()
_, err = io.Copy(outFile, inFile)
if err != nil {
return "", LocalError("Upload failed [Copy Failed]", w, r, u)
}
}
}
if ext == "" {
return "", LocalError("No file", w, r, u)
}
return ext, nil
Let admins change and revoke user avatars. Linkify avatars in the user manager too. Add the panel_user_avatar phrase.
2019-06-10 22:00:57 +00:00
}
Eliminate zone and prescript allocs in userCheck2().
2021-05-10 07:53:52 +00:00
func ChangeAvatar(path string, w http.ResponseWriter, r *http.Request, u *User) RouteError {
more converts
2022-02-21 03:32:53 +00:00
e := u.ChangeAvatar(path)
if e != nil {
return InternalError(e, w, r)
}
// Clean up the old avatar data, so we don't end up with too many dead files in /uploads/
if len(u.RawAvatar) > 2 {
if u.RawAvatar[0] == '.' && u.RawAvatar[1] == '.' {
e := os.Remove("./uploads/avatar_" + strconv.Itoa(u.ID) + "_tmp" + u.RawAvatar[1:])
if e != nil && !os.IsNotExist(e) {
LogWarning(e)
return LocalError("Something went wrong", w, r, u)
}
e = os.Remove("./uploads/avatar_" + strconv.Itoa(u.ID) + "_w48" + u.RawAvatar[1:])
if e != nil && !os.IsNotExist(e) {
LogWarning(e)
return LocalError("Something went wrong", w, r, u)
}
}
}
return nil
Let admins change and revoke user avatars. Linkify avatars in the user manager too. Add the panel_user_avatar phrase.
2019-06-10 22:00:57 +00:00
}
The Cosora Theme is almost complete and is being rolled out on the site to demo it. We now track the views on a per-route basis. We have plans for an admin UI for this, global views, etc. which will come in a future commit. The local error JSON is now properly formed. Fixed an outdated line in topic.go which was using the old cache system. We now use fuzzy dates for relative times between three months ago and a year ago. Added the super admin middleware and the associated tests. Added the route column to the viewchunks table. Added more alt attributes to images. Added a few missing ARIA attributes. Began refactoring the route generator to use text/template instead of generating everything procedurally. Began work on per-topic view counts.
2017-12-19 03:53:13 +00:00
// SuperAdminOnly makes sure that only super admin can access certain critical panel routes
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func SuperAdminOnly(w http.ResponseWriter, r *http.Request, u *User) RouteError {
more converts
2022-02-21 03:32:53 +00:00
if !u.IsSuperAdmin {
return NoPermissions(w, r, u)
}
return nil
The Cosora Theme is almost complete and is being rolled out on the site to demo it. We now track the views on a per-route basis. We have plans for an admin UI for this, global views, etc. which will come in a future commit. The local error JSON is now properly formed. Fixed an outdated line in topic.go which was using the old cache system. We now use fuzzy dates for relative times between three months ago and a year ago. Added the super admin middleware and the associated tests. Added the route column to the viewchunks table. Added more alt attributes to images. Added a few missing ARIA attributes. Began refactoring the route generator to use text/template instead of generating everything procedurally. Began work on per-topic view counts.
2017-12-19 03:53:13 +00:00
}
Moved the modlog and admin log logic to their own file. Refactored the code to use the new builder syntax. Fixed the DbInit logic. Made sure the prepared statements are cleaned up. Added the AdminOnly middleware and added it to the routes. Added the Query method to the selectBuilder.
2017-11-11 23:34:27 +00:00
// AdminOnly makes sure that only admins can access certain panel routes
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func AdminOnly(w http.ResponseWriter, r *http.Request, u *User) RouteError {
more converts
2022-02-21 03:32:53 +00:00
if !u.IsAdmin {
return NoPermissions(w, r, u)
}
return nil
Moved the modlog and admin log logic to their own file. Refactored the code to use the new builder syntax. Fixed the DbInit logic. Made sure the prepared statements are cleaned up. Added the AdminOnly middleware and added it to the routes. Added the Query method to the selectBuilder.
2017-11-11 23:34:27 +00:00
}
More work on Cosora, we have a screenshot of it up now, although it's super experimental at the moment. This commit might be a little broken, another is coming to fix things up! The topics list is now paginated. Refactored the error handling system. Added the Trumboyg WYSIWYG editor for Cosora. Moved Delete() out of the TopicStore and into *Topic You can now bulk delete and bulk lock topics on Cosora. h1s are now formatted properly on Firefox. Added more ARIA Labels. SuperModOnly is now a piece of middleware for the Control Panel routes. Refactored and extended the router generator. Improved the SEO for the paginators. Added bits of Microdata to improve SEO further. Wrote benchmarks for users.Get() and users.BypassGet() More errors are caught now. You can now attach pcss files to posts. Improved the error logging for JavaScript. Topic list avatars now link to the associated profiles. Added last poster avatars to the forum list.
2017-10-30 09:57:08 +00:00
// SuperModeOnly makes sure that only super mods or higher can access the panel routes
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func SuperModOnly(w http.ResponseWriter, r *http.Request, u *User) RouteError {
more converts
2022-02-21 03:32:53 +00:00
if !u.IsSuperMod {
return NoPermissions(w, r, u)
}
return nil
More work on Cosora, we have a screenshot of it up now, although it's super experimental at the moment. This commit might be a little broken, another is coming to fix things up! The topics list is now paginated. Refactored the error handling system. Added the Trumboyg WYSIWYG editor for Cosora. Moved Delete() out of the TopicStore and into *Topic You can now bulk delete and bulk lock topics on Cosora. h1s are now formatted properly on Firefox. Added more ARIA Labels. SuperModOnly is now a piece of middleware for the Control Panel routes. Refactored and extended the router generator. Improved the SEO for the paginators. Added bits of Microdata to improve SEO further. Wrote benchmarks for users.Get() and users.BypassGet() More errors are caught now. You can now attach pcss files to posts. Improved the error logging for JavaScript. Topic list avatars now link to the associated profiles. Added last poster avatars to the forum list.
2017-10-30 09:57:08 +00:00
}
I've revamped the query generator to reduce the number of globals, this'll help us split up the software and plugins in the future. Refactored the router. Added the MemberOnly middleware and tests for it.
2017-11-05 09:55:34 +00:00
// MemberOnly makes sure that only logged in users can access this route
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func MemberOnly(w http.ResponseWriter, r *http.Request, u *User) RouteError {
more converts
2022-02-21 03:32:53 +00:00
if !u.Loggedin {
return LoginRequired(w, r, u)
}
return nil
Added the Not method to the router generator. Refactored the router generator. Added the NoBanned and NoSessionMismatch middlewares. Removed some of the implicit returns. Refactored some of the routes and their associated stores. Added more Codebeat exclusions. Added the AddReply method to *Topic. Added the Like method to *Topic. MemberOnly now emits a LoginRequired error rather than a generic NoPermissions error. Made progress with Cosora, this time with the profile system.
2017-11-08 07:28:33 +00:00
}
// NoBanned stops any banned users from accessing this route
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func NoBanned(w http.ResponseWriter, r *http.Request, u *User) RouteError {
more converts
2022-02-21 03:32:53 +00:00
if u.IsBanned {
return Banned(w, r, u)
}
return nil
Added the Not method to the router generator. Refactored the router generator. Added the NoBanned and NoSessionMismatch middlewares. Removed some of the implicit returns. Refactored some of the routes and their associated stores. Added more Codebeat exclusions. Added the AddReply method to *Topic. Added the Like method to *Topic. MemberOnly now emits a LoginRequired error rather than a generic NoPermissions error. Made progress with Cosora, this time with the profile system.
2017-11-08 07:28:33 +00:00
}
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func ParseForm(w http.ResponseWriter, r *http.Request, u *User) RouteError {
more converts
2022-02-21 03:32:53 +00:00
if e := r.ParseForm(); e != nil {
return LocalError("Bad Form", w, r, u)
}
return nil
Added the Not method to the router generator. Refactored the router generator. Added the NoBanned and NoSessionMismatch middlewares. Removed some of the implicit returns. Refactored some of the routes and their associated stores. Added more Codebeat exclusions. Added the AddReply method to *Topic. Added the Like method to *Topic. MemberOnly now emits a LoginRequired error rather than a generic NoPermissions error. Made progress with Cosora, this time with the profile system.
2017-11-08 07:28:33 +00:00
}
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func NoSessionMismatch(w http.ResponseWriter, r *http.Request, u *User) RouteError {
more converts
2022-02-21 03:32:53 +00:00
if e := r.ParseForm(); e != nil {
return LocalError("Bad Form", w, r, u)
}
if len(u.Session) == 0 {
return SecurityError(w, r, u)
}
// TODO: Try to eliminate some of these allocations
sess := []byte(u.Session)
if subtle.ConstantTimeCompare([]byte(r.FormValue("session")), sess) != 1 && subtle.ConstantTimeCompare([]byte(r.FormValue("s")), sess) != 1 {
return SecurityError(w, r, u)
}
return nil
I've revamped the query generator to reduce the number of globals, this'll help us split up the software and plugins in the future. Refactored the router. Added the MemberOnly middleware and tests for it.
2017-11-05 09:55:34 +00:00
}
Added the AboutSegment feature, you can see this in use on Cosora, it's a little raw right now, but I'm planning to polish it in the next commit. Refactored the code to use switches instead of if blocks in some places. Refactored the Dashboard to make it easier to add icons to it like I did with Cosora. You can now use maps in transpiled templates. Made progress on Cosora's footer. Swapped out the ThemeName property in the HeaderVars struct for a more general and flexible Theme property. Added the colstack CSS class to make it easier to style the layouts for the Control Panel and profile. Renamed the FStore variable to Forums. Renamed the Fpstore variable to FPStore. Renamed the Gstore variable to Groups. Split the MemoryTopicStore into DefaultTopicStore and MemoryTopicCache. Split the MemoryUserStore into DefaultUserStore and MemoryUserCache. Removed the NullUserStore, SQLUserStore, and SQLTopicStore. Added the NullTopicCache and NullUserCache. Moved the Reload method out of the TopicCache interface and into the TopicStore one. Moved the Reload method out of the UserCache interface and into the UserStore one. Added the SetCache and GetCache methods to the TopicStore and UserStore. Added the BypassGetAll method to the WordFilterMap type. Renamed routePanelSetting to routePanelSettingEdit. Renamed routePanelSettingEdit to routePanelSettingEditSubmit. Moved the page titles into the english language pack. Split main() into main and afterDBInit to avoid code duplication in general_test.go Added the ReqIsJson method so that we don't have to sniff the headers every time. Added the LogStore interface. Added the SQLModLogStore and the SQLAdminLogStore. Refactored the phrase system to use getPhrasePlaceholder instead of hard-coding the string to return in a bunch of functions. Removed a redundant rank check. Added the GuildStore to plugin_guilds. Added the about_segment_title and about_segment_body settings. Refactored the setting system to use predefined errors to make it easier for an upstream caller to filter out sensitive error messages as opposed to safe errors. Added the BypassGetAll method to the SettingMap type. Added the Update method to the SettingMap type. BulkGet is now exposed via the MemoryUserCache. Refactored more logs in the template transpiler to reduce the amount of indentation. Refactored the tests to take up fewer lines. Further improved the Cosora theme's colours, padding, and profiles. Added styling for the Control Panel Dashboard to the Cosora Theme. Reduced the amount of code duplication in the installer query generator and opened the door to certain types of auto-migrations. Refactored the Control Panel Dashboard to reduce the amount of code duplication. Refactored the modlog route to reduce the amount of code duplication and string concatenation.
2017-11-23 05:37:08 +00:00
func ReqIsJson(r *http.Request) bool {
more converts
2022-02-21 03:32:53 +00:00
return r.Header.Get("Content-type") == "application/json"
Added the AboutSegment feature, you can see this in use on Cosora, it's a little raw right now, but I'm planning to polish it in the next commit. Refactored the code to use switches instead of if blocks in some places. Refactored the Dashboard to make it easier to add icons to it like I did with Cosora. You can now use maps in transpiled templates. Made progress on Cosora's footer. Swapped out the ThemeName property in the HeaderVars struct for a more general and flexible Theme property. Added the colstack CSS class to make it easier to style the layouts for the Control Panel and profile. Renamed the FStore variable to Forums. Renamed the Fpstore variable to FPStore. Renamed the Gstore variable to Groups. Split the MemoryTopicStore into DefaultTopicStore and MemoryTopicCache. Split the MemoryUserStore into DefaultUserStore and MemoryUserCache. Removed the NullUserStore, SQLUserStore, and SQLTopicStore. Added the NullTopicCache and NullUserCache. Moved the Reload method out of the TopicCache interface and into the TopicStore one. Moved the Reload method out of the UserCache interface and into the UserStore one. Added the SetCache and GetCache methods to the TopicStore and UserStore. Added the BypassGetAll method to the WordFilterMap type. Renamed routePanelSetting to routePanelSettingEdit. Renamed routePanelSettingEdit to routePanelSettingEditSubmit. Moved the page titles into the english language pack. Split main() into main and afterDBInit to avoid code duplication in general_test.go Added the ReqIsJson method so that we don't have to sniff the headers every time. Added the LogStore interface. Added the SQLModLogStore and the SQLAdminLogStore. Refactored the phrase system to use getPhrasePlaceholder instead of hard-coding the string to return in a bunch of functions. Removed a redundant rank check. Added the GuildStore to plugin_guilds. Added the about_segment_title and about_segment_body settings. Refactored the setting system to use predefined errors to make it easier for an upstream caller to filter out sensitive error messages as opposed to safe errors. Added the BypassGetAll method to the SettingMap type. Added the Update method to the SettingMap type. BulkGet is now exposed via the MemoryUserCache. Refactored more logs in the template transpiler to reduce the amount of indentation. Refactored the tests to take up fewer lines. Further improved the Cosora theme's colours, padding, and profiles. Added styling for the Control Panel Dashboard to the Cosora Theme. Reduced the amount of code duplication in the installer query generator and opened the door to certain types of auto-migrations. Refactored the Control Panel Dashboard to reduce the amount of code duplication. Refactored the modlog route to reduce the amount of code duplication and string concatenation.
2017-11-23 05:37:08 +00:00
}
Added the post counter and the associated Control Panel graph. Renamed the pre_render_panel_analytics hook to pre_render_panel_analytics_views. Added a details table to the route graphs. Moved the /topic/ and /reply/ routes to the router generator and hardened them. Made some of the route names more consistent. We now track IPs in odd situations in debug mode. Fixed a bug where people could post on non-existent profiles. Continued work on topic move. Added the postchunks table.
2018-01-14 12:03:20 +00:00
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func HandleUploadRoute(w http.ResponseWriter, r *http.Request, u *User, maxFileSize int) RouteError {
more converts
2022-02-21 03:32:53 +00:00
// TODO: Reuse this code more
if r.ContentLength > int64(maxFileSize) {
size, unit := ConvertByteUnit(float64(maxFileSize))
return CustomError("Your upload is too big. Your files need to be smaller than "+strconv.Itoa(int(size))+unit+".", http.StatusExpectationFailed, "Error", w, r, nil, u)
}
r.Body = http.MaxBytesReader(w, r.Body, r.ContentLength)
e := r.ParseMultipartForm(int64(Megabyte))
if e != nil {
return LocalError("Bad Form", w, r, u)
}
return nil
Added the post counter and the associated Control Panel graph. Renamed the pre_render_panel_analytics hook to pre_render_panel_analytics_views. Added a details table to the route graphs. Moved the /topic/ and /reply/ routes to the router generator and hardened them. Made some of the route names more consistent. We now track IPs in odd situations in debug mode. Fixed a bug where people could post on non-existent profiles. Continued work on topic move. Added the postchunks table.
2018-01-14 12:03:20 +00:00
}
save bytes in the client templates rename template file and functions to reduce bandwidth usage replace x-loggedin with theoretically faster x-mem remove redundant check in ua loop move extraData initialisation down to where it's needed
2020-03-22 23:14:08 +00:00
func NoUploadSessionMismatch(w http.ResponseWriter, r *http.Request, u *User) RouteError {
more converts
2022-02-21 03:32:53 +00:00
if len(u.Session) == 0 {
return SecurityError(w, r, u)
}
// TODO: Try to eliminate some of these allocations
sess := []byte(u.Session)
if subtle.ConstantTimeCompare([]byte(r.FormValue("session")), sess) != 1 && subtle.ConstantTimeCompare([]byte(r.FormValue("s")), sess) != 1 {
return SecurityError(w, r, u)
}
return nil
Added the post counter and the associated Control Panel graph. Renamed the pre_render_panel_analytics hook to pre_render_panel_analytics_views. Added a details table to the route graphs. Moved the /topic/ and /reply/ routes to the router generator and hardened them. Made some of the route names more consistent. We now track IPs in odd situations in debug mode. Fixed a bug where people could post on non-existent profiles. Continued work on topic move. Added the postchunks table.
2018-01-14 12:03:20 +00:00
}