0a628f7201
Did some work on image thumbnailing, but our dependencies are acting up delaying this from being released. Fixed the positions of the topic list bits for Nox on mobile. Removed APNG as an accepted image format, as we don't currently have a good way of optimising these images. Added a comment regarding the constant time compare for sessions. Added a warning about putting Gosora in www folders. Noavatars can now take a width parameters. Added a bit of missing validation for the avatar uploader. Refactored the multiple file detector for the avatar uploader. Added a Run method to accDeleteBuilder. Added an EachInt method to AccSelectBuilder. Added a Run method to accInsertBuilder. Added the users_avatar_queue table, you will need to run the patcher / update script. You might also want to update the Noavatar field in your config.json file with the new one.
468 lines
13 KiB
Go
468 lines
13 KiB
Go
/*
|
|
*
|
|
* Gosora User File
|
|
* Copyright Azareal 2017 - 2019
|
|
*
|
|
*/
|
|
package common
|
|
|
|
import (
|
|
"database/sql"
|
|
"errors"
|
|
"strconv"
|
|
"strings"
|
|
"time"
|
|
|
|
"../query_gen/lib"
|
|
"github.com/go-sql-driver/mysql"
|
|
)
|
|
|
|
// TODO: Replace any literals with this
|
|
var BanGroup = 4
|
|
|
|
// TODO: Use something else as the guest avatar, maybe a question mark of some sort?
|
|
// GuestUser is an instance of user which holds guest data to avoid having to initialise a guest every time
|
|
var GuestUser = User{ID: 0, Name: "Guest", Link: "#", Group: 6, Perms: GuestPerms} // BuildAvatar is done in site.go to make sure it's done after init
|
|
var ErrNoTempGroup = errors.New("We couldn't find a temporary group for this user")
|
|
|
|
type User struct {
|
|
ID int
|
|
Link string
|
|
Name string
|
|
Email string
|
|
Group int
|
|
Active bool
|
|
IsMod bool
|
|
IsSuperMod bool
|
|
IsAdmin bool
|
|
IsSuperAdmin bool
|
|
IsBanned bool
|
|
Perms Perms
|
|
PluginPerms map[string]bool
|
|
Session string
|
|
//AuthToken string
|
|
Loggedin bool
|
|
RawAvatar string
|
|
Avatar string
|
|
MicroAvatar string
|
|
Message string
|
|
URLPrefix string // Move this to another table? Create a user lite?
|
|
URLName string
|
|
Tag string
|
|
Level int
|
|
Score int
|
|
Liked int
|
|
LastIP string // ! This part of the UserCache data might fall out of date
|
|
TempGroup int
|
|
}
|
|
|
|
func (user *User) WebSockets() *WsJSONUser {
|
|
var groupID = user.Group
|
|
if user.TempGroup != 0 {
|
|
groupID = user.TempGroup
|
|
}
|
|
// TODO: Do we want to leak the user's permissions? Users will probably be able to see their status from the group tags, but still
|
|
return &WsJSONUser{user.ID, user.Link, user.Name, groupID, user.IsMod, user.Avatar, user.Level, user.Score, user.Liked}
|
|
}
|
|
|
|
// Use struct tags to avoid having to define this? It really depends on the circumstances, sometimes we want the whole thing, sometimes... not.
|
|
type WsJSONUser struct {
|
|
ID int
|
|
Link string
|
|
Name string
|
|
Group int // Be sure to mask with TempGroup
|
|
IsMod bool
|
|
Avatar string
|
|
Level int
|
|
Score int
|
|
Liked int
|
|
}
|
|
|
|
type UserStmts struct {
|
|
activate *sql.Stmt
|
|
changeGroup *sql.Stmt
|
|
delete *sql.Stmt
|
|
setAvatar *sql.Stmt
|
|
setUsername *sql.Stmt
|
|
incrementTopics *sql.Stmt
|
|
updateLevel *sql.Stmt
|
|
update *sql.Stmt
|
|
|
|
// TODO: Split these into a sub-struct
|
|
incrementScore *sql.Stmt
|
|
incrementPosts *sql.Stmt
|
|
incrementBigposts *sql.Stmt
|
|
incrementMegaposts *sql.Stmt
|
|
incrementLiked *sql.Stmt
|
|
|
|
decrementLiked *sql.Stmt
|
|
updateLastIP *sql.Stmt
|
|
|
|
setPassword *sql.Stmt
|
|
|
|
scheduleAvatarResize *sql.Stmt
|
|
}
|
|
|
|
var userStmts UserStmts
|
|
|
|
func init() {
|
|
DbInits.Add(func(acc *qgen.Accumulator) error {
|
|
var where = "uid = ?"
|
|
userStmts = UserStmts{
|
|
activate: acc.SimpleUpdate("users", "active = 1", where),
|
|
changeGroup: acc.SimpleUpdate("users", "group = ?", where), // TODO: Implement user_count for users_groups here
|
|
delete: acc.SimpleDelete("users", where),
|
|
setAvatar: acc.Update("users").Set("avatar = ?").Where(where).Prepare(),
|
|
setUsername: acc.Update("users").Set("name = ?").Where(where).Prepare(),
|
|
incrementTopics: acc.SimpleUpdate("users", "topics = topics + ?", where),
|
|
updateLevel: acc.SimpleUpdate("users", "level = ?", where),
|
|
update: acc.Update("users").Set("name = ?, email = ?, group = ?").Where("uid = ?").Prepare(), // TODO: Implement user_count for users_groups on things which use this
|
|
|
|
incrementScore: acc.SimpleUpdate("users", "score = score + ?", where),
|
|
incrementPosts: acc.SimpleUpdate("users", "posts = posts + ?", where),
|
|
incrementBigposts: acc.SimpleUpdate("users", "posts = posts + ?, bigposts = bigposts + ?", where),
|
|
incrementMegaposts: acc.SimpleUpdate("users", "posts = posts + ?, bigposts = bigposts + ?, megaposts = megaposts + ?", where),
|
|
incrementLiked: acc.SimpleUpdate("users", "liked = liked + ?, lastLiked = UTC_TIMESTAMP()", where),
|
|
decrementLiked: acc.SimpleUpdate("users", "liked = liked - ?", where),
|
|
//recalcLastLiked: acc...
|
|
updateLastIP: acc.SimpleUpdate("users", "last_ip = ?", where),
|
|
|
|
setPassword: acc.Update("users").Set("password = ?, salt = ?").Where(where).Prepare(),
|
|
|
|
scheduleAvatarResize: acc.Insert("users_avatar_queue").Columns("uid").Fields("?").Prepare(),
|
|
}
|
|
return acc.FirstError()
|
|
})
|
|
}
|
|
|
|
func (user *User) Init() {
|
|
user.Avatar, user.MicroAvatar = BuildAvatar(user.ID, user.RawAvatar)
|
|
user.Link = BuildProfileURL(NameToSlug(user.Name), user.ID)
|
|
user.Tag = Groups.DirtyGet(user.Group).Tag
|
|
user.InitPerms()
|
|
}
|
|
|
|
// TODO: Refactor this idiom into something shorter, maybe with a NullUserCache when one isn't set?
|
|
func (user *User) CacheRemove() {
|
|
ucache := Users.GetCache()
|
|
if ucache != nil {
|
|
ucache.Remove(user.ID)
|
|
}
|
|
}
|
|
|
|
func (user *User) Ban(duration time.Duration, issuedBy int) error {
|
|
return user.ScheduleGroupUpdate(BanGroup, issuedBy, duration)
|
|
}
|
|
|
|
func (user *User) Unban() error {
|
|
return user.RevertGroupUpdate()
|
|
}
|
|
|
|
func (user *User) deleteScheduleGroupTx(tx *sql.Tx) error {
|
|
deleteScheduleGroupStmt, err := qgen.Builder.SimpleDeleteTx(tx, "users_groups_scheduler", "uid = ?")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = deleteScheduleGroupStmt.Exec(user.ID)
|
|
return err
|
|
}
|
|
|
|
func (user *User) setTempGroupTx(tx *sql.Tx, tempGroup int) error {
|
|
setTempGroupStmt, err := qgen.Builder.SimpleUpdateTx(tx, "users", "temp_group = ?", "uid = ?")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = setTempGroupStmt.Exec(tempGroup, user.ID)
|
|
return err
|
|
}
|
|
|
|
// Make this more stateless?
|
|
func (user *User) ScheduleGroupUpdate(gid int, issuedBy int, duration time.Duration) error {
|
|
var temporary bool
|
|
if duration.Nanoseconds() != 0 {
|
|
temporary = true
|
|
}
|
|
revertAt := time.Now().Add(duration)
|
|
|
|
tx, err := qgen.Builder.Begin()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer tx.Rollback()
|
|
|
|
err = user.deleteScheduleGroupTx(tx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
createScheduleGroupTx, err := qgen.Builder.SimpleInsertTx(tx, "users_groups_scheduler", "uid, set_group, issued_by, issued_at, revert_at, temporary", "?,?,?,UTC_TIMESTAMP(),?,?")
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = createScheduleGroupTx.Exec(user.ID, gid, issuedBy, revertAt, temporary)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = user.setTempGroupTx(tx, gid)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = tx.Commit()
|
|
|
|
user.CacheRemove()
|
|
return err
|
|
}
|
|
|
|
func (user *User) RevertGroupUpdate() error {
|
|
tx, err := qgen.Builder.Begin()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
defer tx.Rollback()
|
|
|
|
err = user.deleteScheduleGroupTx(tx)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
err = user.setTempGroupTx(tx, 0)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
err = tx.Commit()
|
|
|
|
user.CacheRemove()
|
|
return err
|
|
}
|
|
|
|
// TODO: Use a transaction here
|
|
// ? - Add a Deactivate method? Not really needed, if someone's been bad you could do a ban, I guess it might be useful, if someone says that email x isn't actually owned by the user in question?
|
|
func (user *User) Activate() (err error) {
|
|
_, err = userStmts.activate.Exec(user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = userStmts.changeGroup.Exec(Config.DefaultGroup, user.ID)
|
|
user.CacheRemove()
|
|
return err
|
|
}
|
|
|
|
// TODO: Write tests for this
|
|
// TODO: Delete this user's content too?
|
|
// TODO: Expose this to the admin?
|
|
func (user *User) Delete() error {
|
|
_, err := userStmts.delete.Exec(user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
user.CacheRemove()
|
|
return err
|
|
}
|
|
|
|
func (user *User) bindStmt(stmt *sql.Stmt, params ...interface{}) (err error) {
|
|
params = append(params, user.ID)
|
|
_, err = stmt.Exec(params...)
|
|
user.CacheRemove()
|
|
return err
|
|
}
|
|
|
|
func (user *User) ChangeName(username string) (err error) {
|
|
return user.bindStmt(userStmts.setUsername, username)
|
|
}
|
|
|
|
func (user *User) ChangeAvatar(avatar string) (err error) {
|
|
return user.bindStmt(userStmts.setAvatar, avatar)
|
|
}
|
|
|
|
// TODO: Abstract this with an interface so we can scale this with an actual dedicated queue in a real cluster
|
|
func (user *User) ScheduleAvatarResize() (err error) {
|
|
_, err = userStmts.scheduleAvatarResize.Exec(user.ID)
|
|
if err != nil {
|
|
// TODO: Do a more generic check so that we're not as tied to MySQL
|
|
me, ok := err.(*mysql.MySQLError)
|
|
if !ok {
|
|
return err
|
|
}
|
|
// If it's just telling us that the item already exists in the database, then we can ignore it, as it doesn't matter if it's this call or another which schedules the item in the queue
|
|
if me.Number != 1062 {
|
|
return err
|
|
}
|
|
}
|
|
return nil
|
|
}
|
|
|
|
func (user *User) ChangeGroup(group int) (err error) {
|
|
return user.bindStmt(userStmts.changeGroup, group)
|
|
}
|
|
|
|
// ! Only updates the database not the *User for safety reasons
|
|
func (user *User) UpdateIP(host string) error {
|
|
_, err := userStmts.updateLastIP.Exec(host, user.ID)
|
|
return err
|
|
}
|
|
|
|
func (user *User) Update(newname string, newemail string, newgroup int) (err error) {
|
|
return user.bindStmt(userStmts.update, newname, newemail, newgroup)
|
|
}
|
|
|
|
func (user *User) IncreasePostStats(wcount int, topic bool) (err error) {
|
|
var mod int
|
|
baseScore := 1
|
|
if topic {
|
|
_, err = userStmts.incrementTopics.Exec(1, user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
baseScore = 2
|
|
}
|
|
|
|
settings := SettingBox.Load().(SettingMap)
|
|
if wcount >= settings["megapost_min_words"].(int) {
|
|
_, err = userStmts.incrementMegaposts.Exec(1, 1, 1, user.ID)
|
|
mod = 4
|
|
} else if wcount >= settings["bigpost_min_words"].(int) {
|
|
_, err = userStmts.incrementBigposts.Exec(1, 1, user.ID)
|
|
mod = 1
|
|
} else {
|
|
_, err = userStmts.incrementPosts.Exec(1, user.ID)
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = userStmts.incrementScore.Exec(baseScore+mod, user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
//log.Print(user.Score + base_score + mod)
|
|
//log.Print(getLevel(user.Score + base_score + mod))
|
|
// TODO: Use a transaction to prevent level desyncs?
|
|
_, err = userStmts.updateLevel.Exec(GetLevel(user.Score+baseScore+mod), user.ID)
|
|
return err
|
|
}
|
|
|
|
func (user *User) DecreasePostStats(wcount int, topic bool) (err error) {
|
|
var mod int
|
|
baseScore := -1
|
|
if topic {
|
|
_, err = userStmts.incrementTopics.Exec(-1, user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
baseScore = -2
|
|
}
|
|
|
|
settings := SettingBox.Load().(SettingMap)
|
|
if wcount >= settings["megapost_min_words"].(int) {
|
|
_, err = userStmts.incrementMegaposts.Exec(-1, -1, -1, user.ID)
|
|
mod = 4
|
|
} else if wcount >= settings["bigpost_min_words"].(int) {
|
|
_, err = userStmts.incrementBigposts.Exec(-1, -1, user.ID)
|
|
mod = 1
|
|
} else {
|
|
_, err = userStmts.incrementPosts.Exec(-1, user.ID)
|
|
}
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
_, err = userStmts.incrementScore.Exec(baseScore-mod, user.ID)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
// TODO: Use a transaction to prevent level desyncs?
|
|
_, err = userStmts.updateLevel.Exec(GetLevel(user.Score-baseScore-mod), user.ID)
|
|
return err
|
|
}
|
|
|
|
// Copy gives you a non-pointer concurrency safe copy of the user
|
|
func (user *User) Copy() User {
|
|
return *user
|
|
}
|
|
|
|
// TODO: Write unit tests for this
|
|
func (user *User) InitPerms() {
|
|
if user.TempGroup != 0 {
|
|
user.Group = user.TempGroup
|
|
}
|
|
|
|
group := Groups.DirtyGet(user.Group)
|
|
if user.IsSuperAdmin {
|
|
user.Perms = AllPerms
|
|
user.PluginPerms = AllPluginPerms
|
|
} else {
|
|
user.Perms = group.Perms
|
|
user.PluginPerms = group.PluginPerms
|
|
}
|
|
|
|
user.IsAdmin = user.IsSuperAdmin || group.IsAdmin
|
|
user.IsSuperMod = user.IsAdmin || group.IsMod
|
|
user.IsMod = user.IsSuperMod
|
|
user.IsBanned = group.IsBanned
|
|
if user.IsBanned && user.IsSuperMod {
|
|
user.IsBanned = false
|
|
}
|
|
}
|
|
|
|
func buildNoavatar(uid int, width int) string {
|
|
return strings.Replace(strings.Replace(Config.Noavatar, "{id}", strconv.Itoa(uid), 1), "{width}", strconv.Itoa(width), 1)
|
|
}
|
|
|
|
// ? Make this part of *User?
|
|
// TODO: Write tests for this
|
|
func BuildAvatar(uid int, avatar string) (normalAvatar string, microAvatar string) {
|
|
if avatar != "" {
|
|
if avatar[0] == '.' {
|
|
if avatar[1] == '.' {
|
|
normalAvatar = "/uploads/avatar_" + strconv.Itoa(uid) + "_tmp" + avatar[1:]
|
|
return normalAvatar, normalAvatar
|
|
}
|
|
normalAvatar = "/uploads/avatar_" + strconv.Itoa(uid) + avatar
|
|
return normalAvatar, normalAvatar
|
|
}
|
|
return avatar, avatar
|
|
}
|
|
return buildNoavatar(uid, 200), buildNoavatar(uid, 48)
|
|
}
|
|
|
|
// TODO: Move this to *User
|
|
func SetPassword(uid int, password string) error {
|
|
hashedPassword, salt, err := GeneratePassword(password)
|
|
if err != nil {
|
|
return err
|
|
}
|
|
_, err = userStmts.setPassword.Exec(hashedPassword, salt, uid)
|
|
return err
|
|
}
|
|
|
|
// TODO: Write units tests for this
|
|
func wordsToScore(wcount int, topic bool) (score int) {
|
|
if topic {
|
|
score = 2
|
|
} else {
|
|
score = 1
|
|
}
|
|
|
|
settings := SettingBox.Load().(SettingMap)
|
|
if wcount >= settings["megapost_min_words"].(int) {
|
|
score += 4
|
|
} else if wcount >= settings["bigpost_min_words"].(int) {
|
|
score++
|
|
}
|
|
return score
|
|
}
|
|
|
|
// For use in tests and to help generate dummy users for forums which don't have last posters
|
|
func BlankUser() *User {
|
|
return new(User)
|
|
}
|
|
|
|
// TODO: Write unit tests for this
|
|
func BuildProfileURL(slug string, uid int) string {
|
|
if slug == "" || !Config.BuildSlugs {
|
|
return "/user/" + strconv.Itoa(uid)
|
|
}
|
|
return "/user/" + slug + "." + strconv.Itoa(uid)
|
|
}
|