nonshy
/
website
1
0
Fork 1
Code Issues 21 Pull Requests Packages Projects Releases Wiki Activity
website/pkg/models/user.go

775 lines
20 KiB
Go
Raw Permalink Normal View History

Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
package models
import (
User Photo Gallery & Management * Add the user photo gallery for profile pages. Paginated, grid or full (blog style) view options. In grid view clicking a photo opens a large modal to see it; full view already shows large photos. * Edit page: can also re-crop and set an existing pic to be your profile pic. * Delete page: remove photos from the DB and hard drive. * Photos are cleaned up from disk when not needed, e.g. during a re-crop the old cropped photo is removed before the new one replaces it. * Fixed bug with cropping pictures.
2022-08-13 06:11:36 +00:00
"bytes"
"encoding/json"
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
"errors"
Option to hide age from profile display
2023-06-16 05:05:21 +00:00
"fmt"
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
"strings"
"time"
Rename the module
2022-08-26 04:21:46 +00:00
"code.nonshy.com/nonshy/website/pkg/config"
"code.nonshy.com/nonshy/website/pkg/log"
Option to hide age from profile display
2023-06-16 05:05:21 +00:00
"code.nonshy.com/nonshy/website/pkg/utility"
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
"golang.org/x/crypto/bcrypt"
User Photo Gallery & Management * Add the user photo gallery for profile pages. Paginated, grid or full (blog style) view options. In grid view clicking a photo opens a large modal to see it; full view already shows large photos. * Edit page: can also re-crop and set an existing pic to be your profile pic. * Delete page: remove photos from the DB and hard drive. * Photos are cleaned up from disk when not needed, e.g. during a re-crop the old cropped photo is removed before the new one replaces it. * Fixed bug with cropping pictures.
2022-08-13 06:11:36 +00:00
"gorm.io/gorm"
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
)
// User account table.
type User struct {
Change Logs * Add a ChangeLog table to collect historic updates to various database tables. * Created, Updated (with field diffs) and Deleted actions are logged, as well as certification photo approves/denies. * Specific items added to the change log: * When a user photo is marked Explicit by an admin * When users block/unblock each other * When photo comments are posted, edited, and deleted * When forums are created, edited, and deleted * When forum comments are created, edited and deleted * When a new forum thread is created * When a user uploads or removes their own certification photo * When an admin approves or rejects a certification photo * When a user uploads, modifies or deletes their gallery photos * When a friend request is sent * When a friend request is accepted, ignored, or rejected * When a friendship is removed
2024-02-26 01:03:36 +00:00
ID uint64 `gorm:"primaryKey"`
Username string `gorm:"uniqueIndex"`
Fix User model json fields
2024-04-25 04:29:44 +00:00
Email string `gorm:"uniqueIndex"`
Change Logs * Add a ChangeLog table to collect historic updates to various database tables. * Created, Updated (with field diffs) and Deleted actions are logged, as well as certification photo approves/denies. * Specific items added to the change log: * When a user photo is marked Explicit by an admin * When users block/unblock each other * When photo comments are posted, edited, and deleted * When forums are created, edited, and deleted * When forum comments are created, edited and deleted * When a new forum thread is created * When a user uploads or removes their own certification photo * When an admin approves or rejects a certification photo * When a user uploads, modifies or deletes their gallery photos * When a friend request is sent * When a friend request is accepted, ignored, or rejected * When a friendship is removed
2024-02-26 01:03:36 +00:00
HashedPassword string `json:"-"`
Private Profiles & Misc Improvements * Add setting to mark profile as "private" * If a profile is private you can't see their profile page or user photo gallery unless you are friends (or admin) * The Site Gallery never shows pictures from private profiles. * Add HTML5 drag/drop upload support for photo gallery. * Suppress SQL logging except in debug mode. * Clean up extra logs.
2022-08-22 00:29:39 +00:00
IsAdmin bool `gorm:"index"`
Status UserStatus `gorm:"index"` // active, disabled
Visibility UserVisibility `gorm:"index"` // public, private
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
Name *string
Fix User model json fields
2024-04-25 04:29:44 +00:00
Birthdate time.Time
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
Certified bool
The inner circle
2023-05-24 03:04:17 +00:00
Explicit bool `gorm:"index"` // user has opted-in to see explicit content
InnerCircle bool `gorm:"index"` // user is in the inner circle
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
CreatedAt time.Time `gorm:"index"`
UpdatedAt time.Time `gorm:"index"`
User Profile and Settings Pages * Vendor fontawesome icons * User settings page: to edit profile details (other features not hooked up yet) * Initial user profile page
2022-08-11 03:59:59 +00:00
LastLoginAt time.Time `gorm:"index"`
// Relational tables.
Change Logs * Add a ChangeLog table to collect historic updates to various database tables. * Created, Updated (with field diffs) and Deleted actions are logged, as well as certification photo approves/denies. * Specific items added to the change log: * When a user photo is marked Explicit by an admin * When users block/unblock each other * When photo comments are posted, edited, and deleted * When forums are created, edited, and deleted * When forum comments are created, edited and deleted * When a new forum thread is created * When a user uploads or removes their own certification photo * When an admin approves or rejects a certification photo * When a user uploads, modifies or deletes their gallery photos * When a friend request is sent * When a friend request is accepted, ignored, or rejected * When a friendship is removed
2024-02-26 01:03:36 +00:00
ProfileField []ProfileField `json:"-"`
Photo Quotas & Postgres Fixes * Add photo upload quotas. * Non-certified users can upload few photos; certified users more * Fix foreign key issues around deleting user profile photos for psql
2022-08-21 22:40:24 +00:00
ProfilePhotoID *uint64
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
ProfilePhoto Photo `gorm:"foreignKey:profile_photo_id"`
Change Logs * Add a ChangeLog table to collect historic updates to various database tables. * Created, Updated (with field diffs) and Deleted actions are logged, as well as certification photo approves/denies. * Specific items added to the change log: * When a user photo is marked Explicit by an admin * When users block/unblock each other * When photo comments are posted, edited, and deleted * When forums are created, edited, and deleted * When forum comments are created, edited and deleted * When a new forum thread is created * When a user uploads or removes their own certification photo * When an admin approves or rejects a certification photo * When a user uploads, modifies or deletes their gallery photos * When a friend request is sent * When a friend request is accepted, ignored, or rejected * When a friendship is removed
2024-02-26 01:03:36 +00:00
AdminGroups []*AdminGroup `gorm:"many2many:admin_group_users;" json:"-"`
More Private User Avatars * Users who set their Profile Picture to "friends only" or "private" can have their avatar be private all over the website to users who are not their friends or not granted access. * Users who are not your friends see a yellow placeholder avatar, and users not granted access to a private Profile Pic sees a purple avatar. * Admin users see these same placeholder avatars most places too (on search, forums, comments, etc.) if the user did not friend or grant the admin. But admins ALWAYS see it on their Profile Page directly, for ability to moderate. * Fix marking Notifications as read: clicking the link in an unread notification now will wait on the ajax request to finish before allowing the redirect. * Update the FAQ
2022-09-09 04:42:20 +00:00
// Current user's relationship to this user -- not stored in DB.
UserRelationship UserRelationship `gorm:"-"`
Shy Accounts * Users with private profiles or no public photo at all are considered to be Shy Accounts and are isolated from the non-shy profiles. * Restrictions include: * Site Gallery shows only them + their friends' photos. * User Galleries: must be a friend or had private photos granted to see a user's gallery page. * DMs: can not initiate a DM to a non-shy member (other shy members OK).
2023-02-14 06:19:18 +00:00
// Caches
Deactivate Account; Friends Lists on Profiles * Add a way for users to temporarily deactivate their accounts, in a recoverable way should they decide to return later. * A deactivated account may log in but have limited options: to reactivate their account, permanently delete it, or log out. * Fix several bugs around the display of comments, messages and forum threads for disabled, banned, or blocked users: * Messages (inbox and sentbox) will be hidden and the unread indicator will not count unread messages the user can't access. * Comments on photos and forum posts are hidden, and top-level threads on the "Newest" tab will show "[unavailable]" for their text and username. * Your historical notifications will hide users who are blocked, banned or disabled. * Add a "Friends" tab to user profile pages, to see other users' friends. * The page is Certification Required so non-cert users can't easily discover any members on the site.
2023-10-22 22:02:24 +00:00
cachePhotoTypes map[PhotoVisibility]struct{}
cacheBlockedUserIDs []uint64
Add command to export user data for privacy regulations
2023-10-24 02:05:34 +00:00
cachePhotoIDs []uint64
User Photo Gallery & Management * Add the user photo gallery for profile pages. Paginated, grid or full (blog style) view options. In grid view clicking a photo opens a large modal to see it; full view already shows large photos. * Edit page: can also re-crop and set an existing pic to be your profile pic. * Delete page: remove photos from the DB and hard drive. * Photos are cleaned up from disk when not needed, e.g. during a re-crop the old cropped photo is removed before the new one replaces it. * Fixed bug with cropping pictures.
2022-08-13 06:11:36 +00:00
}
Private Profiles & Misc Improvements * Add setting to mark profile as "private" * If a profile is private you can't see their profile page or user photo gallery unless you are friends (or admin) * The Site Gallery never shows pictures from private profiles. * Add HTML5 drag/drop upload support for photo gallery. * Suppress SQL logging except in debug mode. * Clean up extra logs.
2022-08-22 00:29:39 +00:00
type UserVisibility string
const (
Likes on Comments, and other minor improvements * Add "Like" buttons to comments and forum posts. * Make "private" profiles more private (logged-in users see only their profile pic, display name, and can friend request or message, if they are not approved friends of the private user) * Add "logged-out view" visibility setting to profiles: to share a link to your page on other sites. Opt-in setting - default is login required to view your public profile page. * CSRF cookie fix. * Updated FAQ & Privacy pages.
2022-08-30 03:00:15 +00:00
UserVisibilityPublic UserVisibility = "public"
Fix Gallery checkbox always checking itself + small fixes
2023-05-25 01:40:27 +00:00
UserVisibilityExternal UserVisibility = "external"
UserVisibilityPrivate UserVisibility = "private"
Private Profiles & Misc Improvements * Add setting to mark profile as "private" * If a profile is private you can't see their profile page or user photo gallery unless you are friends (or admin) * The Site Gallery never shows pictures from private profiles. * Add HTML5 drag/drop upload support for photo gallery. * Suppress SQL logging except in debug mode. * Clean up extra logs.
2022-08-22 00:29:39 +00:00
)
Likes on Comments, and other minor improvements * Add "Like" buttons to comments and forum posts. * Make "private" profiles more private (logged-in users see only their profile pic, display name, and can friend request or message, if they are not approved friends of the private user) * Add "logged-out view" visibility setting to profiles: to share a link to your page on other sites. Opt-in setting - default is login required to view your public profile page. * CSRF cookie fix. * Updated FAQ & Privacy pages.
2022-08-30 03:00:15 +00:00
// All visibility options.
var UserVisibilityOptions = []UserVisibility{
UserVisibilityPublic,
UserVisibilityExternal,
UserVisibilityPrivate,
}
User Photo Gallery & Management * Add the user photo gallery for profile pages. Paginated, grid or full (blog style) view options. In grid view clicking a photo opens a large modal to see it; full view already shows large photos. * Edit page: can also re-crop and set an existing pic to be your profile pic. * Delete page: remove photos from the DB and hard drive. * Photos are cleaned up from disk when not needed, e.g. during a re-crop the old cropped photo is removed before the new one replaces it. * Fixed bug with cropping pictures.
2022-08-13 06:11:36 +00:00
// Preload related tables for the user (classmethod).
func (u *User) Preload() *gorm.DB {
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
return DB.Preload("ProfileField").Preload("ProfilePhoto").Preload("AdminGroups.Scopes")
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
}
User Profile and Settings Pages * Vendor fontawesome icons * User settings page: to edit profile details (other features not hooked up yet) * Initial user profile page
2022-08-11 03:59:59 +00:00
// UserStatus options.
type UserStatus string
const (
UserStatusActive = "active"
UserStatusDisabled = "disabled"
Admin Actions * Add impersonate feature * Add ban/unban user feature * Add promote/demote admin status feature * Add admin user deletion feature * Admin ability to see other status certification pics * Nav bar indicator of pending admin actions such as cert pics needing approval * Admin ability to search cert pics for specific user
2022-08-14 23:27:57 +00:00
UserStatusBanned = "banned"
User Profile and Settings Pages * Vendor fontawesome icons * User settings page: to edit profile details (other features not hooked up yet) * Initial user profile page
2022-08-11 03:59:59 +00:00
)
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
// CreateUser. It is assumed username and email are correctly formatted.
func CreateUser(username, email, password string) (*User, error) {
// Verify username and email are unique.
if _, err := FindUser(username); err == nil {
return nil, errors.New("That username already exists. Please try a different username.")
} else if _, err := FindUser(email); err == nil {
return nil, errors.New("That email address is already registered.")
}
u := &User{
Private Profiles & Misc Improvements * Add setting to mark profile as "private" * If a profile is private you can't see their profile page or user photo gallery unless you are friends (or admin) * The Site Gallery never shows pictures from private profiles. * Add HTML5 drag/drop upload support for photo gallery. * Suppress SQL logging except in debug mode. * Clean up extra logs.
2022-08-22 00:29:39 +00:00
Username: username,
Email: email,
Status: UserStatusActive,
Visibility: UserVisibilityPublic,
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
}
if err := u.HashPassword(password); err != nil {
return nil, err
}
result := DB.Create(u)
return u, result.Error
}
// GetUser by ID.
func GetUser(userId uint64) (*User, error) {
user := &User{}
User Photo Gallery & Management * Add the user photo gallery for profile pages. Paginated, grid or full (blog style) view options. In grid view clicking a photo opens a large modal to see it; full view already shows large photos. * Edit page: can also re-crop and set an existing pic to be your profile pic. * Delete page: remove photos from the DB and hard drive. * Photos are cleaned up from disk when not needed, e.g. during a re-crop the old cropped photo is removed before the new one replaces it. * Fixed bug with cropping pictures.
2022-08-13 06:11:36 +00:00
result := user.Preload().First(&user, userId)
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
return user, result.Error
}
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
// GetUsers queries for multiple user IDs and returns users in the same order.
More Private User Avatars * Users who set their Profile Picture to "friends only" or "private" can have their avatar be private all over the website to users who are not their friends or not granted access. * Users who are not your friends see a yellow placeholder avatar, and users not granted access to a private Profile Pic sees a purple avatar. * Admin users see these same placeholder avatars most places too (on search, forums, comments, etc.) if the user did not friend or grant the admin. But admins ALWAYS see it on their Profile Page directly, for ability to moderate. * Fix marking Notifications as read: clicking the link in an unread notification now will wait on the ajax request to finish before allowing the redirect. * Update the FAQ
2022-09-09 04:42:20 +00:00
func GetUsers(currentUser *User, userIDs []uint64) ([]*User, error) {
userMap, err := MapUsers(currentUser, userIDs)
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
if err != nil {
return nil, err
}
// Re-order them per the original sequence.
var users = []*User{}
for _, uid := range userIDs {
if user, ok := userMap[uid]; ok {
users = append(users, user)
}
}
return users, nil
}
Chat landing page: show online friends
2023-10-08 20:35:11 +00:00
// GetUsersByUsernames queries for multiple usernames and returns users in the same order.
func GetUsersByUsernames(currentUser *User, usernames []string) ([]*User, error) {
// Map the usernames.
var (
usermap = map[string]*User{}
set = map[string]interface{}{}
distinct = []string{}
)
// Uniqueify usernames.
for _, name := range usernames {
if _, ok := set[name]; ok {
continue
}
set[name] = nil
distinct = append(distinct, name)
}
var (
users = []*User{}
result = (&User{}).Preload().Where("username IN ?", distinct).Find(&users)
)
if result.Error != nil {
return nil, result.Error
}
// Map users.
for _, user := range users {
usermap[user.Username] = user
}
// Inject relationships.
SetUserRelationships(currentUser, users)
// Re-order them per the original sequence.
var ordered = []*User{}
for _, name := range usernames {
if user, ok := usermap[name]; ok {
ordered = append(ordered, user)
}
}
return ordered, nil
}
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
// FindUser by username or email.
func FindUser(username string) (*User, error) {
User Profile and Settings Pages * Vendor fontawesome icons * User settings page: to edit profile details (other features not hooked up yet) * Initial user profile page
2022-08-11 03:59:59 +00:00
if username == "" {
return nil, errors.New("username is required")
}
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
u := &User{}
if strings.ContainsRune(username, '@') {
User Photo Gallery & Management * Add the user photo gallery for profile pages. Paginated, grid or full (blog style) view options. In grid view clicking a photo opens a large modal to see it; full view already shows large photos. * Edit page: can also re-crop and set an existing pic to be your profile pic. * Delete page: remove photos from the DB and hard drive. * Photos are cleaned up from disk when not needed, e.g. during a re-crop the old cropped photo is removed before the new one replaces it. * Fixed bug with cropping pictures.
2022-08-13 06:11:36 +00:00
result := u.Preload().Where("email = ?", username).Limit(1).First(u)
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
return u, result.Error
}
User Photo Gallery & Management * Add the user photo gallery for profile pages. Paginated, grid or full (blog style) view options. In grid view clicking a photo opens a large modal to see it; full view already shows large photos. * Edit page: can also re-crop and set an existing pic to be your profile pic. * Delete page: remove photos from the DB and hard drive. * Photos are cleaned up from disk when not needed, e.g. during a re-crop the old cropped photo is removed before the new one replaces it. * Fixed bug with cropping pictures.
2022-08-13 06:11:36 +00:00
result := u.Preload().Where("username = ?", username).Limit(1).First(u)
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
return u, result.Error
}
Ability to change username
2024-01-27 21:57:24 +00:00
// IsValidUsername checks if a username is available and not reserved.
func IsValidUsername(username string) error {
// Check the formatting of the name.
if !config.UsernameRegexp.MatchString(username) {
return errors.New("Your username must consist of only numbers, letters, - . and be 3-32 characters.")
}
// Reserved username check.
for _, cmp := range config.ReservedUsernames {
if username == cmp {
return errors.New("That username is reserved, please choose a different username.")
}
}
// Does the username already exist?
if _, err := FindUser(username); err == nil {
return errors.New("That username already exists. Please try a different username.")
}
return nil
}
Shy Accounts * Users with private profiles or no public photo at all are considered to be Shy Accounts and are isolated from the non-shy profiles. * Restrictions include: * Site Gallery shows only them + their friends' photos. * User Galleries: must be a friend or had private photos granted to see a user's gallery page. * DMs: can not initiate a DM to a non-shy member (other shy members OK).
2023-02-14 06:19:18 +00:00
// IsShyFrom tells whether the user is shy from the perspective of the other user.
//
// That is, depending on our profile visibility and friendship status.
func (u *User) IsShyFrom(other *User) bool {
// If we are not a private profile, we're shy from nobody.
if u.Visibility != UserVisibilityPrivate {
return false
}
// Not shy from our friends.
if AreFriends(u.ID, other.ID) {
return false
}
// Our profile must be private & we are not friended, we are shy.
return true
}
HTMX lazy load for user statistics card
2024-04-25 03:36:37 +00:00
// CanBeSeenBy checks whether the user can be seen to exist by the viewer.
//
// An admin viewer can always see them, but a user may be hidden to others when they are
// blocking, disabled or banned.
//
// The user should always be given a Not Found page so they can't tell the user even
// exists. The returned error will include a specific reason, for debugging purposes.
func (u *User) CanBeSeenBy(viewer *User) error {
if viewer.IsAdmin {
return nil
}
// Banned or disabled? Only admin can view then.
if u.Status != UserStatusActive {
return fmt.Errorf("user status is %s", u.Status)
}
// Is either one blocking?
if IsBlocking(viewer.ID, u.ID) && !viewer.IsAdmin {
return fmt.Errorf("users block each other")
}
return nil
}
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
// UserSearch config.
type UserSearch struct {
Various quick fixes * Signup: if entering an existing email, don't admit that the email exists. Instead, send a specialized email to its address. * Search: no longer search for users by email address. * Login: always hash the incoming password on user not found, to take constant time compared to when the user did exist. * Fix a pagination bug when a private (shy account) views a non-friend's photo gallery.
2023-08-16 00:33:33 +00:00
Username string
Gender string
Orientation string
MaritalStatus string
Filter member directory by HereFor
2023-08-30 04:10:00 +00:00
HereFor string
Various quick fixes * Signup: if entering an existing email, don't admit that the email exists. Instead, send a specialized email to its address. * Search: no longer search for users by email address. * Login: always hash the incoming password on user not found, to take constant time compared to when the user did exist. * Fix a pagination bug when a private (shy account) views a non-friend's photo gallery.
2023-08-16 00:33:33 +00:00
Certified bool
Filter for expressly non-certified
2023-09-02 00:20:34 +00:00
NotCertified bool
Various quick fixes * Signup: if entering an existing email, don't admit that the email exists. Instead, send a specialized email to its address. * Search: no longer search for users by email address. * Login: always hash the incoming password on user not found, to take constant time compared to when the user did exist. * Fix a pagination bug when a private (shy account) views a non-friend's photo gallery.
2023-08-16 00:33:33 +00:00
InnerCircle bool
New search filters and friendship sent icon
2023-09-02 00:12:27 +00:00
ShyAccounts bool
Only admin users can see banned accounts on search
2023-09-09 18:16:34 +00:00
IsBanned bool
Search users by admin, privacy policy update
2024-04-26 04:52:43 +00:00
IsDisabled bool
IsAdmin bool // search for admin users
New search filters and friendship sent icon
2023-09-02 00:12:27 +00:00
Friends bool
Various quick fixes * Signup: if entering an existing email, don't admit that the email exists. Instead, send a specialized email to its address. * Search: no longer search for users by email address. * Login: always hash the incoming password on user not found, to take constant time compared to when the user did exist. * Fix a pagination bug when a private (shy account) views a non-friend's photo gallery.
2023-08-16 00:33:33 +00:00
AgeMin int
AgeMax int
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
}
Block Lists Implement block lists. They work like friend lists but are unidirectional, but take effect in both directions (blocker and blockee can not see one another on the site -- except admin users can always see all users). * Profile page says 404 * User gallery says 404 * User search page filters out blocked users * Compose endpoint blocks sending messages to blocked users (except admin) * Site Gallery filters photos by blocked (and uncertified) users * Inbox page hides chat list for blocked users (can still read the chat history if you have a link to the old thread)
2022-08-15 00:45:55 +00:00
// SearchUsers from the perspective of a given user.
More Private User Avatars * Users who set their Profile Picture to "friends only" or "private" can have their avatar be private all over the website to users who are not their friends or not granted access. * Users who are not your friends see a yellow placeholder avatar, and users not granted access to a private Profile Pic sees a purple avatar. * Admin users see these same placeholder avatars most places too (on search, forums, comments, etc.) if the user did not friend or grant the admin. But admins ALWAYS see it on their Profile Page directly, for ability to moderate. * Fix marking Notifications as read: clicking the link in an unread notification now will wait on the ajax request to finish before allowing the redirect. * Update the FAQ
2022-09-09 04:42:20 +00:00
func SearchUsers(user *User, search *UserSearch, pager *Pagination) ([]*User, error) {
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
if search == nil {
search = &UserSearch{}
}
var (
Block Lists Implement block lists. They work like friend lists but are unidirectional, but take effect in both directions (blocker and blockee can not see one another on the site -- except admin users can always see all users). * Profile page says 404 * User gallery says 404 * User search page filters out blocked users * Compose endpoint blocks sending messages to blocked users (except admin) * Site Gallery filters photos by blocked (and uncertified) users * Inbox page hides chat list for blocked users (can still read the chat history if you have a link to the old thread)
2022-08-15 00:45:55 +00:00
users = []*User{}
query *gorm.DB
Who's Nearby Feature
2023-08-20 02:11:33 +00:00
joins string // GPS location join.
Block Lists Implement block lists. They work like friend lists but are unidirectional, but take effect in both directions (blocker and blockee can not see one another on the site -- except admin users can always see all users). * Profile page says 404 * User gallery says 404 * User search page filters out blocked users * Compose endpoint blocks sending messages to blocked users (except admin) * Site Gallery filters photos by blocked (and uncertified) users * Inbox page hides chat list for blocked users (can still read the chat history if you have a link to the old thread)
2022-08-15 00:45:55 +00:00
wheres = []string{}
placeholders = []interface{}{}
Deactivate Account; Friends Lists on Profiles * Add a way for users to temporarily deactivate their accounts, in a recoverable way should they decide to return later. * A deactivated account may log in but have limited options: to reactivate their account, permanently delete it, or log out. * Fix several bugs around the display of comments, messages and forum threads for disabled, banned, or blocked users: * Messages (inbox and sentbox) will be hidden and the unread indicator will not count unread messages the user can't access. * Comments on photos and forum posts are hidden, and top-level threads on the "Newest" tab will show "[unavailable]" for their text and username. * Your historical notifications will hide users who are blocked, banned or disabled. * Add a "Friends" tab to user profile pages, to see other users' friends. * The page is Certification Required so non-cert users can't easily discover any members on the site.
2023-10-22 22:02:24 +00:00
blockedUserIDs = BlockedUserIDs(user)
Who's Nearby Feature
2023-08-20 02:11:33 +00:00
myLocation = GetUserLocation(user.ID)
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
)
Who's Nearby Feature
2023-08-20 02:11:33 +00:00
// Sort by distance? Requires PostgreSQL.
if pager.Sort == "distance" {
if !config.Current.Database.IsPostgres {
return users, errors.New("ordering by distance requires PostgreSQL with the PostGIS extension")
}
// If the current user doesn't have their location on file, they can't do this.
if myLocation.Source == LocationSourceNone || (myLocation.Latitude == 0 && myLocation.Longitude == 0) {
Better UX for Who's Nearby feature
2024-03-30 03:35:41 +00:00
return users, errors.New("can not sort members by distance because your location is not known")
Who's Nearby Feature
2023-08-20 02:11:33 +00:00
}
// Only query for users who have locations.
joins = "JOIN user_locations ON (user_locations.user_id = users.id)"
wheres = append(wheres,
"user_locations.latitude IS NOT NULL",
"user_locations.longitude IS NOT NULL",
"user_locations.latitude <> 0",
"user_locations.longitude <> 0",
)
pager.Sort = fmt.Sprintf(`ST_Distance(
ST_MakePoint(user_locations.longitude, user_locations.latitude)::geography,
ST_MakePoint(%f, %f)::geography)`,
myLocation.Longitude, myLocation.Latitude,
)
}
Block Lists Implement block lists. They work like friend lists but are unidirectional, but take effect in both directions (blocker and blockee can not see one another on the site -- except admin users can always see all users). * Profile page says 404 * User gallery says 404 * User search page filters out blocked users * Compose endpoint blocks sending messages to blocked users (except admin) * Site Gallery filters photos by blocked (and uncertified) users * Inbox page hides chat list for blocked users (can still read the chat history if you have a link to the old thread)
2022-08-15 00:45:55 +00:00
if len(blockedUserIDs) > 0 {
wheres = append(wheres, "id NOT IN ?")
placeholders = append(placeholders, blockedUserIDs)
}
Various quick fixes * Signup: if entering an existing email, don't admit that the email exists. Instead, send a specialized email to its address. * Search: no longer search for users by email address. * Login: always hash the incoming password on user not found, to take constant time compared to when the user did exist. * Fix a pagination bug when a private (shy account) views a non-friend's photo gallery.
2023-08-16 00:33:33 +00:00
if search.Username != "" {
ilike := "%" + strings.TrimSpace(strings.ToLower(search.Username)) + "%"
Bugfix on user search page
2023-10-11 01:03:05 +00:00
wheres = append(wheres, "(username LIKE ? OR name ILIKE ?)")
Instantly block user in chat, search improvements
2023-09-30 22:24:14 +00:00
placeholders = append(placeholders, ilike, ilike)
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
}
if search.Gender != "" {
wheres = append(wheres, `
EXISTS (
SELECT 1 FROM profile_fields
WHERE user_id = users.id AND name = ? AND value = ?
)
`)
placeholders = append(placeholders, "gender", search.Gender)
}
if search.Orientation != "" {
wheres = append(wheres, `
EXISTS (
SELECT 1 FROM profile_fields
WHERE user_id = users.id AND name = ? AND value = ?
)
`)
placeholders = append(placeholders, "orientation", search.Orientation)
}
if search.MaritalStatus != "" {
wheres = append(wheres, `
EXISTS (
SELECT 1 FROM profile_fields
WHERE user_id = users.id AND name = ? AND value = ?
)
`)
placeholders = append(placeholders, "marital_status", search.MaritalStatus)
}
Filter member directory by HereFor
2023-08-30 04:10:00 +00:00
if search.HereFor != "" {
wheres = append(wheres, `
EXISTS (
SELECT 1 FROM profile_fields
Bugfix on search page
2023-08-30 04:14:06 +00:00
WHERE user_id = users.id AND name = ? AND value LIKE ?
Filter member directory by HereFor
2023-08-30 04:10:00 +00:00
)
`)
Bugfix on search page
2023-08-30 04:14:06 +00:00
placeholders = append(placeholders, "here_for", "%"+search.HereFor+"%")
Filter member directory by HereFor
2023-08-30 04:10:00 +00:00
}
Search users by admin, privacy policy update
2024-04-26 04:52:43 +00:00
// Only admin user can show disabled/banned users.
var statuses = []string{}
Admin: don't search for banned users without the scope An admin must have the admin.user.ban scope in order to search for banned or disabled users in the member directory.
2024-05-11 21:10:59 +00:00
if user.HasAdminScope(config.ScopeUserBan) {
Search users by admin, privacy policy update
2024-04-26 04:52:43 +00:00
if search.IsBanned {
statuses = append(statuses, UserStatusBanned)
}
if search.IsDisabled {
statuses = append(statuses, UserStatusDisabled)
}
}
// Non-admin user only ever sees active accounts.
if user.IsAdmin && len(statuses) > 0 {
Only admin users can see banned accounts on search
2023-09-09 18:16:34 +00:00
wheres = append(wheres, "status IN ?")
Search users by admin, privacy policy update
2024-04-26 04:52:43 +00:00
placeholders = append(placeholders, statuses)
} else {
Only admin users can see banned accounts on search
2023-09-09 18:16:34 +00:00
wheres = append(wheres, "status = ?")
placeholders = append(placeholders, UserStatusActive)
}
New search filters and friendship sent icon
2023-09-02 00:12:27 +00:00
// Certified filter (including if Shy Accounts are asked for)
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
if search.Certified {
Only admin users can see banned accounts on search
2023-09-09 18:16:34 +00:00
wheres = append(wheres, "certified = ?")
placeholders = append(placeholders, search.Certified)
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
}
Filter for expressly non-certified
2023-09-02 00:20:34 +00:00
// Expressly Not Certified filtering
if search.NotCertified {
Only admin users can see banned accounts on search
2023-09-09 18:16:34 +00:00
wheres = append(wheres, "certified = ?")
placeholders = append(placeholders, false)
Filter for expressly non-certified
2023-09-02 00:20:34 +00:00
}
Search users by admin, privacy policy update
2024-04-26 04:52:43 +00:00
if search.IsAdmin {
wheres = append(wheres, "is_admin = true")
}
The inner circle
2023-05-24 03:04:17 +00:00
if search.InnerCircle {
wheres = append(wheres, "inner_circle = ? OR is_admin = ?")
placeholders = append(placeholders, true, true)
}
New search filters and friendship sent icon
2023-09-02 00:12:27 +00:00
if search.ShyAccounts {
a, b := WhereClauseShyAccounts()
wheres = append(wheres, a)
placeholders = append(placeholders, b...)
}
if search.Friends {
wheres = append(wheres, `
EXISTS (
SELECT 1 FROM friends
WHERE source_user_id = ?
AND target_user_id = users.id
AND approved = ?
)
`)
placeholders = append(placeholders,
user.ID,
true,
)
}
User Account Busywork * Add "forgot password" workflow. * Add ability to change user email address (confirmation link sent) * Add ability to change user's password. * Add rate limiter to deter brute force login attempts. * Add user deep delete functionality (delete account). * Ping user LastLoginAt every 8 hours for long-lived session cookies. * Add age filters to user search page. * Add sort options to user search (last login, created, username/name)
2022-08-14 21:40:57 +00:00
if search.AgeMin > 0 {
date := time.Now().AddDate(-search.AgeMin, 0, 0)
Search: don't filter by age for people who hide their age
2023-10-08 17:57:08 +00:00
wheres = append(wheres, `
birthdate <= ? AND NOT EXISTS (
SELECT 1
FROM profile_fields
WHERE user_id = users.id
AND name = 'hide_age'
AND value = 'true'
)
`)
User Account Busywork * Add "forgot password" workflow. * Add ability to change user email address (confirmation link sent) * Add ability to change user's password. * Add rate limiter to deter brute force login attempts. * Add user deep delete functionality (delete account). * Ping user LastLoginAt every 8 hours for long-lived session cookies. * Add age filters to user search page. * Add sort options to user search (last login, created, username/name)
2022-08-14 21:40:57 +00:00
placeholders = append(placeholders, date)
}
if search.AgeMax > 0 {
date := time.Now().AddDate(-search.AgeMax-1, 0, 0)
Search: don't filter by age for people who hide their age
2023-10-08 17:57:08 +00:00
wheres = append(wheres, `
birthdate >= ? AND NOT EXISTS (
SELECT 1
FROM profile_fields
WHERE user_id = users.id
AND name = 'hide_age'
AND value = 'true'
)
`)
User Account Busywork * Add "forgot password" workflow. * Add ability to change user email address (confirmation link sent) * Add ability to change user's password. * Add rate limiter to deter brute force login attempts. * Add user deep delete functionality (delete account). * Ping user LastLoginAt every 8 hours for long-lived session cookies. * Add age filters to user search page. * Add sort options to user search (last login, created, username/name)
2022-08-14 21:40:57 +00:00
placeholders = append(placeholders, date)
}
Who's Nearby Feature
2023-08-20 02:11:33 +00:00
query = (&User{}).Preload()
if joins != "" {
query = query.Joins(joins)
}
query = query.Where(
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
strings.Join(wheres, " AND "),
placeholders...,
User Account Busywork * Add "forgot password" workflow. * Add ability to change user email address (confirmation link sent) * Add ability to change user's password. * Add rate limiter to deter brute force login attempts. * Add user deep delete functionality (delete account). * Ping user LastLoginAt every 8 hours for long-lived session cookies. * Add age filters to user search page. * Add sort options to user search (last login, created, username/name)
2022-08-14 21:40:57 +00:00
).Order(pager.Sort)
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
query.Model(&User{}).Count(&pager.Total)
result := query.Offset(pager.GetOffset()).Limit(pager.PerPage).Find(&users)
More Private User Avatars * Users who set their Profile Picture to "friends only" or "private" can have their avatar be private all over the website to users who are not their friends or not granted access. * Users who are not your friends see a yellow placeholder avatar, and users not granted access to a private Profile Pic sees a purple avatar. * Admin users see these same placeholder avatars most places too (on search, forums, comments, etc.) if the user did not friend or grant the admin. But admins ALWAYS see it on their Profile Page directly, for ability to moderate. * Fix marking Notifications as read: clicking the link in an unread notification now will wait on the ajax request to finish before allowing the redirect. * Update the FAQ
2022-09-09 04:42:20 +00:00
// Inject relationship booleans.
SetUserRelationships(user, users)
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
return users, result.Error
}
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos.
2022-08-13 22:39:31 +00:00
// UserMap helps map a set of users to look up by ID.
type UserMap map[uint64]*User
// MapUsers looks up a set of user IDs in bulk and returns a UserMap suitable for templates.
// Useful to avoid circular reference issues with Photos especially; the Site Gallery queries
// photos of ALL users and MapUsers helps stitch them together for the frontend.
More Private User Avatars * Users who set their Profile Picture to "friends only" or "private" can have their avatar be private all over the website to users who are not their friends or not granted access. * Users who are not your friends see a yellow placeholder avatar, and users not granted access to a private Profile Pic sees a purple avatar. * Admin users see these same placeholder avatars most places too (on search, forums, comments, etc.) if the user did not friend or grant the admin. But admins ALWAYS see it on their Profile Page directly, for ability to moderate. * Fix marking Notifications as read: clicking the link in an unread notification now will wait on the ajax request to finish before allowing the redirect. * Update the FAQ
2022-09-09 04:42:20 +00:00
func MapUsers(user *User, userIDs []uint64) (UserMap, error) {
Implement Direct Messaging
2022-08-14 00:42:42 +00:00
var (
usermap = UserMap{}
set = map[uint64]interface{}{}
distinct = []uint64{}
)
// Uniqueify users.
for _, uid := range userIDs {
if _, ok := set[uid]; ok {
continue
}
set[uid] = nil
distinct = append(distinct, uid)
}
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos.
2022-08-13 22:39:31 +00:00
var (
users = []*User{}
Implement Direct Messaging
2022-08-14 00:42:42 +00:00
result = (&User{}).Preload().Where("id IN ?", distinct).Find(&users)
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos.
2022-08-13 22:39:31 +00:00
)
More Private User Avatars * Users who set their Profile Picture to "friends only" or "private" can have their avatar be private all over the website to users who are not their friends or not granted access. * Users who are not your friends see a yellow placeholder avatar, and users not granted access to a private Profile Pic sees a purple avatar. * Admin users see these same placeholder avatars most places too (on search, forums, comments, etc.) if the user did not friend or grant the admin. But admins ALWAYS see it on their Profile Page directly, for ability to moderate. * Fix marking Notifications as read: clicking the link in an unread notification now will wait on the ajax request to finish before allowing the redirect. * Update the FAQ
2022-09-09 04:42:20 +00:00
// Inject user relationships.
if user != nil {
SetUserRelationships(user, users)
}
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos.
2022-08-13 22:39:31 +00:00
if result.Error == nil {
for _, row := range users {
usermap[row.ID] = row
}
}
return usermap, result.Error
}
Admin view for User Notes page
2023-12-21 22:59:41 +00:00
// MapAdminUsers returns a MapUsers result for all admin user accounts on the site.
func MapAdminUsers(user *User) (UserMap, error) {
adminUsers, err := ListAdminUsers()
if err != nil {
return nil, err
}
var userIDs = []uint64{}
for _, user := range adminUsers {
userIDs = append(userIDs, user.ID)
}
return MapUsers(user, userIDs)
}
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos.
2022-08-13 22:39:31 +00:00
// Has a user ID in the map?
func (um UserMap) Has(id uint64) bool {
_, ok := um[id]
return ok
}
// Get a user from the UserMap.
func (um UserMap) Get(id uint64) *User {
if user, ok := um[id]; ok {
return user
}
return nil
}
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
// MapUsersByUsername looks up a set of users in bulk and returns a UsernameMap suitable for templates.
//
// It is like MapUsers but by username instead of ID.
func MapUsersByUsername(usernames []string) (UsernameMap, error) {
var (
usermap = UsernameMap{}
set = map[string]interface{}{}
distinct = []string{}
)
// Uniqueify users.
for _, uid := range usernames {
if _, ok := set[uid]; ok {
continue
}
set[uid] = nil
distinct = append(distinct, uid)
}
var (
users = []*User{}
result = (&User{}).Preload().Where("username IN ?", distinct).Find(&users)
)
if result.Error == nil {
for _, row := range users {
usermap[row.Username] = row
}
}
// Assert we got the expected count.
if len(usermap) != len(distinct) {
return usermap, fmt.Errorf("didn't get all expected users (expected %d, got %d)", len(distinct), len(usermap))
}
return usermap, result.Error
}
// UsernameMap helps map a set of users to look up by ID.
type UsernameMap map[string]*User
Static pages: About, FAQ, TOS, Privacy
2022-08-16 05:33:17 +00:00
// NameOrUsername returns the name (if not null or empty) or the username.
func (u *User) NameOrUsername() string {
if u.Name != nil && len(*u.Name) > 0 {
return *u.Name
} else {
return u.Username
}
}
See who has "Liked" something
2023-09-14 04:28:38 +00:00
// VisibleAvatarURL returns a URL to the user's avatar taking into account
// their relationship with the current user. For example, if the avatar is
// friends-only and the current user can't see it, returns the path to the
// yellow placeholder avatar instead.
//
// Expects that UserRelationships are available on the user.
func (u *User) VisibleAvatarURL(currentUser *User) string {
Add notice of private profile pic, inner circle placeholder * On a user gallery page: if the current user can not see their default profile pic (friends-only or private), include a notice and link to the FAQ about this. * Add a new placeholder avatar for profile pics that are set to "Inner circle only" when viewed by members outside the circle.
2024-01-07 22:20:01 +00:00
canSee, visibility := u.CanSeeProfilePicture(currentUser)
if canSee {
return config.PhotoWebPath + "/" + u.ProfilePhoto.CroppedFilename
}
switch visibility {
case PhotoPrivate:
See who has "Liked" something
2023-09-14 04:28:38 +00:00
return "/static/img/shy-private.png"
Add notice of private profile pic, inner circle placeholder * On a user gallery page: if the current user can not see their default profile pic (friends-only or private), include a notice and link to the FAQ about this. * Add a new placeholder avatar for profile pics that are set to "Inner circle only" when viewed by members outside the circle.
2024-01-07 22:20:01 +00:00
case PhotoInnerCircle:
return "/static/img/shy-secret.png"
case PhotoFriends:
See who has "Liked" something
2023-09-14 04:28:38 +00:00
return "/static/img/shy-friends.png"
}
Add notice of private profile pic, inner circle placeholder * On a user gallery page: if the current user can not see their default profile pic (friends-only or private), include a notice and link to the FAQ about this. * Add a new placeholder avatar for profile pics that are set to "Inner circle only" when viewed by members outside the circle.
2024-01-07 22:20:01 +00:00
See who has "Liked" something
2023-09-14 04:28:38 +00:00
return "/static/img/shy.png"
}
Add notice of private profile pic, inner circle placeholder * On a user gallery page: if the current user can not see their default profile pic (friends-only or private), include a notice and link to the FAQ about this. * Add a new placeholder avatar for profile pics that are set to "Inner circle only" when viewed by members outside the circle.
2024-01-07 22:20:01 +00:00
// CanSeeProfilePicture returns whether the current user can see the user's profile picture.
//
// Returns a boolean (false if currentUser can't see) and the Visibility setting of the profile photo.
//
// If the user has no profile photo, returns (false, PhotoPublic) which should manifest as the blue shy.png placeholder image.
func (u *User) CanSeeProfilePicture(currentUser *User) (bool, PhotoVisibility) {
Fix limited logged-out view profile picture
2024-01-07 23:32:51 +00:00
if !u.UserRelationship.Computed && currentUser != nil {
Lazy compute UserRelationships on CanSeeProfilePicture function
2024-01-07 22:25:00 +00:00
SetUserRelationships(currentUser, []*User{u})
}
Add notice of private profile pic, inner circle placeholder * On a user gallery page: if the current user can not see their default profile pic (friends-only or private), include a notice and link to the FAQ about this. * Add a new placeholder avatar for profile pics that are set to "Inner circle only" when viewed by members outside the circle.
2024-01-07 22:20:01 +00:00
visibility := u.ProfilePhoto.Visibility
if visibility == PhotoPrivate && !u.UserRelationship.IsPrivateGranted {
// Private photo
return false, visibility
} else if visibility == PhotoFriends && !u.UserRelationship.IsFriend {
// Friends only
return false, visibility
Fix limited logged-out view profile picture
2024-01-07 23:32:51 +00:00
} else if visibility == PhotoInnerCircle && currentUser != nil && !currentUser.IsInnerCircle() {
Add notice of private profile pic, inner circle placeholder * On a user gallery page: if the current user can not see their default profile pic (friends-only or private), include a notice and link to the FAQ about this. * Add a new placeholder avatar for profile pics that are set to "Inner circle only" when viewed by members outside the circle.
2024-01-07 22:20:01 +00:00
// Inner circle only
return false, visibility
} else if u.ProfilePhoto.CroppedFilename != "" {
// Happy path
return true, visibility
}
return false, PhotoPublic
}
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
// HashPassword sets the user's hashed (bcrypt) password.
func (u *User) HashPassword(password string) error {
passwd, err := bcrypt.GenerateFromPassword([]byte(password), config.BcryptCost)
if err != nil {
return err
}
u.HashedPassword = string(passwd)
return nil
}
// CheckPassword verifies the password is correct. Returns nil on success.
func (u *User) CheckPassword(password string) error {
return bcrypt.CompareHashAndPassword([]byte(u.HashedPassword), []byte(password))
}
User Profile and Settings Pages * Vendor fontawesome icons * User settings page: to edit profile details (other features not hooked up yet) * Initial user profile page
2022-08-11 03:59:59 +00:00
// SetProfileField sets or creates a named profile field.
func (u *User) SetProfileField(name, value string) {
// Check if it exists.
log.Debug("User(%s).SetProfileField(%s, %s)", u.Username, name, value)
var exists bool
for _, field := range u.ProfileField {
log.Debug("\tCheck existing field %s", field.Name)
if field.Name == name {
log.Debug("\tFound existing field!")
changed := field.Value != value
field.Value = value
exists = true
// Save it now. TODO: otherwise gorm doesn't know we changed
// it and it won't be inserted when the User is saved. But
// this is probably not performant to do!
if changed {
DB.Save(&field)
}
break
}
}
if exists {
return
}
DM Privacy + Settings Page Tabs * Refactor the Settings page into a tabbed UI to reduce confusion with all the different forms and save buttons * Add a DM Privacy setting to your page * Update the About page
2023-06-24 05:18:09 +00:00
log.Debug("User(%s): append ProfileField %s", u.Username, name)
User Profile and Settings Pages * Vendor fontawesome icons * User settings page: to edit profile details (other features not hooked up yet) * Initial user profile page
2022-08-11 03:59:59 +00:00
u.ProfileField = append(u.ProfileField, ProfileField{
Name: name,
Value: value,
})
Site Gallery: Remember last 'Whose photos' preference
2023-11-24 19:37:01 +00:00
if err := u.Save(); err != nil {
log.Error("User(%s).SetProfileField(%s): error saving after append new field: %s", u.Username, name, err)
}
User Profile and Settings Pages * Vendor fontawesome icons * User settings page: to edit profile details (other features not hooked up yet) * Initial user profile page
2022-08-11 03:59:59 +00:00
}
// GetProfileField returns the value of a profile field or blank string.
func (u *User) GetProfileField(name string) string {
for _, field := range u.ProfileField {
if field.Name == name {
return field.Value
}
}
return ""
}
BareRTC user profile webhook
2023-10-07 20:24:07 +00:00
// GetProfileFieldOr returns a default string (like "n/a") if the profile field is not set.
func (u *User) GetProfileFieldOr(name, or string) string {
if value := u.GetProfileField(name); value != "" {
return value
}
return or
}
Option to hide age from profile display
2023-06-16 05:05:21 +00:00
// GetDisplayAge returns the user's age dependent on their hide-my-age setting.
func (u *User) GetDisplayAge() string {
if !u.Birthdate.IsZero() && u.GetProfileField("hide_age") != "true" {
return fmt.Sprintf("%dyo", utility.Age(u.Birthdate))
}
return "n/a"
}
Birthday cake emoji for the chat room
2023-10-11 02:30:39 +00:00
// IsBirthday returns whether it is currently the user's birthday (+- a day for time zones).
func (u *User) IsBirthday() bool {
if u.Birthdate.IsZero() {
return false
}
// Window of time to be valid.
var (
now, _ = time.Parse(time.DateOnly, time.Now().Format(time.DateOnly))
bday, _ = time.Parse(time.DateOnly, fmt.Sprintf("%d-%d-%d", now.Year(), u.Birthdate.Month(), u.Birthdate.Day()))
Adjust birthday window
2023-10-11 02:54:43 +00:00
startDate = now.Add(-6 * time.Hour)
endDate = now.Add(60 * time.Hour)
Birthday cake emoji for the chat room
2023-10-11 02:30:39 +00:00
)
return bday.Before(endDate) && bday.After(startDate)
}
User Profile and Settings Pages * Vendor fontawesome icons * User settings page: to edit profile details (other features not hooked up yet) * Initial user profile page
2022-08-11 03:59:59 +00:00
// ProfileFieldIn checks if a substring is IN a profile field. Currently
// does a naive strings.Contains(), intended for the "here_for" field.
func (u *User) ProfileFieldIn(field, substr string) bool {
value := u.GetProfileField(field)
return strings.Contains(value, substr)
}
Photo Quotas & Postgres Fixes * Add photo upload quotas. * Non-certified users can upload few photos; certified users more * Fix foreign key issues around deleting user profile photos for psql
2022-08-21 22:40:24 +00:00
// RemoveProfilePhoto sets profile_photo_id=null to unset the foreign key.
func (u *User) RemoveProfilePhoto() error {
result := DB.Model(&User{}).Where("id = ?", u.ID).Update("profile_photo_id", nil)
return result.Error
}
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
// Save user.
func (u *User) Save() error {
result := DB.Save(u)
return result.Error
}
User Photo Gallery & Management * Add the user photo gallery for profile pages. Paginated, grid or full (blog style) view options. In grid view clicking a photo opens a large modal to see it; full view already shows large photos. * Edit page: can also re-crop and set an existing pic to be your profile pic. * Delete page: remove photos from the DB and hard drive. * Photos are cleaned up from disk when not needed, e.g. during a re-crop the old cropped photo is removed before the new one replaces it. * Fixed bug with cropping pictures.
2022-08-13 06:11:36 +00:00
User Account Busywork * Add "forgot password" workflow. * Add ability to change user email address (confirmation link sent) * Add ability to change user's password. * Add rate limiter to deter brute force login attempts. * Add user deep delete functionality (delete account). * Ping user LastLoginAt every 8 hours for long-lived session cookies. * Add age filters to user search page. * Add sort options to user search (last login, created, username/name)
2022-08-14 21:40:57 +00:00
// Delete a user. NOTE: use the models/deletion/DeleteUser() function
// instead of this to do a deep scrub of all related data!
func (u *User) Delete() error {
return DB.Delete(u).Error
}
User Photo Gallery & Management * Add the user photo gallery for profile pages. Paginated, grid or full (blog style) view options. In grid view clicking a photo opens a large modal to see it; full view already shows large photos. * Edit page: can also re-crop and set an existing pic to be your profile pic. * Delete page: remove photos from the DB and hard drive. * Photos are cleaned up from disk when not needed, e.g. during a re-crop the old cropped photo is removed before the new one replaces it. * Fixed bug with cropping pictures.
2022-08-13 06:11:36 +00:00
// Print user object as pretty JSON.
func (u *User) Print() string {
var (
buf bytes.Buffer
enc = json.NewEncoder(&buf)
)
enc.SetIndent("", " ")
enc.Encode(u)
return buf.String()
}