nonshy
/
website
1
0
Fork 1
Code Issues 21 Pull Requests Packages Projects Releases Wiki Activity
website/pkg/router/router.go

142 lines
8.2 KiB
Go
Raw Permalink Normal View History

Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
// Package router configures web routes.
package router
import (
"net/http"
Rename the module
2022-08-26 04:21:46 +00:00
"code.nonshy.com/nonshy/website/pkg/config"
"code.nonshy.com/nonshy/website/pkg/controller/account"
"code.nonshy.com/nonshy/website/pkg/controller/admin"
"code.nonshy.com/nonshy/website/pkg/controller/api"
Webhook for BareRTC Report endpoint
2023-08-13 04:37:11 +00:00
"code.nonshy.com/nonshy/website/pkg/controller/api/barertc"
Rename the module
2022-08-26 04:21:46 +00:00
"code.nonshy.com/nonshy/website/pkg/controller/block"
Chat launch page for BareRTC
2023-02-06 04:26:36 +00:00
"code.nonshy.com/nonshy/website/pkg/controller/chat"
Comments on Photos * Add permalink URL for photos to view their comment threads. * Commenters can Edit or Delete their own comments. * Photo owners can Delete any comment on it. * Update Privacy Policy
2022-08-27 02:50:33 +00:00
"code.nonshy.com/nonshy/website/pkg/controller/comment"
Rename the module
2022-08-26 04:21:46 +00:00
"code.nonshy.com/nonshy/website/pkg/controller/forum"
"code.nonshy.com/nonshy/website/pkg/controller/friend"
HTMX lazy load for user statistics card
2024-04-25 03:36:37 +00:00
"code.nonshy.com/nonshy/website/pkg/controller/htmx"
Rename the module
2022-08-26 04:21:46 +00:00
"code.nonshy.com/nonshy/website/pkg/controller/inbox"
"code.nonshy.com/nonshy/website/pkg/controller/index"
"code.nonshy.com/nonshy/website/pkg/controller/photo"
Wrap Up Polls Support * Add the PollVotes table and associated logic. * Multiple choice polls supported. * Expiring and non-expiring polls. * Icons and badges on the forum pages to show posts with polls * Bugfix: non-explicit users getting SQL errors on Newest Posts page.
2022-12-21 03:15:45 +00:00
"code.nonshy.com/nonshy/website/pkg/controller/poll"
Rename the module
2022-08-26 04:21:46 +00:00
"code.nonshy.com/nonshy/website/pkg/middleware"
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
nst "code.nonshy.com/nonshy/website/pkg/templates"
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
)
func New() http.Handler {
mux := http.NewServeMux()
// Register controller endpoints.
mux.HandleFunc("/", index.Create())
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.HandleFunc("GET /favicon.ico", index.Favicon())
mux.HandleFunc("GET /manifest.json", index.Manifest())
mux.HandleFunc("GET /about", index.StaticTemplate("about.html")())
mux.HandleFunc("GET /features", index.StaticTemplate("features.html")())
mux.HandleFunc("GET /faq", index.StaticTemplate("faq.html")())
mux.HandleFunc("GET /tos", index.StaticTemplate("tos.html")())
mux.HandleFunc("GET /privacy", index.StaticTemplate("privacy.html")())
Contact Us, Feedback, and Reporting * Add the Contact page where users can contact the site admins for feedback or to report a problematic user, photo or message. * Reports go into the admin Feedback table. * Admin nav bar indicates number of unread feedbacks. * Add "Report" button to profile pages, photo cards, and the top of Direct Message threads. Misc changes: * Send emails out asynchronously for more responsive page loads.
2022-08-21 21:05:08 +00:00
mux.HandleFunc("/contact", index.Contact())
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
mux.HandleFunc("/login", account.Login())
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.HandleFunc("GET /logout", account.Logout())
Geo-gating on signup
2023-06-24 22:39:45 +00:00
mux.Handle("/signup", middleware.GeoGate(account.Signup()))
User Account Busywork * Add "forgot password" workflow. * Add ability to change user email address (confirmation link sent) * Add ability to change user's password. * Add rate limiter to deter brute force login attempts. * Add user deep delete functionality (delete account). * Ping user LastLoginAt every 8 hours for long-lived session cookies. * Add age filters to user search page. * Add sort options to user search (last login, created, username/name)
2022-08-14 21:40:57 +00:00
mux.HandleFunc("/forgot-password", account.ForgotPassword())
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.HandleFunc("GET /settings/confirm-email", account.ConfirmEmailChange())
mux.HandleFunc("GET /markdown", index.StaticTemplate("markdown.html")())
mux.HandleFunc("GET /test/geo-gate", index.StaticTemplate("errors/geo_gate.html")())
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos.
2022-08-13 22:39:31 +00:00
// Login Required. Pages that non-certified users can access.
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
mux.Handle("/me", middleware.LoginRequired(account.Dashboard()))
User Profile and Settings Pages * Vendor fontawesome icons * User settings page: to edit profile details (other features not hooked up yet) * Initial user profile page
2022-08-11 03:59:59 +00:00
mux.Handle("/settings", middleware.LoginRequired(account.Settings()))
Age gate: collect birthdates retroactively and on new signup
2023-06-16 04:38:09 +00:00
mux.Handle("/settings/age-gate", middleware.LoginRequired(account.AgeGate()))
Two Factor Authentication
2023-09-19 00:22:50 +00:00
mux.Handle("/account/two-factor/setup", middleware.LoginRequired(account.Setup2FA()))
User Account Busywork * Add "forgot password" workflow. * Add ability to change user email address (confirmation link sent) * Add ability to change user's password. * Add rate limiter to deter brute force login attempts. * Add user deep delete functionality (delete account). * Ping user LastLoginAt every 8 hours for long-lived session cookies. * Add age filters to user search page. * Add sort options to user search (last login, created, username/name)
2022-08-14 21:40:57 +00:00
mux.Handle("/account/delete", middleware.LoginRequired(account.Delete()))
Deactivate Account; Friends Lists on Profiles * Add a way for users to temporarily deactivate their accounts, in a recoverable way should they decide to return later. * A deactivated account may log in but have limited options: to reactivate their account, permanently delete it, or log out. * Fix several bugs around the display of comments, messages and forum threads for disabled, banned, or blocked users: * Messages (inbox and sentbox) will be hidden and the unread indicator will not count unread messages the user can't access. * Comments on photos and forum posts are hidden, and top-level threads on the "Newest" tab will show "[unavailable]" for their text and username. * Your historical notifications will hide users who are blocked, banned or disabled. * Add a "Friends" tab to user profile pages, to see other users' friends. * The page is Certification Required so non-cert users can't easily discover any members on the site.
2023-10-22 22:02:24 +00:00
mux.Handle("/account/deactivate", middleware.LoginRequired(account.Deactivate()))
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /account/reactivate", middleware.LoginRequired(account.Reactivate()))
mux.Handle("GET /u/{username}", account.Profile()) // public access OK
mux.Handle("GET /u/{username}/friends", middleware.CertRequired(account.UserFriends()))
mux.Handle("GET /u/{username}/photos", middleware.LoginRequired(photo.UserPhotos()))
mux.Handle("/u/{username}/notes", middleware.LoginRequired(account.UserNotes()))
Photo Upload & Profile Pictures Basic photo upload support. Square cropped images still buggy.
2022-08-12 06:03:06 +00:00
mux.Handle("/photo/upload", middleware.LoginRequired(photo.Upload()))
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /photo/view", middleware.LoginRequired(photo.View()))
User Photo Gallery & Management * Add the user photo gallery for profile pages. Paginated, grid or full (blog style) view options. In grid view clicking a photo opens a large modal to see it; full view already shows large photos. * Edit page: can also re-crop and set an existing pic to be your profile pic. * Delete page: remove photos from the DB and hard drive. * Photos are cleaned up from disk when not needed, e.g. during a re-crop the old cropped photo is removed before the new one replaces it. * Fixed bug with cropping pictures.
2022-08-13 06:11:36 +00:00
mux.Handle("/photo/edit", middleware.LoginRequired(photo.Edit()))
mux.Handle("/photo/delete", middleware.LoginRequired(photo.Delete()))
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos.
2022-08-13 22:39:31 +00:00
mux.Handle("/photo/certification", middleware.LoginRequired(photo.Certification()))
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /photo/private", middleware.LoginRequired(photo.Private()))
Private Photo Sharing * Add ability to unlock your private photos for others. * Link to unlock is on another user's Photos page. * You can also access your "Manage Private Photos" page in the User Menu or Dashboard and add a user by username. * See who you have granted access, and see users who have granted you access to their private photos. * Private photos of users who unlocked them for you may appear on the Site Gallery if the photo allows. * Add new filters to the Site Gallery: you can choose to filter by Explicit, limit to a specific Visibility, and order by Newest or Oldest. Non-explicit users do not get a filter to see explicit content - they must opt-in in their settings. * Bugfix: Site Gallery was not correctly filtering Explicit photos away from users who did not opt-in for explicit!
2022-09-08 04:18:54 +00:00
mux.Handle("/photo/private/share", middleware.LoginRequired(photo.Share()))
My User Notes page
2023-10-29 19:29:11 +00:00
mux.Handle("/notes/me", middleware.LoginRequired(account.MyNotes()))
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /messages", middleware.LoginRequired(inbox.Inbox()))
mux.Handle("GET /messages/read/{id}", middleware.LoginRequired(inbox.Inbox()))
Implement Direct Messaging
2022-08-14 00:42:42 +00:00
mux.Handle("/messages/compose", middleware.LoginRequired(inbox.Compose()))
Ability to delete DMs and minor spit & polish
2022-12-21 05:11:43 +00:00
mux.Handle("/messages/delete", middleware.LoginRequired(inbox.Delete()))
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /friends", middleware.LoginRequired(friend.Friends()))
Friend Requests and User Search
2022-08-14 05:44:57 +00:00
mux.Handle("/friends/add", middleware.LoginRequired(friend.AddFriend()))
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("POST /users/block", middleware.LoginRequired(block.BlockUser()))
mux.Handle("GET /users/blocked", middleware.LoginRequired(block.Blocked()))
mux.Handle("GET /users/blocklist/add", middleware.LoginRequired(block.AddUser()))
Comments on Photos * Add permalink URL for photos to view their comment threads. * Commenters can Edit or Delete their own comments. * Photo owners can Delete any comment on it. * Update Privacy Policy
2022-08-27 02:50:33 +00:00
mux.Handle("/comments", middleware.LoginRequired(comment.PostComment()))
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /comments/subscription", middleware.LoginRequired(comment.Subscription()))
mux.Handle("GET /admin/unimpersonate", middleware.LoginRequired(admin.Unimpersonate()))
mux.Handle("GET /inner-circle", middleware.LoginRequired(account.InnerCircle()))
The inner circle
2023-05-24 03:04:17 +00:00
mux.Handle("/inner-circle/invite", middleware.LoginRequired(account.InviteCircle()))
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
mux.Handle("GET /admin/transparency/{username}", middleware.LoginRequired(admin.Transparency()))
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos.
2022-08-13 22:39:31 +00:00
// Certification Required. Pages that only full (verified) members can access.
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /photo/gallery", middleware.CertRequired(photo.SiteGallery()))
mux.Handle("GET /members", middleware.CertRequired(account.Search()))
Chat launch page for BareRTC
2023-02-06 04:26:36 +00:00
mux.Handle("/chat", middleware.CertRequired(chat.Landing()))
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /forum", middleware.CertRequired(forum.Landing()))
Forums: Basic Support WIP Adds initial code for basically functional forums: * Forums landing page shows hard-coded list of Categories along with any forums in the DB that use those categories. * Admin: Create, Edit forums and view forums you own or have admin rights to modify. * Landing page forums list shows the title/description and dynamic count of number of Topics and total number of Posts in each forum. TODO: distinct count of Users who posted in each forum. * Board Index page shows list of Threads (posts) with a Replies count and Views count on each thread. * Thread view is basically an array of Comments. Users can post, edit and delete (their own) comments. Deleting the first comment removes the entire Thread - the thread points to a first Comment to provide its body. * Reply and Quote-Reply options working.
2022-08-24 05:55:19 +00:00
mux.Handle("/forum/post", middleware.CertRequired(forum.NewPost()))
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /forum/thread/{id}", middleware.CertRequired(forum.Thread()))
mux.Handle("GET /forum/newest", middleware.CertRequired(forum.Newest()))
mux.Handle("GET /forum/search", middleware.CertRequired(forum.Search()))
mux.Handle("GET /f/{fragment}", middleware.CertRequired(forum.Forum()))
mux.Handle("POST /poll/vote", middleware.CertRequired(poll.Vote()))
Certification Photo Workflow * Add "Site Gallery" page showing all public+gallery member photos. * Add "Certification Required" decorator for gallery and other main pages. * Add the Certification Photo workflow: * Users have a checklist on their dashboard to upload a profile pic and post a certification selfie (two requirements) * Admins notified by email when a new certification pic comes in. * Admin can reject (w/ comment) or approve the pic. * Users can re-upload or delete their pic at the cost of losing certification status if they make any such changes. * Users are emailed when their photo is either approved or rejected. * User Preferences: can now save the explicit pref to your account. * Explicit photos on user pages and site gallery are hidden if the current user hasn't opted-in (user can always see their own explicit photos regardless of the setting) * If a user is viewing a member gallery and explicit pics are hidden, a count of the number of explicit pics is shown to inform the user that more DO exist, they just don't see them. The site gallery does not do this and simply hides explicit photos.
2022-08-13 22:39:31 +00:00
// Admin endpoints.
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /admin", middleware.AdminRequired("", admin.Dashboard()))
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
mux.Handle("/admin/scopes", middleware.AdminRequired("", admin.Scopes()))
mux.Handle("/admin/photo/certification", middleware.AdminRequired("", photo.AdminCertification()))
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
mux.Handle("/admin/feedback", middleware.AdminRequired(config.ScopeFeedbackAndReports, admin.Feedback()))
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
mux.Handle("/admin/user-action", middleware.AdminRequired("", admin.UserActions()))
Maintenance Mode + Blockable Admin Scope
2023-08-17 05:09:04 +00:00
mux.Handle("/admin/maintenance", middleware.AdminRequired(config.ScopeMaintenance, admin.Maintenance()))
Admin Groups & Permissions Add a permission system for admin users so you can lock down specific admins to a narrower set of features instead of them all having omnipotent powers. * New page: Admin Dashboard -> Admin Permissions Management * Permissions are handled in the form of 'scopes' relevant to each feature or action on the site. Scopes are assigned to Groups, and in turn, admin user accounts are placed in those Groups. * The Superusers group (scope '*') has wildcard permission to all scopes. The permissions dashboard has a create-once action to initialize the Superusers for the first admin who clicks on it, and places that admin in the group. The following are the exhaustive list of permission changes on the site: * Moderator scopes: * Chat room (enter the room with Operator permission) * Forums (can edit or delete user posts on the forum) * Photo Gallery (can see all private/friends-only photos on the site gallery or user profile pages) * Certification photos (with nuanced sub-action permissions) * Approve: has access to the Pending tab to act on incoming pictures * List: can paginate thru past approved/rejected photos * View: can bring up specific user cert photo from their profile * The minimum requirement is Approve or else no cert photo page will load for your admin user. * User Actions (each action individually scoped) * Impersonate * Ban * Delete * Promote to admin * Inner circle whitelist: no longer are admins automatically part of the inner circle unless they have a specialized scope attached. The AdminRequired decorator may also apply scopes on an entire admin route. The following routes have scopes to limit them: * Forum Admin (manage forums and their settings) * Remove from inner circle
2023-08-02 03:39:48 +00:00
mux.Handle("/forum/admin", middleware.AdminRequired(config.ScopeForumAdmin, forum.Manage()))
mux.Handle("/forum/admin/edit", middleware.AdminRequired(config.ScopeForumAdmin, forum.AddEdit()))
Inner circle removal requests
2023-10-14 18:37:01 +00:00
mux.Handle("/inner-circle/remove", middleware.LoginRequired(account.RemoveCircle()))
Easy Mark Explicit button for admin users
2023-12-27 00:26:23 +00:00
mux.Handle("/admin/photo/mark-explicit", middleware.AdminRequired(config.ScopePhotoModerator, admin.MarkPhotoExplicit()))
Admin Transparency Page * Add a transparency page where regular user accounts can list the roles and permissions that an admin user has access to. It is available by clicking on the "Admin" badge on that user's profile page. * Add additional admin scopes to lock down more functionality: * User feedback and reports * Change logs * User notes and admin notes * Add friendly descriptions to what all the scopes mean in practice. * Don't show admin notification badges to admins who aren't allowed to act on those notifications. * Update the admin dashboard page and documentation for admins.
2024-05-09 04:03:31 +00:00
mux.Handle("GET /admin/changelog", middleware.AdminRequired(config.ScopeChangeLog, admin.ChangeLog()))
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
// JSON API endpoints.
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.HandleFunc("GET /v1/version", api.Version())
mux.HandleFunc("GET /v1/users/me", api.LoginOK())
mux.HandleFunc("POST /v1/users/check-username", api.UsernameCheck())
mux.Handle("POST /v1/likes", middleware.LoginRequired(api.Likes()))
mux.Handle("GET /v1/likes/users", middleware.LoginRequired(api.WhoLikes()))
mux.Handle("POST /v1/notifications/read", middleware.LoginRequired(api.ReadNotification()))
mux.Handle("POST /v1/notifications/delete", middleware.LoginRequired(api.ClearNotification()))
User endpoint to flag photos that should be Explicit
2024-03-16 20:29:28 +00:00
mux.Handle("POST /v1/photos/mark-explicit", middleware.LoginRequired(api.MarkPhotoExplicit()))
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /v1/comment-photos/remove-orphaned", api.RemoveOrphanedCommentPhotos())
mux.Handle("POST /v1/barertc/report", barertc.Report())
mux.Handle("POST /v1/barertc/profile", barertc.Profile())
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
HTMX lazy load for user statistics card
2024-04-25 03:36:37 +00:00
// HTMX endpoints.
mux.Handle("GET /htmx/user/profile/activity", middleware.LoginRequired(htmx.UserProfileActivityCard()))
Go to Comment endpoint + notification fixes * Add endpoint /go/comment?id= that finds the right page that a comment can be seen on for the current user and redirects there. * Resolves issues with link discrepancies in comment notifications, if the recipient sees different page numbers depending on blocklist status. * Supports copyable permalinks to any comment on the site reliably.
2024-01-06 06:14:42 +00:00
// Redirect endpoints.
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /go/comment", middleware.LoginRequired(comment.GoToComment()))
Go to Comment endpoint + notification fixes * Add endpoint /go/comment?id= that finds the right page that a comment can be seen on for the current user and redirects there. * Resolves issues with link discrepancies in comment notifications, if the recipient sees different page numbers depending on blocklist status. * Supports copyable permalinks to any comment on the site reliably.
2024-01-06 06:14:42 +00:00
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
// Static files.
Go 1.22 upgrade
2024-02-11 00:17:15 +00:00
mux.Handle("GET /static/", http.StripPrefix("/static/", http.FileServer(http.Dir(config.StaticPath))))
// Legacy route redirects (Go 1.22 path parameters update)
mux.Handle("GET /friends/u/{s}", nst.RedirectRoute("/u/%s/friends"))
mux.Handle("GET /photo/u/{s}", nst.RedirectRoute("/u/%s/photos"))
mux.Handle("GET /notes/u/{s}", nst.RedirectRoute("/u/%s/notes"))
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
// Global middlewares.
Fix panic on CSRF middleware failure
2022-09-27 02:46:05 +00:00
withCSRF := middleware.CSRF(mux)
withSession := middleware.Session(withCSRF)
withRecovery := middleware.Recovery(withSession)
Initial commit * Initial codebase (lot of work!) * Uses vanilla Go net/http and implements by hand: session cookies backed by Redis; log in/out; CSRF protection; email verification flow; initial database models (User table)
2022-08-10 05:10:47 +00:00
withLogger := middleware.Logging(withRecovery)
return withLogger
}