2022-08-10 05:10:47 +00:00
|
|
|
package middleware
|
|
|
|
|
|
|
|
import (
|
2022-08-21 21:17:52 +00:00
|
|
|
"context"
|
2022-08-10 05:10:47 +00:00
|
|
|
"net/http"
|
2022-08-27 04:32:26 +00:00
|
|
|
"net/url"
|
2022-08-14 21:40:57 +00:00
|
|
|
"time"
|
2022-08-10 05:10:47 +00:00
|
|
|
|
2022-08-26 04:21:46 +00:00
|
|
|
"code.nonshy.com/nonshy/website/pkg/config"
|
|
|
|
"code.nonshy.com/nonshy/website/pkg/controller/photo"
|
|
|
|
"code.nonshy.com/nonshy/website/pkg/log"
|
|
|
|
"code.nonshy.com/nonshy/website/pkg/models"
|
|
|
|
"code.nonshy.com/nonshy/website/pkg/session"
|
|
|
|
"code.nonshy.com/nonshy/website/pkg/templates"
|
2022-08-10 05:10:47 +00:00
|
|
|
)
|
|
|
|
|
|
|
|
// LoginRequired middleware.
|
|
|
|
func LoginRequired(handler http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
|
|
// User must be logged in.
|
2022-08-14 21:40:57 +00:00
|
|
|
user, err := session.CurrentUser(r)
|
|
|
|
if err != nil {
|
2022-08-12 06:03:06 +00:00
|
|
|
log.Error("LoginRequired: %s", err)
|
2022-08-21 22:40:24 +00:00
|
|
|
session.FlashError(w, r, "You must be signed in to view this page.")
|
2022-08-27 04:32:26 +00:00
|
|
|
templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
|
2022-08-10 05:10:47 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-10-22 22:02:24 +00:00
|
|
|
// Are they banned?
|
|
|
|
if user.Status == models.UserStatusBanned {
|
2022-08-14 23:27:57 +00:00
|
|
|
session.LogoutUser(w, r)
|
|
|
|
session.FlashError(w, r, "Your account has been banned and you are now logged out.")
|
|
|
|
templates.Redirect(w, "/")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-10-22 22:02:24 +00:00
|
|
|
// Is their account disabled?
|
|
|
|
if DisabledAccount(user, w, r) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-08-17 05:09:04 +00:00
|
|
|
// Is the site under a Maintenance Mode restriction?
|
|
|
|
if MaintenanceMode(user, w, r) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-09-08 05:19:26 +00:00
|
|
|
// Ping LastLoginAt for long lived sessions, but not if impersonated.
|
2024-04-26 01:55:02 +00:00
|
|
|
var pingLastLoginAt bool
|
2022-09-08 05:19:26 +00:00
|
|
|
if time.Since(user.LastLoginAt) > config.LastLoginAtCooldown && !session.Impersonated(r) {
|
2024-04-26 01:55:02 +00:00
|
|
|
pingLastLoginAt = true
|
2024-09-12 02:28:52 +00:00
|
|
|
if err := user.PingLastLoginAt(); err != nil {
|
2022-08-14 21:40:57 +00:00
|
|
|
log.Error("LoginRequired: couldn't refresh LastLoginAt for user %s: %s", user.Username, err)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2024-04-26 01:55:02 +00:00
|
|
|
// Log the last visit of their current IP address.
|
|
|
|
if err := models.PingIPAddress(r, user, pingLastLoginAt); err != nil {
|
|
|
|
log.Error("LoginRequired: couldn't ping user %s IP address: %s", user.Username, err)
|
|
|
|
}
|
|
|
|
|
2023-06-16 04:38:09 +00:00
|
|
|
// Ask the user for their birthdate?
|
|
|
|
if AgeGate(user, w, r) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-08-21 21:17:52 +00:00
|
|
|
// Stick the CurrentUser in the request context so future calls to session.CurrentUser can read it.
|
|
|
|
ctx := context.WithValue(r.Context(), session.CurrentUserKey, user)
|
|
|
|
handler.ServeHTTP(w, r.WithContext(ctx))
|
2022-08-10 05:10:47 +00:00
|
|
|
})
|
|
|
|
}
|
2022-08-13 22:39:31 +00:00
|
|
|
|
|
|
|
// AdminRequired middleware.
|
2023-08-02 03:39:48 +00:00
|
|
|
func AdminRequired(scope string, handler http.Handler) http.Handler {
|
2022-08-13 22:39:31 +00:00
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
|
|
// User must be logged in.
|
2022-08-21 21:17:52 +00:00
|
|
|
currentUser, err := session.CurrentUser(r)
|
|
|
|
if err != nil {
|
2022-08-13 22:39:31 +00:00
|
|
|
log.Error("AdminRequired: %s", err)
|
2022-08-27 04:32:26 +00:00
|
|
|
session.FlashError(w, r, "You must be signed in to view this page.")
|
|
|
|
templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
|
2022-08-13 22:39:31 +00:00
|
|
|
return
|
2022-08-21 21:17:52 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Stick the CurrentUser in the request context so future calls to session.CurrentUser can read it.
|
|
|
|
ctx := context.WithValue(r.Context(), session.CurrentUserKey, currentUser)
|
|
|
|
|
|
|
|
// Admin required.
|
|
|
|
if !currentUser.IsAdmin {
|
2022-08-13 22:39:31 +00:00
|
|
|
errhandler := templates.MakeErrorPage("Admin Required", "You do not have permission for this page.", http.StatusForbidden)
|
2022-08-21 21:17:52 +00:00
|
|
|
errhandler.ServeHTTP(w, r.WithContext(ctx))
|
2022-08-13 22:39:31 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-08-02 03:39:48 +00:00
|
|
|
// Ensure the admin scope.
|
|
|
|
if scope != "" && !currentUser.HasAdminScope(scope) {
|
|
|
|
errhandler := templates.MakeErrorPage(
|
|
|
|
"Admin Scope Required",
|
|
|
|
"Missing required admin scope: "+scope,
|
|
|
|
http.StatusForbidden,
|
|
|
|
)
|
|
|
|
errhandler.ServeHTTP(w, r.WithContext(ctx))
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-08-21 21:17:52 +00:00
|
|
|
handler.ServeHTTP(w, r.WithContext(ctx))
|
2022-08-13 22:39:31 +00:00
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// CertRequired middleware: like LoginRequired but user must also have their verification pic certified.
|
|
|
|
func CertRequired(handler http.Handler) http.Handler {
|
|
|
|
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
|
|
|
|
// User must be logged in.
|
|
|
|
currentUser, err := session.CurrentUser(r)
|
|
|
|
if err != nil {
|
|
|
|
log.Error("LoginRequired: %s", err)
|
2022-08-21 22:40:24 +00:00
|
|
|
session.FlashError(w, r, "You must be signed in to view this page.")
|
2022-08-27 04:32:26 +00:00
|
|
|
templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
|
2022-08-13 22:39:31 +00:00
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2024-04-26 01:55:02 +00:00
|
|
|
// Log the last visit of their current IP address.
|
|
|
|
if err := models.PingIPAddress(r, currentUser, false); err != nil {
|
|
|
|
log.Error("CertRequired: couldn't ping user %s IP address: %s", currentUser.Username, err)
|
|
|
|
}
|
|
|
|
|
2023-10-22 22:02:24 +00:00
|
|
|
// Are they banned?
|
|
|
|
if currentUser.Status == models.UserStatusBanned {
|
2023-03-10 00:57:38 +00:00
|
|
|
session.LogoutUser(w, r)
|
|
|
|
session.FlashError(w, r, "Your account has been banned and you are now logged out.")
|
|
|
|
templates.Redirect(w, "/")
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-10-22 22:02:24 +00:00
|
|
|
// Is their account disabled?
|
|
|
|
if DisabledAccount(currentUser, w, r) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-08-17 05:09:04 +00:00
|
|
|
// Is the site under a Maintenance Mode restriction?
|
|
|
|
if MaintenanceMode(currentUser, w, r) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-08-13 22:39:31 +00:00
|
|
|
// User must be certified.
|
|
|
|
if !currentUser.Certified || currentUser.ProfilePhoto.ID == 0 {
|
|
|
|
log.Error("CertRequired: user is not certified")
|
|
|
|
photo.CertificationRequiredError().ServeHTTP(w, r)
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2023-06-16 04:38:09 +00:00
|
|
|
// Ask the user for their birthdate?
|
|
|
|
if AgeGate(currentUser, w, r) {
|
|
|
|
return
|
|
|
|
}
|
|
|
|
|
2022-08-13 22:39:31 +00:00
|
|
|
handler.ServeHTTP(w, r)
|
|
|
|
})
|
|
|
|
}
|