From 6081aefb2f283fc205792647ec328308dca9b31b Mon Sep 17 00:00:00 2001
From: Noah <noah@nonshy.com>
Date: Fri, 26 Aug 2022 21:32:26 -0700
Subject: [PATCH] Allow basic access to profile pages for not logged-in users

---
 pkg/controller/account/profile.go  | 30 ++++++++++++++++++++++--------
 pkg/middleware/authentication.go   |  9 +++++----
 pkg/router/router.go               |  2 +-
 web/templates/account/profile.html | 25 ++++++++++++++++++++-----
 4 files changed, 48 insertions(+), 18 deletions(-)

diff --git a/pkg/controller/account/profile.go b/pkg/controller/account/profile.go
index 8054a33..198ecd3 100644
--- a/pkg/controller/account/profile.go
+++ b/pkg/controller/account/profile.go
@@ -2,6 +2,7 @@ package account
 
 import (
 	"net/http"
+	"net/url"
 	"regexp"
 
 	"code.nonshy.com/nonshy/website/pkg/models"
@@ -22,14 +23,6 @@ func Profile() http.HandlerFunc {
 			username = m[1]
 		}
 
-		// Get the current user.
-		currentUser, err := session.CurrentUser(r)
-		if err != nil {
-			session.FlashError(w, r, "Couldn't get CurrentUser: %s", err)
-			templates.Redirect(w, "/")
-			return
-		}
-
 		// Find this user.
 		user, err := models.FindUser(username)
 		if err != nil {
@@ -37,6 +30,27 @@ func Profile() http.HandlerFunc {
 			return
 		}
 
+		// Get the current user (if logged in).
+		currentUser, err := session.CurrentUser(r)
+		if err != nil {
+			// The viewer is not logged in, bail now with the basic profile page. If this
+			// user is private, redirect to login.
+			if user.Visibility == models.UserVisibilityPrivate {
+				session.FlashError(w, r, "You must be signed in to view this page.")
+				templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
+				return
+			}
+
+			vars := map[string]interface{}{
+				"User": user,
+			}
+			if err := tmpl.Execute(w, r, vars); err != nil {
+				http.Error(w, err.Error(), http.StatusInternalServerError)
+				return
+			}
+			return
+		}
+
 		var isSelf = currentUser.ID == user.ID
 
 		// Banned or disabled? Only admin can view then.
diff --git a/pkg/middleware/authentication.go b/pkg/middleware/authentication.go
index d51e3ea..c5a9e87 100644
--- a/pkg/middleware/authentication.go
+++ b/pkg/middleware/authentication.go
@@ -3,6 +3,7 @@ package middleware
 import (
 	"context"
 	"net/http"
+	"net/url"
 	"time"
 
 	"code.nonshy.com/nonshy/website/pkg/config"
@@ -22,7 +23,7 @@ func LoginRequired(handler http.Handler) http.Handler {
 		if err != nil {
 			log.Error("LoginRequired: %s", err)
 			session.FlashError(w, r, "You must be signed in to view this page.")
-			templates.Redirect(w, "/login?next="+r.URL.RawPath)
+			templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
 			return
 		}
 
@@ -61,8 +62,8 @@ func AdminRequired(handler http.Handler) http.Handler {
 		currentUser, err := session.CurrentUser(r)
 		if err != nil {
 			log.Error("AdminRequired: %s", err)
-			errhandler := templates.MakeErrorPage("Login Required", "You must be signed in to view this page.", http.StatusForbidden)
-			errhandler.ServeHTTP(w, r)
+			session.FlashError(w, r, "You must be signed in to view this page.")
+			templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
 			return
 		}
 
@@ -90,7 +91,7 @@ func CertRequired(handler http.Handler) http.Handler {
 		if err != nil {
 			log.Error("LoginRequired: %s", err)
 			session.FlashError(w, r, "You must be signed in to view this page.")
-			templates.Redirect(w, "/login?next="+r.URL.Path)
+			templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
 			return
 		}
 
diff --git a/pkg/router/router.go b/pkg/router/router.go
index 07c098b..03eb196 100644
--- a/pkg/router/router.go
+++ b/pkg/router/router.go
@@ -39,7 +39,7 @@ func New() http.Handler {
 	mux.Handle("/me", middleware.LoginRequired(account.Dashboard()))
 	mux.Handle("/settings", middleware.LoginRequired(account.Settings()))
 	mux.Handle("/account/delete", middleware.LoginRequired(account.Delete()))
-	mux.Handle("/u/", middleware.LoginRequired(account.Profile()))
+	mux.Handle("/u/", account.Profile()) // public access OK
 	mux.Handle("/photo/upload", middleware.LoginRequired(photo.Upload()))
 	mux.Handle("/photo/u/", middleware.LoginRequired(photo.UserPhotos()))
 	mux.Handle("/photo/view", middleware.LoginRequired(photo.View()))
diff --git a/web/templates/account/profile.html b/web/templates/account/profile.html
index 1d66b98..96f970a 100644
--- a/web/templates/account/profile.html
+++ b/web/templates/account/profile.html
@@ -1,12 +1,12 @@
 {{define "title"}}{{.User.Username}}{{end}}
 {{define "content"}}
 <div class="container">
-    <section class="hero is-info is-bold">
+    <section class="hero {{if .LoggedIn}}is-info{{else}}is-light is-bold{{end}}">
         <div class="hero-body">
             <div class="container">
                 <div class="columns">
-                    <div class="column is-narrow">
-                        <figure class="profile-photo">
+                    <div class="column is-narrow has-text-centered">
+                        <figure class="profile-photo is-inline-block">
                             {{if .User.ProfilePhoto.ID}}
                             <img src="/static/photos/{{.User.ProfilePhoto.CroppedFilename}}" data-photo-id="{{.User.ProfilePhoto.ID}}">
                             {{else}}
@@ -14,7 +14,7 @@
                             {{end}}
 
                             <!-- CurrentUser can upload a new profile pic -->
-                            {{if eq .CurrentUser.ID .User.ID}}
+                            {{if and .LoggedIn (eq .CurrentUser.ID .User.ID)}}
                             <span class="corner">
                                 <button class="button is-small p-1 is-success">
                                     <a href="/photo/upload?intent=profile_pic"
@@ -36,8 +36,18 @@
                                 ({{.User.Status}})
                             </h2>
                         {{end}}
+                        {{if not .LoggedIn}}
+                            <h2 class="subtitle">is on {{PrettyTitle}}, a social network for nudists &amp; exhibitionists.</h2>
+                            <p>
+                                {{PrettyTitle}} is a new social network for <strong>real</strong> nudists and exhibionists.
+                                Join <strong>{{.User.Username}}</strong> and the others on this site by
+                                <a href="/signup"><ins>creating an account</ins></a> and sending them a friend request! Please
+                                see <a href="/"><ins>the home page</ins></a> for all the details.
+                            </p>
+                        {{end}}
                     </div>
 
+                    {{if .LoggedIn}}
                     <div class="column is-narrow">
                         <div class="box">
                             <div>
@@ -84,8 +94,10 @@
                             {{end}}
                         </div>
                     </div>
+                    {{end}}<!-- if .LoggedIn -->
                 </div>
 
+                {{if .LoggedIn}}
                 <div class="columns is-centered is-gapless">
                     <div class="column is-narrow has-text-centered">
                         <form action="/friends/add" method="POST">
@@ -166,11 +178,14 @@
                     </div>
 
                 </div><!-- columns -->
+                {{end}}<!-- if .LoggedIn -->
             </div>
         </div>
     </section>
 
-    {{if .IsPrivate}}
+    {{if not .LoggedIn}}
+        <div class="py-6"></div>
+    {{else if .IsPrivate}}
     <div class="block p-4">
         <div class="notification block is-warning">
             <i class="fa fa-mask"></i> This member's profile page is <strong>private.</strong> You may send them