Allow basic access to profile pages for not logged-in users

This commit is contained in:
Noah 2022-08-26 21:32:26 -07:00
parent 9c1985e01e
commit 6081aefb2f
4 changed files with 48 additions and 18 deletions

View File

@ -2,6 +2,7 @@ package account
import (
"net/http"
"net/url"
"regexp"
"code.nonshy.com/nonshy/website/pkg/models"
@ -22,14 +23,6 @@ func Profile() http.HandlerFunc {
username = m[1]
}
// Get the current user.
currentUser, err := session.CurrentUser(r)
if err != nil {
session.FlashError(w, r, "Couldn't get CurrentUser: %s", err)
templates.Redirect(w, "/")
return
}
// Find this user.
user, err := models.FindUser(username)
if err != nil {
@ -37,6 +30,27 @@ func Profile() http.HandlerFunc {
return
}
// Get the current user (if logged in).
currentUser, err := session.CurrentUser(r)
if err != nil {
// The viewer is not logged in, bail now with the basic profile page. If this
// user is private, redirect to login.
if user.Visibility == models.UserVisibilityPrivate {
session.FlashError(w, r, "You must be signed in to view this page.")
templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
return
}
vars := map[string]interface{}{
"User": user,
}
if err := tmpl.Execute(w, r, vars); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
return
}
var isSelf = currentUser.ID == user.ID
// Banned or disabled? Only admin can view then.

View File

@ -3,6 +3,7 @@ package middleware
import (
"context"
"net/http"
"net/url"
"time"
"code.nonshy.com/nonshy/website/pkg/config"
@ -22,7 +23,7 @@ func LoginRequired(handler http.Handler) http.Handler {
if err != nil {
log.Error("LoginRequired: %s", err)
session.FlashError(w, r, "You must be signed in to view this page.")
templates.Redirect(w, "/login?next="+r.URL.RawPath)
templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
return
}
@ -61,8 +62,8 @@ func AdminRequired(handler http.Handler) http.Handler {
currentUser, err := session.CurrentUser(r)
if err != nil {
log.Error("AdminRequired: %s", err)
errhandler := templates.MakeErrorPage("Login Required", "You must be signed in to view this page.", http.StatusForbidden)
errhandler.ServeHTTP(w, r)
session.FlashError(w, r, "You must be signed in to view this page.")
templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
return
}
@ -90,7 +91,7 @@ func CertRequired(handler http.Handler) http.Handler {
if err != nil {
log.Error("LoginRequired: %s", err)
session.FlashError(w, r, "You must be signed in to view this page.")
templates.Redirect(w, "/login?next="+r.URL.Path)
templates.Redirect(w, "/login?next="+url.QueryEscape(r.URL.String()))
return
}

View File

@ -39,7 +39,7 @@ func New() http.Handler {
mux.Handle("/me", middleware.LoginRequired(account.Dashboard()))
mux.Handle("/settings", middleware.LoginRequired(account.Settings()))
mux.Handle("/account/delete", middleware.LoginRequired(account.Delete()))
mux.Handle("/u/", middleware.LoginRequired(account.Profile()))
mux.Handle("/u/", account.Profile()) // public access OK
mux.Handle("/photo/upload", middleware.LoginRequired(photo.Upload()))
mux.Handle("/photo/u/", middleware.LoginRequired(photo.UserPhotos()))
mux.Handle("/photo/view", middleware.LoginRequired(photo.View()))

View File

@ -1,12 +1,12 @@
{{define "title"}}{{.User.Username}}{{end}}
{{define "content"}}
<div class="container">
<section class="hero is-info is-bold">
<section class="hero {{if .LoggedIn}}is-info{{else}}is-light is-bold{{end}}">
<div class="hero-body">
<div class="container">
<div class="columns">
<div class="column is-narrow">
<figure class="profile-photo">
<div class="column is-narrow has-text-centered">
<figure class="profile-photo is-inline-block">
{{if .User.ProfilePhoto.ID}}
<img src="/static/photos/{{.User.ProfilePhoto.CroppedFilename}}" data-photo-id="{{.User.ProfilePhoto.ID}}">
{{else}}
@ -14,7 +14,7 @@
{{end}}
<!-- CurrentUser can upload a new profile pic -->
{{if eq .CurrentUser.ID .User.ID}}
{{if and .LoggedIn (eq .CurrentUser.ID .User.ID)}}
<span class="corner">
<button class="button is-small p-1 is-success">
<a href="/photo/upload?intent=profile_pic"
@ -36,8 +36,18 @@
({{.User.Status}})
</h2>
{{end}}
{{if not .LoggedIn}}
<h2 class="subtitle">is on {{PrettyTitle}}, a social network for nudists &amp; exhibitionists.</h2>
<p>
{{PrettyTitle}} is a new social network for <strong>real</strong> nudists and exhibionists.
Join <strong>{{.User.Username}}</strong> and the others on this site by
<a href="/signup"><ins>creating an account</ins></a> and sending them a friend request! Please
see <a href="/"><ins>the home page</ins></a> for all the details.
</p>
{{end}}
</div>
{{if .LoggedIn}}
<div class="column is-narrow">
<div class="box">
<div>
@ -84,8 +94,10 @@
{{end}}
</div>
</div>
{{end}}<!-- if .LoggedIn -->
</div>
{{if .LoggedIn}}
<div class="columns is-centered is-gapless">
<div class="column is-narrow has-text-centered">
<form action="/friends/add" method="POST">
@ -166,11 +178,14 @@
</div>
</div><!-- columns -->
{{end}}<!-- if .LoggedIn -->
</div>
</div>
</section>
{{if .IsPrivate}}
{{if not .LoggedIn}}
<div class="py-6"></div>
{{else if .IsPrivate}}
<div class="block p-4">
<div class="notification block is-warning">
<i class="fa fa-mask"></i> This member's profile page is <strong>private.</strong> You may send them