Commit Graph

72 Commits

Author SHA1 Message Date
Noah Petherbridge
b52d9df958 Member Search: Add a filter for "Currently on chat" 2024-10-19 13:07:17 -07:00
Noah Petherbridge
cbdabe791e Improve Signed Photo URLs
* The photo signing JWT tokens carry more fields to validate against:
  * The username the token is assigned to (or '@' for anyone)
  * An 'anyone' boolean for widely public images, such as for the chat room
    and public profile pages.
  * A short filename hash of the image in question (whether a Photo or a
    CommentPhoto) - so that the user can't borrow a JWT token from the chat
    room and reveal a different picture.
* Refactored where the VisibleAvatarURL function lives, to avoid a cyclic
  dependency error.
  * Originally: (*models.User).VisibleAvatarURL(other *models.User)
  * Now: (pkg/photo).VisibleAvatarURL(user, currentUser *models.User)
2024-10-03 20:14:34 -07:00
Noah Petherbridge
9575041d1e Bugfix when removing all chat moderation rules 2024-09-20 20:32:56 -07:00
Noah Petherbridge
066765d2dc Chat Moderation Rules + Shy Accounts on Chat
* Add chat moderation rules to the website, so admins can apply selective rules
  to problematic users. Available rules are:
  * redcam: user's camera is always NSFW.
  * nobroadcast: user can not broadcast their camera.
  * novideo: user can not broadcast OR watch any video.
  * noimage: user can not share OR see any shared image on chat.
* The page to manage a user's active rules is available on their admin card of
  their profile page. When the user has rules active, a yellow counter is shown
  by the link to manage their rules.
  * Only chat moderator admins have access to the page or can see the yellow
    counter to know whether rules are active.
* "Shy Accounts" are now permitted on the chat room! With some moderation rules
  automatically applied to them: novideo,noimage.
* Update the Shy Account FAQ and messaging on the chat landing page.
* Update the auto-kick from chat behavior regarding shy accounts:
  * They are kicked from chat only when an update to their profile settings will
    transition then FROM a non-shy into a shy account.
  * For example: when saving their profile settings (going private) or when
    editing or deleting a photo (if they will have no more public photos left)
2024-09-19 19:30:02 -07:00
Noah Petherbridge
2f31d678d0 Usage Statistics and Website Demographics
Adds two new features to collect and show useful analytics.

Usage Statistics:
* Begin tracking daily active users who log in and interact with major features
  of the website each day, such as the chat room, forum and gallery.

Demographics page:
* For marketing, the home page now shows live statistics about the breakdown of
  content (explicit vs. non-explicit) on the site, and the /insights page gives
  a lot more data in detail.
* Show the percent split in photo gallery content and how many users opt-in or
  share explicit content on the site.
* Show high-level demographics of the members (by age range, gender, orientation)

Misc cleanup:
* Rearrange model list in data export to match the auto-create statements.
* In data exports, include the forum_memberships, push_notifications and
  usage_statistics tables.
2024-09-11 19:28:52 -07:00
Noah Petherbridge
8d9588b039 Notification when admin users are blocked 2024-09-10 15:43:34 -07:00
Noah Petherbridge
463253dbb5 Email delivery tweaks 2024-09-09 20:52:53 -07:00
Noah Petherbridge
def9f6ddcf Bugfix on member search page 2024-08-23 23:34:12 -07:00
Noah Petherbridge
36e48f6ce0 Member Search: Order by certified at 2024-08-23 23:09:27 -07:00
Noah Petherbridge
28d1e284ab User Forums: Newest Tab, Moderators
* The "Newest" tab of the forum is updated with new filter options.
  * Which forums: All, Official, Community, My List
  * Show: By threads, All posts
  * The option for "Which forums" is saved in the user's preferences and set as
    their default on future visits, similar to the Site Gallery "Whose photos"
    option.
  * So users can subscribe to their favorite forums and always get their latest
    posts easily while filtering out the rest.
* Forum Moderators
  * Add the ability to add and remove moderators for your forum.
  * Users are notified when they are added as a moderator.
  * Moderators can opt themselves out by unfollowing the forum.
* ForumMembership: add unique constraint on user_id,forum_id.
2024-08-23 22:56:40 -07:00
Noah Petherbridge
e70ede301f Delete the inner circle 2024-08-10 11:54:37 -07:00
Noah Petherbridge
b8be14ea8d Search By Location
* Add a world cities database with type-ahead search on the Member Directory.
* Users can search for a known city to order users by distance from that city
  rather than from their own configured location on their settings page.
* Users must opt-in their own location before this feature may be used, in order
  to increase adoption of the location feature and to enforce fairness.
* The `nonshy setup locations` command can import the world cities database.
2024-08-03 14:54:22 -07:00
Noah Petherbridge
f3925c1095 Fix inner circle search on member directory 2024-07-20 20:32:19 -07:00
Noah Petherbridge
dbeb5060e4 Minor search query bugfix 2024-07-16 17:07:41 -07:00
Noah Petherbridge
1134128a71 Revert "Public Avatar Consent Page"
This reverts commit 4f04323d5a.
2024-06-29 21:42:35 -07:00
Noah Petherbridge
4f04323d5a Public Avatar Consent Page
The nonshy website is changing the policy on profile pictures. From August 30,
the square cropped avatar images will need to be publicly viewable to everyone.

This implements the first pass of the rollout:

* Add the Public Avatar Consent Page which explains the change to users and
  asks for their acknowledgement. The link is available from their User Settings
  page, near their Certification Photo link.
* When users (with non-public avatars) accept the change: their square cropped
  avatar will become visible to everybody, instead of showing a placeholder
  avatar.
* Users can change their mind and opt back out, which will again show the
  placeholder avatar.
* The Certification Required middleware will automatically enforce the consent
  page once the scheduled go-live date arrives.

Next steps are:

1. Post an announcement on the forum about the upcoming change and link users
   to the consent form if they want to check it out early.
2. Update the nonshy site to add banners to places like the User Dashboard for
   users who will be affected by the change, to link them to the forum post
   and the consent page.
2024-06-29 16:44:18 -07:00
Noah Petherbridge
8754ed8592 Search users by "Liked" 2024-06-26 21:27:03 -07:00
Noah Petherbridge
616f6ae76b Full text profile search for the member directory 2024-06-19 14:12:25 -07:00
Noah Petherbridge
42aeb60853 Various tweaks and improvements
* Inner circle: users have the ability to remove themselves and can avoid being
  invited again in the future.
* Admin actions: add a "Reset Password" ability to user accounts.
* Admin "Create New User" page.
* Rate limit error handling improvements for the login page.
2024-06-15 15:05:50 -07:00
Noah Petherbridge
ed008a99e6 Admin: don't search for banned users without the scope
An admin must have the admin.user.ban scope in order to search for
banned or disabled users in the member directory.
2024-05-11 14:10:59 -07:00
Noah Petherbridge
106ca56198 Search users by admin, privacy policy update 2024-04-25 21:52:43 -07:00
Noah Petherbridge
382c6df96c Fix User model json fields 2024-04-25 11:31:04 -07:00
Noah Petherbridge
f4721d65da HTMX lazy load for user statistics card 2024-04-24 20:36:37 -07:00
Noah Petherbridge
2ab34a39a3 Better UX for Who's Nearby feature 2024-03-29 20:35:41 -07:00
Noah Petherbridge
f4d176a538 Change Logs
* Add a ChangeLog table to collect historic updates to various database tables.
* Created, Updated (with field diffs) and Deleted actions are logged, as well
  as certification photo approves/denies.
* Specific items added to the change log:
  * When a user photo is marked Explicit by an admin
  * When users block/unblock each other
  * When photo comments are posted, edited, and deleted
  * When forums are created, edited, and deleted
  * When forum comments are created, edited and deleted
  * When a new forum thread is created
  * When a user uploads or removes their own certification photo
  * When an admin approves or rejects a certification photo
  * When a user uploads, modifies or deletes their gallery photos
  * When a friend request is sent
  * When a friend request is accepted, ignored, or rejected
  * When a friendship is removed
2024-02-25 17:03:36 -08:00
Noah Petherbridge
fedfbed4eb Ability to change username 2024-01-27 13:57:24 -08:00
Noah Petherbridge
19006877a2 Fix limited logged-out view profile picture 2024-01-07 15:32:51 -08:00
Noah Petherbridge
7a6b21fee5 Lazy compute UserRelationships on CanSeeProfilePicture function 2024-01-07 14:25:00 -08:00
Noah Petherbridge
8fca36836c Add notice of private profile pic, inner circle placeholder
* On a user gallery page: if the current user can not see their default
  profile pic (friends-only or private), include a notice and link to
  the FAQ about this.
* Add a new placeholder avatar for profile pics that are set to
  "Inner circle only" when viewed by members outside the circle.
2024-01-07 14:20:01 -08:00
Noah Petherbridge
13775b9722 Admin view for User Notes page 2023-12-21 14:59:41 -08:00
Noah Petherbridge
d72f0b1d2d Site Gallery: Remember last 'Whose photos' preference 2023-11-24 11:37:01 -08:00
Noah Petherbridge
c701dd831f Add command to export user data for privacy regulations 2023-10-23 19:05:34 -07:00
Noah Petherbridge
481bd0ae61 Deactivate Account; Friends Lists on Profiles
* Add a way for users to temporarily deactivate their accounts, in a
  recoverable way should they decide to return later.
* A deactivated account may log in but have limited options: to
  reactivate their account, permanently delete it, or log out.
* Fix several bugs around the display of comments, messages and
  forum threads for disabled, banned, or blocked users:
  * Messages (inbox and sentbox) will be hidden and the unread indicator
    will not count unread messages the user can't access.
  * Comments on photos and forum posts are hidden, and top-level threads
    on the "Newest" tab will show "[unavailable]" for their text and
    username.
  * Your historical notifications will hide users who are blocked, banned
    or disabled.
* Add a "Friends" tab to user profile pages, to see other users' friends.
  * The page is Certification Required so non-cert users can't easily
    discover any members on the site.
2023-10-22 15:02:24 -07:00
Noah Petherbridge
f21af625c1 Adjust birthday window 2023-10-11 03:03:52 +00:00
Noah Petherbridge
16eca589e5 Adjust birthday window 2023-10-10 19:38:02 -07:00
Noah Petherbridge
59338d510f Birthday cake emoji for the chat room 2023-10-10 19:30:39 -07:00
Noah Petherbridge
09ba634556 Bugfix on user search page 2023-10-10 18:03:05 -07:00
Noah Petherbridge
a16894a1b1 Chat landing page: show online friends 2023-10-08 13:35:11 -07:00
Noah Petherbridge
c9c89100f9 Search: don't filter by age for people who hide their age 2023-10-08 10:57:08 -07:00
Noah Petherbridge
eb571e1933 BareRTC user profile webhook 2023-10-07 13:24:07 -07:00
Noah Petherbridge
a19e52c03f Instantly block user in chat, search improvements 2023-09-30 15:24:14 -07:00
Noah Petherbridge
de30f5e952 See who has "Liked" something 2023-09-13 21:28:38 -07:00
Noah Petherbridge
de71d65be6 Only admin users can see banned accounts on search 2023-09-09 11:16:43 -07:00
Noah Petherbridge
577c92386e Filter for expressly non-certified 2023-09-01 17:20:34 -07:00
Noah Petherbridge
67a54c866e New search filters and friendship sent icon 2023-09-01 17:13:10 -07:00
Noah Petherbridge
8275cc3ad9 Bugfix on search page 2023-08-29 21:14:06 -07:00
Noah Petherbridge
6eb51cf545 Filter member directory by HereFor 2023-08-29 21:10:00 -07:00
Noah Petherbridge
cc628afd44 Who's Nearby Feature 2023-08-19 19:11:33 -07:00
Noah Petherbridge
1ee8acf060 Various quick fixes
* Signup: if entering an existing email, don't admit that the email
  exists. Instead, send a specialized email to its address.
* Search: no longer search for users by email address.
* Login: always hash the incoming password on user not found, to take
  constant time compared to when the user did exist.
* Fix a pagination bug when a private (shy account) views a non-friend's
  photo gallery.
2023-08-15 17:33:33 -07:00
Noah Petherbridge
47aaf15078 Admin Groups & Permissions
Add a permission system for admin users so you can lock down specific admins to
a narrower set of features instead of them all having omnipotent powers.

* New page: Admin Dashboard -> Admin Permissions Management
* Permissions are handled in the form of 'scopes' relevant to each feature or
  action on the site. Scopes are assigned to Groups, and in turn, admin user
  accounts are placed in those Groups.
* The Superusers group (scope '*') has wildcard permission to all scopes. The
  permissions dashboard has a create-once action to initialize the Superusers
  for the first admin who clicks on it, and places that admin in the group.

The following are the exhaustive list of permission changes on the site:

* Moderator scopes:
    * Chat room (enter the room with Operator permission)
    * Forums (can edit or delete user posts on the forum)
    * Photo Gallery (can see all private/friends-only photos on the site
      gallery or user profile pages)
* Certification photos (with nuanced sub-action permissions)
    * Approve: has access to the Pending tab to act on incoming pictures
    * List: can paginate thru past approved/rejected photos
    * View: can bring up specific user cert photo from their profile
    * The minimum requirement is Approve or else no cert photo page
      will load for your admin user.
* User Actions (each action individually scoped)
    * Impersonate
    * Ban
    * Delete
    * Promote to admin
* Inner circle whitelist: no longer are admins automatically part of the
  inner circle unless they have a specialized scope attached.

The AdminRequired decorator may also apply scopes on an entire admin route.
The following routes have scopes to limit them:

* Forum Admin (manage forums and their settings)
* Remove from inner circle
2023-08-01 20:39:48 -07:00