Commit Graph

73 Commits

Author SHA1 Message Date
Noah Petherbridge
cc82fec108 Unit tests and code cleanup for cold storage 2024-05-30 16:59:21 -07:00
Noah Petherbridge
6f5127dd56 Cold Storage with One-Way RSA Encryption 2024-05-29 23:20:24 -07:00
Noah Petherbridge
5db1c03fd9 Clean up admin permission checks around the site 2024-05-27 13:02:05 -07:00
Noah Petherbridge
f0e69f78da Certification: Secondary Photo ID Workflow
* Add an Admin Certification Photo workflow where we can request the user to
  upload a secondary form of ID (government issued photo ID showing their
  face and date of birth).
* An admin rejection option can request secondary photo ID.
* It sends a distinct e-mail to the user apart from the regular rejection email
* It flags their cert photo as "Secondary Needed" forever: even if the user
  removes their cert photo and starts from scratch, it will immediately request
  secondary ID when uploading a new primary photo.
* Secondary photos are deleted from the server on both Approve and Reject by
  the admin account, for user privacy.
* If approved, a Secondary Approved=true boolean is stored in the database. This
  boolean is set to False if the user deletes their cert photo in the future.
2024-05-26 12:34:00 -07:00
Noah Petherbridge
fdf0aee5da Certification Photo to log IP address in changelog 2024-04-28 11:27:06 -07:00
Noah Petherbridge
2f352f8664 Ability to find your "Likes" on the Site Gallery 2024-04-27 19:06:17 -07:00
Noah Petherbridge
32b054cacf Remove from inner circle when deleting all your pictures 2024-04-13 10:44:09 -07:00
Noah Petherbridge
d623f0bc3c User endpoint to flag photos that should be Explicit 2024-03-16 13:29:28 -07:00
Noah Petherbridge
cf6249c415 Alt Text for Photos
* Add an Alt Text field for users to describe their photos for accessibility.
* Alt texts appear on mouse over on Gallery pages, in the lightbox modal (on
  mouse over or by clicking the ALT button that appears), and in a box on the
  permalink page below the photo caption.
* Max length of Alt Text is 5,000 characters.
* Fix a bug with the right-click blocker not working on the lightbox modal.
2024-03-15 22:02:24 -07:00
Noah Petherbridge
742a5fa1af Auto-Disconnect Users from Chat
Users whose accounts are no longer eligible to be in the chat room will be
disconnected immediately from chat when their account status changes.

The places in nonshy where these disconnects may happen include:

* When the user deactivates or deletes their account.
* When they modify their settings to mark their profile as 'private,' making
  them become a Shy Account.
* When they edit or delete their photos in case they have moved their final
  public photo to be private, making them become a Shy Account.
* When the user deletes their certification photo, or uploads a new cert photo
  to be reviewed (in both cases, losing account certified status).
* When an admin user rejects their certification photo, even retroactively.
* On admin actions against a user, including: banning them, deleting their
  user account.

Other changes made include:

* When signing up an account and e-mail sending is not enabled (e.g. local
  dev environment), the SignupToken is still created and logged to the console
  so you can continue the signup manually.
* On the new account DOB prompt, add a link to manually input their birthdate
  as text similar to on the Age Gate page.
2024-03-15 15:57:05 -07:00
Noah Petherbridge
f4d176a538 Change Logs
* Add a ChangeLog table to collect historic updates to various database tables.
* Created, Updated (with field diffs) and Deleted actions are logged, as well
  as certification photo approves/denies.
* Specific items added to the change log:
  * When a user photo is marked Explicit by an admin
  * When users block/unblock each other
  * When photo comments are posted, edited, and deleted
  * When forums are created, edited, and deleted
  * When forum comments are created, edited and deleted
  * When a new forum thread is created
  * When a user uploads or removes their own certification photo
  * When an admin approves or rejects a certification photo
  * When a user uploads, modifies or deletes their gallery photos
  * When a friend request is sent
  * When a friend request is accepted, ignored, or rejected
  * When a friendship is removed
2024-02-25 17:03:36 -08:00
Noah Petherbridge
7da650ffc4 Go 1.22 upgrade 2024-02-10 16:17:15 -08:00
Noah Petherbridge
b4cd57c8c3 Tweak friends-only pic notification revoke 2024-01-10 18:08:17 -08:00
Noah Petherbridge
8fca36836c Add notice of private profile pic, inner circle placeholder
* On a user gallery page: if the current user can not see their default
  profile pic (friends-only or private), include a notice and link to
  the FAQ about this.
* Add a new placeholder avatar for profile pics that are set to
  "Inner circle only" when viewed by members outside the circle.
2024-01-07 14:20:01 -08:00
Noah Petherbridge
9a854e5679 New inner circle invite workflow 2024-01-06 20:07:36 -08:00
Noah Petherbridge
384638de09 Site Gallery throttle 2024-01-05 19:08:44 -08:00
Noah Petherbridge
483e5a2db3 Photo edit/delete fixes, lazy load images 2023-12-21 14:37:55 -08:00
Noah Petherbridge
3d4c728d75 Certification photo admin updates 2023-11-25 14:28:16 -08:00
Noah Petherbridge
d72f0b1d2d Site Gallery: Remember last 'Whose photos' preference 2023-11-24 11:37:01 -08:00
Noah Petherbridge
c0bff8ee18 Settings to opt-out of certain notification types 2023-10-28 14:34:35 -07:00
Noah Petherbridge
64d2749299 Fix site gallery userID + visibility filters 2023-10-26 17:33:08 -07:00
Noah Petherbridge
a97ed4562e Ability to ignore friend requests 2023-10-22 19:57:18 -07:00
Noah Petherbridge
61c47c032d Site Gallery: Default to friends only 2023-10-22 19:17:49 -07:00
Noah Petherbridge
39c825d4ca Filters on User Gallery Pages 2023-10-22 16:03:17 -07:00
Noah Petherbridge
481bd0ae61 Deactivate Account; Friends Lists on Profiles
* Add a way for users to temporarily deactivate their accounts, in a
  recoverable way should they decide to return later.
* A deactivated account may log in but have limited options: to
  reactivate their account, permanently delete it, or log out.
* Fix several bugs around the display of comments, messages and
  forum threads for disabled, banned, or blocked users:
  * Messages (inbox and sentbox) will be hidden and the unread indicator
    will not count unread messages the user can't access.
  * Comments on photos and forum posts are hidden, and top-level threads
    on the "Newest" tab will show "[unavailable]" for their text and
    username.
  * Your historical notifications will hide users who are blocked, banned
    or disabled.
* Add a "Friends" tab to user profile pages, to see other users' friends.
  * The page is Certification Required so non-cert users can't easily
    discover any members on the site.
2023-10-22 15:02:24 -07:00
Noah Petherbridge
41beba54f2 Don't show blocked users on Likes lists 2023-09-17 22:28:21 -07:00
Noah Petherbridge
b788480eb6 Tighten up user blocking in Notifications & Comments
The following bugs are resolved:
* A blocked user comments on a Photo that you have also commented on
  (are subscribed to), and you would be notified about their comment.
* A blocked user comments on a Forum Thread that you are subscribed to,
  and you would be notified about their post.
* Comments by blocked users (on photos and forum threads) were visible
  to you after you have blocked them.
2023-09-16 23:07:32 -07:00
Noah Petherbridge
49b5387750 User Notes + Bring Back Online Chatters List
New feature: User Notes
* Add a "Notes" tab to user profile pages and galleries.
* Users can create one private note about another user.
* Admins can see all notes left about a user.
* Admins also see Feedback & Reports regarding the user on that page.

Bring back the online chatters list
* The Usernames are filtered down based on blocklist status.
2023-09-16 13:46:26 -07:00
Noah Petherbridge
a70e1c2b73 Minor bugfixes
- Revoke photo notifications if visibility moving to inner circle
- No longer show usernames in chat on the landing page
2023-09-14 17:40:12 -07:00
Noah Petherbridge
de30f5e952 See who has "Liked" something 2023-09-13 21:28:38 -07:00
Noah Petherbridge
6b0246edad Tweak private share badges 2023-09-01 23:07:15 -07:00
Noah Petherbridge
2d7f8c0d87 Fix private grants page 2023-09-01 22:41:33 -07:00
Noah Petherbridge
944dbb749b Private photos: see who shares back 2023-09-01 22:27:18 -07:00
Noah Petherbridge
1ee8acf060 Various quick fixes
* Signup: if entering an existing email, don't admit that the email
  exists. Instead, send a specialized email to its address.
* Search: no longer search for users by email address.
* Login: always hash the incoming password on user not found, to take
  constant time compared to when the user did exist.
* Fix a pagination bug when a private (shy account) views a non-friend's
  photo gallery.
2023-08-15 17:33:33 -07:00
Noah Petherbridge
868aef6fb0 Minor bugfix 2023-08-15 09:53:59 -07:00
Noah Petherbridge
4c398c9b13 Minor bugfix 2023-08-15 09:53:13 -07:00
Noah Petherbridge
666d3105b7 Privacy Improvements and Notification Fixes
* On user profile pages and gallery: the total photo count for the user
  will only include photos that the viewer can actually see (taking into
  account friendship and private grants), so that users won't harass
  each other to see the additional photos that aren't visible to them.
* On the member directory search: the photo counts will only show public
  photos on their page for now, and may be fewer than the number of
  photos the current user could actually see.
* Blocklist: you can now manually add a user by username to your block
  list. So if somebody blocked you on the site and you want to block
  them back, there is a way to do this.
* Friends: you can now directly unfriend someone from their profile
  page by clicking on the "Friends" button. You get a confirmation
  popup before the remove friend action goes through.
* Bugfix: when viewing a user's gallery, you were able to see their
  Friends-only photos if they granted you their Private photo access,
  even if you were not their friend.
* Bugfix: when uploading a new private photo, instead of notifying
  everybody you granted access to your privates it will only notify
  if they are also on your friend list.
2023-08-14 18:50:34 -07:00
Noah Petherbridge
fdc410c9f1 Clear/Delete Notifications, Private Photo Fixes
Added the ability to delete or clear notifications.
* A "Clear all" button deletes them all (with confirmation)
* A "Remove" button on individual notifications (one confirmation per
  page load, so you can remove several without too much tedium)

Fix some things regarding private photo notifications:
* When notifying your existing grants about a new upload, only users who
  opt-in for Explicit are notified about Explicit private pictures.
* When revoking private grants, clean up the "has uploaded a new private
  photo" notifications for all of your pics from their notification
  feeds.
2023-08-04 18:54:04 -07:00
Noah Petherbridge
47aaf15078 Admin Groups & Permissions
Add a permission system for admin users so you can lock down specific admins to
a narrower set of features instead of them all having omnipotent powers.

* New page: Admin Dashboard -> Admin Permissions Management
* Permissions are handled in the form of 'scopes' relevant to each feature or
  action on the site. Scopes are assigned to Groups, and in turn, admin user
  accounts are placed in those Groups.
* The Superusers group (scope '*') has wildcard permission to all scopes. The
  permissions dashboard has a create-once action to initialize the Superusers
  for the first admin who clicks on it, and places that admin in the group.

The following are the exhaustive list of permission changes on the site:

* Moderator scopes:
    * Chat room (enter the room with Operator permission)
    * Forums (can edit or delete user posts on the forum)
    * Photo Gallery (can see all private/friends-only photos on the site
      gallery or user profile pages)
* Certification photos (with nuanced sub-action permissions)
    * Approve: has access to the Pending tab to act on incoming pictures
    * List: can paginate thru past approved/rejected photos
    * View: can bring up specific user cert photo from their profile
    * The minimum requirement is Approve or else no cert photo page
      will load for your admin user.
* User Actions (each action individually scoped)
    * Impersonate
    * Ban
    * Delete
    * Promote to admin
* Inner circle whitelist: no longer are admins automatically part of the
  inner circle unless they have a specialized scope attached.

The AdminRequired decorator may also apply scopes on an entire admin route.
The following routes have scopes to limit them:

* Forum Admin (manage forums and their settings)
* Remove from inner circle
2023-08-01 20:39:48 -07:00
Noah Petherbridge
356f94698f Some bugfixes around profile picture cropping 2023-07-22 11:52:05 -07:00
Noah Petherbridge
e051da21b5 Support GIF videos in your photo gallery 2023-06-25 22:55:07 -07:00
Noah Petherbridge
0f6b627156 Spit and polish
* Refactor pagination into a DRY template func
* Better guide users with no profile pic to upload one
2023-06-21 20:46:27 -07:00
Noah Petherbridge
6cad3cadc7 Inner circle followups: notifications, min public pictures 2023-05-24 11:27:42 -07:00
Noah Petherbridge
b9f2bafd7a Bugfix 2023-05-23 23:37:11 -07:00
Noah Petherbridge
9788ea6a33 The inner circle 2023-05-23 20:04:17 -07:00
Noah Petherbridge
17d9760b61 Bugfix: Owner of a private photo can see its comment page 2023-05-16 10:10:37 -07:00
Noah Petherbridge
ba9e90b32a Photo upload notification: only notify explicit friends of new explicit photo 2023-05-07 13:16:22 -07:00
Noah Petherbridge
f98b6b2806 Notifications about new photo uploads for your friends 2023-03-16 20:04:43 -07:00
Noah Petherbridge
df65b1b260 Bugfixes around banned user accounts 2023-03-09 16:57:38 -08:00
Noah Petherbridge
7d17dce4d4 Shy Accounts
* Users with private profiles or no public photo at all are considered
  to be Shy Accounts and are isolated from the non-shy profiles.
* Restrictions include:
  * Site Gallery shows only them + their friends' photos.
  * User Galleries: must be a friend or had private photos granted to
    see a user's gallery page.
  * DMs: can not initiate a DM to a non-shy member (other shy members
    OK).
2023-02-13 22:19:18 -08:00