Commit Graph

26 Commits

Author SHA1 Message Date
Noah Petherbridge
6eb51cf545 Filter member directory by HereFor 2023-08-29 21:10:00 -07:00
Noah Petherbridge
cc628afd44 Who's Nearby Feature 2023-08-19 19:11:33 -07:00
Noah Petherbridge
1ee8acf060 Various quick fixes
* Signup: if entering an existing email, don't admit that the email
  exists. Instead, send a specialized email to its address.
* Search: no longer search for users by email address.
* Login: always hash the incoming password on user not found, to take
  constant time compared to when the user did exist.
* Fix a pagination bug when a private (shy account) views a non-friend's
  photo gallery.
2023-08-15 17:33:33 -07:00
Noah Petherbridge
47aaf15078 Admin Groups & Permissions
Add a permission system for admin users so you can lock down specific admins to
a narrower set of features instead of them all having omnipotent powers.

* New page: Admin Dashboard -> Admin Permissions Management
* Permissions are handled in the form of 'scopes' relevant to each feature or
  action on the site. Scopes are assigned to Groups, and in turn, admin user
  accounts are placed in those Groups.
* The Superusers group (scope '*') has wildcard permission to all scopes. The
  permissions dashboard has a create-once action to initialize the Superusers
  for the first admin who clicks on it, and places that admin in the group.

The following are the exhaustive list of permission changes on the site:

* Moderator scopes:
    * Chat room (enter the room with Operator permission)
    * Forums (can edit or delete user posts on the forum)
    * Photo Gallery (can see all private/friends-only photos on the site
      gallery or user profile pages)
* Certification photos (with nuanced sub-action permissions)
    * Approve: has access to the Pending tab to act on incoming pictures
    * List: can paginate thru past approved/rejected photos
    * View: can bring up specific user cert photo from their profile
    * The minimum requirement is Approve or else no cert photo page
      will load for your admin user.
* User Actions (each action individually scoped)
    * Impersonate
    * Ban
    * Delete
    * Promote to admin
* Inner circle whitelist: no longer are admins automatically part of the
  inner circle unless they have a specialized scope attached.

The AdminRequired decorator may also apply scopes on an entire admin route.
The following routes have scopes to limit them:

* Forum Admin (manage forums and their settings)
* Remove from inner circle
2023-08-01 20:39:48 -07:00
Noah Petherbridge
45cb4d260e DM Privacy + Settings Page Tabs
* Refactor the Settings page into a tabbed UI to reduce confusion with
  all the different forms and save buttons
* Add a DM Privacy setting to your page
* Update the About page
2023-06-23 22:18:09 -07:00
Noah Petherbridge
ae8ef83115 Option to hide age from profile display 2023-06-16 17:11:52 -07:00
Noah Petherbridge
50d05f92f1 Fix Gallery checkbox always checking itself + small fixes 2023-05-24 18:40:27 -07:00
Noah Petherbridge
9788ea6a33 The inner circle 2023-05-23 20:04:17 -07:00
Noah Petherbridge
df65b1b260 Bugfixes around banned user accounts 2023-03-09 16:57:38 -08:00
Noah Petherbridge
7d17dce4d4 Shy Accounts
* Users with private profiles or no public photo at all are considered
  to be Shy Accounts and are isolated from the non-shy profiles.
* Restrictions include:
  * Site Gallery shows only them + their friends' photos.
  * User Galleries: must be a friend or had private photos granted to
    see a user's gallery page.
  * DMs: can not initiate a DM to a non-shy member (other shy members
    OK).
2023-02-13 22:19:18 -08:00
6c91c67c97 More Private User Avatars
* Users who set their Profile Picture to "friends only" or "private" can have
  their avatar be private all over the website to users who are not their
  friends or not granted access.
* Users who are not your friends see a yellow placeholder avatar, and users
  not granted access to a private Profile Pic sees a purple avatar.
* Admin users see these same placeholder avatars most places too (on search,
  forums, comments, etc.) if the user did not friend or grant the admin. But
  admins ALWAYS see it on their Profile Page directly, for ability to moderate.
* Fix marking Notifications as read: clicking the link in an unread notification
  now will wait on the ajax request to finish before allowing the redirect.
* Update the FAQ
2022-09-08 21:42:20 -07:00
8419958b25 Likes on Comments, and other minor improvements
* Add "Like" buttons to comments and forum posts.
* Make "private" profiles more private (logged-in users see only their profile
  pic, display name, and can friend request or message, if they are not approved
  friends of the private user)
* Add "logged-out view" visibility setting to profiles: to share a link to your
  page on other sites. Opt-in setting - default is login required to view your
  public profile page.
* CSRF cookie fix.
* Updated FAQ & Privacy pages.
2022-08-29 20:00:15 -07:00
bbc6e354e2 Rename the module 2022-08-25 21:21:46 -07:00
27a7abaae7 Private Profiles & Misc Improvements
* Add setting to mark profile as "private"
* If a profile is private you can't see their profile page or user photo
  gallery unless you are friends (or admin)
* The Site Gallery never shows pictures from private profiles.
* Add HTML5 drag/drop upload support for photo gallery.
* Suppress SQL logging except in debug mode.
* Clean up extra logs.
2022-08-21 17:29:39 -07:00
36ba8c5c4d Photo Quotas & Postgres Fixes
* Add photo upload quotas.
* Non-certified users can upload few photos; certified users more
* Fix foreign key issues around deleting user profile photos for psql
2022-08-21 15:40:24 -07:00
50fc93abfb Static pages: About, FAQ, TOS, Privacy 2022-08-15 22:33:17 -07:00
030fadcf8d Block Lists
Implement block lists. They work like friend lists but are unidirectional,
but take effect in both directions (blocker and blockee can not see one
another on the site -- except admin users can always see all users).

* Profile page says 404
* User gallery says 404
* User search page filters out blocked users
* Compose endpoint blocks sending messages to blocked users (except admin)
* Site Gallery filters photos by blocked (and uncertified) users
* Inbox page hides chat list for blocked users (can still read the chat
  history if you have a link to the old thread)
2022-08-14 17:45:55 -07:00
e4406feb1e Admin Actions
* Add impersonate feature
* Add ban/unban user feature
* Add promote/demote admin status feature
* Add admin user deletion feature
* Admin ability to see other status certification pics
* Nav bar indicator of pending admin actions such as cert pics
  needing approval
* Admin ability to search cert pics for specific user
2022-08-14 16:27:57 -07:00
49ffa277e8 User Account Busywork
* Add "forgot password" workflow.
* Add ability to change user email address (confirmation link sent)
* Add ability to change user's password.
* Add rate limiter to deter brute force login attempts.
* Add user deep delete functionality (delete account).
* Ping user LastLoginAt every 8 hours for long-lived session cookies.
* Add age filters to user search page.
* Add sort options to user search (last login, created, username/name)
2022-08-14 14:40:57 -07:00
4adffe9fa9 Friend Requests and User Search 2022-08-13 22:44:57 -07:00
788442d7e9 Implement Direct Messaging 2022-08-13 17:42:42 -07:00
400a256ec8 Certification Photo Workflow
* Add "Site Gallery" page showing all public+gallery member photos.
* Add "Certification Required" decorator for gallery and other main pages.
* Add the Certification Photo workflow:
  * Users have a checklist on their dashboard to upload a profile pic
    and post a certification selfie (two requirements)
  * Admins notified by email when a new certification pic comes in.
  * Admin can reject (w/ comment) or approve the pic.
  * Users can re-upload or delete their pic at the cost of losing
    certification status if they make any such changes.
  * Users are emailed when their photo is either approved or rejected.
* User Preferences: can now save the explicit pref to your account.
* Explicit photos on user pages and site gallery are hidden if the
  current user hasn't opted-in (user can always see their own explicit
  photos regardless of the setting)
* If a user is viewing a member gallery and explicit pics are hidden, a
  count of the number of explicit pics is shown to inform the user that
  more DO exist, they just don't see them. The site gallery does not do
  this and simply hides explicit photos.
2022-08-13 15:39:31 -07:00
cd1b349fcc User Photo Gallery & Management
* Add the user photo gallery for profile pages. Paginated, grid or full (blog
  style) view options. In grid view clicking a photo opens a large modal to
  see it; full view already shows large photos.
* Edit page: can also re-crop and set an existing pic to be your profile pic.
* Delete page: remove photos from the DB and hard drive.
* Photos are cleaned up from disk when not needed, e.g. during a re-crop the
  old cropped photo is removed before the new one replaces it.
* Fixed bug with cropping pictures.
2022-08-12 23:11:36 -07:00
60dd396b30 Photo Upload & Profile Pictures
Basic photo upload support. Square cropped images still buggy.
2022-08-11 23:04:08 -07:00
de3d6e9315 User Profile and Settings Pages
* Vendor fontawesome icons
* User settings page: to edit profile details (other features not hooked
  up yet)
* Initial user profile page
2022-08-10 20:59:59 -07:00
dd1e6c2918 Initial commit
* Initial codebase (lot of work!)
* Uses vanilla Go net/http and implements by hand: session cookies
  backed by Redis; log in/out; CSRF protection; email verification flow;
  initial database models (User table)
2022-08-09 22:32:19 -07:00