Commit Graph

165 Commits

Author SHA1 Message Date
Noah Petherbridge
704124157d User Themes refactor
Instead of fighting to override Bulma CSS classes, add user-theme-*
classes for simpler styling.
2024-10-13 20:31:09 -07:00
Noah Petherbridge
b7bee75e1f Function to re-sign photo URLs on profile pages
* With the new JWT signatures on photo URLs, it was no longer possible for
  creative users to embed their gallery photos on their profile page.
* Add a function to ReSignPhotoLinks that finds/replaces (on the server side)
  all references to paths under "/static/photos/" and gives them a fresh
  ?jwt= query string signature.
* Note: only applies to the profile page essays, ReSignPhotoLinks is a
  template func that must be opted-in on a per page basis.

Other miscellaneous fixes

* Add "Edit" buttons in the corners of profile cards, when the current user
  looks at their profile page. They link to URIs like
  "/settings#profile/about_me" which will now:
  1. Select the "Profile settings" tab like #profile
  2. Scroll and focus the profile essay field that the user clicked to edit.
2024-10-13 19:50:11 -07:00
Noah Petherbridge
cbdabe791e Improve Signed Photo URLs
* The photo signing JWT tokens carry more fields to validate against:
  * The username the token is assigned to (or '@' for anyone)
  * An 'anyone' boolean for widely public images, such as for the chat room
    and public profile pages.
  * A short filename hash of the image in question (whether a Photo or a
    CommentPhoto) - so that the user can't borrow a JWT token from the chat
    room and reveal a different picture.
* Refactored where the VisibleAvatarURL function lives, to avoid a cyclic
  dependency error.
  * Originally: (*models.User).VisibleAvatarURL(other *models.User)
  * Now: (pkg/photo).VisibleAvatarURL(user, currentUser *models.User)
2024-10-03 20:14:34 -07:00
Noah Petherbridge
542d0bb300 Improvements on community flagged explicit photos
When a user marks that another photo should have been marked as explicit:

* The owner of that photo gets a notification about it, which reminds them of
  the explicit photo policy.
* The photo's "Flagged" boolean is set (along with the Explicit boolean)
* The 'Edit' page on a Flagged photo shows a red banner above the Explicit
  option, explaining that it was flagged. The checkbox text is crossed-out,
  with a "no" cursor and title text over - but can still be unchecked.

If the user removes the Explicit flag on a flagged photo and saves it:

* An admin report is generated to notify to take a look too.
* The Explicit flag is cleared as normal
* The Flagged boolean is also cleared on this photo: if they set it back to
  Explicit again themselves, the red banner won't appear and it won't notify
  again - unless a community member flagged it again!

Also makes some improvements to the admin page:

* On photo reports: show a blurred-out (clickable to reveal) photo on feedback
  items about photos.
2024-10-01 20:44:11 -07:00
Noah Petherbridge
f2e847922f Tweak admin permissions and photo view counts
* Profile pictures on profile pages now link to the gallery when clicked.
* Admins can no longer automatically see the default profile pic on profile
  pages unless they have photo moderator ability.
* Photo view counts are not added when an admin with photo moderator ability
  should not have otherwise been able to see the photo.
2024-09-28 12:45:20 -07:00
Noah Petherbridge
066765d2dc Chat Moderation Rules + Shy Accounts on Chat
* Add chat moderation rules to the website, so admins can apply selective rules
  to problematic users. Available rules are:
  * redcam: user's camera is always NSFW.
  * nobroadcast: user can not broadcast their camera.
  * novideo: user can not broadcast OR watch any video.
  * noimage: user can not share OR see any shared image on chat.
* The page to manage a user's active rules is available on their admin card of
  their profile page. When the user has rules active, a yellow counter is shown
  by the link to manage their rules.
  * Only chat moderator admins have access to the page or can see the yellow
    counter to know whether rules are active.
* "Shy Accounts" are now permitted on the chat room! With some moderation rules
  automatically applied to them: novideo,noimage.
* Update the Shy Account FAQ and messaging on the chat landing page.
* Update the auto-kick from chat behavior regarding shy accounts:
  * They are kicked from chat only when an update to their profile settings will
    transition then FROM a non-shy into a shy account.
  * For example: when saving their profile settings (going private) or when
    editing or deleting a photo (if they will have no more public photos left)
2024-09-19 19:30:02 -07:00
Noah Petherbridge
ae84ddf449 Web Push Notifications: Disable script when impersonated
If an admin needs to impersonate a regular user (to diagnose a support
issue or investigate a reported conversation thread), the web push
script is disabled so that the admin doesn't get subscribed to push
notifications for that user.
2024-09-14 12:07:18 -07:00
Noah Petherbridge
8d9588b039 Notification when admin users are blocked 2024-09-10 15:43:34 -07:00
Noah Petherbridge
36e48f6ce0 Member Search: Order by certified at 2024-08-23 23:09:27 -07:00
Noah Petherbridge
b12390563e Forum Creation Quotas
Add minimum quotas for users to earn the ability to create custom forums.

The entry requirements that could earn the first forum include:
1. Having a Certified account status for at least 45 days.
2. Having written 10 posts or replies in the forums.

Additional quota is granted in increasing difficulty based on the count of
forum posts created.

Other changes:

* Admin view of Manage Forums can filter for official/community.
* "Certified Since" now shown on profile pages.
* Update FAQ page for Forums feature.
2024-08-23 22:56:40 -07:00
Noah Petherbridge
05dc6c0e97 Minor improvements
* Add a "Report" link to the footer of forums.
* Allow some non-admin users to view a private forum and its threads.
  * Moderators and approved followers can see it
  * Note: the endpoint to follow a forum won't let a user invite themselves
    to a private forum. Currently there is no way to approve a user except
    by also adding them as a moderator.
  * Explore and Newest tabs can show these private forums if viewable.
2024-08-23 22:56:40 -07:00
Noah Petherbridge
28d1e284ab User Forums: Newest Tab, Moderators
* The "Newest" tab of the forum is updated with new filter options.
  * Which forums: All, Official, Community, My List
  * Show: By threads, All posts
  * The option for "Which forums" is saved in the user's preferences and set as
    their default on future visits, similar to the Site Gallery "Whose photos"
    option.
  * So users can subscribe to their favorite forums and always get their latest
    posts easily while filtering out the rest.
* Forum Moderators
  * Add the ability to add and remove moderators for your forum.
  * Users are notified when they are added as a moderator.
  * Moderators can opt themselves out by unfollowing the forum.
* ForumMembership: add unique constraint on user_id,forum_id.
2024-08-23 22:56:40 -07:00
Noah Petherbridge
5b0f8e7774 Dark Theme fixes for MS Edge 2024-08-22 22:53:37 -07:00
Noah Petherbridge
d11631c574 Theme update 2024-08-22 22:44:19 -07:00
Noah Petherbridge
1f1341b0f7 Adjust spinner and search page 2024-08-22 22:27:21 -07:00
Noah Petherbridge
a8dda91c3c Debug Notification API failures 2024-08-12 20:41:04 -07:00
Noah Petherbridge
e70ede301f Delete the inner circle 2024-08-10 11:54:37 -07:00
Noah Petherbridge
a00851a8b2 Formatting fix 2024-08-07 23:33:45 -07:00
Noah Petherbridge
a6bd33fdf8 Fix mute notification links on unread notifications 2024-08-07 23:30:19 -07:00
Noah Petherbridge
147a9162ba Mute specific friends new photo upload notifications 2024-08-07 23:05:23 -07:00
Noah Petherbridge
01c38c5c21 Easy comment thread unsubscribe links in Notifications 2024-08-07 22:15:47 -07:00
Noah Petherbridge
b8be14ea8d Search By Location
* Add a world cities database with type-ahead search on the Member Directory.
* Users can search for a known city to order users by distance from that city
  rather than from their own configured location on their settings page.
* Users must opt-in their own location before this feature may be used, in order
  to increase adoption of the location feature and to enforce fairness.
* The `nonshy setup locations` command can import the world cities database.
2024-08-03 14:54:22 -07:00
Noah Petherbridge
188e2e147c Update search keywords 2024-07-26 16:16:10 -07:00
Noah Petherbridge
a314aab7ec Web Push Notifications
* Add support for Web Push Notifications when users receive a new Message or
  Friend Request on the main website.
* Users opt in or out of this on their Notification Settings. They can also
  individually opt out of Message and Friend Request push notifications.
2024-07-20 19:44:22 -07:00
Noah Petherbridge
a0320714c4 Search terms and admin features 2024-07-13 12:05:36 -07:00
Noah Petherbridge
2f997dfee0 Revise admin options in member directory 2024-07-09 22:27:24 -07:00
Noah Petherbridge
1c01aad80f Normal users can not search non-certified profiles
* Remove the ability for regular (non-admin) users to search the Member
  Directory for non-certified profiles.
* Profiles who don't certify can be a risk to contact, as the likelihood
  of fake pictures and scams/spam is much higher.
2024-07-09 22:21:28 -07:00
Noah Petherbridge
1134128a71 Revert "Public Avatar Consent Page"
This reverts commit 4f04323d5a.
2024-06-29 21:42:35 -07:00
Noah Petherbridge
656710035b Revert "Add notification banners about upcoming Public Avatar change"
This reverts commit 91a3cc27ba.
2024-06-29 20:52:23 -07:00
Noah Petherbridge
91a3cc27ba Add notification banners about upcoming Public Avatar change 2024-06-29 19:28:51 -07:00
Noah Petherbridge
4f04323d5a Public Avatar Consent Page
The nonshy website is changing the policy on profile pictures. From August 30,
the square cropped avatar images will need to be publicly viewable to everyone.

This implements the first pass of the rollout:

* Add the Public Avatar Consent Page which explains the change to users and
  asks for their acknowledgement. The link is available from their User Settings
  page, near their Certification Photo link.
* When users (with non-public avatars) accept the change: their square cropped
  avatar will become visible to everybody, instead of showing a placeholder
  avatar.
* Users can change their mind and opt back out, which will again show the
  placeholder avatar.
* The Certification Required middleware will automatically enforce the consent
  page once the scheduled go-live date arrives.

Next steps are:

1. Post an announcement on the forum about the upcoming change and link users
   to the consent form if they want to check it out early.
2. Update the nonshy site to add banners to places like the User Dashboard for
   users who will be affected by the change, to link them to the forum post
   and the consent page.
2024-06-29 16:44:18 -07:00
Noah Petherbridge
a82e04b2f8 Change Likes icon 2024-06-26 21:28:53 -07:00
Noah Petherbridge
8754ed8592 Search users by "Liked" 2024-06-26 21:27:03 -07:00
Noah Petherbridge
616f6ae76b Full text profile search for the member directory 2024-06-19 14:12:25 -07:00
Noah Petherbridge
6ac121b345 Rename username field on Member Directory 2024-06-15 17:10:43 -07:00
Noah Petherbridge
42aeb60853 Various tweaks and improvements
* Inner circle: users have the ability to remove themselves and can avoid being
  invited again in the future.
* Admin actions: add a "Reset Password" ability to user accounts.
* Admin "Create New User" page.
* Rate limit error handling improvements for the login page.
2024-06-15 15:05:50 -07:00
Noah Petherbridge
2ac34eea79 Some CSS updates 2024-05-27 13:07:15 -07:00
Noah Petherbridge
5db1c03fd9 Clean up admin permission checks around the site 2024-05-27 13:02:05 -07:00
Noah Petherbridge
97291c8721 Update documentation 2024-05-26 14:21:01 -07:00
Noah Petherbridge
f0e69f78da Certification: Secondary Photo ID Workflow
* Add an Admin Certification Photo workflow where we can request the user to
  upload a secondary form of ID (government issued photo ID showing their
  face and date of birth).
* An admin rejection option can request secondary photo ID.
* It sends a distinct e-mail to the user apart from the regular rejection email
* It flags their cert photo as "Secondary Needed" forever: even if the user
  removes their cert photo and starts from scratch, it will immediately request
  secondary ID when uploading a new primary photo.
* Secondary photos are deleted from the server on both Approve and Reject by
  the admin account, for user privacy.
* If approved, a Secondary Approved=true boolean is stored in the database. This
  boolean is set to False if the user deletes their cert photo in the future.
2024-05-26 12:34:00 -07:00
Noah Petherbridge
af76c251c6 Cloudflare CAPTCHA for account signup page 2024-05-20 13:29:02 -07:00
Noah Petherbridge
8ed489c264 iOS playsinline attribute for video tags
Prevent videos from automatically full-screening on autoplay by using
the iOS 10+ playsinline attribute.
2024-05-20 09:31:16 -07:00
Noah Petherbridge
ed008a99e6 Admin: don't search for banned users without the scope
An admin must have the admin.user.ban scope in order to search for
banned or disabled users in the member directory.
2024-05-11 14:10:59 -07:00
Noah Petherbridge
20d04fc370 Admin Transparency Page
* Add a transparency page where regular user accounts can list the roles and
  permissions that an admin user has access to. It is available by clicking on
  the "Admin" badge on that user's profile page.
* Add additional admin scopes to lock down more functionality:
  * User feedback and reports
  * Change logs
  * User notes and admin notes
* Add friendly descriptions to what all the scopes mean in practice.
* Don't show admin notification badges to admins who aren't allowed to act on
  those notifications.
* Update the admin dashboard page and documentation for admins.
2024-05-09 15:50:46 -07:00
Noah Petherbridge
106ca56198 Search users by admin, privacy policy update 2024-04-25 21:52:43 -07:00
Noah Petherbridge
19d06c183f Remove debug testing 2024-04-24 20:38:07 -07:00
Noah Petherbridge
f4721d65da HTMX lazy load for user statistics card 2024-04-24 20:36:37 -07:00
Noah Petherbridge
e7f7f4d0d3 Fix Bulma menu-list on settings page 2024-04-18 20:21:22 -07:00
Noah Petherbridge
a0f41074bd Bulma list syntax fixes on a couple pages 2024-04-18 20:18:55 -07:00
Noah Petherbridge
4623cdca50 Update some text copy 2024-04-13 15:10:15 -07:00