package block import ( "fmt" "net/http" "strings" "code.nonshy.com/nonshy/website/pkg/config" "code.nonshy.com/nonshy/website/pkg/controller/chat" "code.nonshy.com/nonshy/website/pkg/log" "code.nonshy.com/nonshy/website/pkg/models" "code.nonshy.com/nonshy/website/pkg/session" "code.nonshy.com/nonshy/website/pkg/templates" ) // Blocked list. func Blocked() http.HandlerFunc { tmpl := templates.Must("account/block_list.html") return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { currentUser, err := session.CurrentUser(r) if err != nil { session.FlashError(w, r, "Unexpected error: could not get currentUser.") templates.Redirect(w, "/") return } // Get our blocklist. pager := &models.Pagination{ PerPage: config.PageSizeBlockList, Sort: "updated_at desc", } pager.ParsePage(r) blocked, err := models.PaginateBlockList(currentUser, pager) if err != nil { session.FlashError(w, r, "Couldn't paginate block list: %s", err) templates.Redirect(w, "/") return } var vars = map[string]interface{}{ "BlockedUsers": blocked, "Pager": pager, } if err := tmpl.Execute(w, r, vars); err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } }) } // AddUser to manually add someone to your block list. func AddUser() http.HandlerFunc { tmpl := templates.Must("account/block_list_add.html") return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if err := tmpl.Execute(w, r, nil); err != nil { http.Error(w, err.Error(), http.StatusInternalServerError) return } }) } // BlockUser controller. func BlockUser() http.HandlerFunc { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // POST only. if r.Method != http.MethodPost { session.FlashError(w, r, "Unacceptable Request Method") templates.Redirect(w, "/") return } // Form fields var ( username = strings.ToLower(r.PostFormValue("username")) unblock = r.PostFormValue("unblock") == "true" ) // Get the current user. currentUser, err := session.CurrentUser(r) if err != nil { session.FlashError(w, r, "Couldn't get CurrentUser: %s", err) templates.Redirect(w, "/") return } // Get the target user. user, err := models.FindUser(username) if err != nil { session.FlashError(w, r, "User Not Found") templates.Redirect(w, "/users/blocklist/add") return } // Unblocking? if unblock { if err := models.UnblockUser(currentUser.ID, user.ID); err != nil { session.FlashError(w, r, "Couldn't unblock this user: %s.", err) } else { session.Flash(w, r, "You have removed %s from your block list.", user.Username) } templates.Redirect(w, "/users/blocked") return } // Can't block yourself. if currentUser.ID == user.ID { session.FlashError(w, r, "You can't block yourself!") templates.Redirect(w, "/u/"+username) return } // Can't block admins who have the unblockable scope. if user.IsAdmin && user.HasAdminScope(config.ScopeUnblockable) { // For curiosity's sake, log a report. fb := &models.Feedback{ Intent: "report", Subject: "A user tried to block an admin", Message: fmt.Sprintf( "A user has tried to block an admin user account!\n\n"+ "* Username: %s\n* Tried to block: %s", currentUser.Username, user.Username, ), UserID: currentUser.ID, TableName: "users", TableID: currentUser.ID, } if err := models.CreateFeedback(fb); err != nil { log.Error("Could not log feedback for user %s trying to block admin %s: %s", currentUser.Username, user.Username, err) } session.FlashError(w, r, "You can not block site administrators.") templates.Redirect(w, "/u/"+username) return } // Block the target user. if err := models.AddBlock(currentUser.ID, user.ID); err != nil { session.FlashError(w, r, "Couldn't block this user: %s.", err) } else { session.Flash(w, r, "You have added %s to your block list.", user.Username) } // Sync the block to the BareRTC chat server now, in case either user is currently online. go chat.BlockUserNow(currentUser, user) templates.Redirect(w, "/users/blocked") }) }