The source code of the main nonshy.com website. https://www.nonshy.com
Go to file
Noah Petherbridge 47aaf15078 Admin Groups & Permissions
Add a permission system for admin users so you can lock down specific admins to
a narrower set of features instead of them all having omnipotent powers.

* New page: Admin Dashboard -> Admin Permissions Management
* Permissions are handled in the form of 'scopes' relevant to each feature or
  action on the site. Scopes are assigned to Groups, and in turn, admin user
  accounts are placed in those Groups.
* The Superusers group (scope '*') has wildcard permission to all scopes. The
  permissions dashboard has a create-once action to initialize the Superusers
  for the first admin who clicks on it, and places that admin in the group.

The following are the exhaustive list of permission changes on the site:

* Moderator scopes:
    * Chat room (enter the room with Operator permission)
    * Forums (can edit or delete user posts on the forum)
    * Photo Gallery (can see all private/friends-only photos on the site
      gallery or user profile pages)
* Certification photos (with nuanced sub-action permissions)
    * Approve: has access to the Pending tab to act on incoming pictures
    * List: can paginate thru past approved/rejected photos
    * View: can bring up specific user cert photo from their profile
    * The minimum requirement is Approve or else no cert photo page
      will load for your admin user.
* User Actions (each action individually scoped)
    * Impersonate
    * Ban
    * Delete
    * Promote to admin
* Inner circle whitelist: no longer are admins automatically part of the
  inner circle unless they have a specialized scope attached.

The AdminRequired decorator may also apply scopes on an entire admin route.
The following routes have scopes to limit them:

* Forum Admin (manage forums and their settings)
* Remove from inner circle
2023-08-01 20:39:48 -07:00
cmd/nonshy Online users badge in the Chat link on nav bar 2023-06-07 21:59:15 -07:00
pkg Admin Groups & Permissions 2023-08-01 20:39:48 -07:00
web Admin Groups & Permissions 2023-08-01 20:39:48 -07:00
.gitignore Raise photo cap to 100, fix filesize storage 2022-12-06 21:50:42 -08:00
CONTRIBUTING.md Rename the module 2022-08-25 21:21:46 -07:00
go.mod Geo-gating on signup 2023-06-24 15:39:45 -07:00
go.sum Geo-gating on signup 2023-06-24 15:39:45 -07:00
LICENSE Rename the module 2022-08-25 21:21:46 -07:00
Makefile Admin Groups & Permissions 2023-08-01 20:39:48 -07:00
README.md Forum Photo Attachments 2022-10-20 21:02:30 -07:00

nonshy website

This is the source code to the main nonshy.com website. It is written in Go and released under the GNU General Public License.

This website is open source and if you'd like to help work on it (fix bugs or contribute new features), you may sign up an account on the code.nonshy.com server. See the CONTRIBUTING.md file for details.

Dependencies

You may need to run the following services along with this app:

The website can also run out of a local SQLite database which is convenient for local development. The production server runs on PostgreSQL and the web app is primarily designed for that.

Building the App

This app is written in Go: go.dev. You can probably get it from your package manager, e.g.

  • macOS: brew install golang with homebrew: brew.sh
  • Linux: it's in your package manager, e.g. apt install golang

Use the Makefile (with GNU make or similar):

  • make setup: install Go dependencies
  • make build: builds the program to ./nonshy
  • make run: run the app from Go sources in debug mode

Or read the Makefile to see what the underlying go commands are, e.g. go run cmd/nonshy/main.go web

Configuring

On first run it will generate a settings.json file in the current working directory (which is intended to be the root of the git clone, with the ./web folder). Edit it to configure mail settings or choose a database.

For simple local development, just set "UseSQLite": true and the app will run with a SQLite database.

Usage

The nonshy binary has sub-commands to either run the web server or perform maintenance tasks such as creating admin user accounts.

Run nonshy --help for its documentation.

Run nonshy web to start the web server.

nonshy web --host 0.0.0.0 --port 8080 --debug

Create Admin User Accounts

Use the nonshy user add command like so:

$ nonshy user add --admin \
  --email name@domain.com \
  --password secret \
  --username admin

Shorthand options -e, -p and -u can work in place of the longer options --email, --password and --username respectively.

After the first admin user is created, you may promote other users thru the web app by using the admin controls on their profile page.

A Brief Tour of the Code

  • cmd/nonshy/main.go: the entry point for the Go program.
  • pkg/webserver.go: the entry point for the web server.
  • pkg/config: mostly hard-coded configuration values - all of the page sizes and business logic controls are in here, set at compile time. For ease of local development you may want to toggle SkipEmailValidation in here - the signup form will then directly allow full signup with a user and password.
  • pkg/controller: the various web endpoint controllers are here, categorized into subpackages (account, forum, inbox, photo, etc.)
  • pkg/log: the logging to terminal functions.
  • pkg/mail: functions for delivering HTML email messages.
  • pkg/markdown: functions to render GitHub Flavored Markdown.
  • pkg/middleware: HTTP middleware functions, for things such as:
    • Session cookies
    • Authentication (LoginRequired, AdminRequired)
    • CSRF protection
    • Logging HTTP requests
    • Panic recovery for unhandled server errors
  • pkg/models: the SQL database models and query functions are here.
    • pkg/models/deletion: the code to fully scrub wipe data for user deletion (GDPR/CCPA compliance).
  • pkg/photo: photo management functions: handle uploads, scale and crop, generate URLs and deletion.
  • pkg/ratelimit: rate limiter for login attempts etc.
  • pkg/redis: Redis cache functions - get/set JSON values for things like session cookie storage and temporary rate limits.
  • pkg/router: the HTTP route URLs for the controllers are here.
  • pkg/session: functions to read/write the user's session cookie (log in/out, get current user, flash messages)
  • pkg/templates: functions to handle HTTP responses - render HTML templates, issue redirects, error pages, ...
  • pkg/utility: miscellaneous useful functions for the app.

Cron API Endpoints

In settings.json get or configure the CronAPIKey (a UUID4 value is good and the app generates a fresh one by default). The following are the cron API endpoints that you may want to configure to run periodic maintenance tasks on the app, such as to remove orphaned comment photos.

GET /v1/comment-photos/remove-orphaned

Query parameters: apiKey which is the CronAPIKey.

This endpoint removes orphaned CommentPhotos (photo attachments to forum posts). An orphaned photo is one that has no CommentID and was uploaded older than 24 hours ago; e.g. a user uploaded a picture but then did not complete the posting of their comment.

Suggested crontab:

0 2 * * *  curl "http://localhost:8080/v1/comment-photos/remove-orphaned?apiKey=X"

License

GPLv3.