website/pkg/middleware/disabled_account.go
Noah Petherbridge 481bd0ae61 Deactivate Account; Friends Lists on Profiles
* Add a way for users to temporarily deactivate their accounts, in a
  recoverable way should they decide to return later.
* A deactivated account may log in but have limited options: to
  reactivate their account, permanently delete it, or log out.
* Fix several bugs around the display of comments, messages and
  forum threads for disabled, banned, or blocked users:
  * Messages (inbox and sentbox) will be hidden and the unread indicator
    will not count unread messages the user can't access.
  * Comments on photos and forum posts are hidden, and top-level threads
    on the "Newest" tab will show "[unavailable]" for their text and
    username.
  * Your historical notifications will hide users who are blocked, banned
    or disabled.
* Add a "Friends" tab to user profile pages, to see other users' friends.
  * The page is Certification Required so non-cert users can't easily
    discover any members on the site.
2023-10-22 15:02:24 -07:00

40 lines
1.0 KiB
Go

package middleware
import (
"net/http"
"strings"
"code.nonshy.com/nonshy/website/pkg/models"
"code.nonshy.com/nonshy/website/pkg/templates"
)
var tmplDisabledAccount = templates.Must("errors/disabled_account.html")
// Whitelist of paths to allow disabled accounts to access.
var disabledAccountPathWhitelist = []string{
"/account/delete",
"/account/reactivate",
}
// DisabledAccount check that limits a logged-in user's options to either reactivate their account,
// delete it, or log back out.
func DisabledAccount(currentUser *models.User, w http.ResponseWriter, r *http.Request) bool {
// Is their account disabled?
if currentUser.Status == models.UserStatusDisabled {
// Whitelisted paths?
for _, path := range disabledAccountPathWhitelist {
if strings.HasPrefix(r.URL.Path, path) {
return false
}
}
// Show the disabled account page to all other requests.
if err := tmplDisabledAccount.Execute(w, r, nil); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
}
return true
}
return false
}