website/pkg/controller/block/block.go
2024-09-10 15:43:34 -07:00

177 lines
5.2 KiB
Go

package block
import (
"fmt"
"net/http"
"strings"
"code.nonshy.com/nonshy/website/pkg/config"
"code.nonshy.com/nonshy/website/pkg/controller/chat"
"code.nonshy.com/nonshy/website/pkg/log"
"code.nonshy.com/nonshy/website/pkg/models"
"code.nonshy.com/nonshy/website/pkg/session"
"code.nonshy.com/nonshy/website/pkg/templates"
)
// Blocked list.
func Blocked() http.HandlerFunc {
tmpl := templates.Must("account/block_list.html")
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
currentUser, err := session.CurrentUser(r)
if err != nil {
session.FlashError(w, r, "Unexpected error: could not get currentUser.")
templates.Redirect(w, "/")
return
}
// Get our blocklist.
pager := &models.Pagination{
PerPage: config.PageSizeBlockList,
Sort: "updated_at desc",
}
pager.ParsePage(r)
blocked, err := models.PaginateBlockList(currentUser, pager)
if err != nil {
session.FlashError(w, r, "Couldn't paginate block list: %s", err)
templates.Redirect(w, "/")
return
}
var vars = map[string]interface{}{
"BlockedUsers": blocked,
"Pager": pager,
}
if err := tmpl.Execute(w, r, vars); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
})
}
// AddUser to manually add someone to your block list.
func AddUser() http.HandlerFunc {
tmpl := templates.Must("account/block_list_add.html")
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
if err := tmpl.Execute(w, r, nil); err != nil {
http.Error(w, err.Error(), http.StatusInternalServerError)
return
}
})
}
// BlockUser controller.
func BlockUser() http.HandlerFunc {
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// POST only.
if r.Method != http.MethodPost {
session.FlashError(w, r, "Unacceptable Request Method")
templates.Redirect(w, "/")
return
}
// Form fields
var (
username = strings.ToLower(r.PostFormValue("username"))
unblock = r.PostFormValue("unblock") == "true"
)
// Get the current user.
currentUser, err := session.CurrentUser(r)
if err != nil {
session.FlashError(w, r, "Couldn't get CurrentUser: %s", err)
templates.Redirect(w, "/")
return
}
// Get the target user.
user, err := models.FindUser(username)
if err != nil {
session.FlashError(w, r, "User Not Found")
templates.Redirect(w, "/users/blocklist/add")
return
}
// Unblocking?
if unblock {
if err := models.UnblockUser(currentUser.ID, user.ID); err != nil {
session.FlashError(w, r, "Couldn't unblock this user: %s.", err)
} else {
session.Flash(w, r, "You have removed %s from your block list.", user.Username)
// Log the change.
models.LogDeleted(currentUser, nil, "blocks", user.ID, "Unblocked user "+user.Username+".", nil)
}
templates.Redirect(w, "/users/blocked")
return
}
// Can't block yourself.
if currentUser.ID == user.ID {
session.FlashError(w, r, "You can't block yourself!")
templates.Redirect(w, "/u/"+username)
return
}
// If the target user is an admin, log this to the admin reports page.
if user.IsAdmin {
// Is the target admin user unblockable?
var (
unblockable = user.HasAdminScope(config.ScopeUnblockable)
footer string // qualifier for the admin report body
)
// Add a footer to the report to indicate whether the block goes through.
if unblockable {
footer = "**Unblockable:** this admin can not be blocked, so the block was not added and the user was shown an error message."
} else {
footer = "**Notice:** This admin is not unblockable, so the block has been added successfully."
}
// Also, include this user's current count of blocked admin users.
count, total := models.CountBlockedAdminUsers(currentUser)
footer += fmt.Sprintf("\n\nThis user now blocks %d of %d admin user(s) on this site.", count+1, total)
// For curiosity's sake, log a report.
fb := &models.Feedback{
Intent: "report",
Subject: "A user tried to block an admin",
Message: fmt.Sprintf(
"A user has tried to block an admin user account!\n\n"+
"* Username: %s\n* Tried to block: %s\n\n%s",
currentUser.Username,
user.Username,
footer,
),
UserID: currentUser.ID,
TableName: "users",
TableID: currentUser.ID,
}
if err := models.CreateFeedback(fb); err != nil {
log.Error("Could not log feedback for user %s trying to block admin %s: %s", currentUser.Username, user.Username, err)
}
// If the admin is unblockable, give the user an error message and return.
if unblockable {
session.FlashError(w, r, "You can not block site administrators.")
templates.Redirect(w, "/u/"+username)
return
}
}
// Block the target user.
if err := models.AddBlock(currentUser.ID, user.ID); err != nil {
session.FlashError(w, r, "Couldn't block this user: %s.", err)
} else {
session.Flash(w, r, "You have added %s to your block list.", user.Username)
// Log the change.
models.LogCreated(currentUser, "blocks", user.ID, "Blocks user "+user.Username+".")
}
// Sync the block to the BareRTC chat server now, in case either user is currently online.
go chat.BlockUserNow(currentUser, user)
templates.Redirect(w, "/users/blocked")
})
}