Commit graph

42 commits

Author SHA1 Message Date
Nick Gerakines
2aea9560bc Merged T710-oauth-slack into oauth-wrapper. 2020-01-02 16:19:26 -05:00
Matt Baer
af23e28d05 Pass OAuth requests through new OAuth handler
This gives us our standard logging and passes around errors with
impart.HTTPError.

Ref T705
2019-12-30 18:14:01 -05:00
Nick Gerakines
462f87919a Feature complete on MVP slack auth integration. T710 2019-12-28 15:15:47 -05:00
Nick Gerakines
13121cb266 Merging T705-oauth into T710-oauth-slack. T705,T710 2019-12-27 13:40:11 -05:00
Nick Gerakines
bf3b6a5ba0 Unit tests, integration testing, and code cleanup for oauth support. Part of T705. 2019-12-23 14:30:32 -05:00
Matt Baer
53586d9cb8 Merge branch 'develop' into T661-disable-accounts 2019-11-12 01:46:37 +09:00
Matt Baer
6e09fcb9e2 Change password reset endpoint to /admin/user/{Username}/passphrase
Ref T695
2019-11-11 16:02:22 +09:00
Rob Loranger
f85f0751a3
address PR comments
- update error messages to be correct
- move suspended message into template and include for other pages
- check suspended status on all relevant pages and show message if
logged in user is suspended.
- fix possible nil pointer error
- remove changes to db schema files
- add version comment to migration
- add UserStatus type with UserActive and UserSuspended
- change database table to use status column instead of suspended
- update toggle suspended handler to be toggle status in prep for
possible future inclusion of further user statuses
2019-10-25 12:04:24 -07:00
Matt Baer
9873fc443f Merge branch 'develop' into T661-disable-accounts 2019-10-24 13:22:26 -04:00
Rob Loranger
aa9efc7b37
allow admin to reset user passwords
this adds a new button when viewing a user as an admin, that will
generate and store a new password for the user
2019-10-03 13:53:04 -07:00
Rob Loranger
d954b7c8e3
add user invite instructions
this adds a new page with instructions for sharing user invites

if a user clicks the link for one of their own invite codes they are
directed to a page with clear instructions for it's use.

if a user clicks another users link they are redirectec to their account
settings witha flash telling them they do not need to register.
2019-09-13 10:58:17 -07:00
Rob Loranger
77f7b4a522
Add account suspension features
This renders all requests for that user's posts, collections and related
ActivityPub endpoints with 404 responses.

While suspended, users may not create or edit posts or collections.

User status is listed in the admin user page

Admin view of user details shows status and now has a button to activate
or suspend a user.
2019-08-29 09:09:11 -07:00
Matt Baer
f821dbaac4 Support dedicated signup page in chorus mode
This adds a Sign Up link to site navigation and shows the
otherwise-landing page on /signup when in chorus mode.

Ref T681
2019-08-09 12:00:46 -04:00
Matt Baer
2b39b714de Use UserLevelReader func for read routes
Previously, that func was duplicated here.
2019-06-19 19:26:10 -04:00
Matt Baer
7dc620aff1 Check reader permissions on .well-known endpoints
(for private instances)

Ref T576
2019-06-16 21:22:56 -04:00
Matt Baer
d6a77d6668 Check reader permissions on RSS feed & sitemap
(on private instances)

Ref T576
2019-06-16 21:16:23 -04:00
Matt Baer
a2088c1646 Restrict API read access based on Private setting
This verifies that a user is authenticated before getting to the actual
handler on API endpoints where a user is reading content.

Ref T576
2019-06-16 20:24:47 -04:00
Matt Baer
b3a36a3be7 Allow completely private instances, part 1
This is the start of all changes needed to support entirely private
instances, where all blogs are only visible to other authenticated users
on an instance (ref T576). It begins by changing how Handler methods check an
endpoint's permissions.

- Renames UserLevelLEVEL consts to UserLevelLEVELType
- Adds UserLevelLEVEL funcs with same names as previous consts. Each
  returns a UserLevel
- Adds a new UserLevelReader that restricts access based on app
  configuration. This is now used on collections and posts.
- Changes routing a bit so static files are always accessible
2019-06-16 18:55:50 -04:00
Matt Baer
26a0990014 Save config via Apper interface from Admin dash
Ref T613
2019-06-13 21:56:13 -04:00
Matt Baer
034db22f8c Break functionality out of Serve() func
- Adds a new interface, Apper, that enables loading and persisting
  instance-level data in new ways
- Converts some initialization funcs to methods
- Exports funcs and methods needed for intialization
- In general, moves a ton of stuff around

Overall, this should maintain all existing functionality, but with the
ability to now better manage a WF instance.

Ref T613
2019-06-13 18:50:23 -04:00
Matt Baer
ed4aacd1ac Move static file ServeMux to App struct 2019-06-13 18:45:03 -04:00
Matt Baer
a850fa14cd Move instance page editing to dedicated section
This adds a "Pages" section to the admin part of the site, and enables
admins to edit the pre-defined About and Privacy pages there, instead of
on the dashboard itself.

It also restructures how these pages get sent around in the backend and
lays the groundwork for dynamically adding static pages. The backend
changes were made with more customization in mind, such as an
instance-wide custom stylesheet (T563).

Ref T566
2019-04-06 13:23:22 -04:00
Matt Baer
70e823d6ab Support user invites
This includes:

- A new `user_invites` config value that determines who can generate
  invite links
- A new page for generating invite links, with new user navigation link
- A new /invite/ path that allows anyone to sign up via unique invite
  link, even if registrations are closed
- Tracking who (of registered users) has been invited by whom

It requires an updated database with `writefreely --migrate` in order to
work.

This closes T556
2019-01-18 00:05:50 -05:00
Matt Baer
0e722de82c Add admin user list
This enables admins on multi-user instances to see all users registered,
and view the details of each, including:

- Username
- Join date
- Total posts
- Last post date
- All blogs
  - Public info
  - Views
  - Total posts
  - Last post date
  - Fediverse followers count

This is the foundation for future user moderation features.

Ref T553
2019-01-04 22:28:29 -05:00
Matt Baer
3ae45bc156 Fix spacing around copyright notices 2018-12-31 01:05:26 -05:00
Matt Baer
1274914207 Add copyright / license notices to .go files 2018-12-24 12:45:15 -05:00
Matt Baer
13bf5b6638 Include max number of blogs in nodeinfo 2018-12-17 01:27:04 -05:00
Matt Baer
25a68d0c0e Add Reader section
This adds a "Reader" section of the site for admins who want to enable
it for their instance. That means visitors can go to /read and see who
has publicly shared their writing. They can also follow all public posts
via RSS by going to /read/feed/. Writers on an instance with this
`local_timeline` setting enabled can publish to the timeline by going
into their blog settings and choosing the "Public" visibility setting.

The `local_timeline` feature is disabled by default, as is the Public
setting on writer blogs. Enabling it adds a "Reader" navigation item and
enables the reader endpoints. This feature will also consume more
memory, as public posts are cached in memory for 10 minutes.

These changes include code ported over from Read.Write.as, and thus
include some experimental features like filtering public posts by tags
and authors. These features aren't well-tested or complete.

Closes T554
2018-12-10 16:08:07 -05:00
Matt Baer
9fe4b09de5 Support editing some config values in admin UI
This is almost all of T541
2018-12-03 17:30:31 -05:00
Matt Baer
bdc4f270f8 Support editing About and Privacy pages from Admin panel
This allows admin to edit these pages from the web, using Markdown. It
also dynamically loads information on those pages now, and makes loading
`pages` templates a little easier to find in the code / more explicit.

It requires this new schema change:

CREATE TABLE IF NOT EXISTS `appcontent` (
  `id` varchar(36) NOT NULL,
  `content` mediumtext CHARACTER SET utf8 COLLATE utf8_bin NOT NULL,
  `updated` datetime NOT NULL DEFAULT CURRENT_TIMESTAMP,
  PRIMARY KEY (`id`)
) ENGINE=InnoDB DEFAULT CHARSET=latin1;

This closes T533
2018-11-18 21:58:50 -05:00
Matt Baer
7d87aad55a Add basic admin dashboard with app stats
Start of T538
2018-11-18 20:18:22 -05:00
Matt Baer
001fc8bb2d Fully support single-user mode
- New editor nav
- New backend nav
- Support for drafts
- Different footers on backend
2018-11-09 22:10:46 -05:00
Matt Baer
9149e1f120 Relax root route matching
This is mostly unnecessary, and ensures users don't get confused when
their site doesn't show up because the server isn't seeing a
correctly-set Host header.
2018-11-08 10:39:45 -05:00
Matt Baer
55ada67170 Fill in remaining missing pieces
- Database schema changes, removing obsolete custom domain-related code
- Missing user structs
- Setup verbiage changes
- Missing routes
- Missing error messages
2018-11-08 01:33:26 -05:00
Matt Baer
6dbf0c8764 Add ActivityPub components, routes, handlers 2018-11-08 01:28:08 -05:00
Matt Baer
ebeacff43c Add collection handlers, routes, feeds, sitemaps 2018-11-08 01:22:18 -05:00
Matt Baer
86e7ba2579 Add editor
This includes the '/' route handler
2018-11-08 00:11:42 -05:00
Matt Baer
3afdd8c1b4 Add backend post handling, endpoints, rendering 2018-11-07 23:43:11 -05:00
Matt Baer
e6f1291189 Move Host config value from Server -> App 2018-10-27 17:02:40 -04:00
Matt Baer
1a6f61690e Add NodeInfo endpoints
Includes new instance stats and the new option to show user stats, as
well.
2018-10-17 19:25:09 -04:00
Matt Baer
0c1e1dd57e Add data layer
This includes config changes, collections, posts, some post rendering
funcs, and actual database connection when the server starts up.
2018-10-16 22:31:27 -04:00
Matt Baer
16473c97b7 Create basic server
Includes app config and some initialization
2018-10-15 14:44:15 -04:00