Commit graph

904 commits

Author SHA1 Message Date
Matt Baer
ae1a892be0 Upgrade gorilla/sessions to v1.2.0
This gets rid of the gorilla/context dependency, which might have been
causing a memory leak.

We noticed some serious memory leakage on Write.as that seemed to point
to this library. One heap snapshot:

      flat  flat%   sum%        cum   cum%
  259.13MB 30.41% 30.41%   268.13MB 31.46%  net/textproto.(*Reader).ReadMIMEHeader
  105.71MB 12.40% 42.81%   105.71MB 12.40%  github.com/gorilla/context.Set
   78.53MB  9.21% 52.03%   125.53MB 14.73%  github.com/gorilla/sessions.(*Registry).Get
   55.51MB  6.51% 58.54%    82.52MB  9.68%  net/http.(*Request).WithContext
   38.01MB  4.46% 63.00%    38.01MB  4.46%  github.com/gorilla/mux.extractVars
      35MB  4.11% 67.11%       53MB  6.22%  context.WithCancel
   34.50MB  4.05% 71.16%    34.50MB  4.05%  context.WithValue
      27MB  3.17% 74.32%       27MB  3.17%  net/http.cloneURL
      26MB  3.05% 77.38%       26MB  3.05%  github.com/gorilla/sessions.NewSession
      18MB  2.11% 79.49%       18MB  2.11%  context.(*cancelCtx).Done
   16.50MB  1.94% 81.42%    16.50MB  1.94%  syscall.anyToSockaddr
      14MB  1.64% 83.07%       47MB  5.52%  github.com/gorilla/sessions.(*CookieStore).New
   13.50MB  1.58% 84.65%    51.51MB  6.04%  github.com/gorilla/mux.(*Route).Match
   11.67MB  1.37% 86.02%    13.21MB  1.55%  regexp.(*Regexp).replaceAll
    9.72MB  1.14% 87.16%    22.94MB  2.69%  regexp.(*Regexp).ReplaceAllString
    9.50MB  1.11% 88.28%   115.21MB 13.52%  github.com/gorilla/sessions.GetRegistry

With the help of these articles, we tracked it down to this dependency,
and upgraded the library, which seems to have completely fixed the issue
so far:

https://rover.rocks/golang-memory-leak/
https://medium.com/@walterwu_22843/golang-memory-leak-while-handling-huge-amount-of-http-request-35cc970cb75e

This should fix #133
2020-01-29 04:56:23 -05:00
Matt Baer
bf8dcff01e Quit AP goroutine early when there's no "to"
Previously, we'd sleep for 2 seconds and then return for no reason. This
fixes that.
2020-01-27 09:23:50 -05:00
Matt Baer
8d3e755c8f Return pointer to http.Client in activityPubClient() 2020-01-23 12:03:23 -05:00
Matt Baer
bc9843dfa3 Add timeout on ActivityPub requests 2020-01-23 11:47:35 -05:00
Matt Baer
fe26594e8c
Merge pull request #245 from writeas/fix-editor-open-access
Require authenticated user for editor access
2020-01-20 15:42:24 -05:00
Matt Baer
30032e74a0 Add helpful text on Drafts page 2020-01-20 15:25:37 -05:00
Matt Baer
b336e95e12 Render HTML entities in Drafts list
Previously, we'd show the raw HTML entities in the summaries of Draft
posts, instead of rendering them. This fixes that.
2020-01-20 15:20:45 -05:00
Rob Loranger
2c075c0347
update upgrade script for recent changes
changes accounted for
- the tar directory structure had changed to use a subdirectory
- there are now multiple linux targets released

bugs
- the service must be stopped before replacing the binary
- migrations were not being run during an upgrade
2020-01-19 15:57:58 -08:00
Matt Baer
8e09e72979 Require authenticated user for editor access
Previously, anyone could access the editor even if they weren't logged
in. They couldn't do much in that case (publishing would fail), but it
could potentially cause some confusion.

Now, users will be sent to the login page, and then redirected back to
the editor once successfully logged in.
2020-01-16 14:50:29 -05:00
Matt Baer
b9914dd65a
Merge pull request #244 from writeas/oauth-signup-tweaks
OAuth signup form tweaks

Resolves T715
2020-01-16 14:46:48 -05:00
Matt Baer
c1ec6b2605 Fix copyright years in oauth_slack.go 2020-01-16 14:43:32 -05:00
Matt Baer
dcdd4dd1ef Add and update copyright notices 2020-01-16 14:39:18 -05:00
Matt Baer
803dd78df5 Remove Password field from OAuth signup page
This removes a bit of friction.

Ref T715 T712
2020-01-16 14:30:09 -05:00
Matt Baer
f7dabd39c2 Skip password requirement on OAuth signup
This makes it possible to complete OAuth signup without creating a
password on the WriteFreely instance.

A user can then add a password to their account through their Account
Settings page without any admin action (all of this logic is already in
place).

Ref T715 T712
2020-01-16 14:25:33 -05:00
Matt Baer
b5a38efd28 Fall back to username as coll title on OAuth signup
This uses the given username as the Display Name / Collection Title if a
user doesn't give one -- as might happen when authenticating with
Write.as.

Ref T712
2020-01-16 14:09:42 -05:00
Matt Baer
130c9eb747 Change Blog Title to Display Name in OAuth signup
Ref T712
2020-01-16 13:58:14 -05:00
Matt Baer
6842ab2e3b Rename collTitle from alias
"alias" is the name of a different collection field, so this renames the
variable internally to make things clearer.
2020-01-16 13:50:37 -05:00
Matt Baer
4d5c89e7ef Fix false login state on OAuth signup page
Having a `Username` field populated in the page data tells the base
template to display navigation that only a logged in user should see. So
this renames the field to `LoginUsername`, similar to our login.tmpl
page.

Ref T712
2020-01-16 13:37:44 -05:00
Matt Baer
33a6129d1e Add async username check on OAuth signup form
This checks the user's inputted username as they type it, and prevents
form submission if the name is taken.

Ref T712
2020-01-16 13:18:23 -05:00
Matt Baer
f2f779e4a2 Generate non-colliding usernames in all lowercase
All usernames should be lowercase, so this generates any username suffix
(in cases of collision) with only lowercase letters. It also removes
vowels to prevent bad 5-letter words from forming.

Ref T712
2020-01-16 12:29:01 -05:00
Matt Baer
d297859705 Reserve the username "oauth" 2020-01-16 12:18:21 -05:00
Nick Gerakines
5d834c1cd2 Minor code cleanup on settings page to improve oauth account management UI. T713 2020-01-15 13:37:57 -05:00
Nick Gerakines
c0317b4e93 Implemented oauth attach functionality, oauth detach functionality, and required data migration. T713 2020-01-15 13:16:59 -05:00
Rob Loranger
571460f08d
move timezone correction to client side 2020-01-15 09:04:38 -08:00
Rob Loranger
0766e6cb36
fixes imported post times
changes the client side to round the unix time to avoid floats

alters the time to match the client time zone on the server side
2020-01-14 10:44:56 -08:00
Matti R
80cffbb3ec
update golang.org/x/crypto vendor to use acme v2
also run go mod tidy to clean up module files
2020-01-14 12:46:52 -05:00
Matt Baer
75e2b60328
Merge pull request #172 from writeas/import-text
add basic text file imports

Resolves T609
2020-01-14 12:33:57 -05:00
Matt Baer
3e97625cca Fix Unix timestamps on client during import
File API gives timestamp in milliseconds, not seconds, so this converts
it on the client-side and sends it the correct time to the server.

Ref T609
2020-01-14 12:26:02 -05:00
Matt Baer
65e2e5126b Revert "Fix unix timestamp in file upload"
This reverts commit 2b066997d1.
2020-01-14 12:24:57 -05:00
Matt Baer
2b066997d1 Fix unix timestamp in file upload
File API gives timestamp in milliseconds, not seconds, so this converts
it correctly.

Ref T609
2020-01-14 12:23:01 -05:00
Matti R
98ca449b66
add arm-6 2020-01-14 12:02:43 -05:00
Rob Loranger
aae2f28bb6
pass original file modified date for imports 2020-01-14 08:59:30 -08:00
Matti R
f4c6ce76dd
Switch to a maintained fork of XGO 2020-01-14 11:55:55 -05:00
Matt Baer
c7b797929b
Merge pull request #238 from writeas/oauth-bugfix-alias-signature
OAuth alias field not set correctly
2020-01-14 10:59:48 -05:00
Nick Gerakines
f7995bee48 Fixing bug where display name was not set correctly. 2020-01-14 10:28:40 -05:00
Matt Baer
659392ac4f
Merge pull request #235 from writeas/date-stamps
Add dates to blog posts

Resolves T669
2020-01-14 09:51:12 -05:00
Matt Baer
c00daf64b0
Merge pull request #236 from writeas/oauth-provider-callback-hotfix
Fixing bug in oauth callback URL registration.
2020-01-14 09:12:28 -05:00
Nick Gerakines
a77d403dfb
Fixing bug in oauth callback URL registration.
Fixing a bug in the oauth callback URL registration where the lack of provider context was overwriting the previous oauth callback route registration call.
2020-01-10 16:16:43 -05:00
Matt Baer
9958a1122b Show published date on post pages if Blog
Dates now display on blog post pages if the collection's chosen display
format is "Blog". It updates the chorus-collection-post template to now
respect this value (previously, it always showed the date).

Ref T669
2020-01-09 16:50:02 -05:00
Matt Baer
812136357e Move Format from DisplayCollection to CollectionObj 2020-01-09 16:48:22 -05:00
Matt Baer
f5d21c8c1a Reorder federation check logic on upload
Ref T609
2020-01-09 13:29:30 -05:00
Matt Baer
18d3456a23 Tweak user-facing upload errors + internal logs
Ref T609
2020-01-09 13:29:07 -05:00
Matt Baer
03eeca179e Fix potential resource leaks from defer calls in for loop
This moves file operations inside the `for` loop into an anonymous func,
so the `defer` calls don't wait until the end of the handler call to
actually execute.

Ref T609
2020-01-09 12:36:58 -05:00
Matt Baer
6860c0a3ff Fix collection logic on import
- Only retrieve a collection from database if an alias is submitted
- Only call GetCollection() once (previously, it was inside the loop)
- Return error if user doesn't own the collection

Ref T609
2020-01-09 12:08:06 -05:00
Matt Baer
5b7f37aed8 Restyle Import page
- Changes Import link location in dropdown menu
- Makes design consistent with Invite People page (and extracts some
  common CSS into core.less)
- Selects the user's first blog by default in the dropdown
- Changes the copy a bit

Ref T609
2020-01-09 11:16:26 -05:00
Matt Baer
a2a9f60976
Merge pull request #232 from writeas/T712-oauth-registration-improvements
OAuth registration improvements

Resolves T712
2020-01-08 14:09:32 -05:00
Nick Gerakines
8ddfce4f19 oauth signup page changes per PR feedback. T712 2020-01-07 22:13:29 -05:00
Nick Gerakines
6d79ed3cfd Updating oauth form validation per PR feedback. T712 2020-01-07 21:52:55 -05:00
Nick Gerakines
5e76565271 Code cleanup per PR feedback. T712 2020-01-07 21:52:55 -05:00
Matt Baer
e5671cd1e6 Fix GetCollections() call 2020-01-07 16:51:40 -05:00