From 3ac22385f2cb2256db718e47f5ae3c6d13353b70 Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Sun, 5 Jun 2022 15:14:34 -0700 Subject: added janny managment for admin board pages --- activitypub/actor.go | 72 +++++++++++++++++++++++++++++++++++++-- databaseschema.psql | 4 ++- db/database.go | 49 ++++++++------------------- main.go | 2 ++ route/routes/admin.go | 89 +++++++++++++++++++++++++++++++++++++++++++++++-- util/verification.go | 69 ++++++++++++++++---------------------- views/layouts/main.html | 2 +- views/manage.html | 19 +++++++++++ 8 files changed, 223 insertions(+), 83 deletions(-) diff --git a/activitypub/actor.go b/activitypub/actor.go index ea4ff3b..c6283c8 100644 --- a/activitypub/actor.go +++ b/activitypub/actor.go @@ -839,12 +839,10 @@ func (actor Actor) ReportedResp(ctx *fiber.Ctx) error { return util.MakeError(err, "GetReported") } - if hasAuth, err := util.HasAuth(verification[1], actor.Id); !hasAuth { + if hasAuth, _ := util.HasAuth(verification[1], actor.Id); !hasAuth { ctx.Response().Header.SetStatusCode(http.StatusBadRequest) _, err := ctx.Write([]byte("")) return util.MakeError(err, "GetReported") - } else if err != nil { - return util.MakeError(err, "GetReported") } actor, err = GetActorFromDB(actor.Id) @@ -1099,3 +1097,71 @@ func (actor Actor) WantToServePage(page int) (Collection, error) { return collection, nil } + +func (actor Actor) CreateVerification(verify util.Verify) error { + var err error + + if verify.Code, err = util.CreateKey(50); err != nil { + return util.MakeError(err, "CreateVerification") + } + + if err := verify.Create(); err != nil { + return util.MakeError(err, "CreateVerification") + } + + verify.Board = actor.Id + verify.Identifier = verify.Type + + if err := verify.CreateBoardMod(); err != nil { + return util.MakeError(err, "CreateVerification") + } + + return nil +} + +func (actor Actor) DeleteVerification(verify util.Verify) error { + query := `delete from boardaccess where code=$1` + if _, err := config.DB.Exec(query, verify.Code); err != nil { + return util.MakeError(err, "DeleteVerification") + } + + var code string + query = `select verificationcode from crossverification where code=$1` + if err := config.DB.QueryRow(query, verify.Code).Scan(&code); err != nil { + return util.MakeError(err, "DeleteVerification") + } + + query = `delete from crossverification where code=$1` + if _, err := config.DB.Exec(query, verify.Code); err != nil { + return util.MakeError(err, "DeleteVerification") + } + + query = `delete from verification where code=$1` + if _, err := config.DB.Exec(query, code); err != nil { + return util.MakeError(err, "DeleteVerification") + } + + return nil +} + +func (actor Actor) GetJanitors() ([]util.Verify, error) { + var list []util.Verify + + query := `select identifier, code, board, type, label from boardaccess where board=$1 and type='janitor'` + rows, err := config.DB.Query(query, actor.Id) + + if err != nil { + return list, util.MakeError(err, "GetJanitors") + } + + defer rows.Close() + for rows.Next() { + var verify util.Verify + + rows.Scan(&verify.Identifier, &verify.Code, &verify.Board, &verify.Type, &verify.Label) + + list = append(list, verify) + } + + return list, nil +} diff --git a/databaseschema.psql b/databaseschema.psql index cf0d36b..f5671c2 100644 --- a/databaseschema.psql +++ b/databaseschema.psql @@ -242,4 +242,6 @@ hash varchar(200) CREATE TABLE IF NOT EXISTS inactive( instance varchar(100) primary key, timestamp TIMESTAMP default NOW() -); \ No newline at end of file +); + +ALTER TABLE boardaccess ADD COLUMN IF NOT EXISTS label varchar(50) default 'Anon'; \ No newline at end of file diff --git a/db/database.go b/db/database.go index c6c2fc7..2c42cf5 100644 --- a/db/database.go +++ b/db/database.go @@ -85,45 +85,24 @@ func CreateNewBoard(actor activitypub.Actor) (activitypub.Actor, error) { } } - var verify util.Verify + { + var verify util.Verify + verify.Type = "admin" + verify.Identifier = actor.Id - verify.Type = "admin" - verify.Identifier = actor.Id - - if verify.Code, err = util.CreateKey(50); err != nil { - return activitypub.Actor{}, util.MakeError(err, "CreateNewBoardDB") - } - - if err := verify.Create(); err != nil { - return activitypub.Actor{}, util.MakeError(err, "CreateNewBoardDB") - } - - verify.Type = "janitor" - verify.Identifier = actor.Id - - if verify.Code, err = util.CreateKey(50); err != nil { - return activitypub.Actor{}, util.MakeError(err, "CreateNewBoardDB") - } - - if err := verify.Create(); err != nil { - return activitypub.Actor{}, util.MakeError(err, "CreateNewBoardDB") - } - - var nverify util.Verify - nverify.Board = actor.Id - nverify.Identifier = "admin" - nverify.Type = "admin" - - if err := nverify.CreateBoardMod(); err != nil { - return activitypub.Actor{}, util.MakeError(err, "CreateNewBoardDB") + if err := actor.CreateVerification(verify); err != nil { + return activitypub.Actor{}, util.MakeError(err, "CreateNewBoardDB") + } } - nverify.Board = actor.Id - nverify.Identifier = "janitor" - nverify.Type = "janitor" + { + var verify util.Verify + verify.Type = "janitor" + verify.Identifier = actor.Id - if err := nverify.CreateBoardMod(); err != nil { - return activitypub.Actor{}, util.MakeError(err, "CreateNewBoardDB") + if err := actor.CreateVerification(verify); err != nil { + return activitypub.Actor{}, util.MakeError(err, "CreateNewBoardDB") + } } activitypub.CreatePem(actor) diff --git a/main.go b/main.go index c1d1483..07f633d 100644 --- a/main.go +++ b/main.go @@ -65,6 +65,8 @@ func main() { app.Post("/"+config.Key+"/addboard", routes.AdminAddBoard) app.Post("/"+config.Key+"/newspost", routes.NewsPost) app.Get("/"+config.Key+"/newsdelete/:ts", routes.NewsDelete) + app.Post("/"+config.Key+"/:actor/addjanny", routes.AdminAddJanny) + app.Get("/"+config.Key+"/:actor/deletejanny", routes.AdminDeleteJanny) app.All("/"+config.Key+"/:actor/follow", routes.AdminFollow) app.Get("/"+config.Key+"/:actor", routes.AdminActorIndex) diff --git a/route/routes/admin.go b/route/routes/admin.go index c092b84..4571955 100644 --- a/route/routes/admin.go +++ b/route/routes/admin.go @@ -3,6 +3,7 @@ package routes import ( "bytes" "encoding/json" + "errors" "io/ioutil" "net/http" "time" @@ -206,8 +207,22 @@ func AdminAddBoard(ctx *fiber.Ctx) error { } func AdminActorIndex(ctx *fiber.Ctx) error { + var data route.AdminPage + + id, pass := util.GetPasswordFromSession(ctx) actor, _ := webfinger.GetActorFromPath(ctx.Path(), "/"+config.Key+"/") + if actor.Id == "" { + actor, _ = activitypub.GetActorByNameFromDB(config.Domain) + } + + var hasAuth bool + hasAuth, data.Board.ModCred = util.HasAuth(pass, actor.Id) + + if !hasAuth || (id != actor.Id && id != config.Domain) { + return ctx.Render("verify", fiber.Map{}) + } + reqActivity := activitypub.Activity{Id: actor.Following} follow, _ := reqActivity.GetCollection() @@ -225,7 +240,6 @@ func AdminActorIndex(ctx *fiber.Ctx) error { followers = append(followers, e.Id) } - var data route.AdminPage data.Following = following data.Followers = followers data.Reported, _ = db.GetLocalReport(actor.Name) @@ -243,6 +257,12 @@ func AdminActorIndex(ctx *fiber.Ctx) error { data.AutoSubscribe, _ = actor.GetAutoSubscribe() + jannies, err := actor.GetJanitors() + + if err != nil { + return util.MakeError(err, "AdminActorIndex") + } + data.Themes = &config.Themes data.RecentPosts, _ = actor.GetRecentPosts() @@ -252,6 +272,71 @@ func AdminActorIndex(ctx *fiber.Ctx) error { } return ctx.Render("manage", fiber.Map{ - "page": data, + "page": data, + "jannies": jannies, }) } + +func AdminAddJanny(ctx *fiber.Ctx) error { + id, pass := util.GetPasswordFromSession(ctx) + actor, _ := webfinger.GetActorFromPath(ctx.Path(), "/"+config.Key+"/") + + if actor.Id == "" { + actor, _ = activitypub.GetActorByNameFromDB(config.Domain) + } + + hasAuth, _type := util.HasAuth(pass, actor.Id) + + if !hasAuth || _type != "admin" || (id != actor.Id && id != config.Domain) { + return util.MakeError(errors.New("Error"), "AdminJanny") + } + + var verify util.Verify + verify.Type = "janitor" + verify.Identifier = actor.Id + verify.Label = ctx.FormValue("label") + + if err := actor.CreateVerification(verify); err != nil { + return util.MakeError(err, "CreateNewBoardDB") + } + + var redirect string + actor, _ = webfinger.GetActorFromPath(ctx.Path(), "/"+config.Key+"/") + + if actor.Name != "main" { + redirect = actor.Name + } + + return ctx.Redirect("/"+config.Key+"/"+redirect, http.StatusSeeOther) +} + +func AdminDeleteJanny(ctx *fiber.Ctx) error { + id, pass := util.GetPasswordFromSession(ctx) + actor, _ := webfinger.GetActorFromPath(ctx.Path(), "/"+config.Key+"/") + + if actor.Id == "" { + actor, _ = activitypub.GetActorByNameFromDB(config.Domain) + } + + hasAuth, _type := util.HasAuth(pass, actor.Id) + + if !hasAuth || _type != "admin" || (id != actor.Id && id != config.Domain) { + return util.MakeError(errors.New("Error"), "AdminJanny") + } + + var verify util.Verify + verify.Code = ctx.Query("code") + + if err := actor.DeleteVerification(verify); err != nil { + return util.MakeError(err, "AdminDeleteJanny") + } + + var redirect string + actor, _ = webfinger.GetActorFromPath(ctx.Path(), "/"+config.Key+"/") + + if actor.Name != "main" { + redirect = actor.Name + } + + return ctx.Redirect("/"+config.Key+"/"+redirect, http.StatusSeeOther) +} diff --git a/util/verification.go b/util/verification.go index b5a44ff..834e5c4 100644 --- a/util/verification.go +++ b/util/verification.go @@ -20,6 +20,7 @@ type Verify struct { Code string Created string Board string + Label string } type VerifyCooldown struct { @@ -43,15 +44,12 @@ func (verify Verify) Create() error { } func (verify Verify) CreateBoardAccess() error { - hasAccess, err := verify.HasBoardAccess() - - if err != nil { - return MakeError(err, "CreateBoardAccess") - } - - if !hasAccess { - query := `insert into boardaccess (identifier, board) values($1, $2)` - _, err := config.DB.Exec(query, verify.Identifier, verify.Board) + if hasAccess, _ := verify.HasBoardAccess(); !hasAccess { + if verify.Label == "" { + verify.Label = "Anon" + } + query := `insert into boardaccess (identifier, board, label) values($1, $2, $3)` + _, err := config.DB.Exec(query, verify.Identifier, verify.Board, verify.Label) return MakeError(err, "CreateBoardAccess") } @@ -69,28 +67,30 @@ func (verify Verify) CreateBoardMod() error { var code string - query := `select code from verification where identifier=$1 and type=$2` + query := `select code from verification where identifier=$1 and type=$2 and code not in (select verificationcode from crossverification)` if err := config.DB.QueryRow(query, verify.Board, verify.Type).Scan(&code); err != nil { return MakeError(err, "CreateBoardMod") } var ident string - query = `select identifier from boardaccess where identifier=$1 and board=$2` + query = `select identifier from boardaccess where identifier=$1 and board=$2 and code not in (select code from crossverification)` if err := config.DB.QueryRow(query, verify.Identifier, verify.Board).Scan(&ident); err != nil { query := `insert into crossverification (verificationcode, code) values ($1, $2)` if _, err := config.DB.Exec(query, code, pass); err != nil { return MakeError(err, "CreateBoardMod") } - query = `insert into boardaccess (identifier, code, board, type) values ($1, $2, $3, $4)` - if _, err = config.DB.Exec(query, verify.Identifier, pass, verify.Board, verify.Type); err != nil { + if verify.Label == "" { + verify.Label = "Anon" + } + + query = `insert into boardaccess (identifier, code, board, type, label) values ($1, $2, $3, $4, $5)` + if _, err = config.DB.Exec(query, verify.Identifier, pass, verify.Board, verify.Type, verify.Label); err != nil { return MakeError(err, "CreateBoardMod") } } - config.Log.Printf("Board access - Board: %s, Identifier: %s, Code: %s\n", verify.Board, verify.Identifier, pass) - return nil } @@ -137,15 +137,15 @@ func (verify Verify) GetCode() (Verify, error) { return nVerify, nil } -func (verify Verify) HasBoardAccess() (bool, error) { - var count int +func (verify Verify) HasBoardAccess() (bool, string) { + var _type string - query := `select count(*) from boardaccess where identifier=$1 and board=$2` - if err := config.DB.QueryRow(query, verify.Identifier, verify.Board).Scan(&count); err != nil { - return false, nil + query := `select type from boardaccess where identifier=$1 and board=$2` + if err := config.DB.QueryRow(query, verify.Identifier, verify.Board).Scan(&_type); err != nil { + return false, "" } - return true, nil + return true, _type } func (verify Verify) SendVerification() error { @@ -315,25 +315,13 @@ func DeleteCaptchaCode(verify string) error { } func GetVerificationByCode(code string) (Verify, error) { - // TODO: this only needs to select one row. - var verify Verify query := `select type, identifier, code, board from boardaccess where code=$1` - - rows, err := config.DB.Query(query, code) - if err != nil { + if err := config.DB.QueryRow(query, code).Scan(&verify.Type, &verify.Identifier, &verify.Code, &verify.Board); err != nil { return verify, MakeError(err, "GetVerificationByCode") } - defer rows.Close() - - for rows.Next() { - if err := rows.Scan(&verify.Type, &verify.Identifier, &verify.Code, &verify.Board); err != nil { - return verify, MakeError(err, "GetVerificationByCode") - } - } - return verify, nil } @@ -377,19 +365,18 @@ func HasAuthCooldown(auth string) (bool, error) { return false, nil } -func HasAuth(code string, board string) (bool, error) { +func HasAuth(code string, board string) (bool, string) { verify, err := GetVerificationByCode(code) + if err != nil { - return false, MakeError(err, "HasAuth") + return false, "" } - if res, err := verify.HasBoardAccess(); err == nil && (verify.Board == config.Domain || (res && verify.Board == board)) { - return true, nil - } else { - return false, MakeError(err, "HasAuth") + if res, _type := verify.HasBoardAccess(); verify.Board == config.Domain || (res && verify.Board == board) { + return true, _type } - return false, nil + return false, "" } func IsEmailSetup() bool { diff --git a/views/layouts/main.html b/views/layouts/main.html index 5bc2ead..f5f446d 100644 --- a/views/layouts/main.html +++ b/views/layouts/main.html @@ -54,7 +54,7 @@ {{ end }} {{ if .page.Board.ModCred }} - {{ if eq .page.Board.ModCred .page.Board.Domain .page.Board.Actor.Id }} + {{ if or (eq .page.Board.ModCred .page.Board.Domain) (eq .page.Board.ModCred .page.Board.Actor.Id) }} [Manage Board] {{ end }} {{ end }} diff --git a/views/manage.html b/views/manage.html index da59340..e3c03a0 100644 --- a/views/manage.html +++ b/views/manage.html @@ -7,6 +7,9 @@
  • [ Subscribers ]
  • {{ end }}
  • [ Reported ]
  • + {{ if eq .page.Board.ModCred "admin" }} +
  • [ Janitor Managment ]
  • + {{ end }} [Return] @@ -59,6 +62,22 @@ +{{ if eq .page.Board.ModCred "admin" }} +
    +

    Janitor Managment

    +
    + +
    + +
    + +
    +{{ end }} + {{ template "partials/footer" .page }} {{ template "partials/general_scripts" .page }} -- cgit v1.2.3