mirror of
https://git.joinplu.me/Plume/Plume.git
synced 2024-11-30 07:21:01 +00:00
593 lines
18 KiB
Rust
593 lines
18 KiB
Rust
use activitypub::collection::{OrderedCollection, OrderedCollectionPage};
|
|
use diesel::SaveChangesDsl;
|
|
use rocket::{
|
|
http::{uri::Uri, ContentType, Cookies},
|
|
request::LenientForm,
|
|
response::{status, Content, Flash, Redirect},
|
|
};
|
|
use rocket_i18n::I18n;
|
|
use std::{borrow::Cow, collections::HashMap};
|
|
use validator::{Validate, ValidationError, ValidationErrors};
|
|
|
|
use crate::inbox;
|
|
use crate::routes::{
|
|
email_signups::EmailSignupForm, errors::ErrorPage, Page, RemoteForm, RespondOrRedirect,
|
|
};
|
|
use crate::template_utils::{IntoContext, Ructe};
|
|
use crate::utils::requires_login;
|
|
use plume_common::activity_pub::{broadcast, ActivityStream, ApRequest, Id};
|
|
use plume_common::utils::md_to_html;
|
|
use plume_models::{
|
|
blogs::Blog,
|
|
db_conn::DbConn,
|
|
follows,
|
|
headers::Headers,
|
|
inbox::inbox as local_inbox,
|
|
instance::Instance,
|
|
medias::Media,
|
|
posts::Post,
|
|
reshares::Reshare,
|
|
safe_string::SafeString,
|
|
signups::{self, Strategy as SignupStrategy},
|
|
users::*,
|
|
Error, PlumeRocket, CONFIG,
|
|
};
|
|
|
|
#[get("/me")]
|
|
pub fn me(user: Option<User>) -> RespondOrRedirect {
|
|
match user {
|
|
Some(user) => Redirect::to(uri!(details: name = user.username)).into(),
|
|
None => requires_login("", uri!(me)).into(),
|
|
}
|
|
}
|
|
|
|
#[get("/@/<name>", rank = 2)]
|
|
pub fn details(name: String, rockets: PlumeRocket, conn: DbConn) -> Result<Ructe, ErrorPage> {
|
|
let user = User::find_by_fqn(&conn, &name)?;
|
|
let recents = Post::get_recents_for_author(&*conn, &user, 6)?;
|
|
let reshares = Reshare::get_recents_for_author(&*conn, &user, 6)?;
|
|
|
|
if !user.get_instance(&*conn)?.local {
|
|
tracing::trace!("remote user found");
|
|
user.remote_user_found(); // Doesn't block
|
|
}
|
|
|
|
Ok(render!(users::details(
|
|
&(&conn, &rockets).to_context(),
|
|
user.clone(),
|
|
rockets
|
|
.user
|
|
.clone()
|
|
.and_then(|x| x.is_following(&*conn, user.id).ok())
|
|
.unwrap_or(false),
|
|
user.instance_id != Instance::get_local()?.id,
|
|
user.get_instance(&*conn)?.public_domain,
|
|
recents,
|
|
reshares
|
|
.into_iter()
|
|
.filter_map(|r| r.get_post(&*conn).ok())
|
|
.collect()
|
|
)))
|
|
}
|
|
|
|
#[get("/dashboard")]
|
|
pub fn dashboard(user: User, conn: DbConn, rockets: PlumeRocket) -> Result<Ructe, ErrorPage> {
|
|
let blogs = Blog::find_for_author(&conn, &user)?;
|
|
Ok(render!(users::dashboard(
|
|
&(&conn, &rockets).to_context(),
|
|
blogs,
|
|
Post::drafts_by_author(&conn, &user)?
|
|
)))
|
|
}
|
|
|
|
#[get("/dashboard", rank = 2)]
|
|
pub fn dashboard_auth(i18n: I18n) -> Flash<Redirect> {
|
|
requires_login(
|
|
&i18n!(
|
|
i18n.catalog,
|
|
"To access your dashboard, you need to be logged in"
|
|
),
|
|
uri!(dashboard),
|
|
)
|
|
}
|
|
|
|
#[post("/@/<name>/follow")]
|
|
pub fn follow(
|
|
name: String,
|
|
user: User,
|
|
conn: DbConn,
|
|
rockets: PlumeRocket,
|
|
) -> Result<Flash<Redirect>, ErrorPage> {
|
|
let target = User::find_by_fqn(&conn, &name)?;
|
|
let message = if let Ok(follow) = follows::Follow::find(&conn, user.id, target.id) {
|
|
let delete_act = follow.build_undo(&conn)?;
|
|
local_inbox(
|
|
&conn,
|
|
serde_json::to_value(&delete_act).map_err(Error::from)?,
|
|
)?;
|
|
|
|
let msg = i18n!(rockets.intl.catalog, "You are no longer following {}."; target.name());
|
|
rockets
|
|
.worker
|
|
.execute(move || broadcast(&user, delete_act, vec![target], CONFIG.proxy().cloned()));
|
|
msg
|
|
} else {
|
|
let f = follows::Follow::insert(
|
|
&conn,
|
|
follows::NewFollow {
|
|
follower_id: user.id,
|
|
following_id: target.id,
|
|
ap_url: String::new(),
|
|
},
|
|
)?;
|
|
f.notify(&conn)?;
|
|
|
|
let act = f.to_activity(&conn)?;
|
|
let msg = i18n!(rockets.intl.catalog, "You are now following {}."; target.name());
|
|
rockets
|
|
.worker
|
|
.execute(move || broadcast(&user, act, vec![target], CONFIG.proxy().cloned()));
|
|
msg
|
|
};
|
|
Ok(Flash::success(
|
|
Redirect::to(uri!(details: name = name)),
|
|
message,
|
|
))
|
|
}
|
|
|
|
#[post("/@/<name>/follow", data = "<remote_form>", rank = 2)]
|
|
pub fn follow_not_connected(
|
|
conn: DbConn,
|
|
rockets: PlumeRocket,
|
|
name: String,
|
|
remote_form: Option<LenientForm<RemoteForm>>,
|
|
i18n: I18n,
|
|
) -> Result<RespondOrRedirect, ErrorPage> {
|
|
let target = User::find_by_fqn(&conn, &name)?;
|
|
if let Some(remote_form) = remote_form {
|
|
if let Some(uri) = User::fetch_remote_interact_uri(&remote_form)
|
|
.ok()
|
|
.and_then(|uri| {
|
|
Some(uri.replace(
|
|
"{uri}",
|
|
&Uri::percent_encode(&target.acct_authority(&conn).ok()?),
|
|
))
|
|
})
|
|
{
|
|
Ok(Redirect::to(uri).into())
|
|
} else {
|
|
let mut err = ValidationErrors::default();
|
|
err.add("remote",
|
|
ValidationError {
|
|
code: Cow::from("invalid_remote"),
|
|
message: Some(Cow::from(i18n!(&i18n.catalog, "Couldn't obtain enough information about your account. Please make sure your username is correct."))),
|
|
params: HashMap::new(),
|
|
},
|
|
);
|
|
Ok(Flash::new(
|
|
render!(users::follow_remote(
|
|
&(&conn, &rockets).to_context(),
|
|
target,
|
|
super::session::LoginForm::default(),
|
|
ValidationErrors::default(),
|
|
remote_form.clone(),
|
|
err
|
|
)),
|
|
"callback",
|
|
uri!(follow: name = name).to_string(),
|
|
)
|
|
.into())
|
|
}
|
|
} else {
|
|
Ok(Flash::new(
|
|
render!(users::follow_remote(
|
|
&(&conn, &rockets).to_context(),
|
|
target,
|
|
super::session::LoginForm::default(),
|
|
ValidationErrors::default(),
|
|
#[allow(clippy::map_clone)]
|
|
remote_form.map(|x| x.clone()).unwrap_or_default(),
|
|
ValidationErrors::default()
|
|
)),
|
|
"callback",
|
|
uri!(follow: name = name).to_string(),
|
|
)
|
|
.into())
|
|
}
|
|
}
|
|
|
|
#[get("/@/<name>/follow?local", rank = 2)]
|
|
pub fn follow_auth(name: String, i18n: I18n) -> Flash<Redirect> {
|
|
requires_login(
|
|
&i18n!(
|
|
i18n.catalog,
|
|
"To subscribe to someone, you need to be logged in"
|
|
),
|
|
uri!(follow: name = name),
|
|
)
|
|
}
|
|
|
|
#[get("/@/<name>/followers?<page>", rank = 2)]
|
|
pub fn followers(
|
|
name: String,
|
|
page: Option<Page>,
|
|
conn: DbConn,
|
|
rockets: PlumeRocket,
|
|
) -> Result<Ructe, ErrorPage> {
|
|
let page = page.unwrap_or_default();
|
|
let user = User::find_by_fqn(&conn, &name)?;
|
|
let followers_count = user.count_followers(&conn)?;
|
|
|
|
Ok(render!(users::followers(
|
|
&(&conn, &rockets).to_context(),
|
|
user.clone(),
|
|
rockets
|
|
.user
|
|
.clone()
|
|
.and_then(|x| x.is_following(&conn, user.id).ok())
|
|
.unwrap_or(false),
|
|
user.instance_id != Instance::get_local()?.id,
|
|
user.get_instance(&conn)?.public_domain,
|
|
user.get_followers_page(&conn, page.limits())?,
|
|
page.0,
|
|
Page::total(followers_count as i32)
|
|
)))
|
|
}
|
|
|
|
#[get("/@/<name>/followed?<page>", rank = 2)]
|
|
pub fn followed(
|
|
name: String,
|
|
page: Option<Page>,
|
|
conn: DbConn,
|
|
rockets: PlumeRocket,
|
|
) -> Result<Ructe, ErrorPage> {
|
|
let page = page.unwrap_or_default();
|
|
let user = User::find_by_fqn(&conn, &name)?;
|
|
let followed_count = user.count_followed(&conn)?;
|
|
|
|
Ok(render!(users::followed(
|
|
&(&conn, &rockets).to_context(),
|
|
user.clone(),
|
|
rockets
|
|
.user
|
|
.clone()
|
|
.and_then(|x| x.is_following(&conn, user.id).ok())
|
|
.unwrap_or(false),
|
|
user.instance_id != Instance::get_local()?.id,
|
|
user.get_instance(&conn)?.public_domain,
|
|
user.get_followed_page(&conn, page.limits())?,
|
|
page.0,
|
|
Page::total(followed_count as i32)
|
|
)))
|
|
}
|
|
|
|
#[get("/@/<name>", rank = 1)]
|
|
pub fn activity_details(
|
|
name: String,
|
|
conn: DbConn,
|
|
_ap: ApRequest,
|
|
) -> Option<ActivityStream<CustomPerson>> {
|
|
let user = User::find_by_fqn(&conn, &name).ok()?;
|
|
Some(ActivityStream::new(user.to_activity(&conn).ok()?))
|
|
}
|
|
|
|
#[get("/users/new")]
|
|
pub fn new(conn: DbConn, rockets: PlumeRocket) -> Result<Ructe, ErrorPage> {
|
|
use SignupStrategy::*;
|
|
|
|
let rendered = match CONFIG.signup {
|
|
Password => render!(users::new(
|
|
&(&conn, &rockets).to_context(),
|
|
Instance::get_local()?.open_registrations,
|
|
&NewUserForm::default(),
|
|
ValidationErrors::default()
|
|
)),
|
|
Email => render!(email_signups::new(
|
|
&(&conn, &rockets).to_context(),
|
|
Instance::get_local()?.open_registrations,
|
|
&EmailSignupForm::default(),
|
|
ValidationErrors::default()
|
|
)),
|
|
};
|
|
Ok(rendered)
|
|
}
|
|
|
|
#[get("/@/<name>/edit")]
|
|
pub fn edit(
|
|
name: String,
|
|
user: User,
|
|
conn: DbConn,
|
|
rockets: PlumeRocket,
|
|
) -> Result<Ructe, ErrorPage> {
|
|
if user.username == name && !name.contains('@') {
|
|
Ok(render!(users::edit(
|
|
&(&conn, &rockets).to_context(),
|
|
UpdateUserForm {
|
|
display_name: user.display_name.clone(),
|
|
email: user.email.clone().unwrap_or_default(),
|
|
summary: user.summary.clone(),
|
|
theme: user.preferred_theme,
|
|
hide_custom_css: user.hide_custom_css,
|
|
},
|
|
ValidationErrors::default()
|
|
)))
|
|
} else {
|
|
Err(Error::Unauthorized.into())
|
|
}
|
|
}
|
|
|
|
#[get("/@/<name>/edit", rank = 2)]
|
|
pub fn edit_auth(name: String, i18n: I18n) -> Flash<Redirect> {
|
|
requires_login(
|
|
&i18n!(
|
|
i18n.catalog,
|
|
"To edit your profile, you need to be logged in"
|
|
),
|
|
uri!(edit: name = name),
|
|
)
|
|
}
|
|
|
|
#[derive(FromForm)]
|
|
pub struct UpdateUserForm {
|
|
pub display_name: String,
|
|
pub email: String,
|
|
pub summary: String,
|
|
pub theme: Option<String>,
|
|
pub hide_custom_css: bool,
|
|
}
|
|
|
|
#[allow(unused_variables)]
|
|
#[put("/@/<name>/edit", data = "<form>")]
|
|
pub fn update(
|
|
name: String,
|
|
conn: DbConn,
|
|
mut user: User,
|
|
form: LenientForm<UpdateUserForm>,
|
|
intl: I18n,
|
|
) -> Result<Flash<Redirect>, ErrorPage> {
|
|
user.display_name = form.display_name.clone();
|
|
user.email = Some(form.email.clone());
|
|
user.summary = form.summary.clone();
|
|
user.summary_html = SafeString::new(
|
|
&md_to_html(
|
|
&form.summary,
|
|
None,
|
|
false,
|
|
Some(Media::get_media_processor(&conn, vec![&user])),
|
|
)
|
|
.0,
|
|
);
|
|
user.preferred_theme = form
|
|
.theme
|
|
.clone()
|
|
.and_then(|t| if t.is_empty() { None } else { Some(t) });
|
|
user.hide_custom_css = form.hide_custom_css;
|
|
let _: User = user.save_changes(&*conn).map_err(Error::from)?;
|
|
|
|
Ok(Flash::success(
|
|
Redirect::to(uri!(me)),
|
|
i18n!(intl.catalog, "Your profile has been updated."),
|
|
))
|
|
}
|
|
|
|
#[post("/@/<name>/delete")]
|
|
pub fn delete(
|
|
name: String,
|
|
user: User,
|
|
mut cookies: Cookies<'_>,
|
|
conn: DbConn,
|
|
rockets: PlumeRocket,
|
|
) -> Result<Flash<Redirect>, ErrorPage> {
|
|
let account = User::find_by_fqn(&conn, &name)?;
|
|
if user.id == account.id {
|
|
account.delete(&conn)?;
|
|
|
|
let target = User::one_by_instance(&conn)?;
|
|
let delete_act = account.delete_activity(&conn)?;
|
|
rockets
|
|
.worker
|
|
.execute(move || broadcast(&account, delete_act, target, CONFIG.proxy().cloned()));
|
|
|
|
if let Some(cookie) = cookies.get_private(AUTH_COOKIE) {
|
|
cookies.remove_private(cookie);
|
|
}
|
|
|
|
Ok(Flash::success(
|
|
Redirect::to(uri!(super::instance::index)),
|
|
i18n!(rockets.intl.catalog, "Your account has been deleted."),
|
|
))
|
|
} else {
|
|
Ok(Flash::error(
|
|
Redirect::to(uri!(edit: name = name)),
|
|
i18n!(
|
|
rockets.intl.catalog,
|
|
"You can't delete someone else's account."
|
|
),
|
|
))
|
|
}
|
|
}
|
|
|
|
#[derive(Default, FromForm, Validate)]
|
|
#[validate(schema(
|
|
function = "passwords_match",
|
|
skip_on_field_errors = false,
|
|
message = "Passwords are not matching"
|
|
))]
|
|
pub struct NewUserForm {
|
|
#[validate(
|
|
length(min = 1, message = "Username can't be empty"),
|
|
custom(
|
|
function = "validate_username",
|
|
message = "User name is not allowed to contain any of < > & @ ' or \""
|
|
)
|
|
)]
|
|
pub username: String,
|
|
#[validate(email(message = "Invalid email"))]
|
|
pub email: String,
|
|
#[validate(length(min = 8, message = "Password should be at least 8 characters long"))]
|
|
pub password: String,
|
|
#[validate(length(min = 8, message = "Password should be at least 8 characters long"))]
|
|
pub password_confirmation: String,
|
|
}
|
|
|
|
pub fn passwords_match(form: &NewUserForm) -> Result<(), ValidationError> {
|
|
if form.password != form.password_confirmation {
|
|
Err(ValidationError::new("password_match"))
|
|
} else {
|
|
Ok(())
|
|
}
|
|
}
|
|
|
|
pub fn validate_username(username: &str) -> Result<(), ValidationError> {
|
|
if username.contains(&['<', '>', '&', '@', '\'', '"', ' ', '\n', '\t'][..]) {
|
|
Err(ValidationError::new("username_illegal_char"))
|
|
} else {
|
|
Ok(())
|
|
}
|
|
}
|
|
|
|
fn to_validation(x: Error) -> ValidationErrors {
|
|
let mut errors = ValidationErrors::new();
|
|
if let Error::Blocklisted(show, msg) = x {
|
|
if show {
|
|
errors.add(
|
|
"email",
|
|
ValidationError {
|
|
code: Cow::from("blocklisted"),
|
|
message: Some(Cow::from(msg)),
|
|
params: HashMap::new(),
|
|
},
|
|
);
|
|
}
|
|
}
|
|
errors.add(
|
|
"",
|
|
ValidationError {
|
|
code: Cow::from("server_error"),
|
|
message: Some(Cow::from("An unknown error occured")),
|
|
params: HashMap::new(),
|
|
},
|
|
);
|
|
errors
|
|
}
|
|
|
|
#[post("/users/new", data = "<form>")]
|
|
pub fn create(
|
|
form: LenientForm<NewUserForm>,
|
|
conn: DbConn,
|
|
rockets: PlumeRocket,
|
|
_enabled: signups::Password,
|
|
) -> Result<Flash<Redirect>, Ructe> {
|
|
if !Instance::get_local()
|
|
.map(|i| i.open_registrations)
|
|
.unwrap_or(true)
|
|
{
|
|
return Ok(Flash::error(
|
|
Redirect::to(uri!(new)),
|
|
i18n!(
|
|
rockets.intl.catalog,
|
|
"Registrations are closed on this instance."
|
|
),
|
|
)); // Actually, it is an error
|
|
}
|
|
|
|
let mut form = form.into_inner();
|
|
form.username = form.username.trim().to_owned();
|
|
form.email = form.email.trim().to_owned();
|
|
form.validate()
|
|
.and_then(|_| {
|
|
NewUser::new_local(
|
|
&conn,
|
|
form.username.to_string(),
|
|
form.username.to_string(),
|
|
Role::Normal,
|
|
"",
|
|
form.email.to_string(),
|
|
Some(User::hash_pass(&form.password).map_err(to_validation)?),
|
|
).map_err(to_validation)?;
|
|
Ok(Flash::success(
|
|
Redirect::to(uri!(super::session::new: m = _)),
|
|
i18n!(
|
|
rockets.intl.catalog,
|
|
"Your account has been created. Now you just need to log in, before you can use it."
|
|
),
|
|
))
|
|
})
|
|
.map_err(|err| {
|
|
render!(users::new(
|
|
&(&conn, &rockets).to_context(),
|
|
Instance::get_local()
|
|
.map(|i| i.open_registrations)
|
|
.unwrap_or(true),
|
|
&form,
|
|
err
|
|
))
|
|
})
|
|
}
|
|
|
|
#[get("/@/<name>/outbox")]
|
|
pub fn outbox(name: String, conn: DbConn) -> Option<ActivityStream<OrderedCollection>> {
|
|
let user = User::find_by_fqn(&conn, &name).ok()?;
|
|
user.outbox(&conn).ok()
|
|
}
|
|
#[get("/@/<name>/outbox?<page>")]
|
|
pub fn outbox_page(
|
|
name: String,
|
|
page: Page,
|
|
conn: DbConn,
|
|
) -> Option<ActivityStream<OrderedCollectionPage>> {
|
|
let user = User::find_by_fqn(&conn, &name).ok()?;
|
|
user.outbox_page(&conn, page.limits()).ok()
|
|
}
|
|
#[post("/@/<name>/inbox", data = "<data>")]
|
|
pub fn inbox(
|
|
name: String,
|
|
data: inbox::SignedJson<serde_json::Value>,
|
|
headers: Headers<'_>,
|
|
conn: DbConn,
|
|
) -> Result<String, status::BadRequest<&'static str>> {
|
|
User::find_by_fqn(&conn, &name).map_err(|_| status::BadRequest(Some("User not found")))?;
|
|
inbox::handle_incoming(conn, data, headers)
|
|
}
|
|
|
|
#[get("/@/<name>/followers", rank = 1)]
|
|
pub fn ap_followers(
|
|
name: String,
|
|
conn: DbConn,
|
|
_ap: ApRequest,
|
|
) -> Option<ActivityStream<OrderedCollection>> {
|
|
let user = User::find_by_fqn(&conn, &name).ok()?;
|
|
let followers = user
|
|
.get_followers(&conn)
|
|
.ok()?
|
|
.into_iter()
|
|
.map(|f| Id::new(f.ap_url))
|
|
.collect::<Vec<Id>>();
|
|
|
|
let mut coll = OrderedCollection::default();
|
|
coll.object_props
|
|
.set_id_string(user.followers_endpoint)
|
|
.ok()?;
|
|
coll.collection_props
|
|
.set_total_items_u64(followers.len() as u64)
|
|
.ok()?;
|
|
coll.collection_props.set_items_link_vec(followers).ok()?;
|
|
Some(ActivityStream::new(coll))
|
|
}
|
|
|
|
#[get("/@/<name>/atom.xml")]
|
|
pub fn atom_feed(name: String, conn: DbConn) -> Option<Content<String>> {
|
|
let conn = &conn;
|
|
let author = User::find_by_fqn(conn, &name).ok()?;
|
|
let entries = Post::get_recents_for_author(conn, &author, 15).ok()?;
|
|
let uri = Instance::get_local()
|
|
.ok()?
|
|
.compute_box("@", &name, "atom.xml");
|
|
let title = &author.display_name;
|
|
let default_updated = &author.creation_date;
|
|
let feed = super::build_atom_feed(entries, &uri, title, default_updated, conn);
|
|
Some(Content(
|
|
ContentType::new("application", "atom+xml"),
|
|
feed.to_string(),
|
|
))
|
|
}
|