From b7acd39051a293289c182f2a9166f681bbe8b07f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 9 Sep 2019 22:04:20 +0200
Subject: [PATCH 01/69] Add Cache-Control headers on AP endpoints

Includes:

* AP Collection fetching via canonical URL
* AP Collection fetching via API
* AP Post fetching via canonical URL
* AP Post fetching via API

Ref T693
---
 activitypub.go | 10 ++++++++++
 collections.go |  1 +
 posts.go       |  2 ++
 3 files changed, 13 insertions(+)

diff --git a/activitypub.go b/activitypub.go
index 997609d..f436a87 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -37,6 +37,8 @@ import (
 const (
 	// TODO: delete. don't use this!
 	apCustomHandleDefault = "blog"
+
+	apCacheTime = time.Minute
 )
 
 type RemoteUser struct {
@@ -84,6 +86,7 @@ func handleFetchCollectionActivities(app *App, w http.ResponseWriter, r *http.Re
 
 	p := c.PersonObject()
 
+	setCacheControl(w, apCacheTime)
 	return impart.RenderActivityJSON(w, p, http.StatusOK)
 }
 
@@ -137,6 +140,7 @@ func handleFetchCollectionOutbox(app *App, w http.ResponseWriter, r *http.Reques
 		ocp.OrderedItems = append(ocp.OrderedItems, *a)
 	}
 
+	setCacheControl(w, apCacheTime)
 	return impart.RenderActivityJSON(w, ocp, http.StatusOK)
 }
 
@@ -183,6 +187,7 @@ func handleFetchCollectionFollowers(app *App, w http.ResponseWriter, r *http.Req
 			ocp.OrderedItems = append(ocp.OrderedItems, f.ActorID)
 		}
 	*/
+	setCacheControl(w, apCacheTime)
 	return impart.RenderActivityJSON(w, ocp, http.StatusOK)
 }
 
@@ -219,6 +224,7 @@ func handleFetchCollectionFollowing(app *App, w http.ResponseWriter, r *http.Req
 	// Return outbox page
 	ocp := activitystreams.NewOrderedCollectionPage(accountRoot, "following", 0, p)
 	ocp.OrderedItems = []interface{}{}
+	setCacheControl(w, apCacheTime)
 	return impart.RenderActivityJSON(w, ocp, http.StatusOK)
 }
 
@@ -703,3 +709,7 @@ func unmarshalActor(actorResp []byte, actor *activitystreams.Person) error {
 
 	return nil
 }
+
+func setCacheControl(w http.ResponseWriter, ttl time.Duration) {
+	w.Header().Set("Cache-Control", fmt.Sprintf("public, max-age=%.0f", ttl.Seconds()))
+}
diff --git a/collections.go b/collections.go
index 997d4d7..a13aad2 100644
--- a/collections.go
+++ b/collections.go
@@ -730,6 +730,7 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 	if strings.Contains(r.Header.Get("Accept"), "application/activity+json") {
 		ac := c.PersonObject()
 		ac.Context = []interface{}{activitystreams.Namespace}
+		setCacheControl(w, apCacheTime)
 		return impart.RenderActivityJSON(w, ac, http.StatusOK)
 	}
 
diff --git a/posts.go b/posts.go
index 2f3606f..625410b 100644
--- a/posts.go
+++ b/posts.go
@@ -1034,6 +1034,7 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		p.Collection = &CollectionObj{Collection: *coll}
 		po := p.ActivityObject()
 		po.Context = []interface{}{activitystreams.Namespace}
+		setCacheControl(w, apCacheTime)
 		return impart.RenderActivityJSON(w, po, http.StatusOK)
 	}
 
@@ -1359,6 +1360,7 @@ Are you sure it was ever here?`,
 		p.extractData()
 		ap := p.ActivityObject()
 		ap.Context = []interface{}{activitystreams.Namespace}
+		setCacheControl(w, apCacheTime)
 		return impart.RenderActivityJSON(w, ap, http.StatusOK)
 	} else {
 		p.extractData()

From caca8f0ae26f586e4736eeefd01eef0e6ed80808 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Thu, 3 Oct 2019 09:47:08 -0700
Subject: [PATCH 02/69] show timestamps in local date/locale

this adds a helper script to rewrite all time elements with a proper
datetime attribute into the users locale via the browser
navigator.language.

collection, collection-post and chorus-collection-post templates now
include this script
---
 static/js/localdate.js                | 9 +++++++++
 templates/chorus-collection-post.tmpl | 1 +
 templates/collection-post.tmpl        | 1 +
 templates/collection.tmpl             | 1 +
 4 files changed, 12 insertions(+)
 create mode 100644 static/js/localdate.js

diff --git a/static/js/localdate.js b/static/js/localdate.js
new file mode 100644
index 0000000..19fa502
--- /dev/null
+++ b/static/js/localdate.js
@@ -0,0 +1,9 @@
+function toLocalDate(el) {
+	var d = new Date(el.getAttribute("datetime"));
+	el.textContent = d.toLocaleDateString(navigator.language || "en-US", { year: 'numeric', month: 'long', day: 'numeric' });
+}
+
+var $dates = document.querySelectorAll("time");
+for (var i=0; i < $dates.length; i++) {
+	toLocalDate($dates[i]);
+}
diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index bab2e31..e60a435 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -90,6 +90,7 @@ article time.dt-published {
 		{{range .Collection.ExternalScripts}}<script type="text/javascript" src="{{.}}" async></script>{{end}}
 		{{if .Collection.Script}}<script type="text/javascript">{{.Collection.ScriptDisplay}}</script>{{end}}
 	{{end}}
+	<script src="/js/localdate.js"></script>
 	<script type="text/javascript">
 
 var pinning = false;
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index 7075226..a4a9541 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -70,6 +70,7 @@
 		{{range .Collection.ExternalScripts}}<script type="text/javascript" src="{{.}}" async></script>{{end}}
 		{{if .Collection.Script}}<script type="text/javascript">{{.Collection.ScriptDisplay}}</script>{{end}}
 	{{end}}
+	<script src="/js/localdate.js"></script>
 	<script type="text/javascript">
 
 var pinning = false;
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 36a266b..285fc4d 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -113,6 +113,7 @@
 	{{end}}
 	<script src="/js/h.js"></script>
 	<script src="/js/postactions.js"></script>
+	<script src="/js/localdate.js"></script>
 	<script type="text/javascript">
 var deleting = false;
 function delPost(e, id, owned) {

From 513765c09f013791aa0b5f73a737fe28cb6a63bf Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Thu, 3 Oct 2019 14:09:53 -0700
Subject: [PATCH 03/69] include localdate in all collections +reader

---
 templates/chorus-collection.tmpl | 1 +
 templates/collection-tags.tmpl   | 1 +
 templates/read.tmpl              | 2 +-
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index e36d3b5..ce095ac 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -112,6 +112,7 @@ body#collection header nav.tabs a:first-child {
 		{{if .Script}}<script type="text/javascript">{{.ScriptDisplay}}</script>{{end}}
 	{{end}}
 	<script src="/js/h.js"></script>
+	<script src="/js/localdate.js"></script>
 	<script src="/js/postactions.js"></script>
 	<script type="text/javascript">
 var deleting = false;
diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl
index 7cad3b7..44ebd38 100644
--- a/templates/collection-tags.tmpl
+++ b/templates/collection-tags.tmpl
@@ -74,6 +74,7 @@
 	{{end}}
 	{{if .IsOwner}}
 	<script src="/js/h.js"></script>
+	<script src="/js/localdate.js"></script>
 	<script src="/js/postactions.js"></script>
 	{{end}}
 	<script type="text/javascript">
diff --git a/templates/read.tmpl b/templates/read.tmpl
index 9541ab5..66a4904 100644
--- a/templates/read.tmpl
+++ b/templates/read.tmpl
@@ -112,7 +112,7 @@
 		</nav>{{end}}
 
 		</div>
-
+		<script src="/js/localdate.js">
 <script type="text/javascript">
 (function() {
 	var $articles = document.querySelectorAll('article');

From dccfae7a6137afbdb89c45026fdd1932d073c45e Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Tue, 8 Oct 2019 15:58:19 +0300
Subject: [PATCH 04/69] Mentioning pleroma accounts works! Mastodon still needs
 the type to b be Note to work but I will open an issue for them and see what
 their reaction will be.

---
 activitypub.go | 25 ++++++++++++++++++++++++-
 go.mod         |  5 +++++
 go.sum         |  7 +++++++
 posts.go       | 18 ++++++++++++++++++
 webfinger.go   | 31 ++++++++++++++++++++++++++++++-
 5 files changed, 84 insertions(+), 2 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index e37fb97..68ac7c9 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -26,6 +26,7 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/writeas/activity/streams"
+	"github.com/writeas/activityserve"
 	"github.com/writeas/httpsig"
 	"github.com/writeas/impart"
 	"github.com/writeas/nerds/store"
@@ -594,12 +595,12 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 		}
 	}
 
+	var activity *activitystreams.Activity
 	for si, instFolls := range inboxes {
 		na.CC = []string{}
 		for _, f := range instFolls {
 			na.CC = append(na.CC, f)
 		}
-		var activity *activitystreams.Activity
 		if isUpdate {
 			activity = activitystreams.NewUpdateActivity(na)
 		} else {
@@ -612,6 +613,28 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 			log.Error("Couldn't post! %v", err)
 		}
 	}
+
+	for _, tag := range na.Tag {
+		if tag.Type == "Mention" {
+			activity = activitystreams.NewCreateActivity(na)
+			activity.To = na.To
+			activity.CC = na.CC
+			// This here might be redundant in some cases as we might have already
+			// sent this to the sharedInbox of this instance above, but we need too
+			// much logic to catch this at the expense of the odd extra request.
+			// I don't believe we'd ever have too many mentions in a single post that this
+			// could become a burden.
+			remoteActor, err := activityserve.NewRemoteActor(tag.HRef)
+			if err != nil {
+				log.Error("Couldn't fetch remote actor", err)
+			}
+			err = makeActivityPost(app.cfg.App.Host, actor, remoteActor.GetInbox(), activity)
+			if err != nil {
+				log.Error("Couldn't post! %v", err)
+			}
+		}
+	}
+
 	return nil
 }
 
diff --git a/go.mod b/go.mod
index 9c67aeb..6711795 100644
--- a/go.mod
+++ b/go.mod
@@ -6,11 +6,13 @@ require (
 	github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf // indirect
 	github.com/captncraig/cors v0.0.0-20180620154129-376d45073b49 // indirect
 	github.com/clbanning/mxj v1.8.4 // indirect
+	github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 // indirect
 	github.com/dustin/go-humanize v1.0.0
 	github.com/fatih/color v1.7.0
 	github.com/go-sql-driver/mysql v1.4.1
 	github.com/go-test/deep v1.0.1 // indirect
 	github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
+	github.com/gologme/log v0.0.0-20181207131047-4e5d8ccb38e8 // indirect
 	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
 	github.com/gorilla/feeds v1.1.0
 	github.com/gorilla/mux v1.7.0
@@ -36,6 +38,7 @@ require (
 	github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c // indirect
 	github.com/stretchr/testify v1.3.0 // indirect
 	github.com/writeas/activity v0.1.2
+	github.com/writeas/activityserve v0.0.0-20191008122325-5fc3b48e70c5
 	github.com/writeas/go-strip-markdown v2.0.1+incompatible
 	github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2
 	github.com/writeas/httpsig v1.0.0
@@ -58,3 +61,5 @@ require (
 	gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0 // indirect
 	gopkg.in/yaml.v2 v2.2.2 // indirect
 )
+
+go 1.13
diff --git a/go.sum b/go.sum
index ec1e19d..356c06f 100644
--- a/go.sum
+++ b/go.sum
@@ -23,12 +23,15 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 h1:74lLNRzvsdIlkTgfDSMuaPjBr4cf6k7pwQQANm/yLKU=
+github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9/go.mod h1:GgB8SF9nRG+GqaDtLcwJZsQFhcogVCJ79j4EdT0c2V4=
 github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
 github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
 github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
+github.com/go-fed/httpsig v0.1.0 h1:6F2OxRVnNTN4OPN+Mc2jxs2WEay9/qiHT/jphlvAwIY=
 github.com/go-fed/httpsig v0.1.0/go.mod h1:T56HUNYZUQ1AGUzhAYPugZfp36sKApVnGBgKlIY+aIE=
 github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
@@ -38,6 +41,8 @@ github.com/golang/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:tluoj9z5200j
 github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1 h1:6DVPu65tee05kY0/rciBQ47ue+AnuY8KTayV6VHikIo=
 github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/gologme/log v0.0.0-20181207131047-4e5d8ccb38e8 h1:WD8iJ37bRNwvETMfVTusVSAi0WdXTpfNVGY2aHycNKY=
+github.com/gologme/log v0.0.0-20181207131047-4e5d8ccb38e8/go.mod h1:gq31gQ8wEHkR+WekdWsqDuf8pXTUZA9BnnzTuPz1Y9U=
 github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf h1:7+FW5aGwISbqUtkfmIpZJGRgNFg2ioYPvFaUxdqpDsg=
 github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf/go.mod h1:RpwtwJQFrIEPstU94h88MWPXP2ektJZ8cZ0YntAmXiE=
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg=
@@ -115,6 +120,8 @@ github.com/tsenart/deadcode v0.0.0-20160724212837-210d2dc333e9 h1:vY5WqiEon0ZSTG
 github.com/tsenart/deadcode v0.0.0-20160724212837-210d2dc333e9/go.mod h1:q+QjxYvZ+fpjMXqs+XEriussHjSYqeXVnAdSV1tkMYk=
 github.com/writeas/activity v0.1.2 h1:Y12B5lIrabfqKE7e7HFCWiXrlfXljr9tlkFm2mp7DgY=
 github.com/writeas/activity v0.1.2/go.mod h1:mYYgiewmEM+8tlifirK/vl6tmB2EbjYaxwb+ndUw5T0=
+github.com/writeas/activityserve v0.0.0-20191008122325-5fc3b48e70c5 h1:nG84xWpxBM8YU/FJchezJqg7yZH8ImSRow6NoYtbSII=
+github.com/writeas/activityserve v0.0.0-20191008122325-5fc3b48e70c5/go.mod h1:Kz62mzYsCnrFTSTSFLXFj3fGYBQOntmBWTDDq57b46A=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible h1:IIqxTM5Jr7RzhigcL6FkrCNfXkvbR+Nbu1ls48pXYcw=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible/go.mod h1:Rsyu10ZhbEK9pXdk8V6MVnZmTzRG0alMNLMwa0J01fE=
 github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2 h1:DUsp4OhdfI+e6iUqcPQlwx8QYXuUDsToTz/x82D3Zuo=
diff --git a/posts.go b/posts.go
index 88730f7..520f716 100644
--- a/posts.go
+++ b/posts.go
@@ -1108,6 +1108,24 @@ func (p *PublicPost) ActivityObject(cfg *config.Config) *activitystreams.Object
 			})
 		}
 	}
+	// Find mentioned users
+	mentionedUsers := make(map[string]string)
+	//:= map[string]string{"@qwazix@pleroma.site": "https://pleroma.site/users/qwazix", "@tzo@cybre.space": "https://cybre.space/users/tzo"}
+
+	stripper := bluemonday.StrictPolicy()
+	content := stripper.Sanitize(p.Content)
+	mentionRegex := regexp.MustCompile(`@[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}`)
+	mentions := mentionRegex.FindAllString(content, -1)
+
+	for _, handle := range mentions {
+		actorIRI := RemoteLookup(handle)
+		mentionedUsers[handle] = actorIRI
+	}
+
+	for handle, iri := range mentionedUsers {
+		o.CC = append(o.CC, iri)
+		o.Tag = append(o.Tag, activitystreams.Tag{"Mention", iri, handle})
+	}
 	return o
 }
 
diff --git a/webfinger.go b/webfinger.go
index c95d88e..c3f8530 100644
--- a/webfinger.go
+++ b/webfinger.go
@@ -11,11 +11,15 @@
 package writefreely
 
 import (
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+	"strings"
+
 	"github.com/writeas/go-webfinger"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely/config"
-	"net/http"
 )
 
 type wfResolver struct {
@@ -80,3 +84,28 @@ func (wfr wfResolver) DummyUser(username string, hostname string, r []webfinger.
 func (wfr wfResolver) IsNotFoundError(err error) bool {
 	return err == wfUserNotFoundErr
 }
+
+// RemoteLookup looks up a user by handle at a remote server
+// and returns the actor URL
+// TODO make this work
+func RemoteLookup(handle string) string {
+	handle = strings.TrimLeft(handle, "@")
+	// let's take the server part of the handle
+	parts := strings.Split(handle, "@")
+	resp, err := http.Get("https://" + parts[1] + "/.well-known/webfinger?resource=acct:" + handle)
+	if err != nil {
+		log.Error("Error performing webfinger request", err)
+	}
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		log.Error("Error reading webfinger response", err)
+	}
+
+	var result map[string]interface{}
+	json.Unmarshal(body, &result)
+
+	aliases := result["aliases"].([]interface{})
+
+	return aliases[0].(string)
+}

From 3eb638b14a1ea89319e773a9b13240e40eb06cd3 Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Wed, 9 Oct 2019 14:34:31 +0300
Subject: [PATCH 05/69] Fix @thebaer's comments in
 https://github.com/writeas/writefreely/commit/dccfae7a6137afbdb89c45026fdd1932d073c45e#commitcomment-35410380

---
 activitypub.go | 16 ++++++++++++++++
 posts.go       |  5 ++---
 webfinger.go   |  3 ++-
 3 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index 68ac7c9..fa25061 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -589,18 +589,25 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 			inbox = f.Inbox
 		}
 		if _, ok := inboxes[inbox]; ok {
+			// check if we're already sending to this shared inbox
 			inboxes[inbox] = append(inboxes[inbox], f.ActorID)
 		} else {
+			// add the new shared inbox to the list
 			inboxes[inbox] = []string{f.ActorID}
 		}
 	}
 
 	var activity *activitystreams.Activity
+	// for each one of the shared inboxes
 	for si, instFolls := range inboxes {
+		// add all followers from that instance
+		// to the CC field
 		na.CC = []string{}
 		for _, f := range instFolls {
 			na.CC = append(na.CC, f)
 		}
+		// create a new "Create" activity
+		// with our article as object
 		if isUpdate {
 			activity = activitystreams.NewUpdateActivity(na)
 		} else {
@@ -608,12 +615,19 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 			activity.To = na.To
 			activity.CC = na.CC
 		}
+		// and post it to that sharedInbox
 		err = makeActivityPost(app.cfg.App.Host, actor, si, activity)
 		if err != nil {
 			log.Error("Couldn't post! %v", err)
 		}
 	}
 
+	// re-create the object so that the CC list gets reset and has
+	// the mentioned users. This might seem wasteful but the code is
+	// cleaner than adding the mentioned users to CC here instead of
+	// in p.ActivityObject()
+	na = p.ActivityObject(app.cfg)
+
 	for _, tag := range na.Tag {
 		if tag.Type == "Mention" {
 			activity = activitystreams.NewCreateActivity(na)
@@ -632,6 +646,8 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 			if err != nil {
 				log.Error("Couldn't post! %v", err)
 			}
+			// log.Info("Activity", activity)
+
 		}
 	}
 
diff --git a/posts.go b/posts.go
index 520f716..4b6fcc1 100644
--- a/posts.go
+++ b/posts.go
@@ -1110,11 +1110,10 @@ func (p *PublicPost) ActivityObject(cfg *config.Config) *activitystreams.Object
 	}
 	// Find mentioned users
 	mentionedUsers := make(map[string]string)
-	//:= map[string]string{"@qwazix@pleroma.site": "https://pleroma.site/users/qwazix", "@tzo@cybre.space": "https://cybre.space/users/tzo"}
 
 	stripper := bluemonday.StrictPolicy()
 	content := stripper.Sanitize(p.Content)
-	mentionRegex := regexp.MustCompile(`@[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]{2,6}`)
+	mentionRegex := regexp.MustCompile(`@[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]+\b`)
 	mentions := mentionRegex.FindAllString(content, -1)
 
 	for _, handle := range mentions {
@@ -1124,7 +1123,7 @@ func (p *PublicPost) ActivityObject(cfg *config.Config) *activitystreams.Object
 
 	for handle, iri := range mentionedUsers {
 		o.CC = append(o.CC, iri)
-		o.Tag = append(o.Tag, activitystreams.Tag{"Mention", iri, handle})
+		o.Tag = append(o.Tag, activitystreams.Tag{Type: "Mention", HRef: iri, Name: handle})
 	}
 	return o
 }
diff --git a/webfinger.go b/webfinger.go
index c3f8530..d19478f 100644
--- a/webfinger.go
+++ b/webfinger.go
@@ -87,7 +87,6 @@ func (wfr wfResolver) IsNotFoundError(err error) bool {
 
 // RemoteLookup looks up a user by handle at a remote server
 // and returns the actor URL
-// TODO make this work
 func RemoteLookup(handle string) string {
 	handle = strings.TrimLeft(handle, "@")
 	// let's take the server part of the handle
@@ -95,11 +94,13 @@ func RemoteLookup(handle string) string {
 	resp, err := http.Get("https://" + parts[1] + "/.well-known/webfinger?resource=acct:" + handle)
 	if err != nil {
 		log.Error("Error performing webfinger request", err)
+		return ""
 	}
 
 	body, err := ioutil.ReadAll(resp.Body)
 	if err != nil {
 		log.Error("Error reading webfinger response", err)
+		return ""
 	}
 
 	var result map[string]interface{}

From e5bbd45b49c7c6d0f17441b0a2f6fe83d7b6038f Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Thu, 10 Oct 2019 10:59:14 +0300
Subject: [PATCH 06/69] Change the result that webfinger returns from the first
 alias to the last because mastodon doesn't like

https://my.instance/@me but https://my.instance/users/me
---
 webfinger.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/webfinger.go b/webfinger.go
index d19478f..715e1cf 100644
--- a/webfinger.go
+++ b/webfinger.go
@@ -108,5 +108,5 @@ func RemoteLookup(handle string) string {
 
 	aliases := result["aliases"].([]interface{})
 
-	return aliases[0].(string)
+	return aliases[len(aliases)-1].(string)
 }

From 99bb77153e4d78e2ec04075ab2e7b28aae9ec2f2 Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Thu, 10 Oct 2019 15:11:46 +0300
Subject: [PATCH 07/69] Handles are saved in `remoteusers` while the links take
 you to an intermediate page (WIP) that shows the user profile page url

---
 activitypub.go | 38 ++++++++++++++++++++++++++------------
 collections.go | 15 +++++++++++++++
 postrender.go  |  3 +++
 posts.go       | 42 +++++++++++++++++++++++++++++++++++++-----
 routes.go      |  1 +
 5 files changed, 82 insertions(+), 17 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index fa25061..081fcea 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -26,7 +26,6 @@ import (
 
 	"github.com/gorilla/mux"
 	"github.com/writeas/activity/streams"
-	"github.com/writeas/activityserve"
 	"github.com/writeas/httpsig"
 	"github.com/writeas/impart"
 	"github.com/writeas/nerds/store"
@@ -45,6 +44,7 @@ type RemoteUser struct {
 	ActorID     string
 	Inbox       string
 	SharedInbox string
+	Handle      string
 }
 
 func (ru *RemoteUser) AsPerson() *activitystreams.Person {
@@ -133,7 +133,7 @@ func handleFetchCollectionOutbox(app *App, w http.ResponseWriter, r *http.Reques
 	posts, err := app.db.GetPosts(app.cfg, c, p, false, true, false)
 	for _, pp := range *posts {
 		pp.Collection = res
-		o := pp.ActivityObject(app.cfg)
+		o := pp.ActivityObject(app)
 		a := activitystreams.NewCreateActivity(o)
 		ocp.OrderedItems = append(ocp.OrderedItems, *a)
 	}
@@ -525,7 +525,7 @@ func deleteFederatedPost(app *App, p *PublicPost, collID int64) error {
 	}
 	p.Collection.hostName = app.cfg.App.Host
 	actor := p.Collection.PersonObject(collID)
-	na := p.ActivityObject(app.cfg)
+	na := p.ActivityObject(app)
 
 	// Add followers
 	p.Collection.ID = collID
@@ -571,7 +571,7 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 		}
 	}
 	actor := p.Collection.PersonObject(collID)
-	na := p.ActivityObject(app.cfg)
+	na := p.ActivityObject(app)
 
 	// Add followers
 	p.Collection.ID = collID
@@ -626,8 +626,7 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 	// the mentioned users. This might seem wasteful but the code is
 	// cleaner than adding the mentioned users to CC here instead of
 	// in p.ActivityObject()
-	na = p.ActivityObject(app.cfg)
-
+	na = p.ActivityObject(app)
 	for _, tag := range na.Tag {
 		if tag.Type == "Mention" {
 			activity = activitystreams.NewCreateActivity(na)
@@ -638,11 +637,11 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 			// much logic to catch this at the expense of the odd extra request.
 			// I don't believe we'd ever have too many mentions in a single post that this
 			// could become a burden.
-			remoteActor, err := activityserve.NewRemoteActor(tag.HRef)
-			if err != nil {
-				log.Error("Couldn't fetch remote actor", err)
-			}
-			err = makeActivityPost(app.cfg.App.Host, actor, remoteActor.GetInbox(), activity)
+
+			fmt.Println(tag.HRef)
+			fmt.Println("aaa")
+			remoteUser, err := getRemoteUser(app, tag.HRef)
+			err = makeActivityPost(app.cfg.App.Host, actor, remoteUser.Inbox, activity)
 			if err != nil {
 				log.Error("Couldn't post! %v", err)
 			}
@@ -656,7 +655,7 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 
 func getRemoteUser(app *App, actorID string) (*RemoteUser, error) {
 	u := RemoteUser{ActorID: actorID}
-	err := app.db.QueryRow("SELECT id, inbox, shared_inbox FROM remoteusers WHERE actor_id = ?", actorID).Scan(&u.ID, &u.Inbox, &u.SharedInbox)
+	err := app.db.QueryRow("SELECT id, inbox, shared_inbox, handle FROM remoteusers WHERE actor_id = ?", actorID).Scan(&u.ID, &u.Inbox, &u.SharedInbox, &u.Handle)
 	switch {
 	case err == sql.ErrNoRows:
 		return nil, impart.HTTPError{http.StatusNotFound, "No remote user with that ID."}
@@ -668,6 +667,21 @@ func getRemoteUser(app *App, actorID string) (*RemoteUser, error) {
 	return &u, nil
 }
 
+// getRemoteUserFromHandle retrieves the profile page of a remote user
+// from the @user@server.tld handle
+func getRemoteUserFromHandle(app *App, handle string) (*RemoteUser, error) {
+	u := RemoteUser{Handle: handle}
+	err := app.db.QueryRow("SELECT id, actor_id, inbox, shared_inbox FROM remoteusers WHERE handle = ?", handle).Scan(&u.ID, &u.ActorID, &u.Inbox, &u.SharedInbox)
+	switch {
+	case err == sql.ErrNoRows:
+		return nil, impart.HTTPError{http.StatusNotFound, "No remote user with that handle."}
+	case err != nil:
+		log.Error("Couldn't get remote user %s: %v", handle, err)
+		return nil, err
+	}
+	return &u, nil
+}
+
 func getActor(app *App, actorIRI string) (*activitystreams.Person, *RemoteUser, error) {
 	log.Info("Fetching actor %s locally", actorIRI)
 	actor := &activitystreams.Person{}
diff --git a/collections.go b/collections.go
index c095ecb..9ce9d8e 100644
--- a/collections.go
+++ b/collections.go
@@ -820,6 +820,21 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 	return err
 }
 
+func handleViewMention(app *App, w http.ResponseWriter, r *http.Request) error {
+	vars := mux.Vars(r)
+	handle := vars["handle"]
+
+	remoteUser, err := getRemoteUserFromHandle(app, handle)
+	if err != nil {
+		log.Error("Couldn't find this user in our database "+handle, err)
+		return err
+	}
+
+	w.Write([]byte("go to " + remoteUser.ActorID))
+
+	return nil
+}
+
 func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) error {
 	vars := mux.Vars(r)
 	tag := vars["tag"]
diff --git a/postrender.go b/postrender.go
index 83fb5ad..e31c462 100644
--- a/postrender.go
+++ b/postrender.go
@@ -34,6 +34,7 @@ var (
 	titleElementReg = regexp.MustCompile("</?h[1-6]>")
 	hashtagReg      = regexp.MustCompile(`{{\[\[\|\|([^|]+)\|\|\]\]}}`)
 	markeddownReg   = regexp.MustCompile("<p>(.+)</p>")
+	mentionReg      = regexp.MustCompile(`@[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]+\b`)
 )
 
 func (p *Post) formatContent(cfg *config.Config, c *Collection, isOwner bool) {
@@ -82,6 +83,8 @@ func applyMarkdownSpecial(data []byte, skipNoFollow bool, baseURL string, cfg *c
 			tagPrefix = "/read/t/"
 		}
 		md = []byte(hashtagReg.ReplaceAll(md, []byte("<a href=\""+tagPrefix+"$1\" class=\"hashtag\"><span>#</span><span class=\"p-category\">$1</span></a>")))
+		handlePrefix := baseURL + "mention:"
+		md = []byte(mentionReg.ReplaceAll(md, []byte("<a href=\""+handlePrefix+"$0\" class=\"mention\">$0</a>")))
 	}
 	// Strip out bad HTML
 	policy := getSanitizationPolicy()
diff --git a/posts.go b/posts.go
index 4b6fcc1..3eeb232 100644
--- a/posts.go
+++ b/posts.go
@@ -25,6 +25,7 @@ import (
 	"github.com/guregu/null/zero"
 	"github.com/kylemcc/twitter-text-go/extract"
 	"github.com/microcosm-cc/bluemonday"
+	"github.com/writeas/activityserve"
 	stripmd "github.com/writeas/go-strip-markdown"
 	"github.com/writeas/impart"
 	"github.com/writeas/monday"
@@ -35,7 +36,6 @@ import (
 	"github.com/writeas/web-core/i18n"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/web-core/tags"
-	"github.com/writeas/writefreely/config"
 	"github.com/writeas/writefreely/page"
 	"github.com/writeas/writefreely/parse"
 )
@@ -1033,7 +1033,7 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 
 		p.Collection = &CollectionObj{Collection: *coll}
-		po := p.ActivityObject(app.cfg)
+		po := p.ActivityObject(app)
 		po.Context = []interface{}{activitystreams.Namespace}
 		return impart.RenderActivityJSON(w, po, http.StatusOK)
 	}
@@ -1068,7 +1068,8 @@ func (p *PublicPost) CanonicalURL() string {
 	return p.Collection.CanonicalURL() + p.Slug.String
 }
 
-func (p *PublicPost) ActivityObject(cfg *config.Config) *activitystreams.Object {
+func (p *PublicPost) ActivityObject(app *App) *activitystreams.Object {
+	cfg := app.cfg
 	o := activitystreams.NewArticleObject()
 	o.ID = p.Collection.FederatedAPIBase() + "api/posts/" + p.ID
 	o.Published = p.Created
@@ -1117,7 +1118,38 @@ func (p *PublicPost) ActivityObject(cfg *config.Config) *activitystreams.Object
 	mentions := mentionRegex.FindAllString(content, -1)
 
 	for _, handle := range mentions {
-		actorIRI := RemoteLookup(handle)
+		var actorIRI string
+		remoteuser, errRemoteUser := getRemoteUserFromHandle(app, handle)
+		if errRemoteUser != nil {
+			// can't find using handle in the table but the table may already have this user without
+			// handle from a previous version
+			actorIRI = RemoteLookup(handle)
+			_, errRemoteUser := getRemoteUser(app, actorIRI)
+			// if it exists then we need to update the handle
+			if errRemoteUser == nil {
+				// query := "UPDATE remoteusers SET handle='" + handle + "' WHERE actor_id='" + iri + "';"
+				// log.Info(query)
+				_, err := app.db.Exec("UPDATE remoteusers SET handle=? WHERE actor_id=?;", handle, actorIRI)
+				if err != nil {
+					log.Error("Can't update handle (" + handle + ") in database for user " + actorIRI)
+				}
+			} else {
+				// this probably means we don't have the user in the table so let's try to insert it
+				// here we need to ask the server for the inboxes
+				remoteActor, err := activityserve.NewRemoteActor(actorIRI)
+				if err != nil {
+					log.Error("Couldn't fetch remote actor", err)
+				}
+				fmt.Println(actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
+				_, err = app.db.Exec("INSERT INTO remoteusers (actor_id, inbox, shared_inbox, handle) VALUES( ?, ?, ?, ?)", actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
+				if err != nil {
+					log.Error("Can't insert remote user in database", err)
+					return nil
+				}
+			}
+		} else {
+			actorIRI = remoteuser.ActorID
+		}
 		mentionedUsers[handle] = actorIRI
 	}
 
@@ -1379,7 +1411,7 @@ Are you sure it was ever here?`,
 			return ErrCollectionPageNotFound
 		}
 		p.extractData()
-		ap := p.ActivityObject(app.cfg)
+		ap := p.ActivityObject(app)
 		ap.Context = []interface{}{activitystreams.Namespace}
 		return impart.RenderActivityJSON(w, ap, http.StatusOK)
 	} else {
diff --git a/routes.go b/routes.go
index 0113e93..4c26f47 100644
--- a/routes.go
+++ b/routes.go
@@ -184,6 +184,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 
 func RouteCollections(handler *Handler, r *mux.Router) {
 	r.HandleFunc("/page/{page:[0-9]+}", handler.Web(handleViewCollection, UserLevelReader))
+	r.HandleFunc("/mention:{handle}", handler.Web(handleViewMention, UserLevelReader))
 	r.HandleFunc("/tag:{tag}", handler.Web(handleViewCollectionTag, UserLevelReader))
 	r.HandleFunc("/tag:{tag}/feed/", handler.Web(ViewFeed, UserLevelReader))
 	r.HandleFunc("/tags/{tag}", handler.Web(handleViewCollectionTag, UserLevelReader))

From db14f04b5900471031ad53907a20a4e64a7cff4b Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Thu, 10 Oct 2019 16:04:43 +0300
Subject: [PATCH 08/69] Redirects from the intermediate page work and if
 there's an old mention there it updates the table to include the handle.

migrations WIP
---
 collections.go           |  9 +++++----
 database.go              | 36 ++++++++++++++++++++++++++++++++++++
 migrations/migrations.go |  1 +
 migrations/v3.go         | 23 +++++++++++++++++++++++
 posts.go                 | 36 ++++--------------------------------
 schema.sql               |  1 +
 sqlite.sql               |  1 +
 7 files changed, 71 insertions(+), 36 deletions(-)
 create mode 100644 migrations/v3.go

diff --git a/collections.go b/collections.go
index 9ce9d8e..431afd1 100644
--- a/collections.go
+++ b/collections.go
@@ -824,13 +824,14 @@ func handleViewMention(app *App, w http.ResponseWriter, r *http.Request) error {
 	vars := mux.Vars(r)
 	handle := vars["handle"]
 
-	remoteUser, err := getRemoteUserFromHandle(app, handle)
+	remoteUser, err := app.db.getProfilePageFromHandle(app, handle)
 	if err != nil {
-		log.Error("Couldn't find this user in our database "+handle, err)
-		return err
+		log.Error("Couldn't find this user "+handle, err)
+		return nil
 	}
 
-	w.Write([]byte("go to " + remoteUser.ActorID))
+	http.Redirect(w, r, remoteUser, http.StatusSeeOther)
+	w.Write([]byte("go to " + remoteUser))
 
 	return nil
 }
diff --git a/database.go b/database.go
index a3235b6..a95bfca 100644
--- a/database.go
+++ b/database.go
@@ -20,6 +20,7 @@ import (
 	"github.com/guregu/null"
 	"github.com/guregu/null/zero"
 	uuid "github.com/nu7hatch/gouuid"
+	"github.com/writeas/activityserve"
 	"github.com/writeas/impart"
 	"github.com/writeas/nerds/store"
 	"github.com/writeas/web-core/activitypub"
@@ -2449,3 +2450,38 @@ func handleFailedPostInsert(err error) error {
 	log.Error("Couldn't insert into posts: %v", err)
 	return err
 }
+
+func (db *datastore) getProfilePageFromHandle(app *App, handle string) (actorIRI string, err error) {
+	remoteuser, errRemoteUser := getRemoteUserFromHandle(app, handle)
+	if errRemoteUser != nil {
+		// can't find using handle in the table but the table may already have this user without
+		// handle from a previous version
+		actorIRI = RemoteLookup(handle)
+		_, errRemoteUser := getRemoteUser(app, actorIRI)
+		// if it exists then we need to update the handle
+		if errRemoteUser == nil {
+			// query := "UPDATE remoteusers SET handle='" + handle + "' WHERE actor_id='" + iri + "';"
+			// log.Info(query)
+			_, err := app.db.Exec("UPDATE remoteusers SET handle=? WHERE actor_id=?;", handle, actorIRI)
+			if err != nil {
+				log.Error("Can't update handle (" + handle + ") in database for user " + actorIRI)
+			}
+		} else {
+			// this probably means we don't have the user in the table so let's try to insert it
+			// here we need to ask the server for the inboxes
+			remoteActor, err := activityserve.NewRemoteActor(actorIRI)
+			if err != nil {
+				log.Error("Couldn't fetch remote actor", err)
+			}
+			fmt.Println(actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
+			_, err = app.db.Exec("INSERT INTO remoteusers (actor_id, inbox, shared_inbox, handle) VALUES( ?, ?, ?, ?)", actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
+			if err != nil {
+				log.Error("Can't insert remote user in database", err)
+				return "", err
+			}
+		}
+	} else {
+		actorIRI = remoteuser.ActorID
+	}
+	return actorIRI, nil
+}
diff --git a/migrations/migrations.go b/migrations/migrations.go
index 70e4b7b..145c6df 100644
--- a/migrations/migrations.go
+++ b/migrations/migrations.go
@@ -57,6 +57,7 @@ func (m *migration) Migrate(db *datastore) error {
 var migrations = []Migration{
 	New("support user invites", supportUserInvites),             // -> V1 (v0.8.0)
 	New("support dynamic instance pages", supportInstancePages), // V1 -> V2 (v0.9.0)
+	New("support activityPub mentions", supportActivityPubMentions), // V2 -> V3 (v0.1x.0)
 }
 
 // CurrentVer returns the current migration version the application is on
diff --git a/migrations/v3.go b/migrations/v3.go
new file mode 100644
index 0000000..5c3f5aa
--- /dev/null
+++ b/migrations/v3.go
@@ -0,0 +1,23 @@
+/*
+ * Copyright © 2019 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package migrations
+
+func supportActivityPubMentions(db *datastore) error {
+	t, err := db.Begin()
+
+	_, err = t.Exec(`ALTER TABLE remoteusers ADD COLUMN handle ` + db.typeVarChar(255) + ` DEFAULT '' NOT NULL`)
+	if err != nil {
+		t.Rollback()
+		return err
+	}
+
+	return nil
+}
diff --git a/posts.go b/posts.go
index 3eeb232..df8be93 100644
--- a/posts.go
+++ b/posts.go
@@ -25,7 +25,6 @@ import (
 	"github.com/guregu/null/zero"
 	"github.com/kylemcc/twitter-text-go/extract"
 	"github.com/microcosm-cc/bluemonday"
-	"github.com/writeas/activityserve"
 	stripmd "github.com/writeas/go-strip-markdown"
 	"github.com/writeas/impart"
 	"github.com/writeas/monday"
@@ -1118,37 +1117,10 @@ func (p *PublicPost) ActivityObject(app *App) *activitystreams.Object {
 	mentions := mentionRegex.FindAllString(content, -1)
 
 	for _, handle := range mentions {
-		var actorIRI string
-		remoteuser, errRemoteUser := getRemoteUserFromHandle(app, handle)
-		if errRemoteUser != nil {
-			// can't find using handle in the table but the table may already have this user without
-			// handle from a previous version
-			actorIRI = RemoteLookup(handle)
-			_, errRemoteUser := getRemoteUser(app, actorIRI)
-			// if it exists then we need to update the handle
-			if errRemoteUser == nil {
-				// query := "UPDATE remoteusers SET handle='" + handle + "' WHERE actor_id='" + iri + "';"
-				// log.Info(query)
-				_, err := app.db.Exec("UPDATE remoteusers SET handle=? WHERE actor_id=?;", handle, actorIRI)
-				if err != nil {
-					log.Error("Can't update handle (" + handle + ") in database for user " + actorIRI)
-				}
-			} else {
-				// this probably means we don't have the user in the table so let's try to insert it
-				// here we need to ask the server for the inboxes
-				remoteActor, err := activityserve.NewRemoteActor(actorIRI)
-				if err != nil {
-					log.Error("Couldn't fetch remote actor", err)
-				}
-				fmt.Println(actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
-				_, err = app.db.Exec("INSERT INTO remoteusers (actor_id, inbox, shared_inbox, handle) VALUES( ?, ?, ?, ?)", actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
-				if err != nil {
-					log.Error("Can't insert remote user in database", err)
-					return nil
-				}
-			}
-		} else {
-			actorIRI = remoteuser.ActorID
+		actorIRI, err := app.db.getProfilePageFromHandle(app, handle)
+		if err != nil {
+			log.Info("Can't find this user either in the database nor in the remote instance")
+			return nil
 		}
 		mentionedUsers[handle] = actorIRI
 	}
diff --git a/schema.sql b/schema.sql
index b3fae97..ca8ec71 100644
--- a/schema.sql
+++ b/schema.sql
@@ -181,6 +181,7 @@ CREATE TABLE IF NOT EXISTS `remoteusers` (
   `actor_id` varchar(255) NOT NULL,
   `inbox` varchar(255) NOT NULL,
   `shared_inbox` varchar(255) NOT NULL,
+  `handle` varchar(255) DEFAULT '' NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `collection_id` (`actor_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
diff --git a/sqlite.sql b/sqlite.sql
index 90989ed..e1a6b96 100644
--- a/sqlite.sql
+++ b/sqlite.sql
@@ -172,6 +172,7 @@ CREATE TABLE IF NOT EXISTS `remoteusers` (
   actor_id TEXT NOT NULL,
   inbox TEXT NOT NULL,
   shared_inbox TEXT NOT NULL,
+  handle TEXT DEFAULT '' NOT NULL,
   CONSTRAINT collection_id UNIQUE (actor_id)
 );
 

From bc2016f00ff2b2fa58f978f489255457af4f46d5 Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Thu, 10 Oct 2019 16:49:44 +0300
Subject: [PATCH 09/69] Fix missing commit statement in migrations/v3.go

---
 migrations/v3.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/migrations/v3.go b/migrations/v3.go
index 5c3f5aa..c6f5012 100644
--- a/migrations/v3.go
+++ b/migrations/v3.go
@@ -19,5 +19,11 @@ func supportActivityPubMentions(db *datastore) error {
 		return err
 	}
 
+	err = t.Commit()
+	if err != nil {
+		t.Rollback()
+		return err
+	}
+
 	return nil
 }

From b9d268982848b9d494984ab8cc3d5252762a04d9 Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Fri, 11 Oct 2019 10:05:18 +0300
Subject: [PATCH 10/69] Fix comments on T627 pull request

(https://github.com/writeas/writefreely/pull/195)
---
 activitypub.go |  5 -----
 collections.go |  5 +----
 routes.go      |  4 +++-
 schema.sql     |  1 -
 sqlite.sql     |  1 -
 webfinger.go   | 19 +++++++++++++++++--
 6 files changed, 21 insertions(+), 14 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index 081fcea..a6ef1da 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -637,16 +637,11 @@ func federatePost(app *App, p *PublicPost, collID int64, isUpdate bool) error {
 			// much logic to catch this at the expense of the odd extra request.
 			// I don't believe we'd ever have too many mentions in a single post that this
 			// could become a burden.
-
-			fmt.Println(tag.HRef)
-			fmt.Println("aaa")
 			remoteUser, err := getRemoteUser(app, tag.HRef)
 			err = makeActivityPost(app.cfg.App.Host, actor, remoteUser.Inbox, activity)
 			if err != nil {
 				log.Error("Couldn't post! %v", err)
 			}
-			// log.Info("Activity", activity)
-
 		}
 	}
 
diff --git a/collections.go b/collections.go
index 431afd1..f0450b5 100644
--- a/collections.go
+++ b/collections.go
@@ -830,10 +830,7 @@ func handleViewMention(app *App, w http.ResponseWriter, r *http.Request) error {
 		return nil
 	}
 
-	http.Redirect(w, r, remoteUser, http.StatusSeeOther)
-	w.Write([]byte("go to " + remoteUser))
-
-	return nil
+	return impart.HTTPError{Status: http.StatusFound, Message: remoteUser} 
 }
 
 func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) error {
diff --git a/routes.go b/routes.go
index 4c26f47..6f6bd58 100644
--- a/routes.go
+++ b/routes.go
@@ -70,6 +70,9 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	write.HandleFunc(nodeinfo.NodeInfoPath, handler.LogHandlerFunc(http.HandlerFunc(ni.NodeInfoDiscover)))
 	write.HandleFunc(niCfg.InfoURL, handler.LogHandlerFunc(http.HandlerFunc(ni.NodeInfo)))
 
+	// handle mentions
+	write.HandleFunc("/mention:{handle}", handler.Web(handleViewMention, UserLevelReader))
+
 	// Set up dyamic page handlers
 	// Handle auth
 	auth := write.PathPrefix("/api/auth/").Subrouter()
@@ -184,7 +187,6 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 
 func RouteCollections(handler *Handler, r *mux.Router) {
 	r.HandleFunc("/page/{page:[0-9]+}", handler.Web(handleViewCollection, UserLevelReader))
-	r.HandleFunc("/mention:{handle}", handler.Web(handleViewMention, UserLevelReader))
 	r.HandleFunc("/tag:{tag}", handler.Web(handleViewCollectionTag, UserLevelReader))
 	r.HandleFunc("/tag:{tag}/feed/", handler.Web(ViewFeed, UserLevelReader))
 	r.HandleFunc("/tags/{tag}", handler.Web(handleViewCollectionTag, UserLevelReader))
diff --git a/schema.sql b/schema.sql
index ca8ec71..b3fae97 100644
--- a/schema.sql
+++ b/schema.sql
@@ -181,7 +181,6 @@ CREATE TABLE IF NOT EXISTS `remoteusers` (
   `actor_id` varchar(255) NOT NULL,
   `inbox` varchar(255) NOT NULL,
   `shared_inbox` varchar(255) NOT NULL,
-  `handle` varchar(255) DEFAULT '' NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `collection_id` (`actor_id`)
 ) ENGINE=InnoDB DEFAULT CHARSET=latin1;
diff --git a/sqlite.sql b/sqlite.sql
index e1a6b96..90989ed 100644
--- a/sqlite.sql
+++ b/sqlite.sql
@@ -172,7 +172,6 @@ CREATE TABLE IF NOT EXISTS `remoteusers` (
   actor_id TEXT NOT NULL,
   inbox TEXT NOT NULL,
   shared_inbox TEXT NOT NULL,
-  handle TEXT DEFAULT '' NOT NULL,
   CONSTRAINT collection_id UNIQUE (actor_id)
 );
 
diff --git a/webfinger.go b/webfinger.go
index 715e1cf..72c3f95 100644
--- a/webfinger.go
+++ b/webfinger.go
@@ -106,7 +106,22 @@ func RemoteLookup(handle string) string {
 	var result map[string]interface{}
 	json.Unmarshal(body, &result)
 
-	aliases := result["aliases"].([]interface{})
+	var href string
+	for _, link := range result["links"].([]interface{}) {
+		if link.(map[string]interface{})["rel"] == "self" {
+			href = link.(map[string]interface{})["href"].(string)
+		}
+	}
+
+	// if we didn't find it with the above then
+	// try using aliases
+	if href == "" {
+		aliases := result["aliases"].([]interface{})
+		// take the last alias because mastodon has the
+		// https://instance.tld/@user first which
+		// doesn't work as an href
+		href = aliases[len(aliases)-1].(string)
+	}
 
-	return aliases[len(aliases)-1].(string)
+	return href
 }

From 972ec00c58252ff90e008285242881a3d0a6f886 Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Fri, 11 Oct 2019 10:33:51 +0300
Subject: [PATCH 11/69] Update dependencies and add a comment

---
 go.mod       | 2 +-
 go.sum       | 2 ++
 webfinger.go | 2 ++
 3 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index 6711795..2f66a2d 100644
--- a/go.mod
+++ b/go.mod
@@ -38,7 +38,7 @@ require (
 	github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c // indirect
 	github.com/stretchr/testify v1.3.0 // indirect
 	github.com/writeas/activity v0.1.2
-	github.com/writeas/activityserve v0.0.0-20191008122325-5fc3b48e70c5
+	github.com/writeas/activityserve v0.0.0-20191011072627-3a81f7784d5b
 	github.com/writeas/go-strip-markdown v2.0.1+incompatible
 	github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2
 	github.com/writeas/httpsig v1.0.0
diff --git a/go.sum b/go.sum
index 356c06f..75626d2 100644
--- a/go.sum
+++ b/go.sum
@@ -122,6 +122,8 @@ github.com/writeas/activity v0.1.2 h1:Y12B5lIrabfqKE7e7HFCWiXrlfXljr9tlkFm2mp7Dg
 github.com/writeas/activity v0.1.2/go.mod h1:mYYgiewmEM+8tlifirK/vl6tmB2EbjYaxwb+ndUw5T0=
 github.com/writeas/activityserve v0.0.0-20191008122325-5fc3b48e70c5 h1:nG84xWpxBM8YU/FJchezJqg7yZH8ImSRow6NoYtbSII=
 github.com/writeas/activityserve v0.0.0-20191008122325-5fc3b48e70c5/go.mod h1:Kz62mzYsCnrFTSTSFLXFj3fGYBQOntmBWTDDq57b46A=
+github.com/writeas/activityserve v0.0.0-20191011072627-3a81f7784d5b h1:rd2wX/bTqD55hxtBjAhwLcUgaQE36c70KX3NzpDAwVI=
+github.com/writeas/activityserve v0.0.0-20191011072627-3a81f7784d5b/go.mod h1:Kz62mzYsCnrFTSTSFLXFj3fGYBQOntmBWTDDq57b46A=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible h1:IIqxTM5Jr7RzhigcL6FkrCNfXkvbR+Nbu1ls48pXYcw=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible/go.mod h1:Rsyu10ZhbEK9pXdk8V6MVnZmTzRG0alMNLMwa0J01fE=
 github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2 h1:DUsp4OhdfI+e6iUqcPQlwx8QYXuUDsToTz/x82D3Zuo=
diff --git a/webfinger.go b/webfinger.go
index 72c3f95..9e6f687 100644
--- a/webfinger.go
+++ b/webfinger.go
@@ -107,6 +107,8 @@ func RemoteLookup(handle string) string {
 	json.Unmarshal(body, &result)
 
 	var href string
+	// iterate over webfinger links and find the one with
+	// a self "rel"
 	for _, link := range result["links"].([]interface{}) {
 		if link.(map[string]interface{})["rel"] == "self" {
 			href = link.(map[string]interface{})["href"].(string)

From 1bda0434de893746182bd35233ae213d57b29bdc Mon Sep 17 00:00:00 2001
From: Michael Demetriou <accounts@qzx.gr>
Date: Tue, 15 Oct 2019 09:59:24 +0300
Subject: [PATCH 12/69] Unmarshal to `webfinger.Resource` instead of
 interface{}

(https://github.com/writeas/writefreely/pull/195#discussion_r334567408)
---
 webfinger.go | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/webfinger.go b/webfinger.go
index 9e6f687..6fd1c59 100644
--- a/webfinger.go
+++ b/webfinger.go
@@ -103,26 +103,30 @@ func RemoteLookup(handle string) string {
 		return ""
 	}
 
-	var result map[string]interface{}
-	json.Unmarshal(body, &result)
+	var result webfinger.Resource
+	err = json.Unmarshal(body, &result)
+
+	if err != nil {
+		log.Error("Unsupported webfinger response received", err)
+		return ""
+	}
 
 	var href string
 	// iterate over webfinger links and find the one with
 	// a self "rel"
-	for _, link := range result["links"].([]interface{}) {
-		if link.(map[string]interface{})["rel"] == "self" {
-			href = link.(map[string]interface{})["href"].(string)
+	for _, link := range result.Links {
+		if link.Rel == "self" {
+			href = link.HRef
 		}
 	}
 
 	// if we didn't find it with the above then
 	// try using aliases
 	if href == "" {
-		aliases := result["aliases"].([]interface{})
 		// take the last alias because mastodon has the
 		// https://instance.tld/@user first which
 		// doesn't work as an href
-		href = aliases[len(aliases)-1].(string)
+		href = result.Aliases[len(result.Aliases)-1]
 	}
 
 	return href

From c87ca11a520c29dfeaf31b330d06c614504dd0df Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Thu, 31 Oct 2019 15:16:10 -0700
Subject: [PATCH 13/69] add account deletion

CLI only but backend supports calls from app.db.DeleteAccount already

takes --delete-account user_id_number with optional --posts to also
delete posts. if --posts is omitted all user posts will be updated to
anonymous posts
---
 account.go              |   4 ++
 app.go                  |  45 ++++++++++++++-
 cmd/writefreely/main.go |  14 ++++-
 database.go             | 145 +++++++++++++++++++++++++++++++++---------------
 4 files changed, 159 insertions(+), 49 deletions(-)

diff --git a/account.go b/account.go
index 2a66ecf..c8e946a 100644
--- a/account.go
+++ b/account.go
@@ -1068,3 +1068,7 @@ func getTempInfo(app *App, key string, r *http.Request, w http.ResponseWriter) s
 	// Return value
 	return s
 }
+
+func deleteAccount(app *App, userID int64, posts bool) error {
+	return app.db.DeleteAccount(userID, posts)
+}
diff --git a/app.go b/app.go
index 514c7c8..8e8471f 100644
--- a/app.go
+++ b/app.go
@@ -30,7 +30,7 @@ import (
 	"github.com/gorilla/schema"
 	"github.com/gorilla/sessions"
 	"github.com/manifoldco/promptui"
-	"github.com/writeas/go-strip-markdown"
+	stripmd "github.com/writeas/go-strip-markdown"
 	"github.com/writeas/impart"
 	"github.com/writeas/web-core/auth"
 	"github.com/writeas/web-core/converter"
@@ -681,6 +681,49 @@ func ResetPassword(apper Apper, username string) error {
 	return nil
 }
 
+// DoDeleteAccount runs the confirmation and account delete process.
+func DoDeleteAccount(apper Apper, userID int64, posts bool) error {
+	// Connect to the database
+	apper.LoadConfig()
+	connectToDatabase(apper.App())
+	defer shutdown(apper.App())
+
+	// do not delete the root admin account
+	// TODO: check for other admins and skip?
+	if userID == 1 {
+		log.Error("Can not delete admin account")
+		os.Exit(1)
+	}
+	// check user exists
+	if _, err := apper.App().db.GetUserByID(userID); err != nil {
+		log.Error("%s", err)
+		os.Exit(1)
+	}
+
+	// confirm deletion, w/ w/out posts
+	prompt := promptui.Prompt{
+		Templates: &promptui.PromptTemplates{
+			Success: "{{ . | bold | faint }}: ",
+		},
+		Label:     fmt.Sprintf("Delete user with ID: %d", userID),
+		IsConfirm: true,
+	}
+	_, err := prompt.Run()
+	if err != nil {
+		log.Info("Aborted...")
+		os.Exit(0)
+	}
+
+	log.Info("Deleting...")
+	err = deleteAccount(apper.App(), userID, posts)
+	if err != nil {
+		log.Error("%s", err)
+		os.Exit(1)
+	}
+	log.Info("Success.")
+	return nil
+}
+
 func connectToDatabase(app *App) {
 	log.Info("Connecting to %s database...", app.cfg.Database.Type)
 
diff --git a/cmd/writefreely/main.go b/cmd/writefreely/main.go
index 48993c7..10d8141 100644
--- a/cmd/writefreely/main.go
+++ b/cmd/writefreely/main.go
@@ -13,11 +13,12 @@ package main
 import (
 	"flag"
 	"fmt"
+	"os"
+	"strings"
+
 	"github.com/gorilla/mux"
 	"github.com/writeas/web-core/log"
 	"github.com/writeas/writefreely"
-	"os"
-	"strings"
 )
 
 func main() {
@@ -38,6 +39,8 @@ func main() {
 	// Admin actions
 	createAdmin := flag.String("create-admin", "", "Create an admin with the given username:password")
 	createUser := flag.String("create-user", "", "Create a regular user with the given username:password")
+	deleteUserID := flag.Int64("delete-user", 0, "Delete a user with the given id, does not delete posts. Use `--delete-user id --posts`")
+	deletePosts := flag.Bool("posts", false, "Optionally delete the user's posts during account deletion")
 	resetPassUser := flag.String("reset-pass", "", "Reset the given user's password")
 	outputVersion := flag.Bool("v", false, "Output the current version")
 	flag.Parse()
@@ -102,6 +105,13 @@ func main() {
 			os.Exit(1)
 		}
 		os.Exit(0)
+	} else if *deleteUserID != 0 {
+		err := writefreely.DoDeleteAccount(app, *deleteUserID, *deletePosts)
+		if err != nil {
+			log.Error(err.Error())
+			os.Exit(1)
+		}
+		os.Exit(0)
 	} else if *migrate {
 		err := writefreely.Migrate(app)
 		if err != nil {
diff --git a/database.go b/database.go
index a3235b6..cecd169 100644
--- a/database.go
+++ b/database.go
@@ -61,7 +61,7 @@ type writestore interface {
 	GetAccessToken(userID int64) (string, error)
 	GetTemporaryAccessToken(userID int64, validSecs int) (string, error)
 	GetTemporaryOneTimeAccessToken(userID int64, validSecs int, oneTime bool) (string, error)
-	DeleteAccount(userID int64) (l *string, err error)
+	DeleteAccount(userID int64, posts bool) error
 	ChangeSettings(app *App, u *User, s *userSettings) error
 	ChangePassphrase(userID int64, sudo bool, curPass string, hashedPass []byte) error
 
@@ -2079,22 +2079,14 @@ func (db *datastore) CollectionHasAttribute(id int64, attr string) bool {
 	return true
 }
 
-func (db *datastore) DeleteAccount(userID int64) (l *string, err error) {
-	debug := ""
-	l = &debug
-
-	t, err := db.Begin()
-	if err != nil {
-		stringLogln(l, "Unable to begin: %v", err)
-		return
-	}
-
+// DeleteAccount will delete the entire account for userID, and if posts
+// is true, also all posts associated with the userID
+func (db *datastore) DeleteAccount(userID int64, posts bool) error {
 	// Get all collections
 	rows, err := db.Query("SELECT id, alias FROM collections WHERE owner_id = ?", userID)
 	if err != nil {
-		t.Rollback()
-		stringLogln(l, "Unable to get collections: %v", err)
-		return
+		log.Error("Unable to get collections: %v", err)
+		return err
 	}
 	defer rows.Close()
 	colls := []Collection{}
@@ -2102,13 +2094,20 @@ func (db *datastore) DeleteAccount(userID int64) (l *string, err error) {
 	for rows.Next() {
 		err = rows.Scan(&c.ID, &c.Alias)
 		if err != nil {
-			t.Rollback()
-			stringLogln(l, "Unable to scan collection cols: %v", err)
-			return
+			log.Error("Unable to scan collection cols: %v", err)
+			return err
 		}
 		colls = append(colls, c)
 	}
 
+	// Start transaction
+	t, err := db.Begin()
+	if err != nil {
+		log.Error("Unable to begin: %v", err)
+		return err
+	}
+
+	// Clean up all collection related information
 	var res sql.Result
 	for _, c := range colls {
 		// TODO: user deleteCollection() func
@@ -2116,89 +2115,143 @@ func (db *datastore) DeleteAccount(userID int64) (l *string, err error) {
 		res, err = t.Exec("DELETE FROM collectionattributes WHERE collection_id = ?", c.ID)
 		if err != nil {
 			t.Rollback()
-			stringLogln(l, "Unable to delete attributes on %s: %v", c.Alias, err)
-			return
+			log.Error("Unable to delete attributes on %s: %v", c.Alias, err)
+			return err
 		}
 		rs, _ := res.RowsAffected()
-		stringLogln(l, "Deleted %d for %s from collectionattributes", rs, c.Alias)
+		log.Info("Deleted %d for %s from collectionattributes", rs, c.Alias)
 
 		// Remove any optional collection password
 		res, err = t.Exec("DELETE FROM collectionpasswords WHERE collection_id = ?", c.ID)
 		if err != nil {
 			t.Rollback()
-			stringLogln(l, "Unable to delete passwords on %s: %v", c.Alias, err)
-			return
+			log.Error("Unable to delete passwords on %s: %v", c.Alias, err)
+			return err
 		}
 		rs, _ = res.RowsAffected()
-		stringLogln(l, "Deleted %d for %s from collectionpasswords", rs, c.Alias)
+		log.Info("Deleted %d for %s from collectionpasswords", rs, c.Alias)
 
 		// Remove redirects to this collection
 		res, err = t.Exec("DELETE FROM collectionredirects WHERE new_alias = ?", c.Alias)
 		if err != nil {
 			t.Rollback()
-			stringLogln(l, "Unable to delete redirects on %s: %v", c.Alias, err)
-			return
+			log.Error("Unable to delete redirects on %s: %v", c.Alias, err)
+			return err
+		}
+		rs, _ = res.RowsAffected()
+		log.Info("Deleted %d for %s from collectionredirects", rs, c.Alias)
+
+		// Remove any collection keys
+		res, err = t.Exec("DELETE FROM collectionkeys WHERE collection_id = ?", c.ID)
+		if err != nil {
+			t.Rollback()
+			log.Error("Unable to delete keys on %s: %v", c.Alias, err)
+			return err
+		}
+		rs, _ = res.RowsAffected()
+		log.Info("Deleted %d for %s from collectionkeys", rs, c.Alias)
+
+		// only remove collection in posts if not deleting the user posts
+		if !posts {
+			// Float all collection's posts
+			res, err = t.Exec("UPDATE posts SET collection_id = NULL WHERE collection_id = ? AND owner_id = ?", c.ID, userID)
+			if err != nil {
+				t.Rollback()
+				log.Error("Unable to update collection %s for posts: %v", err)
+				return err
+			}
+			rs, _ = res.RowsAffected()
+			log.Info("Removed %d posts from collection %s", rs, c.Alias)
+		}
+
+		// TODO: federate delete collection
+
+		// Remove remote follows
+		res, err = t.Exec("DELETE FROM remotefollows WHERE collection_id = ?", c.ID)
+		if err != nil {
+			t.Rollback()
+			log.Error("Unable to delete remote follows on %s: %v", c.Alias, err)
+			return err
 		}
 		rs, _ = res.RowsAffected()
-		stringLogln(l, "Deleted %d for %s from collectionredirects", rs, c.Alias)
+		log.Info("Deleted %d for %s from remotefollows", rs, c.Alias)
 	}
 
 	// Delete collections
 	res, err = t.Exec("DELETE FROM collections WHERE owner_id = ?", userID)
 	if err != nil {
 		t.Rollback()
-		stringLogln(l, "Unable to delete collections: %v", err)
-		return
+		log.Error("Unable to delete collections: %v", err)
+		return err
 	}
 	rs, _ := res.RowsAffected()
-	stringLogln(l, "Deleted %d from collections", rs)
+	log.Info("Deleted %d from collections", rs)
 
 	// Delete tokens
 	res, err = t.Exec("DELETE FROM accesstokens WHERE user_id = ?", userID)
 	if err != nil {
 		t.Rollback()
-		stringLogln(l, "Unable to delete access tokens: %v", err)
-		return
+		log.Error("Unable to delete access tokens: %v", err)
+		return err
 	}
 	rs, _ = res.RowsAffected()
-	stringLogln(l, "Deleted %d from accesstokens", rs)
+	log.Info("Deleted %d from accesstokens", rs)
 
 	// Delete posts
-	res, err = t.Exec("DELETE FROM posts WHERE owner_id = ?", userID)
+	if posts {
+		// TODO: should maybe get each row so we can federate a delete
+		// if so needs to be outside of transaction like collections
+		res, err = t.Exec("DELETE FROM posts WHERE owner_id = ?", userID)
+		if err != nil {
+			t.Rollback()
+			log.Error("Unable to delete posts: %v", err)
+			return err
+		}
+		rs, _ = res.RowsAffected()
+		log.Info("Deleted %d from posts", rs)
+	}
+
+	// Delete user attributes
+	res, err = t.Exec("DELETE FROM userattributes WHERE user_id = ?", userID)
 	if err != nil {
 		t.Rollback()
-		stringLogln(l, "Unable to delete posts: %v", err)
-		return
+		log.Error("Unable to delete attributes: %v", err)
+		return err
 	}
 	rs, _ = res.RowsAffected()
-	stringLogln(l, "Deleted %d from posts", rs)
+	log.Info("Deleted %d from userattributes", rs)
 
-	res, err = t.Exec("DELETE FROM userattributes WHERE user_id = ?", userID)
+	// Delete user invites
+	res, err = t.Exec("DELETE FROM userinvites WHERE owner_id = ?", userID)
 	if err != nil {
 		t.Rollback()
-		stringLogln(l, "Unable to delete attributes: %v", err)
-		return
+		log.Error("Unable to delete invites: %v", err)
+		return err
 	}
 	rs, _ = res.RowsAffected()
-	stringLogln(l, "Deleted %d from userattributes", rs)
+	log.Info("Deleted %d from userinvites", rs)
 
+	// Delete the user
 	res, err = t.Exec("DELETE FROM users WHERE id = ?", userID)
 	if err != nil {
 		t.Rollback()
-		stringLogln(l, "Unable to delete user: %v", err)
-		return
+		log.Error("Unable to delete user: %v", err)
+		return err
 	}
 	rs, _ = res.RowsAffected()
-	stringLogln(l, "Deleted %d from users", rs)
+	log.Info("Deleted %d from users", rs)
 
+	// Commit all changes to the database
 	err = t.Commit()
 	if err != nil {
 		t.Rollback()
-		stringLogln(l, "Unable to commit: %v", err)
-		return
+		log.Error("Unable to commit: %v", err)
+		return err
 	}
 
-	return
+	// TODO: federate delete actor
+
+	return nil
 }
 
 func (db *datastore) GetAPActorKeys(collectionID int64) ([]byte, []byte) {

From 41166e5c356df10d36237e9296979cae65652504 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Tue, 5 Nov 2019 09:14:20 -0800
Subject: [PATCH 14/69] CLI delete account by username and delete posts

this changed the CLI flag to use the username instead of the userID
leaving the underlying database function as is.

also now posts are all deleted with no option to skip as this is likely
never needed.
---
 account.go              |  4 ++--
 app.go                  | 25 ++++++++++++++-----------
 cmd/writefreely/main.go |  7 +++----
 database.go             | 47 ++++++++++++++++++++---------------------------
 4 files changed, 39 insertions(+), 44 deletions(-)

diff --git a/account.go b/account.go
index c8e946a..5e5f03e 100644
--- a/account.go
+++ b/account.go
@@ -1069,6 +1069,6 @@ func getTempInfo(app *App, key string, r *http.Request, w http.ResponseWriter) s
 	return s
 }
 
-func deleteAccount(app *App, userID int64, posts bool) error {
-	return app.db.DeleteAccount(userID, posts)
+func deleteAccount(app *App, userID int64) error {
+	return app.db.DeleteAccount(userID)
 }
diff --git a/app.go b/app.go
index 8e8471f..e793902 100644
--- a/app.go
+++ b/app.go
@@ -682,40 +682,43 @@ func ResetPassword(apper Apper, username string) error {
 }
 
 // DoDeleteAccount runs the confirmation and account delete process.
-func DoDeleteAccount(apper Apper, userID int64, posts bool) error {
+func DoDeleteAccount(apper Apper, username string) error {
 	// Connect to the database
 	apper.LoadConfig()
 	connectToDatabase(apper.App())
 	defer shutdown(apper.App())
 
-	// do not delete the root admin account
-	// TODO: check for other admins and skip?
-	if userID == 1 {
-		log.Error("Can not delete admin account")
-		os.Exit(1)
-	}
 	// check user exists
-	if _, err := apper.App().db.GetUserByID(userID); err != nil {
+	u, err := apper.App().db.GetUserForAuth(username)
+	if err != nil {
 		log.Error("%s", err)
 		os.Exit(1)
 	}
+	userID := u.ID
+
+	// do not delete the admin account
+	// TODO: check for other admins and skip?
+	if u.IsAdmin() {
+		log.Error("Can not delete admin account")
+		os.Exit(1)
+	}
 
 	// confirm deletion, w/ w/out posts
 	prompt := promptui.Prompt{
 		Templates: &promptui.PromptTemplates{
 			Success: "{{ . | bold | faint }}: ",
 		},
-		Label:     fmt.Sprintf("Delete user with ID: %d", userID),
+		Label:     fmt.Sprintf("Really delete user : %s", username),
 		IsConfirm: true,
 	}
-	_, err := prompt.Run()
+	_, err = prompt.Run()
 	if err != nil {
 		log.Info("Aborted...")
 		os.Exit(0)
 	}
 
 	log.Info("Deleting...")
-	err = deleteAccount(apper.App(), userID, posts)
+	err = deleteAccount(apper.App(), userID)
 	if err != nil {
 		log.Error("%s", err)
 		os.Exit(1)
diff --git a/cmd/writefreely/main.go b/cmd/writefreely/main.go
index 10d8141..7fc2342 100644
--- a/cmd/writefreely/main.go
+++ b/cmd/writefreely/main.go
@@ -39,8 +39,7 @@ func main() {
 	// Admin actions
 	createAdmin := flag.String("create-admin", "", "Create an admin with the given username:password")
 	createUser := flag.String("create-user", "", "Create a regular user with the given username:password")
-	deleteUserID := flag.Int64("delete-user", 0, "Delete a user with the given id, does not delete posts. Use `--delete-user id --posts`")
-	deletePosts := flag.Bool("posts", false, "Optionally delete the user's posts during account deletion")
+	deleteUsername := flag.String("delete-user", "", "Delete a user with the given username")
 	resetPassUser := flag.String("reset-pass", "", "Reset the given user's password")
 	outputVersion := flag.Bool("v", false, "Output the current version")
 	flag.Parse()
@@ -105,8 +104,8 @@ func main() {
 			os.Exit(1)
 		}
 		os.Exit(0)
-	} else if *deleteUserID != 0 {
-		err := writefreely.DoDeleteAccount(app, *deleteUserID, *deletePosts)
+	} else if *deleteUsername != "" {
+		err := writefreely.DoDeleteAccount(app, *deleteUsername)
 		if err != nil {
 			log.Error(err.Error())
 			os.Exit(1)
diff --git a/database.go b/database.go
index cecd169..f2888ec 100644
--- a/database.go
+++ b/database.go
@@ -61,7 +61,7 @@ type writestore interface {
 	GetAccessToken(userID int64) (string, error)
 	GetTemporaryAccessToken(userID int64, validSecs int) (string, error)
 	GetTemporaryOneTimeAccessToken(userID int64, validSecs int, oneTime bool) (string, error)
-	DeleteAccount(userID int64, posts bool) error
+	DeleteAccount(userID int64) error
 	ChangeSettings(app *App, u *User, s *userSettings) error
 	ChangePassphrase(userID int64, sudo bool, curPass string, hashedPass []byte) error
 
@@ -2079,9 +2079,8 @@ func (db *datastore) CollectionHasAttribute(id int64, attr string) bool {
 	return true
 }
 
-// DeleteAccount will delete the entire account for userID, and if posts
-// is true, also all posts associated with the userID
-func (db *datastore) DeleteAccount(userID int64, posts bool) error {
+// DeleteAccount will delete the entire account for userID
+func (db *datastore) DeleteAccount(userID int64) error {
 	// Get all collections
 	rows, err := db.Query("SELECT id, alias FROM collections WHERE owner_id = ?", userID)
 	if err != nil {
@@ -2110,7 +2109,6 @@ func (db *datastore) DeleteAccount(userID int64, posts bool) error {
 	// Clean up all collection related information
 	var res sql.Result
 	for _, c := range colls {
-		// TODO: user deleteCollection() func
 		// Delete tokens
 		res, err = t.Exec("DELETE FROM collectionattributes WHERE collection_id = ?", c.ID)
 		if err != nil {
@@ -2151,18 +2149,15 @@ func (db *datastore) DeleteAccount(userID int64, posts bool) error {
 		rs, _ = res.RowsAffected()
 		log.Info("Deleted %d for %s from collectionkeys", rs, c.Alias)
 
-		// only remove collection in posts if not deleting the user posts
-		if !posts {
-			// Float all collection's posts
-			res, err = t.Exec("UPDATE posts SET collection_id = NULL WHERE collection_id = ? AND owner_id = ?", c.ID, userID)
-			if err != nil {
-				t.Rollback()
-				log.Error("Unable to update collection %s for posts: %v", err)
-				return err
-			}
-			rs, _ = res.RowsAffected()
-			log.Info("Removed %d posts from collection %s", rs, c.Alias)
+		// Float all collection's posts
+		res, err = t.Exec("UPDATE posts SET collection_id = NULL WHERE collection_id = ? AND owner_id = ?", c.ID, userID)
+		if err != nil {
+			t.Rollback()
+			log.Error("Unable to update collection %s for posts: %v", c.Alias, err)
+			return err
 		}
+		rs, _ = res.RowsAffected()
+		log.Info("Removed %d posts from collection %s", rs, c.Alias)
 
 		// TODO: federate delete collection
 
@@ -2198,18 +2193,16 @@ func (db *datastore) DeleteAccount(userID int64, posts bool) error {
 	log.Info("Deleted %d from accesstokens", rs)
 
 	// Delete posts
-	if posts {
-		// TODO: should maybe get each row so we can federate a delete
-		// if so needs to be outside of transaction like collections
-		res, err = t.Exec("DELETE FROM posts WHERE owner_id = ?", userID)
-		if err != nil {
-			t.Rollback()
-			log.Error("Unable to delete posts: %v", err)
-			return err
-		}
-		rs, _ = res.RowsAffected()
-		log.Info("Deleted %d from posts", rs)
+	// TODO: should maybe get each row so we can federate a delete
+	// if so needs to be outside of transaction like collections
+	res, err = t.Exec("DELETE FROM posts WHERE owner_id = ?", userID)
+	if err != nil {
+		t.Rollback()
+		log.Error("Unable to delete posts: %v", err)
+		return err
 	}
+	rs, _ = res.RowsAffected()
+	log.Info("Deleted %d from posts", rs)
 
 	// Delete user attributes
 	res, err = t.Exec("DELETE FROM userattributes WHERE user_id = ?", userID)

From b83af955c3fd1926be43968629d81ceb21edcc13 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Tue, 5 Nov 2019 12:20:07 -0800
Subject: [PATCH 15/69] remove wrapper over db.DeleteAccount

---
 account.go | 4 ----
 app.go     | 2 +-
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/account.go b/account.go
index 5e5f03e..2a66ecf 100644
--- a/account.go
+++ b/account.go
@@ -1068,7 +1068,3 @@ func getTempInfo(app *App, key string, r *http.Request, w http.ResponseWriter) s
 	// Return value
 	return s
 }
-
-func deleteAccount(app *App, userID int64) error {
-	return app.db.DeleteAccount(userID)
-}
diff --git a/app.go b/app.go
index e793902..92d5995 100644
--- a/app.go
+++ b/app.go
@@ -718,7 +718,7 @@ func DoDeleteAccount(apper Apper, username string) error {
 	}
 
 	log.Info("Deleting...")
-	err = deleteAccount(apper.App(), userID)
+	err = apper.App().db.DeleteAccount(userID)
 	if err != nil {
 		log.Error("%s", err)
 		os.Exit(1)

From 9b69de166fd539b66542518cda9dd170080c0ad6 Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Mon, 11 Nov 2019 14:25:34 -0800
Subject: [PATCH 16/69] add silenced warning on invites page

---
 invites.go                 | 10 +++++++++-
 templates/user/invite.tmpl |  3 +++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/invites.go b/invites.go
index 1dba7bd..63216fa 100644
--- a/invites.go
+++ b/invites.go
@@ -56,12 +56,20 @@ func handleViewUserInvites(app *App, u *User, w http.ResponseWriter, r *http.Req
 
 	p := struct {
 		*UserPage
-		Invites *[]Invite
+		Invites   *[]Invite
+		Suspended bool
 	}{
 		UserPage: NewUserPage(app, r, u, "Invite People", f),
 	}
 
 	var err error
+
+	p.Suspended, err = app.db.IsUserSuspended(u.ID)
+	if err != nil {
+		log.Error("view invites: %v", err)
+		return ErrInternalGeneral
+	}
+
 	p.Invites, err = app.db.GetUserInvites(u.ID)
 	if err != nil {
 		return err
diff --git a/templates/user/invite.tmpl b/templates/user/invite.tmpl
index 1985bd5..edf7061 100644
--- a/templates/user/invite.tmpl
+++ b/templates/user/invite.tmpl
@@ -31,6 +31,9 @@ table td {
 </style>
 
 <div class="snug content-container">
+	{{if .Suspended}}
+		{{template "user-suspended"}}
+	{{end}}
 	<h1>Invite people</h1>
 	<p>Invite others to join <em>{{.SiteName}}</em> by generating and sharing invite links below.</p>
 

From 7e014ca65958750ab703e317b1ce8cfc4aad2d6e Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Mon, 11 Nov 2019 15:21:45 -0800
Subject: [PATCH 17/69] Rename Suspend status to Silence

This changes all variables and functions from using Suspend{ed} to using
Silence{d} as well as documentation, errors and logging.
---
 account.go                            | 42 ++++++++++++++---------------
 activitypub.go                        | 20 +++++++-------
 admin.go                              |  2 +-
 collections.go                        | 24 ++++++++---------
 database.go                           | 12 ++++-----
 errors.go                             |  2 +-
 feed.go                               |  4 +--
 invites.go                            |  2 +-
 pad.go                                | 18 ++++++-------
 posts.go                              | 50 +++++++++++++++++------------------
 templates.go                          |  6 ++---
 templates/chorus-collection-post.tmpl |  4 +--
 templates/chorus-collection.tmpl      |  4 +--
 templates/collection-post.tmpl        |  4 +--
 templates/collection-tags.tmpl        |  4 +--
 templates/collection.tmpl             |  4 +--
 templates/edit-meta.tmpl              |  4 +--
 templates/pad.tmpl                    |  4 +--
 templates/password-collection.tmpl    |  4 +--
 templates/post.tmpl                   |  4 +--
 templates/user/admin/view-user.tmpl   | 10 +++----
 templates/user/articles.tmpl          |  4 +--
 templates/user/collection.tmpl        |  4 +--
 templates/user/collections.tmpl       |  4 +--
 templates/user/include/silenced.tmpl  |  5 ++++
 templates/user/include/suspended.tmpl |  5 ----
 templates/user/settings.tmpl          |  4 +--
 templates/user/stats.tmpl             |  4 +--
 webfinger.go                          |  6 ++---
 29 files changed, 132 insertions(+), 132 deletions(-)
 create mode 100644 templates/user/include/silenced.tmpl
 delete mode 100644 templates/user/include/suspended.tmpl

diff --git a/account.go b/account.go
index c41f24d..d86c9f9 100644
--- a/account.go
+++ b/account.go
@@ -750,7 +750,7 @@ func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		log.Error("unable to fetch collections: %v", err)
 	}
 
-	suspended, err := app.db.IsUserSuspended(u.ID)
+	silenced, err := app.db.IsUserSilenced(u.ID)
 	if err != nil {
 		log.Error("view articles: %v", err)
 	}
@@ -758,12 +758,12 @@ func viewArticles(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		*UserPage
 		AnonymousPosts *[]PublicPost
 		Collections    *[]Collection
-		Suspended      bool
+		Silenced       bool
 	}{
 		UserPage:       NewUserPage(app, r, u, u.Username+"'s Posts", f),
 		AnonymousPosts: p,
 		Collections:    c,
-		Suspended:      suspended,
+		Silenced:       silenced,
 	}
 	d.UserPage.SetMessaging(u)
 	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
@@ -785,7 +785,7 @@ func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request)
 	uc, _ := app.db.GetUserCollectionCount(u.ID)
 	// TODO: handle any errors
 
-	suspended, err := app.db.IsUserSuspended(u.ID)
+	silenced, err := app.db.IsUserSilenced(u.ID)
 	if err != nil {
 		log.Error("view collections %v", err)
 		return fmt.Errorf("view collections: %v", err)
@@ -797,13 +797,13 @@ func viewCollections(app *App, u *User, w http.ResponseWriter, r *http.Request)
 		UsedCollections, TotalCollections int
 
 		NewBlogsDisabled bool
-		Suspended        bool
+		Silenced         bool
 	}{
 		UserPage:         NewUserPage(app, r, u, u.Username+"'s Blogs", f),
 		Collections:      c,
 		UsedCollections:  int(uc),
 		NewBlogsDisabled: !app.cfg.App.CanCreateBlogs(uc),
-		Suspended:        suspended,
+		Silenced:         silenced,
 	}
 	d.UserPage.SetMessaging(u)
 	showUserPage(w, "collections", d)
@@ -821,7 +821,7 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques
 		return ErrCollectionNotFound
 	}
 
-	suspended, err := app.db.IsUserSuspended(u.ID)
+	silenced, err := app.db.IsUserSilenced(u.ID)
 	if err != nil {
 		log.Error("view edit collection %v", err)
 		return fmt.Errorf("view edit collection: %v", err)
@@ -830,11 +830,11 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques
 	obj := struct {
 		*UserPage
 		*Collection
-		Suspended bool
+		Silenced bool
 	}{
 		UserPage:   NewUserPage(app, r, u, "Edit "+c.DisplayTitle(), flashes),
 		Collection: c,
-		Suspended:  suspended,
+		Silenced:   silenced,
 	}
 
 	showUserPage(w, "collection", obj)
@@ -996,7 +996,7 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
 		titleStats = c.DisplayTitle() + " "
 	}
 
-	suspended, err := app.db.IsUserSuspended(u.ID)
+	silenced, err := app.db.IsUserSilenced(u.ID)
 	if err != nil {
 		log.Error("view stats: %v", err)
 		return err
@@ -1007,13 +1007,13 @@ func viewStats(app *App, u *User, w http.ResponseWriter, r *http.Request) error
 		Collection  *Collection
 		TopPosts    *[]PublicPost
 		APFollowers int
-		Suspended   bool
+		Silenced    bool
 	}{
 		UserPage:   NewUserPage(app, r, u, titleStats+"Stats", flashes),
 		VisitsBlog: alias,
 		Collection: c,
 		TopPosts:   topPosts,
-		Suspended:  suspended,
+		Silenced:   silenced,
 	}
 	if app.cfg.App.Federation {
 		folls, err := app.db.GetAPFollowers(c)
@@ -1044,16 +1044,16 @@ func viewSettings(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 
 	obj := struct {
 		*UserPage
-		Email     string
-		HasPass   bool
-		IsLogOut  bool
-		Suspended bool
+		Email    string
+		HasPass  bool
+		IsLogOut bool
+		Silenced bool
 	}{
-		UserPage:  NewUserPage(app, r, u, "Account Settings", flashes),
-		Email:     fullUser.EmailClear(app.keys),
-		HasPass:   passIsSet,
-		IsLogOut:  r.FormValue("logout") == "1",
-		Suspended: fullUser.IsSilenced(),
+		UserPage: NewUserPage(app, r, u, "Account Settings", flashes),
+		Email:    fullUser.EmailClear(app.keys),
+		HasPass:  passIsSet,
+		IsLogOut: r.FormValue("logout") == "1",
+		Silenced: fullUser.IsSilenced(),
 	}
 
 	showUserPage(w, "settings", obj)
diff --git a/activitypub.go b/activitypub.go
index a18a636..329ec8d 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -80,12 +80,12 @@ func handleFetchCollectionActivities(app *App, w http.ResponseWriter, r *http.Re
 	if err != nil {
 		return err
 	}
-	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	silenced, err := app.db.IsUserSilenced(c.OwnerID)
 	if err != nil {
 		log.Error("fetch collection activities: %v", err)
 		return ErrInternalGeneral
 	}
-	if suspended {
+	if silenced {
 		return ErrCollectionNotFound
 	}
 	c.hostName = app.cfg.App.Host
@@ -113,12 +113,12 @@ func handleFetchCollectionOutbox(app *App, w http.ResponseWriter, r *http.Reques
 	if err != nil {
 		return err
 	}
-	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	silenced, err := app.db.IsUserSilenced(c.OwnerID)
 	if err != nil {
 		log.Error("fetch collection outbox: %v", err)
 		return ErrInternalGeneral
 	}
-	if suspended {
+	if silenced {
 		return ErrCollectionNotFound
 	}
 	c.hostName = app.cfg.App.Host
@@ -174,12 +174,12 @@ func handleFetchCollectionFollowers(app *App, w http.ResponseWriter, r *http.Req
 	if err != nil {
 		return err
 	}
-	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	silenced, err := app.db.IsUserSilenced(c.OwnerID)
 	if err != nil {
 		log.Error("fetch collection followers: %v", err)
 		return ErrInternalGeneral
 	}
-	if suspended {
+	if silenced {
 		return ErrCollectionNotFound
 	}
 	c.hostName = app.cfg.App.Host
@@ -228,12 +228,12 @@ func handleFetchCollectionFollowing(app *App, w http.ResponseWriter, r *http.Req
 	if err != nil {
 		return err
 	}
-	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	silenced, err := app.db.IsUserSilenced(c.OwnerID)
 	if err != nil {
 		log.Error("fetch collection following: %v", err)
 		return ErrInternalGeneral
 	}
-	if suspended {
+	if silenced {
 		return ErrCollectionNotFound
 	}
 	c.hostName = app.cfg.App.Host
@@ -270,12 +270,12 @@ func handleFetchCollectionInbox(app *App, w http.ResponseWriter, r *http.Request
 		// TODO: return Reject?
 		return err
 	}
-	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	silenced, err := app.db.IsUserSilenced(c.OwnerID)
 	if err != nil {
 		log.Error("fetch collection inbox: %v", err)
 		return ErrInternalGeneral
 	}
-	if suspended {
+	if silenced {
 		return ErrCollectionNotFound
 	}
 	c.hostName = app.cfg.App.Host
diff --git a/admin.go b/admin.go
index ebb4225..b4490e3 100644
--- a/admin.go
+++ b/admin.go
@@ -259,7 +259,7 @@ func handleAdminToggleUserStatus(app *App, u *User, w http.ResponseWriter, r *ht
 		err = app.db.SetUserStatus(user.ID, UserSilenced)
 	}
 	if err != nil {
-		log.Error("toggle user suspended: %v", err)
+		log.Error("toggle user silenced: %v", err)
 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not toggle user status: %v")}
 	}
 	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s#status", username)}
diff --git a/collections.go b/collections.go
index 54ddc8a..2dc94fc 100644
--- a/collections.go
+++ b/collections.go
@@ -71,7 +71,7 @@ type (
 		CurrentPage int
 		TotalPages  int
 		Format      *CollectionFormat
-		Suspended   bool
+		Silenced    bool
 	}
 	SubmittedCollection struct {
 		// Data used for updating a given collection
@@ -397,13 +397,13 @@ func newCollection(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 		userID = u.ID
 	}
-	suspended, err := app.db.IsUserSuspended(userID)
+	silenced, err := app.db.IsUserSilenced(userID)
 	if err != nil {
 		log.Error("new collection: %v", err)
 		return ErrInternalGeneral
 	}
-	if suspended {
-		return ErrUserSuspended
+	if silenced {
+		return ErrUserSilenced
 	}
 
 	if !author.IsValidUsername(app.cfg, c.Alias) {
@@ -487,7 +487,7 @@ func fetchCollection(app *App, w http.ResponseWriter, r *http.Request) error {
 			res.Owner = u
 		}
 	}
-	// TODO: check suspended
+	// TODO: check status for silenced
 	app.db.GetPostsCount(res, isCollOwner)
 	// Strip non-public information
 	res.Collection.ForPublic()
@@ -738,7 +738,7 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 	}
 	c.hostName = app.cfg.App.Host
 
-	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	silenced, err := app.db.IsUserSilenced(c.OwnerID)
 	if err != nil {
 		log.Error("view collection: %v", err)
 		return ErrInternalGeneral
@@ -800,10 +800,10 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
 			log.Error("Error getting user for collection: %v", err)
 		}
 	}
-	if !isOwner && suspended {
+	if !isOwner && silenced {
 		return ErrCollectionNotFound
 	}
-	displayPage.Suspended = isOwner && suspended
+	displayPage.Silenced = isOwner && silenced
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 
@@ -909,7 +909,7 @@ func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) e
 	if !isOwner && u.IsSilenced() {
 		return ErrCollectionNotFound
 	}
-	displayPage.Suspended = u.IsSilenced()
+	displayPage.Silenced = u.IsSilenced()
 	displayPage.Owner = owner
 	coll.Owner = displayPage.Owner
 	// Add more data
@@ -963,14 +963,14 @@ func existingCollection(app *App, w http.ResponseWriter, r *http.Request) error
 		}
 	}
 
-	suspended, err := app.db.IsUserSuspended(u.ID)
+	silenced, err := app.db.IsUserSilenced(u.ID)
 	if err != nil {
 		log.Error("existing collection: %v", err)
 		return ErrInternalGeneral
 	}
 
-	if suspended {
-		return ErrUserSuspended
+	if silenced {
+		return ErrUserSilenced
 	}
 
 	if r.Method == "DELETE" {
diff --git a/database.go b/database.go
index d78d888..f4d3ca8 100644
--- a/database.go
+++ b/database.go
@@ -308,18 +308,18 @@ func (db *datastore) GetUserByID(id int64) (*User, error) {
 	return u, nil
 }
 
-// IsUserSuspended returns true if the user account associated with id is
-// currently suspended.
-func (db *datastore) IsUserSuspended(id int64) (bool, error) {
+// IsUserSilenced returns true if the user account associated with id is
+// currently silenced.
+func (db *datastore) IsUserSilenced(id int64) (bool, error) {
 	u := &User{ID: id}
 
 	err := db.QueryRow("SELECT status FROM users WHERE id = ?", id).Scan(&u.Status)
 	switch {
 	case err == sql.ErrNoRows:
-		return false, fmt.Errorf("is user suspended: %v", ErrUserNotFound)
+		return false, fmt.Errorf("is user silenced: %v", ErrUserNotFound)
 	case err != nil:
-		log.Error("Couldn't SELECT user password: %v", err)
-		return false, fmt.Errorf("is user suspended: %v", err)
+		log.Error("Couldn't SELECT user status: %v", err)
+		return false, fmt.Errorf("is user silenced: %v", err)
 	}
 
 	return u.IsSilenced(), nil
diff --git a/errors.go b/errors.go
index c0d435c..3c3aa11 100644
--- a/errors.go
+++ b/errors.go
@@ -48,7 +48,7 @@ var (
 	ErrUserNotFound      = impart.HTTPError{http.StatusNotFound, "User doesn't exist."}
 	ErrUserNotFoundEmail = impart.HTTPError{http.StatusNotFound, "Please enter your username instead of your email address."}
 
-	ErrUserSuspended = impart.HTTPError{http.StatusForbidden, "Account is silenced."}
+	ErrUserSilenced = impart.HTTPError{http.StatusForbidden, "Account is silenced."}
 )
 
 // Post operation errors
diff --git a/feed.go b/feed.go
index 44bb331..4e1f612 100644
--- a/feed.go
+++ b/feed.go
@@ -36,12 +36,12 @@ func ViewFeed(app *App, w http.ResponseWriter, req *http.Request) error {
 		return nil
 	}
 
-	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	silenced, err := app.db.IsUserSilenced(c.OwnerID)
 	if err != nil {
 		log.Error("view feed: get user: %v", err)
 		return ErrInternalGeneral
 	}
-	if suspended {
+	if silenced {
 		return ErrCollectionNotFound
 	}
 	c.hostName = app.cfg.App.Host
diff --git a/invites.go b/invites.go
index 1dba7bd..dc6fc89 100644
--- a/invites.go
+++ b/invites.go
@@ -79,7 +79,7 @@ func handleCreateUserInvite(app *App, u *User, w http.ResponseWriter, r *http.Re
 	expVal := r.FormValue("expires")
 
 	if u.IsSilenced() {
-		return ErrUserSuspended
+		return ErrUserSilenced
 	}
 
 	var err error
diff --git a/pad.go b/pad.go
index 37d1c9b..361428e 100644
--- a/pad.go
+++ b/pad.go
@@ -35,10 +35,10 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
 	}
 	appData := &struct {
 		page.StaticPage
-		Post      *RawPost
-		User      *User
-		Blogs     *[]Collection
-		Suspended bool
+		Post     *RawPost
+		User     *User
+		Blogs    *[]Collection
+		Silenced bool
 
 		Editing        bool        // True if we're modifying an existing post
 		EditCollection *Collection // Collection of the post we're editing, if any
@@ -53,9 +53,9 @@ func handleViewPad(app *App, w http.ResponseWriter, r *http.Request) error {
 		if err != nil {
 			log.Error("Unable to get user's blogs for Pad: %v", err)
 		}
-		appData.Suspended, err = app.db.IsUserSuspended(appData.User.ID)
+		appData.Silenced, err = app.db.IsUserSilenced(appData.User.ID)
 		if err != nil {
-			log.Error("Unable to get users suspension status for Pad: %v", err)
+			log.Error("Unable to get user status for Pad: %v", err)
 		}
 	}
 
@@ -126,16 +126,16 @@ func handleViewMeta(app *App, w http.ResponseWriter, r *http.Request) error {
 		EditCollection *Collection // Collection of the post we're editing, if any
 		Flashes        []string
 		NeedsToken     bool
-		Suspended      bool
+		Silenced       bool
 	}{
 		StaticPage: pageForReq(app, r),
 		Post:       &RawPost{Font: "norm"},
 		User:       getUserSession(app, r),
 	}
 	var err error
-	appData.Suspended, err = app.db.IsUserSuspended(appData.User.ID)
+	appData.Silenced, err = app.db.IsUserSilenced(appData.User.ID)
 	if err != nil {
-		log.Error("view meta: get user suspended status: %v", err)
+		log.Error("view meta: get user status: %v", err)
 		return ErrInternalGeneral
 	}
 
diff --git a/posts.go b/posts.go
index 2a6fe74..56fd47b 100644
--- a/posts.go
+++ b/posts.go
@@ -381,7 +381,7 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
-	suspended, err := app.db.IsUserSuspended(ownerID.Int64)
+	silenced, err := app.db.IsUserSilenced(ownerID.Int64)
 	if err != nil {
 		log.Error("view post: %v", err)
 		return ErrInternalGeneral
@@ -434,10 +434,10 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		page := struct {
 			*AnonymousPost
 			page.StaticPage
-			Username  string
-			IsOwner   bool
-			SiteURL   string
-			Suspended bool
+			Username string
+			IsOwner  bool
+			SiteURL  string
+			Silenced bool
 		}{
 			AnonymousPost: post,
 			StaticPage:    pageForReq(app, r),
@@ -448,10 +448,10 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 			page.IsOwner = ownerID.Valid && ownerID.Int64 == u.ID
 		}
 
-		if !page.IsOwner && suspended {
+		if !page.IsOwner && silenced {
 			return ErrPostNotFound
 		}
-		page.Suspended = suspended
+		page.Silenced = silenced
 		err = templates["post"].ExecuteTemplate(w, "post", page)
 		if err != nil {
 			log.Error("Post template execute error: %v", err)
@@ -508,13 +508,13 @@ func newPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	} else {
 		userID = app.db.GetUserID(accessToken)
 	}
-	suspended, err := app.db.IsUserSuspended(userID)
+	silenced, err := app.db.IsUserSilenced(userID)
 	if err != nil {
 		log.Error("new post: %v", err)
 		return ErrInternalGeneral
 	}
-	if suspended {
-		return ErrUserSuspended
+	if silenced {
+		return ErrUserSilenced
 	}
 
 	if userID == -1 {
@@ -682,13 +682,13 @@ func existingPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		}
 	}
 
-	suspended, err := app.db.IsUserSuspended(userID)
+	silenced, err := app.db.IsUserSilenced(userID)
 	if err != nil {
 		log.Error("existing post: %v", err)
 		return ErrInternalGeneral
 	}
-	if suspended {
-		return ErrUserSuspended
+	if silenced {
+		return ErrUserSilenced
 	}
 
 	// Modify post struct
@@ -885,13 +885,13 @@ func addPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		ownerID = u.ID
 	}
 
-	suspended, err := app.db.IsUserSuspended(ownerID)
+	silenced, err := app.db.IsUserSilenced(ownerID)
 	if err != nil {
 		log.Error("add post: %v", err)
 		return ErrInternalGeneral
 	}
-	if suspended {
-		return ErrUserSuspended
+	if silenced {
+		return ErrUserSilenced
 	}
 
 	// Parse claimed posts in format:
@@ -988,13 +988,13 @@ func pinPost(app *App, w http.ResponseWriter, r *http.Request) error {
 		userID = u.ID
 	}
 
-	suspended, err := app.db.IsUserSuspended(userID)
+	silenced, err := app.db.IsUserSilenced(userID)
 	if err != nil {
 		log.Error("pin post: %v", err)
 		return ErrInternalGeneral
 	}
-	if suspended {
-		return ErrUserSuspended
+	if silenced {
+		return ErrUserSilenced
 	}
 
 	// Parse request
@@ -1062,13 +1062,13 @@ func fetchPost(app *App, w http.ResponseWriter, r *http.Request) error {
 	if err != nil {
 		return err
 	}
-	suspended, err := app.db.IsUserSuspended(ownerID)
+	silenced, err := app.db.IsUserSilenced(ownerID)
 	if err != nil {
 		log.Error("fetch post: %v", err)
 		return ErrInternalGeneral
 	}
 
-	if suspended {
+	if silenced {
 		return ErrPostNotFound
 	}
 
@@ -1332,7 +1332,7 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
 	}
 	c.hostName = app.cfg.App.Host
 
-	suspended, err := app.db.IsUserSuspended(c.OwnerID)
+	silenced, err := app.db.IsUserSilenced(c.OwnerID)
 	if err != nil {
 		log.Error("view collection post: %v", err)
 		return ErrInternalGeneral
@@ -1394,7 +1394,7 @@ Are you sure it was ever here?`,
 	p.Collection = coll
 	p.IsTopLevel = app.cfg.App.SingleUser
 
-	if !p.IsOwner && suspended {
+	if !p.IsOwner && silenced {
 		return ErrPostNotFound
 	}
 	// Check if post has been unpublished
@@ -1446,14 +1446,14 @@ Are you sure it was ever here?`,
 			IsFound        bool
 			IsAdmin        bool
 			CanInvite      bool
-			Suspended      bool
+			Silenced       bool
 		}{
 			PublicPost:     p,
 			StaticPage:     pageForReq(app, r),
 			IsOwner:        cr.isCollOwner,
 			IsCustomDomain: cr.isCustomDomain,
 			IsFound:        postFound,
-			Suspended:      suspended,
+			Silenced:       silenced,
 		}
 		tp.IsAdmin = u != nil && u.IsAdmin()
 		tp.CanInvite = canUserInvite(app.cfg, tp.IsAdmin)
diff --git a/templates.go b/templates.go
index 968845d..c15c79b 100644
--- a/templates.go
+++ b/templates.go
@@ -64,7 +64,7 @@ func initTemplate(parentDir, name string) {
 		filepath.Join(parentDir, templatesDir, name+".tmpl"),
 		filepath.Join(parentDir, templatesDir, "include", "footer.tmpl"),
 		filepath.Join(parentDir, templatesDir, "base.tmpl"),
-		filepath.Join(parentDir, templatesDir, "user", "include", "suspended.tmpl"),
+		filepath.Join(parentDir, templatesDir, "user", "include", "silenced.tmpl"),
 	}
 	if name == "collection" || name == "collection-tags" || name == "chorus-collection" {
 		// These pages list out collection posts, so we also parse templatesDir + "include/posts.tmpl"
@@ -88,7 +88,7 @@ func initPage(parentDir, path, key string) {
 		path,
 		filepath.Join(parentDir, templatesDir, "include", "footer.tmpl"),
 		filepath.Join(parentDir, templatesDir, "base.tmpl"),
-		filepath.Join(parentDir, templatesDir, "user", "include", "suspended.tmpl"),
+		filepath.Join(parentDir, templatesDir, "user", "include", "silenced.tmpl"),
 	))
 }
 
@@ -101,7 +101,7 @@ func initUserPage(parentDir, path, key string) {
 		path,
 		filepath.Join(parentDir, templatesDir, "user", "include", "header.tmpl"),
 		filepath.Join(parentDir, templatesDir, "user", "include", "footer.tmpl"),
-		filepath.Join(parentDir, templatesDir, "user", "include", "suspended.tmpl"),
+		filepath.Join(parentDir, templatesDir, "user", "include", "silenced.tmpl"),
 	))
 }
 
diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index a6b6102..8667ce8 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -65,8 +65,8 @@ article time.dt-published {
 
 		{{template "user-navigation" .}}
 		
-		{{if .Suspended}}
-			{{template "user-suspended"}}
+		{{if .Silenced}}
+			{{template "user-silenced"}}
 		{{end}}
 		<article id="post-body" class="{{.Font}} h-entry">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name">{{.FormattedDisplayTitle}}</h2>{{end}}{{/* TODO: check format: if .Collection.Format.ShowDates*/}}<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time><div class="e-content">{{.HTMLContent}}</div></article>
 
diff --git a/templates/chorus-collection.tmpl b/templates/chorus-collection.tmpl
index 504e54f..99f3078 100644
--- a/templates/chorus-collection.tmpl
+++ b/templates/chorus-collection.tmpl
@@ -61,8 +61,8 @@ body#collection header nav.tabs a:first-child {
 	<body id="collection" itemscope itemtype="http://schema.org/WebPage">
 		{{template "user-navigation" .}}
 		
-		{{if .Suspended}}
-			{{template "user-suspended"}}
+		{{if .Silenced}}
+			{{template "user-silenced"}}
 		{{end}}
 		<header>
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="/{{if .IsTopLevel}}{{else}}{{.Prefix}}{{.Alias}}/{{end}}" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index e24c6dd..a61b56f 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -59,8 +59,8 @@
 			</nav>
 		</header>
 		
-		{{if .Suspended}}
-			{{template "user-suspended"}}
+		{{if .Silenced}}
+			{{template "user-silenced"}}
 		{{end}}
 		<article id="post-body" class="{{.Font}} h-entry {{if not .IsFound}}error-page{{end}}">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name">{{.FormattedDisplayTitle}}</h2>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
 
diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl
index 2618f3d..143c856 100644
--- a/templates/collection-tags.tmpl
+++ b/templates/collection-tags.tmpl
@@ -53,8 +53,8 @@
 			</nav>
 		</header>
 		
-		{{if .Suspended}}
-			{{template "user-suspended"}}
+		{{if .Silenced}}
+			{{template "user-silenced"}}
 		{{end}}
 		{{if .Posts}}<section id="wrapper" itemscope itemtype="http://schema.org/Blog">{{else}}<div id="wrapper">{{end}}
 			<h1>{{.Tag}}</h1>
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 47dc24d..d8bc349 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -62,8 +62,8 @@
 		</ul></nav>{{end}}
 		
 		<header>
-		{{if .Suspended}}
-			{{template "user-suspended"}}
+		{{if .Silenced}}
+			{{template "user-silenced"}}
 		{{end}}
 		<h1 dir="{{.Direction}}" id="blog-title">{{if .Posts}}{{else}}<span class="writeas-prefix"><a href="/">write.as</a></span> {{end}}<a href="/{{if .IsTopLevel}}{{else}}{{.Prefix}}{{.Alias}}/{{end}}" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
 		{{if .Description}}<p class="description p-note">{{.Description}}</p>{{end}}
diff --git a/templates/edit-meta.tmpl b/templates/edit-meta.tmpl
index 6707e68..c42d112 100644
--- a/templates/edit-meta.tmpl
+++ b/templates/edit-meta.tmpl
@@ -269,8 +269,8 @@
 		<script src="/js/h.js"></script>
 		<script>
 function updateMeta() {
-	if ({{.Suspended}}) {
-		alert('Your account is currently supsended, editing posts is disabled.');
+	if ({{.Silenced}}) {
+		alert('Your account is currently silenced, editing posts is disabled.');
 		return
 	}
 	document.getElementById('create-error').style.display = 'none';
diff --git a/templates/pad.tmpl b/templates/pad.tmpl
index a8fca98..d55c549 100644
--- a/templates/pad.tmpl
+++ b/templates/pad.tmpl
@@ -131,9 +131,9 @@
 		{{else}}var canPublish = true;{{end}}
 		var publishing = false;
 		var justPublished = false;
-		var suspended = {{.Suspended}};
+		var silenced = {{.Silenced}};
 		var publish = function(content, font) {
-			if (suspended === true) {
+			if (silenced === true) {
 				alert("Your account is silenced, so you can't publish or update posts.");
 				return;
 			}
diff --git a/templates/password-collection.tmpl b/templates/password-collection.tmpl
index 73c4465..79d4ccf 100644
--- a/templates/password-collection.tmpl
+++ b/templates/password-collection.tmpl
@@ -25,8 +25,8 @@
 
 	</head>
 	<body id="collection" itemscope itemtype="http://schema.org/WebPage">
-		{{if .Suspended}}
-			{{template "user-supsended"}}
+		{{if .Silenced}}
+			{{template "user-silenced"}}
 		{{end}}
 		<header>
 		<h1 dir="{{.Direction}}" id="blog-title"><a href="/{{.Alias}}/" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
diff --git a/templates/post.tmpl b/templates/post.tmpl
index 52d53a9..e9edfed 100644
--- a/templates/post.tmpl
+++ b/templates/post.tmpl
@@ -49,8 +49,8 @@
 			</nav>
 		</header>
 
-		{{if .Suspended}}
-			{{template "user-suspended"}}
+		{{if .Silenced}}
+			{{template "user-silenced"}}
 		{{end}}
 		
 		<article class="{{.Font}} h-entry">{{if .Title}}<h2 id="title" class="p-name">{{.Title}}</h2>{{end}}{{ if .IsPlainText }}<p id="post-body" class="e-content">{{.Content}}</p>{{ else }}<div id="post-body" class="e-content">{{.HTMLContent}}</div>{{ end }}</article>
diff --git a/templates/user/admin/view-user.tmpl b/templates/user/admin/view-user.tmpl
index 7a7446c..8e5d87b 100644
--- a/templates/user/admin/view-user.tmpl
+++ b/templates/user/admin/view-user.tmpl
@@ -7,21 +7,21 @@ table.classy th {
 h3 {
 	font-weight: normal;
 }
-td.active-suspend {
+td.active-silence {
 	display: flex;
 	align-items: center;
 }
 
-td.active-suspend > input[type="submit"] {
+td.active-silence > input[type="submit"] {
 	margin-left: auto;
 	margin-right: 5%;
 }
 
 @media only screen and (max-width: 500px) {
-	td.active-suspend {
+	td.active-silence {
 		flex-wrap: wrap;
 	}
-	td.active-suspend > input[type="submit"] {
+	td.active-silence > input[type="submit"] {
 		margin: auto;
 	}
 }
@@ -73,7 +73,7 @@ input.copy-text {
 			<form action="/admin/user/{{.User.Username}}/status" method="POST" {{if not .User.IsSilenced}}onsubmit="return confirmSilence()"{{end}}>
 				<a id="status"/>
 				<th>Status</th>
-				<td class="active-suspend">
+				<td class="active-silence">
 				{{if .User.IsSilenced}}
 					<p>Silenced</p>
 					<input type="submit" value="Unsilence"/>
diff --git a/templates/user/articles.tmpl b/templates/user/articles.tmpl
index 3edb89c..55d7b8d 100644
--- a/templates/user/articles.tmpl
+++ b/templates/user/articles.tmpl
@@ -6,8 +6,8 @@
 {{if .Flashes}}<ul class="errors">
 	{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 </ul>{{end}}
-{{if .Suspended}}
-	{{template "user-suspended"}}
+{{if .Silenced}}
+	{{template "user-silenced"}}
 {{end}}
 
 <h2 id="posts-header">drafts</h2>
diff --git a/templates/user/collection.tmpl b/templates/user/collection.tmpl
index edd06c1..5afe421 100644
--- a/templates/user/collection.tmpl
+++ b/templates/user/collection.tmpl
@@ -8,8 +8,8 @@
 <div class="content-container snug">
 	<div id="overlay"></div>
 
-	{{if .Suspended}}
-		{{template "user-suspended"}}
+	{{if .Silenced}}
+		{{template "user-silenced"}}
 	{{end}}
 	<h2>Customize {{.DisplayTitle}} <a href="{{if .SingleUser}}/{{else}}/{{.Alias}}/{{end}}">view blog</a></h2>
 
diff --git a/templates/user/collections.tmpl b/templates/user/collections.tmpl
index 7f6e83c..da68dcc 100644
--- a/templates/user/collections.tmpl
+++ b/templates/user/collections.tmpl
@@ -7,8 +7,8 @@
 	{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
 </ul>{{end}}
 
-{{if .Suspended}}
-	{{template "user-suspended"}}
+{{if .Silenced}}
+	{{template "user-silenced"}}
 {{end}}
 <h2>blogs</h2>
 <ul class="atoms collections">
diff --git a/templates/user/include/silenced.tmpl b/templates/user/include/silenced.tmpl
new file mode 100644
index 0000000..3b2f3dc
--- /dev/null
+++ b/templates/user/include/silenced.tmpl
@@ -0,0 +1,5 @@
+{{define "user-silenced"}}
+<div class="alert info">
+	<p><strong>Your account has been silenced.</strong> You can still access all of your posts and blogs, but no one else can currently see them.</p>
+</div>
+{{end}}
diff --git a/templates/user/include/suspended.tmpl b/templates/user/include/suspended.tmpl
deleted file mode 100644
index 76906de..0000000
--- a/templates/user/include/suspended.tmpl
+++ /dev/null
@@ -1,5 +0,0 @@
-{{define "user-suspended"}}
-<div class="alert info">
-	<p><strong>Your account has been silenced.</strong> You can still access all of your posts and blogs, but no one else can currently see them.</p>
-</div>
-{{end}}
diff --git a/templates/user/settings.tmpl b/templates/user/settings.tmpl
index d5cc33d..ab60705 100644
--- a/templates/user/settings.tmpl
+++ b/templates/user/settings.tmpl
@@ -7,8 +7,8 @@ h3 { font-weight: normal; }
 .section > *:not(input) { font-size: 0.86em; }
 </style>
 <div class="content-container snug regular">
-	{{if .Suspended}}
-		{{template "user-suspended"}}
+	{{if .Silenced}}
+		{{template "user-silenced"}}
 	{{end}}
 	<h2>{{if .IsLogOut}}Before you go...{{else}}Account Settings {{if .IsAdmin}}<a href="/admin">admin settings</a>{{end}}{{end}}</h2>
 	{{if .Flashes}}<ul class="errors">
diff --git a/templates/user/stats.tmpl b/templates/user/stats.tmpl
index 705f1e0..19cc33b 100644
--- a/templates/user/stats.tmpl
+++ b/templates/user/stats.tmpl
@@ -17,8 +17,8 @@ td.none {
 </style>
 
 <div class="content-container snug">
-	{{if .Suspended}}
-		{{template "user-suspended"}}
+	{{if .Silenced}}
+		{{template "user-silenced"}}
 	{{end}}
 	<h2 id="posts-header">{{if .Collection}}{{.Collection.DisplayTitle}} {{end}}Stats</h2>
 
diff --git a/webfinger.go b/webfinger.go
index 19116c6..bab5e71 100644
--- a/webfinger.go
+++ b/webfinger.go
@@ -38,12 +38,12 @@ func (wfr wfResolver) FindUser(username string, host, requestHost string, r []we
 		log.Error("Unable to get blog: %v", err)
 		return nil, err
 	}
-	suspended, err := wfr.db.IsUserSuspended(c.OwnerID)
+	silenced, err := wfr.db.IsUserSilenced(c.OwnerID)
 	if err != nil {
-		log.Error("webfinger find user: check is suspended: %v", err)
+		log.Error("webfinger find user: check is silenced: %v", err)
 		return nil, err
 	}
-	if suspended {
+	if silenced {
 		return nil, wfUserNotFoundErr
 	}
 	c.hostName = wfr.cfg.App.Host

From bbb7b281109dbdbac239c29b8c2d3ecb9e550f77 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Tue, 26 Nov 2019 13:32:33 -0500
Subject: [PATCH 18/69] Bump Travis build to Go 1.12

This fixes the `undefined: strings.ReplaceAll` build error.
---
 .travis.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.travis.yml b/.travis.yml
index 1e58d6b..c2ebadb 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,7 +1,7 @@
 language: go
 
 go:
-  - "1.11.x"
+  - "1.12.x"
 
 env:
   - GO111MODULE=on

From 181af8c5c8bd07a06359ff375e9e335e9d6db602 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 27 Nov 2019 16:37:52 -0500
Subject: [PATCH 19/69] Update httpsig and activityserve

This fixes activityserve crashes caused by mentioning WriteFreely
instances.
---
 go.mod | 6 ++----
 go.sum | 6 ++++++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/go.mod b/go.mod
index 5ac4a8b..9c02895 100644
--- a/go.mod
+++ b/go.mod
@@ -9,6 +9,7 @@ require (
 	github.com/dchest/uniuri v0.0.0-20160212164326-8902c56451e9 // indirect
 	github.com/dustin/go-humanize v1.0.0
 	github.com/fatih/color v1.7.0
+	github.com/go-fed/httpsig v0.1.1-0.20190924171022-f4c36041199d // indirect
 	github.com/go-sql-driver/mysql v1.4.1
 	github.com/go-test/deep v1.0.1 // indirect
 	github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
@@ -33,19 +34,17 @@ require (
 	github.com/pelletier/go-toml v1.2.0 // indirect
 	github.com/pkg/errors v0.8.1 // indirect
 	github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be // indirect
-	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
 	github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 // indirect
 	github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c // indirect
 	github.com/stretchr/testify v1.3.0 // indirect
 	github.com/writeas/activity v0.1.2
-	github.com/writeas/activityserve v0.0.0-20191011072627-3a81f7784d5b
+	github.com/writeas/activityserve v0.0.0-20191115095800-dd6d19cc8b89
 	github.com/writeas/go-strip-markdown v2.0.1+incompatible
 	github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2
 	github.com/writeas/httpsig v1.0.0
 	github.com/writeas/impart v1.1.0
 	github.com/writeas/monday v0.0.0-20181024183321-54a7dd579219
 	github.com/writeas/nerds v1.0.0
-	github.com/writeas/openssl-go v1.0.0 // indirect
 	github.com/writeas/saturday v1.7.1
 	github.com/writeas/slug v1.2.0
 	github.com/writeas/web-core v1.2.0
@@ -58,7 +57,6 @@ require (
 	google.golang.org/appengine v1.4.0 // indirect
 	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c // indirect
 	gopkg.in/ini.v1 v1.41.0
-	gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0 // indirect
 	gopkg.in/yaml.v2 v2.2.2 // indirect
 )
 
diff --git a/go.sum b/go.sum
index c8b46ff..abebe07 100644
--- a/go.sum
+++ b/go.sum
@@ -33,6 +33,8 @@ github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
 github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
 github.com/go-fed/httpsig v0.1.0 h1:6F2OxRVnNTN4OPN+Mc2jxs2WEay9/qiHT/jphlvAwIY=
 github.com/go-fed/httpsig v0.1.0/go.mod h1:T56HUNYZUQ1AGUzhAYPugZfp36sKApVnGBgKlIY+aIE=
+github.com/go-fed/httpsig v0.1.1-0.20190924171022-f4c36041199d h1:+uoOvOnNDgsYbWtAij4xP6Rgir3eJGjocFPxBJETU/U=
+github.com/go-fed/httpsig v0.1.1-0.20190924171022-f4c36041199d/go.mod h1:T56HUNYZUQ1AGUzhAYPugZfp36sKApVnGBgKlIY+aIE=
 github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
 github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
 github.com/go-test/deep v1.0.1 h1:UQhStjbkDClarlmv0am7OXXO4/GaPdCGiUiMTvi28sg=
@@ -124,6 +126,8 @@ github.com/writeas/activityserve v0.0.0-20191008122325-5fc3b48e70c5 h1:nG84xWpxB
 github.com/writeas/activityserve v0.0.0-20191008122325-5fc3b48e70c5/go.mod h1:Kz62mzYsCnrFTSTSFLXFj3fGYBQOntmBWTDDq57b46A=
 github.com/writeas/activityserve v0.0.0-20191011072627-3a81f7784d5b h1:rd2wX/bTqD55hxtBjAhwLcUgaQE36c70KX3NzpDAwVI=
 github.com/writeas/activityserve v0.0.0-20191011072627-3a81f7784d5b/go.mod h1:Kz62mzYsCnrFTSTSFLXFj3fGYBQOntmBWTDDq57b46A=
+github.com/writeas/activityserve v0.0.0-20191115095800-dd6d19cc8b89 h1:NJhzq9aTccL3SSSZMrcnYhkD6sObdY9otNZ1X6/ZKNE=
+github.com/writeas/activityserve v0.0.0-20191115095800-dd6d19cc8b89/go.mod h1:Kz62mzYsCnrFTSTSFLXFj3fGYBQOntmBWTDDq57b46A=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible h1:IIqxTM5Jr7RzhigcL6FkrCNfXkvbR+Nbu1ls48pXYcw=
 github.com/writeas/go-strip-markdown v2.0.1+incompatible/go.mod h1:Rsyu10ZhbEK9pXdk8V6MVnZmTzRG0alMNLMwa0J01fE=
 github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2 h1:DUsp4OhdfI+e6iUqcPQlwx8QYXuUDsToTz/x82D3Zuo=
@@ -138,6 +142,7 @@ github.com/writeas/nerds v1.0.0 h1:ZzRcCN+Sr3MWID7o/x1cr1ZbLvdpej9Y1/Ho+JKlqxo=
 github.com/writeas/nerds v1.0.0/go.mod h1:Gn2bHy1EwRcpXeB7ZhVmuUwiweK0e+JllNf66gvNLdU=
 github.com/writeas/openssl-go v1.0.0 h1:YXM1tDXeYOlTyJjoMlYLQH1xOloUimSR1WMF8kjFc5o=
 github.com/writeas/openssl-go v1.0.0/go.mod h1:WsKeK5jYl0B5y8ggOmtVjbmb+3rEGqSD25TppjJnETA=
+github.com/writeas/saturday v1.6.0/go.mod h1:ETE1EK6ogxptJpAgUbcJD0prAtX48bSloie80+tvnzQ=
 github.com/writeas/saturday v1.7.1 h1:lYo1EH6CYyrFObQoA9RNWHVlpZA5iYL5Opxo7PYAnZE=
 github.com/writeas/saturday v1.7.1/go.mod h1:ETE1EK6ogxptJpAgUbcJD0prAtX48bSloie80+tvnzQ=
 github.com/writeas/slug v1.2.0 h1:EMQ+cwLiOcA6EtFwUgyw3Ge18x9uflUnOnR6bp/J+/g=
@@ -150,6 +155,7 @@ github.com/writefreely/go-nodeinfo v1.2.0 h1:La+YbTCvmpTwFhBSlebWDDL81N88Qf/SCAv
 github.com/writefreely/go-nodeinfo v1.2.0/go.mod h1:UTvE78KpcjYOlRHupZIiSEFcXHioTXuacCbHU+CAcPg=
 golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59 h1:hk3yo72LXLapY9EXVttc3Z1rLOxT9IuAPPX3GpY2+jo=
 golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f h1:ETU2VEl7TnT5bl7IvuKEzTDpplg5wzGYsOCAPhdoEIg=
 golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=

From ae5bbd273d55cdf808ec23869f5f1400361a090f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 27 Nov 2019 17:54:17 -0500
Subject: [PATCH 20/69] Fix mention URL on multi-user instances

Previously, links would go to /user/mention:@me@this.tld instead of
/mention:@me@this.tld
---
 postrender.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/postrender.go b/postrender.go
index e31c462..0cd9f55 100644
--- a/postrender.go
+++ b/postrender.go
@@ -83,7 +83,7 @@ func applyMarkdownSpecial(data []byte, skipNoFollow bool, baseURL string, cfg *c
 			tagPrefix = "/read/t/"
 		}
 		md = []byte(hashtagReg.ReplaceAll(md, []byte("<a href=\""+tagPrefix+"$1\" class=\"hashtag\"><span>#</span><span class=\"p-category\">$1</span></a>")))
-		handlePrefix := baseURL + "mention:"
+		handlePrefix := "/mention:"
 		md = []byte(mentionReg.ReplaceAll(md, []byte("<a href=\""+handlePrefix+"$0\" class=\"mention\">$0</a>")))
 	}
 	// Strip out bad HTML

From f4c6ce76dd146a154363181e9e986785d3698b33 Mon Sep 17 00:00:00 2001
From: Matti R <matti@mdranta.net>
Date: Tue, 14 Jan 2020 11:55:55 -0500
Subject: [PATCH 21/69] Switch to a maintained fork of XGO

---
 Makefile | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/Makefile b/Makefile
index 782e680..7fd7b49 100644
--- a/Makefile
+++ b/Makefile
@@ -25,31 +25,31 @@ build-no-sqlite: assets-no-sqlite deps-no-sqlite
 
 build-linux: deps
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GOGET) -u github.com/karalabe/xgo; \
+		$(GOGET) -u src.techknowlogick.com/xgo; \
 	fi
 	xgo --targets=linux/amd64, -dest build/ $(LDFLAGS) -tags='sqlite' -out writefreely ./cmd/writefreely
 
 build-windows: deps
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GOGET) -u github.com/karalabe/xgo; \
+		$(GOGET) -u src.techknowlogick.com/xgo; \
 	fi
 	xgo --targets=windows/amd64, -dest build/ $(LDFLAGS) -tags='sqlite' -out writefreely ./cmd/writefreely
 
 build-darwin: deps
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GOGET) -u github.com/karalabe/xgo; \
+		$(GOGET) -u src.techknowlogick.com/xgo; \
 	fi
 	xgo --targets=darwin/amd64, -dest build/ $(LDFLAGS) -tags='sqlite' -out writefreely ./cmd/writefreely
 
 build-arm7: deps
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GOGET) -u github.com/karalabe/xgo; \
+		$(GOGET) -u src.techknowlogick.com/xgo; \
 	fi
 	xgo --targets=linux/arm-7, -dest build/ $(LDFLAGS) -tags='sqlite' -out writefreely ./cmd/writefreely
 
 build-arm64: deps
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GOGET) -u github.com/karalabe/xgo; \
+		$(GOGET) -u src.techknowlogick.com/xgo; \
 	fi
 	xgo --targets=linux/arm64, -dest build/ $(LDFLAGS) -tags='sqlite' -out writefreely ./cmd/writefreely
 
@@ -145,7 +145,7 @@ $(TMPBIN)/go-bindata: deps $(TMPBIN)
 	$(GOBUILD) -o $(TMPBIN)/go-bindata github.com/jteeuwen/go-bindata/go-bindata
 
 $(TMPBIN)/xgo: deps $(TMPBIN)
-	$(GOBUILD) -o $(TMPBIN)/xgo github.com/karalabe/xgo
+	$(GOBUILD) -o $(TMPBIN)/xgo src.techknowlogick.com/xgo
 
 ci-assets : $(TMPBIN)/go-bindata
 	$(TMPBIN)/go-bindata -pkg writefreely -ignore=\\.gitignore -tags="!wflib" schema.sql sqlite.sql

From 98ca449b664061e028f7526817973db1f512e6d2 Mon Sep 17 00:00:00 2001
From: Matti R <matti@mdranta.net>
Date: Tue, 14 Jan 2020 12:02:43 -0500
Subject: [PATCH 22/69] add arm-6

---
 Makefile | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/Makefile b/Makefile
index 7fd7b49..85f02d3 100644
--- a/Makefile
+++ b/Makefile
@@ -41,6 +41,12 @@ build-darwin: deps
 	fi
 	xgo --targets=darwin/amd64, -dest build/ $(LDFLAGS) -tags='sqlite' -out writefreely ./cmd/writefreely
 
+build-arm6: deps
+	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		$(GOGET) -u src.techknowlogick.com/xgo; \
+	fi
+	xgo --targets=linux/arm-6, -dest build/ $(LDFLAGS) -tags='sqlite' -out writefreely ./cmd/writefreely
+
 build-arm7: deps
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GOGET) -u src.techknowlogick.com/xgo; \
@@ -85,6 +91,10 @@ release : clean ui assets
 	mv build/$(BINARY_NAME)-linux-amd64 $(BUILDPATH)/$(BINARY_NAME)
 	tar -cvzf $(BINARY_NAME)_$(GITREV)_linux_amd64.tar.gz -C build $(BINARY_NAME)
 	rm $(BUILDPATH)/$(BINARY_NAME)
+	$(MAKE) build-arm6
+	mv build/$(BINARY_NAME)-linux-arm-6 $(BUILDPATH)/$(BINARY_NAME)
+	tar -cvzf $(BINARY_NAME)_$(GITREV)_linux_arm6.tar.gz -C build $(BINARY_NAME)
+	rm $(BUILDPATH)/$(BINARY_NAME)
 	$(MAKE) build-arm7
 	mv build/$(BINARY_NAME)-linux-arm-7 $(BUILDPATH)/$(BINARY_NAME)
 	tar -cvzf $(BINARY_NAME)_$(GITREV)_linux_arm7.tar.gz -C build $(BINARY_NAME)

From 80cffbb3ecb86dad02ff7f370835517c51123194 Mon Sep 17 00:00:00 2001
From: Matti R <matti@mdranta.net>
Date: Tue, 14 Jan 2020 12:46:52 -0500
Subject: [PATCH 23/69] update golang.org/x/crypto vendor to use acme v2 also
 run go mod tidy to clean up module files

---
 go.mod |  9 +++------
 go.sum | 17 +++++++++--------
 2 files changed, 12 insertions(+), 14 deletions(-)

diff --git a/go.mod b/go.mod
index 5c5e936..697fb68 100644
--- a/go.mod
+++ b/go.mod
@@ -19,7 +19,6 @@ require (
 	github.com/guregu/null v3.4.0+incompatible
 	github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2
 	github.com/jtolds/gls v4.2.1+incompatible // indirect
-	github.com/kr/pretty v0.1.0
 	github.com/kylemcc/twitter-text-go v0.0.0-20180726194232-7f582f6736ec
 	github.com/lunixbochs/vtclean v1.0.0 // indirect
 	github.com/manifoldco/promptui v0.3.2
@@ -30,7 +29,7 @@ require (
 	github.com/nicksnyder/go-i18n v1.10.0 // indirect
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
 	github.com/pelletier/go-toml v1.2.0 // indirect
-	github.com/pkg/errors v0.8.1
+	github.com/pkg/errors v0.8.1 // indirect
 	github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be // indirect
 	github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 // indirect
 	github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c // indirect
@@ -46,11 +45,9 @@ require (
 	github.com/writeas/slug v1.2.0
 	github.com/writeas/web-core v1.2.0
 	github.com/writefreely/go-nodeinfo v1.2.0
-	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f
+	golang.org/x/crypto v0.0.0-20200109152110-61a87790db17
 	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
-	golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 // indirect
-	golang.org/x/sys v0.0.0-20190209173611-3b5209105503 // indirect
-	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67
+	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67 // indirect
 	google.golang.org/appengine v1.4.0 // indirect
 	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c // indirect
 	gopkg.in/ini.v1 v1.41.0
diff --git a/go.sum b/go.sum
index 0c9d05d..25ced67 100644
--- a/go.sum
+++ b/go.sum
@@ -136,8 +136,6 @@ github.com/writeas/saturday v1.7.1 h1:lYo1EH6CYyrFObQoA9RNWHVlpZA5iYL5Opxo7PYAnZ
 github.com/writeas/saturday v1.7.1/go.mod h1:ETE1EK6ogxptJpAgUbcJD0prAtX48bSloie80+tvnzQ=
 github.com/writeas/slug v1.2.0 h1:EMQ+cwLiOcA6EtFwUgyw3Ge18x9uflUnOnR6bp/J+/g=
 github.com/writeas/slug v1.2.0/go.mod h1:RE8shOqQP3YhsfsQe0L3RnuejfQ4Mk+JjY5YJQFubfQ=
-github.com/writeas/web-core v1.0.0 h1:5VKkCakQgdKZcbfVKJXtRpc5VHrkflusCl/KRCPzpQ0=
-github.com/writeas/web-core v1.0.0/go.mod h1:Si3chV7VWgY8CsV+3gRolMXSO2Vx1ZFAQ/mkrpvmyEE=
 github.com/writeas/web-core v1.2.0 h1:CYqvBd+byi1cK4mCr1NZ6CjILuMOFmiFecv+OACcmG0=
 github.com/writeas/web-core v1.2.0/go.mod h1:vTYajviuNBAxjctPp2NUYdgjofywVkxUGpeaERF3SfI=
 github.com/writefreely/go-nodeinfo v1.2.0 h1:La+YbTCvmpTwFhBSlebWDDL81N88Qf/SCAvRLR7F8ss=
@@ -145,20 +143,23 @@ github.com/writefreely/go-nodeinfo v1.2.0/go.mod h1:UTvE78KpcjYOlRHupZIiSEFcXHio
 golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59 h1:hk3yo72LXLapY9EXVttc3Z1rLOxT9IuAPPX3GpY2+jo=
 golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
 golang.org/x/crypto v0.0.0-20190131182504-b8fe1690c613/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
-golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f h1:ETU2VEl7TnT5bl7IvuKEzTDpplg5wzGYsOCAPhdoEIg=
-golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20200109152110-61a87790db17 h1:nVJ3guKA9qdkEQ3TUdXI9QSINo2CUPM/cySEvw2w8I0=
+golang.org/x/crypto v0.0.0-20200109152110-61a87790db17/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 h1:rJm0LuqUjoDhSk2zO9ISMSToQxGz7Os2jRiOL8AWu4c=
 golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3 h1:eH6Eip3UpmR+yM/qI9Ijluzb1bNv/cAU/n+6l8tRSis=
 golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
-golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 h1:bfLnR+k0tq5Lqt6dflRLcZiz6UaXCMt3vhYJ1l4FQ80=
-golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3 h1:0GoQqolDA55aaLxZyTzK/Y2ePZzZTUrRacwib7cNsYQ=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
 golang.org/x/sys v0.0.0-20180525142821-c11f84a56e43/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
 golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
-golang.org/x/sys v0.0.0-20190209173611-3b5209105503 h1:5SvYFrOM3W8Mexn9/oA44Ji7vhXAZQ9hiP+1Q/DMrWg=
-golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d h1:+R4KGOnez64A81RvjARKc4UT5/tI9ujCIVX+P5KiHuI=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/tools v0.0.0-20181122213734-04b5d21e00f1/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190208222737-3744606dbb67 h1:bPP/rGuN1LUM0eaEwo6vnP6OfIWJzJBulzGUiKLjjSY=

From 0766e6cb366a464327c8e20f2da987e71d5bcebc Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Tue, 14 Jan 2020 10:44:56 -0800
Subject: [PATCH 24/69] fixes imported post times

changes the client side to round the unix time to avoid floats

alters the time to match the client time zone on the server side
---
 account_import.go          | 8 ++++++++
 templates/user/import.tmpl | 5 ++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/account_import.go b/account_import.go
index b34f3a7..1098798 100644
--- a/account_import.go
+++ b/account_import.go
@@ -9,6 +9,7 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 	"time"
 
@@ -85,6 +86,7 @@ func handleImport(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		log.Error("invalid form data for file dates: %v", err)
 		return impart.HTTPError{http.StatusBadRequest, "form data for file dates was invalid"}
 	}
+	fileTZ := r.FormValue("tz")
 	files := r.MultipartForm.File["files"]
 	var fileErrs []error
 	filesSubmitted := len(files)
@@ -147,6 +149,12 @@ func handleImport(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 			post.Collection = collAlias
 		}
 		dateTime := time.Unix(fileDates[formFile.Filename], 0)
+		offset, err := strconv.Atoi(fileTZ)
+		if err != nil {
+			log.Error("form time zone offset not a valid integer: %v", err)
+			continue
+		}
+		dateTime = dateTime.Add(time.Minute * time.Duration(offset))
 		post.Created = &dateTime
 		created := post.Created.Format("2006-01-02T15:04:05Z")
 		submittedPost := SubmittedPost{
diff --git a/templates/user/import.tmpl b/templates/user/import.tmpl
index 3400e2f..06ff8b7 100644
--- a/templates/user/import.tmpl
+++ b/templates/user/import.tmpl
@@ -32,6 +32,7 @@
 				<input id="fileInput" class="fileInput" name="files" type="file" multiple accept="text/markdown, text/plain"/>
 			</label>
 			<input id="fileDates" name="fileDates" hidden/>
+			<input id="tzInput" name="tz" hidden/>
 			<label>
 				Import these posts to:
 				<select name="collection">
@@ -42,13 +43,15 @@
 				</select>
 			</label>
 			<script>
+				const tzInput = document.getElementById('tzInput');
+				tzInput.value = new Date().getTimezoneOffset();
 				const fileInput = document.getElementById('fileInput');
 				const fileDates = document.getElementById('fileDates');
 				fileInput.addEventListener('change', (e) => {
 					const files = e.target.files;
 					let dateMap = {};
 					for (let file of files) {
-						dateMap[file.name] = file.lastModified / 1000;
+						dateMap[file.name] = Math.round(file.lastModified / 1000);
 					}
 					fileDates.value = JSON.stringify(dateMap);
 				})

From 571460f08d8b6b8db87670cd4f41984ddda90a6c Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Wed, 15 Jan 2020 09:04:38 -0800
Subject: [PATCH 25/69] move timezone correction to client side

---
 account_import.go          | 8 --------
 templates/user/import.tmpl | 8 ++++----
 2 files changed, 4 insertions(+), 12 deletions(-)

diff --git a/account_import.go b/account_import.go
index 1098798..b34f3a7 100644
--- a/account_import.go
+++ b/account_import.go
@@ -9,7 +9,6 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
-	"strconv"
 	"strings"
 	"time"
 
@@ -86,7 +85,6 @@ func handleImport(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 		log.Error("invalid form data for file dates: %v", err)
 		return impart.HTTPError{http.StatusBadRequest, "form data for file dates was invalid"}
 	}
-	fileTZ := r.FormValue("tz")
 	files := r.MultipartForm.File["files"]
 	var fileErrs []error
 	filesSubmitted := len(files)
@@ -149,12 +147,6 @@ func handleImport(app *App, u *User, w http.ResponseWriter, r *http.Request) err
 			post.Collection = collAlias
 		}
 		dateTime := time.Unix(fileDates[formFile.Filename], 0)
-		offset, err := strconv.Atoi(fileTZ)
-		if err != nil {
-			log.Error("form time zone offset not a valid integer: %v", err)
-			continue
-		}
-		dateTime = dateTime.Add(time.Minute * time.Duration(offset))
 		post.Created = &dateTime
 		created := post.Created.Format("2006-01-02T15:04:05Z")
 		submittedPost := SubmittedPost{
diff --git a/templates/user/import.tmpl b/templates/user/import.tmpl
index 06ff8b7..803a07c 100644
--- a/templates/user/import.tmpl
+++ b/templates/user/import.tmpl
@@ -32,7 +32,6 @@
 				<input id="fileInput" class="fileInput" name="files" type="file" multiple accept="text/markdown, text/plain"/>
 			</label>
 			<input id="fileDates" name="fileDates" hidden/>
-			<input id="tzInput" name="tz" hidden/>
 			<label>
 				Import these posts to:
 				<select name="collection">
@@ -43,15 +42,16 @@
 				</select>
 			</label>
 			<script>
-				const tzInput = document.getElementById('tzInput');
-				tzInput.value = new Date().getTimezoneOffset();
+				// timezone offset in seconds
+				const tzOffsetSec = new Date().getTimezoneOffset() * 60;
 				const fileInput = document.getElementById('fileInput');
 				const fileDates = document.getElementById('fileDates');
 				fileInput.addEventListener('change', (e) => {
 					const files = e.target.files;
 					let dateMap = {};
 					for (let file of files) {
-						dateMap[file.name] = Math.round(file.lastModified / 1000);
+						// convert from milliseconds to seconds and adjust for tz
+						dateMap[file.name] = Math.round(file.lastModified / 1000) + tzOffsetSec;
 					}
 					fileDates.value = JSON.stringify(dateMap);
 				})

From d2978597053e3526e85506184a51b9af4ca08fe1 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 12:18:21 -0500
Subject: [PATCH 26/69] Reserve the username "oauth"

---
 author/author.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/author/author.go b/author/author.go
index bf3bfe1..e2e9508 100644
--- a/author/author.go
+++ b/author/author.go
@@ -65,6 +65,7 @@ var reservedUsernames = map[string]bool{
 	"metadata":         true,
 	"new":              true,
 	"news":             true,
+	"oauth":            true,
 	"post":             true,
 	"posts":            true,
 	"privacy":          true,

From f2f779e4a2d2d64594f87f93d21313fa6d9b9d0d Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 12:24:10 -0500
Subject: [PATCH 27/69] Generate non-colliding usernames in all lowercase

All usernames should be lowercase, so this generates any username suffix
(in cases of collision) with only lowercase letters. It also removes
vowels to prevent bad 5-letter words from forming.

Ref T712
---
 oauth_slack.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oauth_slack.go b/oauth_slack.go
index 8cf4992..f700c2c 100644
--- a/oauth_slack.go
+++ b/oauth_slack.go
@@ -157,7 +157,7 @@ func (c slackOauthClient) inspectOauthAccessToken(ctx context.Context, accessTok
 func (resp slackUserIdentityResponse) InspectResponse() *InspectResponse {
 	return &InspectResponse{
 		UserID:      resp.User.ID,
-		Username:    fmt.Sprintf("%s-%s", slug.Make(resp.User.Name), store.Generate62RandomString(5)),
+		Username:    fmt.Sprintf("%s-%s", slug.Make(resp.User.Name), store.GenerateRandomString("0123456789bcdfghjklmnpqrstvwxyz", 5)),
 		DisplayName: resp.User.Name,
 		Email:       resp.User.Email,
 	}

From 33a6129d1e4e548c87097306c5929858c04962ec Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 13:13:33 -0500
Subject: [PATCH 28/69] Add async username check on OAuth signup form

This checks the user's inputted username as they type it, and prevents
form submission if the name is taken.

Ref T712
---
 pages/signup-oauth.tmpl | 66 +++++++++++++++++++++++++++++++++++++++++++++++--
 1 file changed, 64 insertions(+), 2 deletions(-)

diff --git a/pages/signup-oauth.tmpl b/pages/signup-oauth.tmpl
index 34081cf..3fd4255 100644
--- a/pages/signup-oauth.tmpl
+++ b/pages/signup-oauth.tmpl
@@ -65,7 +65,7 @@ form dd {
 	</ul>{{end}}
 
     <div id="billing">
-	    <form action="/oauth/signup" method="post" style="text-align: center;margin-top:1em;" onsubmit="disableSubmit()">
+	    <form action="/oauth/signup" method="post" style="text-align: center;margin-top:1em;" onsubmit="return disableSubmit()">
 	        <input type="hidden" name="access_token" value="{{ .AccessToken }}" />
 	        <input type="hidden" name="token_username" value="{{ .TokenUsername }}" />
 	        <input type="hidden" name="token_alias" value="{{ .TokenAlias }}" />
@@ -85,7 +85,7 @@ form dd {
                 <label>
                     <dt>Username</dt>
 					<dd>
-		<input type="text" name="username" style="width: 100%; box-sizing: border-box;" placeholder="Username" value="{{.Username}}" /><br />
+		<input type="text" id="username" name="username" style="width: 100%; box-sizing: border-box;" placeholder="Username" value="{{.Username}}" /><br />
 		{{if .Federation}}<p id="alias-site" class="demo">@<strong>your-username</strong>@{{.FriendlyHost}}</p>{{else}}<p id="alias-site" class="demo">{{.FriendlyHost}}/<strong>your-username</strong></p>{{end}}
                     </dd>
                 </label>
@@ -108,11 +108,73 @@ form dd {
         </form>
     </div>
 
+<script type="text/javascript" src="/js/h.js"></script>
 <script type="text/javascript">
+// Copied from signup.tmpl
+// NOTE: this element is named "alias" on signup.tmpl and "username" here
+var $alias = H.getEl('username');
+
 function disableSubmit() {
+    // Validate input
+    if (!aliasOK) {
+        var $a = $alias;
+        $a.el.className = 'error';
+        $a.el.focus();
+        $a.el.scrollIntoView();
+        return false;
+    }
+
 	var $btn = document.getElementById("btn-login");
 	$btn.value = "Logging in...";
 	$btn.disabled = true;
+	return true;
 }
+
+// Copied from signup.tmpl
+var $aliasSite = document.getElementById('alias-site');
+var aliasOK = true;
+var typingTimer;
+var doneTypingInterval = 750;
+var doneTyping = function() {
+    // Check on username
+    var alias = $alias.el.value;
+    if (alias != "") {
+        var params = {
+            username: alias
+        };
+        var http = new XMLHttpRequest();
+        http.open("POST", '/api/alias', true);
+
+        // Send the proper header information along with the request
+        http.setRequestHeader("Content-type", "application/json");
+
+        http.onreadystatechange = function() {
+            if (http.readyState == 4) {
+                data = JSON.parse(http.responseText);
+                if (http.status == 200) {
+                    aliasOK = true;
+                    $alias.removeClass('error');
+                    $aliasSite.className = $aliasSite.className.replace(/(?:^|\s)demo(?!\S)/g, '');
+                    $aliasSite.className = $aliasSite.className.replace(/(?:^|\s)error(?!\S)/g, '');
+                    $aliasSite.innerHTML = '{{ if .Federation }}@<strong>' + data.data + '</strong>@{{.FriendlyHost}}{{ else }}{{.FriendlyHost}}/<strong>' + data.data + '</strong>/{{ end }}';
+                } else {
+                    aliasOK = false;
+                    $alias.setClass('error');
+                    $aliasSite.className = 'error';
+                    $aliasSite.textContent = data.error_msg;
+                }
+            }
+        }
+        http.send(JSON.stringify(params));
+    } else {
+        $aliasSite.className += ' demo';
+        $aliasSite.innerHTML = '{{ if .Federation }}@<strong>your-username</strong>@{{.FriendlyHost}}{{ else }}{{.FriendlyHost}}/<strong>your-username</strong>/{{ end }}';
+    }
+};
+$alias.on('keyup input', function() {
+    clearTimeout(typingTimer);
+    typingTimer = setTimeout(doneTyping, doneTypingInterval);
+});
+doneTyping();
 </script>
 {{end}}

From 4d5c89e7efec6fad7b3fae7f36f92f0c58a9b30a Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 13:37:44 -0500
Subject: [PATCH 29/69] Fix false login state on OAuth signup page

Having a `Username` field populated in the page data tells the base
template to display navigation that only a logged in user should see. So
this renames the field to `LoginUsername`, similar to our login.tmpl
page.

Ref T712
---
 oauth_signup.go         | 12 ++++++------
 pages/signup-oauth.tmpl |  2 +-
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/oauth_signup.go b/oauth_signup.go
index cf90af6..96b9936 100644
--- a/oauth_signup.go
+++ b/oauth_signup.go
@@ -29,9 +29,9 @@ type viewOauthSignupVars struct {
 	ClientID        string
 	TokenHash       string
 
-	Username string
-	Alias    string
-	Email    string
+	LoginUsername string
+	Alias         string
+	Email         string
 }
 
 const (
@@ -184,9 +184,9 @@ func (h oauthHandler) showOauthSignupPage(app *App, w http.ResponseWriter, r *ht
 		ClientID:        tp.ClientID,
 		TokenHash:       tp.TokenHash,
 
-		Username: username,
-		Alias:    alias,
-		Email:    email,
+		LoginUsername: username,
+		Alias:         collTitle,
+		Email:         email,
 	}
 
 	// Display any error messages
diff --git a/pages/signup-oauth.tmpl b/pages/signup-oauth.tmpl
index 3fd4255..40cc2e6 100644
--- a/pages/signup-oauth.tmpl
+++ b/pages/signup-oauth.tmpl
@@ -85,7 +85,7 @@ form dd {
                 <label>
                     <dt>Username</dt>
 					<dd>
-		<input type="text" id="username" name="username" style="width: 100%; box-sizing: border-box;" placeholder="Username" value="{{.Username}}" /><br />
+		<input type="text" id="username" name="username" style="width: 100%; box-sizing: border-box;" placeholder="Username" value="{{.LoginUsername}}" /><br />
 		{{if .Federation}}<p id="alias-site" class="demo">@<strong>your-username</strong>@{{.FriendlyHost}}</p>{{else}}<p id="alias-site" class="demo">{{.FriendlyHost}}/<strong>your-username</strong></p>{{end}}
                     </dd>
                 </label>

From 6842ab2e3be7ffae9ce46a0613714a95cc1dd135 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 13:50:37 -0500
Subject: [PATCH 30/69] Rename collTitle from alias

"alias" is the name of a different collection field, so this renames the
variable internally to make things clearer.
---
 oauth_signup.go | 14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

diff --git a/oauth_signup.go b/oauth_signup.go
index 96b9936..58071c6 100644
--- a/oauth_signup.go
+++ b/oauth_signup.go
@@ -22,7 +22,7 @@ type viewOauthSignupVars struct {
 
 	AccessToken     string
 	TokenUsername   string
-	TokenAlias      string
+	TokenAlias      string // TODO: rename this to match the data it represents: the collection title
 	TokenEmail      string
 	TokenRemoteUser string
 	Provider        string
@@ -30,7 +30,7 @@ type viewOauthSignupVars struct {
 	TokenHash       string
 
 	LoginUsername string
-	Alias         string
+	Alias         string // TODO: rename this to match the data it represents: the collection title
 	Email         string
 }
 
@@ -52,7 +52,7 @@ const (
 type oauthSignupPageParams struct {
 	AccessToken     string
 	TokenUsername   string
-	TokenAlias      string
+	TokenAlias      string // TODO: rename this to match the data it represents: the collection title
 	TokenEmail      string
 	TokenRemoteUser string
 	ClientID        string
@@ -131,8 +131,8 @@ func (h oauthHandler) validateOauthSignup(r *http.Request) error {
 	if len(username) > 100 {
 		return impart.HTTPError{Status: http.StatusBadRequest, Message: "Username is too long."}
 	}
-	alias := r.FormValue(oauthParamAlias)
-	if len(alias) == 0 {
+	collTitle := r.FormValue(oauthParamAlias)
+	if len(collTitle) == 0 {
 		return impart.HTTPError{Status: http.StatusBadRequest, Message: "Alias is too short."}
 	}
 	password := r.FormValue("password")
@@ -151,7 +151,7 @@ func (h oauthHandler) validateOauthSignup(r *http.Request) error {
 
 func (h oauthHandler) showOauthSignupPage(app *App, w http.ResponseWriter, r *http.Request, tp *oauthSignupPageParams, errMsg error) error {
 	username := tp.TokenUsername
-	alias := tp.TokenAlias
+	collTitle := tp.TokenAlias
 	email := tp.TokenEmail
 
 	session, err := app.sessionStore.Get(r, cookieName)
@@ -164,7 +164,7 @@ func (h oauthHandler) showOauthSignupPage(app *App, w http.ResponseWriter, r *ht
 		username = tmpValue
 	}
 	if tmpValue := r.FormValue(oauthParamAlias); len(tmpValue) > 0 {
-		alias = tmpValue
+		collTitle = tmpValue
 	}
 	if tmpValue := r.FormValue(oauthParamEmail); len(tmpValue) > 0 {
 		email = tmpValue

From 130c9eb7475d93ab7d3a4a016c26d09ce3a8464c Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 13:58:14 -0500
Subject: [PATCH 31/69] Change Blog Title to Display Name in OAuth signup

Ref T712
---
 oauth_signup.go         | 2 +-
 pages/signup-oauth.tmpl | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/oauth_signup.go b/oauth_signup.go
index 58071c6..5b960ca 100644
--- a/oauth_signup.go
+++ b/oauth_signup.go
@@ -133,7 +133,7 @@ func (h oauthHandler) validateOauthSignup(r *http.Request) error {
 	}
 	collTitle := r.FormValue(oauthParamAlias)
 	if len(collTitle) == 0 {
-		return impart.HTTPError{Status: http.StatusBadRequest, Message: "Alias is too short."}
+		return impart.HTTPError{Status: http.StatusBadRequest, Message: "Display name is too short."}
 	}
 	password := r.FormValue("password")
 	if len(password) == 0 {
diff --git a/pages/signup-oauth.tmpl b/pages/signup-oauth.tmpl
index 40cc2e6..21e8ed5 100644
--- a/pages/signup-oauth.tmpl
+++ b/pages/signup-oauth.tmpl
@@ -77,9 +77,9 @@ form dd {
 
             <dl class="billing">
                 <label>
-                    <dt>Blog Title</dt>
+                    <dt>Display Name</dt>
                     <dd>
-                        <input type="text" style="width: 100%; box-sizing: border-box;" name="alias" placeholder="Alias"{{ if .Alias }} value="{{.Alias}}"{{ end }} />
+                        <input type="text" style="width: 100%; box-sizing: border-box;" name="alias" placeholder="Name"{{ if .Alias }} value="{{.Alias}}"{{ end }} />
                     </dd>
                 </label>
                 <label>

From b5a38efd2853f2cd81a7875b5a1ff4d41edef086 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 14:09:42 -0500
Subject: [PATCH 32/69] Fall back to username as coll title on OAuth signup

This uses the given username as the Display Name / Collection Title if a
user doesn't give one -- as might happen when authenticating with
Write.as.

Ref T712
---
 oauth_signup.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oauth_signup.go b/oauth_signup.go
index 5b960ca..d1fa9b5 100644
--- a/oauth_signup.go
+++ b/oauth_signup.go
@@ -133,7 +133,7 @@ func (h oauthHandler) validateOauthSignup(r *http.Request) error {
 	}
 	collTitle := r.FormValue(oauthParamAlias)
 	if len(collTitle) == 0 {
-		return impart.HTTPError{Status: http.StatusBadRequest, Message: "Display name is too short."}
+		collTitle = username
 	}
 	password := r.FormValue("password")
 	if len(password) == 0 {

From f7dabd39c2c86337323d58d2fd62513a37ef6f2e Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 14:25:33 -0500
Subject: [PATCH 33/69] Skip password requirement on OAuth signup

This makes it possible to complete OAuth signup without creating a
password on the WriteFreely instance.

A user can then add a password to their account through their Account
Settings page without any admin action (all of this logic is already in
place).

Ref T715 T712
---
 oauth_signup.go | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/oauth_signup.go b/oauth_signup.go
index d1fa9b5..10d2306 100644
--- a/oauth_signup.go
+++ b/oauth_signup.go
@@ -91,14 +91,20 @@ func (h oauthHandler) viewOauthSignup(app *App, w http.ResponseWriter, r *http.R
 		return h.showOauthSignupPage(app, w, r, tp, err)
 	}
 
-	hashedPass, err := auth.HashPass([]byte(r.FormValue(oauthParamPassword)))
-	if err != nil {
-		return h.showOauthSignupPage(app, w, r, tp, fmt.Errorf("unable to hash password"))
+	var err error
+	hashedPass := []byte{}
+	clearPass := r.FormValue(oauthParamPassword)
+	hasPass := clearPass != ""
+	if hasPass {
+		hashedPass, err = auth.HashPass([]byte(clearPass))
+		if err != nil {
+			return h.showOauthSignupPage(app, w, r, tp, fmt.Errorf("unable to hash password"))
+		}
 	}
 	newUser := &User{
 		Username:   r.FormValue(oauthParamUsername),
 		HashedPass: hashedPass,
-		HasPass:    true,
+		HasPass:    hasPass,
 		Email:      prepareUserEmail(r.FormValue(oauthParamEmail), h.EmailKey),
 		Created:    time.Now().Truncate(time.Second).UTC(),
 	}
@@ -135,10 +141,6 @@ func (h oauthHandler) validateOauthSignup(r *http.Request) error {
 	if len(collTitle) == 0 {
 		collTitle = username
 	}
-	password := r.FormValue("password")
-	if len(password) == 0 {
-		return impart.HTTPError{Status: http.StatusBadRequest, Message: "Password is too short."}
-	}
 	email := r.FormValue(oauthParamEmail)
 	if len(email) > 0 {
 		parts := strings.Split(email, "@")

From 803dd78df5ea27096ef7b5b05d1f50d50ee729aa Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 14:30:09 -0500
Subject: [PATCH 34/69] Remove Password field from OAuth signup page

This removes a bit of friction.

Ref T715 T712
---
 pages/signup-oauth.tmpl | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/pages/signup-oauth.tmpl b/pages/signup-oauth.tmpl
index 21e8ed5..ecf5db0 100644
--- a/pages/signup-oauth.tmpl
+++ b/pages/signup-oauth.tmpl
@@ -95,12 +95,6 @@ form dd {
 <input type="text" name="email" style="width: 100%; box-sizing: border-box;" placeholder="Email"{{ if .Email }} value="{{.Email}}"{{ end }} />
                     </dd>
                 </label>
-                <label>
-                    <dt>Password</dt>
-                    <dd>
-<input type="password" name="password" style="width: 100%; box-sizing: border-box;" placeholder="Password" /><br />
-                    </dd>
-                </label>
                 <dt>
                     <input type="submit" id="btn-login" value="Login" />
                 </dt>

From dcdd4dd1ef19170e22f47ebef4be30a698fcd7eb Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 14:39:18 -0500
Subject: [PATCH 35/69] Add and update copyright notices

---
 author/author.go |  2 +-
 oauth_signup.go  | 10 ++++++++++
 oauth_slack.go   | 10 ++++++++++
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/author/author.go b/author/author.go
index e2e9508..0114905 100644
--- a/author/author.go
+++ b/author/author.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018 A Bunch Tell LLC.
+ * Copyright © 2018-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
diff --git a/oauth_signup.go b/oauth_signup.go
index 10d2306..220afbd 100644
--- a/oauth_signup.go
+++ b/oauth_signup.go
@@ -1,3 +1,13 @@
+/*
+ * Copyright © 2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
 package writefreely
 
 import (
diff --git a/oauth_slack.go b/oauth_slack.go
index f700c2c..1db3613 100644
--- a/oauth_slack.go
+++ b/oauth_slack.go
@@ -1,3 +1,13 @@
+/*
+ * Copyright © 2020 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
 package writefreely
 
 import (

From c1ec6b26051ee76f63d12f9581218fe479bf8f64 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 14:43:32 -0500
Subject: [PATCH 36/69] Fix copyright years in oauth_slack.go

---
 oauth_slack.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/oauth_slack.go b/oauth_slack.go
index 1db3613..35db156 100644
--- a/oauth_slack.go
+++ b/oauth_slack.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2020 A Bunch Tell LLC.
+ * Copyright © 2019-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *

From 8e09e72979128d1d16d28df0df17e544037da9f0 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 16 Jan 2020 14:47:23 -0500
Subject: [PATCH 37/69] Require authenticated user for editor access

Previously, anyone could access the editor even if they weren't logged
in. They couldn't do much in that case (publishing would fail), but it
could potentially cause some confusion.

Now, users will be sent to the login page, and then redirected back to
the editor once successfully logged in.
---
 routes.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/routes.go b/routes.go
index 7784d71..ba531fb 100644
--- a/routes.go
+++ b/routes.go
@@ -169,9 +169,9 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	draftEditPrefix := ""
 	if apper.App().cfg.App.SingleUser {
 		draftEditPrefix = "/d"
-		write.HandleFunc("/me/new", handler.Web(handleViewPad, UserLevelOptional)).Methods("GET")
+		write.HandleFunc("/me/new", handler.Web(handleViewPad, UserLevelUser)).Methods("GET")
 	} else {
-		write.HandleFunc("/new", handler.Web(handleViewPad, UserLevelOptional)).Methods("GET")
+		write.HandleFunc("/new", handler.Web(handleViewPad, UserLevelUser)).Methods("GET")
 	}
 
 	// All the existing stuff

From 2c075c0347a4d123bc260eb935e1becd67edb2bc Mon Sep 17 00:00:00 2001
From: Rob Loranger <dev@loranger.xyz>
Date: Sun, 19 Jan 2020 15:57:58 -0800
Subject: [PATCH 38/69] update upgrade script for recent changes

changes accounted for
- the tar directory structure had changed to use a subdirectory
- there are now multiple linux targets released

bugs
- the service must be stopped before replacing the binary
- migrations were not being run during an upgrade
---
 scripts/upgrade-server.sh | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/scripts/upgrade-server.sh b/scripts/upgrade-server.sh
index c8e004a..ef10452 100755
--- a/scripts/upgrade-server.sh
+++ b/scripts/upgrade-server.sh
@@ -31,7 +31,7 @@ fi
 # go ahead and check for the latest release on linux
 echo "Checking for updates..."
 
-url=`curl -s https://api.github.com/repos/writeas/writefreely/releases/latest | grep 'browser_' | grep linux | cut -d\" -f4`
+url=`curl -s https://api.github.com/repos/writeas/writefreely/releases/latest | grep 'browser_' | grep 'linux' | grep 'amd64' | cut -d\" -f4`
 
 # check current version
 
@@ -82,13 +82,25 @@ filename=${parts[-1]}
 echo "Extracting files..."
 tar -zxf $tempdir/$filename -C $tempdir
 
+# stop service
+echo "Stopping writefreely systemd service..."
+if `systemctl start writefreely`; then
+	echo "Success, service stopped."
+else
+	echo "Upgrade failed to stop the systemd service, exiting early."
+	exit 1
+fi
+
 # copy files
 echo "Copying files..."
-cp -r $tempdir/{pages,static,templates,writefreely} .
+cp -r $tempdir/writefreely/{pages,static,templates,writefreely} .
+
+# migrate db
+./writefreely -migrate
 
 # restart service
 echo "Restarting writefreely systemd service..."
-if `systemctl restart writefreely`; then
+if `systemctl start writefreely`; then
 	echo "Success, version has been upgraded to $latest."
 else
 	echo "Upgrade complete, but failed to restart service."

From b336e95e1244007426a4c3fb66d7691424c9d3ed Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 20 Jan 2020 15:20:45 -0500
Subject: [PATCH 39/69] Render HTML entities in Drafts list

Previously, we'd show the raw HTML entities in the summaries of Draft
posts, instead of rendering them. This fixes that.
---
 posts.go                     | 4 ++++
 templates/user/articles.tmpl | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/posts.go b/posts.go
index d2fbcca..608f2fc 100644
--- a/posts.go
+++ b/posts.go
@@ -229,6 +229,10 @@ func (p Post) Summary() string {
 	return shortPostDescription(p.Content)
 }
 
+func (p Post) SummaryHTML() template.HTML {
+	return template.HTML(p.Summary())
+}
+
 // Excerpt shows any text that comes before a (more) tag.
 // TODO: use HTMLExcerpt in templates instead of this method
 func (p *Post) Excerpt() template.HTML {
diff --git a/templates/user/articles.tmpl b/templates/user/articles.tmpl
index 3edb89c..5dbe47b 100644
--- a/templates/user/articles.tmpl
+++ b/templates/user/articles.tmpl
@@ -34,7 +34,7 @@
 			{{end}}
 			{{ end }}
 		</h4>
-		{{if .Summary}}<p>{{.Summary}}</p>{{end}}
+		{{if .Summary}}<p>{{.SummaryHTML}}</p>{{end}}
 	</div>{{end}}
 </div>{{ else }}<div id="no-posts-published"><p>You haven't saved any drafts yet.</p>
 	<p>They'll show up here once you do. {{if not .SingleUser}}Find your blog posts from the <a href="/me/c/">Blogs</a> page.{{end}}</p>

From 30032e74a0199c247aea8f0efdeb0a6f28c63db3 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 20 Jan 2020 15:25:37 -0500
Subject: [PATCH 40/69] Add helpful text on Drafts page

---
 templates/user/articles.tmpl | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/templates/user/articles.tmpl b/templates/user/articles.tmpl
index 5dbe47b..16fb4e3 100644
--- a/templates/user/articles.tmpl
+++ b/templates/user/articles.tmpl
@@ -12,7 +12,10 @@
 
 <h2 id="posts-header">drafts</h2>
 
-{{ if .AnonymousPosts }}<div class="atoms posts">
+{{ if .AnonymousPosts }}
+	<p>These are your draft posts. You can share them individually (without a blog) or move them to your blog when you're ready.</p>
+
+	<div class="atoms posts">
 	{{ range $el := .AnonymousPosts }}<div id="post-{{.ID}}" class="post">
 		<h3><a href="/{{if $.SingleUser}}d/{{end}}{{.ID}}" itemprop="url">{{.DisplayTitle}}</a></h3>
 		<h4>
@@ -36,8 +39,9 @@
 		</h4>
 		{{if .Summary}}<p>{{.SummaryHTML}}</p>{{end}}
 	</div>{{end}}
-</div>{{ else }}<div id="no-posts-published"><p>You haven't saved any drafts yet.</p>
-	<p>They'll show up here once you do. {{if not .SingleUser}}Find your blog posts from the <a href="/me/c/">Blogs</a> page.{{end}}</p>
+</div>{{ else }}<div id="no-posts-published">
+	<p>Your anonymous and draft posts will show up here once you've published some. You'll be able to share them individually (without a blog) or move them to a blog when you're ready.</p>
+	{{if not .SingleUser}}<p>Alternatively, see your blogs and their posts on your <a href="/me/c/">Blogs</a> page.</p>{{end}}
 	<p class="text-cta"><a href="{{if .SingleUser}}/me/new{{else}}/{{end}}">Start writing</a></p></div>{{ end }}
 
 <div id="moving"></div>

From bc9843dfa37dd0714c0c20c8f5f21234815535c3 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 23 Jan 2020 11:47:35 -0500
Subject: [PATCH 41/69] Add timeout on ActivityPub requests

---
 activitypub.go | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index a18a636..62294cd 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018-2019 A Bunch Tell LLC.
+ * Copyright © 2018-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -62,6 +62,12 @@ func (ru *RemoteUser) AsPerson() *activitystreams.Person {
 	}
 }
 
+func activityPubClient() http.Client {
+	return http.Client{
+		Timeout: 15 * time.Second,
+	}
+}
+
 func handleFetchCollectionActivities(app *App, w http.ResponseWriter, r *http.Request) error {
 	w.Header().Set("Server", serverSoftware)
 
@@ -502,7 +508,7 @@ func makeActivityPost(hostName string, p *activitystreams.Person, url string, m
 		}
 	}
 
-	resp, err := http.DefaultClient.Do(r)
+	resp, err := activityPubClient().Do(r)
 	if err != nil {
 		return err
 	}
@@ -538,7 +544,7 @@ func resolveIRI(hostName, url string) ([]byte, error) {
 		}
 	}
 
-	resp, err := http.DefaultClient.Do(r)
+	resp, err := activityPubClient().Do(r)
 	if err != nil {
 		return nil, err
 	}

From 8d3e755c8f5b0afe3b5bb2950dd3806a4af08f45 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 23 Jan 2020 12:03:23 -0500
Subject: [PATCH 42/69] Return pointer to http.Client in activityPubClient()

---
 activitypub.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index 62294cd..b133f9d 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -62,8 +62,8 @@ func (ru *RemoteUser) AsPerson() *activitystreams.Person {
 	}
 }
 
-func activityPubClient() http.Client {
-	return http.Client{
+func activityPubClient() *http.Client {
+	return &http.Client{
 		Timeout: 15 * time.Second,
 	}
 }

From bf8dcff01eb26e0dcb9941fdf151d5c3f4af8317 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Mon, 27 Jan 2020 09:19:12 -0500
Subject: [PATCH 43/69] Quit AP goroutine early when there's no "to"

Previously, we'd sleep for 2 seconds and then return for no reason. This
fixes that.
---
 activitypub.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index b133f9d..ba2bb27 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -388,6 +388,11 @@ func handleFetchCollectionInbox(app *App, w http.ResponseWriter, r *http.Request
 	}
 
 	go func() {
+		if to == nil {
+			log.Error("No to! %v", err)
+			return
+		}
+
 		time.Sleep(2 * time.Second)
 		am, err := a.Serialize()
 		if err != nil {
@@ -396,10 +401,6 @@ func handleFetchCollectionInbox(app *App, w http.ResponseWriter, r *http.Request
 		}
 		am["@context"] = []string{activitystreams.Namespace}
 
-		if to == nil {
-			log.Error("No to! %v", err)
-			return
-		}
 		err = makeActivityPost(app.cfg.App.Host, p, fullActor.Inbox, am)
 		if err != nil {
 			log.Error("Unable to make activity POST: %v", err)

From ae1a892be00d4b38486658b658a12bd14420194d Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 29 Jan 2020 04:56:23 -0500
Subject: [PATCH 44/69] Upgrade gorilla/sessions to v1.2.0

This gets rid of the gorilla/context dependency, which might have been
causing a memory leak.

We noticed some serious memory leakage on Write.as that seemed to point
to this library. One heap snapshot:

      flat  flat%   sum%        cum   cum%
  259.13MB 30.41% 30.41%   268.13MB 31.46%  net/textproto.(*Reader).ReadMIMEHeader
  105.71MB 12.40% 42.81%   105.71MB 12.40%  github.com/gorilla/context.Set
   78.53MB  9.21% 52.03%   125.53MB 14.73%  github.com/gorilla/sessions.(*Registry).Get
   55.51MB  6.51% 58.54%    82.52MB  9.68%  net/http.(*Request).WithContext
   38.01MB  4.46% 63.00%    38.01MB  4.46%  github.com/gorilla/mux.extractVars
      35MB  4.11% 67.11%       53MB  6.22%  context.WithCancel
   34.50MB  4.05% 71.16%    34.50MB  4.05%  context.WithValue
      27MB  3.17% 74.32%       27MB  3.17%  net/http.cloneURL
      26MB  3.05% 77.38%       26MB  3.05%  github.com/gorilla/sessions.NewSession
      18MB  2.11% 79.49%       18MB  2.11%  context.(*cancelCtx).Done
   16.50MB  1.94% 81.42%    16.50MB  1.94%  syscall.anyToSockaddr
      14MB  1.64% 83.07%       47MB  5.52%  github.com/gorilla/sessions.(*CookieStore).New
   13.50MB  1.58% 84.65%    51.51MB  6.04%  github.com/gorilla/mux.(*Route).Match
   11.67MB  1.37% 86.02%    13.21MB  1.55%  regexp.(*Regexp).replaceAll
    9.72MB  1.14% 87.16%    22.94MB  2.69%  regexp.(*Regexp).ReplaceAllString
    9.50MB  1.11% 88.28%   115.21MB 13.52%  github.com/gorilla/sessions.GetRegistry

With the help of these articles, we tracked it down to this dependency,
and upgraded the library, which seems to have completely fixed the issue
so far:

https://rover.rocks/golang-memory-leak/
https://medium.com/@walterwu_22843/golang-memory-leak-while-handling-huge-amount-of-http-request-35cc970cb75e

This should fix #133
---
 go.mod | 2 +-
 go.sum | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/go.mod b/go.mod
index f6aa8b7..adfcccb 100644
--- a/go.mod
+++ b/go.mod
@@ -15,7 +15,7 @@ require (
 	github.com/gorilla/feeds v1.1.0
 	github.com/gorilla/mux v1.7.0
 	github.com/gorilla/schema v1.0.2
-	github.com/gorilla/sessions v1.1.3
+	github.com/gorilla/sessions v1.2.0
 	github.com/guregu/null v3.4.0+incompatible
 	github.com/hashicorp/go-multierror v1.0.0
 	github.com/ikeikeikeike/go-sitemap-generator v1.0.1
diff --git a/go.sum b/go.sum
index 5b8b88a..f958de2 100644
--- a/go.sum
+++ b/go.sum
@@ -46,8 +46,6 @@ github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1
 github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
 github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc h1:cJlkeAx1QYgO5N80aF5xRGstVsRQwgLR7uA2FnP1ZjY=
 github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU=
-github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
-github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
 github.com/gorilla/feeds v1.1.0 h1:pcgLJhbdYgaUESnj3AmXPcB7cS3vy63+jC/TI14AGXk=
 github.com/gorilla/feeds v1.1.0/go.mod h1:Nk0jZrvPFZX1OBe5NPiddPw7CfwF6Q9eqzaBbaightA=
 github.com/gorilla/mux v1.7.0 h1:tOSd0UKHQd6urX6ApfOn4XdBMY6Sh1MfxV3kmaazO+U=
@@ -56,8 +54,8 @@ github.com/gorilla/schema v1.0.2 h1:sAgNfOcNYvdDSrzGHVy9nzCQahG+qmsg+nE8dK85QRA=
 github.com/gorilla/schema v1.0.2/go.mod h1:kgLaKoK1FELgZqMAVxx/5cbj0kT+57qxUrAlIO2eleU=
 github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
 github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
-github.com/gorilla/sessions v1.1.3 h1:uXoZdcdA5XdXF3QzuSlheVRUvjl+1rKY7zBXL68L9RU=
-github.com/gorilla/sessions v1.1.3/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
+github.com/gorilla/sessions v1.2.0 h1:S7P+1Hm5V/AT9cjEcUD5uDaQSX0OE577aCXgoaKpYbQ=
+github.com/gorilla/sessions v1.2.0/go.mod h1:dk2InVEVJ0sfLlnXv9EAgkf6ecYs/i80K/zI+bUmuGM=
 github.com/guregu/null v3.4.0+incompatible h1:a4mw37gBO7ypcBlTJeZGuMpSxxFTV9qFfFKgWxQSGaM=
 github.com/guregu/null v3.4.0+incompatible/go.mod h1:ePGpQaN9cw0tj45IR5E5ehMvsFlLlQZAkkOXZurJ3NM=
 github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=

From 8fce34b70b039b5ff9528ad8494a6f4a7921ae6c Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 29 Jan 2020 05:24:22 -0500
Subject: [PATCH 45/69] Tidy up Go mod files

---
 go.mod |  6 ++----
 go.sum | 10 ----------
 2 files changed, 2 insertions(+), 14 deletions(-)

diff --git a/go.mod b/go.mod
index adfcccb..519a6ea 100644
--- a/go.mod
+++ b/go.mod
@@ -18,10 +18,8 @@ require (
 	github.com/gorilla/sessions v1.2.0
 	github.com/guregu/null v3.4.0+incompatible
 	github.com/hashicorp/go-multierror v1.0.0
-	github.com/ikeikeikeike/go-sitemap-generator v1.0.1
 	github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2
 	github.com/jtolds/gls v4.2.1+incompatible // indirect
-	github.com/kr/pretty v0.1.0
 	github.com/kylemcc/twitter-text-go v0.0.0-20180726194232-7f582f6736ec
 	github.com/lunixbochs/vtclean v1.0.0 // indirect
 	github.com/manifoldco/promptui v0.3.2
@@ -32,7 +30,7 @@ require (
 	github.com/nicksnyder/go-i18n v1.10.0 // indirect
 	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
 	github.com/pelletier/go-toml v1.2.0 // indirect
-	github.com/pkg/errors v0.8.1
+	github.com/pkg/errors v0.8.1 // indirect
 	github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be // indirect
 	github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 // indirect
 	github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c // indirect
@@ -53,7 +51,7 @@ require (
 	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
 	golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 // indirect
 	golang.org/x/sys v0.0.0-20190209173611-3b5209105503 // indirect
-	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67
+	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67 // indirect
 	google.golang.org/appengine v1.4.0 // indirect
 	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c // indirect
 	gopkg.in/ini.v1 v1.41.0
diff --git a/go.sum b/go.sum
index f958de2..4cb46da 100644
--- a/go.sum
+++ b/go.sum
@@ -62,8 +62,6 @@ github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/U
 github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
 github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
-github.com/ikeikeikeike/go-sitemap-generator v1.0.1 h1:49Fn8gro/B12vCY8pf5/+/Jpr3kwB9TvP0MSymo69SY=
-github.com/ikeikeikeike/go-sitemap-generator v1.0.1/go.mod h1:QI+zWsz6yQyxkG9LWNcnu0f7aiAE5tPdsZOsICgmd1c=
 github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2 h1:wIdDEle9HEy7vBPjC6oKz6ejs3Ut+jmsYvuOoAW2pSM=
 github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2/go.mod h1:WtaVKD9TeruTED9ydiaOJU08qGoEPP/LyzTKiD3jEsw=
 github.com/jtolds/gls v4.2.1+incompatible h1:fSuqC+Gmlu6l/ZYAoZzx2pyucC8Xza35fpRVWLVmUEE=
@@ -135,12 +133,6 @@ github.com/writeas/impart v1.1.0 h1:nPnoO211VscNkp/gnzir5UwCDEvdHThL5uELU60NFSE=
 github.com/writeas/impart v1.1.0/go.mod h1:g0MpxdnTOHHrl+Ca/2oMXUHJ0PcRAEWtkCzYCJUXC9Y=
 github.com/writeas/impart v1.1.1-0.20191230230525-d3c45ced010d h1:PK7DOj3JE6MGf647esPrKzXEHFjGWX2hl22uX79ixaE=
 github.com/writeas/impart v1.1.1-0.20191230230525-d3c45ced010d/go.mod h1:g0MpxdnTOHHrl+Ca/2oMXUHJ0PcRAEWtkCzYCJUXC9Y=
-github.com/writeas/import v0.0.0-20190815214647-baae8acd8d06 h1:S6oKKP8GhSoyZUvVuhO9UiQ9f+U1aR/x5B4MP7YQHaU=
-github.com/writeas/import v0.0.0-20190815214647-baae8acd8d06/go.mod h1:f3K8z7YnJwKnPIT4h7980n9C6cQb4DIB2QcxVCTB7lE=
-github.com/writeas/import v0.0.0-20190815235139-628d10daaa9e h1:31PkvDTWkjzC1nGzWw9uAE92ZfcVyFX/K9L9ejQjnEs=
-github.com/writeas/import v0.0.0-20190815235139-628d10daaa9e/go.mod h1:f3K8z7YnJwKnPIT4h7980n9C6cQb4DIB2QcxVCTB7lE=
-github.com/writeas/import v0.1.1 h1:SbYltT+nxrJBUe0xQWJqeKMHaupbxV0a6K3RtwcE4yY=
-github.com/writeas/import v0.1.1/go.mod h1:gFe0Pl7ZWYiXbI0TJxeMMyylPGZmhVvCfQxhMEc8CxM=
 github.com/writeas/import v0.2.0 h1:Ov23JW9Rnjxk06rki1Spar45bNX647HhwhAZj3flJiY=
 github.com/writeas/import v0.2.0/go.mod h1:gFe0Pl7ZWYiXbI0TJxeMMyylPGZmhVvCfQxhMEc8CxM=
 github.com/writeas/monday v0.0.0-20181024183321-54a7dd579219 h1:baEp0631C8sT2r/hqwypIw2snCFZa6h7U6TojoLHu/c=
@@ -154,8 +146,6 @@ github.com/writeas/saturday v1.7.1 h1:lYo1EH6CYyrFObQoA9RNWHVlpZA5iYL5Opxo7PYAnZ
 github.com/writeas/saturday v1.7.1/go.mod h1:ETE1EK6ogxptJpAgUbcJD0prAtX48bSloie80+tvnzQ=
 github.com/writeas/slug v1.2.0 h1:EMQ+cwLiOcA6EtFwUgyw3Ge18x9uflUnOnR6bp/J+/g=
 github.com/writeas/slug v1.2.0/go.mod h1:RE8shOqQP3YhsfsQe0L3RnuejfQ4Mk+JjY5YJQFubfQ=
-github.com/writeas/web-core v1.0.0 h1:5VKkCakQgdKZcbfVKJXtRpc5VHrkflusCl/KRCPzpQ0=
-github.com/writeas/web-core v1.0.0/go.mod h1:Si3chV7VWgY8CsV+3gRolMXSO2Vx1ZFAQ/mkrpvmyEE=
 github.com/writeas/web-core v1.2.0 h1:CYqvBd+byi1cK4mCr1NZ6CjILuMOFmiFecv+OACcmG0=
 github.com/writeas/web-core v1.2.0/go.mod h1:vTYajviuNBAxjctPp2NUYdgjofywVkxUGpeaERF3SfI=
 github.com/writefreely/go-nodeinfo v1.2.0 h1:La+YbTCvmpTwFhBSlebWDDL81N88Qf/SCAvRLR7F8ss=

From be0885698e5afdaf689d23f54e1798cf9ce56160 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 29 Jan 2020 05:46:59 -0500
Subject: [PATCH 46/69] Change "restarting" to "starting" in upgrade script

---
 scripts/upgrade-server.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/upgrade-server.sh b/scripts/upgrade-server.sh
index ef10452..36281bf 100755
--- a/scripts/upgrade-server.sh
+++ b/scripts/upgrade-server.sh
@@ -99,7 +99,7 @@ cp -r $tempdir/writefreely/{pages,static,templates,writefreely} .
 ./writefreely -migrate
 
 # restart service
-echo "Restarting writefreely systemd service..."
+echo "Starting writefreely systemd service..."
 if `systemctl start writefreely`; then
 	echo "Success, version has been upgraded to $latest."
 else

From b25cec8381006780f39a0433fef4ddaa03ca6545 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 29 Jan 2020 05:49:12 -0500
Subject: [PATCH 47/69] Update copyright in upgrade script

---
 scripts/upgrade-server.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/scripts/upgrade-server.sh b/scripts/upgrade-server.sh
index 36281bf..581085d 100755
--- a/scripts/upgrade-server.sh
+++ b/scripts/upgrade-server.sh
@@ -11,7 +11,7 @@
 ##	have not installed the binary `writefreely` in another location.     ##
 ###############################################################################
 #
-#	Copyright © 2019 A Bunch Tell LLC.
+#	Copyright © 2019-2020 A Bunch Tell LLC.
 #
 #	This file is part of WriteFreely.
 #

From 4d5f58a7e65733f1fe6e4c8819708abdfcc295cd Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 29 Jan 2020 06:42:32 -0500
Subject: [PATCH 48/69] Fix date-based post header links

Posts without an explicit title render the date as the post header in
lists of posts (like on the blog index and tag pages). This updates
localdate.js to properly adjust those dates, too.
---
 static/js/localdate.js | 17 ++++++++++++-----
 1 file changed, 12 insertions(+), 5 deletions(-)

diff --git a/static/js/localdate.js b/static/js/localdate.js
index 19fa502..879ebe4 100644
--- a/static/js/localdate.js
+++ b/static/js/localdate.js
@@ -1,9 +1,16 @@
-function toLocalDate(el) {
-	var d = new Date(el.getAttribute("datetime"));
-	el.textContent = d.toLocaleDateString(navigator.language || "en-US", { year: 'numeric', month: 'long', day: 'numeric' });
+function toLocalDate(dateEl, displayEl) {
+	var d = new Date(dateEl.getAttribute("datetime"));
+	displayEl.textContent = d.toLocaleDateString(navigator.language || "en-US", { year: 'numeric', month: 'long', day: 'numeric' });
 }
 
-var $dates = document.querySelectorAll("time");
+// Adjust dates on individual post pages, and on posts in a list *with* an explicit title
+var $dates = document.querySelectorAll("article > time");
 for (var i=0; i < $dates.length; i++) {
-	toLocalDate($dates[i]);
+	toLocalDate($dates[i], $dates[i]);
 }
+
+// Adjust dates on posts in a list without an explicit title, where they act as the header
+$dates = document.querySelectorAll("h2.post-title > time");
+for (i=0; i < $dates.length; i++) {
+	toLocalDate($dates[i], $dates[i].querySelector('a'));
+}
\ No newline at end of file

From d6b7a5925f20ba7ca3d9f210188a3f1ceba07cf1 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 29 Jan 2020 09:11:02 -0500
Subject: [PATCH 49/69] Restrict /invite/{code} route to valid chars
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Previously, loading something like /invite/fFdblk😄 would return a 500,
due to a mix of collations in MySQL while SELECTing for an invite with
an ID of 'fFdblk😄'. This restricts the route to [a-zA-Z0-9] chars, to
prevent this.
---
 routes.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/routes.go b/routes.go
index ba531fb..023aca2 100644
--- a/routes.go
+++ b/routes.go
@@ -161,7 +161,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	// Handle special pages first
 	write.HandleFunc("/login", handler.Web(viewLogin, UserLevelNoneRequired))
 	write.HandleFunc("/signup", handler.Web(handleViewLanding, UserLevelNoneRequired))
-	write.HandleFunc("/invite/{code}", handler.Web(handleViewInvite, UserLevelOptional)).Methods("GET")
+	write.HandleFunc("/invite/{code:[a-zA-Z0-9]+}", handler.Web(handleViewInvite, UserLevelOptional)).Methods("GET")
 	// TODO: show a reader-specific 404 page if the function is disabled
 	write.HandleFunc("/read", handler.Web(viewLocalTimeline, UserLevelReader))
 	RouteRead(handler, UserLevelReader, write.PathPrefix("/read").Subrouter())

From 50901d2446ca9dc473a3820778aaff5aae250607 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 29 Jan 2020 13:01:21 -0500
Subject: [PATCH 50/69] Fix date format in `datetime` attribute

Previously, the date format in this attribute for posts was invalid.
This caused local date rendering to fail in Firefox. This fixes that.

Closes #253
---
 templates/chorus-collection-post.tmpl | 2 +-
 templates/collection-post.tmpl        | 2 +-
 templates/include/posts.tmpl          | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/templates/chorus-collection-post.tmpl b/templates/chorus-collection-post.tmpl
index c231b64..f88e334 100644
--- a/templates/chorus-collection-post.tmpl
+++ b/templates/chorus-collection-post.tmpl
@@ -58,7 +58,7 @@ body#post header {
 		{{if .Suspended}}
 			{{template "user-suspended"}}
 		{{end}}
-		<article id="post-body" class="{{.Font}} h-entry">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name{{if $.Collection.Format.ShowDates}} dated{{end}}">{{.FormattedDisplayTitle}}</h2>{{end}}{{if $.Collection.Format.ShowDates}}<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
+		<article id="post-body" class="{{.Font}} h-entry">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name{{if $.Collection.Format.ShowDates}} dated{{end}}">{{.FormattedDisplayTitle}}</h2>{{end}}{{if $.Collection.Format.ShowDates}}<time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
 
 		{{ if .Collection.ShowFooterBranding }}
 		<footer dir="ltr">
diff --git a/templates/collection-post.tmpl b/templates/collection-post.tmpl
index 00535b9..a8c105b 100644
--- a/templates/collection-post.tmpl
+++ b/templates/collection-post.tmpl
@@ -62,7 +62,7 @@
 		{{if .Suspended}}
 			{{template "user-suspended"}}
 		{{end}}
-		<article id="post-body" class="{{.Font}} h-entry {{if not .IsFound}}error-page{{end}}">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name{{if $.Collection.Format.ShowDates}} dated{{end}}">{{.FormattedDisplayTitle}}</h2>{{end}}{{if $.Collection.Format.ShowDates}}<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
+		<article id="post-body" class="{{.Font}} h-entry {{if not .IsFound}}error-page{{end}}">{{if .IsScheduled}}<p class="badge">Scheduled</p>{{end}}{{if .Title.String}}<h2 id="title" class="p-name{{if $.Collection.Format.ShowDates}} dated{{end}}">{{.FormattedDisplayTitle}}</h2>{{end}}{{if $.Collection.Format.ShowDates}}<time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}">{{.DisplayDate}}</time>{{end}}<div class="e-content">{{.HTMLContent}}</div></article>
 
 		{{ if .Collection.ShowFooterBranding }}
 		<footer dir="ltr"><hr><nav><p style="font-size: 0.9em">{{localhtml "published with write.as" .Language.String}}</p></nav></footer>
diff --git a/templates/include/posts.tmpl b/templates/include/posts.tmpl
index 514f69f..b1ccbf2 100644
--- a/templates/include/posts.tmpl
+++ b/templates/include/posts.tmpl
@@ -21,10 +21,10 @@
 			{{end}}
 		{{end}}
 	</h2>
-	{{if $.Format.ShowDates}}<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{if not .Title.String}}<a href="{{$.CanonicalURL}}{{.Slug.String}}" itemprop="url">{{end}}{{.DisplayDate}}{{if not .Title.String}}</a>{{end}}</time>{{end}}
+	{{if $.Format.ShowDates}}<time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}">{{if not .Title.String}}<a href="{{$.CanonicalURL}}{{.Slug.String}}" itemprop="url">{{end}}{{.DisplayDate}}{{if not .Title.String}}</a>{{end}}</time>{{end}}
 {{else}}
 <h2 class="post-title" itemprop="name">
-	{{if $.Format.ShowDates}}<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{$.CanonicalURL}}{{.Slug.String}}{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time>{{end}}
+	{{if $.Format.ShowDates}}<time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{$.CanonicalURL}}{{.Slug.String}}{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time>{{end}}
 	{{if $.IsOwner}}
 		{{if not $.Format.ShowDates}}<a class="user hidden action" href="{{if not $.SingleUser}}/{{$.Alias}}/{{.Slug.String}}{{else}}{{$.CanonicalURL}}{{.Slug.String}}{{end}}">view</a>{{end}}
 		<a class="user hidden action" href="/{{if not $.SingleUser}}{{$.Alias}}/{{end}}{{.Slug.String}}/edit">edit</a>

From 5de2f633e15ace6f931feef333ca1f9fdeaba1b6 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Wed, 29 Jan 2020 13:03:04 -0500
Subject: [PATCH 51/69] Fix localdate.js not included on Tags page

---
 templates/collection-tags.tmpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/collection-tags.tmpl b/templates/collection-tags.tmpl
index 2f79bbb..93cd7e0 100644
--- a/templates/collection-tags.tmpl
+++ b/templates/collection-tags.tmpl
@@ -75,9 +75,9 @@
 		{{range .ExternalScripts}}<script type="text/javascript" src="{{.}}" async></script>{{end}}
 		{{if .Collection.Script}}<script type="text/javascript">{{.ScriptDisplay}}</script>{{end}}
 	{{end}}
+	<script src="/js/localdate.js"></script>
 	{{if .IsOwner}}
 	<script src="/js/h.js"></script>
-	<script src="/js/localdate.js"></script>
 	<script src="/js/postactions.js"></script>
 	{{end}}
 	<script type="text/javascript">

From bc9455db4fda0d8846113aaae69fba72021420b5 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 30 Jan 2020 10:20:50 +0100
Subject: [PATCH 52/69] Fix datetime attributes on read.tmpl

---
 templates/read.tmpl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/templates/read.tmpl b/templates/read.tmpl
index 7b43995..ddcccdd 100644
--- a/templates/read.tmpl
+++ b/templates/read.tmpl
@@ -88,9 +88,9 @@
 		<section itemscope itemtype="http://schema.org/Blog">
 			{{range .Posts}}<article class="{{.Font}} h-entry" itemscope itemtype="http://schema.org/BlogPosting">
 			{{if .Title.String}}<h2 class="post-title" itemprop="name" class="p-name"><a href="{{if .Slug.String}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}.md{{end}}" itemprop="url" class="u-url">{{.PlainDisplayTitle}}</a></h2>
-			<time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}">{{if not .Title.String}}<a href="{{.Collection.CanonicalURL}}{{.Slug.String}}" itemprop="url">{{end}}{{.DisplayDate}}{{if not .Title.String}}</a>{{end}}</time>
+			<time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}">{{if not .Title.String}}<a href="{{.Collection.CanonicalURL}}{{.Slug.String}}" itemprop="url">{{end}}{{.DisplayDate}}{{if not .Title.String}}</a>{{end}}</time>
 			{{else}}
-			<h2 class="post-title" itemprop="name"><time class="dt-published" datetime="{{.Created}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}.md{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time></h2>
+			<h2 class="post-title" itemprop="name"><time class="dt-published" datetime="{{.Created8601}}" pubdate itemprop="datePublished" content="{{.Created}}"><a href="{{if .Collection}}{{.Collection.CanonicalURL}}{{.Slug.String}}{{else}}{{.CanonicalURL .Host}}.md{{end}}" itemprop="url" class="u-url">{{.DisplayDate}}</a></time></h2>
 			{{end}}
 			<p class="source">{{if .Collection}}from <a href="{{.Collection.CanonicalURL}}">{{.Collection.DisplayTitle}}</a>{{else}}<em>Anonymous</em>{{end}}</p>
 			{{if .Excerpt}}<div class="p-summary" {{if .Language}}lang="{{.Language.String}}"{{end}} dir="{{.Direction}}">{{.Excerpt}}</div>

From 51700cc7da47ad205187435ff8beaec2535b926f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 30 Jan 2020 10:36:29 +0100
Subject: [PATCH 53/69] Ignore "mix of collations" error on invite SELECT

This adds the `isIgnorableError` method and calls it when error checking
in `GetUserInvite()`, returning "not found" if the rror comes up.
---
 database-no-sqlite.go | 14 +++++++++++++-
 database-sqlite.go    | 12 ++++++++++++
 database.go           |  5 +++--
 3 files changed, 28 insertions(+), 3 deletions(-)

diff --git a/database-no-sqlite.go b/database-no-sqlite.go
index a3d50fc..03d1a32 100644
--- a/database-no-sqlite.go
+++ b/database-no-sqlite.go
@@ -1,7 +1,7 @@
 // +build !sqlite,!wflib
 
 /*
- * Copyright © 2019 A Bunch Tell LLC.
+ * Copyright © 2019-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -28,3 +28,15 @@ func (db *datastore) isDuplicateKeyErr(err error) bool {
 
 	return false
 }
+
+func (db *datastore) isIgnorableError(err error) bool {
+	if db.driverName == driverMySQL {
+		if mysqlErr, ok := err.(*mysql.MySQLError); ok {
+			return mysqlErr.Number == mySQLErrCollationMix
+		}
+	} else {
+		log.Error("isIgnorableError: failed check for unrecognized driver '%s'", db.driverName)
+	}
+
+	return false
+}
diff --git a/database-sqlite.go b/database-sqlite.go
index 3741169..bd77e6a 100644
--- a/database-sqlite.go
+++ b/database-sqlite.go
@@ -48,3 +48,15 @@ func (db *datastore) isDuplicateKeyErr(err error) bool {
 
 	return false
 }
+
+func (db *datastore) isIgnorableError(err error) bool {
+	if db.driverName == driverMySQL {
+		if mysqlErr, ok := err.(*mysql.MySQLError); ok {
+			return mysqlErr.Number == mySQLErrCollationMix
+		}
+	} else {
+		log.Error("isIgnorableError: failed check for unrecognized driver '%s'", db.driverName)
+	}
+
+	return false
+}
diff --git a/database.go b/database.go
index ef52d84..4948452 100644
--- a/database.go
+++ b/database.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018 A Bunch Tell LLC.
+ * Copyright © 2018-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -37,6 +37,7 @@ import (
 
 const (
 	mySQLErrDuplicateKey = 1062
+	mySQLErrCollationMix = 1267
 
 	driverMySQL  = "mysql"
 	driverSQLite = "sqlite3"
@@ -2281,7 +2282,7 @@ func (db *datastore) GetUserInvite(id string) (*Invite, error) {
 	var i Invite
 	err := db.QueryRow("SELECT id, max_uses, created, expires, inactive FROM userinvites WHERE id = ?", id).Scan(&i.ID, &i.MaxUses, &i.Created, &i.Expires, &i.Inactive)
 	switch {
-	case err == sql.ErrNoRows:
+	case err == sql.ErrNoRows, db.isIgnorableError(err):
 		return nil, impart.HTTPError{http.StatusNotFound, "Invite doesn't exist."}
 	case err != nil:
 		log.Error("Failed selecting invite: %v", err)

From 0ed3059bd73541ead143acc7805e315e0f0e197e Mon Sep 17 00:00:00 2001
From: Matti R <matti@mdranta.net>
Date: Fri, 31 Jan 2020 16:34:36 -0500
Subject: [PATCH 54/69] add xgo to go mod

---
 go.mod | 1 +
 go.sum | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/go.mod b/go.mod
index 5c5e936..b215792 100644
--- a/go.mod
+++ b/go.mod
@@ -55,6 +55,7 @@ require (
 	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c // indirect
 	gopkg.in/ini.v1 v1.41.0
 	gopkg.in/yaml.v2 v2.2.2 // indirect
+	src.techknowlogick.com/xgo v0.0.0-20200129005940-d0fae26e014b // indirect
 )
 
 go 1.13
diff --git a/go.sum b/go.sum
index 0c9d05d..6c675fa 100644
--- a/go.sum
+++ b/go.sum
@@ -176,3 +176,5 @@ gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0 h1:POO/ycCATvegFmVuPpQzZFJ+p
 gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg=
 gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
 gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+src.techknowlogick.com/xgo v0.0.0-20200129005940-d0fae26e014b h1:rPAdjgXks4ToezTjygsnKZroxKVnA1L35DSpsJXPtfc=
+src.techknowlogick.com/xgo v0.0.0-20200129005940-d0fae26e014b/go.mod h1:31CE1YKtDOrKTk9PSnjTpe6YbO6W/0LTYZ1VskL09oU=

From 1b8f62d143ef90018674833c69f1e4bcb258132f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Thu, 6 Feb 2020 17:44:02 -0500
Subject: [PATCH 55/69] Require authenticated user on draft edit routes

- /edit
- /meta
---
 routes.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/routes.go b/routes.go
index ba531fb..11c0389 100644
--- a/routes.go
+++ b/routes.go
@@ -175,8 +175,8 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	}
 
 	// All the existing stuff
-	write.HandleFunc(draftEditPrefix+"/{action}/edit", handler.Web(handleViewPad, UserLevelOptional)).Methods("GET")
-	write.HandleFunc(draftEditPrefix+"/{action}/meta", handler.Web(handleViewMeta, UserLevelOptional)).Methods("GET")
+	write.HandleFunc(draftEditPrefix+"/{action}/edit", handler.Web(handleViewPad, UserLevelUser)).Methods("GET")
+	write.HandleFunc(draftEditPrefix+"/{action}/meta", handler.Web(handleViewMeta, UserLevelUser)).Methods("GET")
 	// Collections
 	if apper.App().cfg.App.SingleUser {
 		RouteCollections(handler, write.PathPrefix("/").Subrouter())

From bb63e648835f58a3e5938b266d1da0461340e9bb Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 8 Feb 2020 12:10:47 -0500
Subject: [PATCH 56/69] Clean up getProfilePageFromHandle

- Export the func
- Remove commented-out code
- Use log, not fmt for debug messages
- Remove named return parameters
- Use standard var naming schemes
- Fix spacing in queries and remove unnecessary chars
---
 collections.go |  6 +++---
 database.go    | 19 ++++++++++---------
 posts.go       |  4 ++--
 3 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/collections.go b/collections.go
index 447d657..8ee88f1 100644
--- a/collections.go
+++ b/collections.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018 A Bunch Tell LLC.
+ * Copyright © 2018-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -861,13 +861,13 @@ func handleViewMention(app *App, w http.ResponseWriter, r *http.Request) error {
 	vars := mux.Vars(r)
 	handle := vars["handle"]
 
-	remoteUser, err := app.db.getProfilePageFromHandle(app, handle)
+	remoteUser, err := app.db.GetProfilePageFromHandle(app, handle)
 	if err != nil {
 		log.Error("Couldn't find this user "+handle, err)
 		return nil
 	}
 
-	return impart.HTTPError{Status: http.StatusFound, Message: remoteUser} 
+	return impart.HTTPError{Status: http.StatusFound, Message: remoteUser}
 }
 
 func handleViewCollectionTag(app *App, w http.ResponseWriter, r *http.Request) error {
diff --git a/database.go b/database.go
index 7d4bfc0..eca09d7 100644
--- a/database.go
+++ b/database.go
@@ -2557,18 +2557,17 @@ func handleFailedPostInsert(err error) error {
 	return err
 }
 
-func (db *datastore) getProfilePageFromHandle(app *App, handle string) (actorIRI string, err error) {
-	remoteuser, errRemoteUser := getRemoteUserFromHandle(app, handle)
-	if errRemoteUser != nil {
+func (db *datastore) GetProfilePageFromHandle(app *App, handle string) (string, error) {
+	actorIRI := ""
+	remoteUser, err := getRemoteUserFromHandle(app, handle)
+	if err != nil {
 		// can't find using handle in the table but the table may already have this user without
 		// handle from a previous version
 		actorIRI = RemoteLookup(handle)
 		_, errRemoteUser := getRemoteUser(app, actorIRI)
 		// if it exists then we need to update the handle
 		if errRemoteUser == nil {
-			// query := "UPDATE remoteusers SET handle='" + handle + "' WHERE actor_id='" + iri + "';"
-			// log.Info(query)
-			_, err := app.db.Exec("UPDATE remoteusers SET handle=? WHERE actor_id=?;", handle, actorIRI)
+			_, err := app.db.Exec("UPDATE remoteusers SET handle = ? WHERE actor_id = ?", handle, actorIRI)
 			if err != nil {
 				log.Error("Can't update handle (" + handle + ") in database for user " + actorIRI)
 			}
@@ -2579,15 +2578,17 @@ func (db *datastore) getProfilePageFromHandle(app *App, handle string) (actorIRI
 			if err != nil {
 				log.Error("Couldn't fetch remote actor", err)
 			}
-			fmt.Println(actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
-			_, err = app.db.Exec("INSERT INTO remoteusers (actor_id, inbox, shared_inbox, handle) VALUES( ?, ?, ?, ?)", actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
+			if debugging {
+				log.Info("%s %s %s %s", actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
+			}
+			_, err = app.db.Exec("INSERT INTO remoteusers (actor_id, inbox, shared_inbox, handle) VALUES(?, ?, ?, ?)", actorIRI, remoteActor.GetInbox(), remoteActor.GetSharedInbox(), handle)
 			if err != nil {
 				log.Error("Can't insert remote user in database", err)
 				return "", err
 			}
 		}
 	} else {
-		actorIRI = remoteuser.ActorID
+		actorIRI = remoteUser.ActorID
 	}
 	return actorIRI, nil
 }
diff --git a/posts.go b/posts.go
index 5115c92..a918531 100644
--- a/posts.go
+++ b/posts.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018-2019 A Bunch Tell LLC.
+ * Copyright © 2018-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -1176,7 +1176,7 @@ func (p *PublicPost) ActivityObject(app *App) *activitystreams.Object {
 	mentions := mentionRegex.FindAllString(content, -1)
 
 	for _, handle := range mentions {
-		actorIRI, err := app.db.getProfilePageFromHandle(app, handle)
+		actorIRI, err := app.db.GetProfilePageFromHandle(app, handle)
 		if err != nil {
 			log.Info("Can't find this user either in the database nor in the remote instance")
 			return nil

From 81edb739dda0db3368349a4ef809cbc1c7bdc2a0 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 8 Feb 2020 12:19:08 -0500
Subject: [PATCH 57/69] Fix mention links

by making them absolute, not relative.
---
 postrender.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/postrender.go b/postrender.go
index 1b25598..2f03f85 100644
--- a/postrender.go
+++ b/postrender.go
@@ -87,7 +87,7 @@ func applyMarkdownSpecial(data []byte, skipNoFollow bool, baseURL string, cfg *c
 			tagPrefix = "/read/t/"
 		}
 		md = []byte(hashtagReg.ReplaceAll(md, []byte("<a href=\""+tagPrefix+"$1\" class=\"hashtag\"><span>#</span><span class=\"p-category\">$1</span></a>")))
-		handlePrefix := "/mention:"
+		handlePrefix := cfg.App.Host + "/mention:"
 		md = []byte(mentionReg.ReplaceAll(md, []byte("<a href=\""+handlePrefix+"$0\" class=\"mention\">$0</a>")))
 	}
 	// Strip out bad HTML

From 867eb53b3596bd7b3f2be3c53a3faf857f4cd36d Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 8 Feb 2020 12:55:10 -0500
Subject: [PATCH 58/69] Show 404 when remote user not found

This notifies the user that the remote user doesn't exist, instead of
showing a blank page.

Ref T627
---
 collections.go | 6 +++---
 errors.go      | 7 ++++---
 2 files changed, 7 insertions(+), 6 deletions(-)

diff --git a/collections.go b/collections.go
index 8ee88f1..189b4e4 100644
--- a/collections.go
+++ b/collections.go
@@ -862,9 +862,9 @@ func handleViewMention(app *App, w http.ResponseWriter, r *http.Request) error {
 	handle := vars["handle"]
 
 	remoteUser, err := app.db.GetProfilePageFromHandle(app, handle)
-	if err != nil {
-		log.Error("Couldn't find this user "+handle, err)
-		return nil
+	if err != nil || remoteUser == "" {
+		log.Error("Couldn't find user %s: %v", handle, err)
+		return ErrRemoteUserNotFound
 	}
 
 	return impart.HTTPError{Status: http.StatusFound, Message: remoteUser}
diff --git a/errors.go b/errors.go
index c0d435c..1da713a 100644
--- a/errors.go
+++ b/errors.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018 A Bunch Tell LLC.
+ * Copyright © 2018-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -45,8 +45,9 @@ var (
 	ErrPostUnpublished        = impart.HTTPError{Status: http.StatusGone, Message: "Post unpublished by author."}
 	ErrPostFetchError         = impart.HTTPError{Status: http.StatusInternalServerError, Message: "We encountered an error getting the post. The humans have been alerted."}
 
-	ErrUserNotFound      = impart.HTTPError{http.StatusNotFound, "User doesn't exist."}
-	ErrUserNotFoundEmail = impart.HTTPError{http.StatusNotFound, "Please enter your username instead of your email address."}
+	ErrUserNotFound       = impart.HTTPError{http.StatusNotFound, "User doesn't exist."}
+	ErrRemoteUserNotFound = impart.HTTPError{http.StatusNotFound, "Remote user not found."}
+	ErrUserNotFoundEmail  = impart.HTTPError{http.StatusNotFound, "Please enter your username instead of your email address."}
 
 	ErrUserSuspended = impart.HTTPError{http.StatusForbidden, "Account is silenced."}
 )

From eac223158af8e5b69d2a08044c80c1cc2b3fd114 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 8 Feb 2020 12:57:49 -0500
Subject: [PATCH 59/69] Move remote user URL to /@/

from /mention:

Ref T627
---
 postrender.go | 6 +++---
 routes.go     | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/postrender.go b/postrender.go
index 2f03f85..4afa42a 100644
--- a/postrender.go
+++ b/postrender.go
@@ -38,7 +38,7 @@ var (
 	titleElementReg = regexp.MustCompile("</?h[1-6]>")
 	hashtagReg      = regexp.MustCompile(`{{\[\[\|\|([^|]+)\|\|\]\]}}`)
 	markeddownReg   = regexp.MustCompile("<p>(.+)</p>")
-	mentionReg      = regexp.MustCompile(`@[A-Za-z0-9._%+-]+@[A-Za-z0-9.-]+\.[A-Za-z]+\b`)
+	mentionReg      = regexp.MustCompile(`@([A-Za-z0-9._%+-]+)(@[A-Za-z0-9.-]+\.[A-Za-z]+)\b`)
 )
 
 func (p *Post) formatContent(cfg *config.Config, c *Collection, isOwner bool) {
@@ -87,8 +87,8 @@ func applyMarkdownSpecial(data []byte, skipNoFollow bool, baseURL string, cfg *c
 			tagPrefix = "/read/t/"
 		}
 		md = []byte(hashtagReg.ReplaceAll(md, []byte("<a href=\""+tagPrefix+"$1\" class=\"hashtag\"><span>#</span><span class=\"p-category\">$1</span></a>")))
-		handlePrefix := cfg.App.Host + "/mention:"
-		md = []byte(mentionReg.ReplaceAll(md, []byte("<a href=\""+handlePrefix+"$0\" class=\"mention\">$0</a>")))
+		handlePrefix := cfg.App.Host + "/@/"
+		md = []byte(mentionReg.ReplaceAll(md, []byte("<a href=\""+handlePrefix+"$1$2\" class=\"mention\">@$1$2</a>")))
 	}
 	// Strip out bad HTML
 	policy := getSanitizationPolicy()
diff --git a/routes.go b/routes.go
index a3676f6..266299b 100644
--- a/routes.go
+++ b/routes.go
@@ -71,7 +71,7 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
 	write.HandleFunc(niCfg.InfoURL, handler.LogHandlerFunc(http.HandlerFunc(ni.NodeInfo)))
 
 	// handle mentions
-	write.HandleFunc("/mention:{handle}", handler.Web(handleViewMention, UserLevelReader))
+	write.HandleFunc("/@/{handle}", handler.Web(handleViewMention, UserLevelReader))
 
 	configureSlackOauth(handler, write, apper.App())
 	configureWriteAsOauth(handler, write, apper.App())

From 457051106d9db8e739f7bfb8db878aeda9fb8e80 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 8 Feb 2020 13:04:23 -0500
Subject: [PATCH 60/69] Add u-url class and span in mention link

Ref T627
---
 postrender.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/postrender.go b/postrender.go
index 4afa42a..e70c0d5 100644
--- a/postrender.go
+++ b/postrender.go
@@ -88,7 +88,7 @@ func applyMarkdownSpecial(data []byte, skipNoFollow bool, baseURL string, cfg *c
 		}
 		md = []byte(hashtagReg.ReplaceAll(md, []byte("<a href=\""+tagPrefix+"$1\" class=\"hashtag\"><span>#</span><span class=\"p-category\">$1</span></a>")))
 		handlePrefix := cfg.App.Host + "/@/"
-		md = []byte(mentionReg.ReplaceAll(md, []byte("<a href=\""+handlePrefix+"$1$2\" class=\"mention\">@$1$2</a>")))
+		md = []byte(mentionReg.ReplaceAll(md, []byte("<a href=\""+handlePrefix+"$1$2\" class=\"u-url mention\">@<span>$1$2</span></a>")))
 	}
 	// Strip out bad HTML
 	policy := getSanitizationPolicy()

From ca4b0acf6028522b75cbf3db64d143b5eb6e100f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 8 Feb 2020 13:05:09 -0500
Subject: [PATCH 61/69] Fix error logging format in RemoteLookup

---
 webfinger.go | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/webfinger.go b/webfinger.go
index 3cf0ba7..d9976f9 100644
--- a/webfinger.go
+++ b/webfinger.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018 A Bunch Tell LLC.
+ * Copyright © 2018-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -113,9 +113,8 @@ func RemoteLookup(handle string) string {
 
 	var result webfinger.Resource
 	err = json.Unmarshal(body, &result)
-
 	if err != nil {
-		log.Error("Unsupported webfinger response received", err)
+		log.Error("Unsupported webfinger response received: %v", err)
 		return ""
 	}
 

From 9589612d0e3efe61ab11493539c6d5c0b2b617d6 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 8 Feb 2020 13:05:54 -0500
Subject: [PATCH 62/69] Add TODOs for improving GetProfilePageFromHandle()

---
 activitypub.go | 4 ++--
 database.go    | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/activitypub.go b/activitypub.go
index 80c7365..a5b140d 100644
--- a/activitypub.go
+++ b/activitypub.go
@@ -1,5 +1,5 @@
 /*
- * Copyright © 2018-2019 A Bunch Tell LLC.
+ * Copyright © 2018-2020 A Bunch Tell LLC.
  *
  * This file is part of WriteFreely.
  *
@@ -715,7 +715,7 @@ func getRemoteUserFromHandle(app *App, handle string) (*RemoteUser, error) {
 	err := app.db.QueryRow("SELECT id, actor_id, inbox, shared_inbox FROM remoteusers WHERE handle = ?", handle).Scan(&u.ID, &u.ActorID, &u.Inbox, &u.SharedInbox)
 	switch {
 	case err == sql.ErrNoRows:
-		return nil, impart.HTTPError{http.StatusNotFound, "No remote user with that handle."}
+		return nil, ErrRemoteUserNotFound
 	case err != nil:
 		log.Error("Couldn't get remote user %s: %v", handle, err)
 		return nil, err
diff --git a/database.go b/database.go
index eca09d7..2d233d4 100644
--- a/database.go
+++ b/database.go
@@ -2563,6 +2563,7 @@ func (db *datastore) GetProfilePageFromHandle(app *App, handle string) (string,
 	if err != nil {
 		// can't find using handle in the table but the table may already have this user without
 		// handle from a previous version
+		// TODO: Make this determination. We should know whether a user exists without a handle, or doesn't exist at all
 		actorIRI = RemoteLookup(handle)
 		_, errRemoteUser := getRemoteUser(app, actorIRI)
 		// if it exists then we need to update the handle

From c9faff178d9501554463742b0a04122279f81c7e Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 8 Feb 2020 13:51:14 -0500
Subject: [PATCH 63/69] Don't float posts on account deletion

Ref T319
---
 database.go | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/database.go b/database.go
index bbec580..757a371 100644
--- a/database.go
+++ b/database.go
@@ -2184,16 +2184,6 @@ func (db *datastore) DeleteAccount(userID int64) error {
 		rs, _ = res.RowsAffected()
 		log.Info("Deleted %d for %s from collectionkeys", rs, c.Alias)
 
-		// Float all collection's posts
-		res, err = t.Exec("UPDATE posts SET collection_id = NULL WHERE collection_id = ? AND owner_id = ?", c.ID, userID)
-		if err != nil {
-			t.Rollback()
-			log.Error("Unable to update collection %s for posts: %v", c.Alias, err)
-			return err
-		}
-		rs, _ = res.RowsAffected()
-		log.Info("Removed %d posts from collection %s", rs, c.Alias)
-
 		// TODO: federate delete collection
 
 		// Remove remote follows

From af14bcbb7804334552a3b5d369b2a13f65b0f93f Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 8 Feb 2020 13:51:38 -0500
Subject: [PATCH 64/69] Clean up oauth_users table on account deletion

Ref T319
---
 database.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/database.go b/database.go
index 757a371..2c44492 100644
--- a/database.go
+++ b/database.go
@@ -2217,6 +2217,16 @@ func (db *datastore) DeleteAccount(userID int64) error {
 	rs, _ = res.RowsAffected()
 	log.Info("Deleted %d from accesstokens", rs)
 
+	// Delete user attributes
+	res, err = t.Exec("DELETE FROM oauth_users WHERE user_id = ?", userID)
+	if err != nil {
+		t.Rollback()
+		log.Error("Unable to delete oauth_users: %v", err)
+		return err
+	}
+	rs, _ = res.RowsAffected()
+	log.Info("Deleted %d from oauth_users", rs)
+
 	// Delete posts
 	// TODO: should maybe get each row so we can federate a delete
 	// if so needs to be outside of transaction like collections

From 666bd1b9d1e50fbe963dfa93616317784be6ba6c Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sat, 8 Feb 2020 14:46:05 -0500
Subject: [PATCH 65/69] Show correct error when user not found in admin panel

Previously, it would show a 500. This also logs the real reason if it's
not a "not found" error
---
 admin.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/admin.go b/admin.go
index 0a73a11..83dcc80 100644
--- a/admin.go
+++ b/admin.go
@@ -187,7 +187,11 @@ func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Reque
 	var err error
 	p.User, err = app.db.GetUserForAuth(username)
 	if err != nil {
-		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user: %v", err)}
+		if err == ErrUserNotFound {
+			return err
+		}
+		log.Error("Could not get user: %v", err)
+		return impart.HTTPError{http.StatusInternalServerError, err.Error()}
 	}
 
 	flashes, _ := getSessionFlashes(app, w, r, nil)

From 8cfffb56505318da1fc4253c59115be3cdc002bc Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sun, 9 Feb 2020 10:51:34 -0500
Subject: [PATCH 66/69] Disable form items on Invite page when silenced

Ref T661
---
 templates/user/invite.tmpl | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/templates/user/invite.tmpl b/templates/user/invite.tmpl
index edf7061..a853dc0 100644
--- a/templates/user/invite.tmpl
+++ b/templates/user/invite.tmpl
@@ -41,7 +41,7 @@ table td {
 		<div class="row">
 			<div class="half">
 				<label for="uses">Maximum number of uses:</label>
-				<select id="uses" name="uses">
+				<select id="uses" name="uses" {{if .Suspended}}disabled{{end}}>
 					<option value="0">No limit</option>
 					<option value="1">1 use</option>
 					<option value="5">5 uses</option>
@@ -53,7 +53,7 @@ table td {
 			</div>
 			<div class="half">
 				<label for="expires">Expire after:</label>
-				<select id="expires" name="expires">
+				<select id="expires" name="expires" {{if .Suspended}}disabled{{end}}>
 					<option value="0">Never</option>
 					<option value="30">30 minutes</option>
 					<option value="60">1 hour</option>
@@ -66,7 +66,7 @@ table td {
 			</div>
 		</div>
 		<div class="row">
-			<input type="submit" value="Generate" />
+			<input type="submit" value="Generate" {{if .Suspended}}disabled title="You cannot generate invites while your account is silenced."{{end}} />
 		</div>
 	</form>
 

From b78f64bad3d07f833e71e47270395196d792a6fd Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sun, 9 Feb 2020 10:57:08 -0500
Subject: [PATCH 67/69] Don't fail Invite page rendering on IsUserSuspended
 check

---
 invites.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/invites.go b/invites.go
index 63216fa..e39ec3b 100644
--- a/invites.go
+++ b/invites.go
@@ -67,7 +67,6 @@ func handleViewUserInvites(app *App, u *User, w http.ResponseWriter, r *http.Req
 	p.Suspended, err = app.db.IsUserSuspended(u.ID)
 	if err != nil {
 		log.Error("view invites: %v", err)
-		return ErrInternalGeneral
 	}
 
 	p.Invites, err = app.db.GetUserInvites(u.ID)

From 629d40b54904f32962102b7458ded0d1b05c2948 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sun, 9 Feb 2020 11:24:16 -0500
Subject: [PATCH 68/69] Fix collection rendering after merge

---
 collections.go | 1 -
 1 file changed, 1 deletion(-)

diff --git a/collections.go b/collections.go
index 7a4100c..32ffd80 100644
--- a/collections.go
+++ b/collections.go
@@ -71,7 +71,6 @@ type (
 		IsTopLevel  bool
 		CurrentPage int
 		TotalPages  int
-		Format      *CollectionFormat
 		Silenced    bool
 	}
 	SubmittedCollection struct {

From 7023b74d12da19a8c43646e455b07bca71cab034 Mon Sep 17 00:00:00 2001
From: Matt Baer <matt@write.as>
Date: Sun, 9 Feb 2020 11:24:48 -0500
Subject: [PATCH 69/69] Update calls and vars for Invites and elsewhere

Ref T661
---
 collections.go             |  2 +-
 invites.go                 |  6 +++---
 posts.go                   |  4 ++--
 templates/user/invite.tmpl | 10 +++++-----
 4 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/collections.go b/collections.go
index 32ffd80..9688ad9 100644
--- a/collections.go
+++ b/collections.go
@@ -656,7 +656,7 @@ func processCollectionPermissions(app *App, cr *collectionReq, u *User, w http.R
 			}
 
 			// TODO: move this to all permission checks?
-			suspended, err := app.db.IsUserSuspended(c.OwnerID)
+			suspended, err := app.db.IsUserSilenced(c.OwnerID)
 			if err != nil {
 				log.Error("process protected collection permissions: %v", err)
 				return nil, err
diff --git a/invites.go b/invites.go
index ed2b953..d5d024a 100644
--- a/invites.go
+++ b/invites.go
@@ -56,15 +56,15 @@ func handleViewUserInvites(app *App, u *User, w http.ResponseWriter, r *http.Req
 
 	p := struct {
 		*UserPage
-		Invites   *[]Invite
-		Suspended bool
+		Invites  *[]Invite
+		Silenced bool
 	}{
 		UserPage: NewUserPage(app, r, u, "Invite People", f),
 	}
 
 	var err error
 
-	p.Suspended, err = app.db.IsUserSuspended(u.ID)
+	p.Silenced, err = app.db.IsUserSilenced(u.ID)
 	if err != nil {
 		log.Error("view invites: %v", err)
 	}
diff --git a/posts.go b/posts.go
index 67435b7..a0e4588 100644
--- a/posts.go
+++ b/posts.go
@@ -386,7 +386,7 @@ func handleViewPost(app *App, w http.ResponseWriter, r *http.Request) error {
 
 	var silenced bool
 	if found {
-		silenced, err = app.db.IsUserSuspended(ownerID.Int64)
+		silenced, err = app.db.IsUserSilenced(ownerID.Int64)
 		if err != nil {
 			log.Error("view post: %v", err)
 		}
@@ -1365,7 +1365,7 @@ func viewCollectionPost(app *App, w http.ResponseWriter, r *http.Request) error
 		return ErrPostNotFound
 	}
 	if c.IsProtected() && (u == nil || u.ID != c.OwnerID) {
-		if suspended {
+		if silenced {
 			return ErrPostNotFound
 		} else if !isAuthorizedForCollection(app, c.Alias, r) {
 			return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug}
diff --git a/templates/user/invite.tmpl b/templates/user/invite.tmpl
index 3d94392..ea22f22 100644
--- a/templates/user/invite.tmpl
+++ b/templates/user/invite.tmpl
@@ -20,8 +20,8 @@ table td {
 </style>
 
 <div class="snug content-container">
-	{{if .Suspended}}
-		{{template "user-suspended"}}
+	{{if .Silenced}}
+		{{template "user-silenced"}}
 	{{end}}
 	<h1>Invite people</h1>
 	<p>Invite others to join <em>{{.SiteName}}</em> by generating and sharing invite links below.</p>
@@ -30,7 +30,7 @@ table td {
 		<div class="row">
 			<div class="half">
 				<label for="uses">Maximum number of uses:</label>
-				<select id="uses" name="uses" {{if .Suspended}}disabled{{end}}>
+				<select id="uses" name="uses" {{if .Silenced}}disabled{{end}}>
 					<option value="0">No limit</option>
 					<option value="1">1 use</option>
 					<option value="5">5 uses</option>
@@ -42,7 +42,7 @@ table td {
 			</div>
 			<div class="half">
 				<label for="expires">Expire after:</label>
-				<select id="expires" name="expires" {{if .Suspended}}disabled{{end}}>
+				<select id="expires" name="expires" {{if .Silenced}}disabled{{end}}>
 					<option value="0">Never</option>
 					<option value="30">30 minutes</option>
 					<option value="60">1 hour</option>
@@ -55,7 +55,7 @@ table td {
 			</div>
 		</div>
 		<div class="row">
-			<input type="submit" value="Generate" {{if .Suspended}}disabled title="You cannot generate invites while your account is silenced."{{end}} />
+			<input type="submit" value="Generate" {{if .Silenced}}disabled title="You cannot generate invites while your account is silenced."{{end}} />
 		</div>
 	</form>