writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1617 Commits
45 Branches
208 MiB
 
 
 
 
 
Branch: develop
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'develop'
${ noResults }
writefreely/email.go

463 lines
13 KiB
Raw Permalink Blame History 

  1. /*

  2.  * Copyright © 2019-2021 Musing Studio LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"database/sql"

  15. 	"encoding/json"

  16. 	"fmt"

  17. 	"html/template"

  18. 	"net/http"

  19. 	"strings"

  20. 	"time"

  21. 

  22. 	"github.com/aymerick/douceur/inliner"

  23. 	"github.com/gorilla/mux"

  24. 	"github.com/mailgun/mailgun-go"

  25. 	stripmd "github.com/writeas/go-strip-markdown/v2"

  26. 	"github.com/writeas/impart"

  27. 	"github.com/writeas/web-core/data"

  28. 	"github.com/writeas/web-core/log"

  29. 	"github.com/writefreely/writefreely/key"

  30. 	"github.com/writefreely/writefreely/spam"

  31. )

  32. 

  33. const (

  34. 	emailSendDelay = 15

  35. )

  36. 

  37. type (

  38. 	SubmittedSubscription struct {

  39. 		CollAlias string

  40. 		UserID    int64

  41. 

  42. 		Email string `schema:"email" json:"email"`

  43. 		Web   bool   `schema:"web" json:"web"`

  44. 		Slug  string `schema:"slug" json:"slug"`

  45. 		From  string `schema:"from" json:"from"`

  46. 	}

  47. 

  48. 	EmailSubscriber struct {

  49. 		ID          string

  50. 		CollID      int64

  51. 		UserID      sql.NullInt64

  52. 		Email       sql.NullString

  53. 		Subscribed  time.Time

  54. 		Token       string

  55. 		Confirmed   bool

  56. 		AllowExport bool

  57. 		acctEmail   sql.NullString

  58. 	}

  59. )

  60. 

  61. func (es *EmailSubscriber) FinalEmail(keys *key.Keychain) string {

  62. 	if !es.UserID.Valid || es.Email.Valid {

  63. 		return es.Email.String

  64. 	}

  65. 

  66. 	decEmail, err := data.Decrypt(keys.EmailKey, []byte(es.acctEmail.String))

  67. 	if err != nil {

  68. 		log.Error("Error decrypting user email: %v", err)

  69. 		return ""

  70. 	}

  71. 	return string(decEmail)

  72. }

  73. 

  74. func (es *EmailSubscriber) SubscribedFriendly() string {

  75. 	return es.Subscribed.Format("January 2, 2006")

  76. }

  77. 

  78. func handleCreateEmailSubscription(app *App, w http.ResponseWriter, r *http.Request) error {

  79. 	reqJSON := IsJSON(r)

  80. 	vars := mux.Vars(r)

  81. 	var err error

  82. 

  83. 	ss := SubmittedSubscription{

  84. 		CollAlias: vars["alias"],

  85. 	}

  86. 	u := getUserSession(app, r)

  87. 	if u != nil {

  88. 		ss.UserID = u.ID

  89. 	}

  90. 	if reqJSON {

  91. 		// Decode JSON request

  92. 		decoder := json.NewDecoder(r.Body)

  93. 		err = decoder.Decode(&ss)

  94. 		if err != nil {

  95. 			log.Error("Couldn't parse new subscription JSON request: %v\n", err)

  96. 			return ErrBadJSON

  97. 		}

  98. 	} else {

  99. 		err = r.ParseForm()

  100. 		if err != nil {

  101. 			log.Error("Couldn't parse new subscription form request: %v\n", err)

  102. 			return ErrBadFormData

  103. 		}

  104. 

  105. 		err = app.formDecoder.Decode(&ss, r.PostForm)

  106. 		if err != nil {

  107. 			log.Error("Continuing, but error decoding new subscription form request: %v\n", err)

  108. 			//return ErrBadFormData

  109. 		}

  110. 	}

  111. 

  112. 	c, err := app.db.GetCollection(ss.CollAlias)

  113. 	if err != nil {

  114. 		log.Error("getCollection: %s", err)

  115. 		return err

  116. 	}

  117. 	c.hostName = app.cfg.App.Host

  118. 

  119. 	from := c.CanonicalURL()

  120. 	isAuthorBanned, err := app.db.IsUserSilenced(c.OwnerID)

  121. 	if isAuthorBanned {

  122. 		log.Info("Author is silenced, so subscription is blocked.")

  123. 		return impart.HTTPError{http.StatusFound, from}

  124. 	}

  125. 

  126. 	if ss.Web {

  127. 		if u != nil && u.ID == c.OwnerID {

  128. 			from = "/" + c.Alias + "/"

  129. 		}

  130. 		from += ss.Slug

  131. 	}

  132. 

  133. 	if r.FormValue(spam.HoneypotFieldName()) != "" || r.FormValue("fake_password") != "" {

  134. 		log.Info("Honeypot field was filled out! Not subscribing.")

  135. 		return impart.HTTPError{http.StatusFound, from}

  136. 	}

  137. 

  138. 	if ss.Email == "" && ss.UserID < 1 {

  139. 		log.Info("No subscriber data. Not subscribing.")

  140. 		return impart.HTTPError{http.StatusFound, from}

  141. 	}

  142. 

  143. 	confirmed := app.db.IsSubscriberConfirmed(ss.Email)

  144. 	es, err := app.db.AddEmailSubscription(c.ID, ss.UserID, ss.Email, confirmed)

  145. 	if err != nil {

  146. 		log.Error("addEmailSubscription: %s", err)

  147. 		return err

  148. 	}

  149. 

  150. 	// Send confirmation email if needed

  151. 	if !confirmed {

  152. 		err = sendSubConfirmEmail(app, c, ss.Email, es.ID, es.Token)

  153. 		if err != nil {

  154. 			log.Error("Failed to send subscription confirmation email: %s", err)

  155. 			return err

  156. 		}

  157. 	}

  158. 

  159. 	if ss.Web {

  160. 		session, err := app.sessionStore.Get(r, userEmailCookieName)

  161. 		if err != nil {

  162. 			// The cookie should still save, even if there's an error.

  163. 			// Source: https://github.com/gorilla/sessions/issues/16#issuecomment-143642144

  164. 			log.Error("Getting user email cookie: %v; ignoring", err)

  165. 		}

  166. 		if confirmed {

  167. 			addSessionFlash(app, w, r, "<strong>Subscribed</strong>. You'll now receive future blog posts via email.", nil)

  168. 		} else {

  169. 			addSessionFlash(app, w, r, "Please check your email and <strong>click the confirmation link</strong> to subscribe.", nil)

  170. 		}

  171. 		session.Values[userEmailCookieVal] = ss.Email

  172. 		err = session.Save(r, w)

  173. 		if err != nil {

  174. 			log.Error("save email cookie: %s", err)

  175. 			return err

  176. 		}

  177. 

  178. 		return impart.HTTPError{http.StatusFound, from}

  179. 	}

  180. 	return impart.WriteSuccess(w, "", http.StatusAccepted)

  181. }

  182. 

  183. func handleDeleteEmailSubscription(app *App, w http.ResponseWriter, r *http.Request) error {

  184. 	alias := collectionAliasFromReq(r)

  185. 

  186. 	vars := mux.Vars(r)

  187. 	subID := vars["subscriber"]

  188. 	email := r.FormValue("email")

  189. 	token := r.FormValue("t")

  190. 	slug := r.FormValue("slug")

  191. 	isWeb := r.Method == "GET"

  192. 

  193. 	// Display collection if this is a collection

  194. 	var c *Collection

  195. 	var err error

  196. 	if app.cfg.App.SingleUser {

  197. 		c, err = app.db.GetCollectionByID(1)

  198. 	} else {

  199. 		c, err = app.db.GetCollection(alias)

  200. 	}

  201. 	if err != nil {

  202. 		log.Error("Get collection: %s", err)

  203. 		return err

  204. 	}

  205. 

  206. 	from := c.CanonicalURL()

  207. 

  208. 	if subID != "" {

  209. 		// User unsubscribing via email, so assume action is taken by either current

  210. 		// user or not current user, and only use the request's information to

  211. 		// satisfy this unsubscribe, i.e. subscriberID and token.

  212. 		err = app.db.DeleteEmailSubscriber(subID, token)

  213. 	} else {

  214. 		// User unsubscribing through the web app, so assume action is taken by

  215. 		// currently-auth'd user.

  216. 		var userID int64

  217. 		u := getUserSession(app, r)

  218. 		if u != nil {

  219. 			// User is logged in

  220. 			userID = u.ID

  221. 			if userID == c.OwnerID {

  222. 				from = "/" + c.Alias + "/"

  223. 			}

  224. 		}

  225. 		if email == "" && userID <= 0 {

  226. 			// Get email address from saved cookie

  227. 			session, err := app.sessionStore.Get(r, userEmailCookieName)

  228. 			if err != nil {

  229. 				log.Error("Unable to get email cookie: %s", err)

  230. 			} else {

  231. 				email = session.Values[userEmailCookieVal].(string)

  232. 			}

  233. 		}

  234. 

  235. 		if email == "" && userID <= 0 {

  236. 			err = fmt.Errorf("No subscriber given.")

  237. 			log.Error("Not deleting subscription: %s", err)

  238. 			return err

  239. 		}

  240. 

  241. 		err = app.db.DeleteEmailSubscriberByUser(email, userID, c.ID)

  242. 	}

  243. 	if err != nil {

  244. 		log.Error("Unable to delete subscriber: %v", err)

  245. 		return err

  246. 	}

  247. 

  248. 	if isWeb {

  249. 		from += slug

  250. 		addSessionFlash(app, w, r, "<strong>Unsubscribed</strong>. You will no longer receive these blog posts via email.", nil)

  251. 		return impart.HTTPError{http.StatusFound, from}

  252. 	}

  253. 	return impart.WriteSuccess(w, "", http.StatusAccepted)

  254. }

  255. 

  256. func handleConfirmEmailSubscription(app *App, w http.ResponseWriter, r *http.Request) error {

  257. 	alias := collectionAliasFromReq(r)

  258. 	subID := mux.Vars(r)["subscriber"]

  259. 	token := r.FormValue("t")

  260. 

  261. 	var c *Collection

  262. 	var err error

  263. 	if app.cfg.App.SingleUser {

  264. 		c, err = app.db.GetCollectionByID(1)

  265. 	} else {

  266. 		c, err = app.db.GetCollection(alias)

  267. 	}

  268. 	if err != nil {

  269. 		log.Error("Get collection: %s", err)

  270. 		return err

  271. 	}

  272. 

  273. 	from := c.CanonicalURL()

  274. 

  275. 	err = app.db.UpdateSubscriberConfirmed(subID, token)

  276. 	if err != nil {

  277. 		addSessionFlash(app, w, r, err.Error(), nil)

  278. 		return impart.HTTPError{http.StatusFound, from}

  279. 	}

  280. 

  281. 	addSessionFlash(app, w, r, "<strong>Confirmed</strong>! Thanks. Now you'll receive future blog posts via email.", nil)

  282. 	return impart.HTTPError{http.StatusFound, from}

  283. }

  284. 

  285. func emailPost(app *App, p *PublicPost, collID int64) error {

  286. 	p.augmentContent()

  287. 

  288. 	// Do some shortcode replacement.

  289. 	// Since the user is receiving this email, we can assume they're subscribed via email.

  290. 	p.Content = strings.Replace(p.Content, "<!--emailsub-->", `<p id="emailsub">You're subscribed to email updates.</p>`, -1)

  291. 

  292. 	if p.HTMLContent == template.HTML("") {

  293. 		p.formatContent(app.cfg, false, false)

  294. 	}

  295. 	p.augmentReadingDestination()

  296. 

  297. 	title := p.Title.String

  298. 	if title != "" {

  299. 		title = p.Title.String + "\n\n"

  300. 	}

  301. 	plainMsg := title + "A new post from " + p.CanonicalURL(app.cfg.App.Host) + "\n\n" + stripmd.Strip(p.Content)

  302. 	plainMsg += `

  303. 

  304. ---------------------------------------------------------------------------------

  305. 

  306. Originally published on ` + p.Collection.DisplayTitle() + ` (` + p.Collection.CanonicalURL() + `), a blog you subscribe to.

  307. 

  308. Sent to %recipient.to%. Unsubscribe: ` + p.Collection.CanonicalURL() + `email/unsubscribe/%recipient.id%?t=%recipient.token%`

  309. 

  310. 	gun := mailgun.NewMailgun(app.cfg.Email.Domain, app.cfg.Email.MailgunPrivate)

  311. 	m := mailgun.NewMessage(p.Collection.DisplayTitle()+" <"+p.Collection.Alias+"@"+app.cfg.Email.Domain+">", stripmd.Strip(p.DisplayTitle()), plainMsg)

  312. 	replyTo := app.db.GetCollectionAttribute(collID, collAttrLetterReplyTo)

  313. 	if replyTo != "" {

  314. 		m.SetReplyTo(replyTo)

  315. 	}

  316. 

  317. 	subs, err := app.db.GetEmailSubscribers(collID, true)

  318. 	if err != nil {

  319. 		log.Error("Unable to get email subscribers: %v", err)

  320. 		return err

  321. 	}

  322. 	if len(subs) == 0 {

  323. 		return nil

  324. 	}

  325. 

  326. 	if title != "" {

  327. 		title = string(`<h2 id="title">` + p.FormattedDisplayTitle() + `</h2>`)

  328. 	}

  329. 	m.AddTag("New post")

  330. 

  331. 	fontFam := "Lora, Palatino, Baskerville, serif"

  332. 	if p.IsSans() {

  333. 		fontFam = `"Open Sans", Tahoma, Arial, sans-serif`

  334. 	} else if p.IsMonospace() {

  335. 		fontFam = `Hack, consolas, Menlo-Regular, Menlo, Monaco, monospace, monospace`

  336. 	}

  337. 

  338. 	// TODO: move this to a templated file and LESS-generated stylesheet

  339. 	fullHTML := `<html>

  340. 	<head>

  341. 		<style>

  342. 		body {

  343. 			font-size: 120%;

  344. 			font-family: ` + fontFam + `;

  345. 			margin: 1em 2em;

  346. 		}

  347. 		#article {

  348. 			line-height: 1.5;

  349. 			margin: 1.5em 0;

  350. 			white-space: pre-wrap;

  351. 			word-wrap: break-word;

  352. 		}

  353. 		h1, h2, h3, h4, h5, h6, p, code {

  354. 			display: inline

  355. 		}

  356. 		img, iframe, video {

  357. 			max-width: 100%

  358. 		}

  359. 		#title {

  360. 			margin-bottom: 1em;

  361. 			display: block;

  362. 		}

  363. 		.intro {

  364. 			font-style: italic;

  365. 			font-size: 0.95em;

  366. 		}

  367. 		div#footer {

  368. 			text-align: center;

  369. 			max-width: 35em;

  370. 			margin: 2em auto;

  371. 		}

  372. 		div#footer p {

  373. 			display: block;

  374. 			font-size: 0.86em;

  375. 			color: #666;

  376. 		}

  377. 		hr {

  378. 			border: 1px solid #ccc;

  379. 			margin: 2em 1em;

  380. 		}

  381. 		p#emailsub {

  382. 			text-align: center;

  383. 			display: inline-block !important;

  384. 			width: 100%;

  385. 			font-style: italic;

  386. 		}

  387. 		</style>

  388. 	</head>

  389. 	<body>

  390. 		<div id="article">` + title + `<p class="intro">From <a href="` + p.CanonicalURL(app.cfg.App.Host) + `">` + p.DisplayCanonicalURL() + `</a></p>

  391. 

  392. ` + string(p.HTMLContent) + `</div>

  393. 		<hr />

  394. 		<div id="footer">

  395. 			<p>Originally published on <a href="` + p.Collection.CanonicalURL() + `">` + p.Collection.DisplayTitle() + `</a>, a blog you subscribe to.</p>

  396. 			<p>Sent to %recipient.to%. <a href="` + p.Collection.CanonicalURL() + `email/unsubscribe/%recipient.id%?t=%recipient.token%">Unsubscribe</a>.</p>

  397. 		</div>

  398. 	</body>

  399. </html>`

  400. 

  401. 	// inline CSS

  402. 	html, err := inliner.Inline(fullHTML)

  403. 	if err != nil {

  404. 		log.Error("Unable to inline email HTML: %v", err)

  405. 		return err

  406. 	}

  407. 

  408. 	m.SetHtml(html)

  409. 

  410. 	log.Info("[email] Adding %d recipient(s)", len(subs))

  411. 	for _, s := range subs {

  412. 		e := s.FinalEmail(app.keys)

  413. 		log.Info("[email] Adding %s", e)

  414. 		err = m.AddRecipientAndVariables(e, map[string]interface{}{

  415. 			"id":    s.ID,

  416. 			"to":    e,

  417. 			"token": s.Token,

  418. 		})

  419. 		if err != nil {

  420. 			log.Error("Unable to add receipient %s: %s", e, err)

  421. 		}

  422. 	}

  423. 

  424. 	res, _, err := gun.Send(m)

  425. 	log.Info("[email] Send result: %s", res)

  426. 	if err != nil {

  427. 		log.Error("Unable to send post email: %v", err)

  428. 		return err

  429. 	}

  430. 

  431. 	return nil

  432. }

  433. 

  434. func sendSubConfirmEmail(app *App, c *Collection, email, subID, token string) error {

  435. 	if email == "" {

  436. 		return fmt.Errorf("You must supply an email to verify.")

  437. 	}

  438. 

  439. 	// Send email

  440. 	gun := mailgun.NewMailgun(app.cfg.Email.Domain, app.cfg.Email.MailgunPrivate)

  441. 

  442. 	plainMsg := "Confirm your subscription to " + c.DisplayTitle() + ` (` + c.CanonicalURL() + `) to start receiving future posts. Simply click the following link (or copy and paste it into your browser):

  443. 

  444. ` + c.CanonicalURL() + "email/confirm/" + subID + "?t=" + token + `

  445. 

  446. If you didn't subscribe to this site or you're not sure why you're getting this email, you can delete it. You won't be subscribed or receive any future emails.`

  447. 	m := mailgun.NewMessage(c.DisplayTitle()+" <"+c.Alias+"@"+app.cfg.Email.Domain+">", "Confirm your subscription to "+c.DisplayTitle(), plainMsg, fmt.Sprintf("<%s>", email))

  448. 	m.AddTag("Email Verification")

  449. 

  450. 	m.SetHtml(`<html>

  451. 	<body style="font-family:Lora, 'Palatino Linotype', Palatino, Baskerville, 'Book Antiqua', 'New York', 'DejaVu serif', serif; font-size: 100%%; margin:1em 2em;">

  452. 		<div style="font-size: 1.2em;">

  453. 			<p>Confirm your subscription to <a href="` + c.CanonicalURL() + `">` + c.DisplayTitle() + `</a> to start receiving future posts:</p>

  454. 			<p><a href="` + c.CanonicalURL() + `email/confirm/` + subID + `?t=` + token + `">Subscribe to ` + c.DisplayTitle() + `</a></p>

  455. 			<p>If you didn't subscribe to this site or you're not sure why you're getting this email, you can delete it. You won't be subscribed or receive any future emails.</p>

  456.         </div>

  457. 	</body>

  458. </html>`)

  459. 	gun.Send(m)

  460. 

  461. 	return nil

  462. }