writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
771 Commits
45 Branches
203 MiB
 
 
 
 
 
Tree: 468bbf2187
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '468bbf2187'
${ noResults }
writefreely/admin.go

531 lines
15 KiB
Raw Blame History 

  1. /*

  2.  * Copyright © 2018-2019 A Bunch Tell LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"database/sql"

  15. 	"fmt"

  16. 	"net/http"

  17. 	"runtime"

  18. 	"strconv"

  19. 	"strings"

  20. 	"time"

  21. 

  22. 	"github.com/gorilla/mux"

  23. 	"github.com/writeas/impart"

  24. 	"github.com/writeas/web-core/auth"

  25. 	"github.com/writeas/web-core/log"

  26. 	"github.com/writeas/web-core/passgen"

  27. 	"github.com/writeas/writefreely/appstats"

  28. 	"github.com/writeas/writefreely/config"

  29. )

  30. 

  31. var (

  32. 	appStartTime = time.Now()

  33. 	sysStatus    systemStatus

  34. )

  35. 

  36. const adminUsersPerPage = 30

  37. 

  38. type systemStatus struct {

  39. 	Uptime       string

  40. 	NumGoroutine int

  41. 

  42. 	// General statistics.

  43. 	MemAllocated string // bytes allocated and still in use

  44. 	MemTotal     string // bytes allocated (even if freed)

  45. 	MemSys       string // bytes obtained from system (sum of XxxSys below)

  46. 	Lookups      uint64 // number of pointer lookups

  47. 	MemMallocs   uint64 // number of mallocs

  48. 	MemFrees     uint64 // number of frees

  49. 

  50. 	// Main allocation heap statistics.

  51. 	HeapAlloc    string // bytes allocated and still in use

  52. 	HeapSys      string // bytes obtained from system

  53. 	HeapIdle     string // bytes in idle spans

  54. 	HeapInuse    string // bytes in non-idle span

  55. 	HeapReleased string // bytes released to the OS

  56. 	HeapObjects  uint64 // total number of allocated objects

  57. 

  58. 	// Low-level fixed-size structure allocator statistics.

  59. 	//	Inuse is bytes used now.

  60. 	//	Sys is bytes obtained from system.

  61. 	StackInuse  string // bootstrap stacks

  62. 	StackSys    string

  63. 	MSpanInuse  string // mspan structures

  64. 	MSpanSys    string

  65. 	MCacheInuse string // mcache structures

  66. 	MCacheSys   string

  67. 	BuckHashSys string // profiling bucket hash table

  68. 	GCSys       string // GC metadata

  69. 	OtherSys    string // other system allocations

  70. 

  71. 	// Garbage collector statistics.

  72. 	NextGC       string // next run in HeapAlloc time (bytes)

  73. 	LastGC       string // last run in absolute time (ns)

  74. 	PauseTotalNs string

  75. 	PauseNs      string // circular buffer of recent GC pause times, most recent at [(NumGC+255)%256]

  76. 	NumGC        uint32

  77. }

  78. 

  79. type inspectedCollection struct {

  80. 	CollectionObj

  81. 	Followers int

  82. 	LastPost  string

  83. }

  84. 

  85. type instanceContent struct {

  86. 	ID      string

  87. 	Type    string

  88. 	Title   sql.NullString

  89. 	Content string

  90. 	Updated time.Time

  91. }

  92. 

  93. func (c instanceContent) UpdatedFriendly() string {

  94. 	/*

  95. 		// TODO: accept a locale in this method and use that for the format

  96. 		var loc monday.Locale = monday.LocaleEnUS

  97. 		return monday.Format(u.Created, monday.DateTimeFormatsByLocale[loc], loc)

  98. 	*/

  99. 	return c.Updated.Format("January 2, 2006, 3:04 PM")

  100. }

  101. 

  102. func handleViewAdminDash(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  103. 	updateAppStats()

  104. 	p := struct {

  105. 		*UserPage

  106. 		SysStatus systemStatus

  107. 		Config    config.AppCfg

  108. 

  109. 		Message, ConfigMessage string

  110. 	}{

  111. 		UserPage:  NewUserPage(app, r, u, "Admin", nil),

  112. 		SysStatus: sysStatus,

  113. 		Config:    app.cfg.App,

  114. 

  115. 		Message:       r.FormValue("m"),

  116. 		ConfigMessage: r.FormValue("cm"),

  117. 	}

  118. 

  119. 	showUserPage(w, "admin", p)

  120. 	return nil

  121. }

  122. 

  123. func handleViewAdminUsers(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  124. 	p := struct {

  125. 		*UserPage

  126. 		Config  config.AppCfg

  127. 		Message string

  128. 

  129. 		Users      *[]User

  130. 		CurPage    int

  131. 		TotalUsers int64

  132. 		TotalPages []int

  133. 	}{

  134. 		UserPage: NewUserPage(app, r, u, "Users", nil),

  135. 		Config:   app.cfg.App,

  136. 		Message:  r.FormValue("m"),

  137. 	}

  138. 

  139. 	p.TotalUsers = app.db.GetAllUsersCount()

  140. 	ttlPages := p.TotalUsers / adminUsersPerPage

  141. 	p.TotalPages = []int{}

  142. 	for i := 1; i <= int(ttlPages); i++ {

  143. 		p.TotalPages = append(p.TotalPages, i)

  144. 	}

  145. 

  146. 	var err error

  147. 	p.CurPage, err = strconv.Atoi(r.FormValue("p"))

  148. 	if err != nil || p.CurPage < 1 {

  149. 		p.CurPage = 1

  150. 	} else if p.CurPage > int(ttlPages) {

  151. 		p.CurPage = int(ttlPages)

  152. 	}

  153. 

  154. 	p.Users, err = app.db.GetAllUsers(uint(p.CurPage))

  155. 	if err != nil {

  156. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get users: %v", err)}

  157. 	}

  158. 

  159. 	showUserPage(w, "users", p)

  160. 	return nil

  161. }

  162. 

  163. func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  164. 	vars := mux.Vars(r)

  165. 	username := vars["username"]

  166. 	if username == "" {

  167. 		return impart.HTTPError{http.StatusFound, "/admin/users"}

  168. 	}

  169. 

  170. 	p := struct {

  171. 		*UserPage

  172. 		Config  config.AppCfg

  173. 		Message string

  174. 

  175. 		User        *User

  176. 		Colls       []inspectedCollection

  177. 		LastPost    string

  178. 		NewPassword string

  179. 		TotalPosts  int64

  180. 		ClearEmail  string

  181. 	}{

  182. 		Config:  app.cfg.App,

  183. 		Message: r.FormValue("m"),

  184. 		Colls:   []inspectedCollection{},

  185. 	}

  186. 

  187. 	var err error

  188. 	p.User, err = app.db.GetUserForAuth(username)

  189. 	if err != nil {

  190. 		if err == ErrUserNotFound {

  191. 			return err

  192. 		}

  193. 		log.Error("Could not get user: %v", err)

  194. 		return impart.HTTPError{http.StatusInternalServerError, err.Error()}

  195. 	}

  196. 

  197. 	flashes, _ := getSessionFlashes(app, w, r, nil)

  198. 	for _, flash := range flashes {

  199. 		if strings.HasPrefix(flash, "SUCCESS: ") {

  200. 			p.NewPassword = strings.TrimPrefix(flash, "SUCCESS: ")

  201. 			p.ClearEmail = p.User.EmailClear(app.keys)

  202. 		}

  203. 	}

  204. 	p.UserPage = NewUserPage(app, r, u, p.User.Username, nil)

  205. 	p.TotalPosts = app.db.GetUserPostsCount(p.User.ID)

  206. 	lp, err := app.db.GetUserLastPostTime(p.User.ID)

  207. 	if err != nil {

  208. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user's last post time: %v", err)}

  209. 	}

  210. 	if lp != nil {

  211. 		p.LastPost = lp.Format("January 2, 2006, 3:04 PM")

  212. 	}

  213. 

  214. 	colls, err := app.db.GetCollections(p.User, app.cfg.App.Host)

  215. 	if err != nil {

  216. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user's collections: %v", err)}

  217. 	}

  218. 	for _, c := range *colls {

  219. 		ic := inspectedCollection{

  220. 			CollectionObj: CollectionObj{Collection: c},

  221. 		}

  222. 

  223. 		if app.cfg.App.Federation {

  224. 			folls, err := app.db.GetAPFollowers(&c)

  225. 			if err == nil {

  226. 				// TODO: handle error here (at least log it)

  227. 				ic.Followers = len(*folls)

  228. 			}

  229. 		}

  230. 

  231. 		app.db.GetPostsCount(&ic.CollectionObj, true)

  232. 

  233. 		lp, err := app.db.GetCollectionLastPostTime(c.ID)

  234. 		if err != nil {

  235. 			log.Error("Didn't get last post time for collection %d: %v", c.ID, err)

  236. 		}

  237. 		if lp != nil {

  238. 			ic.LastPost = lp.Format("January 2, 2006, 3:04 PM")

  239. 		}

  240. 

  241. 		p.Colls = append(p.Colls, ic)

  242. 	}

  243. 

  244. 	showUserPage(w, "view-user", p)

  245. 	return nil

  246. }

  247. 

  248. func handleAdminToggleUserStatus(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  249. 	vars := mux.Vars(r)

  250. 	username := vars["username"]

  251. 	if username == "" {

  252. 		return impart.HTTPError{http.StatusFound, "/admin/users"}

  253. 	}

  254. 

  255. 	user, err := app.db.GetUserForAuth(username)

  256. 	if err != nil {

  257. 		log.Error("failed to get user: %v", err)

  258. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user from username: %v", err)}

  259. 	}

  260. 	if user.IsSilenced() {

  261. 		err = app.db.SetUserStatus(user.ID, UserActive)

  262. 	} else {

  263. 		err = app.db.SetUserStatus(user.ID, UserSilenced)

  264. 	}

  265. 	if err != nil {

  266. 		log.Error("toggle user silenced: %v", err)

  267. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not toggle user status: %v", err)}

  268. 	}

  269. 	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s#status", username)}

  270. }

  271. 

  272. func handleAdminResetUserPass(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  273. 	vars := mux.Vars(r)

  274. 	username := vars["username"]

  275. 	if username == "" {

  276. 		return impart.HTTPError{http.StatusFound, "/admin/users"}

  277. 	}

  278. 

  279. 	// Generate new random password since none supplied

  280. 	pass := passgen.NewWordish()

  281. 	hashedPass, err := auth.HashPass([]byte(pass))

  282. 	if err != nil {

  283. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not create password hash: %v", err)}

  284. 	}

  285. 

  286. 	userIDVal := r.FormValue("user")

  287. 	log.Info("ADMIN: Changing user %s password", userIDVal)

  288. 	id, err := strconv.Atoi(userIDVal)

  289. 	if err != nil {

  290. 		return impart.HTTPError{http.StatusBadRequest, fmt.Sprintf("Invalid user ID: %v", err)}

  291. 	}

  292. 

  293. 	err = app.db.ChangePassphrase(int64(id), true, "", hashedPass)

  294. 	if err != nil {

  295. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not update passphrase: %v", err)}

  296. 	}

  297. 	log.Info("ADMIN: Successfully changed.")

  298. 

  299. 	addSessionFlash(app, w, r, fmt.Sprintf("SUCCESS: %s", pass), nil)

  300. 

  301. 	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s", username)}

  302. }

  303. 

  304. func handleViewAdminPages(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  305. 	p := struct {

  306. 		*UserPage

  307. 		Config  config.AppCfg

  308. 		Message string

  309. 

  310. 		Pages []*instanceContent

  311. 	}{

  312. 		UserPage: NewUserPage(app, r, u, "Pages", nil),

  313. 		Config:   app.cfg.App,

  314. 		Message:  r.FormValue("m"),

  315. 	}

  316. 

  317. 	var err error

  318. 	p.Pages, err = app.db.GetInstancePages()

  319. 	if err != nil {

  320. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get pages: %v", err)}

  321. 	}

  322. 

  323. 	// Add in default pages

  324. 	var hasAbout, hasPrivacy bool

  325. 	for i, c := range p.Pages {

  326. 		if hasAbout && hasPrivacy {

  327. 			break

  328. 		}

  329. 		if c.ID == "about" {

  330. 			hasAbout = true

  331. 			if !c.Title.Valid {

  332. 				p.Pages[i].Title = defaultAboutTitle(app.cfg)

  333. 			}

  334. 		} else if c.ID == "privacy" {

  335. 			hasPrivacy = true

  336. 			if !c.Title.Valid {

  337. 				p.Pages[i].Title = defaultPrivacyTitle()

  338. 			}

  339. 		}

  340. 	}

  341. 	if !hasAbout {

  342. 		p.Pages = append(p.Pages, &instanceContent{

  343. 			ID:      "about",

  344. 			Title:   defaultAboutTitle(app.cfg),

  345. 			Content: defaultAboutPage(app.cfg),

  346. 			Updated: defaultPageUpdatedTime,

  347. 		})

  348. 	}

  349. 	if !hasPrivacy {

  350. 		p.Pages = append(p.Pages, &instanceContent{

  351. 			ID:      "privacy",

  352. 			Title:   defaultPrivacyTitle(),

  353. 			Content: defaultPrivacyPolicy(app.cfg),

  354. 			Updated: defaultPageUpdatedTime,

  355. 		})

  356. 	}

  357. 

  358. 	showUserPage(w, "pages", p)

  359. 	return nil

  360. }

  361. 

  362. func handleViewAdminPage(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  363. 	vars := mux.Vars(r)

  364. 	slug := vars["slug"]

  365. 	if slug == "" {

  366. 		return impart.HTTPError{http.StatusFound, "/admin/pages"}

  367. 	}

  368. 

  369. 	p := struct {

  370. 		*UserPage

  371. 		Config  config.AppCfg

  372. 		Message string

  373. 

  374. 		Banner  *instanceContent

  375. 		Content *instanceContent

  376. 	}{

  377. 		Config:  app.cfg.App,

  378. 		Message: r.FormValue("m"),

  379. 	}

  380. 

  381. 	var err error

  382. 	// Get pre-defined pages, or select slug

  383. 	if slug == "about" {

  384. 		p.Content, err = getAboutPage(app)

  385. 	} else if slug == "privacy" {

  386. 		p.Content, err = getPrivacyPage(app)

  387. 	} else if slug == "landing" {

  388. 		p.Banner, err = getLandingBanner(app)

  389. 		if err != nil {

  390. 			return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get banner: %v", err)}

  391. 		}

  392. 		p.Content, err = getLandingBody(app)

  393. 		p.Content.ID = "landing"

  394. 	} else if slug == "reader" {

  395. 		p.Content, err = getReaderSection(app)

  396. 	} else {

  397. 		p.Content, err = app.db.GetDynamicContent(slug)

  398. 	}

  399. 	if err != nil {

  400. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get page: %v", err)}

  401. 	}

  402. 	title := "New page"

  403. 	if p.Content != nil {

  404. 		title = "Edit " + p.Content.ID

  405. 	} else {

  406. 		p.Content = &instanceContent{}

  407. 	}

  408. 	p.UserPage = NewUserPage(app, r, u, title, nil)

  409. 

  410. 	showUserPage(w, "view-page", p)

  411. 	return nil

  412. }

  413. 

  414. func handleAdminUpdateSite(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  415. 	vars := mux.Vars(r)

  416. 	id := vars["page"]

  417. 

  418. 	// Validate

  419. 	if id != "about" && id != "privacy" && id != "landing" && id != "reader" {

  420. 		return impart.HTTPError{http.StatusNotFound, "No such page."}

  421. 	}

  422. 

  423. 	var err error

  424. 	m := ""

  425. 	if id == "landing" {

  426. 		// Handle special landing page

  427. 		err = app.db.UpdateDynamicContent("landing-banner", "", r.FormValue("banner"), "section")

  428. 		if err != nil {

  429. 			m = "?m=" + err.Error()

  430. 			return impart.HTTPError{http.StatusFound, "/admin/page/" + id + m}

  431. 		}

  432. 		err = app.db.UpdateDynamicContent("landing-body", "", r.FormValue("content"), "section")

  433. 	} else if id == "reader" {

  434. 		// Update sections with titles

  435. 		err = app.db.UpdateDynamicContent(id, r.FormValue("title"), r.FormValue("content"), "section")

  436. 	} else {

  437. 		// Update page

  438. 		err = app.db.UpdateDynamicContent(id, r.FormValue("title"), r.FormValue("content"), "page")

  439. 	}

  440. 	if err != nil {

  441. 		m = "?m=" + err.Error()

  442. 	}

  443. 	return impart.HTTPError{http.StatusFound, "/admin/page/" + id + m}

  444. }

  445. 

  446. func handleAdminUpdateConfig(apper Apper, u *User, w http.ResponseWriter, r *http.Request) error {

  447. 	apper.App().cfg.App.SiteName = r.FormValue("site_name")

  448. 	apper.App().cfg.App.SiteDesc = r.FormValue("site_desc")

  449. 	apper.App().cfg.App.Landing = r.FormValue("landing")

  450. 	apper.App().cfg.App.OpenRegistration = r.FormValue("open_registration") == "on"

  451. 	mul, err := strconv.Atoi(r.FormValue("min_username_len"))

  452. 	if err == nil {

  453. 		apper.App().cfg.App.MinUsernameLen = mul

  454. 	}

  455. 	mb, err := strconv.Atoi(r.FormValue("max_blogs"))

  456. 	if err == nil {

  457. 		apper.App().cfg.App.MaxBlogs = mb

  458. 	}

  459. 	apper.App().cfg.App.Federation = r.FormValue("federation") == "on"

  460. 	apper.App().cfg.App.PublicStats = r.FormValue("public_stats") == "on"

  461. 	apper.App().cfg.App.Private = r.FormValue("private") == "on"

  462. 	apper.App().cfg.App.LocalTimeline = r.FormValue("local_timeline") == "on"

  463. 	if apper.App().cfg.App.LocalTimeline && apper.App().timeline == nil {

  464. 		log.Info("Initializing local timeline...")

  465. 		initLocalTimeline(apper.App())

  466. 	}

  467. 	apper.App().cfg.App.UserInvites = r.FormValue("user_invites")

  468. 	if apper.App().cfg.App.UserInvites == "none" {

  469. 		apper.App().cfg.App.UserInvites = ""

  470. 	}

  471. 	apper.App().cfg.App.DefaultVisibility = r.FormValue("default_visibility")

  472. 

  473. 	m := "?cm=Configuration+saved."

  474. 	err = apper.SaveConfig(apper.App().cfg)

  475. 	if err != nil {

  476. 		m = "?cm=" + err.Error()

  477. 	}

  478. 	return impart.HTTPError{http.StatusFound, "/admin" + m + "#config"}

  479. }

  480. 

  481. func updateAppStats() {

  482. 	sysStatus.Uptime = appstats.TimeSincePro(appStartTime)

  483. 

  484. 	m := new(runtime.MemStats)

  485. 	runtime.ReadMemStats(m)

  486. 	sysStatus.NumGoroutine = runtime.NumGoroutine()

  487. 

  488. 	sysStatus.MemAllocated = appstats.FileSize(int64(m.Alloc))

  489. 	sysStatus.MemTotal = appstats.FileSize(int64(m.TotalAlloc))

  490. 	sysStatus.MemSys = appstats.FileSize(int64(m.Sys))

  491. 	sysStatus.Lookups = m.Lookups

  492. 	sysStatus.MemMallocs = m.Mallocs

  493. 	sysStatus.MemFrees = m.Frees

  494. 

  495. 	sysStatus.HeapAlloc = appstats.FileSize(int64(m.HeapAlloc))

  496. 	sysStatus.HeapSys = appstats.FileSize(int64(m.HeapSys))

  497. 	sysStatus.HeapIdle = appstats.FileSize(int64(m.HeapIdle))

  498. 	sysStatus.HeapInuse = appstats.FileSize(int64(m.HeapInuse))

  499. 	sysStatus.HeapReleased = appstats.FileSize(int64(m.HeapReleased))

  500. 	sysStatus.HeapObjects = m.HeapObjects

  501. 

  502. 	sysStatus.StackInuse = appstats.FileSize(int64(m.StackInuse))

  503. 	sysStatus.StackSys = appstats.FileSize(int64(m.StackSys))

  504. 	sysStatus.MSpanInuse = appstats.FileSize(int64(m.MSpanInuse))

  505. 	sysStatus.MSpanSys = appstats.FileSize(int64(m.MSpanSys))

  506. 	sysStatus.MCacheInuse = appstats.FileSize(int64(m.MCacheInuse))

  507. 	sysStatus.MCacheSys = appstats.FileSize(int64(m.MCacheSys))

  508. 	sysStatus.BuckHashSys = appstats.FileSize(int64(m.BuckHashSys))

  509. 	sysStatus.GCSys = appstats.FileSize(int64(m.GCSys))

  510. 	sysStatus.OtherSys = appstats.FileSize(int64(m.OtherSys))

  511. 

  512. 	sysStatus.NextGC = appstats.FileSize(int64(m.NextGC))

  513. 	sysStatus.LastGC = fmt.Sprintf("%.1fs", float64(time.Now().UnixNano()-int64(m.LastGC))/1000/1000/1000)

  514. 	sysStatus.PauseTotalNs = fmt.Sprintf("%.1fs", float64(m.PauseTotalNs)/1000/1000/1000)

  515. 	sysStatus.PauseNs = fmt.Sprintf("%.3fs", float64(m.PauseNs[(m.NumGC+255)%256])/1000/1000/1000)

  516. 	sysStatus.NumGC = m.NumGC

  517. }

  518. 

  519. func adminResetPassword(app *App, u *User, newPass string) error {

  520. 	hashedPass, err := auth.HashPass([]byte(newPass))

  521. 	if err != nil {

  522. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not create password hash: %v", err)}

  523. 	}

  524. 

  525. 	err = app.db.ChangePassphrase(u.ID, true, "", hashedPass)

  526. 	if err != nil {

  527. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not update passphrase: %v", err)}

  528. 	}

  529. 	return nil

  530. }