writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
625 Commits
45 Branches
184 MiB
 
 
 
 
 
Tree: 7a0863f71b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7a0863f71b'
${ noResults }
writefreely/admin.go

527 lines
15 KiB
Raw Blame History 

  1. /*

  2.  * Copyright © 2018-2019 A Bunch Tell LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"database/sql"

  15. 	"fmt"

  16. 	"net/http"

  17. 	"runtime"

  18. 	"strconv"

  19. 	"strings"

  20. 	"time"

  21. 

  22. 	"github.com/gorilla/mux"

  23. 	"github.com/writeas/impart"

  24. 	"github.com/writeas/web-core/auth"

  25. 	"github.com/writeas/web-core/log"

  26. 	"github.com/writeas/web-core/passgen"

  27. 	"github.com/writeas/writefreely/appstats"

  28. 	"github.com/writeas/writefreely/config"

  29. )

  30. 

  31. var (

  32. 	appStartTime = time.Now()

  33. 	sysStatus    systemStatus

  34. )

  35. 

  36. const adminUsersPerPage = 30

  37. 

  38. type systemStatus struct {

  39. 	Uptime       string

  40. 	NumGoroutine int

  41. 

  42. 	// General statistics.

  43. 	MemAllocated string // bytes allocated and still in use

  44. 	MemTotal     string // bytes allocated (even if freed)

  45. 	MemSys       string // bytes obtained from system (sum of XxxSys below)

  46. 	Lookups      uint64 // number of pointer lookups

  47. 	MemMallocs   uint64 // number of mallocs

  48. 	MemFrees     uint64 // number of frees

  49. 

  50. 	// Main allocation heap statistics.

  51. 	HeapAlloc    string // bytes allocated and still in use

  52. 	HeapSys      string // bytes obtained from system

  53. 	HeapIdle     string // bytes in idle spans

  54. 	HeapInuse    string // bytes in non-idle span

  55. 	HeapReleased string // bytes released to the OS

  56. 	HeapObjects  uint64 // total number of allocated objects

  57. 

  58. 	// Low-level fixed-size structure allocator statistics.

  59. 	//	Inuse is bytes used now.

  60. 	//	Sys is bytes obtained from system.

  61. 	StackInuse  string // bootstrap stacks

  62. 	StackSys    string

  63. 	MSpanInuse  string // mspan structures

  64. 	MSpanSys    string

  65. 	MCacheInuse string // mcache structures

  66. 	MCacheSys   string

  67. 	BuckHashSys string // profiling bucket hash table

  68. 	GCSys       string // GC metadata

  69. 	OtherSys    string // other system allocations

  70. 

  71. 	// Garbage collector statistics.

  72. 	NextGC       string // next run in HeapAlloc time (bytes)

  73. 	LastGC       string // last run in absolute time (ns)

  74. 	PauseTotalNs string

  75. 	PauseNs      string // circular buffer of recent GC pause times, most recent at [(NumGC+255)%256]

  76. 	NumGC        uint32

  77. }

  78. 

  79. type inspectedCollection struct {

  80. 	CollectionObj

  81. 	Followers int

  82. 	LastPost  string

  83. }

  84. 

  85. type instanceContent struct {

  86. 	ID      string

  87. 	Type    string

  88. 	Title   sql.NullString

  89. 	Content string

  90. 	Updated time.Time

  91. }

  92. 

  93. func (c instanceContent) UpdatedFriendly() string {

  94. 	/*

  95. 		// TODO: accept a locale in this method and use that for the format

  96. 		var loc monday.Locale = monday.LocaleEnUS

  97. 		return monday.Format(u.Created, monday.DateTimeFormatsByLocale[loc], loc)

  98. 	*/

  99. 	return c.Updated.Format("January 2, 2006, 3:04 PM")

  100. }

  101. 

  102. func handleViewAdminDash(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  103. 	updateAppStats()

  104. 	p := struct {

  105. 		*UserPage

  106. 		SysStatus systemStatus

  107. 		Config    config.AppCfg

  108. 

  109. 		Message, ConfigMessage string

  110. 	}{

  111. 		UserPage:  NewUserPage(app, r, u, "Admin", nil),

  112. 		SysStatus: sysStatus,

  113. 		Config:    app.cfg.App,

  114. 

  115. 		Message:       r.FormValue("m"),

  116. 		ConfigMessage: r.FormValue("cm"),

  117. 	}

  118. 

  119. 	showUserPage(w, "admin", p)

  120. 	return nil

  121. }

  122. 

  123. func handleViewAdminUsers(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  124. 	p := struct {

  125. 		*UserPage

  126. 		Config  config.AppCfg

  127. 		Message string

  128. 

  129. 		Users      *[]User

  130. 		CurPage    int

  131. 		TotalUsers int64

  132. 		TotalPages []int

  133. 	}{

  134. 		UserPage: NewUserPage(app, r, u, "Users", nil),

  135. 		Config:   app.cfg.App,

  136. 		Message:  r.FormValue("m"),

  137. 	}

  138. 

  139. 	p.TotalUsers = app.db.GetAllUsersCount()

  140. 	ttlPages := p.TotalUsers / adminUsersPerPage

  141. 	p.TotalPages = []int{}

  142. 	for i := 1; i <= int(ttlPages); i++ {

  143. 		p.TotalPages = append(p.TotalPages, i)

  144. 	}

  145. 

  146. 	var err error

  147. 	p.CurPage, err = strconv.Atoi(r.FormValue("p"))

  148. 	if err != nil || p.CurPage < 1 {

  149. 		p.CurPage = 1

  150. 	} else if p.CurPage > int(ttlPages) {

  151. 		p.CurPage = int(ttlPages)

  152. 	}

  153. 

  154. 	p.Users, err = app.db.GetAllUsers(uint(p.CurPage))

  155. 	if err != nil {

  156. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get users: %v", err)}

  157. 	}

  158. 

  159. 	showUserPage(w, "users", p)

  160. 	return nil

  161. }

  162. 

  163. func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  164. 	vars := mux.Vars(r)

  165. 	username := vars["username"]

  166. 	if username == "" {

  167. 		return impart.HTTPError{http.StatusFound, "/admin/users"}

  168. 	}

  169. 

  170. 	p := struct {

  171. 		*UserPage

  172. 		Config  config.AppCfg

  173. 		Message string

  174. 

  175. 		User        *User

  176. 		Colls       []inspectedCollection

  177. 		LastPost    string

  178. 		NewPassword string

  179. 		TotalPosts  int64

  180. 		ClearEmail  string

  181. 	}{

  182. 		Config:  app.cfg.App,

  183. 		Message: r.FormValue("m"),

  184. 		Colls:   []inspectedCollection{},

  185. 	}

  186. 

  187. 	var err error

  188. 	p.User, err = app.db.GetUserForAuth(username)

  189. 	if err != nil {

  190. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user: %v", err)}

  191. 	}

  192. 

  193. 	flashes, _ := getSessionFlashes(app, w, r, nil)

  194. 	for _, flash := range flashes {

  195. 		if strings.HasPrefix(flash, "SUCCESS: ") {

  196. 			p.NewPassword = strings.TrimPrefix(flash, "SUCCESS: ")

  197. 			p.ClearEmail = p.User.EmailClear(app.keys)

  198. 		}

  199. 	}

  200. 	p.UserPage = NewUserPage(app, r, u, p.User.Username, nil)

  201. 	p.TotalPosts = app.db.GetUserPostsCount(p.User.ID)

  202. 	lp, err := app.db.GetUserLastPostTime(p.User.ID)

  203. 	if err != nil {

  204. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user's last post time: %v", err)}

  205. 	}

  206. 	if lp != nil {

  207. 		p.LastPost = lp.Format("January 2, 2006, 3:04 PM")

  208. 	}

  209. 

  210. 	colls, err := app.db.GetCollections(p.User, app.cfg.App.Host)

  211. 	if err != nil {

  212. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user's collections: %v", err)}

  213. 	}

  214. 	for _, c := range *colls {

  215. 		ic := inspectedCollection{

  216. 			CollectionObj: CollectionObj{Collection: c},

  217. 		}

  218. 

  219. 		if app.cfg.App.Federation {

  220. 			folls, err := app.db.GetAPFollowers(&c)

  221. 			if err == nil {

  222. 				// TODO: handle error here (at least log it)

  223. 				ic.Followers = len(*folls)

  224. 			}

  225. 		}

  226. 

  227. 		app.db.GetPostsCount(&ic.CollectionObj, true)

  228. 

  229. 		lp, err := app.db.GetCollectionLastPostTime(c.ID)

  230. 		if err != nil {

  231. 			log.Error("Didn't get last post time for collection %d: %v", c.ID, err)

  232. 		}

  233. 		if lp != nil {

  234. 			ic.LastPost = lp.Format("January 2, 2006, 3:04 PM")

  235. 		}

  236. 

  237. 		p.Colls = append(p.Colls, ic)

  238. 	}

  239. 

  240. 	showUserPage(w, "view-user", p)

  241. 	return nil

  242. }

  243. 

  244. func handleAdminToggleUserStatus(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  245. 	vars := mux.Vars(r)

  246. 	username := vars["username"]

  247. 	if username == "" {

  248. 		return impart.HTTPError{http.StatusFound, "/admin/users"}

  249. 	}

  250. 

  251. 	user, err := app.db.GetUserForAuth(username)

  252. 	if err != nil {

  253. 		log.Error("failed to get user: %v", err)

  254. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user from username: %v", err)}

  255. 	}

  256. 	if user.IsSilenced() {

  257. 		err = app.db.SetUserStatus(user.ID, UserActive)

  258. 	} else {

  259. 		err = app.db.SetUserStatus(user.ID, UserSilenced)

  260. 	}

  261. 	if err != nil {

  262. 		log.Error("toggle user suspended: %v", err)

  263. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not toggle user status: %v", err)}

  264. 	}

  265. 	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s#status", username)}

  266. }

  267. 

  268. func handleAdminResetUserPass(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  269. 	vars := mux.Vars(r)

  270. 	username := vars["username"]

  271. 	if username == "" {

  272. 		return impart.HTTPError{http.StatusFound, "/admin/users"}

  273. 	}

  274. 

  275. 	// Generate new random password since none supplied

  276. 	pass := passgen.NewWordish()

  277. 	hashedPass, err := auth.HashPass([]byte(pass))

  278. 	if err != nil {

  279. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not create password hash: %v", err)}

  280. 	}

  281. 

  282. 	userIDVal := r.FormValue("user")

  283. 	log.Info("ADMIN: Changing user %s password", userIDVal)

  284. 	id, err := strconv.Atoi(userIDVal)

  285. 	if err != nil {

  286. 		return impart.HTTPError{http.StatusBadRequest, fmt.Sprintf("Invalid user ID: %v", err)}

  287. 	}

  288. 

  289. 	err = app.db.ChangePassphrase(int64(id), true, "", hashedPass)

  290. 	if err != nil {

  291. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not update passphrase: %v", err)}

  292. 	}

  293. 	log.Info("ADMIN: Successfully changed.")

  294. 

  295. 	addSessionFlash(app, w, r, fmt.Sprintf("SUCCESS: %s", pass), nil)

  296. 

  297. 	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s", username)}

  298. }

  299. 

  300. func handleViewAdminPages(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  301. 	p := struct {

  302. 		*UserPage

  303. 		Config  config.AppCfg

  304. 		Message string

  305. 

  306. 		Pages []*instanceContent

  307. 	}{

  308. 		UserPage: NewUserPage(app, r, u, "Pages", nil),

  309. 		Config:   app.cfg.App,

  310. 		Message:  r.FormValue("m"),

  311. 	}

  312. 

  313. 	var err error

  314. 	p.Pages, err = app.db.GetInstancePages()

  315. 	if err != nil {

  316. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get pages: %v", err)}

  317. 	}

  318. 

  319. 	// Add in default pages

  320. 	var hasAbout, hasPrivacy bool

  321. 	for i, c := range p.Pages {

  322. 		if hasAbout && hasPrivacy {

  323. 			break

  324. 		}

  325. 		if c.ID == "about" {

  326. 			hasAbout = true

  327. 			if !c.Title.Valid {

  328. 				p.Pages[i].Title = defaultAboutTitle(app.cfg)

  329. 			}

  330. 		} else if c.ID == "privacy" {

  331. 			hasPrivacy = true

  332. 			if !c.Title.Valid {

  333. 				p.Pages[i].Title = defaultPrivacyTitle()

  334. 			}

  335. 		}

  336. 	}

  337. 	if !hasAbout {

  338. 		p.Pages = append(p.Pages, &instanceContent{

  339. 			ID:      "about",

  340. 			Title:   defaultAboutTitle(app.cfg),

  341. 			Content: defaultAboutPage(app.cfg),

  342. 			Updated: defaultPageUpdatedTime,

  343. 		})

  344. 	}

  345. 	if !hasPrivacy {

  346. 		p.Pages = append(p.Pages, &instanceContent{

  347. 			ID:      "privacy",

  348. 			Title:   defaultPrivacyTitle(),

  349. 			Content: defaultPrivacyPolicy(app.cfg),

  350. 			Updated: defaultPageUpdatedTime,

  351. 		})

  352. 	}

  353. 

  354. 	showUserPage(w, "pages", p)

  355. 	return nil

  356. }

  357. 

  358. func handleViewAdminPage(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  359. 	vars := mux.Vars(r)

  360. 	slug := vars["slug"]

  361. 	if slug == "" {

  362. 		return impart.HTTPError{http.StatusFound, "/admin/pages"}

  363. 	}

  364. 

  365. 	p := struct {

  366. 		*UserPage

  367. 		Config  config.AppCfg

  368. 		Message string

  369. 

  370. 		Banner  *instanceContent

  371. 		Content *instanceContent

  372. 	}{

  373. 		Config:  app.cfg.App,

  374. 		Message: r.FormValue("m"),

  375. 	}

  376. 

  377. 	var err error

  378. 	// Get pre-defined pages, or select slug

  379. 	if slug == "about" {

  380. 		p.Content, err = getAboutPage(app)

  381. 	} else if slug == "privacy" {

  382. 		p.Content, err = getPrivacyPage(app)

  383. 	} else if slug == "landing" {

  384. 		p.Banner, err = getLandingBanner(app)

  385. 		if err != nil {

  386. 			return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get banner: %v", err)}

  387. 		}

  388. 		p.Content, err = getLandingBody(app)

  389. 		p.Content.ID = "landing"

  390. 	} else if slug == "reader" {

  391. 		p.Content, err = getReaderSection(app)

  392. 	} else {

  393. 		p.Content, err = app.db.GetDynamicContent(slug)

  394. 	}

  395. 	if err != nil {

  396. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get page: %v", err)}

  397. 	}

  398. 	title := "New page"

  399. 	if p.Content != nil {

  400. 		title = "Edit " + p.Content.ID

  401. 	} else {

  402. 		p.Content = &instanceContent{}

  403. 	}

  404. 	p.UserPage = NewUserPage(app, r, u, title, nil)

  405. 

  406. 	showUserPage(w, "view-page", p)

  407. 	return nil

  408. }

  409. 

  410. func handleAdminUpdateSite(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  411. 	vars := mux.Vars(r)

  412. 	id := vars["page"]

  413. 

  414. 	// Validate

  415. 	if id != "about" && id != "privacy" && id != "landing" && id != "reader" {

  416. 		return impart.HTTPError{http.StatusNotFound, "No such page."}

  417. 	}

  418. 

  419. 	var err error

  420. 	m := ""

  421. 	if id == "landing" {

  422. 		// Handle special landing page

  423. 		err = app.db.UpdateDynamicContent("landing-banner", "", r.FormValue("banner"), "section")

  424. 		if err != nil {

  425. 			m = "?m=" + err.Error()

  426. 			return impart.HTTPError{http.StatusFound, "/admin/page/" + id + m}

  427. 		}

  428. 		err = app.db.UpdateDynamicContent("landing-body", "", r.FormValue("content"), "section")

  429. 	} else if id == "reader" {

  430. 		// Update sections with titles

  431. 		err = app.db.UpdateDynamicContent(id, r.FormValue("title"), r.FormValue("content"), "section")

  432. 	} else {

  433. 		// Update page

  434. 		err = app.db.UpdateDynamicContent(id, r.FormValue("title"), r.FormValue("content"), "page")

  435. 	}

  436. 	if err != nil {

  437. 		m = "?m=" + err.Error()

  438. 	}

  439. 	return impart.HTTPError{http.StatusFound, "/admin/page/" + id + m}

  440. }

  441. 

  442. func handleAdminUpdateConfig(apper Apper, u *User, w http.ResponseWriter, r *http.Request) error {

  443. 	apper.App().cfg.App.SiteName = r.FormValue("site_name")

  444. 	apper.App().cfg.App.SiteDesc = r.FormValue("site_desc")

  445. 	apper.App().cfg.App.Landing = r.FormValue("landing")

  446. 	apper.App().cfg.App.OpenRegistration = r.FormValue("open_registration") == "on"

  447. 	mul, err := strconv.Atoi(r.FormValue("min_username_len"))

  448. 	if err == nil {

  449. 		apper.App().cfg.App.MinUsernameLen = mul

  450. 	}

  451. 	mb, err := strconv.Atoi(r.FormValue("max_blogs"))

  452. 	if err == nil {

  453. 		apper.App().cfg.App.MaxBlogs = mb

  454. 	}

  455. 	apper.App().cfg.App.Federation = r.FormValue("federation") == "on"

  456. 	apper.App().cfg.App.PublicStats = r.FormValue("public_stats") == "on"

  457. 	apper.App().cfg.App.Private = r.FormValue("private") == "on"

  458. 	apper.App().cfg.App.LocalTimeline = r.FormValue("local_timeline") == "on"

  459. 	if apper.App().cfg.App.LocalTimeline && apper.App().timeline == nil {

  460. 		log.Info("Initializing local timeline...")

  461. 		initLocalTimeline(apper.App())

  462. 	}

  463. 	apper.App().cfg.App.UserInvites = r.FormValue("user_invites")

  464. 	if apper.App().cfg.App.UserInvites == "none" {

  465. 		apper.App().cfg.App.UserInvites = ""

  466. 	}

  467. 	apper.App().cfg.App.DefaultVisibility = r.FormValue("default_visibility")

  468. 

  469. 	m := "?cm=Configuration+saved."

  470. 	err = apper.SaveConfig(apper.App().cfg)

  471. 	if err != nil {

  472. 		m = "?cm=" + err.Error()

  473. 	}

  474. 	return impart.HTTPError{http.StatusFound, "/admin" + m + "#config"}

  475. }

  476. 

  477. func updateAppStats() {

  478. 	sysStatus.Uptime = appstats.TimeSincePro(appStartTime)

  479. 

  480. 	m := new(runtime.MemStats)

  481. 	runtime.ReadMemStats(m)

  482. 	sysStatus.NumGoroutine = runtime.NumGoroutine()

  483. 

  484. 	sysStatus.MemAllocated = appstats.FileSize(int64(m.Alloc))

  485. 	sysStatus.MemTotal = appstats.FileSize(int64(m.TotalAlloc))

  486. 	sysStatus.MemSys = appstats.FileSize(int64(m.Sys))

  487. 	sysStatus.Lookups = m.Lookups

  488. 	sysStatus.MemMallocs = m.Mallocs

  489. 	sysStatus.MemFrees = m.Frees

  490. 

  491. 	sysStatus.HeapAlloc = appstats.FileSize(int64(m.HeapAlloc))

  492. 	sysStatus.HeapSys = appstats.FileSize(int64(m.HeapSys))

  493. 	sysStatus.HeapIdle = appstats.FileSize(int64(m.HeapIdle))

  494. 	sysStatus.HeapInuse = appstats.FileSize(int64(m.HeapInuse))

  495. 	sysStatus.HeapReleased = appstats.FileSize(int64(m.HeapReleased))

  496. 	sysStatus.HeapObjects = m.HeapObjects

  497. 

  498. 	sysStatus.StackInuse = appstats.FileSize(int64(m.StackInuse))

  499. 	sysStatus.StackSys = appstats.FileSize(int64(m.StackSys))

  500. 	sysStatus.MSpanInuse = appstats.FileSize(int64(m.MSpanInuse))

  501. 	sysStatus.MSpanSys = appstats.FileSize(int64(m.MSpanSys))

  502. 	sysStatus.MCacheInuse = appstats.FileSize(int64(m.MCacheInuse))

  503. 	sysStatus.MCacheSys = appstats.FileSize(int64(m.MCacheSys))

  504. 	sysStatus.BuckHashSys = appstats.FileSize(int64(m.BuckHashSys))

  505. 	sysStatus.GCSys = appstats.FileSize(int64(m.GCSys))

  506. 	sysStatus.OtherSys = appstats.FileSize(int64(m.OtherSys))

  507. 

  508. 	sysStatus.NextGC = appstats.FileSize(int64(m.NextGC))

  509. 	sysStatus.LastGC = fmt.Sprintf("%.1fs", float64(time.Now().UnixNano()-int64(m.LastGC))/1000/1000/1000)

  510. 	sysStatus.PauseTotalNs = fmt.Sprintf("%.1fs", float64(m.PauseTotalNs)/1000/1000/1000)

  511. 	sysStatus.PauseNs = fmt.Sprintf("%.3fs", float64(m.PauseNs[(m.NumGC+255)%256])/1000/1000/1000)

  512. 	sysStatus.NumGC = m.NumGC

  513. }

  514. 

  515. func adminResetPassword(app *App, u *User, newPass string) error {

  516. 	hashedPass, err := auth.HashPass([]byte(newPass))

  517. 	if err != nil {

  518. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not create password hash: %v", err)}

  519. 	}

  520. 

  521. 	err = app.db.ChangePassphrase(u.ID, true, "", hashedPass)

  522. 	if err != nil {

  523. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not update passphrase: %v", err)}

  524. 	}

  525. 	return nil

  526. }