writefreely
/
writefreely
mirror of https://github.com/writefreely/writefreely.git
2
0
Fork 0
Code Issues Releases 25 Wiki Activity
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
564 Commits
45 Branches
234 MiB
 
 
 
 
 
Tree: 9873fc443f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9873fc443f'
${ noResults }
writefreely/admin.go

485 lines
14 KiB
Raw Blame History 

  1. /*

  2.  * Copyright © 2018-2019 A Bunch Tell LLC.

  3.  *

  4.  * This file is part of WriteFreely.

  5.  *

  6.  * WriteFreely is free software: you can redistribute it and/or modify

  7.  * it under the terms of the GNU Affero General Public License, included

  8.  * in the LICENSE file in this source code package.

  9.  */

  10. 

  11. package writefreely

  12. 

  13. import (

  14. 	"database/sql"

  15. 	"fmt"

  16. 	"net/http"

  17. 	"runtime"

  18. 	"strconv"

  19. 	"time"

  20. 

  21. 	"github.com/gorilla/mux"

  22. 	"github.com/writeas/impart"

  23. 	"github.com/writeas/web-core/auth"

  24. 	"github.com/writeas/web-core/log"

  25. 	"github.com/writeas/writefreely/appstats"

  26. 	"github.com/writeas/writefreely/config"

  27. )

  28. 

  29. var (

  30. 	appStartTime = time.Now()

  31. 	sysStatus    systemStatus

  32. )

  33. 

  34. const adminUsersPerPage = 30

  35. 

  36. type systemStatus struct {

  37. 	Uptime       string

  38. 	NumGoroutine int

  39. 

  40. 	// General statistics.

  41. 	MemAllocated string // bytes allocated and still in use

  42. 	MemTotal     string // bytes allocated (even if freed)

  43. 	MemSys       string // bytes obtained from system (sum of XxxSys below)

  44. 	Lookups      uint64 // number of pointer lookups

  45. 	MemMallocs   uint64 // number of mallocs

  46. 	MemFrees     uint64 // number of frees

  47. 

  48. 	// Main allocation heap statistics.

  49. 	HeapAlloc    string // bytes allocated and still in use

  50. 	HeapSys      string // bytes obtained from system

  51. 	HeapIdle     string // bytes in idle spans

  52. 	HeapInuse    string // bytes in non-idle span

  53. 	HeapReleased string // bytes released to the OS

  54. 	HeapObjects  uint64 // total number of allocated objects

  55. 

  56. 	// Low-level fixed-size structure allocator statistics.

  57. 	//	Inuse is bytes used now.

  58. 	//	Sys is bytes obtained from system.

  59. 	StackInuse  string // bootstrap stacks

  60. 	StackSys    string

  61. 	MSpanInuse  string // mspan structures

  62. 	MSpanSys    string

  63. 	MCacheInuse string // mcache structures

  64. 	MCacheSys   string

  65. 	BuckHashSys string // profiling bucket hash table

  66. 	GCSys       string // GC metadata

  67. 	OtherSys    string // other system allocations

  68. 

  69. 	// Garbage collector statistics.

  70. 	NextGC       string // next run in HeapAlloc time (bytes)

  71. 	LastGC       string // last run in absolute time (ns)

  72. 	PauseTotalNs string

  73. 	PauseNs      string // circular buffer of recent GC pause times, most recent at [(NumGC+255)%256]

  74. 	NumGC        uint32

  75. }

  76. 

  77. type inspectedCollection struct {

  78. 	CollectionObj

  79. 	Followers int

  80. 	LastPost  string

  81. }

  82. 

  83. type instanceContent struct {

  84. 	ID      string

  85. 	Type    string

  86. 	Title   sql.NullString

  87. 	Content string

  88. 	Updated time.Time

  89. }

  90. 

  91. func (c instanceContent) UpdatedFriendly() string {

  92. 	/*

  93. 		// TODO: accept a locale in this method and use that for the format

  94. 		var loc monday.Locale = monday.LocaleEnUS

  95. 		return monday.Format(u.Created, monday.DateTimeFormatsByLocale[loc], loc)

  96. 	*/

  97. 	return c.Updated.Format("January 2, 2006, 3:04 PM")

  98. }

  99. 

  100. func handleViewAdminDash(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  101. 	updateAppStats()

  102. 	p := struct {

  103. 		*UserPage

  104. 		SysStatus systemStatus

  105. 		Config    config.AppCfg

  106. 

  107. 		Message, ConfigMessage string

  108. 	}{

  109. 		UserPage:  NewUserPage(app, r, u, "Admin", nil),

  110. 		SysStatus: sysStatus,

  111. 		Config:    app.cfg.App,

  112. 

  113. 		Message:       r.FormValue("m"),

  114. 		ConfigMessage: r.FormValue("cm"),

  115. 	}

  116. 

  117. 	showUserPage(w, "admin", p)

  118. 	return nil

  119. }

  120. 

  121. func handleViewAdminUsers(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  122. 	p := struct {

  123. 		*UserPage

  124. 		Config  config.AppCfg

  125. 		Message string

  126. 

  127. 		Users      *[]User

  128. 		CurPage    int

  129. 		TotalUsers int64

  130. 		TotalPages []int

  131. 	}{

  132. 		UserPage: NewUserPage(app, r, u, "Users", nil),

  133. 		Config:   app.cfg.App,

  134. 		Message:  r.FormValue("m"),

  135. 	}

  136. 

  137. 	p.TotalUsers = app.db.GetAllUsersCount()

  138. 	ttlPages := p.TotalUsers / adminUsersPerPage

  139. 	p.TotalPages = []int{}

  140. 	for i := 1; i <= int(ttlPages); i++ {

  141. 		p.TotalPages = append(p.TotalPages, i)

  142. 	}

  143. 

  144. 	var err error

  145. 	p.CurPage, err = strconv.Atoi(r.FormValue("p"))

  146. 	if err != nil || p.CurPage < 1 {

  147. 		p.CurPage = 1

  148. 	} else if p.CurPage > int(ttlPages) {

  149. 		p.CurPage = int(ttlPages)

  150. 	}

  151. 

  152. 	p.Users, err = app.db.GetAllUsers(uint(p.CurPage))

  153. 	if err != nil {

  154. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get users: %v", err)}

  155. 	}

  156. 

  157. 	showUserPage(w, "users", p)

  158. 	return nil

  159. }

  160. 

  161. func handleViewAdminUser(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  162. 	vars := mux.Vars(r)

  163. 	username := vars["username"]

  164. 	if username == "" {

  165. 		return impart.HTTPError{http.StatusFound, "/admin/users"}

  166. 	}

  167. 

  168. 	p := struct {

  169. 		*UserPage

  170. 		Config  config.AppCfg

  171. 		Message string

  172. 

  173. 		User     *User

  174. 		Colls    []inspectedCollection

  175. 		LastPost string

  176. 

  177. 		TotalPosts int64

  178. 	}{

  179. 		Config:  app.cfg.App,

  180. 		Message: r.FormValue("m"),

  181. 		Colls:   []inspectedCollection{},

  182. 	}

  183. 

  184. 	var err error

  185. 	p.User, err = app.db.GetUserForAuth(username)

  186. 	if err != nil {

  187. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user: %v", err)}

  188. 	}

  189. 	p.UserPage = NewUserPage(app, r, u, p.User.Username, nil)

  190. 	p.TotalPosts = app.db.GetUserPostsCount(p.User.ID)

  191. 	lp, err := app.db.GetUserLastPostTime(p.User.ID)

  192. 	if err != nil {

  193. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user's last post time: %v", err)}

  194. 	}

  195. 	if lp != nil {

  196. 		p.LastPost = lp.Format("January 2, 2006, 3:04 PM")

  197. 	}

  198. 

  199. 	colls, err := app.db.GetCollections(p.User, app.cfg.App.Host)

  200. 	if err != nil {

  201. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user's collections: %v", err)}

  202. 	}

  203. 	for _, c := range *colls {

  204. 		ic := inspectedCollection{

  205. 			CollectionObj: CollectionObj{Collection: c},

  206. 		}

  207. 

  208. 		if app.cfg.App.Federation {

  209. 			folls, err := app.db.GetAPFollowers(&c)

  210. 			if err == nil {

  211. 				// TODO: handle error here (at least log it)

  212. 				ic.Followers = len(*folls)

  213. 			}

  214. 		}

  215. 

  216. 		app.db.GetPostsCount(&ic.CollectionObj, true)

  217. 

  218. 		lp, err := app.db.GetCollectionLastPostTime(c.ID)

  219. 		if err != nil {

  220. 			log.Error("Didn't get last post time for collection %d: %v", c.ID, err)

  221. 		}

  222. 		if lp != nil {

  223. 			ic.LastPost = lp.Format("January 2, 2006, 3:04 PM")

  224. 		}

  225. 

  226. 		p.Colls = append(p.Colls, ic)

  227. 	}

  228. 

  229. 	showUserPage(w, "view-user", p)

  230. 	return nil

  231. }

  232. 

  233. func handleAdminToggleUserSuspended(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  234. 	vars := mux.Vars(r)

  235. 	username := vars["username"]

  236. 	if username == "" {

  237. 		return impart.HTTPError{http.StatusFound, "/admin/users"}

  238. 	}

  239. 

  240. 	userToToggle, err := app.db.GetUserForAuth(username)

  241. 	if err != nil {

  242. 		log.Error("failed to get user: %v", err)

  243. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get user from username: %v", err)}

  244. 	}

  245. 	if userToToggle.Suspended {

  246. 		err = app.db.SetUserSuspended(userToToggle.ID, false)

  247. 	} else {

  248. 		err = app.db.SetUserSuspended(userToToggle.ID, true)

  249. 	}

  250. 	if err != nil {

  251. 		log.Error("toggle user suspended: %v", err)

  252. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not toggle user suspended: %v")}

  253. 	}

  254. 	// TODO: invalidate sessions

  255. 	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/admin/user/%s#status", username)}

  256. }

  257. 

  258. func handleViewAdminPages(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  259. 	p := struct {

  260. 		*UserPage

  261. 		Config  config.AppCfg

  262. 		Message string

  263. 

  264. 		Pages []*instanceContent

  265. 	}{

  266. 		UserPage: NewUserPage(app, r, u, "Pages", nil),

  267. 		Config:   app.cfg.App,

  268. 		Message:  r.FormValue("m"),

  269. 	}

  270. 

  271. 	var err error

  272. 	p.Pages, err = app.db.GetInstancePages()

  273. 	if err != nil {

  274. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get pages: %v", err)}

  275. 	}

  276. 

  277. 	// Add in default pages

  278. 	var hasAbout, hasPrivacy bool

  279. 	for i, c := range p.Pages {

  280. 		if hasAbout && hasPrivacy {

  281. 			break

  282. 		}

  283. 		if c.ID == "about" {

  284. 			hasAbout = true

  285. 			if !c.Title.Valid {

  286. 				p.Pages[i].Title = defaultAboutTitle(app.cfg)

  287. 			}

  288. 		} else if c.ID == "privacy" {

  289. 			hasPrivacy = true

  290. 			if !c.Title.Valid {

  291. 				p.Pages[i].Title = defaultPrivacyTitle()

  292. 			}

  293. 		}

  294. 	}

  295. 	if !hasAbout {

  296. 		p.Pages = append(p.Pages, &instanceContent{

  297. 			ID:      "about",

  298. 			Title:   defaultAboutTitle(app.cfg),

  299. 			Content: defaultAboutPage(app.cfg),

  300. 			Updated: defaultPageUpdatedTime,

  301. 		})

  302. 	}

  303. 	if !hasPrivacy {

  304. 		p.Pages = append(p.Pages, &instanceContent{

  305. 			ID:      "privacy",

  306. 			Title:   defaultPrivacyTitle(),

  307. 			Content: defaultPrivacyPolicy(app.cfg),

  308. 			Updated: defaultPageUpdatedTime,

  309. 		})

  310. 	}

  311. 

  312. 	showUserPage(w, "pages", p)

  313. 	return nil

  314. }

  315. 

  316. func handleViewAdminPage(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  317. 	vars := mux.Vars(r)

  318. 	slug := vars["slug"]

  319. 	if slug == "" {

  320. 		return impart.HTTPError{http.StatusFound, "/admin/pages"}

  321. 	}

  322. 

  323. 	p := struct {

  324. 		*UserPage

  325. 		Config  config.AppCfg

  326. 		Message string

  327. 

  328. 		Banner  *instanceContent

  329. 		Content *instanceContent

  330. 	}{

  331. 		Config:  app.cfg.App,

  332. 		Message: r.FormValue("m"),

  333. 	}

  334. 

  335. 	var err error

  336. 	// Get pre-defined pages, or select slug

  337. 	if slug == "about" {

  338. 		p.Content, err = getAboutPage(app)

  339. 	} else if slug == "privacy" {

  340. 		p.Content, err = getPrivacyPage(app)

  341. 	} else if slug == "landing" {

  342. 		p.Banner, err = getLandingBanner(app)

  343. 		if err != nil {

  344. 			return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get banner: %v", err)}

  345. 		}

  346. 		p.Content, err = getLandingBody(app)

  347. 		p.Content.ID = "landing"

  348. 	} else if slug == "reader" {

  349. 		p.Content, err = getReaderSection(app)

  350. 	} else {

  351. 		p.Content, err = app.db.GetDynamicContent(slug)

  352. 	}

  353. 	if err != nil {

  354. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not get page: %v", err)}

  355. 	}

  356. 	title := "New page"

  357. 	if p.Content != nil {

  358. 		title = "Edit " + p.Content.ID

  359. 	} else {

  360. 		p.Content = &instanceContent{}

  361. 	}

  362. 	p.UserPage = NewUserPage(app, r, u, title, nil)

  363. 

  364. 	showUserPage(w, "view-page", p)

  365. 	return nil

  366. }

  367. 

  368. func handleAdminUpdateSite(app *App, u *User, w http.ResponseWriter, r *http.Request) error {

  369. 	vars := mux.Vars(r)

  370. 	id := vars["page"]

  371. 

  372. 	// Validate

  373. 	if id != "about" && id != "privacy" && id != "landing" && id != "reader" {

  374. 		return impart.HTTPError{http.StatusNotFound, "No such page."}

  375. 	}

  376. 

  377. 	var err error

  378. 	m := ""

  379. 	if id == "landing" {

  380. 		// Handle special landing page

  381. 		err = app.db.UpdateDynamicContent("landing-banner", "", r.FormValue("banner"), "section")

  382. 		if err != nil {

  383. 			m = "?m=" + err.Error()

  384. 			return impart.HTTPError{http.StatusFound, "/admin/page/" + id + m}

  385. 		}

  386. 		err = app.db.UpdateDynamicContent("landing-body", "", r.FormValue("content"), "section")

  387. 	} else if id == "reader" {

  388. 		// Update sections with titles

  389. 		err = app.db.UpdateDynamicContent(id, r.FormValue("title"), r.FormValue("content"), "section")

  390. 	} else {

  391. 		// Update page

  392. 		err = app.db.UpdateDynamicContent(id, r.FormValue("title"), r.FormValue("content"), "page")

  393. 	}

  394. 	if err != nil {

  395. 		m = "?m=" + err.Error()

  396. 	}

  397. 	return impart.HTTPError{http.StatusFound, "/admin/page/" + id + m}

  398. }

  399. 

  400. func handleAdminUpdateConfig(apper Apper, u *User, w http.ResponseWriter, r *http.Request) error {

  401. 	apper.App().cfg.App.SiteName = r.FormValue("site_name")

  402. 	apper.App().cfg.App.SiteDesc = r.FormValue("site_desc")

  403. 	apper.App().cfg.App.Landing = r.FormValue("landing")

  404. 	apper.App().cfg.App.OpenRegistration = r.FormValue("open_registration") == "on"

  405. 	mul, err := strconv.Atoi(r.FormValue("min_username_len"))

  406. 	if err == nil {

  407. 		apper.App().cfg.App.MinUsernameLen = mul

  408. 	}

  409. 	mb, err := strconv.Atoi(r.FormValue("max_blogs"))

  410. 	if err == nil {

  411. 		apper.App().cfg.App.MaxBlogs = mb

  412. 	}

  413. 	apper.App().cfg.App.Federation = r.FormValue("federation") == "on"

  414. 	apper.App().cfg.App.PublicStats = r.FormValue("public_stats") == "on"

  415. 	apper.App().cfg.App.Private = r.FormValue("private") == "on"

  416. 	apper.App().cfg.App.LocalTimeline = r.FormValue("local_timeline") == "on"

  417. 	if apper.App().cfg.App.LocalTimeline && apper.App().timeline == nil {

  418. 		log.Info("Initializing local timeline...")

  419. 		initLocalTimeline(apper.App())

  420. 	}

  421. 	apper.App().cfg.App.UserInvites = r.FormValue("user_invites")

  422. 	if apper.App().cfg.App.UserInvites == "none" {

  423. 		apper.App().cfg.App.UserInvites = ""

  424. 	}

  425. 	apper.App().cfg.App.DefaultVisibility = r.FormValue("default_visibility")

  426. 

  427. 	m := "?cm=Configuration+saved."

  428. 	err = apper.SaveConfig(apper.App().cfg)

  429. 	if err != nil {

  430. 		m = "?cm=" + err.Error()

  431. 	}

  432. 	return impart.HTTPError{http.StatusFound, "/admin" + m + "#config"}

  433. }

  434. 

  435. func updateAppStats() {

  436. 	sysStatus.Uptime = appstats.TimeSincePro(appStartTime)

  437. 

  438. 	m := new(runtime.MemStats)

  439. 	runtime.ReadMemStats(m)

  440. 	sysStatus.NumGoroutine = runtime.NumGoroutine()

  441. 

  442. 	sysStatus.MemAllocated = appstats.FileSize(int64(m.Alloc))

  443. 	sysStatus.MemTotal = appstats.FileSize(int64(m.TotalAlloc))

  444. 	sysStatus.MemSys = appstats.FileSize(int64(m.Sys))

  445. 	sysStatus.Lookups = m.Lookups

  446. 	sysStatus.MemMallocs = m.Mallocs

  447. 	sysStatus.MemFrees = m.Frees

  448. 

  449. 	sysStatus.HeapAlloc = appstats.FileSize(int64(m.HeapAlloc))

  450. 	sysStatus.HeapSys = appstats.FileSize(int64(m.HeapSys))

  451. 	sysStatus.HeapIdle = appstats.FileSize(int64(m.HeapIdle))

  452. 	sysStatus.HeapInuse = appstats.FileSize(int64(m.HeapInuse))

  453. 	sysStatus.HeapReleased = appstats.FileSize(int64(m.HeapReleased))

  454. 	sysStatus.HeapObjects = m.HeapObjects

  455. 

  456. 	sysStatus.StackInuse = appstats.FileSize(int64(m.StackInuse))

  457. 	sysStatus.StackSys = appstats.FileSize(int64(m.StackSys))

  458. 	sysStatus.MSpanInuse = appstats.FileSize(int64(m.MSpanInuse))

  459. 	sysStatus.MSpanSys = appstats.FileSize(int64(m.MSpanSys))

  460. 	sysStatus.MCacheInuse = appstats.FileSize(int64(m.MCacheInuse))

  461. 	sysStatus.MCacheSys = appstats.FileSize(int64(m.MCacheSys))

  462. 	sysStatus.BuckHashSys = appstats.FileSize(int64(m.BuckHashSys))

  463. 	sysStatus.GCSys = appstats.FileSize(int64(m.GCSys))

  464. 	sysStatus.OtherSys = appstats.FileSize(int64(m.OtherSys))

  465. 

  466. 	sysStatus.NextGC = appstats.FileSize(int64(m.NextGC))

  467. 	sysStatus.LastGC = fmt.Sprintf("%.1fs", float64(time.Now().UnixNano()-int64(m.LastGC))/1000/1000/1000)

  468. 	sysStatus.PauseTotalNs = fmt.Sprintf("%.1fs", float64(m.PauseTotalNs)/1000/1000/1000)

  469. 	sysStatus.PauseNs = fmt.Sprintf("%.3fs", float64(m.PauseNs[(m.NumGC+255)%256])/1000/1000/1000)

  470. 	sysStatus.NumGC = m.NumGC

  471. }

  472. 

  473. func adminResetPassword(app *App, u *User, newPass string) error {

  474. 	hashedPass, err := auth.HashPass([]byte(newPass))

  475. 	if err != nil {

  476. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not create password hash: %v", err)}

  477. 	}

  478. 

  479. 	err = app.db.ChangePassphrase(u.ID, true, "", hashedPass)

  480. 	if err != nil {

  481. 		return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("Could not update passphrase: %v", err)}

  482. 	}

  483. 	return nil

  484. }