writefreely
/
writefreely
ミラー元 https://github.com/writefreely/writefreely.git
2
0
フォーク 0
コード 課題 リリース 25 Wiki アクティビティ
A clean, Markdown-based publishing platform made for writers. Write together, and build a community. https://writefreely.org
選択できるのは25トピックまでです。 トピックは、先頭が英数字で、英数字とダッシュ('-')を使用した35文字以内のものにしてください。
24 コミット
45 ブランチ
368 MiB
 
 
 
 
 
ツリー: f512f983ec
ブランチ タグ
${ item.name }
ブランチ ${ searchTerm } を作成
'f512f983ec' から
${ noResults }
writefreely/database.go

2181 行
65 KiB
Raw Blame 履歴 

  1. package writefreely

  2. 

  3. import (

  4. 	"database/sql"

  5. 	"fmt"

  6. 	"net/http"

  7. 	"strings"

  8. 	"time"

  9. 

  10. 	"github.com/go-sql-driver/mysql"

  11. 	"github.com/guregu/null"

  12. 	"github.com/guregu/null/zero"

  13. 	uuid "github.com/nu7hatch/gouuid"

  14. 	"github.com/writeas/impart"

  15. 	"github.com/writeas/nerds/store"

  16. 	"github.com/writeas/web-core/activitypub"

  17. 	"github.com/writeas/web-core/auth"

  18. 	"github.com/writeas/web-core/data"

  19. 	"github.com/writeas/web-core/id"

  20. 	"github.com/writeas/web-core/log"

  21. 	"github.com/writeas/web-core/query"

  22. 	"github.com/writeas/writefreely/author"

  23. )

  24. 

  25. const (

  26. 	mySQLErrDuplicateKey = 1062

  27. )

  28. 

  29. type writestore interface {

  30. 	CreateUser(*User, string) error

  31. 	UpdateUserEmail(keys *keychain, userID int64, email string) error

  32. 	UpdateEncryptedUserEmail(int64, []byte) error

  33. 	GetUserByID(int64) (*User, error)

  34. 	GetUserForAuth(string) (*User, error)

  35. 	GetUserForAuthByID(int64) (*User, error)

  36. 	GetUserNameFromToken(string) (string, error)

  37. 	GetUserDataFromToken(string) (int64, string, error)

  38. 	GetAPIUser(header string) (*User, error)

  39. 	GetUserID(accessToken string) int64

  40. 	GetUserIDPrivilege(accessToken string) (userID int64, sudo bool)

  41. 	DeleteToken(accessToken []byte) error

  42. 	FetchLastAccessToken(userID int64) string

  43. 	GetAccessToken(userID int64) (string, error)

  44. 	GetTemporaryAccessToken(userID int64, validSecs int) (string, error)

  45. 	GetTemporaryOneTimeAccessToken(userID int64, validSecs int, oneTime bool) (string, error)

  46. 	DeleteAccount(userID int64) (l *string, err error)

  47. 	ChangeSettings(app *app, u *User, s *userSettings) error

  48. 	ChangePassphrase(userID int64, sudo bool, curPass string, hashedPass []byte) error

  49. 

  50. 	GetCollections(u *User) (*[]Collection, error)

  51. 	GetPublishableCollections(u *User) (*[]Collection, error)

  52. 	GetMeStats(u *User) userMeStats

  53. 	GetTopPosts(u *User, alias string) (*[]PublicPost, error)

  54. 	GetAnonymousPosts(u *User) (*[]PublicPost, error)

  55. 	GetUserPosts(u *User) (*[]PublicPost, error)

  56. 

  57. 	CreateOwnedPost(post *SubmittedPost, accessToken, collAlias string) (*PublicPost, error)

  58. 	CreatePost(userID, collID int64, post *SubmittedPost) (*Post, error)

  59. 	UpdateOwnedPost(post *AuthenticatedPost, userID int64) error

  60. 	GetEditablePost(id, editToken string) (*PublicPost, error)

  61. 	PostIDExists(id string) bool

  62. 	GetPost(id string, collectionID int64) (*PublicPost, error)

  63. 	GetOwnedPost(id string, ownerID int64) (*PublicPost, error)

  64. 	GetPostProperty(id string, collectionID int64, property string) (interface{}, error)

  65. 

  66. 	CreateCollectionFromToken(string, string, string) (*Collection, error)

  67. 	CreateCollection(string, string, int64) (*Collection, error)

  68. 	GetFuzzyDomain(host string) string

  69. 	GetCollectionBy(condition string, value interface{}) (*Collection, error)

  70. 	GetCollection(alias string) (*Collection, error)

  71. 	GetCollectionForPad(alias string) (*Collection, error)

  72. 	GetCollectionFromDomain(host string) (*Collection, error)

  73. 	UpdateCollection(c *SubmittedCollection, alias string) error

  74. 	DeleteCollection(alias string, userID int64) error

  75. 

  76. 	UpdatePostPinState(pinned bool, postID string, collID, ownerID, pos int64) error

  77. 	GetLastPinnedPostPos(collID int64) int64

  78. 	GetPinnedPosts(coll *CollectionObj) (*[]PublicPost, error)

  79. 	RemoveCollectionRedirect(t *sql.Tx, alias string) error

  80. 	GetCollectionRedirect(alias string) (new string)

  81. 	IsCollectionAttributeOn(id int64, attr string) bool

  82. 	CollectionHasAttribute(id int64, attr string) bool

  83. 

  84. 	CanCollect(cpr *ClaimPostRequest, userID int64) bool

  85. 	AttemptClaim(p *ClaimPostRequest, query string, params []interface{}, slugIdx int) (sql.Result, error)

  86. 	DispersePosts(userID int64, postIDs []string) (*[]ClaimPostResult, error)

  87. 	ClaimPosts(userID int64, collAlias string, posts *[]ClaimPostRequest) (*[]ClaimPostResult, error)

  88. 

  89. 	GetPostsCount(c *CollectionObj, includeFuture bool)

  90. 	GetPosts(c *Collection, page int, includeFuture bool) (*[]PublicPost, error)

  91. 	GetPostsTagged(c *Collection, tag string, page int, includeFuture bool) (*[]PublicPost, error)

  92. 

  93. 	GetAPFollowers(c *Collection) (*[]RemoteUser, error)

  94. 	GetAPActorKeys(collectionID int64) ([]byte, []byte)

  95. }

  96. 

  97. type datastore struct {

  98. 	*sql.DB

  99. }

  100. 

  101. func (db *datastore) CreateUser(u *User, collectionTitle string) error {

  102. 	// New users get a `users` and `collections` row.

  103. 	t, err := db.Begin()

  104. 	if err != nil {

  105. 		return err

  106. 	}

  107. 

  108. 	if db.PostIDExists(u.Username) {

  109. 		return impart.HTTPError{http.StatusConflict, "Invalid collection name."}

  110. 	}

  111. 

  112. 	// 1. Add to `users` table

  113. 	// NOTE: Assumes User's Password is already hashed!

  114. 	res, err := t.Exec("INSERT INTO users (username, password, email, created) VALUES (?, ?, ?, NOW())", u.Username, u.HashedPass, u.Email)

  115. 	if err != nil {

  116. 		t.Rollback()

  117. 		if mysqlErr, ok := err.(*mysql.MySQLError); ok {

  118. 			if mysqlErr.Number == mySQLErrDuplicateKey {

  119. 				return impart.HTTPError{http.StatusConflict, "Username is already taken."}

  120. 			}

  121. 		}

  122. 

  123. 		log.Error("Rolling back users INSERT: %v\n", err)

  124. 		return err

  125. 	}

  126. 	u.ID, err = res.LastInsertId()

  127. 	if err != nil {

  128. 		t.Rollback()

  129. 		log.Error("Rolling back after LastInsertId: %v\n", err)

  130. 		return err

  131. 	}

  132. 

  133. 	// 2. Create user's Collection

  134. 	if collectionTitle == "" {

  135. 		collectionTitle = u.Username

  136. 	}

  137. 	res, err = t.Exec("INSERT INTO collections (alias, title, owner_id) VALUES (?, ?, ?)", u.Username, collectionTitle, u.ID)

  138. 	if err != nil {

  139. 		t.Rollback()

  140. 		if mysqlErr, ok := err.(*mysql.MySQLError); ok {

  141. 			if mysqlErr.Number == mySQLErrDuplicateKey {

  142. 				return impart.HTTPError{http.StatusConflict, "Username is already taken."}

  143. 			}

  144. 		}

  145. 		log.Error("Rolling back collections INSERT: %v\n", err)

  146. 		return err

  147. 	}

  148. 

  149. 	db.RemoveCollectionRedirect(t, u.Username)

  150. 

  151. 	err = t.Commit()

  152. 	if err != nil {

  153. 		t.Rollback()

  154. 		log.Error("Rolling back after Commit(): %v\n", err)

  155. 		return err

  156. 	}

  157. 

  158. 	return nil

  159. }

  160. 

  161. // FIXME: We're returning errors inconsistently in this file. Do we use Errorf

  162. // for returned value, or impart?

  163. func (db *datastore) UpdateUserEmail(keys *keychain, userID int64, email string) error {

  164. 	encEmail, err := data.Encrypt(keys.emailKey, email)

  165. 	if err != nil {

  166. 		return fmt.Errorf("Couldn't encrypt email %s: %s\n", email, err)

  167. 	}

  168. 

  169. 	return db.UpdateEncryptedUserEmail(userID, encEmail)

  170. }

  171. 

  172. func (db *datastore) UpdateEncryptedUserEmail(userID int64, encEmail []byte) error {

  173. 	_, err := db.Exec("UPDATE users SET email = ? WHERE id = ?", encEmail, userID)

  174. 	if err != nil {

  175. 		return fmt.Errorf("Unable to update user email: %s", err)

  176. 	}

  177. 

  178. 	return nil

  179. }

  180. 

  181. func (db *datastore) CreateCollectionFromToken(alias, title, accessToken string) (*Collection, error) {

  182. 	userID := db.GetUserID(accessToken)

  183. 	if userID == -1 {

  184. 		return nil, ErrBadAccessToken

  185. 	}

  186. 

  187. 	return db.CreateCollection(alias, title, userID)

  188. }

  189. 

  190. func (db *datastore) GetUserCollectionCount(userID int64) (uint64, error) {

  191. 	var collCount uint64

  192. 	err := db.QueryRow("SELECT COUNT(*) FROM collections WHERE owner_id = ?", userID).Scan(&collCount)

  193. 	switch {

  194. 	case err == sql.ErrNoRows:

  195. 		return 0, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve user from database."}

  196. 	case err != nil:

  197. 		log.Error("Couldn't get collections count for user %d: %v", userID, err)

  198. 		return 0, err

  199. 	}

  200. 

  201. 	return collCount, nil

  202. }

  203. 

  204. func (db *datastore) CreateCollection(alias, title string, userID int64) (*Collection, error) {

  205. 	if db.PostIDExists(alias) {

  206. 		return nil, impart.HTTPError{http.StatusConflict, "Invalid collection name."}

  207. 	}

  208. 

  209. 	// All good, so create new collection

  210. 	res, err := db.Exec("INSERT INTO collections (alias, title, owner_id) VALUES (?, ?, ?)", alias, title, userID)

  211. 	if err != nil {

  212. 		if mysqlErr, ok := err.(*mysql.MySQLError); ok {

  213. 			if mysqlErr.Number == mySQLErrDuplicateKey {

  214. 				return nil, impart.HTTPError{http.StatusConflict, "Collection already exists."}

  215. 			}

  216. 		}

  217. 		log.Error("Couldn't add to collections: %v\n", err)

  218. 		return nil, err

  219. 	}

  220. 

  221. 	c := &Collection{

  222. 		Alias:       alias,

  223. 		Title:       title,

  224. 		OwnerID:     userID,

  225. 		PublicOwner: false,

  226. 	}

  227. 

  228. 	c.ID, err = res.LastInsertId()

  229. 	if err != nil {

  230. 		log.Error("Couldn't get collection LastInsertId: %v\n", err)

  231. 	}

  232. 

  233. 	return c, nil

  234. }

  235. 

  236. func (db *datastore) GetUserByID(id int64) (*User, error) {

  237. 	u := &User{ID: id}

  238. 

  239. 	err := db.QueryRow("SELECT username, password, email, created FROM users WHERE id = ?", id).Scan(&u.Username, &u.HashedPass, &u.Email, &u.Created)

  240. 	switch {

  241. 	case err == sql.ErrNoRows:

  242. 		return nil, ErrUserNotFound

  243. 	case err != nil:

  244. 		log.Error("Couldn't SELECT user password: %v", err)

  245. 		return nil, err

  246. 	}

  247. 

  248. 	return u, nil

  249. }

  250. 

  251. // DoesUserNeedAuth returns true if the user hasn't provided any methods for

  252. // authenticating with the account, such a passphrase or email address.

  253. // Any errors are reported to admin and silently quashed, returning false as the

  254. // result.

  255. func (db *datastore) DoesUserNeedAuth(id int64) bool {

  256. 	var pass, email []byte

  257. 

  258. 	// Find out if user has an email set first

  259. 	err := db.QueryRow("SELECT pass, email FROM users WHERE id = ?", id).Scan(&pass, &email)

  260. 	switch {

  261. 	case err == sql.ErrNoRows:

  262. 		// ERROR. Don't give false positives on needing auth methods

  263. 		return false

  264. 	case err != nil:

  265. 		// ERROR. Don't give false positives on needing auth methods

  266. 		log.Error("Couldn't SELECT user %d from users: %v", id, err)

  267. 		return false

  268. 	}

  269. 	// User doesn't need auth if there's an email

  270. 	return len(email) == 0 && len(pass) == 0

  271. }

  272. 

  273. func (db *datastore) IsUserPassSet(id int64) (bool, error) {

  274. 	var pass []byte

  275. 	err := db.QueryRow("SELECT pass FROM users WHERE id = ?", id).Scan(&pass)

  276. 	switch {

  277. 	case err == sql.ErrNoRows:

  278. 		return false, nil

  279. 	case err != nil:

  280. 		log.Error("Couldn't SELECT user %d from users: %v", id, err)

  281. 		return false, err

  282. 	}

  283. 

  284. 	return len(pass) > 0, nil

  285. }

  286. 

  287. func (db *datastore) GetUserForAuth(username string) (*User, error) {

  288. 	u := &User{Username: username}

  289. 

  290. 	err := db.QueryRow("SELECT id, password, email, created FROM users WHERE username = ?", username).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created)

  291. 	switch {

  292. 	case err == sql.ErrNoRows:

  293. 		return nil, ErrUserNotFound

  294. 	case err != nil:

  295. 		log.Error("Couldn't SELECT user password: %v", err)

  296. 		return nil, err

  297. 	}

  298. 

  299. 	return u, nil

  300. }

  301. 

  302. func (db *datastore) GetUserForAuthByID(userID int64) (*User, error) {

  303. 	u := &User{ID: userID}

  304. 

  305. 	err := db.QueryRow("SELECT id, password, email, created FROM users WHERE id = ?", u.ID).Scan(&u.ID, &u.HashedPass, &u.Email, &u.Created)

  306. 	switch {

  307. 	case err == sql.ErrNoRows:

  308. 		return nil, ErrUserNotFound

  309. 	case err != nil:

  310. 		log.Error("Couldn't SELECT userForAuthByID: %v", err)

  311. 		return nil, err

  312. 	}

  313. 

  314. 	return u, nil

  315. }

  316. 

  317. func (db *datastore) GetUserNameFromToken(accessToken string) (string, error) {

  318. 	t := auth.GetToken(accessToken)

  319. 	if len(t) == 0 {

  320. 		return "", ErrNoAccessToken

  321. 	}

  322. 

  323. 	var oneTime bool

  324. 	var username string

  325. 	err := db.QueryRow("SELECT username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&username, &oneTime)

  326. 	switch {

  327. 	case err == sql.ErrNoRows:

  328. 		return "", ErrBadAccessToken

  329. 	case err != nil:

  330. 		return "", ErrInternalGeneral

  331. 	}

  332. 

  333. 	// Delete token if it was one-time

  334. 	if oneTime {

  335. 		db.DeleteToken(t[:])

  336. 	}

  337. 

  338. 	return username, nil

  339. }

  340. 

  341. func (db *datastore) GetUserDataFromToken(accessToken string) (int64, string, error) {

  342. 	t := auth.GetToken(accessToken)

  343. 	if len(t) == 0 {

  344. 		return 0, "", ErrNoAccessToken

  345. 	}

  346. 

  347. 	var userID int64

  348. 	var oneTime bool

  349. 	var username string

  350. 	err := db.QueryRow("SELECT user_id, username, one_time FROM accesstokens LEFT JOIN users ON user_id = id WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&userID, &username, &oneTime)

  351. 	switch {

  352. 	case err == sql.ErrNoRows:

  353. 		return 0, "", ErrBadAccessToken

  354. 	case err != nil:

  355. 		return 0, "", ErrInternalGeneral

  356. 	}

  357. 

  358. 	// Delete token if it was one-time

  359. 	if oneTime {

  360. 		db.DeleteToken(t[:])

  361. 	}

  362. 

  363. 	return userID, username, nil

  364. }

  365. 

  366. func (db *datastore) GetAPIUser(header string) (*User, error) {

  367. 	uID := db.GetUserID(header)

  368. 	if uID == -1 {

  369. 		return nil, fmt.Errorf(ErrUserNotFound.Error())

  370. 	}

  371. 	return db.GetUserByID(uID)

  372. }

  373. 

  374. // GetUserID takes a hexadecimal accessToken, parses it into its binary

  375. // representation, and gets any user ID associated with the token. If no user

  376. // is associated, -1 is returned.

  377. func (db *datastore) GetUserID(accessToken string) int64 {

  378. 	i, _ := db.GetUserIDPrivilege(accessToken)

  379. 	return i

  380. }

  381. 

  382. func (db *datastore) GetUserIDPrivilege(accessToken string) (userID int64, sudo bool) {

  383. 	t := auth.GetToken(accessToken)

  384. 	if len(t) == 0 {

  385. 		return -1, false

  386. 	}

  387. 

  388. 	var oneTime bool

  389. 	err := db.QueryRow("SELECT user_id, sudo, one_time FROM accesstokens WHERE token = ? AND (expires IS NULL OR expires > NOW())", t).Scan(&userID, &sudo, &oneTime)

  390. 	switch {

  391. 	case err == sql.ErrNoRows:

  392. 		return -1, false

  393. 	case err != nil:

  394. 		return -1, false

  395. 	}

  396. 

  397. 	// Delete token if it was one-time

  398. 	if oneTime {

  399. 		db.DeleteToken(t[:])

  400. 	}

  401. 

  402. 	return

  403. }

  404. 

  405. func (db *datastore) DeleteToken(accessToken []byte) error {

  406. 	res, err := db.Exec("DELETE FROM accesstokens WHERE token = ?", accessToken)

  407. 	if err != nil {

  408. 		return err

  409. 	}

  410. 	rowsAffected, _ := res.RowsAffected()

  411. 	if rowsAffected == 0 {

  412. 		return impart.HTTPError{http.StatusNotFound, "Token is invalid or doesn't exist"}

  413. 	}

  414. 	return nil

  415. }

  416. 

  417. // FetchLastAccessToken creates a new non-expiring, valid access token for the given

  418. // userID.

  419. func (db *datastore) FetchLastAccessToken(userID int64) string {

  420. 	var t []byte

  421. 	err := db.QueryRow("SELECT token FROM accesstokens WHERE user_id = ? AND (expires IS NULL OR expires > NOW()) ORDER BY created DESC LIMIT 1", userID).Scan(&t)

  422. 	switch {

  423. 	case err == sql.ErrNoRows:

  424. 		return ""

  425. 	case err != nil:

  426. 		log.Error("Failed selecting from accesstoken: %v", err)

  427. 		return ""

  428. 	}

  429. 

  430. 	u, err := uuid.Parse(t)

  431. 	if err != nil {

  432. 		return ""

  433. 	}

  434. 	return u.String()

  435. }

  436. 

  437. // GetAccessToken creates a new non-expiring, valid access token for the given

  438. // userID.

  439. func (db *datastore) GetAccessToken(userID int64) (string, error) {

  440. 	return db.GetTemporaryOneTimeAccessToken(userID, 0, false)

  441. }

  442. 

  443. // GetTemporaryAccessToken creates a new valid access token for the given

  444. // userID that remains valid for the given time in seconds. If validSecs is 0,

  445. // the access token doesn't automatically expire.

  446. func (db *datastore) GetTemporaryAccessToken(userID int64, validSecs int) (string, error) {

  447. 	return db.GetTemporaryOneTimeAccessToken(userID, validSecs, false)

  448. }

  449. 

  450. // GetTemporaryOneTimeAccessToken creates a new valid access token for the given

  451. // userID that remains valid for the given time in seconds and can only be used

  452. // once if oneTime is true. If validSecs is 0, the access token doesn't

  453. // automatically expire.

  454. func (db *datastore) GetTemporaryOneTimeAccessToken(userID int64, validSecs int, oneTime bool) (string, error) {

  455. 	u, err := uuid.NewV4()

  456. 	if err != nil {

  457. 		log.Error("Unable to generate token: %v", err)

  458. 		return "", err

  459. 	}

  460. 

  461. 	// Insert UUID to `accesstokens`

  462. 	binTok := u[:]

  463. 

  464. 	expirationVal := "NULL"

  465. 	if validSecs > 0 {

  466. 		expirationVal = fmt.Sprintf("DATE_ADD(NOW(), INTERVAL %d SECOND)", validSecs)

  467. 	}

  468. 

  469. 	_, err = db.Exec("INSERT INTO accesstokens (token, user_id, created, one_time, expires) VALUES (?, ?, NOW(), ?, "+expirationVal+")", string(binTok), userID, oneTime)

  470. 	if err != nil {

  471. 		log.Error("Couldn't INSERT accesstoken: %v", err)

  472. 		return "", err

  473. 	}

  474. 

  475. 	return u.String(), nil

  476. }

  477. 

  478. func (db *datastore) CreateOwnedPost(post *SubmittedPost, accessToken, collAlias string) (*PublicPost, error) {

  479. 	var userID, collID int64 = -1, -1

  480. 	var coll *Collection

  481. 	var err error

  482. 	if accessToken != "" {

  483. 		userID = db.GetUserID(accessToken)

  484. 		if userID == -1 {

  485. 			return nil, ErrBadAccessToken

  486. 		}

  487. 		if collAlias != "" {

  488. 			coll, err = db.GetCollection(collAlias)

  489. 			if err != nil {

  490. 				return nil, err

  491. 			}

  492. 			if coll.OwnerID != userID {

  493. 				return nil, ErrForbiddenCollection

  494. 			}

  495. 			collID = coll.ID

  496. 		}

  497. 	}

  498. 

  499. 	rp := &PublicPost{}

  500. 	rp.Post, err = db.CreatePost(userID, collID, post)

  501. 	if err != nil {

  502. 		return rp, err

  503. 	}

  504. 	if coll != nil {

  505. 		coll.ForPublic()

  506. 		rp.Collection = &CollectionObj{Collection: *coll}

  507. 	}

  508. 	return rp, nil

  509. }

  510. 

  511. func (db *datastore) CreatePost(userID, collID int64, post *SubmittedPost) (*Post, error) {

  512. 	idLen := postIDLen

  513. 	friendlyID := store.GenerateFriendlyRandomString(idLen)

  514. 

  515. 	// Handle appearance / font face

  516. 	appearance := post.Font

  517. 	if !post.isFontValid() {

  518. 		appearance = "norm"

  519. 	}

  520. 

  521. 	var err error

  522. 	ownerID := sql.NullInt64{

  523. 		Valid: false,

  524. 	}

  525. 	ownerCollID := sql.NullInt64{

  526. 		Valid: false,

  527. 	}

  528. 	slug := sql.NullString{"", false}

  529. 

  530. 	// If an alias was supplied, we'll add this to the collection as well.

  531. 	if userID > 0 {

  532. 		ownerID.Int64 = userID

  533. 		ownerID.Valid = true

  534. 		if collID > 0 {

  535. 			ownerCollID.Int64 = collID

  536. 			ownerCollID.Valid = true

  537. 			var slugVal string

  538. 			if post.Title != nil && *post.Title != "" {

  539. 				slugVal = getSlug(*post.Title, post.Language.String)

  540. 				if slugVal == "" {

  541. 					slugVal = getSlug(*post.Content, post.Language.String)

  542. 				}

  543. 			} else {

  544. 				slugVal = getSlug(*post.Content, post.Language.String)

  545. 			}

  546. 			if slugVal == "" {

  547. 				slugVal = friendlyID

  548. 			}

  549. 			slug = sql.NullString{slugVal, true}

  550. 		}

  551. 	}

  552. 

  553. 	_, err = db.Exec("INSERT INTO posts (id, slug, title, content, text_appearance, language, rtl, owner_id, collection_id, updated) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())", friendlyID, slug, post.Title, post.Content, appearance, post.Language, post.IsRTL, ownerID, ownerCollID)

  554. 	if err != nil {

  555. 		if mysqlErr, ok := err.(*mysql.MySQLError); ok {

  556. 			if mysqlErr.Number == mySQLErrDuplicateKey {

  557. 				// Duplicate entry error; try a new slug

  558. 				// TODO: make this a little more robust

  559. 				// TODO: reuse exact same db.Exec statement as above

  560. 				slug = sql.NullString{id.GenSafeUniqueSlug(slug.String), true}

  561. 				_, err = db.Exec("INSERT INTO posts (id, slug, title, content, text_appearance, language, rtl, owner_id, collection_id, updated) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, NOW())", friendlyID, slug, post.Title, post.Content, appearance, post.Language, post.IsRTL, ownerID, ownerCollID)

  562. 				if err != nil {

  563. 					return nil, handleFailedPostInsert(fmt.Errorf("Retried slug generation, still failed: %v", err))

  564. 				}

  565. 			} else {

  566. 				return nil, handleFailedPostInsert(err)

  567. 			}

  568. 		} else {

  569. 			return nil, handleFailedPostInsert(err)

  570. 		}

  571. 	}

  572. 

  573. 	// TODO: return Created field in proper format

  574. 	return &Post{

  575. 		ID:           friendlyID,

  576. 		Slug:         null.NewString(slug.String, slug.Valid),

  577. 		Font:         appearance,

  578. 		Language:     zero.NewString(post.Language.String, post.Language.Valid),

  579. 		RTL:          zero.NewBool(post.IsRTL.Bool, post.IsRTL.Valid),

  580. 		OwnerID:      null.NewInt(userID, true),

  581. 		CollectionID: null.NewInt(userID, true),

  582. 		Created:      time.Now().Truncate(time.Second).UTC(),

  583. 		Updated:      time.Now().Truncate(time.Second).UTC(),

  584. 		Title:        zero.NewString(*(post.Title), true),

  585. 		Content:      *(post.Content),

  586. 	}, nil

  587. }

  588. 

  589. // UpdateOwnedPost updates an existing post with only the given fields in the

  590. // supplied AuthenticatedPost.

  591. func (db *datastore) UpdateOwnedPost(post *AuthenticatedPost, userID int64) error {

  592. 	params := []interface{}{}

  593. 	var queryUpdates, sep, authCondition string

  594. 	if post.Slug != nil && *post.Slug != "" {

  595. 		queryUpdates += sep + "slug = ?"

  596. 		sep = ", "

  597. 		params = append(params, getSlug(*post.Slug, ""))

  598. 	}

  599. 	if post.Content != nil {

  600. 		queryUpdates += sep + "content = ?"

  601. 		sep = ", "

  602. 		params = append(params, post.Content)

  603. 	}

  604. 	if post.Title != nil {

  605. 		queryUpdates += sep + "title = ?"

  606. 		sep = ", "

  607. 		params = append(params, post.Title)

  608. 	}

  609. 	if post.Language.Valid {

  610. 		queryUpdates += sep + "language = ?"

  611. 		sep = ", "

  612. 		params = append(params, post.Language.String)

  613. 	}

  614. 	if post.IsRTL.Valid {

  615. 		queryUpdates += sep + "rtl = ?"

  616. 		sep = ", "

  617. 		params = append(params, post.IsRTL.Bool)

  618. 	}

  619. 	if post.Font != "" {

  620. 		queryUpdates += sep + "text_appearance = ?"

  621. 		sep = ", "

  622. 		params = append(params, post.Font)

  623. 	}

  624. 	if post.Created != nil {

  625. 		createTime, err := time.Parse(postMetaDateFormat, *post.Created)

  626. 		if err != nil {

  627. 			log.Error("Unable to parse Created date: %v", err)

  628. 			return fmt.Errorf("That's the incorrect format for Created date.")

  629. 		}

  630. 		queryUpdates += sep + "created = ?"

  631. 		sep = ", "

  632. 		params = append(params, createTime)

  633. 	}

  634. 

  635. 	// WHERE parameters...

  636. 	// id = ?

  637. 	params = append(params, post.ID)

  638. 	// AND owner_id = ?

  639. 	authCondition = "(owner_id = ?)"

  640. 	params = append(params, userID)

  641. 

  642. 	if queryUpdates == "" {

  643. 		return ErrPostNoUpdatableVals

  644. 	}

  645. 

  646. 	queryUpdates += sep + "updated = NOW()"

  647. 

  648. 	res, err := db.Exec("UPDATE posts SET "+queryUpdates+" WHERE id = ? AND "+authCondition, params...)

  649. 	if err != nil {

  650. 		log.Error("Unable to update owned post: %v", err)

  651. 		return err

  652. 	}

  653. 

  654. 	rowsAffected, _ := res.RowsAffected()

  655. 	if rowsAffected == 0 {

  656. 		// Show the correct error message if nothing was updated

  657. 		var dummy int

  658. 		err := db.QueryRow("SELECT 1 FROM posts WHERE id = ? AND "+authCondition, post.ID, params[len(params)-1]).Scan(&dummy)

  659. 		switch {

  660. 		case err == sql.ErrNoRows:

  661. 			return ErrUnauthorizedEditPost

  662. 		case err != nil:

  663. 			log.Error("Failed selecting from posts: %v", err)

  664. 		}

  665. 		return nil

  666. 	}

  667. 

  668. 	return nil

  669. }

  670. 

  671. func (db *datastore) GetCollectionBy(condition string, value interface{}) (*Collection, error) {

  672. 	c := &Collection{}

  673. 

  674. 	// FIXME: change Collection to reflect database values. Add helper functions to get actual values

  675. 	var styleSheet, script, format, customHandle zero.String

  676. 	row := db.QueryRow("SELECT id, alias, title, description, style_sheet, script, format, owner_id, privacy, handle, view_count FROM collections WHERE "+condition, value)

  677. 

  678. 	err := row.Scan(&c.ID, &c.Alias, &c.Title, &c.Description, &styleSheet, &script, &format, &c.OwnerID, &c.Visibility, &customHandle, &c.Views)

  679. 	switch {

  680. 	case err == sql.ErrNoRows:

  681. 		return nil, impart.HTTPError{http.StatusNotFound, "Collection doesn't exist."}

  682. 	case err != nil:

  683. 		log.Error("Failed selecting from collections: %v", err)

  684. 		return nil, err

  685. 	}

  686. 	c.CustomHandle = customHandle.String

  687. 	c.StyleSheet = styleSheet.String

  688. 	c.Script = script.String

  689. 	c.Format = format.String

  690. 	c.Public = c.IsPublic()

  691. 	// TODO: set app to c

  692. 

  693. 	return c, nil

  694. }

  695. 

  696. func (db *datastore) GetCollection(alias string) (*Collection, error) {

  697. 	return db.GetCollectionBy("alias = ?", alias)

  698. }

  699. 

  700. func (db *datastore) GetCollectionForPad(alias string) (*Collection, error) {

  701. 	c := &Collection{Alias: alias}

  702. 

  703. 	row := db.QueryRow("SELECT id, alias, title, description, privacy FROM collections WHERE alias = ?", alias)

  704. 

  705. 	err := row.Scan(&c.ID, &c.Alias, &c.Title, &c.Description, &c.Visibility)

  706. 	switch {

  707. 	case err == sql.ErrNoRows:

  708. 		return c, impart.HTTPError{http.StatusNotFound, "Collection doesn't exist."}

  709. 	case err != nil:

  710. 		log.Error("Failed selecting from collections: %v", err)

  711. 		return c, ErrInternalGeneral

  712. 	}

  713. 	c.Public = c.IsPublic()

  714. 

  715. 	return c, nil

  716. }

  717. 

  718. func (db *datastore) GetCollectionFromDomain(host string) (*Collection, error) {

  719. 	return db.GetCollectionBy("host = ?", host)

  720. }

  721. 

  722. func (db *datastore) UpdateCollection(c *SubmittedCollection, alias string) error {

  723. 	q := query.NewUpdate().

  724. 		SetStringPtr(c.Title, "title").

  725. 		SetStringPtr(c.Description, "description").

  726. 		SetBoolPtr(c.PreferSubdomain, "prefer_subdomain").

  727. 		SetNullString(c.StyleSheet, "style_sheet").

  728. 		SetNullString(c.Script, "script")

  729. 

  730. 	if c.Format != nil {

  731. 		cf := &CollectionFormat{Format: c.Format.String}

  732. 		if cf.Valid() {

  733. 			q.SetNullString(c.Format, "format")

  734. 		}

  735. 	}

  736. 

  737. 	var updatePass bool

  738. 	if c.Visibility != nil && (collVisibility(*c.Visibility)&CollProtected == 0 || c.Pass != "") {

  739. 		q.SetIntPtr(c.Visibility, "privacy")

  740. 		if c.Pass != "" {

  741. 			updatePass = true

  742. 		}

  743. 	}

  744. 

  745. 	// WHERE values

  746. 	q.Where("alias = ? AND owner_id = ?", alias, c.OwnerID)

  747. 

  748. 	if q.Updates == "" {

  749. 		return ErrPostNoUpdatableVals

  750. 	}

  751. 

  752. 	// Find any current domain

  753. 	var collID int64

  754. 	var currentDomain sql.NullString

  755. 	var rowsAffected int64

  756. 	var changed bool

  757. 	var res sql.Result

  758. 	err := db.QueryRow("SELECT id, host FROM collections LEFT JOIN domains ON id = collection_id WHERE alias = ?", alias).Scan(&collID, &currentDomain)

  759. 	if err != nil {

  760. 		log.Error("Failed selecting from domains: %v", err)

  761. 		return impart.HTTPError{http.StatusInternalServerError, "Couldn't update custom domain."}

  762. 	}

  763. 

  764. 	// Update MathJax value

  765. 	if c.MathJax {

  766. 		_, err = db.Exec("INSERT INTO collectionattributes (collection_id, attribute, value) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE value = ?", collID, "render_mathjax", "1", "1")

  767. 		if err != nil {

  768. 			log.Error("Unable to insert render_mathjax value: %v", err)

  769. 			return err

  770. 		}

  771. 	} else {

  772. 		_, err = db.Exec("DELETE FROM collectionattributes WHERE collection_id = ? AND attribute = ?", collID, "render_mathjax")

  773. 		if err != nil {

  774. 			log.Error("Unable to delete render_mathjax value: %v", err)

  775. 			return err

  776. 		}

  777. 	}

  778. 

  779. 	if currentDomain.String != c.Domain.String {

  780. 		if c.Domain.String == "" {

  781. 			_, err := db.Exec("DELETE FROM domains WHERE collection_id = ?", collID)

  782. 			if err != nil {

  783. 				log.Error("Unable to delete domain %s from domains: %s", currentDomain.String, err)

  784. 			}

  785. 		} else if !currentDomain.Valid {

  786. 			c.Domain.String = strings.ToLower(c.Domain.String)

  787. 			// There is no current domain; add it

  788. 			res, err = db.Exec("INSERT INTO domains (host, collection_id, handle) VALUES (?, ?, ?)", c.Domain, collID, c.FediverseHandle())

  789. 			if err != nil {

  790. 				log.Error("Unable to insert domain: %v", err)

  791. 				return err

  792. 			}

  793. 			changed = true

  794. 		} else {

  795. 			c.Domain.String = strings.ToLower(c.Domain.String)

  796. 			// Update the current domain

  797. 			res, err = db.Exec("UPDATE domains SET host = ?, handle = ?, last_checked = NULL WHERE collection_id = ?", c.Domain, c.FediverseHandle(), collID)

  798. 			if err != nil {

  799. 				log.Error("Unable to update domain: %v", err)

  800. 			} else {

  801. 				rowsAffected, _ = res.RowsAffected()

  802. 				if rowsAffected > 0 {

  803. 					changed = true

  804. 				}

  805. 			}

  806. 		}

  807. 	} else if c.Handle != "" {

  808. 		_, err = db.Exec("UPDATE domains SET handle = ? WHERE collection_id = ?", c.FediverseHandle(), collID)

  809. 		if err != nil {

  810. 			log.Error("Unable to update domain handle (only): %v", err)

  811. 			return err

  812. 		}

  813. 	}

  814. 

  815. 	// Update rest of the collection data

  816. 	res, err = db.Exec("UPDATE collections SET "+q.Updates+" WHERE "+q.Conditions, q.Params...)

  817. 	if err != nil {

  818. 		log.Error("Unable to update collection: %v", err)

  819. 		return err

  820. 	}

  821. 

  822. 	rowsAffected, _ = res.RowsAffected()

  823. 	if !changed || rowsAffected == 0 {

  824. 		// Show the correct error message if nothing was updated

  825. 		var dummy int

  826. 		err := db.QueryRow("SELECT 1 FROM collections WHERE alias = ? AND owner_id = ?", alias, c.OwnerID).Scan(&dummy)

  827. 		switch {

  828. 		case err == sql.ErrNoRows:

  829. 			return ErrUnauthorizedEditPost

  830. 		case err != nil:

  831. 			log.Error("Failed selecting from collections: %v", err)

  832. 		}

  833. 		if !updatePass {

  834. 			return nil

  835. 		}

  836. 	}

  837. 

  838. 	if updatePass {

  839. 		hashedPass, err := auth.HashPass([]byte(c.Pass))

  840. 		if err != nil {

  841. 			log.Error("Unable to create hash: %s", err)

  842. 			return impart.HTTPError{http.StatusInternalServerError, "Could not create password hash."}

  843. 		}

  844. 		_, err = db.Exec("INSERT INTO collectionpasswords (collection_id, password) VALUES ((SELECT id FROM collections WHERE alias = ?), ?) ON DUPLICATE KEY UPDATE password = ?", alias, hashedPass, hashedPass)

  845. 		if err != nil {

  846. 			return err

  847. 		}

  848. 	}

  849. 

  850. 	return nil

  851. }

  852. 

  853. // GetFuzzyDomain takes an attempted host and finds any potential authoritative

  854. // domains where the user should be redirected

  855. func (db *datastore) GetFuzzyDomain(host string) string {

  856. 	if strings.HasPrefix(host, "www.") {

  857. 		host = host[strings.Index(host, ".")+1:]

  858. 	} else {

  859. 		return ""

  860. 	}

  861. 	var curHost string

  862. 	var active, secure bool

  863. 	err := db.QueryRow("SELECT host, is_active, is_secure FROM domains WHERE host = ?", host).Scan(&curHost, &active, &secure)

  864. 	if err != nil {

  865. 		if err != sql.ErrNoRows {

  866. 			log.Error("Failed fuzzy domain check for %s: %v", host, err)

  867. 		}

  868. 		return ""

  869. 	}

  870. 	if !active {

  871. 		return ""

  872. 	}

  873. 	if secure {

  874. 		curHost = "https://" + curHost

  875. 	} else {

  876. 		curHost = "http://" + curHost

  877. 	}

  878. 	return curHost

  879. }

  880. 

  881. const postCols = "id, slug, text_appearance, language, rtl, privacy, owner_id, collection_id, pinned_position, created, updated, view_count, title, content"

  882. 

  883. // getEditablePost returns a PublicPost with the given ID only if the given

  884. // edit token is valid for the post.

  885. func (db *datastore) GetEditablePost(id, editToken string) (*PublicPost, error) {

  886. 	// FIXME: code duplicated from getPost()

  887. 	// TODO: add slight logic difference to getPost / one func

  888. 	var ownerName sql.NullString

  889. 	p := &Post{}

  890. 

  891. 	row := db.QueryRow("SELECT "+postCols+", (SELECT username FROM users WHERE users.id = posts.owner_id) AS username FROM posts WHERE id = ? LIMIT 1", id)

  892. 	err := row.Scan(&p.ID, &p.Slug, &p.Font, &p.Language, &p.RTL, &p.Privacy, &p.OwnerID, &p.CollectionID, &p.PinnedPosition, &p.Created, &p.Updated, &p.ViewCount, &p.Title, &p.Content, &ownerName)

  893. 	switch {

  894. 	case err == sql.ErrNoRows:

  895. 		return nil, ErrPostNotFound

  896. 	case err != nil:

  897. 		log.Error("Failed selecting from collections: %v", err)

  898. 		return nil, err

  899. 	}

  900. 

  901. 	if p.Content == "" {

  902. 		return nil, ErrPostUnpublished

  903. 	}

  904. 

  905. 	res := p.processPost()

  906. 	if ownerName.Valid {

  907. 		res.Owner = &PublicUser{Username: ownerName.String}

  908. 	}

  909. 

  910. 	return &res, nil

  911. }

  912. 

  913. func (db *datastore) PostIDExists(id string) bool {

  914. 	var dummy bool

  915. 	err := db.QueryRow("SELECT 1 FROM posts WHERE id = ?", id).Scan(&dummy)

  916. 	return err == nil && dummy

  917. }

  918. 

  919. // GetPost gets a public-facing post object from the database. If collectionID

  920. // is > 0, the post will be retrieved by slug and collection ID, rather than

  921. // post ID.

  922. // TODO: break this into two functions:

  923. //   - GetPost(id string)

  924. //   - GetCollectionPost(slug string, collectionID int64)

  925. func (db *datastore) GetPost(id string, collectionID int64) (*PublicPost, error) {

  926. 	var ownerName sql.NullString

  927. 	p := &Post{}

  928. 

  929. 	var row *sql.Row

  930. 	var where string

  931. 	params := []interface{}{id}

  932. 	if collectionID > 0 {

  933. 		where = "slug = ? AND collection_id = ?"

  934. 		params = append(params, collectionID)

  935. 	} else {

  936. 		where = "id = ?"

  937. 	}

  938. 	row = db.QueryRow("SELECT "+postCols+", (SELECT username FROM users WHERE users.id = posts.owner_id) AS username FROM posts WHERE "+where+" LIMIT 1", params...)

  939. 	err := row.Scan(&p.ID, &p.Slug, &p.Font, &p.Language, &p.RTL, &p.Privacy, &p.OwnerID, &p.CollectionID, &p.PinnedPosition, &p.Created, &p.Updated, &p.ViewCount, &p.Title, &p.Content, &ownerName)

  940. 	switch {

  941. 	case err == sql.ErrNoRows:

  942. 		if collectionID > 0 {

  943. 			return nil, ErrCollectionPageNotFound

  944. 		}

  945. 		return nil, ErrPostNotFound

  946. 	case err != nil:

  947. 		log.Error("Failed selecting from collections: %v", err)

  948. 		return nil, err

  949. 	}

  950. 

  951. 	if p.Content == "" {

  952. 		return nil, ErrPostUnpublished

  953. 	}

  954. 

  955. 	res := p.processPost()

  956. 	if ownerName.Valid {

  957. 		res.Owner = &PublicUser{Username: ownerName.String}

  958. 	}

  959. 

  960. 	return &res, nil

  961. }

  962. 

  963. // TODO: don't duplicate getPost() functionality

  964. func (db *datastore) GetOwnedPost(id string, ownerID int64) (*PublicPost, error) {

  965. 	p := &Post{}

  966. 

  967. 	var row *sql.Row

  968. 	where := "id = ? AND owner_id = ?"

  969. 	params := []interface{}{id, ownerID}

  970. 	row = db.QueryRow("SELECT "+postCols+" FROM posts WHERE "+where+" LIMIT 1", params...)

  971. 	err := row.Scan(&p.ID, &p.Slug, &p.Font, &p.Language, &p.RTL, &p.Privacy, &p.OwnerID, &p.CollectionID, &p.PinnedPosition, &p.Created, &p.Updated, &p.ViewCount, &p.Title, &p.Content)

  972. 	switch {

  973. 	case err == sql.ErrNoRows:

  974. 		return nil, ErrPostNotFound

  975. 	case err != nil:

  976. 		log.Error("Failed selecting from collections: %v", err)

  977. 		return nil, err

  978. 	}

  979. 

  980. 	if p.Content == "" {

  981. 		return nil, ErrPostUnpublished

  982. 	}

  983. 

  984. 	res := p.processPost()

  985. 

  986. 	return &res, nil

  987. }

  988. 

  989. func (db *datastore) GetPostProperty(id string, collectionID int64, property string) (interface{}, error) {

  990. 	propSelects := map[string]string{

  991. 		"views": "view_count AS views",

  992. 	}

  993. 	selectQuery, ok := propSelects[property]

  994. 	if !ok {

  995. 		return nil, impart.HTTPError{http.StatusBadRequest, fmt.Sprintf("Invalid property: %s.", property)}

  996. 	}

  997. 

  998. 	var res interface{}

  999. 	var row *sql.Row

  1000. 	if collectionID != 0 {

  1001. 		row = db.QueryRow("SELECT "+selectQuery+" FROM posts WHERE slug = ? AND collection_id = ? LIMIT 1", id, collectionID)

  1002. 	} else {

  1003. 		row = db.QueryRow("SELECT "+selectQuery+" FROM posts WHERE id = ? LIMIT 1", id)

  1004. 	}

  1005. 	err := row.Scan(&res)

  1006. 	switch {

  1007. 	case err == sql.ErrNoRows:

  1008. 		return nil, impart.HTTPError{http.StatusNotFound, "Post not found."}

  1009. 	case err != nil:

  1010. 		log.Error("Failed selecting post: %v", err)

  1011. 		return nil, err

  1012. 	}

  1013. 

  1014. 	return res, nil

  1015. }

  1016. 

  1017. // GetPostsCount modifies the CollectionObj to include the correct number of

  1018. // standard (non-pinned) posts. It will return future posts if `includeFuture`

  1019. // is true.

  1020. func (db *datastore) GetPostsCount(c *CollectionObj, includeFuture bool) {

  1021. 	var count int64

  1022. 	timeCondition := ""

  1023. 	if !includeFuture {

  1024. 		timeCondition = "AND created <= NOW()"

  1025. 	}

  1026. 	err := db.QueryRow("SELECT COUNT(*) FROM posts WHERE collection_id = ? AND pinned_position IS NULL "+timeCondition, c.ID).Scan(&count)

  1027. 	switch {

  1028. 	case err == sql.ErrNoRows:

  1029. 		c.TotalPosts = 0

  1030. 	case err != nil:

  1031. 		log.Error("Failed selecting from collections: %v", err)

  1032. 		c.TotalPosts = 0

  1033. 	}

  1034. 

  1035. 	c.TotalPosts = int(count)

  1036. }

  1037. 

  1038. // GetPosts retrieves all standard (non-pinned) posts for the given Collection.

  1039. // It will return future posts if `includeFuture` is true.

  1040. // TODO: change includeFuture to isOwner, since that's how it's used

  1041. func (db *datastore) GetPosts(c *Collection, page int, includeFuture bool) (*[]PublicPost, error) {

  1042. 	collID := c.ID

  1043. 

  1044. 	cf := c.NewFormat()

  1045. 	order := "DESC"

  1046. 	if cf.Ascending() {

  1047. 		order = "ASC"

  1048. 	}

  1049. 

  1050. 	pagePosts := cf.PostsPerPage()

  1051. 	start := page*pagePosts - pagePosts

  1052. 	if page == 0 {

  1053. 		start = 0

  1054. 		pagePosts = 1000

  1055. 	}

  1056. 

  1057. 	limitStr := ""

  1058. 	if page > 0 {

  1059. 		limitStr = fmt.Sprintf(" LIMIT %d, %d", start, pagePosts)

  1060. 	}

  1061. 	timeCondition := ""

  1062. 	if !includeFuture {

  1063. 		timeCondition = "AND created <= NOW()"

  1064. 	}

  1065. 	rows, err := db.Query("SELECT "+postCols+" FROM posts WHERE collection_id = ? AND pinned_position IS NULL "+timeCondition+" ORDER BY created "+order+limitStr, collID)

  1066. 	if err != nil {

  1067. 		log.Error("Failed selecting from posts: %v", err)

  1068. 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve collection posts."}

  1069. 	}

  1070. 	defer rows.Close()

  1071. 

  1072. 	// TODO: extract this common row scanning logic for queries using `postCols`

  1073. 	posts := []PublicPost{}

  1074. 	for rows.Next() {

  1075. 		p := &Post{}

  1076. 		err = rows.Scan(&p.ID, &p.Slug, &p.Font, &p.Language, &p.RTL, &p.Privacy, &p.OwnerID, &p.CollectionID, &p.PinnedPosition, &p.Created, &p.Updated, &p.ViewCount, &p.Title, &p.Content)

  1077. 		if err != nil {

  1078. 			log.Error("Failed scanning row: %v", err)

  1079. 			break

  1080. 		}

  1081. 		p.extractData()

  1082. 		p.formatContent(c, includeFuture)

  1083. 

  1084. 		posts = append(posts, p.processPost())

  1085. 	}

  1086. 	err = rows.Err()

  1087. 	if err != nil {

  1088. 		log.Error("Error after Next() on rows: %v", err)

  1089. 	}

  1090. 

  1091. 	return &posts, nil

  1092. }

  1093. 

  1094. // GetPostsTagged retrieves all posts on the given Collection that contain the

  1095. // given tag.

  1096. // It will return future posts if `includeFuture` is true.

  1097. // TODO: change includeFuture to isOwner, since that's how it's used

  1098. func (db *datastore) GetPostsTagged(c *Collection, tag string, page int, includeFuture bool) (*[]PublicPost, error) {

  1099. 	collID := c.ID

  1100. 

  1101. 	cf := c.NewFormat()

  1102. 	order := "DESC"

  1103. 	if cf.Ascending() {

  1104. 		order = "ASC"

  1105. 	}

  1106. 

  1107. 	pagePosts := cf.PostsPerPage()

  1108. 	start := page*pagePosts - pagePosts

  1109. 	if page == 0 {

  1110. 		start = 0

  1111. 		pagePosts = 1000

  1112. 	}

  1113. 

  1114. 	limitStr := ""

  1115. 	if page > 0 {

  1116. 		limitStr = fmt.Sprintf(" LIMIT %d, %d", start, pagePosts)

  1117. 	}

  1118. 	timeCondition := ""

  1119. 	if !includeFuture {

  1120. 		timeCondition = "AND created <= NOW()"

  1121. 	}

  1122. 	rows, err := db.Query("SELECT "+postCols+" FROM posts WHERE collection_id = ? AND LOWER(content) RLIKE ? "+timeCondition+" ORDER BY created "+order+limitStr, collID, "#"+strings.ToLower(tag)+"[[:>:]]")

  1123. 	if err != nil {

  1124. 		log.Error("Failed selecting from posts: %v", err)

  1125. 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve collection posts."}

  1126. 	}

  1127. 	defer rows.Close()

  1128. 

  1129. 	// TODO: extract this common row scanning logic for queries using `postCols`

  1130. 	posts := []PublicPost{}

  1131. 	for rows.Next() {

  1132. 		p := &Post{}

  1133. 		err = rows.Scan(&p.ID, &p.Slug, &p.Font, &p.Language, &p.RTL, &p.Privacy, &p.OwnerID, &p.CollectionID, &p.PinnedPosition, &p.Created, &p.Updated, &p.ViewCount, &p.Title, &p.Content)

  1134. 		if err != nil {

  1135. 			log.Error("Failed scanning row: %v", err)

  1136. 			break

  1137. 		}

  1138. 		p.extractData()

  1139. 		p.formatContent(c, includeFuture)

  1140. 

  1141. 		posts = append(posts, p.processPost())

  1142. 	}

  1143. 	err = rows.Err()

  1144. 	if err != nil {

  1145. 		log.Error("Error after Next() on rows: %v", err)

  1146. 	}

  1147. 

  1148. 	return &posts, nil

  1149. }

  1150. 

  1151. func (db *datastore) GetAPFollowers(c *Collection) (*[]RemoteUser, error) {

  1152. 	rows, err := db.Query("SELECT actor_id, inbox, shared_inbox FROM remotefollows f INNER JOIN remoteusers u ON f.remote_user_id = u.id WHERE collection_id = ?", c.ID)

  1153. 	if err != nil {

  1154. 		log.Error("Failed selecting from followers: %v", err)

  1155. 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve followers."}

  1156. 	}

  1157. 	defer rows.Close()

  1158. 

  1159. 	followers := []RemoteUser{}

  1160. 	for rows.Next() {

  1161. 		f := RemoteUser{}

  1162. 		err = rows.Scan(&f.ActorID, &f.Inbox, &f.SharedInbox)

  1163. 		followers = append(followers, f)

  1164. 	}

  1165. 	return &followers, nil

  1166. }

  1167. 

  1168. // CanCollect returns whether or not the given user can add the given post to a

  1169. // collection. This is true when a post is already owned by the user.

  1170. // NOTE: this is currently only used to potentially add owned posts to a

  1171. // collection. This has the SIDE EFFECT of also generating a slug for the post.

  1172. // FIXME: make this side effect more explicit (or extract it)

  1173. func (db *datastore) CanCollect(cpr *ClaimPostRequest, userID int64) bool {

  1174. 	var title, content string

  1175. 	var lang sql.NullString

  1176. 	err := db.QueryRow("SELECT title, content, language FROM posts WHERE id = ? AND owner_id = ?", cpr.ID, userID).Scan(&title, &content, &lang)

  1177. 	switch {

  1178. 	case err == sql.ErrNoRows:

  1179. 		return false

  1180. 	case err != nil:

  1181. 		log.Error("Failed on post CanCollect(%s, %d): %v", cpr.ID, userID, err)

  1182. 		return false

  1183. 	}

  1184. 

  1185. 	// Since we have the post content and the post is collectable, generate the

  1186. 	// post's slug now.

  1187. 	cpr.Slug = getSlugFromPost(title, content, lang.String)

  1188. 

  1189. 	return true

  1190. }

  1191. 

  1192. func (db *datastore) AttemptClaim(p *ClaimPostRequest, query string, params []interface{}, slugIdx int) (sql.Result, error) {

  1193. 	qRes, err := db.Exec(query, params...)

  1194. 	if err != nil {

  1195. 		if mysqlErr, ok := err.(*mysql.MySQLError); ok {

  1196. 			if mysqlErr.Number == mySQLErrDuplicateKey && slugIdx > -1 {

  1197. 				s := id.GenSafeUniqueSlug(p.Slug)

  1198. 				if s == p.Slug {

  1199. 					// Sanity check to prevent infinite recursion

  1200. 					return qRes, fmt.Errorf("GenSafeUniqueSlug generated nothing unique: %s", s)

  1201. 				}

  1202. 				p.Slug = s

  1203. 				params[slugIdx] = p.Slug

  1204. 				return db.AttemptClaim(p, query, params, slugIdx)

  1205. 			}

  1206. 		}

  1207. 		return qRes, fmt.Errorf("attemptClaim: %s", err)

  1208. 	}

  1209. 	return qRes, nil

  1210. }

  1211. 

  1212. func (db *datastore) DispersePosts(userID int64, postIDs []string) (*[]ClaimPostResult, error) {

  1213. 	postClaimReqs := map[string]bool{}

  1214. 	res := []ClaimPostResult{}

  1215. 	for i := range postIDs {

  1216. 		postID := postIDs[i]

  1217. 

  1218. 		r := ClaimPostResult{Code: 0, ErrorMessage: ""}

  1219. 

  1220. 		// Perform post validation

  1221. 		if postID == "" {

  1222. 			r.ErrorMessage = "Missing post ID. "

  1223. 		}

  1224. 		if _, ok := postClaimReqs[postID]; ok {

  1225. 			r.Code = 429

  1226. 			r.ErrorMessage = "You've already tried anonymizing this post."

  1227. 			r.ID = postID

  1228. 			res = append(res, r)

  1229. 			continue

  1230. 		}

  1231. 		postClaimReqs[postID] = true

  1232. 

  1233. 		var err error

  1234. 		// Get full post information to return

  1235. 		var fullPost *PublicPost

  1236. 		fullPost, err = db.GetPost(postID, 0)

  1237. 		if err != nil {

  1238. 			if err, ok := err.(impart.HTTPError); ok {

  1239. 				r.Code = err.Status

  1240. 				r.ErrorMessage = err.Message

  1241. 				r.ID = postID

  1242. 				res = append(res, r)

  1243. 				continue

  1244. 			} else {

  1245. 				log.Error("Error getting post in dispersePosts: %v", err)

  1246. 			}

  1247. 		}

  1248. 		if fullPost.OwnerID.Int64 != userID {

  1249. 			r.Code = http.StatusConflict

  1250. 			r.ErrorMessage = "Post is already owned by someone else."

  1251. 			r.ID = postID

  1252. 			res = append(res, r)

  1253. 			continue

  1254. 		}

  1255. 

  1256. 		var qRes sql.Result

  1257. 		var query string

  1258. 		var params []interface{}

  1259. 		// Do AND owner_id = ? for sanity.

  1260. 		// This should've been caught and returned with a good error message

  1261. 		// just above.

  1262. 		query = "UPDATE posts SET collection_id = NULL WHERE id = ? AND owner_id = ?"

  1263. 		params = []interface{}{postID, userID}

  1264. 		qRes, err = db.Exec(query, params...)

  1265. 		if err != nil {

  1266. 			r.Code = http.StatusInternalServerError

  1267. 			r.ErrorMessage = "A glitch happened on our end."

  1268. 			r.ID = postID

  1269. 			res = append(res, r)

  1270. 			log.Error("dispersePosts (post %s): %v", postID, err)

  1271. 			continue

  1272. 		}

  1273. 

  1274. 		// Post was successfully dispersed

  1275. 		r.Code = http.StatusOK

  1276. 		r.Post = fullPost

  1277. 

  1278. 		rowsAffected, _ := qRes.RowsAffected()

  1279. 		if rowsAffected == 0 {

  1280. 			// This was already claimed, but return 200

  1281. 			r.Code = http.StatusOK

  1282. 		}

  1283. 		res = append(res, r)

  1284. 	}

  1285. 

  1286. 	return &res, nil

  1287. }

  1288. 

  1289. func (db *datastore) ClaimPosts(userID int64, collAlias string, posts *[]ClaimPostRequest) (*[]ClaimPostResult, error) {

  1290. 	postClaimReqs := map[string]bool{}

  1291. 	res := []ClaimPostResult{}

  1292. 	postCollAlias := collAlias

  1293. 	for i := range *posts {

  1294. 		p := (*posts)[i]

  1295. 		if &p == nil {

  1296. 			continue

  1297. 		}

  1298. 

  1299. 		r := ClaimPostResult{Code: 0, ErrorMessage: ""}

  1300. 

  1301. 		// Perform post validation

  1302. 		if p.ID == "" {

  1303. 			r.ErrorMessage = "Missing post ID `id`. "

  1304. 		}

  1305. 		if _, ok := postClaimReqs[p.ID]; ok {

  1306. 			r.Code = 429

  1307. 			r.ErrorMessage = "You've already tried claiming this post."

  1308. 			r.ID = p.ID

  1309. 			res = append(res, r)

  1310. 			continue

  1311. 		}

  1312. 		postClaimReqs[p.ID] = true

  1313. 

  1314. 		canCollect := db.CanCollect(&p, userID)

  1315. 		if !canCollect && p.Token == "" {

  1316. 			// TODO: ensure post isn't owned by anyone else when a valid modify

  1317. 			// token is given.

  1318. 			r.ErrorMessage += "Missing post Edit Token `token`."

  1319. 		}

  1320. 		if r.ErrorMessage != "" {

  1321. 			// Post validate failed

  1322. 			r.Code = http.StatusBadRequest

  1323. 			r.ID = p.ID

  1324. 			res = append(res, r)

  1325. 			continue

  1326. 		}

  1327. 

  1328. 		var err error

  1329. 		var qRes sql.Result

  1330. 		var query string

  1331. 		var params []interface{}

  1332. 		var slugIdx int = -1

  1333. 		if collAlias == "" {

  1334. 			// Posts are being claimed at /posts/claim, not

  1335. 			// /collections/{alias}/collect, so use given individual collection

  1336. 			// to associate post with.

  1337. 			postCollAlias = p.CollectionAlias

  1338. 		}

  1339. 		if postCollAlias != "" {

  1340. 			// Associate this post with a collection

  1341. 			var coll *Collection

  1342. 			if p.CreateCollection {

  1343. 				// This is a new collection

  1344. 				// TODO: consider removing this. This seriously complicates this

  1345. 				// method and adds another (unnecessary?) logic path.

  1346. 				coll, err = db.CreateCollection(postCollAlias, "", userID)

  1347. 				if err != nil {

  1348. 					if err, ok := err.(impart.HTTPError); ok {

  1349. 						r.Code = err.Status

  1350. 						r.ErrorMessage = err.Message

  1351. 					} else {

  1352. 						r.Code = http.StatusInternalServerError

  1353. 						r.ErrorMessage = "Unknown error occurred creating collection"

  1354. 					}

  1355. 					r.ID = p.ID

  1356. 					res = append(res, r)

  1357. 					continue

  1358. 				}

  1359. 			} else {

  1360. 				// Attempt to add to existing collection

  1361. 				coll, err = db.GetCollection(postCollAlias)

  1362. 				if err != nil {

  1363. 					if err, ok := err.(impart.HTTPError); ok {

  1364. 						if err.Status == http.StatusNotFound {

  1365. 							// Show obfuscated "forbidden" response, as if attempting to add to an

  1366. 							// unowned blog.

  1367. 							r.Code = ErrForbiddenCollection.Status

  1368. 							r.ErrorMessage = ErrForbiddenCollection.Message

  1369. 						} else {

  1370. 							r.Code = err.Status

  1371. 							r.ErrorMessage = err.Message

  1372. 						}

  1373. 					} else {

  1374. 						r.Code = http.StatusInternalServerError

  1375. 						r.ErrorMessage = "Unknown error occurred claiming post with collection"

  1376. 					}

  1377. 					r.ID = p.ID

  1378. 					res = append(res, r)

  1379. 					continue

  1380. 				}

  1381. 				if coll.OwnerID != userID {

  1382. 					r.Code = ErrForbiddenCollection.Status

  1383. 					r.ErrorMessage = ErrForbiddenCollection.Message

  1384. 					r.ID = p.ID

  1385. 					res = append(res, r)

  1386. 					continue

  1387. 				}

  1388. 			}

  1389. 			if p.Slug == "" {

  1390. 				p.Slug = p.ID

  1391. 			}

  1392. 			if canCollect {

  1393. 				// User already owns this post, so just add it to the given

  1394. 				// collection.

  1395. 				query = "UPDATE posts SET collection_id = ?, slug = ? WHERE id = ? AND owner_id = ?"

  1396. 				params = []interface{}{coll.ID, p.Slug, p.ID, userID}

  1397. 				slugIdx = 1

  1398. 			} else {

  1399. 				query = "UPDATE posts SET owner_id = ?, collection_id = ?, slug = ? WHERE id = ? AND modify_token = ? AND owner_id IS NULL"

  1400. 				params = []interface{}{userID, coll.ID, p.Slug, p.ID, p.Token}

  1401. 				slugIdx = 2

  1402. 			}

  1403. 		} else {

  1404. 			query = "UPDATE posts SET owner_id = ? WHERE id = ? AND modify_token = ? AND owner_id IS NULL"

  1405. 			params = []interface{}{userID, p.ID, p.Token}

  1406. 		}

  1407. 		qRes, err = db.AttemptClaim(&p, query, params, slugIdx)

  1408. 		if err != nil {

  1409. 			r.Code = http.StatusInternalServerError

  1410. 			r.ErrorMessage = "A Write.as error occurred. The humans have been alerted."

  1411. 			r.ID = p.ID

  1412. 			res = append(res, r)

  1413. 			log.Error("claimPosts (post %s): %v", p.ID, err)

  1414. 			continue

  1415. 		}

  1416. 

  1417. 		// Get full post information to return

  1418. 		var fullPost *PublicPost

  1419. 		if p.Token != "" {

  1420. 			fullPost, err = db.GetEditablePost(p.ID, p.Token)

  1421. 		} else {

  1422. 			fullPost, err = db.GetPost(p.ID, 0)

  1423. 		}

  1424. 		if err != nil {

  1425. 			if err, ok := err.(impart.HTTPError); ok {

  1426. 				r.Code = err.Status

  1427. 				r.ErrorMessage = err.Message

  1428. 				r.ID = p.ID

  1429. 				res = append(res, r)

  1430. 				continue

  1431. 			}

  1432. 		}

  1433. 		if fullPost.OwnerID.Int64 != userID {

  1434. 			r.Code = http.StatusConflict

  1435. 			r.ErrorMessage = "Post is already owned by someone else."

  1436. 			r.ID = p.ID

  1437. 			res = append(res, r)

  1438. 			continue

  1439. 		}

  1440. 

  1441. 		// Post was successfully claimed

  1442. 		r.Code = http.StatusOK

  1443. 		r.Post = fullPost

  1444. 

  1445. 		rowsAffected, _ := qRes.RowsAffected()

  1446. 		if rowsAffected == 0 {

  1447. 			// This was already claimed, but return 200

  1448. 			r.Code = http.StatusOK

  1449. 		}

  1450. 		res = append(res, r)

  1451. 	}

  1452. 

  1453. 	return &res, nil

  1454. }

  1455. 

  1456. func (db *datastore) UpdatePostPinState(pinned bool, postID string, collID, ownerID, pos int64) error {

  1457. 	if pos <= 0 || pos > 20 {

  1458. 		pos = db.GetLastPinnedPostPos(collID) + 1

  1459. 		if pos == -1 {

  1460. 			pos = 1

  1461. 		}

  1462. 	}

  1463. 	var err error

  1464. 	if pinned {

  1465. 		_, err = db.Exec("UPDATE posts SET pinned_position = ? WHERE id = ?", pos, postID)

  1466. 	} else {

  1467. 		_, err = db.Exec("UPDATE posts SET pinned_position = NULL WHERE id = ?", postID)

  1468. 	}

  1469. 	if err != nil {

  1470. 		log.Error("Unable to update pinned post: %v", err)

  1471. 		return err

  1472. 	}

  1473. 	return nil

  1474. }

  1475. 

  1476. func (db *datastore) GetLastPinnedPostPos(collID int64) int64 {

  1477. 	var lastPos sql.NullInt64

  1478. 	err := db.QueryRow("SELECT MAX(pinned_position) FROM posts WHERE collection_id = ? AND pinned_position IS NOT NULL", collID).Scan(&lastPos)

  1479. 	switch {

  1480. 	case err == sql.ErrNoRows:

  1481. 		return -1

  1482. 	case err != nil:

  1483. 		log.Error("Failed selecting from posts: %v", err)

  1484. 		return -1

  1485. 	}

  1486. 	if !lastPos.Valid {

  1487. 		return -1

  1488. 	}

  1489. 	return lastPos.Int64

  1490. }

  1491. 

  1492. func (db *datastore) GetPinnedPosts(coll *CollectionObj) (*[]PublicPost, error) {

  1493. 	rows, err := db.Query("SELECT id, slug, title, LEFT(content, 80), pinned_position FROM posts WHERE collection_id = ? AND pinned_position IS NOT NULL ORDER BY pinned_position ASC", coll.ID)

  1494. 	if err != nil {

  1495. 		log.Error("Failed selecting pinned posts: %v", err)

  1496. 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve pinned posts."}

  1497. 	}

  1498. 	defer rows.Close()

  1499. 

  1500. 	posts := []PublicPost{}

  1501. 	for rows.Next() {

  1502. 		p := &Post{}

  1503. 		err = rows.Scan(&p.ID, &p.Slug, &p.Title, &p.Content, &p.PinnedPosition)

  1504. 		if err != nil {

  1505. 			log.Error("Failed scanning row: %v", err)

  1506. 			break

  1507. 		}

  1508. 		p.extractData()

  1509. 

  1510. 		pp := p.processPost()

  1511. 		pp.Collection = coll

  1512. 		posts = append(posts, pp)

  1513. 	}

  1514. 	return &posts, nil

  1515. }

  1516. 

  1517. func (db *datastore) GetCollections(u *User) (*[]Collection, error) {

  1518. 	rows, err := db.Query("SELECT id, alias, title, privacy, view_count FROM collections LEFT JOIN domains ON id = collection_id WHERE owner_id = ? ORDER BY id ASC", u.ID)

  1519. 	if err != nil {

  1520. 		log.Error("Failed selecting from collections: %v", err)

  1521. 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve user collections."}

  1522. 	}

  1523. 	defer rows.Close()

  1524. 

  1525. 	colls := []Collection{}

  1526. 	var domain zero.String

  1527. 	var isActive, isSecure null.Bool

  1528. 	for rows.Next() {

  1529. 		c := Collection{}

  1530. 		err = rows.Scan(&c.ID, &c.Alias, &c.Title, &c.Visibility, &c.Views)

  1531. 		if err != nil {

  1532. 			log.Error("Failed scanning row: %v", err)

  1533. 			break

  1534. 		}

  1535. 		c.Domain = domain.String

  1536. 		c.IsDomainActive = isActive.Bool

  1537. 		c.IsSecure = isSecure.Bool

  1538. 		c.URL = c.CanonicalURL()

  1539. 		c.Public = c.IsPublic()

  1540. 

  1541. 		colls = append(colls, c)

  1542. 	}

  1543. 	err = rows.Err()

  1544. 	if err != nil {

  1545. 		log.Error("Error after Next() on rows: %v", err)

  1546. 	}

  1547. 

  1548. 	return &colls, nil

  1549. }

  1550. 

  1551. func (db *datastore) GetPublishableCollections(u *User) (*[]Collection, error) {

  1552. 	c, err := db.GetCollections(u)

  1553. 	if err != nil {

  1554. 		return nil, err

  1555. 	}

  1556. 

  1557. 	if len(*c) == 0 {

  1558. 		return nil, impart.HTTPError{http.StatusInternalServerError, "You don't seem to have any blogs; they might've moved to another account. Try logging out and logging into your other account."}

  1559. 	}

  1560. 	return c, nil

  1561. }

  1562. 

  1563. func (db *datastore) GetMeStats(u *User) userMeStats {

  1564. 	s := userMeStats{}

  1565. 

  1566. 	// User counts

  1567. 	colls, _ := db.GetUserCollectionCount(u.ID)

  1568. 	s.TotalCollections = colls

  1569. 

  1570. 	var articles, collPosts uint64

  1571. 	err := db.QueryRow("SELECT COUNT(*) FROM posts WHERE owner_id = ? AND collection_id IS NULL", u.ID).Scan(&articles)

  1572. 	if err != nil && err != sql.ErrNoRows {

  1573. 		log.Error("Couldn't get articles count for user %d: %v", u.ID, err)

  1574. 	}

  1575. 	s.TotalArticles = articles

  1576. 

  1577. 	err = db.QueryRow("SELECT COUNT(*) FROM posts WHERE owner_id = ? AND collection_id IS NOT NULL", u.ID).Scan(&collPosts)

  1578. 	if err != nil && err != sql.ErrNoRows {

  1579. 		log.Error("Couldn't get coll posts count for user %d: %v", u.ID, err)

  1580. 	}

  1581. 	s.CollectionPosts = collPosts

  1582. 

  1583. 	return s

  1584. }

  1585. 

  1586. func (db *datastore) GetTopPosts(u *User, alias string) (*[]PublicPost, error) {

  1587. 	params := []interface{}{u.ID}

  1588. 	where := ""

  1589. 	if alias != "" {

  1590. 		where = " AND alias = ?"

  1591. 		params = append(params, alias)

  1592. 	}

  1593. 	rows, err := db.Query("SELECT p.id, p.slug, p.view_count, p.title, c.alias, c.title, c.description, c.view_count FROM posts p LEFT JOIN collections c ON p.collection_id = c.id WHERE p.owner_id = ?"+where+" ORDER BY p.view_count DESC, created DESC LIMIT 25", params...)

  1594. 	if err != nil {

  1595. 		log.Error("Failed selecting from posts: %v", err)

  1596. 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve user top posts."}

  1597. 	}

  1598. 	defer rows.Close()

  1599. 

  1600. 	posts := []PublicPost{}

  1601. 	var gotErr bool

  1602. 	for rows.Next() {

  1603. 		p := Post{}

  1604. 		c := Collection{}

  1605. 		var alias, title, description sql.NullString

  1606. 		var views sql.NullInt64

  1607. 		err = rows.Scan(&p.ID, &p.Slug, &p.ViewCount, &p.Title, &alias, &title, &description, &views)

  1608. 		if err != nil {

  1609. 			log.Error("Failed scanning User.getPosts() row: %v", err)

  1610. 			gotErr = true

  1611. 			break

  1612. 		}

  1613. 		p.extractData()

  1614. 		pubPost := p.processPost()

  1615. 

  1616. 		if alias.Valid && alias.String != "" {

  1617. 			c.Alias = alias.String

  1618. 			c.Title = title.String

  1619. 			c.Description = description.String

  1620. 			c.Views = views.Int64

  1621. 			pubPost.Collection = &CollectionObj{Collection: c}

  1622. 		}

  1623. 

  1624. 		posts = append(posts, pubPost)

  1625. 	}

  1626. 	err = rows.Err()

  1627. 	if err != nil {

  1628. 		log.Error("Error after Next() on rows: %v", err)

  1629. 	}

  1630. 

  1631. 	if gotErr && len(posts) == 0 {

  1632. 		// There were a lot of errors

  1633. 		return nil, impart.HTTPError{http.StatusInternalServerError, "Unable to get data."}

  1634. 	}

  1635. 

  1636. 	return &posts, nil

  1637. }

  1638. 

  1639. func (db *datastore) GetAnonymousPosts(u *User) (*[]PublicPost, error) {

  1640. 	rows, err := db.Query("SELECT id, view_count, title, created, updated, content FROM posts WHERE owner_id = ? AND collection_id IS NULL ORDER BY created DESC", u.ID)

  1641. 	if err != nil {

  1642. 		log.Error("Failed selecting from posts: %v", err)

  1643. 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve user anonymous posts."}

  1644. 	}

  1645. 	defer rows.Close()

  1646. 

  1647. 	posts := []PublicPost{}

  1648. 	for rows.Next() {

  1649. 		p := Post{}

  1650. 		err = rows.Scan(&p.ID, &p.ViewCount, &p.Title, &p.Created, &p.Updated, &p.Content)

  1651. 		if err != nil {

  1652. 			log.Error("Failed scanning row: %v", err)

  1653. 			break

  1654. 		}

  1655. 		p.extractData()

  1656. 

  1657. 		posts = append(posts, p.processPost())

  1658. 	}

  1659. 	err = rows.Err()

  1660. 	if err != nil {

  1661. 		log.Error("Error after Next() on rows: %v", err)

  1662. 	}

  1663. 

  1664. 	return &posts, nil

  1665. }

  1666. 

  1667. func (db *datastore) GetUserPosts(u *User) (*[]PublicPost, error) {

  1668. 	rows, err := db.Query("SELECT p.id, p.slug, p.view_count, p.title, p.created, p.updated, p.content, p.text_appearance, p.language, p.rtl, c.alias, c.title, c.description, c.view_count FROM posts p LEFT JOIN collections c ON collection_id = c.id WHERE p.owner_id = ? ORDER BY created ASC", u.ID)

  1669. 	if err != nil {

  1670. 		log.Error("Failed selecting from posts: %v", err)

  1671. 		return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve user posts."}

  1672. 	}

  1673. 	defer rows.Close()

  1674. 

  1675. 	posts := []PublicPost{}

  1676. 	var gotErr bool

  1677. 	for rows.Next() {

  1678. 		p := Post{}

  1679. 		c := Collection{}

  1680. 		var alias, title, description sql.NullString

  1681. 		var views sql.NullInt64

  1682. 		err = rows.Scan(&p.ID, &p.Slug, &p.ViewCount, &p.Title, &p.Created, &p.Updated, &p.Content, &p.Font, &p.Language, &p.RTL, &alias, &title, &description, &views)

  1683. 		if err != nil {

  1684. 			log.Error("Failed scanning User.getPosts() row: %v", err)

  1685. 			gotErr = true

  1686. 			break

  1687. 		}

  1688. 		p.extractData()

  1689. 		pubPost := p.processPost()

  1690. 

  1691. 		if alias.Valid && alias.String != "" {

  1692. 			c.Alias = alias.String

  1693. 			c.Title = title.String

  1694. 			c.Description = description.String

  1695. 			c.Views = views.Int64

  1696. 			pubPost.Collection = &CollectionObj{Collection: c}

  1697. 		}

  1698. 

  1699. 		posts = append(posts, pubPost)

  1700. 	}

  1701. 	err = rows.Err()

  1702. 	if err != nil {

  1703. 		log.Error("Error after Next() on rows: %v", err)

  1704. 	}

  1705. 

  1706. 	if gotErr && len(posts) == 0 {

  1707. 		// There were a lot of errors

  1708. 		return nil, impart.HTTPError{http.StatusInternalServerError, "Unable to get data."}

  1709. 	}

  1710. 

  1711. 	return &posts, nil

  1712. }

  1713. 

  1714. // ChangeSettings takes a User and applies the changes in the given

  1715. // userSettings, MODIFYING THE USER with successful changes.

  1716. func (db *datastore) ChangeSettings(app *app, u *User, s *userSettings) error {

  1717. 	var errPass error

  1718. 	q := query.NewUpdate()

  1719. 

  1720. 	// Update email if given

  1721. 	if s.Email != "" {

  1722. 		encEmail, err := data.Encrypt(app.keys.emailKey, s.Email)

  1723. 		if err != nil {

  1724. 			log.Error("Couldn't encrypt email %s: %s\n", s.Email, err)

  1725. 			return impart.HTTPError{http.StatusInternalServerError, "Unable to encrypt email address."}

  1726. 		}

  1727. 		q.SetBytes(encEmail, "email")

  1728. 

  1729. 		// Update the email if something goes awry updating the password

  1730. 		defer func() {

  1731. 			if errPass != nil {

  1732. 				db.UpdateEncryptedUserEmail(u.ID, encEmail)

  1733. 			}

  1734. 		}()

  1735. 		u.Email = zero.StringFrom(s.Email)

  1736. 	}

  1737. 

  1738. 	// Update username if given

  1739. 	var newUsername string

  1740. 	if s.Username != "" {

  1741. 		var ie *impart.HTTPError

  1742. 		newUsername, ie = getValidUsername(app, s.Username, u.Username)

  1743. 		if ie != nil {

  1744. 			// Username is invalid

  1745. 			return *ie

  1746. 		}

  1747. 		if !author.IsValidUsername(app.cfg, newUsername) {

  1748. 			// Ensure the username is syntactically correct.

  1749. 			return impart.HTTPError{http.StatusPreconditionFailed, "Username isn't valid."}

  1750. 		}

  1751. 

  1752. 		t, err := db.Begin()

  1753. 		if err != nil {

  1754. 			log.Error("Couldn't start username change transaction: %v", err)

  1755. 			return err

  1756. 		}

  1757. 

  1758. 		_, err = t.Exec("UPDATE users SET username = ? WHERE id = ?", newUsername, u.ID)

  1759. 		if err != nil {

  1760. 			t.Rollback()

  1761. 			if mysqlErr, ok := err.(*mysql.MySQLError); ok {

  1762. 				if mysqlErr.Number == mySQLErrDuplicateKey {

  1763. 					return impart.HTTPError{http.StatusConflict, "Username is already taken."}

  1764. 				}

  1765. 			}

  1766. 			log.Error("Unable to update users table: %v", err)

  1767. 			return ErrInternalGeneral

  1768. 		}

  1769. 

  1770. 		_, err = t.Exec("UPDATE collections SET alias = ? WHERE alias = ? AND owner_id = ?", newUsername, u.Username, u.ID)

  1771. 		if err != nil {

  1772. 			t.Rollback()

  1773. 			if mysqlErr, ok := err.(*mysql.MySQLError); ok {

  1774. 				if mysqlErr.Number == mySQLErrDuplicateKey {

  1775. 					return impart.HTTPError{http.StatusConflict, "Username is already taken."}

  1776. 				}

  1777. 			}

  1778. 			log.Error("Unable to update collection: %v", err)

  1779. 			return ErrInternalGeneral

  1780. 		}

  1781. 

  1782. 		// Keep track of name changes for redirection

  1783. 		db.RemoveCollectionRedirect(t, newUsername)

  1784. 		_, err = t.Exec("UPDATE collectionredirects SET new_alias = ? WHERE new_alias = ?", newUsername, u.Username)

  1785. 		if err != nil {

  1786. 			log.Error("Unable to update collectionredirects: %v", err)

  1787. 		}

  1788. 		_, err = t.Exec("INSERT INTO collectionredirects (prev_alias, new_alias) VALUES (?, ?)", u.Username, newUsername)

  1789. 		if err != nil {

  1790. 			log.Error("Unable to add new collectionredirect: %v", err)

  1791. 		}

  1792. 

  1793. 		err = t.Commit()

  1794. 		if err != nil {

  1795. 			t.Rollback()

  1796. 			log.Error("Rolling back after Commit(): %v\n", err)

  1797. 			return err

  1798. 		}

  1799. 

  1800. 		u.Username = newUsername

  1801. 	}

  1802. 

  1803. 	// Update passphrase if given

  1804. 	if s.NewPass != "" {

  1805. 		// Check if user has already set a password

  1806. 		var err error

  1807. 		u.HasPass, err = db.IsUserPassSet(u.ID)

  1808. 		if err != nil {

  1809. 			errPass = impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data."}

  1810. 			return errPass

  1811. 		}

  1812. 

  1813. 		if u.HasPass {

  1814. 			// Check if currently-set password is correct

  1815. 			hashedPass := u.HashedPass

  1816. 			if len(hashedPass) == 0 {

  1817. 				authUser, err := db.GetUserForAuthByID(u.ID)

  1818. 				if err != nil {

  1819. 					errPass = err

  1820. 					return errPass

  1821. 				}

  1822. 				hashedPass = authUser.HashedPass

  1823. 			}

  1824. 			if !auth.Authenticated(hashedPass, []byte(s.OldPass)) {

  1825. 				errPass = impart.HTTPError{http.StatusUnauthorized, "Incorrect password."}

  1826. 				return errPass

  1827. 			}

  1828. 		}

  1829. 		hashedPass, err := auth.HashPass([]byte(s.NewPass))

  1830. 		if err != nil {

  1831. 			errPass = impart.HTTPError{http.StatusInternalServerError, "Could not create password hash."}

  1832. 			return errPass

  1833. 		}

  1834. 		q.SetBytes(hashedPass, "password")

  1835. 	}

  1836. 

  1837. 	// WHERE values

  1838. 	q.Append(u.ID)

  1839. 

  1840. 	if q.Updates == "" {

  1841. 		if s.Username == "" {

  1842. 			return ErrPostNoUpdatableVals

  1843. 		}

  1844. 

  1845. 		// Nothing to update except username. That was successful, so return now.

  1846. 		return nil

  1847. 	}

  1848. 

  1849. 	res, err := db.Exec("UPDATE users SET "+q.Updates+" WHERE id = ?", q.Params...)

  1850. 	if err != nil {

  1851. 		log.Error("Unable to update collection: %v", err)

  1852. 		return err

  1853. 	}

  1854. 

  1855. 	rowsAffected, _ := res.RowsAffected()

  1856. 	if rowsAffected == 0 {

  1857. 		// Show the correct error message if nothing was updated

  1858. 		var dummy int

  1859. 		err := db.QueryRow("SELECT 1 FROM users WHERE id = ?", u.ID).Scan(&dummy)

  1860. 		switch {

  1861. 		case err == sql.ErrNoRows:

  1862. 			return ErrUnauthorizedGeneral

  1863. 		case err != nil:

  1864. 			log.Error("Failed selecting from users: %v", err)

  1865. 		}

  1866. 		return nil

  1867. 	}

  1868. 

  1869. 	if s.NewPass != "" && !u.HasPass {

  1870. 		u.HasPass = true

  1871. 	}

  1872. 

  1873. 	return nil

  1874. }

  1875. 

  1876. func (db *datastore) ChangePassphrase(userID int64, sudo bool, curPass string, hashedPass []byte) error {

  1877. 	var dbPass []byte

  1878. 	err := db.QueryRow("SELECT password FROM users WHERE id = ?", userID).Scan(&dbPass)

  1879. 	switch {

  1880. 	case err == sql.ErrNoRows:

  1881. 		return ErrUserNotFound

  1882. 	case err != nil:

  1883. 		log.Error("Couldn't SELECT user password for change: %v", err)

  1884. 		return err

  1885. 	}

  1886. 

  1887. 	if !sudo && !auth.Authenticated(dbPass, []byte(curPass)) {

  1888. 		return impart.HTTPError{http.StatusUnauthorized, "Incorrect password."}

  1889. 	}

  1890. 

  1891. 	_, err = db.Exec("UPDATE users SET password = ? WHERE id = ?", hashedPass, userID)

  1892. 	if err != nil {

  1893. 		log.Error("Could not update passphrase: %v", err)

  1894. 		return err

  1895. 	}

  1896. 

  1897. 	return nil

  1898. }

  1899. 

  1900. func (db *datastore) RemoveCollectionRedirect(t *sql.Tx, alias string) error {

  1901. 	_, err := t.Exec("DELETE FROM collectionredirects WHERE prev_alias = ?", alias)

  1902. 	if err != nil {

  1903. 		log.Error("Unable to delete from collectionredirects: %v", err)

  1904. 		return err

  1905. 	}

  1906. 	return nil

  1907. }

  1908. 

  1909. func (db *datastore) GetCollectionRedirect(alias string) (new string) {

  1910. 	row := db.QueryRow("SELECT new_alias FROM collectionredirects WHERE prev_alias = ?", alias)

  1911. 	err := row.Scan(&new)

  1912. 	if err != nil && err != sql.ErrNoRows {

  1913. 		log.Error("Failed selecting from collectionredirects: %v", err)

  1914. 	}

  1915. 	return

  1916. }

  1917. 

  1918. func (db *datastore) DeleteCollection(alias string, userID int64) error {

  1919. 	c := &Collection{Alias: alias}

  1920. 	var username string

  1921. 

  1922. 	row := db.QueryRow("SELECT username FROM users WHERE id = ?", userID)

  1923. 	err := row.Scan(&username)

  1924. 	if err != nil {

  1925. 		return err

  1926. 	}

  1927. 

  1928. 	// Ensure user isn't deleting their main blog

  1929. 	if alias == username {

  1930. 		return impart.HTTPError{http.StatusForbidden, "You cannot currently delete your primary blog."}

  1931. 	}

  1932. 

  1933. 	row = db.QueryRow("SELECT id FROM collections WHERE alias = ? AND owner_id = ?", alias, userID)

  1934. 	err = row.Scan(&c.ID)

  1935. 	switch {

  1936. 	case err == sql.ErrNoRows:

  1937. 		return impart.HTTPError{http.StatusNotFound, "Collection doesn't exist or you're not allowed to delete it."}

  1938. 	case err != nil:

  1939. 		log.Error("Failed selecting from collections: %v", err)

  1940. 		return ErrInternalGeneral

  1941. 	}

  1942. 

  1943. 	t, err := db.Begin()

  1944. 	if err != nil {

  1945. 		return err

  1946. 	}

  1947. 

  1948. 	// Float all collection's posts

  1949. 	_, err = t.Exec("UPDATE posts SET collection_id = NULL WHERE collection_id = ? AND owner_id = ?", c.ID, userID)

  1950. 	if err != nil {

  1951. 		t.Rollback()

  1952. 		return err

  1953. 	}

  1954. 

  1955. 	// Remove redirects to or from this collection

  1956. 	_, err = t.Exec("DELETE FROM collectionredirects WHERE prev_alias = ? OR new_alias = ?", alias, alias)

  1957. 	if err != nil {

  1958. 		t.Rollback()

  1959. 		return err

  1960. 	}

  1961. 

  1962. 	// Remove any optional collection password

  1963. 	_, err = t.Exec("DELETE FROM collectionpasswords WHERE collection_id = ?", c.ID)

  1964. 	if err != nil {

  1965. 		t.Rollback()

  1966. 		return err

  1967. 	}

  1968. 

  1969. 	// Finally, delete collection itself

  1970. 	_, err = t.Exec("DELETE FROM collections WHERE id = ?", c.ID)

  1971. 	if err != nil {

  1972. 		t.Rollback()

  1973. 		return err

  1974. 	}

  1975. 

  1976. 	err = t.Commit()

  1977. 	if err != nil {

  1978. 		t.Rollback()

  1979. 		return err

  1980. 	}

  1981. 

  1982. 	return nil

  1983. }

  1984. 

  1985. func (db *datastore) IsCollectionAttributeOn(id int64, attr string) bool {

  1986. 	var v string

  1987. 	err := db.QueryRow("SELECT value FROM collectionattributes WHERE collection_id = ? AND attribute = ?", id, attr).Scan(&v)

  1988. 	switch {

  1989. 	case err == sql.ErrNoRows:

  1990. 		return false

  1991. 	case err != nil:

  1992. 		log.Error("Couldn't SELECT value in isCollectionAttributeOn for attribute '%s': %v", attr, err)

  1993. 		return false

  1994. 	}

  1995. 	return v == "1"

  1996. }

  1997. 

  1998. func (db *datastore) CollectionHasAttribute(id int64, attr string) bool {

  1999. 	var dummy string

  2000. 	err := db.QueryRow("SELECT value FROM collectionattributes WHERE collection_id = ? AND attribute = ?", id, attr).Scan(&dummy)

  2001. 	switch {

  2002. 	case err == sql.ErrNoRows:

  2003. 		return false

  2004. 	case err != nil:

  2005. 		log.Error("Couldn't SELECT value in collectionHasAttribute for attribute '%s': %v", attr, err)

  2006. 		return false

  2007. 	}

  2008. 	return true

  2009. }

  2010. 

  2011. func (db *datastore) DeleteAccount(userID int64) (l *string, err error) {

  2012. 	debug := ""

  2013. 	l = &debug

  2014. 

  2015. 	t, err := db.Begin()

  2016. 	if err != nil {

  2017. 		stringLogln(l, "Unable to begin: %v", err)

  2018. 		return

  2019. 	}

  2020. 

  2021. 	// Get all collections

  2022. 	rows, err := db.Query("SELECT id, alias FROM collections WHERE owner_id = ?", userID)

  2023. 	if err != nil {

  2024. 		t.Rollback()

  2025. 		stringLogln(l, "Unable to get collections: %v", err)

  2026. 		return

  2027. 	}

  2028. 	defer rows.Close()

  2029. 	colls := []Collection{}

  2030. 	var c Collection

  2031. 	for rows.Next() {

  2032. 		err = rows.Scan(&c.ID, &c.Alias)

  2033. 		if err != nil {

  2034. 			t.Rollback()

  2035. 			stringLogln(l, "Unable to scan collection cols: %v", err)

  2036. 			return

  2037. 		}

  2038. 		colls = append(colls, c)

  2039. 	}

  2040. 

  2041. 	var res sql.Result

  2042. 	for _, c := range colls {

  2043. 		// TODO: user deleteCollection() func

  2044. 		// Delete tokens

  2045. 		res, err = t.Exec("DELETE FROM collectionattributes WHERE collection_id = ?", c.ID)

  2046. 		if err != nil {

  2047. 			t.Rollback()

  2048. 			stringLogln(l, "Unable to delete attributes on %s: %v", c.Alias, err)

  2049. 			return

  2050. 		}

  2051. 		rs, _ := res.RowsAffected()

  2052. 		stringLogln(l, "Deleted %d for %s from collectionattributes", rs, c.Alias)

  2053. 

  2054. 		// Delete collection email address

  2055. 		res, err = t.Exec("DELETE FROM collectionemails WHERE collection_id = ?", c.ID)

  2056. 		if err != nil {

  2057. 			t.Rollback()

  2058. 			stringLogln(l, "Unable to delete emails on %s: %v", c.Alias, err)

  2059. 			return

  2060. 		}

  2061. 		rs, _ = res.RowsAffected()

  2062. 		stringLogln(l, "Deleted %d for %s from collectionemails", rs, c.Alias)

  2063. 

  2064. 		// Remove any optional collection password

  2065. 		res, err = t.Exec("DELETE FROM collectionpasswords WHERE collection_id = ?", c.ID)

  2066. 		if err != nil {

  2067. 			t.Rollback()

  2068. 			stringLogln(l, "Unable to delete passwords on %s: %v", c.Alias, err)

  2069. 			return

  2070. 		}

  2071. 		rs, _ = res.RowsAffected()

  2072. 		stringLogln(l, "Deleted %d for %s from collectionpasswords", rs, c.Alias)

  2073. 

  2074. 		// Remove redirects to this collection

  2075. 		res, err = t.Exec("DELETE FROM collectionredirects WHERE new_alias = ?", c.Alias)

  2076. 		if err != nil {

  2077. 			t.Rollback()

  2078. 			stringLogln(l, "Unable to delete redirects on %s: %v", c.Alias, err)

  2079. 			return

  2080. 		}

  2081. 		rs, _ = res.RowsAffected()

  2082. 		stringLogln(l, "Deleted %d for %s from collectionredirects", rs, c.Alias)

  2083. 

  2084. 		// Remove any associated custom domains

  2085. 		res, err = t.Exec("DELETE FROM domains WHERE collection_id = ?", c.ID)

  2086. 		if err != nil {

  2087. 			t.Rollback()

  2088. 			stringLogln(l, "Unable to delete domains on %s: %v", c.Alias, err)

  2089. 			return

  2090. 		}

  2091. 		rs, _ = res.RowsAffected()

  2092. 		stringLogln(l, "Deleted %d for %s from domains", rs, c.Alias)

  2093. 	}

  2094. 

  2095. 	// Delete collections

  2096. 	res, err = t.Exec("DELETE FROM collections WHERE owner_id = ?", userID)

  2097. 	if err != nil {

  2098. 		t.Rollback()

  2099. 		stringLogln(l, "Unable to delete collections: %v", err)

  2100. 		return

  2101. 	}

  2102. 	rs, _ := res.RowsAffected()

  2103. 	stringLogln(l, "Deleted %d from collections", rs)

  2104. 

  2105. 	// Delete tokens

  2106. 	res, err = t.Exec("DELETE FROM accesstokens WHERE user_id = ?", userID)

  2107. 	if err != nil {

  2108. 		t.Rollback()

  2109. 		stringLogln(l, "Unable to delete access tokens: %v", err)

  2110. 		return

  2111. 	}

  2112. 	rs, _ = res.RowsAffected()

  2113. 	stringLogln(l, "Deleted %d from accesstokens", rs)

  2114. 

  2115. 	// Delete posts

  2116. 	res, err = t.Exec("DELETE FROM posts WHERE owner_id = ?", userID)

  2117. 	if err != nil {

  2118. 		t.Rollback()

  2119. 		stringLogln(l, "Unable to delete posts: %v", err)

  2120. 		return

  2121. 	}

  2122. 	rs, _ = res.RowsAffected()

  2123. 	stringLogln(l, "Deleted %d from posts", rs)

  2124. 

  2125. 	res, err = t.Exec("DELETE FROM userattributes WHERE user_id = ?", userID)

  2126. 	if err != nil {

  2127. 		t.Rollback()

  2128. 		stringLogln(l, "Unable to delete attributes: %v", err)

  2129. 		return

  2130. 	}

  2131. 	rs, _ = res.RowsAffected()

  2132. 	stringLogln(l, "Deleted %d from userattributes", rs)

  2133. 

  2134. 	res, err = t.Exec("DELETE FROM users WHERE id = ?", userID)

  2135. 	if err != nil {

  2136. 		t.Rollback()

  2137. 		stringLogln(l, "Unable to delete user: %v", err)

  2138. 		return

  2139. 	}

  2140. 	rs, _ = res.RowsAffected()

  2141. 	stringLogln(l, "Deleted %d from users", rs)

  2142. 

  2143. 	err = t.Commit()

  2144. 	if err != nil {

  2145. 		t.Rollback()

  2146. 		stringLogln(l, "Unable to commit: %v", err)

  2147. 		return

  2148. 	}

  2149. 

  2150. 	return

  2151. }

  2152. 

  2153. func (db *datastore) GetAPActorKeys(collectionID int64) ([]byte, []byte) {

  2154. 	var pub, priv []byte

  2155. 	err := db.QueryRow("SELECT public_key, private_key FROM activitypubkeys WHERE collection_id = ?", collectionID).Scan(&pub, &priv)

  2156. 	switch {

  2157. 	case err == sql.ErrNoRows:

  2158. 		// Generate keys

  2159. 		pub, priv = activitypub.GenerateKeys()

  2160. 		_, err = db.Exec("INSERT INTO activitypubkeys (collection_id, public_key, private_key) VALUES (?, ?, ?)", collectionID, pub, priv)

  2161. 		if err != nil {

  2162. 			log.Error("Unable to INSERT new activitypub keypair: %v", err)

  2163. 			return nil, nil

  2164. 		}

  2165. 	case err != nil:

  2166. 		log.Error("Couldn't SELECT activitypubkeys: %v", err)

  2167. 		return nil, nil

  2168. 	}

  2169. 

  2170. 	return pub, priv

  2171. }

  2172. 

  2173. func stringLogln(log *string, s string, v ...interface{}) {

  2174. 	*log += fmt.Sprintf(s+"\n", v...)

  2175. }

  2176. 

  2177. func handleFailedPostInsert(err error) error {

  2178. 	log.Error("Couldn't insert into posts: %v", err)

  2179. 	return err

  2180. }