Plume/src/routes/user.rs

550 lines
17 KiB
Rust
Raw Normal View History

use activitypub::{activity::Create, collection::OrderedCollection};
2018-09-01 22:08:26 +02:00
use atom_syndication::{Entry, FeedBuilder};
2018-07-26 17:51:41 +02:00
use rocket::{
http::{ContentType, Cookies},
2018-07-26 17:51:41 +02:00
request::LenientForm,
response::{status, Content, Flash, Redirect},
};
use rocket_i18n::I18n;
2018-05-01 13:48:19 +02:00
use serde_json;
use std::{borrow::Cow, collections::HashMap};
use validator::{Validate, ValidationError, ValidationErrors};
2018-04-22 20:13:12 +02:00
use inbox::{Inbox, SignedJson};
use plume_common::activity_pub::{
broadcast,
inbox::{Deletable, FromActivity, Notify},
sign::{verify_http_headers, Signable},
ActivityStream, ApRequest, Id, IntoId,
2018-05-19 09:39:59 +02:00
};
use plume_common::utils;
use plume_models::{
2019-03-20 17:56:17 +01:00
blogs::Blog,
db_conn::DbConn,
follows,
headers::Headers,
instance::Instance,
posts::{LicensedArticle, Post},
reshares::Reshare,
users::*,
Error,
2018-05-19 09:39:59 +02:00
};
2019-03-20 17:56:17 +01:00
use routes::{errors::ErrorPage, Page, PlumeRocket};
use template_utils::Ructe;
use Searcher;
2019-03-20 17:56:17 +01:00
use Worker;
2018-04-22 20:13:12 +02:00
2018-04-23 11:52:44 +02:00
#[get("/me")]
pub fn me(user: Option<User>) -> Result<Redirect, Flash<Redirect>> {
match user {
Some(user) => Ok(Redirect::to(uri!(details: name = user.username))),
None => Err(utils::requires_login("", uri!(me))),
}
2018-04-23 11:52:44 +02:00
}
2018-04-22 20:13:12 +02:00
2018-04-23 17:09:05 +02:00
#[get("/@/<name>", rank = 2)]
pub fn details(
name: String,
rockets: PlumeRocket,
fetch_articles_conn: DbConn,
fetch_followers_conn: DbConn,
update_conn: DbConn,
) -> Result<Ructe, ErrorPage> {
let conn = rockets.conn;
let user = User::find_by_fqn(&*conn, &name)?;
let recents = Post::get_recents_for_author(&*conn, &user, 6)?;
let reshares = Reshare::get_recents_for_author(&*conn, &user, 6)?;
let searcher = rockets.searcher;
let worker = rockets.worker;
if !user.get_instance(&*conn)?.local {
// Fetch new articles
let user_clone = user.clone();
let searcher = searcher.clone();
worker.execute(move || {
2019-03-20 17:56:17 +01:00
for create_act in user_clone
.fetch_outbox::<Create>()
.expect("Remote user: outbox couldn't be fetched")
{
match create_act.create_props.object_object::<LicensedArticle>() {
Ok(article) => {
Post::from_activity(
&(&*fetch_articles_conn, &searcher),
article,
user_clone.clone().into_id(),
2019-03-20 17:56:17 +01:00
)
.expect("Article from remote user couldn't be saved");
println!("Fetched article from remote user");
}
2019-03-20 17:56:17 +01:00
Err(e) => println!("Error while fetching articles in background: {:?}", e),
}
}
});
2018-07-26 22:23:53 +02:00
// Fetch followers
let user_clone = user.clone();
worker.execute(move || {
2019-03-20 17:56:17 +01:00
for user_id in user_clone
.fetch_followers_ids()
.expect("Remote user: fetching followers error")
{
let follower = User::from_url(&*fetch_followers_conn, &user_id)
.expect("user::details: Couldn't fetch follower");
follows::Follow::insert(
&*fetch_followers_conn,
follows::NewFollow {
follower_id: follower.id,
following_id: user_clone.id,
ap_url: String::new(),
},
2019-03-20 17:56:17 +01:00
)
.expect("Couldn't save follower for remote user");
}
});
// Update profile information if needed
let user_clone = user.clone();
if user.needs_update() {
worker.execute(move || {
2019-03-20 17:56:17 +01:00
user_clone
.refetch(&*update_conn)
.expect("Couldn't update user info");
});
}
}
let account = rockets.user;
let intl = rockets.intl;
Ok(render!(users::details(
&(&*conn, &intl.catalog, account.clone()),
user.clone(),
2019-03-20 17:56:17 +01:00
account
.and_then(|x| x.is_following(&*conn, user.id).ok())
.unwrap_or(false),
user.instance_id != Instance::get_local(&*conn)?.id,
user.get_instance(&*conn)?.public_domain,
recents,
2019-03-20 17:56:17 +01:00
reshares
.into_iter()
.filter_map(|r| r.get_post(&*conn).ok())
.collect()
)))
2018-04-22 20:13:12 +02:00
}
2018-06-10 19:55:08 +02:00
#[get("/dashboard")]
pub fn dashboard(user: User, conn: DbConn, intl: I18n) -> Result<Ructe, ErrorPage> {
let blogs = Blog::find_for_author(&*conn, &user)?;
Ok(render!(users::dashboard(
&(&*conn, &intl.catalog, Some(user.clone())),
blogs,
Post::drafts_by_author(&*conn, &user)?
)))
2018-06-10 19:55:08 +02:00
}
#[get("/dashboard", rank = 2)]
pub fn dashboard_auth(i18n: I18n) -> Flash<Redirect> {
utils::requires_login(
2019-03-20 17:56:17 +01:00
&i18n!(
i18n.catalog,
"You need to be logged in order to access your dashboard"
),
uri!(dashboard),
)
2018-06-10 19:55:08 +02:00
}
#[post("/@/<name>/follow")]
2019-03-20 17:56:17 +01:00
pub fn follow(
name: String,
conn: DbConn,
user: User,
worker: Worker,
) -> Result<Redirect, ErrorPage> {
let target = User::find_by_fqn(&*conn, &name)?;
if let Ok(follow) = follows::Follow::find(&*conn, user.id, target.id) {
let delete_act = follow.delete(&*conn)?;
2019-03-20 17:56:17 +01:00
worker.execute(move || broadcast(&user, delete_act, vec![target]));
} else {
let f = follows::Follow::insert(
&*conn,
follows::NewFollow {
follower_id: user.id,
following_id: target.id,
ap_url: String::new(),
},
)?;
f.notify(&*conn)?;
let act = f.to_activity(&*conn)?;
worker.execute(move || broadcast(&user, act, vec![target]));
}
Ok(Redirect::to(uri!(details: name = name)))
2018-05-01 21:57:30 +02:00
}
#[post("/@/<name>/follow", rank = 2)]
pub fn follow_auth(name: String, i18n: I18n) -> Flash<Redirect> {
utils::requires_login(
2019-03-20 17:56:17 +01:00
&i18n!(
i18n.catalog,
"You need to be logged in order to subscribe to someone"
),
uri!(follow: name = name),
)
}
#[get("/@/<name>/followers?<page>", rank = 2)]
2019-03-20 17:56:17 +01:00
pub fn followers(
name: String,
conn: DbConn,
account: Option<User>,
page: Option<Page>,
intl: I18n,
) -> Result<Ructe, ErrorPage> {
let page = page.unwrap_or_default();
let user = User::find_by_fqn(&*conn, &name)?;
let followers_count = user.count_followers(&*conn)?;
Ok(render!(users::followers(
&(&*conn, &intl.catalog, account.clone()),
user.clone(),
2019-03-20 17:56:17 +01:00
account
.and_then(|x| x.is_following(&*conn, user.id).ok())
.unwrap_or(false),
user.instance_id != Instance::get_local(&*conn)?.id,
user.get_instance(&*conn)?.public_domain,
user.get_followers_page(&*conn, page.limits())?,
page.0,
Page::total(followers_count as i32)
)))
}
#[get("/@/<name>/followed?<page>", rank = 2)]
2019-03-20 17:56:17 +01:00
pub fn followed(
name: String,
conn: DbConn,
account: Option<User>,
page: Option<Page>,
intl: I18n,
) -> Result<Ructe, ErrorPage> {
let page = page.unwrap_or_default();
let user = User::find_by_fqn(&*conn, &name)?;
let followed_count = user.count_followed(&*conn)?;
Ok(render!(users::followed(
&(&*conn, &intl.catalog, account.clone()),
user.clone(),
2019-03-20 17:56:17 +01:00
account
.and_then(|x| x.is_following(&*conn, user.id).ok())
.unwrap_or(false),
user.instance_id != Instance::get_local(&*conn)?.id,
user.get_instance(&*conn)?.public_domain,
user.get_followed_page(&*conn, page.limits())?,
page.0,
Page::total(followed_count as i32)
)))
}
#[get("/@/<name>", rank = 1)]
pub fn activity_details(
name: String,
conn: DbConn,
_ap: ApRequest,
) -> Option<ActivityStream<CustomPerson>> {
let user = User::find_by_fqn(&*conn, &name).ok()?;
Some(ActivityStream::new(user.to_activity(&*conn).ok()?))
2018-04-23 17:09:05 +02:00
}
2018-04-22 20:13:12 +02:00
#[get("/users/new")]
pub fn new(user: Option<User>, conn: DbConn, intl: I18n) -> Result<Ructe, ErrorPage> {
Ok(render!(users::new(
&(&*conn, &intl.catalog, user),
Instance::get_local(&*conn)?.open_registrations,
&NewUserForm::default(),
ValidationErrors::default()
)))
2018-04-22 20:13:12 +02:00
}
2018-05-12 17:30:14 +02:00
#[get("/@/<name>/edit")]
pub fn edit(name: String, user: User, conn: DbConn, intl: I18n) -> Result<Ructe, ErrorPage> {
if user.username == name && !name.contains('@') {
Ok(render!(users::edit(
&(&*conn, &intl.catalog, Some(user.clone())),
UpdateUserForm {
display_name: user.display_name.clone(),
email: user.email.clone().unwrap_or_default(),
summary: user.summary,
},
ValidationErrors::default()
)))
2018-05-12 17:30:14 +02:00
} else {
Err(Error::Unauthorized)?
2018-05-12 17:30:14 +02:00
}
}
#[get("/@/<name>/edit", rank = 2)]
pub fn edit_auth(name: String, i18n: I18n) -> Flash<Redirect> {
utils::requires_login(
2019-03-20 17:56:17 +01:00
&i18n!(
i18n.catalog,
"You need to be logged in order to edit your profile"
),
uri!(edit: name = name),
)
}
2018-05-12 17:30:14 +02:00
#[derive(FromForm)]
pub struct UpdateUserForm {
pub display_name: String,
pub email: String,
pub summary: String,
2018-05-12 17:30:14 +02:00
}
#[put("/@/<_name>/edit", data = "<form>")]
2019-03-20 17:56:17 +01:00
pub fn update(
_name: String,
conn: DbConn,
user: User,
form: LenientForm<UpdateUserForm>,
) -> Result<Redirect, ErrorPage> {
user.update(
&*conn,
2019-03-20 17:56:17 +01:00
if !form.display_name.is_empty() {
form.display_name.clone()
} else {
user.display_name.clone()
},
if !form.email.is_empty() {
form.email.clone()
} else {
user.email.clone().unwrap_or_default()
},
if !form.summary.is_empty() {
form.summary.clone()
} else {
user.summary.to_string()
},
)?;
Ok(Redirect::to(uri!(me)))
2018-05-12 17:30:14 +02:00
}
#[post("/@/<name>/delete")]
2019-03-20 17:56:17 +01:00
pub fn delete(
name: String,
conn: DbConn,
user: User,
mut cookies: Cookies,
searcher: Searcher,
) -> Result<Redirect, ErrorPage> {
let account = User::find_by_fqn(&*conn, &name)?;
2018-09-09 21:49:24 +02:00
if user.id == account.id {
account.delete(&*conn, &searcher)?;
2018-09-09 21:49:24 +02:00
if let Some(cookie) = cookies.get_private(AUTH_COOKIE) {
cookies.remove_private(cookie);
}
2018-09-09 21:49:24 +02:00
Ok(Redirect::to(uri!(super::instance::index)))
2018-09-09 21:49:24 +02:00
} else {
Ok(Redirect::to(uri!(edit: name = name)))
2018-09-09 21:49:24 +02:00
}
}
#[derive(Default, FromForm, Validate)]
2019-03-20 17:56:17 +01:00
#[validate(schema(
function = "passwords_match",
skip_on_field_errors = "false",
message = "Passwords are not matching"
))]
pub struct NewUserForm {
#[validate(
2019-03-20 17:56:17 +01:00
length(min = "1", message = "Username can't be empty"),
custom(
function = "validate_username",
message = "User name is not allowed to contain any of < > & @ ' or \""
)
)]
2019-03-20 17:56:17 +01:00
pub username: String,
#[validate(email(message = "Invalid email"))]
pub email: String,
#[validate(length(min = "8", message = "Password should be at least 8 characters long"))]
pub password: String,
2019-03-20 17:56:17 +01:00
#[validate(length(min = "8", message = "Password should be at least 8 characters long"))]
pub password_confirmation: String,
2018-04-22 20:13:12 +02:00
}
pub fn passwords_match(form: &NewUserForm) -> Result<(), ValidationError> {
2018-06-29 14:56:00 +02:00
if form.password != form.password_confirmation {
Err(ValidationError::new("password_match"))
} else {
Ok(())
}
}
pub fn validate_username(username: &str) -> Result<(), ValidationError> {
if username.contains(&['<', '>', '&', '@', '\'', '"', ' ', '\n', '\t'][..]) {
Err(ValidationError::new("username_illegal_char"))
} else {
Ok(())
}
}
fn to_validation(_: Error) -> ValidationErrors {
let mut errors = ValidationErrors::new();
2019-03-20 17:56:17 +01:00
errors.add(
"",
ValidationError {
code: Cow::from("server_error"),
message: Some(Cow::from("An unknown error occured")),
params: HashMap::new(),
},
);
errors
}
#[post("/users/new", data = "<form>")]
pub fn create(conn: DbConn, form: LenientForm<NewUserForm>, intl: I18n) -> Result<Redirect, Ructe> {
2019-03-20 17:56:17 +01:00
if !Instance::get_local(&*conn)
.map(|i| i.open_registrations)
.unwrap_or(true)
{
return Ok(Redirect::to(uri!(new))); // Actually, it is an error
}
let mut form = form.into_inner();
form.username = form.username.trim().to_owned();
form.email = form.email.trim().to_owned();
2018-07-06 11:51:19 +02:00
form.validate()
.and_then(|_| {
NewUser::new_local(
2018-07-06 11:51:19 +02:00
&*conn,
form.username.to_string(),
form.username.to_string(),
false,
"",
2018-07-06 11:51:19 +02:00
form.email.to_string(),
User::hash_pass(&form.password).map_err(to_validation)?,
2019-03-20 17:56:17 +01:00
)
.map_err(to_validation)?;
Ok(Redirect::to(uri!(super::session::new: m = _)))
2018-07-06 11:51:19 +02:00
})
2019-03-20 17:56:17 +01:00
.map_err(|err| {
render!(users::new(
&(&*conn, &intl.catalog, None),
2019-03-20 17:56:17 +01:00
Instance::get_local(&*conn)
.map(|i| i.open_registrations)
.unwrap_or(true),
&form,
err
))
})
2018-04-22 20:13:12 +02:00
}
2018-04-29 20:01:42 +02:00
#[get("/@/<name>/outbox")]
pub fn outbox(name: String, conn: DbConn) -> Option<ActivityStream<OrderedCollection>> {
let user = User::find_by_fqn(&*conn, &name).ok()?;
user.outbox(&*conn).ok()
2018-04-29 20:01:42 +02:00
}
2018-05-01 16:00:29 +02:00
#[post("/@/<name>/inbox", data = "<data>")]
pub fn inbox(
name: String,
conn: DbConn,
data: SignedJson<serde_json::Value>,
headers: Headers,
searcher: Searcher,
) -> Result<String, Option<status::BadRequest<&'static str>>> {
let user = User::find_by_fqn(&*conn, &name).map_err(|_| None)?;
let act = data.1.into_inner();
let sig = data.0;
2018-09-08 23:05:48 +02:00
let activity = act.clone();
let actor_id = activity["actor"]
.as_str()
.or_else(|| activity["actor"]["id"].as_str())
.ok_or(Some(status::BadRequest(Some(
"Missing actor id for activity",
))))?;
let actor = User::from_url(&conn, actor_id).expect("user::inbox: user error");
2019-03-20 17:56:17 +01:00
if !verify_http_headers(&actor, &headers.0, &sig).is_secure() && !act.clone().verify(&actor) {
// maybe we just know an old key?
2019-03-20 17:56:17 +01:00
actor
.refetch(&conn)
.and_then(|_| User::get(&conn, actor.id))
.and_then(|actor| {
if verify_http_headers(&actor, &headers.0, &sig).is_secure()
|| act.clone().verify(&actor)
{
Ok(())
} else {
Err(Error::Signature)
}
})
.map_err(|_| {
2019-03-20 17:56:17 +01:00
println!(
"Rejected invalid activity supposedly from {}, with headers {:?}",
actor.username, headers.0
);
status::BadRequest(Some("Invalid signature"))
})?;
}
if Instance::is_blocked(&*conn, actor_id).map_err(|_| None)? {
return Ok(String::new());
2018-09-08 23:05:48 +02:00
}
Ok(match user.received(&*conn, &searcher, act) {
Ok(_) => String::new(),
Err(e) => {
println!("User inbox error: {}\n{}", e.as_fail(), e.backtrace());
format!("Error: {}", e.as_fail())
}
})
2018-05-01 16:00:29 +02:00
}
2018-05-04 15:13:55 +02:00
#[get("/@/<name>/followers", rank = 1)]
pub fn ap_followers(
name: String,
conn: DbConn,
_ap: ApRequest,
) -> Option<ActivityStream<OrderedCollection>> {
let user = User::find_by_fqn(&*conn, &name).ok()?;
let followers = user
2019-03-20 17:56:17 +01:00
.get_followers(&*conn)
.ok()?
.into_iter()
.map(|f| Id::new(f.ap_url))
.collect::<Vec<Id>>();
let mut coll = OrderedCollection::default();
coll.object_props
2019-03-20 17:56:17 +01:00
.set_id_string(user.followers_endpoint)
.ok()?;
coll.collection_props
2019-03-20 17:56:17 +01:00
.set_total_items_u64(followers.len() as u64)
.ok()?;
coll.collection_props.set_items_link_vec(followers).ok()?;
Some(ActivityStream::new(coll))
2018-05-04 15:13:55 +02:00
}
2018-09-01 22:08:26 +02:00
#[get("/@/<name>/atom.xml")]
pub fn atom_feed(name: String, conn: DbConn) -> Option<Content<String>> {
let author = User::find_by_fqn(&*conn, &name).ok()?;
2018-09-01 22:08:26 +02:00
let feed = FeedBuilder::default()
.title(author.display_name.clone())
.id(Instance::get_local(&*conn)
.unwrap()
.compute_box("~", &name, "atom.xml"))
.entries(
2019-03-20 17:56:17 +01:00
Post::get_recents_for_author(&*conn, &author, 15)
.ok()?
.into_iter()
.map(|p| super::post_to_atom(p, &*conn))
.collect::<Vec<Entry>>(),
)
2018-09-01 22:08:26 +02:00
.build()
.expect("user::atom_feed: Error building Atom feed");
Some(Content(
ContentType::new("application", "atom+xml"),
feed.to_string(),
))
2018-09-01 22:08:26 +02:00
}