FreakU
/
pronounsfu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'main' into reports

This commit is contained in:
Sam 2023-03-20 16:40:47 +01:00
parent 2309c24bd8 938005cd9f
commit 76a8b30fe2
No known key found for this signature in database
GPG Key ID: B4EF20DDE721CAA1
13 changed files with 355 additions and 263 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
.gitignore vendored
View File

@ -1,10 +1,13 @@
.vscode
node_modules
*.log*
.nuxt
.nitro
.cache
.output
.env
.env.*
!.env.example
dist
dump.rdb
build
.svelte-kit
package
vite.config.js.timestamp-*
vite.config.ts.timestamp-*

13
backend/db/user.go
View File

@ -404,3 +404,16 @@ func (db *DB) UndoDeleteUser(ctx context.Context, id xid.ID) error {
}
return nil
}
func (db *DB) ForceDeleteUser(ctx context.Context, id xid.ID) error {
sql, args, err := sq.Delete("users").Where("id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = db.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}

3
backend/routes/auth/routes.go
View File

@ -103,6 +103,9 @@ func Mount(srv *server.Server, r chi.Router) {
// cancel user delete
// uses a special token, so handled in the function itself
r.Get("/cancel-delete", server.WrapHandler(s.cancelDelete))
// force user delete
// uses a special token (same as above)
r.Get("/force-delete", server.WrapHandler(s.forceDelete))
})
}

80
backend/routes/auth/undelete.go
View File

@ -6,9 +6,11 @@ import (
"encoding/base64"
"net/http"
"codeberg.org/u1f320/pronouns.cc/backend/db"
"codeberg.org/u1f320/pronouns.cc/backend/log"
"codeberg.org/u1f320/pronouns.cc/backend/server"
"emperror.dev/errors"
"github.com/georgysavva/scany/pgxscan"
"github.com/go-chi/render"
"github.com/mediocregopher/radix/v4"
"github.com/rs/xid"
@ -57,7 +59,7 @@ func (s *Server) saveUndeleteToken(ctx context.Context, userID xid.ID, token str
func (s *Server) getUndeleteToken(ctx context.Context, token string) (userID xid.ID, err error) {
var idString string
err = s.DB.Redis.Do(ctx, radix.Cmd(&idString, "GET", "undelete:"+token))
err = s.DB.Redis.Do(ctx, radix.Cmd(&idString, "GETDEL", "undelete:"+token))
if err != nil {
return userID, errors.Wrap(err, "getting undelete key")
}
@ -68,3 +70,79 @@ func (s *Server) getUndeleteToken(ctx context.Context, token string) (userID xid
}
return userID, nil
}
func (s *Server) forceDelete(w http.ResponseWriter, r *http.Request) error {
ctx := r.Context()
token := r.Header.Get("X-Delete-Token")
if token == "" {
return server.APIError{Code: server.ErrForbidden}
}
id, err := s.getUndeleteToken(ctx, token)
if err != nil {
log.Errorf("getting delete token: %v", err)
return server.APIError{Code: server.ErrNotFound} // assume invalid token
}
u, err := s.DB.User(ctx, id)
if err != nil {
log.Errorf("getting user: %v", err)
return errors.Wrap(err, "getting user")
}
if u.Avatar != nil {
err = s.DB.DeleteUserAvatar(ctx, u.ID, *u.Avatar)
if err != nil {
log.Errorf("deleting avatars for user %v: %v", u.ID, err)
return errors.Wrap(err, "deleting user avatar")
}
}
var exports []db.DataExport
err = pgxscan.Select(ctx, s.DB, &exports, "SELECT * FROM data_exports WHERE user_id = $1", u.ID)
if err != nil {
log.Errorf("getting to-be-deleted export files: %v", err)
return errors.Wrap(err, "getting export iles")
}
for _, de := range exports {
err = s.DB.DeleteExport(ctx, de)
if err != nil {
log.Errorf("deleting export %v: %v", de.ID, err)
continue
}
log.Debugf("deleted export %v", de.ID)
}
members, err := s.DB.UserMembers(ctx, u.ID)
if err != nil {
log.Errorf("getting members for user %v: %v", u.ID, err)
return errors.Wrap(err, "getting members")
}
for _, m := range members {
if m.Avatar == nil {
continue
}
log.Debugf("deleting avatars for member %v", m.ID)
err = s.DB.DeleteMemberAvatar(ctx, m.ID, *m.Avatar)
if err != nil {
log.Errorf("deleting avatars for member %v: %v", m.ID, err)
continue
}
log.Debugf("deleted avatars for member %v", m.ID)
}
err = s.DB.ForceDeleteUser(ctx, u.ID)
if err != nil {
log.Errorf("force deleting user: %v", err)
return errors.Wrap(err, "deleting user")
}
render.JSON(w, r, map[string]any{"success": true})
return nil
}

10
frontend/.gitignore vendored
View File

@ -1,10 +0,0 @@
.DS_Store
node_modules
/build
/.svelte-kit
/package
.env
.env.*
!.env.example
vite.config.js.timestamp-*
vite.config.ts.timestamp-*

23
frontend/src/lib/api/responses.ts Normal file
View File

@ -0,0 +1,23 @@
import type { MeUser } from "./entities";
export interface SignupResponse {
user: MeUser;
token: string;
}
export interface MetaResponse {
git_repository: string;
git_commit: string;
users: number;
members: number;
require_invite: boolean;
}
export interface UrlsResponse {
discord: string;
}
export interface ExportResponse {
path: string;
created_at: string;
}

9
frontend/src/routes/+layout.server.ts
View File

@ -2,6 +2,7 @@ import { error } from "@sveltejs/kit";
import type { LayoutServerLoad } from "./$types";
import type { APIError } from "$lib/api/entities";
import { apiFetch } from "$lib/api/fetch";
import type { MetaResponse } from "$lib/api/responses";
export const load = (async (event) => {
try {
@ -10,11 +11,3 @@ export const load = (async (event) => {
throw error(500, (e as APIError).message);
}
}) satisfies LayoutServerLoad;
interface MetaResponse {
git_repository: string;
git_commit: string;
users: number;
members: number;
require_invite: boolean;
}

5
frontend/src/routes/auth/login/+page.server.ts
View File

@ -1,5 +1,6 @@
import { apiFetch } from "$lib/api/fetch";
import { PUBLIC_BASE_URL } from "$env/static/public";
import type { UrlsResponse } from "$lib/api/responses";
export const load = async () => {
const resp = await apiFetch<UrlsResponse>("/auth/urls", {
@ -11,7 +12,3 @@ export const load = async () => {
return resp;
};
interface UrlsResponse {
discord: string;
}

193
frontend/src/routes/auth/login/CallbackPage.svelte Normal file
View File

@ -0,0 +1,193 @@
<script lang="ts">
import { goto } from "$app/navigation";
import type { APIError, MeUser } from "$lib/api/entities";
import { apiFetch } from "$lib/api/fetch";
import ErrorAlert from "$lib/components/ErrorAlert.svelte";
import { userStore } from "$lib/store";
import { addToast } from "$lib/toast";
import { onMount } from "svelte";
import {
Alert,
Button,
FormGroup,
Icon,
Input,
Modal,
ModalBody,
ModalFooter,
} from "sveltestrap";
export let authType: string;
export let remoteName: string | undefined;
export let error: APIError | undefined;
export let requireInvite: boolean | undefined;
export let isDeleted: boolean | undefined;
export let ticket: string | undefined;
export let token: string | undefined;
export let user: MeUser | undefined;
export let deletedAt: string | undefined;
onMount(() => {
if (!isDeleted && token && user) {
localStorage.setItem("pronouns-token", token);
localStorage.setItem("pronouns-user", JSON.stringify(user));
userStore.set(user);
goto("/");
}
});
let deleteCancelled: boolean;
let deleteError: APIError | null;
let username: string;
let inviteCode: string;
let forceDeleteName = "";
let forceDeleteModalOpen = false;
let toggleForceDeleteModal = () => (forceDeleteModalOpen = !forceDeleteModalOpen);
export let linkAccount: () => Promise<void>;
export let signupForm: (username: string, inviteCode: string) => Promise<void>;
const forceDeleteAccount = async () => {
try {
await apiFetch<any>("/auth/force-delete", {
method: "GET",
headers: {
"X-Delete-Token": token!,
},
});
deleteError = null;
addToast({ header: "Deleted account", body: "Successfully deleted your account" });
goto("/");
} catch (e) {
deleteError = e as APIError;
}
};
const cancelDelete = async () => {
try {
await apiFetch<any>("/auth/cancel-delete", {
method: "GET",
headers: {
"X-Delete-Token": token!,
},
});
deleteCancelled = true;
deleteError = null;
} catch (e) {
deleteCancelled = false;
deleteError = e as APIError;
}
};
</script>
<svelte:head>
<title>Log in with the {authType} - pronouns.cc</title>
</svelte:head>
<h1>Log in with the {authType}</h1>
{#if error}
<ErrorAlert {error} />
{/if}
{#if ticket && $userStore}
<div>
<FormGroup floating label="{authType} username">
<Input readonly value={remoteName} />
</FormGroup>
</div>
<div class="my-2">
<FormGroup floating label="pronouns.cc username">
<Input readonly value={$userStore.name} />
</FormGroup>
</div>
<div>
<Button on:click={linkAccount}>Link account</Button>
<Button color="secondary" href="/settings/auth">Cancel</Button>
</div>
{:else if ticket}
<form on:submit|preventDefault={() => signupForm(username, inviteCode)}>
<div>
<FormGroup floating label="{authType} username">
<Input readonly value={remoteName} />
</FormGroup>
</div>
<div>
<FormGroup floating label="Username">
<Input id="username" name="username" bind:value={username} />
</FormGroup>
</div>
{#if requireInvite}
<div>
<FormGroup floating label="Invite code">
<Input id="invite" name="invite" aria-describedby="invite-help" bind:value={inviteCode} />
</FormGroup>
<div id="invite-help" class="form-text">
<Icon name="info-circle-fill" /> You currently need an invite code to sign up. You can get
one from an existing user.
</div>
</div>
{/if}
<div class="form-text mb-1">
By signing up, you agree to the <a href="/page/tos">terms of service</a> and the
<a href="/page/privacy">privacy policy</a>.
</div>
<Button type="submit" color="primary">Sign up</Button>
</form>
{:else if isDeleted && token}
<p>Your account is pending deletion since {deletedAt}.</p>
<p>If you wish to cancel deletion, press the button below.</p>
<p>
<Button color="primary" on:click={cancelDelete} disabled={deleteCancelled}
>Cancel account deletion</Button
>
</p>
<p>
Alternatively, if you want your data wiped immediately, press the force delete link below. <b
>This is irreversible.</b
>
</p>
<p>
<Button color="link" on:click={toggleForceDeleteModal}>Force delete account</Button>
</p>
<Modal
header="Force delete account"
isOpen={forceDeleteModalOpen}
toggle={toggleForceDeleteModal}
>
<ModalBody>
<p>
If you want to delete your account, type your username below:
<br />
<b>
This is irreversible! Your account <i>cannot</i> be recovered after you press "Force delete
account".
</b>
</p>
<p>
<input type="text" class="form-control" bind:value={forceDeleteName} />
</p>
{#if deleteError}
<ErrorAlert error={deleteError} />
{/if}
</ModalBody>
<ModalFooter>
<Button color="danger" on:click={forceDeleteAccount} disabled={forceDeleteName !== user?.name}
>Force delete account</Button
>
<Button color="secondary" on:click={toggleForceDeleteModal}>Cancel delete</Button>
</ModalFooter>
</Modal>
{#if deleteCancelled}
<Alert color="secondary" fade={false}>
Account deletion cancelled! You can now <a href="/auth/login">log in</a> again.
</Alert>
{/if}
{#if deleteError}
<ErrorAlert error={deleteError} />
{/if}
{:else}
Loading...
{/if}

130
frontend/src/routes/auth/login/discord/+page.svelte
View File

@ -1,36 +1,16 @@
<script lang="ts">
import { onMount } from "svelte";
import { Alert, Button, FormGroup, Icon, Input } from "sveltestrap";
import { goto } from "$app/navigation";
import type { APIError, MeUser } from "$lib/api/entities";
import { apiFetch, apiFetchClient } from "$lib/api/fetch";
import { userStore } from "$lib/store";
import type { PageData } from "./$types";
import ErrorAlert from "$lib/components/ErrorAlert.svelte";
import { addToast } from "$lib/toast";
interface SignupResponse {
user: MeUser;
token: string;
}
import CallbackPage from "../CallbackPage.svelte";
import type { SignupResponse } from "$lib/api/responses";
export let data: PageData;
onMount(() => {
if (!data.is_deleted && data.token && data.user) {
localStorage.setItem("pronouns-token", data.token);
localStorage.setItem("pronouns-user", JSON.stringify(data.user));
userStore.set(data.user);
addToast({ header: "Logged in", body: "Successfully logged in!" });
goto("/");
}
});
let username = "";
let invite = "";
const signupForm = async () => {
const signupForm = async (username: string, invite: string) => {
try {
const resp = await apiFetch<SignupResponse>("/auth/discord/signup", {
method: "POST",
@ -51,25 +31,6 @@
}
};
let deleteCancelled = false;
let deleteError: APIError | null = null;
const cancelDelete = async () => {
try {
await apiFetch<any>("/auth/cancel-delete", {
method: "GET",
headers: {
"X-Delete-Token": data.token!,
},
});
deleteCancelled = true;
deleteError = null;
} catch (e) {
deleteCancelled = false;
deleteError = e as APIError;
}
};
const linkAccount = async () => {
try {
const resp = await apiFetchClient<MeUser>("/auth/discord/add-provider", "POST", {
@ -86,75 +47,16 @@
};
</script>
<svelte:head>
<title>Log in with Discord - pronouns.cc</title>
</svelte:head>
<h1>Log in with Discord</h1>
{#if data.error}
<ErrorAlert error={data.error} />
{/if}
{#if data.ticket && $userStore}
<div>
<FormGroup floating label="Discord username">
<Input readonly value={data.discord} />
</FormGroup>
</div>
<div class="my-2">
<FormGroup floating label="pronouns.cc username">
<Input readonly value={$userStore.name} />
</FormGroup>
</div>
<div>
<Button on:click={linkAccount}>Link account</Button>
<Button color="secondary" href="/settings/auth">Cancel</Button>
</div>
{:else if data.ticket}
<form on:submit|preventDefault={signupForm}>
<div>
<FormGroup floating label="Discord username">
<Input readonly value={data.discord} />
</FormGroup>
</div>
<div>
<FormGroup floating label="Username">
<Input id="username" name="username" bind:value={username} />
</FormGroup>
</div>
{#if data.require_invite}
<div>
<FormGroup floating label="Invite code">
<Input id="invite" name="invite" aria-describedby="invite-help" bind:value={invite} />
</FormGroup>
<div id="invite-help" class="form-text">
<Icon name="info-circle-fill" /> You currently need an invite code to sign up. You can get
one from an existing user.
</div>
</div>
{/if}
<div class="form-text mb-1">
By signing up, you agree to the <a href="/page/tos">terms of service</a> and the
<a href="/page/privacy">privacy policy</a>.
</div>
<Button type="submit" color="primary">Sign up</Button>
</form>
{:else if data.is_deleted && data.token}
<p>Your account is pending deletion since {data.deleted_at}.</p>
<p>If you wish to cancel deletion, press the button below.</p>
<p>
<Button color="primary" on:click={cancelDelete} disabled={deleteCancelled}
>Cancel account deletion</Button
>
</p>
{#if deleteCancelled}
<Alert color="secondary" fade={false}>
Account deletion cancelled! You can now <a href="/auth/login">log in</a> again.
</Alert>
{/if}
{#if deleteError}
<ErrorAlert error={deleteError} />
{/if}
{:else}
Loading...
{/if}
<CallbackPage
authType="Discord"
remoteName={data.discord}
error={data.error}
requireInvite={data.require_invite}
isDeleted={data.is_deleted}
ticket={data.ticket}
token={data.token}
user={data.user}
deletedAt={data.deleted_at}
{linkAccount}
{signupForm}
/>

130
frontend/src/routes/auth/login/mastodon/[instance]/+page.svelte
View File

@ -1,35 +1,16 @@
<script lang="ts">
import { onMount } from "svelte";
import { Alert, Button, FormGroup, Icon, Input } from "sveltestrap";
import { goto } from "$app/navigation";
import type { APIError, MeUser } from "$lib/api/entities";
import { apiFetch, apiFetchClient } from "$lib/api/fetch";
import { userStore } from "$lib/store";
import type { PageData } from "./$types";
import ErrorAlert from "$lib/components/ErrorAlert.svelte";
import { addToast } from "$lib/toast";
interface SignupResponse {
user: MeUser;
token: string;
}
import CallbackPage from "../../CallbackPage.svelte";
import type { SignupResponse } from "$lib/api/responses";
export let data: PageData;
onMount(() => {
if (!data.is_deleted && data.token && data.user) {
localStorage.setItem("pronouns-token", data.token);
localStorage.setItem("pronouns-user", JSON.stringify(data.user));
userStore.set(data.user);
goto("/");
}
});
let username = "";
let invite = "";
const signupForm = async () => {
const signupForm = async (username: string, invite: string) => {
try {
const resp = await apiFetch<SignupResponse>("/auth/mastodon/signup", {
method: "POST",
@ -44,31 +25,13 @@
localStorage.setItem("pronouns-token", resp.token);
localStorage.setItem("pronouns-user", JSON.stringify(resp.user));
userStore.set(resp.user);
addToast({ header: "Welcome!", body: "Signed up successfully!" });
goto("/");
} catch (e) {
data.error = e as APIError;
}
};
let deleteCancelled = false;
let deleteError: APIError | null = null;
const cancelDelete = async () => {
try {
await apiFetch<any>("/auth/cancel-delete", {
method: "GET",
headers: {
"X-Delete-Token": data.token!,
},
});
deleteCancelled = true;
deleteError = null;
} catch (e) {
deleteCancelled = false;
deleteError = e as APIError;
}
};
const linkAccount = async () => {
try {
const resp = await apiFetchClient<MeUser>("/auth/mastodon/add-provider", "POST", {
@ -86,75 +49,16 @@
};
</script>
<svelte:head>
<title>Log in with the Fediverse - pronouns.cc</title>
</svelte:head>
<h1>Log in with the Fediverse</h1>
{#if data.error}
<ErrorAlert error={data.error} />
{/if}
{#if data.ticket && $userStore}
<div>
<FormGroup floating label="Fediverse username">
<Input readonly value="{data.fediverse}@{data.instance}" />
</FormGroup>
</div>
<div class="my-2">
<FormGroup floating label="pronouns.cc username">
<Input readonly value={$userStore.name} />
</FormGroup>
</div>
<div>
<Button on:click={linkAccount}>Link account</Button>
<Button color="secondary" href="/settings/auth">Cancel</Button>
</div>
{:else if data.ticket}
<form on:submit|preventDefault={signupForm}>
<div>
<FormGroup floating label="Fediverse username">
<Input readonly value="{data.fediverse}@{data.instance}" />
</FormGroup>
</div>
<div>
<FormGroup floating label="Username">
<Input id="username" name="username" bind:value={username} />
</FormGroup>
</div>
{#if data.require_invite}
<div>
<FormGroup floating label="Invite code">
<Input id="invite" name="invite" aria-describedby="invite-help" bind:value={invite} />
</FormGroup>
<div id="invite-help" class="form-text">
<Icon name="info-circle-fill" /> You currently need an invite code to sign up. You can get
one from an existing user.
</div>
</div>
{/if}
<div class="form-text mb-1">
By signing up, you agree to the <a href="/page/tos">terms of service</a> and the
<a href="/page/privacy">privacy policy</a>.
</div>
<Button type="submit" color="primary">Sign up</Button>
</form>
{:else if data.is_deleted && data.token}
<p>Your account is pending deletion since {data.deleted_at}.</p>
<p>If you wish to cancel deletion, press the button below.</p>
<p>
<Button color="primary" on:click={cancelDelete} disabled={deleteCancelled}
>Cancel account deletion</Button
>
</p>
{#if deleteCancelled}
<Alert color="secondary" fade={false}>
Account deletion cancelled! You can now <a href="/auth/login">log in</a> again.
</Alert>
{/if}
{#if deleteError}
<ErrorAlert error={deleteError} />
{/if}
{:else}
Loading...
{/if}
<CallbackPage
authType="Fediverse"
remoteName="{data.fediverse}@{data.instance}"
error={data.error}
requireInvite={data.require_invite}
isDeleted={data.is_deleted}
ticket={data.ticket}
token={data.token}
user={data.user}
deletedAt={data.deleted_at}
{linkAccount}
{signupForm}
/>

5
frontend/src/routes/settings/auth/+page.ts
View File

@ -1,5 +1,6 @@
import { PUBLIC_BASE_URL } from "$env/static/public";
import { apiFetch } from "$lib/api/fetch";
import type { UrlsResponse } from "$lib/api/responses";
export const load = async () => {
const resp = await apiFetch<UrlsResponse>("/auth/urls", {
@ -11,7 +12,3 @@ export const load = async () => {
return { urls: resp };
};
interface UrlsResponse {
discord: string;
}

6
frontend/src/routes/settings/export/+page.ts
View File

@ -1,5 +1,6 @@
import { ErrorCode, type APIError } from "$lib/api/entities";
import { apiFetchClient } from "$lib/api/fetch";
import type { ExportResponse } from "$lib/api/responses";
import { error } from "@sveltejs/kit";
export const load = async () => {
@ -12,8 +13,3 @@ export const load = async () => {
throw error((e as APIError).code, (e as APIError).message);
}
};
interface ExportResponse {
path: string;
created_at: string;
}