pdewey.com / tangled-core
forked from tangled.org/core
Monorepo for Tangled
fork atom
tangled-core / appview / settings / settings.go
at master 530 lines 16 kB view raw
1package settings 2 3import ( 4 "database/sql" 5 "errors" 6 "fmt" 7 "log" 8 "net/http" 9 "net/url" 10 "strings" 11 "time" 12 13 "github.com/go-chi/chi/v5" 14 "tangled.org/core/api/tangled" 15 "tangled.org/core/appview/config" 16 "tangled.org/core/appview/db" 17 "tangled.org/core/appview/email" 18 "tangled.org/core/appview/middleware" 19 "tangled.org/core/appview/models" 20 "tangled.org/core/appview/oauth" 21 "tangled.org/core/appview/pages" 22 "tangled.org/core/tid" 23 24 comatproto "github.com/bluesky-social/indigo/api/atproto" 25 "github.com/bluesky-social/indigo/atproto/syntax" 26 lexutil "github.com/bluesky-social/indigo/lex/util" 27 "github.com/gliderlabs/ssh" 28 "github.com/google/uuid" 29) 30 31type Settings struct { 32 Db *db.DB 33 OAuth *oauth.OAuth 34 Pages *pages.Pages 35 Config *config.Config 36} 37 38func (s *Settings) Router() http.Handler { 39 r := chi.NewRouter() 40 41 r.Use(middleware.AuthMiddleware(s.OAuth)) 42 43 // settings pages 44 r.Get("/", s.profileSettings) 45 r.Get("/profile", s.profileSettings) 46 47 r.Route("/keys", func(r chi.Router) { 48 r.Get("/", s.keysSettings) 49 r.Put("/", s.keys) 50 r.Delete("/", s.keys) 51 }) 52 53 r.Route("/emails", func(r chi.Router) { 54 r.Get("/", s.emailsSettings) 55 r.Put("/", s.emails) 56 r.Delete("/", s.emails) 57 r.Get("/verify", s.emailsVerify) 58 r.Post("/verify/resend", s.emailsVerifyResend) 59 r.Post("/primary", s.emailsPrimary) 60 }) 61 62 r.Route("/notifications", func(r chi.Router) { 63 r.Get("/", s.notificationsSettings) 64 r.Put("/", s.updateNotificationPreferences) 65 }) 66 67 return r 68} 69 70func (s *Settings) profileSettings(w http.ResponseWriter, r *http.Request) { 71 user := s.OAuth.GetMultiAccountUser(r) 72 73 s.Pages.UserProfileSettings(w, pages.UserProfileSettingsParams{ 74 LoggedInUser: user, 75 }) 76} 77 78func (s *Settings) notificationsSettings(w http.ResponseWriter, r *http.Request) { 79 user := s.OAuth.GetMultiAccountUser(r) 80 did := s.OAuth.GetDid(r) 81 82 prefs, err := db.GetNotificationPreference(s.Db, did) 83 if err != nil { 84 log.Printf("failed to get notification preferences: %s", err) 85 s.Pages.Notice(w, "settings-notifications-error", "Unable to load notification preferences.") 86 return 87 } 88 89 s.Pages.UserNotificationSettings(w, pages.UserNotificationSettingsParams{ 90 LoggedInUser: user, 91 Preferences: prefs, 92 }) 93} 94 95func (s *Settings) updateNotificationPreferences(w http.ResponseWriter, r *http.Request) { 96 did := s.OAuth.GetDid(r) 97 98 prefs := &models.NotificationPreferences{ 99 UserDid: syntax.DID(did), 100 RepoStarred: r.FormValue("repo_starred") == "on", 101 IssueCreated: r.FormValue("issue_created") == "on", 102 IssueCommented: r.FormValue("issue_commented") == "on", 103 IssueClosed: r.FormValue("issue_closed") == "on", 104 PullCreated: r.FormValue("pull_created") == "on", 105 PullCommented: r.FormValue("pull_commented") == "on", 106 PullMerged: r.FormValue("pull_merged") == "on", 107 Followed: r.FormValue("followed") == "on", 108 UserMentioned: r.FormValue("user_mentioned") == "on", 109 EmailNotifications: r.FormValue("email_notifications") == "on", 110 } 111 112 err := s.Db.UpdateNotificationPreferences(r.Context(), prefs) 113 if err != nil { 114 log.Printf("failed to update notification preferences: %s", err) 115 s.Pages.Notice(w, "settings-notifications-error", "Unable to save notification preferences.") 116 return 117 } 118 119 s.Pages.Notice(w, "settings-notifications-success", "Notification preferences saved successfully.") 120} 121 122func (s *Settings) keysSettings(w http.ResponseWriter, r *http.Request) { 123 user := s.OAuth.GetMultiAccountUser(r) 124 pubKeys, err := db.GetPublicKeysForDid(s.Db, user.Active.Did) 125 if err != nil { 126 log.Println(err) 127 } 128 129 s.Pages.UserKeysSettings(w, pages.UserKeysSettingsParams{ 130 LoggedInUser: user, 131 PubKeys: pubKeys, 132 }) 133} 134 135func (s *Settings) emailsSettings(w http.ResponseWriter, r *http.Request) { 136 user := s.OAuth.GetMultiAccountUser(r) 137 emails, err := db.GetAllEmails(s.Db, user.Active.Did) 138 if err != nil { 139 log.Println(err) 140 } 141 142 s.Pages.UserEmailsSettings(w, pages.UserEmailsSettingsParams{ 143 LoggedInUser: user, 144 Emails: emails, 145 }) 146} 147 148// buildVerificationEmail creates an email.Email struct for verification emails 149func (s *Settings) buildVerificationEmail(emailAddr, did, code string) email.Email { 150 verifyURL := s.verifyUrl(did, emailAddr, code) 151 152 return email.Email{ 153 APIKey: s.Config.Resend.ApiKey, 154 From: s.Config.Resend.SentFrom, 155 To: emailAddr, 156 Subject: "Verify your Tangled email", 157 Text: `Click the link below (or copy and paste it into your browser) to verify your email address. 158` + verifyURL, 159 Html: `<p>Click the link (or copy and paste it into your browser) to verify your email address.</p> 160<p><a href="` + verifyURL + `">` + verifyURL + `</a></p>`, 161 } 162} 163 164// sendVerificationEmail handles the common logic for sending verification emails 165func (s *Settings) sendVerificationEmail(w http.ResponseWriter, did, emailAddr, code string, errorContext string) error { 166 emailToSend := s.buildVerificationEmail(emailAddr, did, code) 167 168 err := email.SendEmail(emailToSend) 169 if err != nil { 170 log.Printf("sending email: %s", err) 171 s.Pages.Notice(w, "settings-emails-error", fmt.Sprintf("Unable to send verification email at this moment, try again later. %s", errorContext)) 172 return err 173 } 174 175 return nil 176} 177 178func (s *Settings) emails(w http.ResponseWriter, r *http.Request) { 179 switch r.Method { 180 case http.MethodGet: 181 s.Pages.Notice(w, "settings-emails", "Unimplemented.") 182 log.Println("unimplemented") 183 return 184 case http.MethodPut: 185 did := s.OAuth.GetDid(r) 186 emAddr := r.FormValue("email") 187 emAddr = strings.TrimSpace(emAddr) 188 189 if !email.IsValidEmail(emAddr) { 190 s.Pages.Notice(w, "settings-emails-error", "Invalid email address.") 191 return 192 } 193 194 // check if email already exists in database 195 existingEmail, err := db.GetEmail(s.Db, did, emAddr) 196 if err != nil && !errors.Is(err, sql.ErrNoRows) { 197 log.Printf("checking for existing email: %s", err) 198 s.Pages.Notice(w, "settings-emails-error", "Unable to add email at this moment, try again later.") 199 return 200 } 201 202 if err == nil { 203 if existingEmail.Verified { 204 s.Pages.Notice(w, "settings-emails-error", "This email is already verified.") 205 return 206 } 207 208 s.Pages.Notice(w, "settings-emails-error", "This email is already added but not verified. Check your inbox for the verification link.") 209 return 210 } 211 212 code := uuid.New().String() 213 214 // Begin transaction 215 tx, err := s.Db.Begin() 216 if err != nil { 217 log.Printf("failed to start transaction: %s", err) 218 s.Pages.Notice(w, "settings-emails-error", "Unable to add email at this moment, try again later.") 219 return 220 } 221 defer tx.Rollback() 222 223 if err := db.AddEmail(tx, models.Email{ 224 Did: did, 225 Address: emAddr, 226 Verified: false, 227 VerificationCode: code, 228 }); err != nil { 229 log.Printf("adding email: %s", err) 230 s.Pages.Notice(w, "settings-emails-error", "Unable to add email at this moment, try again later.") 231 return 232 } 233 234 if err := s.sendVerificationEmail(w, did, emAddr, code, ""); err != nil { 235 return 236 } 237 238 // Commit transaction 239 if err := tx.Commit(); err != nil { 240 log.Printf("failed to commit transaction: %s", err) 241 s.Pages.Notice(w, "settings-emails-error", "Unable to add email at this moment, try again later.") 242 return 243 } 244 245 s.Pages.Notice(w, "settings-emails-success", "Click the link in the email we sent you to verify your email address.") 246 return 247 case http.MethodDelete: 248 did := s.OAuth.GetDid(r) 249 emailAddr := r.FormValue("email") 250 emailAddr = strings.TrimSpace(emailAddr) 251 252 // Begin transaction 253 tx, err := s.Db.Begin() 254 if err != nil { 255 log.Printf("failed to start transaction: %s", err) 256 s.Pages.Notice(w, "settings-emails-error", "Unable to delete email at this moment, try again later.") 257 return 258 } 259 defer tx.Rollback() 260 261 if err := db.DeleteEmail(tx, did, emailAddr); err != nil { 262 log.Printf("deleting email: %s", err) 263 s.Pages.Notice(w, "settings-emails-error", "Unable to delete email at this moment, try again later.") 264 return 265 } 266 267 // Commit transaction 268 if err := tx.Commit(); err != nil { 269 log.Printf("failed to commit transaction: %s", err) 270 s.Pages.Notice(w, "settings-emails-error", "Unable to delete email at this moment, try again later.") 271 return 272 } 273 274 s.Pages.HxLocation(w, "/settings/emails") 275 return 276 } 277} 278 279func (s *Settings) verifyUrl(did string, email string, code string) string { 280 return fmt.Sprintf( 281 "%s/settings/emails/verify?did=%s&email=%s&code=%s", 282 s.Config.Core.BaseUrl(), 283 url.QueryEscape(did), 284 url.QueryEscape(email), 285 url.QueryEscape(code), 286 ) 287} 288 289func (s *Settings) emailsVerify(w http.ResponseWriter, r *http.Request) { 290 q := r.URL.Query() 291 292 // Get the parameters directly from the query 293 emailAddr := q.Get("email") 294 did := q.Get("did") 295 code := q.Get("code") 296 297 valid, err := db.CheckValidVerificationCode(s.Db, did, emailAddr, code) 298 if err != nil { 299 log.Printf("checking email verification: %s", err) 300 s.Pages.Notice(w, "settings-emails-error", "Error verifying email. Please try again later.") 301 return 302 } 303 304 if !valid { 305 s.Pages.Notice(w, "settings-emails-error", "Invalid verification code. Please request a new verification email.") 306 return 307 } 308 309 // Mark email as verified in the database 310 if err := db.MarkEmailVerified(s.Db, did, emailAddr); err != nil { 311 log.Printf("marking email as verified: %s", err) 312 s.Pages.Notice(w, "settings-emails-error", "Error updating email verification status. Please try again later.") 313 return 314 } 315 316 http.Redirect(w, r, "/settings/emails", http.StatusSeeOther) 317} 318 319func (s *Settings) emailsVerifyResend(w http.ResponseWriter, r *http.Request) { 320 if r.Method != http.MethodPost { 321 s.Pages.Notice(w, "settings-emails-error", "Invalid request method.") 322 return 323 } 324 325 did := s.OAuth.GetDid(r) 326 emAddr := r.FormValue("email") 327 emAddr = strings.TrimSpace(emAddr) 328 329 if !email.IsValidEmail(emAddr) { 330 s.Pages.Notice(w, "settings-emails-error", "Invalid email address.") 331 return 332 } 333 334 // Check if email exists and is unverified 335 existingEmail, err := db.GetEmail(s.Db, did, emAddr) 336 if err != nil { 337 if errors.Is(err, sql.ErrNoRows) { 338 s.Pages.Notice(w, "settings-emails-error", "Email not found. Please add it first.") 339 } else { 340 log.Printf("checking for existing email: %s", err) 341 s.Pages.Notice(w, "settings-emails-error", "Unable to resend verification email at this moment, try again later.") 342 } 343 return 344 } 345 346 if existingEmail.Verified { 347 s.Pages.Notice(w, "settings-emails-error", "This email is already verified.") 348 return 349 } 350 351 // Check if last verification email was sent less than 10 minutes ago 352 if existingEmail.LastSent != nil { 353 timeSinceLastSent := time.Since(*existingEmail.LastSent) 354 if timeSinceLastSent < 10*time.Minute { 355 waitTime := 10*time.Minute - timeSinceLastSent 356 s.Pages.Notice(w, "settings-emails-error", fmt.Sprintf("Please wait %d minutes before requesting another verification email.", int(waitTime.Minutes()+1))) 357 return 358 } 359 } 360 361 // Generate new verification code 362 code := uuid.New().String() 363 364 // Begin transaction 365 tx, err := s.Db.Begin() 366 if err != nil { 367 log.Printf("failed to start transaction: %s", err) 368 s.Pages.Notice(w, "settings-emails-error", "Unable to resend verification email at this moment, try again later.") 369 return 370 } 371 defer tx.Rollback() 372 373 // Update the verification code and last sent time 374 if err := db.UpdateVerificationCode(tx, did, emAddr, code); err != nil { 375 log.Printf("updating email verification: %s", err) 376 s.Pages.Notice(w, "settings-emails-error", "Unable to resend verification email at this moment, try again later.") 377 return 378 } 379 380 // Send verification email 381 if err := s.sendVerificationEmail(w, did, emAddr, code, ""); err != nil { 382 return 383 } 384 385 // Commit transaction 386 if err := tx.Commit(); err != nil { 387 log.Printf("failed to commit transaction: %s", err) 388 s.Pages.Notice(w, "settings-emails-error", "Unable to resend verification email at this moment, try again later.") 389 return 390 } 391 392 s.Pages.Notice(w, "settings-emails-success", "Verification email resent. Click the link in the email we sent you to verify your email address.") 393} 394 395func (s *Settings) emailsPrimary(w http.ResponseWriter, r *http.Request) { 396 did := s.OAuth.GetDid(r) 397 emailAddr := r.FormValue("email") 398 emailAddr = strings.TrimSpace(emailAddr) 399 400 if emailAddr == "" { 401 s.Pages.Notice(w, "settings-emails-error", "Email address cannot be empty.") 402 return 403 } 404 405 if err := db.MakeEmailPrimary(s.Db, did, emailAddr); err != nil { 406 log.Printf("setting primary email: %s", err) 407 s.Pages.Notice(w, "settings-emails-error", "Error setting primary email. Please try again later.") 408 return 409 } 410 411 s.Pages.HxLocation(w, "/settings/emails") 412} 413 414func (s *Settings) keys(w http.ResponseWriter, r *http.Request) { 415 switch r.Method { 416 case http.MethodGet: 417 s.Pages.Notice(w, "settings-keys", "Unimplemented.") 418 log.Println("unimplemented") 419 return 420 case http.MethodPut: 421 did := s.OAuth.GetDid(r) 422 key := r.FormValue("key") 423 key = strings.TrimSpace(key) 424 name := r.FormValue("name") 425 client, err := s.OAuth.AuthorizedClient(r) 426 if err != nil { 427 s.Pages.Notice(w, "settings-keys", "Failed to authorize. Try again later.") 428 return 429 } 430 431 _, _, _, _, err = ssh.ParseAuthorizedKey([]byte(key)) 432 if err != nil { 433 log.Printf("parsing public key: %s", err) 434 s.Pages.Notice(w, "settings-keys", "That doesn't look like a valid public key. Make sure it's a <strong>public</strong> key.") 435 return 436 } 437 438 rkey := tid.TID() 439 440 tx, err := s.Db.Begin() 441 if err != nil { 442 log.Printf("failed to start tx; adding public key: %s", err) 443 s.Pages.Notice(w, "settings-keys", "Unable to add public key at this moment, try again later.") 444 return 445 } 446 defer tx.Rollback() 447 448 if err := db.AddPublicKey(tx, did, name, key, rkey); err != nil { 449 log.Printf("adding public key: %s", err) 450 s.Pages.Notice(w, "settings-keys", "Failed to add public key.") 451 return 452 } 453 454 // store in pds too 455 resp, err := comatproto.RepoPutRecord(r.Context(), client, &comatproto.RepoPutRecord_Input{ 456 Collection: tangled.PublicKeyNSID, 457 Repo: did, 458 Rkey: rkey, 459 Record: &lexutil.LexiconTypeDecoder{ 460 Val: &tangled.PublicKey{ 461 CreatedAt: time.Now().Format(time.RFC3339), 462 Key: key, 463 Name: name, 464 }}, 465 }) 466 // invalid record 467 if err != nil { 468 log.Printf("failed to create record: %s", err) 469 s.Pages.Notice(w, "settings-keys", "Failed to create record.") 470 return 471 } 472 473 log.Println("created atproto record: ", resp.Uri) 474 475 err = tx.Commit() 476 if err != nil { 477 log.Printf("failed to commit tx; adding public key: %s", err) 478 s.Pages.Notice(w, "settings-keys", "Unable to add public key at this moment, try again later.") 479 return 480 } 481 482 s.Pages.HxLocation(w, "/settings/keys") 483 return 484 485 case http.MethodDelete: 486 did := s.OAuth.GetDid(r) 487 q := r.URL.Query() 488 489 name := q.Get("name") 490 rkey := q.Get("rkey") 491 key := q.Get("key") 492 493 log.Println(name) 494 log.Println(rkey) 495 log.Println(key) 496 497 client, err := s.OAuth.AuthorizedClient(r) 498 if err != nil { 499 log.Printf("failed to authorize client: %s", err) 500 s.Pages.Notice(w, "settings-keys", "Failed to authorize client.") 501 return 502 } 503 504 if err := db.DeletePublicKey(s.Db, did, name, key); err != nil { 505 log.Printf("removing public key: %s", err) 506 s.Pages.Notice(w, "settings-keys", "Failed to remove public key.") 507 return 508 } 509 510 if rkey != "" { 511 // remove from pds too 512 _, err := comatproto.RepoDeleteRecord(r.Context(), client, &comatproto.RepoDeleteRecord_Input{ 513 Collection: tangled.PublicKeyNSID, 514 Repo: did, 515 Rkey: rkey, 516 }) 517 518 // invalid record 519 if err != nil { 520 log.Printf("failed to delete record from PDS: %s", err) 521 s.Pages.Notice(w, "settings-keys", "Failed to remove key from PDS.") 522 return 523 } 524 } 525 log.Println("deleted successfully") 526 527 s.Pages.HxLocation(w, "/settings/keys") 528 return 529 } 530}