merge: merge pull request 'add reports and moderation' (#31) from reports into main

Reviewed-on: https://codeberg.org/u1f320/pronouns.cc/pulls/31
This commit is contained in:
sam 2023-03-23 16:14:24 +00:00
commit 84b87790ee
37 changed files with 1359 additions and 107 deletions

217
backend/db/report.go Normal file
View file

@ -0,0 +1,217 @@
package db
import (
"context"
"time"
"emperror.dev/errors"
"github.com/georgysavva/scany/pgxscan"
"github.com/jackc/pgx/v4"
"github.com/rs/xid"
)
type Report struct {
ID int64 `json:"id"`
UserID xid.ID `json:"user_id"`
UserName string `json:"user_name"`
MemberID xid.ID `json:"member_id"`
MemberName *string `json:"member_name"`
Reason string `json:"reason"`
ReporterID xid.ID `json:"reporter_id"`
CreatedAt time.Time `json:"created_at"`
ResolvedAt *time.Time `json:"resolved_at"`
AdminID xid.ID `json:"admin_id"`
AdminComment *string `json:"admin_comment"`
}
const ReportPageSize = 100
const ErrReportNotFound = errors.Sentinel("report not found")
func (db *DB) Reports(ctx context.Context, closed bool, before int) (rs []Report, err error) {
builder := sq.Select("*",
"(SELECT username FROM users WHERE id = reports.user_id) AS user_name",
"(SELECT name FROM members WHERE id = reports.member_id) AS member_name").
From("reports").
Limit(ReportPageSize).
OrderBy("id DESC")
if before != 0 {
builder = builder.Where("id < ?", before)
}
if closed {
builder = builder.Where("resolved_at IS NOT NULL")
} else {
builder = builder.Where("resolved_at IS NULL")
}
sql, args, err := builder.ToSql()
if err != nil {
return nil, errors.Wrap(err, "building sql")
}
err = pgxscan.Select(ctx, db, &rs, sql, args...)
if err != nil {
return nil, errors.Wrap(err, "executing query")
}
if len(rs) == 0 {
return []Report{}, nil
}
return rs, nil
}
func (db *DB) ReportsByUser(ctx context.Context, userID xid.ID, before int) (rs []Report, err error) {
builder := sq.Select("*").From("reports").Where("user_id = ?", userID).Limit(ReportPageSize).OrderBy("id DESC")
if before != 0 {
builder = builder.Where("id < ?", before)
}
sql, args, err := builder.ToSql()
if err != nil {
return nil, errors.Wrap(err, "building sql")
}
err = pgxscan.Select(ctx, db, &rs, sql, args...)
if err != nil {
return nil, errors.Wrap(err, "executing query")
}
if len(rs) == 0 {
return []Report{}, nil
}
return rs, nil
}
func (db *DB) ReportsByReporter(ctx context.Context, reporterID xid.ID, before int) (rs []Report, err error) {
builder := sq.Select("*").From("reports").Where("reporter_id = ?", reporterID).Limit(ReportPageSize).OrderBy("id DESC")
if before != 0 {
builder = builder.Where("id < ?", before)
}
sql, args, err := builder.ToSql()
if err != nil {
return nil, errors.Wrap(err, "building sql")
}
err = pgxscan.Select(ctx, db, &rs, sql, args...)
if err != nil {
return nil, errors.Wrap(err, "executing query")
}
if len(rs) == 0 {
return []Report{}, nil
}
return rs, nil
}
func (db *DB) Report(ctx context.Context, tx pgx.Tx, id int64) (r Report, err error) {
sql, args, err := sq.Select("*").From("reports").Where("id = ?", id).ToSql()
if err != nil {
return r, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, tx, &r, sql, args...)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return r, ErrReportNotFound
}
return r, errors.Wrap(err, "executing query")
}
return r, nil
}
func (db *DB) CreateReport(ctx context.Context, reporterID, userID xid.ID, memberID *xid.ID, reason string) (r Report, err error) {
sql, args, err := sq.Insert("reports").SetMap(map[string]any{
"user_id": userID,
"reporter_id": reporterID,
"member_id": memberID,
"reason": reason,
}).Suffix("RETURNING *").ToSql()
if err != nil {
return r, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, db, &r, sql, args...)
if err != nil {
return r, errors.Wrap(err, "executing query")
}
return r, nil
}
func (db *DB) ResolveReport(ctx context.Context, ex Execer, id int64, adminID xid.ID, comment string) error {
sql, args, err := sq.Update("reports").
Set("admin_id", adminID).
Set("admin_comment", comment).
Set("resolved_at", time.Now().UTC()).
Where("id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = ex.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
type Warning struct {
ID int64 `json:"id"`
UserID xid.ID `json:"-"`
Reason string `json:"reason"`
CreatedAt time.Time `json:"created_at"`
ReadAt *time.Time `json:"-"`
}
func (db *DB) CreateWarning(ctx context.Context, tx pgx.Tx, userID xid.ID, reason string) (w Warning, err error) {
sql, args, err := sq.Insert("warnings").SetMap(map[string]any{
"user_id": userID,
"reason": reason,
}).ToSql()
if err != nil {
return w, errors.Wrap(err, "building sql")
}
err = pgxscan.Get(ctx, tx, &w, sql, args...)
if err != nil {
return w, errors.Wrap(err, "executing query")
}
return w, nil
}
func (db *DB) Warnings(ctx context.Context, userID xid.ID, unread bool) (ws []Warning, err error) {
builder := sq.Select("*").From("warnings").Where("user_id = ?", userID).OrderBy("id DESC")
if unread {
builder = builder.Where("read_at IS NULL")
}
sql, args, err := builder.ToSql()
if err != nil {
return ws, errors.Wrap(err, "building sql")
}
err = pgxscan.Select(ctx, db, &ws, sql, args...)
if err != nil {
return nil, errors.Wrap(err, "executing query")
}
if len(ws) == 0 {
return []Warning{}, nil
}
return ws, nil
}
func (db *DB) AckWarning(ctx context.Context, userID xid.ID, id int64) (ok bool, err error) {
sql, args, err := sq.Update("warnings").
Set("read_at", time.Now().UTC()).
Where("user_id = ?", userID).
Where("id = ?", id).
Where("read_at IS NULL").ToSql()
if err != nil {
return false, errors.Wrap(err, "building sql")
}
ct, err := db.Exec(ctx, sql, args...)
if err != nil {
return false, errors.Wrap(err, "executing query")
}
if ct.RowsAffected() == 0 {
return false, nil
}
return true, nil
}

View file

@ -2,6 +2,8 @@ package db
import ( import (
"context" "context"
"crypto/sha256"
"encoding/hex"
"regexp" "regexp"
"time" "time"
@ -34,6 +36,7 @@ type User struct {
FediverseInstance *string FediverseInstance *string
MaxInvites int MaxInvites int
IsAdmin bool
DeletedAt *time.Time DeletedAt *time.Time
SelfDelete *bool SelfDelete *bool
@ -416,3 +419,93 @@ func (db *DB) ForceDeleteUser(ctx context.Context, id xid.ID) error {
} }
return nil return nil
} }
func (db *DB) DeleteUserMembers(ctx context.Context, tx pgx.Tx, id xid.ID) error {
sql, args, err := sq.Delete("members").Where("user_id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = tx.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) ResetUser(ctx context.Context, tx pgx.Tx, id xid.ID) error {
err := db.SetUserFields(ctx, tx, id, []Field{})
if err != nil {
return errors.Wrap(err, "deleting fields")
}
hasher := sha256.New()
_, err = hasher.Write(id.Bytes())
if err != nil {
return errors.Wrap(err, "hashing user id")
}
hash := hex.EncodeToString(hasher.Sum(nil))
sql, args, err := sq.Update("users").
Set("username", "deleted-"+hash).
Set("display_name", nil).
Set("bio", nil).
Set("links", nil).
Set("names", "[]").
Set("pronouns", "[]").
Set("avatar", nil).
Where("id = ?", id).ToSql()
if err != nil {
return errors.Wrap(err, "building sql")
}
_, err = tx.Exec(ctx, sql, args...)
if err != nil {
return errors.Wrap(err, "executing query")
}
return nil
}
func (db *DB) CleanUser(ctx context.Context, id xid.ID) error {
u, err := db.User(ctx, id)
if err != nil {
return errors.Wrap(err, "getting user")
}
if u.Avatar != nil {
err = db.DeleteUserAvatar(ctx, u.ID, *u.Avatar)
if err != nil {
return errors.Wrap(err, "deleting user avatar")
}
}
var exports []DataExport
err = pgxscan.Select(ctx, db, &exports, "SELECT * FROM data_exports WHERE user_id = $1", u.ID)
if err != nil {
return errors.Wrap(err, "getting export iles")
}
for _, de := range exports {
err = db.DeleteExport(ctx, de)
if err != nil {
continue
}
}
members, err := db.UserMembers(ctx, u.ID)
if err != nil {
return errors.Wrap(err, "getting members")
}
for _, m := range members {
if m.Avatar == nil {
continue
}
err = db.DeleteMemberAvatar(ctx, m.ID, *m.Avatar)
if err != nil {
continue
}
}
return nil
}

View file

@ -5,6 +5,7 @@ import (
"codeberg.org/u1f320/pronouns.cc/backend/routes/bot" "codeberg.org/u1f320/pronouns.cc/backend/routes/bot"
"codeberg.org/u1f320/pronouns.cc/backend/routes/member" "codeberg.org/u1f320/pronouns.cc/backend/routes/member"
"codeberg.org/u1f320/pronouns.cc/backend/routes/meta" "codeberg.org/u1f320/pronouns.cc/backend/routes/meta"
"codeberg.org/u1f320/pronouns.cc/backend/routes/mod"
"codeberg.org/u1f320/pronouns.cc/backend/routes/user" "codeberg.org/u1f320/pronouns.cc/backend/routes/user"
"codeberg.org/u1f320/pronouns.cc/backend/server" "codeberg.org/u1f320/pronouns.cc/backend/server"
"github.com/go-chi/chi/v5" "github.com/go-chi/chi/v5"
@ -20,5 +21,6 @@ func mountRoutes(s *server.Server) {
member.Mount(s, r) member.Mount(s, r)
bot.Mount(s, r) bot.Mount(s, r)
meta.Mount(s, r) meta.Mount(s, r)
mod.Mount(s, r)
}) })
} }

View file

@ -45,6 +45,8 @@ type discordCallbackResponse struct {
IsDeleted bool `json:"is_deleted"` IsDeleted bool `json:"is_deleted"`
DeletedAt *time.Time `json:"deleted_at,omitempty"` DeletedAt *time.Time `json:"deleted_at,omitempty"`
SelfDelete *bool `json:"self_delete,omitempty"`
DeleteReason *string `json:"delete_reason,omitempty"`
} }
func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error { func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
@ -81,7 +83,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
u, err := s.DB.DiscordUser(ctx, du.ID) u, err := s.DB.DiscordUser(ctx, du.ID)
if err == nil { if err == nil {
if u.DeletedAt != nil && *u.SelfDelete { if u.DeletedAt != nil {
// store cancel delete token // store cancel delete token
token := undeleteToken() token := undeleteToken()
err = s.saveUndeleteToken(ctx, u.ID, token) err = s.saveUndeleteToken(ctx, u.ID, token)
@ -96,6 +98,8 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
User: dbUserToUserResponse(u, []db.Field{}), User: dbUserToUserResponse(u, []db.Field{}),
IsDeleted: true, IsDeleted: true,
DeletedAt: u.DeletedAt, DeletedAt: u.DeletedAt,
SelfDelete: u.SelfDelete,
DeleteReason: u.DeleteReason,
}) })
return nil return nil
} }
@ -107,7 +111,7 @@ func (s *Server) discordCallback(w http.ResponseWriter, r *http.Request) error {
// TODO: implement user + token permissions // TODO: implement user + token permissions
tokenID := xid.New() tokenID := xid.New()
token, err := s.Auth.CreateToken(u.ID, tokenID, false, false, true) token, err := s.Auth.CreateToken(u.ID, tokenID, u.IsAdmin, false, true)
if err != nil { if err != nil {
return err return err
} }

View file

@ -33,6 +33,8 @@ type fediCallbackResponse struct {
IsDeleted bool `json:"is_deleted"` IsDeleted bool `json:"is_deleted"`
DeletedAt *time.Time `json:"deleted_at,omitempty"` DeletedAt *time.Time `json:"deleted_at,omitempty"`
SelfDelete *bool `json:"self_delete,omitempty"`
DeleteReason *string `json:"delete_reason,omitempty"`
} }
type partialMastodonAccount struct { type partialMastodonAccount struct {
@ -102,7 +104,7 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
u, err := s.DB.FediverseUser(ctx, mu.ID, app.ID) u, err := s.DB.FediverseUser(ctx, mu.ID, app.ID)
if err == nil { if err == nil {
if u.DeletedAt != nil && *u.SelfDelete { if u.DeletedAt != nil {
// store cancel delete token // store cancel delete token
token := undeleteToken() token := undeleteToken()
err = s.saveUndeleteToken(ctx, u.ID, token) err = s.saveUndeleteToken(ctx, u.ID, token)
@ -117,6 +119,8 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
User: dbUserToUserResponse(u, []db.Field{}), User: dbUserToUserResponse(u, []db.Field{}),
IsDeleted: true, IsDeleted: true,
DeletedAt: u.DeletedAt, DeletedAt: u.DeletedAt,
SelfDelete: u.SelfDelete,
DeleteReason: u.DeleteReason,
}) })
return nil return nil
} }
@ -128,7 +132,7 @@ func (s *Server) mastodonCallback(w http.ResponseWriter, r *http.Request) error
// TODO: implement user + token permissions // TODO: implement user + token permissions
tokenID := xid.New() tokenID := xid.New()
token, err := s.Auth.CreateToken(u.ID, tokenID, false, false, true) token, err := s.Auth.CreateToken(u.ID, tokenID, u.IsAdmin, false, true)
if err != nil { if err != nil {
return err return err
} }

View file

@ -6,11 +6,9 @@ import (
"encoding/base64" "encoding/base64"
"net/http" "net/http"
"codeberg.org/u1f320/pronouns.cc/backend/db"
"codeberg.org/u1f320/pronouns.cc/backend/log" "codeberg.org/u1f320/pronouns.cc/backend/log"
"codeberg.org/u1f320/pronouns.cc/backend/server" "codeberg.org/u1f320/pronouns.cc/backend/server"
"emperror.dev/errors" "emperror.dev/errors"
"github.com/georgysavva/scany/pgxscan"
"github.com/go-chi/render" "github.com/go-chi/render"
"github.com/mediocregopher/radix/v4" "github.com/mediocregopher/radix/v4"
"github.com/rs/xid" "github.com/rs/xid"
@ -29,6 +27,16 @@ func (s *Server) cancelDelete(w http.ResponseWriter, r *http.Request) error {
return server.APIError{Code: server.ErrNotFound} // assume invalid token return server.APIError{Code: server.ErrNotFound} // assume invalid token
} }
// only self deleted users can undelete themselves
u, err := s.DB.User(ctx, id)
if err != nil {
log.Errorf("getting user: %v", err)
return errors.Wrap(err, "getting user")
}
if !*u.SelfDelete {
return server.APIError{Code: server.ErrForbidden}
}
err = s.DB.UndoDeleteUser(ctx, id) err = s.DB.UndoDeleteUser(ctx, id)
if err != nil { if err != nil {
log.Errorf("executing undelete query: %v", err) log.Errorf("executing undelete query: %v", err)
@ -84,60 +92,13 @@ func (s *Server) forceDelete(w http.ResponseWriter, r *http.Request) error {
return server.APIError{Code: server.ErrNotFound} // assume invalid token return server.APIError{Code: server.ErrNotFound} // assume invalid token
} }
u, err := s.DB.User(ctx, id) err = s.DB.CleanUser(ctx, id)
if err != nil { if err != nil {
log.Errorf("getting user: %v", err) log.Errorf("cleaning user data: %v", err)
return errors.Wrap(err, "getting user") return errors.Wrap(err, "cleaning user")
} }
if u.Avatar != nil { err = s.DB.ForceDeleteUser(ctx, id)
err = s.DB.DeleteUserAvatar(ctx, u.ID, *u.Avatar)
if err != nil {
log.Errorf("deleting avatars for user %v: %v", u.ID, err)
return errors.Wrap(err, "deleting user avatar")
}
}
var exports []db.DataExport
err = pgxscan.Select(ctx, s.DB, &exports, "SELECT * FROM data_exports WHERE user_id = $1", u.ID)
if err != nil {
log.Errorf("getting to-be-deleted export files: %v", err)
return errors.Wrap(err, "getting export iles")
}
for _, de := range exports {
err = s.DB.DeleteExport(ctx, de)
if err != nil {
log.Errorf("deleting export %v: %v", de.ID, err)
continue
}
log.Debugf("deleted export %v", de.ID)
}
members, err := s.DB.UserMembers(ctx, u.ID)
if err != nil {
log.Errorf("getting members for user %v: %v", u.ID, err)
return errors.Wrap(err, "getting members")
}
for _, m := range members {
if m.Avatar == nil {
continue
}
log.Debugf("deleting avatars for member %v", m.ID)
err = s.DB.DeleteMemberAvatar(ctx, m.ID, *m.Avatar)
if err != nil {
log.Errorf("deleting avatars for member %v: %v", m.ID, err)
continue
}
log.Debugf("deleted avatars for member %v", m.ID)
}
err = s.DB.ForceDeleteUser(ctx, u.ID)
if err != nil { if err != nil {
log.Errorf("force deleting user: %v", err) log.Errorf("force deleting user: %v", err)
return errors.Wrap(err, "deleting user") return errors.Wrap(err, "deleting user")

View file

@ -0,0 +1,111 @@
package mod
import (
"net/http"
"codeberg.org/u1f320/pronouns.cc/backend/db"
"codeberg.org/u1f320/pronouns.cc/backend/log"
"codeberg.org/u1f320/pronouns.cc/backend/server"
"emperror.dev/errors"
"github.com/go-chi/chi/v5"
"github.com/go-chi/render"
"github.com/rs/xid"
)
const MaxReasonLength = 2000
type CreateReportRequest struct {
Reason string `json:"reason"`
}
func (s *Server) createUserReport(w http.ResponseWriter, r *http.Request) error {
ctx := r.Context()
claims, _ := server.ClaimsFromContext(ctx)
userID, err := xid.FromString(chi.URLParam(r, "id"))
if err != nil {
return server.APIError{Code: server.ErrBadRequest, Details: "Invalid user ID"}
}
u, err := s.DB.User(ctx, userID)
if err != nil {
if err == db.ErrUserNotFound {
return server.APIError{Code: server.ErrUserNotFound}
}
log.Errorf("getting user %v: %v", userID, err)
return errors.Wrap(err, "getting user")
}
if u.DeletedAt != nil {
return server.APIError{Code: server.ErrUserNotFound}
}
var req CreateReportRequest
err = render.Decode(r, &req)
if err != nil {
return server.APIError{Code: server.ErrBadRequest}
}
if len(req.Reason) > MaxReasonLength {
return server.APIError{Code: server.ErrBadRequest, Details: "Reason cannot exceed 2000 characters"}
}
report, err := s.DB.CreateReport(ctx, claims.UserID, u.ID, nil, req.Reason)
if err != nil {
log.Errorf("creating report for %v: %v", u.ID, err)
return errors.Wrap(err, "creating report")
}
render.JSON(w, r, map[string]any{"created": true, "created_at": report.CreatedAt})
return nil
}
func (s *Server) createMemberReport(w http.ResponseWriter, r *http.Request) error {
ctx := r.Context()
claims, _ := server.ClaimsFromContext(ctx)
memberID, err := xid.FromString(chi.URLParam(r, "id"))
if err != nil {
return server.APIError{Code: server.ErrBadRequest, Details: "Invalid member ID"}
}
m, err := s.DB.Member(ctx, memberID)
if err != nil {
if err == db.ErrMemberNotFound {
return server.APIError{Code: server.ErrMemberNotFound}
}
log.Errorf("getting member %v: %v", memberID, err)
return errors.Wrap(err, "getting member")
}
u, err := s.DB.User(ctx, m.UserID)
if err != nil {
log.Errorf("getting user %v: %v", m.UserID, err)
return errors.Wrap(err, "getting user")
}
if u.DeletedAt != nil {
return server.APIError{Code: server.ErrMemberNotFound}
}
var req CreateReportRequest
err = render.Decode(r, &req)
if err != nil {
return server.APIError{Code: server.ErrBadRequest}
}
if len(req.Reason) > MaxReasonLength {
return server.APIError{Code: server.ErrBadRequest, Details: "Reason cannot exceed 2000 characters"}
}
report, err := s.DB.CreateReport(ctx, claims.UserID, u.ID, &m.ID, req.Reason)
if err != nil {
log.Errorf("creating report for %v: %v", m.ID, err)
return errors.Wrap(err, "creating report")
}
render.JSON(w, r, map[string]any{"created": true, "created_at": report.CreatedAt})
return nil
}

View file

@ -0,0 +1,84 @@
package mod
import (
"net/http"
"strconv"
"codeberg.org/u1f320/pronouns.cc/backend/log"
"codeberg.org/u1f320/pronouns.cc/backend/server"
"emperror.dev/errors"
"github.com/go-chi/chi/v5"
"github.com/go-chi/render"
"github.com/rs/xid"
)
func (s *Server) getReports(w http.ResponseWriter, r *http.Request) (err error) {
ctx := r.Context()
showClosed := r.FormValue("closed") == "true"
var before int
if s := r.FormValue("before"); s != "" {
before, err = strconv.Atoi(s)
if err != nil {
return server.APIError{Code: server.ErrBadRequest, Details: "\"before\": invalid ID"}
}
}
reports, err := s.DB.Reports(ctx, showClosed, before)
if err != nil {
log.Errorf("getting reports: %v", err)
return errors.Wrap(err, "getting reports from database")
}
render.JSON(w, r, reports)
return nil
}
func (s *Server) getReportsByUser(w http.ResponseWriter, r *http.Request) (err error) {
ctx := r.Context()
var before int
if s := r.FormValue("before"); s != "" {
before, err = strconv.Atoi(s)
if err != nil {
return server.APIError{Code: server.ErrBadRequest, Details: "\"before\": invalid ID"}
}
}
userID, err := xid.FromString(chi.URLParam(r, "id"))
if err != nil {
return server.APIError{Code: server.ErrBadRequest, Details: "Invalid user ID"}
}
reports, err := s.DB.ReportsByUser(ctx, userID, before)
if err != nil {
log.Errorf("getting reports: %v", err)
return errors.Wrap(err, "getting reports from database")
}
render.JSON(w, r, reports)
return nil
}
func (s *Server) getReportsByReporter(w http.ResponseWriter, r *http.Request) (err error) {
ctx := r.Context()
var before int
if s := r.FormValue("before"); s != "" {
before, err = strconv.Atoi(s)
if err != nil {
return server.APIError{Code: server.ErrBadRequest, Details: "\"before\": invalid ID"}
}
}
userID, err := xid.FromString(chi.URLParam(r, "id"))
if err != nil {
return server.APIError{Code: server.ErrBadRequest, Details: "Invalid user ID"}
}
reports, err := s.DB.ReportsByReporter(ctx, userID, before)
if err != nil {
log.Errorf("getting reports: %v", err)
return errors.Wrap(err, "getting reports from database")
}
render.JSON(w, r, reports)
return nil
}

View file

@ -0,0 +1,113 @@
package mod
import (
"net/http"
"strconv"
"codeberg.org/u1f320/pronouns.cc/backend/db"
"codeberg.org/u1f320/pronouns.cc/backend/log"
"codeberg.org/u1f320/pronouns.cc/backend/server"
"emperror.dev/errors"
"github.com/go-chi/chi/v5"
"github.com/go-chi/render"
)
type resolveReportRequest struct {
Warn bool `json:"warn"`
Ban bool `json:"ban"`
Delete bool `json:"delete"`
Reason string `json:"reason"`
}
func (s *Server) resolveReport(w http.ResponseWriter, r *http.Request) error {
ctx := r.Context()
claims, _ := server.ClaimsFromContext(ctx)
id, err := strconv.ParseInt(chi.URLParam(r, "id"), 10, 64)
if err != nil {
return server.APIError{Code: server.ErrBadRequest}
}
var req resolveReportRequest
err = render.Decode(r, &req)
if err != nil {
return server.APIError{Code: server.ErrBadRequest}
}
if req.Reason == "" {
return server.APIError{Code: server.ErrBadRequest, Details: "Reason cannot be empty"}
}
tx, err := s.DB.Begin(ctx)
if err != nil {
log.Errorf("creating transaction: %v", err)
return errors.Wrap(err, "creating transaction")
}
defer tx.Rollback(ctx)
report, err := s.DB.Report(ctx, tx, id)
if err != nil {
if err == db.ErrReportNotFound {
return server.APIError{Code: server.ErrNotFound}
}
log.Errorf("getting report: %v", err)
return errors.Wrap(err, "getting report")
}
if report.ResolvedAt != nil {
return server.APIError{Code: server.ErrReportAlreadyHandled}
}
err = s.DB.ResolveReport(ctx, tx, report.ID, claims.UserID, req.Reason)
if err != nil {
log.Errorf("resolving report: %v", err)
}
if req.Warn || req.Ban {
_, err = s.DB.CreateWarning(ctx, tx, report.UserID, req.Reason)
if err != nil {
log.Errorf("creating warning: %v", err)
}
}
if req.Ban {
err = s.DB.DeleteUser(ctx, tx, report.UserID, false, req.Reason)
if err != nil {
log.Errorf("banning user: %v", err)
}
if req.Delete {
err = s.DB.InvalidateAllTokens(ctx, tx, report.UserID)
if err != nil {
return errors.Wrap(err, "invalidating tokens")
}
err = s.DB.CleanUser(ctx, report.UserID)
if err != nil {
log.Errorf("cleaning user data: %v", err)
return errors.Wrap(err, "cleaning user")
}
err = s.DB.DeleteUserMembers(ctx, tx, report.UserID)
if err != nil {
log.Errorf("deleting members: %v", err)
return errors.Wrap(err, "deleting members")
}
err = s.DB.ResetUser(ctx, tx, report.UserID)
if err != nil {
log.Errorf("resetting user data: %v", err)
return errors.Wrap(err, "resetting user")
}
}
}
err = tx.Commit(ctx)
if err != nil {
log.Errorf("committing transaction: %v", err)
return errors.Wrap(err, "committing transaction")
}
render.JSON(w, r, map[string]any{"success": true})
return nil
}

View file

@ -0,0 +1,58 @@
package mod
import (
"net/http"
"codeberg.org/u1f320/pronouns.cc/backend/server"
"github.com/go-chi/chi/v5"
"github.com/go-chi/render"
)
type Server struct {
*server.Server
}
func Mount(srv *server.Server, r chi.Router) {
s := &Server{Server: srv}
r.With(MustAdmin).Route("/admin", func(r chi.Router) {
r.Get("/reports", server.WrapHandler(s.getReports))
r.Get("/reports/by-user/{id}", server.WrapHandler(s.getReportsByUser))
r.Get("/reports/by-reporter/{id}", server.WrapHandler(s.getReportsByReporter))
r.Patch("/reports/{id}", server.WrapHandler(s.resolveReport))
})
r.With(server.MustAuth).Post("/users/{id}/reports", server.WrapHandler(s.createUserReport))
r.With(server.MustAuth).Post("/members/{id}/reports", server.WrapHandler(s.createMemberReport))
r.With(server.MustAuth).Get("/auth/warnings", server.WrapHandler(s.getWarnings))
r.With(server.MustAuth).Post("/auth/warnings/{id}/ack", server.WrapHandler(s.ackWarning))
}
func MustAdmin(next http.Handler) http.Handler {
fn := func(w http.ResponseWriter, r *http.Request) {
claims, ok := server.ClaimsFromContext(r.Context())
if !ok {
render.Status(r, http.StatusForbidden)
render.JSON(w, r, server.APIError{
Code: server.ErrForbidden,
Message: "Forbidden",
})
return
}
if !claims.UserIsAdmin {
render.Status(r, http.StatusForbidden)
render.JSON(w, r, server.APIError{
Code: server.ErrForbidden,
Message: "Forbidden",
})
return
}
next.ServeHTTP(w, r)
}
return http.HandlerFunc(fn)
}

View file

@ -0,0 +1,63 @@
package mod
import (
"net/http"
"strconv"
"codeberg.org/u1f320/pronouns.cc/backend/db"
"codeberg.org/u1f320/pronouns.cc/backend/log"
"codeberg.org/u1f320/pronouns.cc/backend/server"
"emperror.dev/errors"
"github.com/go-chi/chi/v5"
"github.com/go-chi/render"
)
type warning struct {
db.Warning
Read bool `json:"read"`
}
func dbWarningsToResponse(ws []db.Warning) []warning {
out := make([]warning, len(ws))
for i := range ws {
out[i] = warning{ws[i], ws[i].ReadAt != nil}
}
return out
}
func (s *Server) getWarnings(w http.ResponseWriter, r *http.Request) (err error) {
ctx := r.Context()
claims, _ := server.ClaimsFromContext(ctx)
showAll := r.FormValue("all") == "true"
warnings, err := s.DB.Warnings(ctx, claims.UserID, !showAll)
if err != nil {
log.Errorf("getting warnings: %v", err)
return errors.Wrap(err, "getting warnings from database")
}
render.JSON(w, r, dbWarningsToResponse(warnings))
return nil
}
func (s *Server) ackWarning(w http.ResponseWriter, r *http.Request) (err error) {
ctx := r.Context()
claims, _ := server.ClaimsFromContext(ctx)
id, err := strconv.ParseInt(chi.URLParam(r, "id"), 10, 64)
if err != nil {
return server.APIError{Code: server.ErrBadRequest}
}
ok, err := s.DB.AckWarning(ctx, claims.UserID, id)
if err != nil {
log.Errorf("acknowledging warning: %v", err)
return errors.Wrap(err, "acknowledging warning")
}
if !ok {
return server.APIError{Code: server.ErrNotFound}
}
render.JSON(w, r, map[string]any{"ok": true})
return nil
}

View file

@ -28,6 +28,8 @@ type GetMeResponse struct {
GetUserResponse GetUserResponse
MaxInvites int `json:"max_invites"` MaxInvites int `json:"max_invites"`
IsAdmin bool `json:"is_admin"`
Discord *string `json:"discord"` Discord *string `json:"discord"`
DiscordUsername *string `json:"discord_username"` DiscordUsername *string `json:"discord_username"`
@ -162,6 +164,7 @@ func (s *Server) getMeUser(w http.ResponseWriter, r *http.Request) error {
render.JSON(w, r, GetMeResponse{ render.JSON(w, r, GetMeResponse{
GetUserResponse: dbUserToResponse(u, fields, members), GetUserResponse: dbUserToResponse(u, fields, members),
MaxInvites: u.MaxInvites, MaxInvites: u.MaxInvites,
IsAdmin: u.IsAdmin,
Discord: u.Discord, Discord: u.Discord,
DiscordUsername: u.DiscordUsername, DiscordUsername: u.DiscordUsername,
Fediverse: u.Fediverse, Fediverse: u.Fediverse,

View file

@ -232,6 +232,7 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
render.JSON(w, r, GetMeResponse{ render.JSON(w, r, GetMeResponse{
GetUserResponse: dbUserToResponse(u, fields, nil), GetUserResponse: dbUserToResponse(u, fields, nil),
MaxInvites: u.MaxInvites, MaxInvites: u.MaxInvites,
IsAdmin: u.IsAdmin,
Discord: u.Discord, Discord: u.Discord,
DiscordUsername: u.DiscordUsername, DiscordUsername: u.DiscordUsername,
Fediverse: u.Fediverse, Fediverse: u.Fediverse,

View file

@ -110,6 +110,10 @@ const (
// General request error codes // General request error codes
ErrRequestTooBig = 4001 ErrRequestTooBig = 4001
ErrMissingPermissions = 4002 ErrMissingPermissions = 4002
// Moderation related error codes
ErrReportAlreadyHandled = 5001
ErrNotSelfDelete = 5002
) )
var errCodeMessages = map[int]string{ var errCodeMessages = map[int]string{
@ -146,6 +150,9 @@ var errCodeMessages = map[int]string{
ErrRequestTooBig: "Request too big (max 2 MB)", ErrRequestTooBig: "Request too big (max 2 MB)",
ErrMissingPermissions: "Your account or current token is missing required permissions for this action", ErrMissingPermissions: "Your account or current token is missing required permissions for this action",
ErrReportAlreadyHandled: "Report has already been resolved",
ErrNotSelfDelete: "Cannot cancel deletion for an account deleted by a moderator",
} }
var errCodeStatuses = map[int]int{ var errCodeStatuses = map[int]int{
@ -182,4 +189,7 @@ var errCodeStatuses = map[int]int{
ErrRequestTooBig: http.StatusBadRequest, ErrRequestTooBig: http.StatusBadRequest,
ErrMissingPermissions: http.StatusForbidden, ErrMissingPermissions: http.StatusForbidden,
ErrReportAlreadyHandled: http.StatusBadRequest,
ErrNotSelfDelete: http.StatusForbidden,
} }

View file

@ -81,6 +81,28 @@ export interface Invite {
used: boolean; used: boolean;
} }
export interface Report {
id: string;
user_id: string;
user_name: string;
member_id: string | null;
member_name: string | null;
reason: string;
reporter_id: string;
created_at: string;
resolved_at: string | null;
admin_id: string | null;
admin_comment: string | null;
}
export interface Warning {
id: number;
reason: string;
created_at: string;
read: boolean;
}
export interface APIError { export interface APIError {
code: ErrorCode; code: ErrorCode;
message?: string; message?: string;

View file

@ -31,6 +31,7 @@
import ErrorAlert from "$lib/components/ErrorAlert.svelte"; import ErrorAlert from "$lib/components/ErrorAlert.svelte";
import { goto } from "$app/navigation"; import { goto } from "$app/navigation";
import renderMarkdown from "$lib/api/markdown"; import renderMarkdown from "$lib/api/markdown";
import ReportButton from "./ReportButton.svelte";
export let data: PageData; export let data: PageData;
@ -149,6 +150,11 @@
</div> </div>
{/each} {/each}
</div> </div>
{#if $userStore && $userStore.id !== data.id}
<div class="row">
<ReportButton subject="user" reportUrl="/users/{data.id}/reports" />
</div>
{/if}
{#if data.members.length > 0 || ($userStore && $userStore.id === data.id)} {#if data.members.length > 0 || ($userStore && $userStore.id === data.id)}
<div class="row"> <div class="row">
<div class="col"> <div class="col">

View file

@ -0,0 +1,60 @@
<script lang="ts">
import type { APIError } from "$lib/api/entities";
import { apiFetchClient } from "$lib/api/fetch";
import ErrorAlert from "$lib/components/ErrorAlert.svelte";
import { addToast } from "$lib/toast";
import { Button, FormGroup, Icon, Modal, ModalBody, ModalFooter } from "sveltestrap";
export let subject: string;
export let reportUrl: string;
const MAX_REASON_LENGTH = 2000;
let reason = "";
let error: APIError | null = null;
let isOpen = false;
const toggle = () => (isOpen = !isOpen);
const doReport = async () => {
try {
await apiFetchClient<any>(reportUrl, "POST", { reason: reason });
error = null;
addToast({ header: "Sent report", body: "Successfully sent report!" });
toggle();
} catch (e) {
error = e as APIError;
}
};
</script>
<div>
<Button color="danger" outline on:click={toggle}
><Icon name="exclamation-triangle-fill" /> Report {subject}</Button
>
</div>
<Modal header="Report {subject}" {isOpen} {toggle}>
<ModalBody>
{#if error}
<ErrorAlert {error} />
{/if}
<FormGroup floating label="Reason" class="mt-2">
<textarea style="min-height: 100px;" class="form-control" bind:value={reason} />
</FormGroup>
<p class="text-muted mt-3">
<Icon name="info-circle-fill" aria-hidden /> Please only report {subject}s for violating the
<a class="text-reset" href="/page/terms" target="_blank" rel="noopener noreferrer"
>terms of service</a
>.
</p>
</ModalBody>
<ModalFooter>
<Button
color="danger"
disabled={!reason || reason.length > MAX_REASON_LENGTH}
on:click={doReport}>Report</Button
>
<Button color="secondary" on:click={toggle}>Cancel</Button>
</ModalFooter>
</Modal>

View file

@ -10,6 +10,7 @@
import { PUBLIC_BASE_URL } from "$env/static/public"; import { PUBLIC_BASE_URL } from "$env/static/public";
import { userStore } from "$lib/store"; import { userStore } from "$lib/store";
import renderMarkdown from "$lib/api/markdown"; import renderMarkdown from "$lib/api/markdown";
import ReportButton from "../ReportButton.svelte";
export let data: PageData; export let data: PageData;
@ -86,6 +87,11 @@
</div> </div>
{/each} {/each}
</div> </div>
{#if $userStore && $userStore.id !== data.user.id}
<div class="row">
<ReportButton subject="member" reportUrl="/members/{data.id}/reports" />
</div>
{/if}
</div> </div>
</div> </div>

View file

@ -5,6 +5,7 @@
import ErrorAlert from "$lib/components/ErrorAlert.svelte"; import ErrorAlert from "$lib/components/ErrorAlert.svelte";
import { userStore } from "$lib/store"; import { userStore } from "$lib/store";
import { addToast } from "$lib/toast"; import { addToast } from "$lib/toast";
import { DateTime } from "luxon";
import { onMount } from "svelte"; import { onMount } from "svelte";
import { import {
Alert, Alert,
@ -26,6 +27,8 @@
export let token: string | undefined; export let token: string | undefined;
export let user: MeUser | undefined; export let user: MeUser | undefined;
export let deletedAt: string | undefined; export let deletedAt: string | undefined;
export let selfDelete: boolean | undefined;
export let deleteReason: string | undefined;
onMount(() => { onMount(() => {
if (!isDeleted && token && user) { if (!isDeleted && token && user) {
@ -136,8 +139,12 @@
</div> </div>
<Button type="submit" color="primary">Sign up</Button> <Button type="submit" color="primary">Sign up</Button>
</form> </form>
{:else if isDeleted && token} {:else if isDeleted && token && selfDelete && deletedAt}
<p>Your account is pending deletion since {deletedAt}.</p> <p>
Your account is pending deletion since {DateTime.fromISO(deletedAt)
.toLocal()
.toLocaleString(DateTime.DATETIME_MED)}.
</p>
<p>If you wish to cancel deletion, press the button below.</p> <p>If you wish to cancel deletion, press the button below.</p>
<p> <p>
<Button color="primary" on:click={cancelDelete} disabled={deleteCancelled} <Button color="primary" on:click={cancelDelete} disabled={deleteCancelled}
@ -152,18 +159,45 @@
<p> <p>
<Button color="link" on:click={toggleForceDeleteModal}>Force delete account</Button> <Button color="link" on:click={toggleForceDeleteModal}>Force delete account</Button>
</p> </p>
<Modal {#if deleteCancelled}
header="Force delete account" <Alert color="secondary" fade={false}>
isOpen={forceDeleteModalOpen} Account deletion cancelled! You can now <a href="/auth/login">log in</a> again.
toggle={toggleForceDeleteModal} </Alert>
> {/if}
{#if deleteError}
<ErrorAlert error={deleteError} />
{/if}
{:else if isDeleted && token && !selfDelete && deletedAt}
<p>
Your account is pending deletion since {DateTime.fromISO(deletedAt)
.toLocal()
.toLocaleString(DateTime.DATETIME_MED)}.
</p>
<p>
<strong>Your account was deactivated by a moderator.</strong> You cannot cancel deletion. The moderator
gave the following reason:
</p>
<blockquote class="blockquote">
{deleteReason}
</blockquote>
<p>
Your account will be fully deleted 180 days after being deactivated. If you want your data wiped
immediately instead, press the force delete link below.
</p>
<p>
<Button color="link" on:click={toggleForceDeleteModal}>Force delete account</Button>
</p>
{:else}
Loading...
{/if}
<Modal header="Force delete account" isOpen={forceDeleteModalOpen} toggle={toggleForceDeleteModal}>
<ModalBody> <ModalBody>
<p> <p>
If you want to delete your account, type your username below: If you want to delete your account, type your username (<code>{user?.name}</code>) below:
<br /> <br />
<b> <b>
This is irreversible! Your account <i>cannot</i> be recovered after you press "Force delete This is irreversible! Your account <i>cannot</i> be recovered after you press "Force delete account".
account".
</b> </b>
</p> </p>
<p> <p>
@ -179,15 +213,4 @@
> >
<Button color="secondary" on:click={toggleForceDeleteModal}>Cancel delete</Button> <Button color="secondary" on:click={toggleForceDeleteModal}>Cancel delete</Button>
</ModalFooter> </ModalFooter>
</Modal> </Modal>
{#if deleteCancelled}
<Alert color="secondary" fade={false}>
Account deletion cancelled! You can now <a href="/auth/login">log in</a> again.
</Alert>
{/if}
{#if deleteError}
<ErrorAlert error={deleteError} />
{/if}
{:else}
Loading...
{/if}

View file

@ -33,4 +33,6 @@ interface CallbackResponse {
is_deleted: boolean; is_deleted: boolean;
deleted_at?: string; deleted_at?: string;
self_delete?: boolean;
delete_reason?: string;
} }

View file

@ -57,6 +57,8 @@
token={data.token} token={data.token}
user={data.user} user={data.user}
deletedAt={data.deleted_at} deletedAt={data.deleted_at}
selfDelete={data.self_delete}
deleteReason={data.delete_reason}
{linkAccount} {linkAccount}
{signupForm} {signupForm}
/> />

View file

@ -33,4 +33,6 @@ interface CallbackResponse {
is_deleted: boolean; is_deleted: boolean;
deleted_at?: string; deleted_at?: string;
self_delete?: boolean;
delete_reason?: string;
} }

View file

@ -59,6 +59,8 @@
token={data.token} token={data.token}
user={data.user} user={data.user}
deletedAt={data.deleted_at} deletedAt={data.deleted_at}
selfDelete={data.self_delete}
deleteReason={data.delete_reason}
{linkAccount} {linkAccount}
{signupForm} {signupForm}
/> />

View file

@ -1,8 +1,10 @@
<script lang="ts"> <script lang="ts">
import { onMount } from "svelte"; import { onMount } from "svelte";
import { browser } from "$app/environment"; import { browser } from "$app/environment";
import { decodeJwt } from "jose";
import { import {
Badge,
Collapse, Collapse,
Icon, Icon,
Nav, Nav,
@ -15,13 +17,24 @@
import Logo from "./Logo.svelte"; import Logo from "./Logo.svelte";
import { userStore, themeStore } from "$lib/store"; import { userStore, themeStore } from "$lib/store";
import { ErrorCode, type APIError, type MeUser } from "$lib/api/entities"; import {
import { apiFetch } from "$lib/api/fetch"; ErrorCode,
type APIError,
type MeUser,
type Report,
type Warning,
} from "$lib/api/entities";
import { apiFetch, apiFetchClient } from "$lib/api/fetch";
import { addToast } from "$lib/toast";
let theme: string; let theme: string;
let currentUser: MeUser | null; let currentUser: MeUser | null;
let showMenu: boolean = false; let showMenu: boolean = false;
let isAdmin = false;
let numReports = 0;
let numWarnings = 0;
$: currentUser = $userStore; $: currentUser = $userStore;
$: theme = $themeStore; $: theme = $themeStore;
@ -47,6 +60,32 @@
localStorage.removeItem("pronouns-user"); localStorage.removeItem("pronouns-user");
} }
}); });
isAdmin = !!decodeJwt(token)["adm"];
if (isAdmin) {
apiFetchClient<Report[]>("/admin/reports")
.then((reports) => {
numReports = reports.length;
})
.catch((e) => {
console.log("getting reports:", e);
});
}
apiFetchClient<Warning[]>("/auth/warnings")
.then((warnings) => {
if (warnings.length !== 0) {
numWarnings = warnings.length;
addToast({
header: "Warnings",
body: "You have unread warnings. Go to your settings to view them.",
duration: -1,
});
}
})
.catch((e) => {
console.log("getting warnings:", e);
});
} }
}); });
@ -83,8 +122,23 @@
<NavLink href="/@{currentUser.name}">@{currentUser.name}</NavLink> <NavLink href="/@{currentUser.name}">@{currentUser.name}</NavLink>
</NavItem> </NavItem>
<NavItem> <NavItem>
<NavLink href="/settings">Settings</NavLink> <NavLink href="/settings">
Settings
{#if numWarnings}
<Badge color="danger">{numWarnings}</Badge>
{/if}
</NavLink>
</NavItem> </NavItem>
{#if isAdmin}
<NavItem>
<NavLink href="/reports">
Reports
{#if numReports !== 0}
<Badge color="danger">{numReports}</Badge>
{/if}
</NavLink>
</NavItem>
{/if}
{:else} {:else}
<NavItem> <NavItem>
<NavLink href="/auth/login">Log in</NavLink> <NavLink href="/auth/login">Log in</NavLink>

View file

@ -0,0 +1,7 @@
<svelte:head>
<title>Privacy policy - pronouns.cc</title>
</svelte:head>
<div>
<h1>Privacy policy</h1>
</div>

View file

@ -0,0 +1 @@
export const prerender = true;

View file

@ -0,0 +1,7 @@
<svelte:head>
<title>Terms of service - pronouns.cc</title>
</svelte:head>
<div>
<h1>Terms of service</h1>
</div>

View file

@ -0,0 +1 @@
export const prerender = true;

View file

@ -0,0 +1 @@
<slot />

View file

@ -0,0 +1 @@
export const ssr = false;

View file

@ -0,0 +1,172 @@
<script lang="ts">
import type { APIError } from "$lib/api/entities";
import { apiFetchClient } from "$lib/api/fetch";
import ErrorAlert from "$lib/components/ErrorAlert.svelte";
import { addToast } from "$lib/toast";
import { Button, FormGroup, Modal, ModalBody, ModalFooter } from "sveltestrap";
import type { PageData } from "./$types";
import ReportCard from "./ReportCard.svelte";
export let data: PageData;
let warnModalOpen = false;
const toggleWarnModal = () => (warnModalOpen = !warnModalOpen);
let banModalOpen = false;
const toggleBanModal = () => (banModalOpen = !banModalOpen);
let ignoreModalOpen = false;
const toggleIgnoreModal = () => (ignoreModalOpen = !ignoreModalOpen);
let reportIndex = -1;
let reason = "";
let deleteUser = false;
let error: APIError | null = null;
$: console.log(deleteUser);
const openWarnModalFor = (index: number) => {
reportIndex = index;
toggleWarnModal();
};
const openBanModalFor = (index: number) => {
reportIndex = index;
toggleBanModal();
};
const openIgnoreModalFor = (index: number) => {
reportIndex = index;
toggleIgnoreModal();
};
const warnUser = async () => {
try {
await apiFetchClient<any>(`/admin/reports/${data.reports[reportIndex].id}`, "PATCH", {
warn: true,
reason: reason,
});
error = null;
addToast({ body: "Successfully warned user", header: "Warned user" });
toggleWarnModal();
reportIndex = -1;
} catch (e) {
error = e as APIError;
}
};
const deactivateUser = async () => {
try {
await apiFetchClient<any>(`/admin/reports/${data.reports[reportIndex].id}`, "PATCH", {
warn: true,
ban: true,
delete: deleteUser,
reason: reason,
});
error = null;
addToast({ body: "Successfully deactivated user", header: "Deactivated user" });
toggleBanModal();
reportIndex = -1;
} catch (e) {
error = e as APIError;
}
};
const ignoreReport = async () => {
try {
await apiFetchClient<any>(`/admin/reports/${data.reports[reportIndex].id}`, "PATCH", {
reason: reason,
});
error = null;
addToast({ body: "Successfully acknowledged report", header: "Ignored report" });
toggleIgnoreModal();
reportIndex = -1;
} catch (e) {
error = e as APIError;
}
};
</script>
<svelte:head>
<title>Reports - pronouns.cc</title>
</svelte:head>
<div class="container">
<h1>Reports</h1>
<div>
{#each data.reports as report, index}
<div class="my-2">
<ReportCard {report}>
&bull;
<Button outline color="warning" size="sm" on:click={() => openWarnModalFor(index)}
>Warn user</Button
>
<Button outline color="danger" size="sm" on:click={() => openBanModalFor(index)}
>Deactivate user</Button
>
<Button outline color="secondary" size="sm" on:click={() => openIgnoreModalFor(index)}
>Ignore report</Button
>
</ReportCard>
</div>
{:else}
There are no open reports :)
{/each}
</div>
<Modal header="Warn user" isOpen={warnModalOpen} toggle={toggleWarnModal}>
<ModalBody>
{#if error}
<ErrorAlert {error} />
{/if}
<ReportCard report={data.reports[reportIndex]} />
<FormGroup floating label="Reason" class="mt-2">
<textarea style="min-height: 100px;" class="form-control" bind:value={reason} />
</FormGroup>
</ModalBody>
<ModalFooter>
<Button color="danger" on:click={warnUser} disabled={!reason}>Warn user</Button>
<Button color="secondary" on:click={toggleWarnModal}>Cancel</Button>
</ModalFooter>
</Modal>
<Modal header="Deactivate user" isOpen={banModalOpen} toggle={toggleBanModal}>
<ModalBody>
{#if error}
<ErrorAlert {error} />
{/if}
<ReportCard report={data.reports[reportIndex]} />
<FormGroup floating label="Reason" class="my-2">
<textarea style="min-height: 100px;" class="form-control" bind:value={reason} />
</FormGroup>
<div class="form-check">
<input class="form-check-input" type="checkbox" bind:checked={deleteUser} id="deleteUser" />
<label class="form-check-label" for="deleteUser">Delete user?</label>
</div>
</ModalBody>
<ModalFooter>
<Button color="danger" on:click={deactivateUser} disabled={!reason}>Deactivate user</Button>
<Button color="secondary" on:click={toggleBanModal}>Cancel</Button>
</ModalFooter>
</Modal>
<Modal header="Ignore report" isOpen={ignoreModalOpen} toggle={toggleIgnoreModal}>
<ModalBody>
{#if error}
<ErrorAlert {error} />
{/if}
<ReportCard report={data.reports[reportIndex]} />
<FormGroup floating label="Reason" class="my-2">
<textarea style="min-height: 100px;" class="form-control" bind:value={reason} />
</FormGroup>
</ModalBody>
<ModalFooter>
<Button color="warning" on:click={ignoreReport} disabled={!reason}>Ignore report</Button>
<Button color="secondary" on:click={toggleIgnoreModal}>Cancel</Button>
</ModalFooter>
</Modal>
</div>

View file

@ -0,0 +1,23 @@
import { ErrorCode, type APIError, type Report } from "$lib/api/entities";
import { apiFetchClient } from "$lib/api/fetch";
import { error } from "@sveltejs/kit";
export const load = async () => {
try {
const reports = await apiFetchClient<Report[]>("/admin/reports");
return { page: 0, isClosed: false, userId: null, reporterId: null, reports } as PageLoadData;
} catch (e) {
if ((e as APIError).code === ErrorCode.Forbidden) {
throw error(400, "You're not an admin");
}
throw e;
}
};
interface PageLoadData {
page: number;
isClosed: boolean;
userId: string | null;
reporterId: string | null;
reports: Report[];
}

View file

@ -0,0 +1,24 @@
<script lang="ts">
import type { Report } from "$lib/api/entities";
import { DateTime } from "luxon";
import { Button, Card, CardBody, CardFooter, CardHeader } from "sveltestrap";
export let report: Report;
</script>
<Card>
<CardHeader>
<strong>#{report.id}</strong> on <a href="/@{report.user_name}">@{report.user_name}</a>
({report.user_id}) {#if report.member_id}
(member: <a href="/@{report.user_name}/{report.member_name}">{report.member_name}</a>,
{report.member_id})
{/if}
</CardHeader>
<CardBody>
<blockquote class="blockquote">{report.reason}</blockquote>
</CardBody>
<CardFooter>
Created {DateTime.fromISO(report.created_at).toLocal().toLocaleString(DateTime.DATETIME_MED)}
<slot />
</CardFooter>
</Card>

View file

@ -1,7 +1,15 @@
<script lang="ts"> <script lang="ts">
import { page } from "$app/stores"; import { page } from "$app/stores";
import type { LayoutData } from "./$types"; import type { LayoutData } from "./$types";
import { Button, ListGroup, ListGroupItem, Modal, ModalBody, ModalFooter } from "sveltestrap"; import {
Badge,
Button,
ListGroup,
ListGroupItem,
Modal,
ModalBody,
ModalFooter,
} from "sveltestrap";
import { userStore } from "$lib/store"; import { userStore } from "$lib/store";
import { goto } from "$app/navigation"; import { goto } from "$app/navigation";
import { addToast } from "$lib/toast"; import { addToast } from "$lib/toast";
@ -20,6 +28,9 @@
addToast({ header: "Logged out", body: "Successfully logged out!" }); addToast({ header: "Logged out", body: "Successfully logged out!" });
goto("/"); goto("/");
}; };
let unreadWarnings: number;
$: unreadWarnings = data.warnings.filter((w) => !w.read).length;
</script> </script>
<svelte:head> <svelte:head>
@ -58,6 +69,16 @@
> >
Tokens Tokens
</ListGroupItem> </ListGroupItem>
<ListGroupItem
tag="a"
active={$page.url.pathname === "/settings/warnings"}
href="/settings/warnings"
>
Warnings
{#if unreadWarnings !== 0}
<Badge color="danger">{unreadWarnings}</Badge>
{/if}
</ListGroupItem>
<ListGroupItem <ListGroupItem
tag="a" tag="a"
active={$page.url.pathname === "/settings/export"} active={$page.url.pathname === "/settings/export"}

View file

@ -1,4 +1,10 @@
import { ErrorCode, type APIError, type Invite, type MeUser } from "$lib/api/entities"; import {
ErrorCode,
type Warning,
type APIError,
type Invite,
type MeUser,
} from "$lib/api/entities";
import { apiFetchClient } from "$lib/api/fetch"; import { apiFetchClient } from "$lib/api/fetch";
import type { LayoutLoad } from "./$types"; import type { LayoutLoad } from "./$types";
@ -6,6 +12,7 @@ export const ssr = false;
export const load = (async ({ parent }) => { export const load = (async ({ parent }) => {
const user = await apiFetchClient<MeUser>("/users/@me"); const user = await apiFetchClient<MeUser>("/users/@me");
const warnings = await apiFetchClient<Warning[]>("/auth/warnings?all=true");
let invites: Invite[] = []; let invites: Invite[] = [];
let invitesEnabled = true; let invitesEnabled = true;
@ -24,5 +31,6 @@ export const load = (async ({ parent }) => {
user, user,
invites, invites,
invitesEnabled, invitesEnabled,
warnings,
}; };
}) satisfies LayoutLoad; }) satisfies LayoutLoad;

View file

@ -0,0 +1,56 @@
<script lang="ts">
import type { APIError } from "$lib/api/entities";
import { apiFetchClient } from "$lib/api/fetch";
import ErrorAlert from "$lib/components/ErrorAlert.svelte";
import { addToast } from "$lib/toast";
import { DateTime } from "luxon";
import { Button, Card, CardBody, CardFooter, CardHeader } from "sveltestrap";
import type { PageData } from "./$types";
export let data: PageData;
let error: APIError | null = null;
const acknowledgeWarning = async (idx: number) => {
try {
await apiFetchClient<any>(`/auth/warnings/${data.warnings[idx].id}/ack`, "POST");
addToast({
header: "Acknowledged",
body: `Marked warning #${data.warnings[idx].id} as read.`,
});
data.warnings[idx].read = true;
data.warnings = data.warnings;
} catch (e) {
error = e as APIError;
}
};
</script>
<h1>Warnings ({data.warnings.length})</h1>
{#if error}
<ErrorAlert {error} />
{/if}
<div>
{#each data.warnings as warning, index}
<Card class="my-2">
<CardHeader>
<strong>#{warning.id}</strong> ({DateTime.fromISO(warning.created_at)
.toLocal()
.toLocaleString(DateTime.DATETIME_MED)})
</CardHeader>
<CardBody>
<blockquote class="blockquote">{warning.reason}</blockquote>
</CardBody>
{#if !warning.read}
<CardFooter>
<Button color="secondary" outline on:click={() => acknowledgeWarning(index)}
>Mark as read</Button
>
</CardFooter>
{/if}
</Card>
{:else}
You have no warnings!
{/each}
</div>

View file

@ -0,0 +1,27 @@
-- +migrate Up
-- 2023-03-19: Add moderation-related tables
alter table users add column is_admin boolean not null default false;
create table reports (
id serial primary key,
-- we keep deleted users for 180 days after deletion, so it's fine to tie this to a user object
user_id text not null references users (id) on delete cascade,
member_id text null references members (id) on delete set null,
reason text not null,
reporter_id text not null,
created_at timestamptz not null default now(),
resolved_at timestamptz,
admin_id text null references users (id) on delete set null,
admin_comment text
);
create table warnings (
id serial primary key,
user_id text not null references users (id) on delete cascade,
reason text not null,
created_at timestamptz not null default now(),
read_at timestamptz
);