diff options
Diffstat (limited to 'internal/web')
| -rw-r--r-- | internal/web/confirmemail.go | 68 | ||||
| -rw-r--r-- | internal/web/robots.go | 1 | ||||
| -rw-r--r-- | internal/web/signup.go | 138 | ||||
| -rw-r--r-- | internal/web/web.go | 4 |
4 files changed, 210 insertions, 1 deletions
diff --git a/internal/web/confirmemail.go b/internal/web/confirmemail.go index f15252bf7..e512761f4 100644 --- a/internal/web/confirmemail.go +++ b/internal/web/confirmemail.go @@ -56,18 +56,84 @@ func (m *Module) confirmEmailGETHandler(c *gin.Context) { return } + // Get user but don't confirm yet. + user, errWithCode := m.processor.User().EmailGetUserForConfirmToken(c.Request.Context(), token) + if errWithCode != nil { + apiutil.WebErrorHandler(c, errWithCode, instanceGet) + return + } + + // They may have already confirmed before + // and are visiting the link again for + // whatever reason. This is fine, just make + // sure we have an email address to show them. + email := user.UnconfirmedEmail + if email == "" { + // Already confirmed, take + // that address instead. + email = user.Email + } + + // Serve page where user can click button + // to POST confirmation to same endpoint. + page := apiutil.WebPage{ + Template: "confirm_email.tmpl", + Instance: instance, + Extra: map[string]any{ + "email": email, + "username": user.Account.Username, + "token": token, + }, + } + + apiutil.TemplateWebPage(c, page) +} + +func (m *Module) confirmEmailPOSTHandler(c *gin.Context) { + instance, errWithCode := m.processor.InstanceGetV1(c.Request.Context()) + if errWithCode != nil { + apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + return + } + + // Return instance we already got from the db, + // don't try to fetch it again when erroring. + instanceGet := func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode) { + return instance, nil + } + + // We only serve text/html at this endpoint. + if _, err := apiutil.NegotiateAccept(c, apiutil.TextHTML); err != nil { + apiutil.WebErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), instanceGet) + return + } + + // If there's no token in the query, + // just serve the 404 web handler. + token := c.Query("token") + if token == "" { + errWithCode := gtserror.NewErrorNotFound(errors.New(http.StatusText(http.StatusNotFound))) + apiutil.WebErrorHandler(c, errWithCode, instanceGet) + return + } + + // Confirm email address for real this time. user, errWithCode := m.processor.User().EmailConfirm(c.Request.Context(), token) if errWithCode != nil { apiutil.WebErrorHandler(c, errWithCode, instanceGet) return } + // Serve page informing user that their + // email address is now confirmed. page := apiutil.WebPage{ - Template: "confirmed.tmpl", + Template: "confirmed_email.tmpl", Instance: instance, Extra: map[string]any{ "email": user.Email, "username": user.Account.Username, + "token": token, + "approved": *user.Approved, }, } diff --git a/internal/web/robots.go b/internal/web/robots.go index cfd1758a4..2511ee1d3 100644 --- a/internal/web/robots.go +++ b/internal/web/robots.go @@ -82,6 +82,7 @@ Disallow: /oauth/ Disallow: /check_your_email Disallow: /wait_for_approval Disallow: /account_disabled +Disallow: /signup # Well-known endpoints. Disallow: /.well-known/ diff --git a/internal/web/signup.go b/internal/web/signup.go new file mode 100644 index 000000000..691469dff --- /dev/null +++ b/internal/web/signup.go @@ -0,0 +1,138 @@ +// GoToSocial +// Copyright (C) GoToSocial Authors admin@gotosocial.org +// SPDX-License-Identifier: AGPL-3.0-or-later +// +// This program is free software: you can redistribute it and/or modify +// it under the terms of the GNU Affero General Public License as published by +// the Free Software Foundation, either version 3 of the License, or +// (at your option) any later version. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU Affero General Public License for more details. +// +// You should have received a copy of the GNU Affero General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +package web + +import ( + "context" + "errors" + "net" + + "github.com/gin-gonic/gin" + apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" + apiutil "github.com/superseriousbusiness/gotosocial/internal/api/util" + "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/gtserror" + "github.com/superseriousbusiness/gotosocial/internal/validate" +) + +func (m *Module) signupGETHandler(c *gin.Context) { + ctx := c.Request.Context() + + // We'll need the instance later, and we can also use it + // before then to make it easier to return a web error. + instance, errWithCode := m.processor.InstanceGetV1(ctx) + if errWithCode != nil { + apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + return + } + + // Return instance we already got from the db, + // don't try to fetch it again when erroring. + instanceGet := func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode) { + return instance, nil + } + + // We only serve text/html at this endpoint. + if _, err := apiutil.NegotiateAccept(c, apiutil.TextHTML); err != nil { + apiutil.WebErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), instanceGet) + return + } + + page := apiutil.WebPage{ + Template: "sign-up.tmpl", + Instance: instance, + OGMeta: apiutil.OGBase(instance), + Extra: map[string]any{ + "reasonRequired": config.GetAccountsReasonRequired(), + }, + } + + apiutil.TemplateWebPage(c, page) +} + +func (m *Module) signupPOSTHandler(c *gin.Context) { + ctx := c.Request.Context() + + // We'll need the instance later, and we can also use it + // before then to make it easier to return a web error. + instance, errWithCode := m.processor.InstanceGetV1(ctx) + if errWithCode != nil { + apiutil.WebErrorHandler(c, errWithCode, m.processor.InstanceGetV1) + return + } + + // Return instance we already got from the db, + // don't try to fetch it again when erroring. + instanceGet := func(ctx context.Context) (*apimodel.InstanceV1, gtserror.WithCode) { + return instance, nil + } + + // We only serve text/html at this endpoint. + if _, err := apiutil.NegotiateAccept(c, apiutil.TextHTML); err != nil { + apiutil.WebErrorHandler(c, gtserror.NewErrorNotAcceptable(err, err.Error()), instanceGet) + return + } + + form := &apimodel.AccountCreateRequest{} + if err := c.ShouldBind(form); err != nil { + apiutil.WebErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), instanceGet) + return + } + + if err := validate.CreateAccount(form); err != nil { + apiutil.WebErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), instanceGet) + return + } + + clientIP := c.ClientIP() + signUpIP := net.ParseIP(clientIP) + if signUpIP == nil { + err := errors.New("ip address could not be parsed from request") + apiutil.WebErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), instanceGet) + return + } + form.IP = signUpIP + + // We have all the info we need, call account create + // (this will also trigger side effects like sending emails etc). + user, errWithCode := m.processor.Account().Create( + c.Request.Context(), + // nil to use + // instance app. + nil, + form, + ) + if errWithCode != nil { + apiutil.WebErrorHandler(c, errWithCode, instanceGet) + return + } + + // Serve a page informing the + // user that they've signed up. + page := apiutil.WebPage{ + Template: "signed-up.tmpl", + Instance: instance, + OGMeta: apiutil.OGBase(instance), + Extra: map[string]any{ + "email": user.UnconfirmedEmail, + "username": user.Account.Username, + }, + } + + apiutil.TemplateWebPage(c, page) +} diff --git a/internal/web/web.go b/internal/web/web.go index 19df63332..185bf7120 100644 --- a/internal/web/web.go +++ b/internal/web/web.go @@ -49,6 +49,7 @@ const ( settingsPanelGlob = settingsPathPrefix + "/*panel" userPanelPath = settingsPathPrefix + "/user" adminPanelPath = settingsPathPrefix + "/admin" + signupPath = "/signup" cacheControlHeader = "Cache-Control" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control cacheControlNoCache = "no-cache" // https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control#response_directives @@ -115,10 +116,13 @@ func (m *Module) Route(r *router.Router, mi ...gin.HandlerFunc) { r.AttachHandler(http.MethodGet, customCSSPath, m.customCSSGETHandler) r.AttachHandler(http.MethodGet, rssFeedPath, m.rssFeedGETHandler) r.AttachHandler(http.MethodGet, confirmEmailPath, m.confirmEmailGETHandler) + r.AttachHandler(http.MethodPost, confirmEmailPath, m.confirmEmailPOSTHandler) r.AttachHandler(http.MethodGet, robotsPath, m.robotsGETHandler) r.AttachHandler(http.MethodGet, aboutPath, m.aboutGETHandler) r.AttachHandler(http.MethodGet, domainBlockListPath, m.domainBlockListGETHandler) r.AttachHandler(http.MethodGet, tagsPath, m.tagGETHandler) + r.AttachHandler(http.MethodGet, signupPath, m.signupGETHandler) + r.AttachHandler(http.MethodPost, signupPath, m.signupPOSTHandler) // Attach redirects from old endpoints to current ones for backwards compatibility r.AttachHandler(http.MethodGet, "/auth/edit", func(c *gin.Context) { c.Redirect(http.StatusMovedPermanently, userPanelPath) }) |