diff --git a/.editorconfig b/.editorconfig deleted file mode 100644 index a882442..0000000 --- a/.editorconfig +++ /dev/null @@ -1,7 +0,0 @@ -root = true - -[*] -end_of_line = lf -insert_final_newline = true -indent_style = space -indent_size = 4 diff --git a/.gitignore b/.gitignore index 2e63958..cccde2b 100644 --- a/.gitignore +++ b/.gitignore @@ -7,5 +7,3 @@ uploads/ docker-compose*.yml !docker-compose.example.yml config*.toml -arimelody-web -arimelody-web.tar.gz diff --git a/LICENSE.md b/LICENSE.md deleted file mode 100644 index 95557e7..0000000 --- a/LICENSE.md +++ /dev/null @@ -1,22 +0,0 @@ -MIT License - -Copyright (c) 2025-present ari melody - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. - diff --git a/Makefile b/Makefile deleted file mode 100644 index 11e565a..0000000 --- a/Makefile +++ /dev/null @@ -1,12 +0,0 @@ -EXEC = arimelody-web - -.PHONY: $(EXEC) - -$(EXEC): - GOOS=linux GOARCH=amd64 go build -o $(EXEC) - -bundle: $(EXEC) - tar czf $(EXEC).tar.gz $(EXEC) admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/ - -clean: - rm $(EXEC) $(EXEC).tar.gz diff --git a/README.md b/README.md index 464379e..7e7860c 100644 --- a/README.md +++ b/README.md @@ -42,11 +42,7 @@ need to be up for this, making this ideal for some offline maintenance. - `listTOTP `: Lists an account's TOTP methods. - `deleteTOTP `: Deletes an account's TOTP method. - `testTOTP `: Generates the code for an account's TOTP method. -- `cleanTOTP`: Cleans up unconfirmed (dangling) TOTP methods. - `createInvite`: Creates an invite code to register new accounts. - `purgeInvites`: Deletes all available invite codes. - `listAccounts`: Lists all active accounts. - `deleteAccount `: Deletes an account with a given `username`. -- `lockAccount `: Locks the account under `username`. -- `unlockAccount `: Unlocks the account under `username`. -- `logs`: Shows system logs. diff --git a/admin/accounthttp.go b/admin/accounthttp.go index 945a507..f0990df 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -1,71 +1,43 @@ package admin import ( - "database/sql" - "fmt" - "net/http" - "net/url" - "os" + "fmt" + "net/http" + "os" + "strings" + "time" - "arimelody-web/controller" - "arimelody-web/log" - "arimelody-web/model" + "arimelody-web/controller" + "arimelody-web/global" + "arimelody-web/model" - "golang.org/x/crypto/bcrypt" + "github.com/jmoiron/sqlx" + "golang.org/x/crypto/bcrypt" ) -func accountHandler(app *model.AppState) http.Handler { - mux := http.NewServeMux() - - mux.Handle("/totp-setup", totpSetupHandler(app)) - mux.Handle("/totp-confirm", totpConfirmHandler(app)) - mux.Handle("/totp-delete/", http.StripPrefix("/totp-delete", totpDeleteHandler(app))) - - mux.Handle("/password", changePasswordHandler(app)) - mux.Handle("/delete", deleteAccountHandler(app)) - - return mux +type TemplateData struct { + Account *model.Account + Message string + Token string } -func accountIndexHandler(app *model.AppState) http.Handler { +func AccountHandler(db *sqlx.DB) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) + account := r.Context().Value("account").(*model.Account) - dbTOTPs, err := controller.GetTOTPsForAccount(app.DB, session.Account.ID) + totps, err := controller.GetTOTPsForAccount(db, account.ID) if err != nil { fmt.Printf("WARN: Failed to fetch TOTPs: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - type ( - TOTP struct { - model.TOTP - CreatedAtString string - } - - accountResponse struct { - Session *model.Session - TOTPs []TOTP - } - ) - - totps := []TOTP{} - for _, totp := range dbTOTPs { - totps = append(totps, TOTP{ - TOTP: totp, - CreatedAtString: totp.CreatedAt.Format("02 Jan 2006, 15:04:05"), - }) + type AccountResponse struct { + Account *model.Account + TOTPs []model.TOTP } - sessionMessage := session.Message - sessionError := session.Error - controller.SetSessionMessage(app.DB, session, "") - controller.SetSessionError(app.DB, session, "") - session.Message = sessionMessage - session.Error = sessionError - - err = accountTemplate.Execute(w, accountResponse{ - Session: session, + err = pages["account"].Execute(w, AccountResponse{ + Account: account, TOTPs: totps, }) if err != nil { @@ -75,296 +47,299 @@ func accountIndexHandler(app *model.AppState) http.Handler { }) } -func changePasswordHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodPost { - http.NotFound(w, r) - return - } - - session := r.Context().Value("session").(*model.Session) - - controller.SetSessionMessage(app.DB, session, "") - controller.SetSessionError(app.DB, session, "") - - r.ParseForm() - - currentPassword := r.Form.Get("current-password") - if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(currentPassword)); err != nil { - controller.SetSessionError(app.DB, session, "Incorrect password.") - http.Redirect(w, r, "/admin/account", http.StatusFound) - return - } - - newPassword := r.Form.Get("new-password") - - hashedPassword, err := bcrypt.GenerateFromPassword([]byte(newPassword), bcrypt.DefaultCost) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - http.Redirect(w, r, "/admin/account", http.StatusFound) - return - } - - session.Account.Password = string(hashedPassword) - err = controller.UpdateAccount(app.DB, session.Account) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to update account password: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - http.Redirect(w, r, "/admin/account", http.StatusFound) - return - } - - app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" changed password by user request. (%s)", session.Account.Username, controller.ResolveIP(app, r)) - - controller.SetSessionError(app.DB, session, "") - controller.SetSessionMessage(app.DB, session, "Password updated successfully.") - http.Redirect(w, r, "/admin/account", http.StatusFound) - }) -} - -func deleteAccountHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodPost { - http.NotFound(w, r) - return - } - - err := r.ParseForm() - if err != nil { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - if !r.Form.Has("password") { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - session := r.Context().Value("session").(*model.Session) - - // check password - if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil { - app.Log.Warn(log.TYPE_ACCOUNT, "Account \"%s\" attempted account deletion with incorrect password. (%s)", session.Account.Username, controller.ResolveIP(app, r)) - controller.SetSessionError(app.DB, session, "Incorrect password.") - http.Redirect(w, r, "/admin/account", http.StatusFound) - return - } - - err = controller.DeleteAccount(app.DB, session.Account.ID) - if err != nil { - fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - http.Redirect(w, r, "/admin/account", http.StatusFound) - return - } - - app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" deleted by user request. (%s)", session.Account.Username, controller.ResolveIP(app, r)) - - controller.SetSessionAccount(app.DB, session, nil) - controller.SetSessionError(app.DB, session, "") - controller.SetSessionMessage(app.DB, session, "Account deleted successfully.") - http.Redirect(w, r, "/admin/login", http.StatusFound) - }) -} - -type totpConfirmData struct { - Session *model.Session - TOTP *model.TOTP - NameEscaped string - QRBase64Image string -} - -func totpSetupHandler(app *model.AppState) http.Handler { +func LoginHandler(db *sqlx.DB) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodGet { - type totpSetupData struct { - Session *model.Session - } - - session := r.Context().Value("session").(*model.Session) - - err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session }) + account, err := controller.GetAccountByRequest(db, r) if err != nil { - fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) + return + } + if account != nil { + http.Redirect(w, r, "/admin", http.StatusFound) + return } - return - } - if r.Method != http.MethodPost { - http.NotFound(w, r) - return - } - - err := r.ParseForm() - if err != nil { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - name := r.FormValue("totp-name") - if len(name) == 0 { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - session := r.Context().Value("session").(*model.Session) - - secret := controller.GenerateTOTPSecret(controller.TOTP_SECRET_LENGTH) - totp := model.TOTP { - AccountID: session.Account.ID, - Name: name, - Secret: string(secret), - } - err = controller.CreateTOTP(app.DB, &totp) - if err != nil { - fmt.Printf("WARN: Failed to create TOTP method: %s\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - err := totpSetupTemplate.Execute(w, totpConfirmData{ Session: session }) + err = pages["login"].Execute(w, TemplateData{}) if err != nil { - fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err) + fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return } return } - qrBase64Image, err := controller.GenerateQRCode( - controller.GenerateTOTPURI(session.Account.Username, totp.Secret)) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to generate TOTP QR code: %v\n", err) + type LoginResponse struct { + Account *model.Account + Token string + Message string } - err = totpConfirmTemplate.Execute(w, totpConfirmData{ - Session: session, - TOTP: &totp, - NameEscaped: url.PathEscape(totp.Name), - QRBase64Image: qrBase64Image, - }) - if err != nil { - fmt.Printf("WARN: Failed to render TOTP confirm page: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } - }) -} - -func totpConfirmHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodPost { - http.NotFound(w, r) - return - } - - session := r.Context().Value("session").(*model.Session) - - err := r.ParseForm() - if err != nil { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - name := r.FormValue("totp-name") - if len(name) == 0 { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - code := r.FormValue("totp") - if len(code) != controller.TOTP_CODE_LENGTH { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - totp, err := controller.GetTOTP(app.DB, session.Account.ID, name) - if err != nil { - fmt.Printf("WARN: Failed to fetch TOTP method: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - http.Redirect(w, r, "/admin/account", http.StatusFound) - return - } - if totp == nil { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - qrBase64Image, err := controller.GenerateQRCode( - controller.GenerateTOTPURI(session.Account.Username, totp.Secret)) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to generate TOTP QR code: %v\n", err) - } - - confirmCode := controller.GenerateTOTP(totp.Secret, 0) - if code != confirmCode { - confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1) - if code != confirmCodeOffset { - session.Error = sql.NullString{ Valid: true, String: "Incorrect TOTP code. Please try again." } - err = totpConfirmTemplate.Execute(w, totpConfirmData{ - Session: session, - TOTP: totp, - NameEscaped: url.PathEscape(totp.Name), - QRBase64Image: qrBase64Image, - }) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to render TOTP setup page: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } + render := func(data LoginResponse) { + err := pages["login"].Execute(w, data) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } } - err = controller.ConfirmTOTP(app.DB, session.Account.ID, name) - if err != nil { - fmt.Printf("WARN: Failed to confirm TOTP method: %s\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - http.Redirect(w, r, "/admin/account", http.StatusFound) + if r.Method != http.MethodPost { + http.NotFound(w, r); return } - app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" created TOTP method \"%s\".", session.Account.Username, totp.Name) + err := r.ParseForm() + if err != nil { + render(LoginResponse{ Message: "Malformed request." }) + return + } - controller.SetSessionError(app.DB, session, "") - controller.SetSessionMessage(app.DB, session, fmt.Sprintf("TOTP method \"%s\" created successfully.", totp.Name)) - http.Redirect(w, r, "/admin/account", http.StatusFound) + type LoginRequest struct { + Username string `json:"username"` + Password string `json:"password"` + TOTP string `json:"totp"` + } + credentials := LoginRequest{ + Username: r.Form.Get("username"), + Password: r.Form.Get("password"), + TOTP: r.Form.Get("totp"), + } + + account, err := controller.GetAccount(db, credentials.Username) + if err != nil { + render(LoginResponse{ Message: "Invalid username or password" }) + return + } + if account == nil { + render(LoginResponse{ Message: "Invalid username or password" }) + return + } + + err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(credentials.Password)) + if err != nil { + render(LoginResponse{ Message: "Invalid username or password" }) + return + } + + totps, err := controller.GetTOTPsForAccount(db, account.ID) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) + render(LoginResponse{ Message: "Something went wrong. Please try again." }) + return + } + if len(totps) > 0 { + success := false + for _, totp := range totps { + check := controller.GenerateTOTP(totp.Secret, 0) + if check == credentials.TOTP { + success = true + break + } + } + if !success { + render(LoginResponse{ Message: "Invalid TOTP" }) + return + } + } else { + // TODO: user should be prompted to add 2FA method + } + + // login success! + token, err := controller.CreateToken(db, account.ID, r.UserAgent()) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to create token: %v\n", err) + render(LoginResponse{ Message: "Something went wrong. Please try again." }) + return + } + + cookie := http.Cookie{} + cookie.Name = global.COOKIE_TOKEN + cookie.Value = token.Token + cookie.Expires = token.ExpiresAt + if strings.HasPrefix(global.Config.BaseUrl, "https") { + cookie.Secure = true + } + cookie.HttpOnly = true + cookie.Path = "/" + http.SetCookie(w, &cookie) + + render(LoginResponse{ Account: account, Token: token.Token }) }) } -func totpDeleteHandler(app *model.AppState) http.Handler { +func LogoutHandler(db *sqlx.DB) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method != http.MethodGet { http.NotFound(w, r) return } - if len(r.URL.Path) < 2 { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return + tokenStr := controller.GetTokenFromRequest(db, r) + + if len(tokenStr) > 0 { + err := controller.DeleteToken(db, tokenStr) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to revoke token: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } } - name := r.URL.Path[1:] - session := r.Context().Value("session").(*model.Session) + cookie := http.Cookie{} + cookie.Name = global.COOKIE_TOKEN + cookie.Value = "" + cookie.Expires = time.Now() + if strings.HasPrefix(global.Config.BaseUrl, "https") { + cookie.Secure = true + } + cookie.HttpOnly = true + cookie.Path = "/" + http.SetCookie(w, &cookie) + http.Redirect(w, r, "/admin/login", http.StatusFound) + }) +} - totp, err := controller.GetTOTP(app.DB, session.Account.ID, name) +func createAccountHandler(db *sqlx.DB) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + checkAccount, err := controller.GetAccountByRequest(db, r) if err != nil { - fmt.Printf("WARN: Failed to fetch TOTP method: %s\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - http.Redirect(w, r, "/admin/account", http.StatusFound) + fmt.Printf("WARN: Failed to fetch account: %s\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } - if totp == nil { + if checkAccount != nil { + // user is already logged in + http.Redirect(w, r, "/admin", http.StatusFound) + return + } + + type CreateAccountResponse struct { + Account *model.Account + Message string + } + + render := func(data CreateAccountResponse) { + err := pages["create-account"].Execute(w, data) + if err != nil { + fmt.Printf("WARN: Error rendering create account page: %s\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + } + + if r.Method == http.MethodGet { + render(CreateAccountResponse{}) + return + } + + if r.Method != http.MethodPost { http.NotFound(w, r) return } - err = controller.DeleteTOTP(app.DB, session.Account.ID, totp.Name) + err = r.ParseForm() if err != nil { - fmt.Printf("WARN: Failed to delete TOTP method: %s\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - http.Redirect(w, r, "/admin/account", http.StatusFound) + render(CreateAccountResponse{ + Message: "Malformed data.", + }) return } - app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" deleted TOTP method \"%s\".", session.Account.Username, totp.Name) + type RegisterRequest struct { + Username string `json:"username"` + Email string `json:"email"` + Password string `json:"password"` + Invite string `json:"invite"` + } + credentials := RegisterRequest{ + Username: r.Form.Get("username"), + Email: r.Form.Get("email"), + Password: r.Form.Get("password"), + Invite: r.Form.Get("invite"), + } - controller.SetSessionError(app.DB, session, "") - controller.SetSessionMessage(app.DB, session, fmt.Sprintf("TOTP method \"%s\" deleted successfully.", totp.Name)) - http.Redirect(w, r, "/admin/account", http.StatusFound) + // make sure code exists in DB + invite, err := controller.GetInvite(db, credentials.Invite) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err) + render(CreateAccountResponse{ + Message: "Something went wrong. Please try again.", + }) + return + } + if invite == nil || time.Now().After(invite.ExpiresAt) { + if invite != nil { + err := controller.DeleteInvite(db, invite.Code) + if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } + } + render(CreateAccountResponse{ + Message: "Invalid invite code.", + }) + return + } + + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(credentials.Password), bcrypt.DefaultCost) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) + render(CreateAccountResponse{ + Message: "Something went wrong. Please try again.", + }) + return + } + + account := model.Account{ + Username: credentials.Username, + Password: string(hashedPassword), + Email: credentials.Email, + AvatarURL: "/img/default-avatar.png", + } + err = controller.CreateAccount(db, &account) + if err != nil { + if strings.HasPrefix(err.Error(), "pq: duplicate key") { + render(CreateAccountResponse{ + Message: "An account with that username already exists.", + }) + return + } + fmt.Fprintf(os.Stderr, "WARN: Failed to create account: %v\n", err) + render(CreateAccountResponse{ + Message: "Something went wrong. Please try again.", + }) + return + } + + err = controller.DeleteInvite(db, invite.Code) + if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } + + // registration success! + token, err := controller.CreateToken(db, account.ID, r.UserAgent()) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to create token: %v\n", err) + // gracefully redirect user to login page + http.Redirect(w, r, "/admin/login", http.StatusFound) + return + } + + cookie := http.Cookie{} + cookie.Name = global.COOKIE_TOKEN + cookie.Value = token.Token + cookie.Expires = token.ExpiresAt + if strings.HasPrefix(global.Config.BaseUrl, "https") { + cookie.Secure = true + } + cookie.HttpOnly = true + cookie.Path = "/" + http.SetCookie(w, &cookie) + + err = pages["login"].Execute(w, TemplateData{ + Account: &account, + Token: token.Token, + }) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to render login page: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } }) } diff --git a/admin/artisthttp.go b/admin/artisthttp.go index 9fa6bb2..af42cb1 100644 --- a/admin/artisthttp.go +++ b/admin/artisthttp.go @@ -1,19 +1,20 @@ package admin import ( - "fmt" - "net/http" - "strings" + "fmt" + "net/http" + "strings" + "arimelody-web/global" "arimelody-web/model" "arimelody-web/controller" ) -func serveArtist(app *model.AppState) http.Handler { +func serveArtist() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { slices := strings.Split(r.URL.Path[1:], "/") id := slices[0] - artist, err := controller.GetArtist(app.DB, id) + artist, err := controller.GetArtist(global.DB, id) if err != nil { if artist == nil { http.NotFound(w, r) @@ -24,7 +25,7 @@ func serveArtist(app *model.AppState) http.Handler { return } - credits, err := controller.GetArtistCredits(app.DB, artist.ID, true) + credits, err := controller.GetArtistCredits(global.DB, artist.ID, true) if err != nil { fmt.Printf("Error rendering admin track page for %s: %s\n", id, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -32,15 +33,15 @@ func serveArtist(app *model.AppState) http.Handler { } type ArtistResponse struct { - Session *model.Session + Account *model.Account Artist *model.Artist Credits []*model.Credit } - session := r.Context().Value("session").(*model.Session) + account := r.Context().Value("account").(*model.Account) - err = artistTemplate.Execute(w, ArtistResponse{ - Session: session, + err = pages["artist"].Execute(w, ArtistResponse{ + Account: account, Artist: artist, Credits: credits, }) diff --git a/admin/components/credits/addcredit.html b/admin/components/credits/addcredit.html index c09a550..32c43fa 100644 --- a/admin/components/credits/addcredit.html +++ b/admin/components/credits/addcredit.html @@ -1,6 +1,6 @@
-

Add Artist Credit

+

Add artist credit

    diff --git a/admin/components/release/release-list-item.html b/admin/components/release/release-list-item.html index 4b8f41e..677318d 100644 --- a/admin/components/release/release-list-item.html +++ b/admin/components/release/release-list-item.html @@ -7,7 +7,7 @@

    {{.Title}} - {{.ReleaseDate.Year}} + {{.GetReleaseYear}} {{if not .Visible}}(hidden){{end}}

    diff --git a/admin/components/tracks/addtrack.html b/admin/components/tracks/addtrack.html index a6dd433..f402763 100644 --- a/admin/components/tracks/addtrack.html +++ b/admin/components/tracks/addtrack.html @@ -1,6 +1,6 @@
    -

    Add Track

    +

    Add track

      diff --git a/admin/components/tracks/edittracks.html b/admin/components/tracks/edittracks.html index d03f80a..0500532 100644 --- a/admin/components/tracks/edittracks.html +++ b/admin/components/tracks/edittracks.html @@ -3,20 +3,20 @@

      Editing: Tracks

      Add -
      +
        - {{range $i, $track := .Release.Tracks}} + {{range $i, $track := .Tracks}}

      • - {{.Add $i 1}} + {{$track.Add $i 1}} {{$track.Title}}

        Delete diff --git a/admin/http.go b/admin/http.go index 245a152..d118647 100644 --- a/admin/http.go +++ b/admin/http.go @@ -1,462 +1,105 @@ package admin import ( - "context" - "database/sql" - "fmt" - "net/http" - "os" - "path/filepath" - "strings" - "time" + "context" + "fmt" + "net/http" + "os" + "path/filepath" - "arimelody-web/controller" - "arimelody-web/log" - "arimelody-web/model" + "arimelody-web/controller" + "arimelody-web/model" - "golang.org/x/crypto/bcrypt" + "github.com/jmoiron/sqlx" ) -func Handler(app *model.AppState) http.Handler { +func Handler(db *sqlx.DB) http.Handler { mux := http.NewServeMux() - mux.Handle("/qr-test", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - qrB64Img, err := controller.GenerateQRCode("super epic mega gaming test message. be sure to buy free2play on bandcamp so i can put food on my family") - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to generate QR code: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - - w.Write([]byte("")) - })) - - mux.Handle("/login", loginHandler(app)) - mux.Handle("/totp", loginTOTPHandler(app)) - mux.Handle("/logout", requireAccount(logoutHandler(app))) - - mux.Handle("/register", registerAccountHandler(app)) - - mux.Handle("/account", requireAccount(accountIndexHandler(app))) - mux.Handle("/account/", requireAccount(http.StripPrefix("/account", accountHandler(app)))) - - mux.Handle("/logs", requireAccount(logsHandler(app))) - - mux.Handle("/release/", requireAccount(http.StripPrefix("/release", serveRelease(app)))) - mux.Handle("/artist/", requireAccount(http.StripPrefix("/artist", serveArtist(app)))) - mux.Handle("/track/", requireAccount(http.StripPrefix("/track", serveTrack(app)))) - + mux.Handle("/login", LoginHandler(db)) + mux.Handle("/register", createAccountHandler(db)) + mux.Handle("/logout", RequireAccount(db, LogoutHandler(db))) + mux.Handle("/account", RequireAccount(db, AccountHandler(db))) mux.Handle("/static/", http.StripPrefix("/static", staticHandler())) - - mux.Handle("/", requireAccount(AdminIndexHandler(app))) - - // response wrapper to make sure a session cookie exists - return enforceSession(app, mux) -} - -func AdminIndexHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + mux.Handle("/release/", RequireAccount(db, http.StripPrefix("/release", serveRelease()))) + mux.Handle("/artist/", RequireAccount(db, http.StripPrefix("/artist", serveArtist()))) + mux.Handle("/track/", RequireAccount(db, http.StripPrefix("/track", serveTrack()))) + mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path != "/" { http.NotFound(w, r) return } - session := r.Context().Value("session").(*model.Session) + account, err := controller.GetAccountByRequest(db, r) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %s\n", err) + } + if account == nil { + http.Redirect(w, r, "/admin/login", http.StatusFound) + return + } - releases, err := controller.GetAllReleases(app.DB, false, 0, true) + releases, err := controller.GetAllReleases(db, false, 0, true) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to pull releases: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } - artists, err := controller.GetAllArtists(app.DB) + artists, err := controller.GetAllArtists(db) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to pull artists: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } - tracks, err := controller.GetOrphanTracks(app.DB) - if err != nil { + tracks, err := controller.GetOrphanTracks(db) + if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to pull orphan tracks: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } type IndexData struct { - Session *model.Session + Account *model.Account Releases []*model.Release Artists []*model.Artist Tracks []*model.Track } - err = indexTemplate.Execute(w, IndexData{ - Session: session, + err = pages["index"].Execute(w, IndexData{ + Account: account, Releases: releases, Artists: artists, Tracks: tracks, }) - if err != nil { + if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to render admin index: %s\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + })) + + return mux +} + +func RequireAccount(db *sqlx.DB, next http.Handler) http.HandlerFunc { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + account, err := controller.GetAccountByRequest(db, r) + if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - }) -} - -func registerAccountHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) - - if session.Account != nil { - // user is already logged in - http.Redirect(w, r, "/admin", http.StatusFound) - return - } - - type registerData struct { - Session *model.Session - } - - render := func() { - err := registerTemplate.Execute(w, registerData{ Session: session }) - if err != nil { - fmt.Printf("WARN: Error rendering create account page: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } - } - - if r.Method == http.MethodGet { - render() - return - } - - if r.Method != http.MethodPost { - http.NotFound(w, r) - return - } - - err := r.ParseForm() - if err != nil { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - type RegisterRequest struct { - Username string `json:"username"` - Email string `json:"email"` - Password string `json:"password"` - Invite string `json:"invite"` - } - credentials := RegisterRequest{ - Username: r.Form.Get("username"), - Email: r.Form.Get("email"), - Password: r.Form.Get("password"), - Invite: r.Form.Get("invite"), - } - - // make sure invite code exists in DB - invite, err := controller.GetInvite(app.DB, credentials.Invite) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - render() - return - } - if invite == nil || time.Now().After(invite.ExpiresAt) { - if invite != nil { - err := controller.DeleteInvite(app.DB, invite.Code) - if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } - } - controller.SetSessionError(app.DB, session, "Invalid invite code.") - render() - return - } - - hashedPassword, err := bcrypt.GenerateFromPassword([]byte(credentials.Password), bcrypt.DefaultCost) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - render() - return - } - - account := model.Account{ - Username: credentials.Username, - Password: string(hashedPassword), - Email: sql.NullString{ String: credentials.Email, Valid: true }, - AvatarURL: sql.NullString{ String: "/img/default-avatar.png", Valid: true }, - } - err = controller.CreateAccount(app.DB, &account) - if err != nil { - if strings.HasPrefix(err.Error(), "pq: duplicate key") { - controller.SetSessionError(app.DB, session, "An account with that username already exists.") - render() - return - } - fmt.Fprintf(os.Stderr, "WARN: Failed to create account: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - render() - return - } - - app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" (%s) created using invite \"%s\". (%s)", account.Username, account.ID, invite.Code, controller.ResolveIP(app, r)) - - err = controller.DeleteInvite(app.DB, invite.Code) - if err != nil { - app.Log.Warn(log.TYPE_ACCOUNT, "Failed to delete expired invite \"%s\": %v", invite.Code, err) - } - - // registration success! - controller.SetSessionAccount(app.DB, session, &account) - controller.SetSessionMessage(app.DB, session, "") - controller.SetSessionError(app.DB, session, "") - http.Redirect(w, r, "/admin", http.StatusFound) - }) -} - -func loginHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodGet && r.Method != http.MethodPost { - http.NotFound(w, r) - return - } - - session := r.Context().Value("session").(*model.Session) - - type loginData struct { - Session *model.Session - } - - render := func() { - err := loginTemplate.Execute(w, loginData{ Session: session }) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - } - - if r.Method == http.MethodGet { - if session.Account != nil { - // user is already logged in - http.Redirect(w, r, "/admin", http.StatusFound) - return - } - render() - return - } - - err := r.ParseForm() - if err != nil { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - if !r.Form.Has("username") || !r.Form.Has("password") { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - username := r.FormValue("username") - password := r.FormValue("password") - - account, err := controller.GetAccountByUsername(app.DB, username) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account for login: %v\n", err) - controller.SetSessionError(app.DB, session, "Invalid username or password.") - render() + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) return } if account == nil { - controller.SetSessionError(app.DB, session, "Invalid username or password.") - render() - return - } - if account.Locked { - controller.SetSessionError(app.DB, session, "This account is locked.") - render() - return - } - - err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password)) - if err != nil { - app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(app, r)) - if locked := handleFailedLogin(app, account, r); locked { - controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.") - } else { - controller.SetSessionError(app.DB, session, "Invalid username or password.") - } - render() - return - } - - totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - render() - return - } - - if len(totps) > 0 { - err = controller.SetSessionAttemptAccount(app.DB, session, account) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to set attempt session: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - render() - return - } - controller.SetSessionMessage(app.DB, session, "") - controller.SetSessionError(app.DB, session, "") - http.Redirect(w, r, "/admin/totp", http.StatusFound) - return - } - - // login success! - // TODO: log login activity to user - app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in. (%s)", account.Username, controller.ResolveIP(app, r)) - app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" does not have any TOTP methods assigned.", account.Username) - - err = controller.SetSessionAccount(app.DB, session, account) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to set session account: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - render() - return - } - controller.SetSessionMessage(app.DB, session, "") - controller.SetSessionError(app.DB, session, "") - http.Redirect(w, r, "/admin", http.StatusFound) - }) -} - -func loginTOTPHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) - - if session.AttemptAccount == nil { - http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) - return - } - - type loginTOTPData struct { - Session *model.Session - } - - render := func() { - err := loginTOTPTemplate.Execute(w, loginTOTPData{ Session: session }) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to render login TOTP page: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - } - - if r.Method == http.MethodGet { - render() - return - } - - if r.Method != http.MethodPost { - http.NotFound(w, r) - return - } - - r.ParseForm() - - if !r.Form.Has("totp") { - http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) - return - } - - totpCode := r.FormValue("totp") - - if len(totpCode) != controller.TOTP_CODE_LENGTH { - app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r)) - controller.SetSessionError(app.DB, session, "Invalid TOTP.") - render() - return - } - - totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.AttemptAccount.ID, totpCode) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to check TOTPs: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - render() - return - } - if totpMethod == nil { - app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Incorrect TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r)) - if locked := handleFailedLogin(app, session.AttemptAccount, r); locked { - controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.") - controller.SetSessionAttemptAccount(app.DB, session, nil) - http.Redirect(w, r, "/admin", http.StatusFound) - } else { - controller.SetSessionError(app.DB, session, "Incorrect TOTP.") - } - render() - return - } - - app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in with TOTP method \"%s\". (%s)", session.AttemptAccount.Username, totpMethod.Name, controller.ResolveIP(app, r)) - - err = controller.SetSessionAccount(app.DB, session, session.AttemptAccount) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to set session account: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - render() - return - } - err = controller.SetSessionAttemptAccount(app.DB, session, nil) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to clear attempt session: %v\n", err) - } - controller.SetSessionMessage(app.DB, session, "") - controller.SetSessionError(app.DB, session, "") - http.Redirect(w, r, "/admin", http.StatusFound) - }) -} - -func logoutHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodGet { - http.NotFound(w, r) - return - } - - session := r.Context().Value("session").(*model.Session) - err := controller.DeleteSession(app.DB, session.Token) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to delete session: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - - http.SetCookie(w, &http.Cookie{ - Name: model.COOKIE_TOKEN, - Expires: time.Now(), - Path: "/", - }) - - err = logoutTemplate.Execute(w, nil) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to render logout page: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } - }) -} - -func requireAccount(next http.Handler) http.HandlerFunc { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) - if session.Account == nil { // TODO: include context in redirect http.Redirect(w, r, "/admin/login", http.StatusFound) return } - next.ServeHTTP(w, r) + + ctx := context.WithValue(r.Context(), "account", account) + + next.ServeHTTP(w, r.WithContext(ctx)) }) } @@ -480,63 +123,3 @@ func staticHandler() http.Handler { http.FileServer(http.Dir(filepath.Join("admin", "static"))).ServeHTTP(w, r) }) } - -func enforceSession(app *model.AppState, next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session, err := controller.GetSessionFromRequest(app, r) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - - if session == nil { - // create a new session - session, err = controller.CreateSession(app.DB, r.UserAgent()) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to create session: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - - http.SetCookie(w, &http.Cookie{ - Name: model.COOKIE_TOKEN, - Value: session.Token, - Expires: session.ExpiresAt, - Secure: strings.HasPrefix(app.Config.BaseUrl, "https"), - HttpOnly: true, - Path: "/", - }) - } - - ctx := context.WithValue(r.Context(), "session", session) - next.ServeHTTP(w, r.WithContext(ctx)) - }) -} - -func handleFailedLogin(app *model.AppState, account *model.Account, r *http.Request) bool { - locked, err := controller.IncrementAccountFails(app.DB, account.ID) - if err != nil { - fmt.Fprintf( - os.Stderr, - "WARN: Failed to increment login failures for \"%s\": %v\n", - account.Username, - err, - ) - app.Log.Warn( - log.TYPE_ACCOUNT, - "Failed to increment login failures for \"%s\"", - account.Username, - ) - } - if locked { - app.Log.Warn( - log.TYPE_ACCOUNT, - "Account \"%s\" was locked: %d failed login attempts (IP: %s)", - account.Username, - model.MAX_LOGIN_FAIL_ATTEMPTS, - controller.ResolveIP(app, r), - ) - } - return locked -} diff --git a/admin/logshttp.go b/admin/logshttp.go deleted file mode 100644 index 7249b16..0000000 --- a/admin/logshttp.go +++ /dev/null @@ -1,67 +0,0 @@ -package admin - -import ( - "arimelody-web/log" - "arimelody-web/model" - "fmt" - "net/http" - "os" - "strings" -) - -func logsHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method != http.MethodGet { - http.NotFound(w, r) - return - } - - session := r.Context().Value("session").(*model.Session) - - levelFilter := []log.LogLevel{} - typeFilter := []string{} - - query := r.URL.Query().Get("q") - - for key, value := range r.URL.Query() { - if strings.HasPrefix(key, "level-") && value[0] == "on" { - m := map[string]log.LogLevel{ - "info": log.LEVEL_INFO, - "warn": log.LEVEL_WARN, - } - level, ok := m[strings.TrimPrefix(key, "level-")] - if ok { - levelFilter = append(levelFilter, level) - } - continue - } - - if strings.HasPrefix(key, "type-") && value[0] == "on" { - typeFilter = append(typeFilter, string(strings.TrimPrefix(key, "type-"))) - continue - } - } - - logs, err := app.Log.Search(levelFilter, typeFilter, query, 100, 0) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch audit logs: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - - type LogsResponse struct { - Session *model.Session - Logs []*log.Log - } - - err = logsTemplate.Execute(w, LogsResponse{ - Session: session, - Logs: logs, - }) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to render audit logs page: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - }) -} diff --git a/admin/releasehttp.go b/admin/releasehttp.go index c6b68ab..9132fe8 100644 --- a/admin/releasehttp.go +++ b/admin/releasehttp.go @@ -1,28 +1,29 @@ package admin import ( - "fmt" - "net/http" - "strings" + "fmt" + "net/http" + "strings" - "arimelody-web/controller" - "arimelody-web/model" + "arimelody-web/global" + "arimelody-web/controller" + "arimelody-web/model" ) -func serveRelease(app *model.AppState) http.Handler { +func serveRelease() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { slices := strings.Split(r.URL.Path[1:], "/") releaseID := slices[0] - session := r.Context().Value("session").(*model.Session) + account := r.Context().Value("account").(*model.Account) - release, err := controller.GetRelease(app.DB, releaseID, true) + release, err := controller.GetRelease(global.DB, releaseID, true) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) return } - fmt.Printf("WARN: Failed to pull full release data for %s: %s\n", releaseID, err) + fmt.Printf("FATAL: Failed to pull full release data for %s: %s\n", releaseID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -33,10 +34,10 @@ func serveRelease(app *model.AppState) http.Handler { serveEditCredits(release).ServeHTTP(w, r) return case "addcredit": - serveAddCredit(app, release).ServeHTTP(w, r) + serveAddCredit(release).ServeHTTP(w, r) return case "newcredit": - serveNewCredit(app).ServeHTTP(w, r) + serveNewCredit().ServeHTTP(w, r) return case "editlinks": serveEditLinks(release).ServeHTTP(w, r) @@ -45,10 +46,10 @@ func serveRelease(app *model.AppState) http.Handler { serveEditTracks(release).ServeHTTP(w, r) return case "addtrack": - serveAddTrack(app, release).ServeHTTP(w, r) + serveAddTrack(release).ServeHTTP(w, r) return case "newtrack": - serveNewTrack(app).ServeHTTP(w, r) + serveNewTrack().ServeHTTP(w, r) return } http.NotFound(w, r) @@ -56,12 +57,12 @@ func serveRelease(app *model.AppState) http.Handler { } type ReleaseResponse struct { - Session *model.Session + Account *model.Account Release *model.Release } - err = releaseTemplate.Execute(w, ReleaseResponse{ - Session: session, + err = pages["release"].Execute(w, ReleaseResponse{ + Account: account, Release: release, }) if err != nil { @@ -74,7 +75,7 @@ func serveRelease(app *model.AppState) http.Handler { func serveEditCredits(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") - err := editCreditsTemplate.Execute(w, release) + err := components["editcredits"].Execute(w, release) if err != nil { fmt.Printf("Error rendering edit credits component for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -82,11 +83,11 @@ func serveEditCredits(release *model.Release) http.Handler { }) } -func serveAddCredit(app *model.AppState, release *model.Release) http.Handler { +func serveAddCredit(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - artists, err := controller.GetArtistsNotOnRelease(app.DB, release.ID) + artists, err := controller.GetArtistsNotOnRelease(global.DB, release.ID) if err != nil { - fmt.Printf("WARN: Failed to pull artists not on %s: %s\n", release.ID, err) + fmt.Printf("FATAL: Failed to pull artists not on %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -97,7 +98,7 @@ func serveAddCredit(app *model.AppState, release *model.Release) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = addCreditTemplate.Execute(w, response{ + err = components["addcredit"].Execute(w, response{ ReleaseID: release.ID, Artists: artists, }) @@ -108,12 +109,12 @@ func serveAddCredit(app *model.AppState, release *model.Release) http.Handler { }) } -func serveNewCredit(app *model.AppState) http.Handler { +func serveNewCredit() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { artistID := strings.Split(r.URL.Path, "/")[3] - artist, err := controller.GetArtist(app.DB, artistID) + artist, err := controller.GetArtist(global.DB, artistID) if err != nil { - fmt.Printf("WARN: Failed to pull artists %s: %s\n", artistID, err) + fmt.Printf("FATAL: Failed to pull artists %s: %s\n", artistID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -123,7 +124,7 @@ func serveNewCredit(app *model.AppState) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = newCreditTemplate.Execute(w, artist) + err = components["newcredit"].Execute(w, artist) if err != nil { fmt.Printf("Error rendering new credit component for %s: %s\n", artist.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -134,7 +135,7 @@ func serveNewCredit(app *model.AppState) http.Handler { func serveEditLinks(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") - err := editLinksTemplate.Execute(w, release) + err := components["editlinks"].Execute(w, release) if err != nil { fmt.Printf("Error rendering edit links component for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -145,16 +146,7 @@ func serveEditLinks(release *model.Release) http.Handler { func serveEditTracks(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") - - type editTracksData struct { - Release *model.Release - Add func(a int, b int) int - } - - err := editTracksTemplate.Execute(w, editTracksData{ - Release: release, - Add: func(a, b int) int { return a + b }, - }) + err := components["edittracks"].Execute(w, release) if err != nil { fmt.Printf("Error rendering edit tracks component for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -162,11 +154,11 @@ func serveEditTracks(release *model.Release) http.Handler { }) } -func serveAddTrack(app *model.AppState, release *model.Release) http.Handler { +func serveAddTrack(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - tracks, err := controller.GetTracksNotOnRelease(app.DB, release.ID) + tracks, err := controller.GetTracksNotOnRelease(global.DB, release.ID) if err != nil { - fmt.Printf("WARN: Failed to pull tracks not on %s: %s\n", release.ID, err) + fmt.Printf("FATAL: Failed to pull tracks not on %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -177,7 +169,7 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = addTrackTemplate.Execute(w, response{ + err = components["addtrack"].Execute(w, response{ ReleaseID: release.ID, Tracks: tracks, }) @@ -189,10 +181,10 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler { }) } -func serveNewTrack(app *model.AppState) http.Handler { +func serveNewTrack() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { trackID := strings.Split(r.URL.Path, "/")[3] - track, err := controller.GetTrack(app.DB, trackID) + track, err := controller.GetTrack(global.DB, trackID) if err != nil { fmt.Printf("Error rendering new track component for %s: %s\n", trackID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -204,7 +196,7 @@ func serveNewTrack(app *model.AppState) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = newTrackTemplate.Execute(w, track) + err = components["newtrack"].Execute(w, track) if err != nil { fmt.Printf("Error rendering new track component for %s: %s\n", track.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) diff --git a/admin/static/admin.css b/admin/static/admin.css index 877b5da..32f69bb 100644 --- a/admin/static/admin.css +++ b/admin/static/admin.css @@ -24,7 +24,7 @@ nav { justify-content: left; background: #f8f8f8; - border-radius: 4px; + border-radius: .5em; border: 1px solid #808080; } nav .icon { @@ -85,15 +85,6 @@ a img.icon { height: .8em; } -code { - background: #303030; - color: #f0f0f0; - padding: .23em .3em; - border-radius: 4px; -} - - - .card { margin-bottom: 1em; } @@ -102,6 +93,13 @@ code { margin: 0 0 .5em 0; } +/* +.card h3, +.card p { + margin: 0; +} +*/ + .card-title { margin-bottom: 1em; display: flex; @@ -129,34 +127,20 @@ code { -#message, -#error { - margin: 0 0 1em 0; - padding: 1em; - border-radius: 4px; - background: #ffffff; - border: 1px solid #888; -} -#message { - background: #a9dfff; - border-color: #599fdc; -} #error { background: #ffa9b8; - border-color: #dc5959; + border: 1px solid #dc5959; + padding: 1em; + border-radius: 4px; } -a.delete:not(.button) { - color: #d22828; -} - button, .button { padding: .5em .8em; font-family: inherit; font-size: inherit; - border-radius: 4px; + border-radius: .5em; border: 1px solid #a0a0a0; background: #f0f0f0; color: inherit; @@ -170,59 +154,35 @@ button:active, .button:active { border-color: #808080; } -.button, button { +button { color: inherit; } -.button.new, button.new { +button.new { background: #c4ff6a; border-color: #84b141; } -.button.save, button.save { +button.save { background: #6fd7ff; border-color: #6f9eb0; } -.button.delete, button.delete { +button.delete { background: #ff7171; border-color: #7d3535; } -.button:hover, button:hover { +button:hover { background: #fff; border-color: #d0d0d0; } -.button:active, button:active { +button:active { background: #d0d0d0; border-color: #808080; } -.button[disabled], button[disabled] { +button[disabled] { background: #d0d0d0 !important; border-color: #808080 !important; opacity: .5; cursor: not-allowed !important; } - - - -form { - width: 100%; - display: block; -} -form label { - width: 100%; - margin: 1rem 0 .5rem 0; - display: block; - color: #10101080; -} -form input { - margin: .5rem 0; - padding: .3rem .5rem; - display: block; - border-radius: 4px; - border: 1px solid #808080; - font-size: inherit; - font-family: inherit; - color: inherit; -} -input[disabled] { - opacity: .5; - cursor: not-allowed; +a.delete { + color: #d22828; } diff --git a/admin/static/edit-account.css b/admin/static/edit-account.css index 7a4d34a..625db13 100644 --- a/admin/static/edit-account.css +++ b/admin/static/edit-account.css @@ -1,18 +1,28 @@ @import url("/admin/static/index.css"); -div.card { - margin-bottom: 2rem; +form#change-password { + width: 100%; + display: flex; + flex-direction: column; + align-items: start; +} + +form div { + width: 20rem; +} + +form button { + margin-top: 1rem; } label { - width: auto; - margin: 0; - display: flex; - align-items: center; - color: inherit; + width: 100%; + margin: 1rem 0 .5rem 0; + display: block; + color: #10101080; } input { - width: min(20rem, calc(100% - 1rem)); + width: 100%; margin: .5rem 0; padding: .3rem .5rem; display: block; @@ -23,11 +33,18 @@ input { color: inherit; } +#error { + background: #ffa9b8; + border: 1px solid #dc5959; + padding: 1em; + border-radius: 4px; +} + .mfa-device { padding: .75em; background: #f8f8f8f8; border: 1px solid #808080; - border-radius: 8px; + border-radius: .5em; margin-bottom: .5em; display: flex; justify-content: space-between; diff --git a/admin/static/edit-artist.css b/admin/static/edit-artist.css index 5627e64..793b989 100644 --- a/admin/static/edit-artist.css +++ b/admin/static/edit-artist.css @@ -9,7 +9,7 @@ h1 { flex-direction: row; gap: 1.2em; - border-radius: 8px; + border-radius: .5em; background: #f8f8f8f8; border: 1px solid #808080; } diff --git a/admin/static/edit-release.css b/admin/static/edit-release.css index aa70e34..10eada3 100644 --- a/admin/static/edit-release.css +++ b/admin/static/edit-release.css @@ -11,7 +11,7 @@ input[type="text"] { flex-direction: row; gap: 1.2em; - border-radius: 8px; + border-radius: .5em; background: #f8f8f8f8; border: 1px solid #808080; } @@ -160,7 +160,7 @@ dialog div.dialog-actions { align-items: center; gap: 1em; - border-radius: 8px; + border-radius: .5em; background: #f8f8f8f8; border: 1px solid #808080; } @@ -170,7 +170,7 @@ dialog div.dialog-actions { } .card.credits .credit .artist-avatar { - border-radius: 8px; + border-radius: .5em; } .card.credits .credit .artist-name { @@ -196,7 +196,7 @@ dialog div.dialog-actions { align-items: center; gap: 1em; - border-radius: 8px; + border-radius: .5em; background: #f8f8f8f8; border: 1px solid #808080; } @@ -215,7 +215,7 @@ dialog div.dialog-actions { } #editcredits .credit .artist-avatar { - border-radius: 8px; + border-radius: .5em; } #editcredits .credit .credit-info { @@ -228,14 +228,12 @@ dialog div.dialog-actions { } #editcredits .credit .credit-info .credit-attribute label { - width: auto; - margin: 0; display: flex; align-items: center; } #editcredits .credit .credit-info .credit-attribute input[type="text"] { - margin: 0 0 0 .25em; + margin-left: .25em; padding: .2em .4em; flex-grow: 1; font-family: inherit; @@ -243,9 +241,6 @@ dialog div.dialog-actions { border-radius: 4px; color: inherit; } -#editcredits .credit .credit-info .credit-attribute input[type="checkbox"] { - margin: 0 .3em; -} #editcredits .credit .artist-name { font-weight: bold; @@ -374,10 +369,8 @@ dialog div.dialog-actions { #editlinks td input[type="text"] { width: calc(100% - .6em); height: 100%; - margin: 0; padding: 0 .3em; border: none; - border-radius: 0; outline: none; cursor: pointer; background: none; @@ -400,7 +393,7 @@ dialog div.dialog-actions { flex-direction: column; gap: .5em; - border-radius: 8px; + border-radius: .5em; background: #f8f8f8f8; border: 1px solid #808080; } diff --git a/admin/static/edit-track.css b/admin/static/edit-track.css index 600b680..8a05089 100644 --- a/admin/static/edit-track.css +++ b/admin/static/edit-track.css @@ -11,7 +11,7 @@ h1 { flex-direction: row; gap: 1.2em; - border-radius: 8px; + border-radius: .5em; background: #f8f8f8f8; border: 1px solid #808080; } diff --git a/admin/static/index.css b/admin/static/index.css index 9fcd731..9d38940 100644 --- a/admin/static/index.css +++ b/admin/static/index.css @@ -1,5 +1,23 @@ @import url("/admin/static/release-list-item.css"); +.create-btn { + background: #c4ff6a; + padding: .5em .8em; + border-radius: .5em; + border: 1px solid #84b141; + text-decoration: none; +} +.create-btn:hover { + background: #fff; + border-color: #d0d0d0; + text-decoration: inherit; +} +.create-btn:active { + background: #d0d0d0; + border-color: #808080; + text-decoration: inherit; +} + .artist { margin-bottom: .5em; padding: .5em; @@ -8,7 +26,7 @@ align-items: center; gap: .5em; - border-radius: 8px; + border-radius: .5em; background: #f8f8f8f8; border: 1px solid #808080; } @@ -31,7 +49,7 @@ flex-direction: column; gap: .5em; - border-radius: 8px; + border-radius: .5em; background: #f8f8f8f8; border: 1px solid #808080; } diff --git a/admin/static/logs.css b/admin/static/logs.css deleted file mode 100644 index f0df299..0000000 --- a/admin/static/logs.css +++ /dev/null @@ -1,86 +0,0 @@ -main { - width: min(1080px, calc(100% - 2em))!important -} - -form { - margin: 1em 0; -} - -div#search { - display: flex; -} - -#search input { - margin: 0; - flex-grow: 1; - - border-right: none; - border-top-right-radius: 0; - border-bottom-right-radius: 0; -} - -#search button { - padding: 0 .5em; - - border-top-left-radius: 0; - border-bottom-left-radius: 0; -} - -form #filters p { - margin: .5em 0 0 0; -} -form #filters label { - display: inline; -} -form #filters input { - margin-right: 1em; - display: inline; -} - -#logs { - width: 100%; - border-collapse: collapse; -} - -#logs tr { -} - -#logs tr td { - border-bottom: 1px solid #8888; -} - -#logs tr td:nth-child(even) { - background: #00000004; -} - -#logs th, #logs td { - padding: .4em .8em; -} - -td, th { - width: 1%; - text-align: left; - white-space: nowrap; -} -td.log-level, -th.log-level, -td.log-type, -th.log-type { - text-align: center; -} -td.log-content, -td.log-content { - width: 100%; - white-space: collapse; -} - -.log:hover { - background: #fff8; -} - -.log.warn { - background: #ffe86a; -} -.log.warn:hover { - background: #ffec81; -} diff --git a/admin/static/release-list-item.css b/admin/static/release-list-item.css index 638eac0..ee67de7 100644 --- a/admin/static/release-list-item.css +++ b/admin/static/release-list-item.css @@ -5,7 +5,7 @@ flex-direction: row; gap: 1em; - border-radius: 8px; + border-radius: .5em; background: #f8f8f8f8; border: 1px solid #808080; } @@ -50,7 +50,7 @@ padding: .5em; display: block; - border-radius: 8px; + border-radius: .5em; text-decoration: none; color: #f0f0f0; background: #303030; @@ -73,7 +73,7 @@ padding: .3em .5em; display: inline-block; - border-radius: 4px; + border-radius: .3em; background: #e0e0e0; transition: color .1s, background .1s; diff --git a/admin/templates.go b/admin/templates.go index 606d569..1fa7a65 100644 --- a/admin/templates.go +++ b/admin/templates.go @@ -1,125 +1,65 @@ package admin import ( - "arimelody-web/log" - "fmt" - "html/template" - "path/filepath" - "strings" - "time" + "html/template" + "path/filepath" ) -var indexTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "components", "release", "release-list-item.html"), - filepath.Join("admin", "views", "index.html"), -)) +var pages = map[string]*template.Template{ + "index": template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "components", "release", "release-list-item.html"), + filepath.Join("admin", "views", "index.html"), + )), -var loginTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "login.html"), -)) -var loginTOTPTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "login-totp.html"), -)) -var registerTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "register.html"), -)) -var logoutTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "logout.html"), -)) -var accountTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-account.html"), -)) -var totpSetupTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "totp-setup.html"), -)) -var totpConfirmTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "totp-confirm.html"), -)) + "login": template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "login.html"), + )), + "create-account": template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "create-account.html"), + )), + "logout": template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "logout.html"), + )), + "account": template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "edit-account.html"), + )), -var logsTemplate = template.Must(template.New("layout.html").Funcs(template.FuncMap{ - "parseLevel": func(level log.LogLevel) string { - switch level { - case log.LEVEL_INFO: - return "INFO" - case log.LEVEL_WARN: - return "WARN" - } - return fmt.Sprintf("%d?", level) - }, - "titleCase": func(logType string) string { - runes := []rune(logType) - for i, r := range runes { - if (i == 0 || runes[i - 1] == ' ') && r >= 'a' && r <= 'z' { - runes[i] = r + ('A' - 'a') - } - } - return string(runes) - }, - "lower": func(str string) string { return strings.ToLower(str) }, - "prettyTime": func(t time.Time) string { - // return t.Format("2006-01-02 15:04:05") - // return t.Format("15:04:05, 2 Jan 2006") - return t.Format("02 Jan 2006, 15:04:05") - }, -}).ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "logs.html"), -)) + "release": template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "edit-release.html"), + )), + "artist": template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "edit-artist.html"), + )), + "track": template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "components", "release", "release-list-item.html"), + filepath.Join("admin", "views", "edit-track.html"), + )), +} -var releaseTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-release.html"), -)) -var artistTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-artist.html"), -)) -var trackTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "components", "release", "release-list-item.html"), - filepath.Join("admin", "views", "edit-track.html"), -)) +var components = map[string]*template.Template{ + "editcredits": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "editcredits.html"))), + "addcredit": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "addcredit.html"))), + "newcredit": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "newcredit.html"))), -var editCreditsTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "credits", "editcredits.html"), -)) -var addCreditTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "credits", "addcredit.html"), -)) -var newCreditTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "credits", "newcredit.html"), -)) + "editlinks": template.Must(template.ParseFiles(filepath.Join("admin", "components", "links", "editlinks.html"))), -var editLinksTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "links", "editlinks.html"), -)) - -var editTracksTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "tracks", "edittracks.html"), -)) -var addTrackTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "tracks", "addtrack.html"), -)) -var newTrackTemplate = template.Must(template.ParseFiles( - filepath.Join("admin", "components", "tracks", "newtrack.html"), -)) + "edittracks": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "edittracks.html"))), + "addtrack": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "addtrack.html"))), + "newtrack": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "newtrack.html"))), +} diff --git a/admin/trackhttp.go b/admin/trackhttp.go index 93eacdb..2cea123 100644 --- a/admin/trackhttp.go +++ b/admin/trackhttp.go @@ -1,19 +1,20 @@ package admin import ( - "fmt" - "net/http" - "strings" + "fmt" + "net/http" + "strings" + "arimelody-web/global" "arimelody-web/model" "arimelody-web/controller" ) -func serveTrack(app *model.AppState) http.Handler { +func serveTrack() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { slices := strings.Split(r.URL.Path[1:], "/") id := slices[0] - track, err := controller.GetTrack(app.DB, id) + track, err := controller.GetTrack(global.DB, id) if err != nil { fmt.Printf("Error rendering admin track page for %s: %s\n", id, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -24,7 +25,7 @@ func serveTrack(app *model.AppState) http.Handler { return } - releases, err := controller.GetTrackReleases(app.DB, track.ID, true) + releases, err := controller.GetTrackReleases(global.DB, track.ID, true) if err != nil { fmt.Printf("FATAL: Failed to pull releases for %s: %s\n", id, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -32,15 +33,15 @@ func serveTrack(app *model.AppState) http.Handler { } type TrackResponse struct { - Session *model.Session + Account *model.Account Track *model.Track Releases []*model.Release } - session := r.Context().Value("session").(*model.Session) + account := r.Context().Value("account").(*model.Account) - err = trackTemplate.Execute(w, TrackResponse{ - Session: session, + err = pages["track"].Execute(w, TrackResponse{ + Account: account, Track: track, Releases: releases, }) diff --git a/admin/views/register.html b/admin/views/create-account.html similarity index 55% rename from admin/views/register.html rename to admin/views/create-account.html index 37f0947..8d59c0f 100644 --- a/admin/views/register.html +++ b/admin/views/create-account.html @@ -11,7 +11,7 @@ a.discord { color: #5865F2; } -form#register { +form { width: 100%; display: flex; flex-direction: column; @@ -26,33 +26,45 @@ form button { margin-top: 1rem; } +label { + width: 100%; + margin: 1rem 0 .5rem 0; + display: block; + color: #10101080; +} input { - width: calc(100% - 1rem - 2px); + width: 100%; + margin: .5rem 0; + padding: .3rem .5rem; + display: block; + border-radius: 4px; + border: 1px solid #808080; + font-size: inherit; + font-family: inherit; + color: inherit; } {{end}} {{define "content"}}
        - {{if .Session.Error.Valid}} -

        {{html .Session.Error.String}}

        + {{if .Message}} +

        {{.Message}}

        {{end}} - -

        Create Account

        - +
        - + - + - + - +
        diff --git a/admin/views/edit-account.html b/admin/views/edit-account.html index 6c17088..4d89052 100644 --- a/admin/views/edit-account.html +++ b/admin/views/edit-account.html @@ -6,27 +6,23 @@ {{define "content"}}
        - {{if .Session.Message.Valid}} -

        {{html .Session.Message.String}}

        - {{end}} - {{if .Session.Error.Valid}} -

        {{html .Session.Error.String}}

        - {{end}} -

        Account Settings ({{.Session.Account.Username}})

        +

        Account Settings ({{.Account.Username}})

        Change Password

        - - - + +
        + + - - + + - - + + +
        @@ -40,11 +36,11 @@ {{range .TOTPs}}
        -

        {{.TOTP.Name}}

        -

        Added: {{.CreatedAtString}}

        +

        {{.Name}}

        +

        Added: {{.CreatedAt}}

        {{end}} @@ -52,10 +48,7 @@

        You have no MFA devices.

        {{end}} -
        - - Add TOTP Device -
        +
        @@ -65,17 +58,9 @@

        Clicking the button below will delete your account. This action is irreversible. - You will need to enter your password and TOTP below. + You will be prompted to confirm this decision.

        -
        - - - - - - - -
        +
        diff --git a/admin/views/edit-artist.html b/admin/views/edit-artist.html index b0cfb41..ccb3a45 100644 --- a/admin/views/edit-artist.html +++ b/admin/views/edit-artist.html @@ -36,13 +36,13 @@ {{if .Credits}} {{range .Credits}}
        - +
        -

        {{.Release.Title}}

        -

        {{.Release.PrintArtists true true}}

        +

        {{.Artist.Release.Title}}

        +

        {{.Artist.Release.PrintArtists true true}}

        - Role: {{.Role}} - {{if .Primary}} + Role: {{.Artist.Role}} + {{if .Artist.Primary}} (Primary) {{end}}

        diff --git a/admin/views/index.html b/admin/views/index.html index 2b9c897..8f42e0e 100644 --- a/admin/views/index.html +++ b/admin/views/index.html @@ -9,7 +9,7 @@

        Releases

        - Create New + Create New
        {{range .Releases}} @@ -22,7 +22,7 @@

        Artists

        - Create New + Create New
        {{range $Artist := .Artists}} @@ -38,7 +38,7 @@

        Tracks

        - Create New + Create New

        "Orphaned" tracks that have not yet been bound to a release.

        diff --git a/admin/views/layout.html b/admin/views/layout.html index 52b0620..0a33b72 100644 --- a/admin/views/layout.html +++ b/admin/views/layout.html @@ -23,20 +23,10 @@
        home
        - {{if .Session.Account}} -
        - logs -
        - {{end}} -
        - - {{if .Session.Account}} + {{if .Account}}
        - account ({{.Session.Account.Username}}) -
        -
        - log out + logged in as {{.Account.Username}}. log out
        {{else}}
        diff --git a/admin/views/login-totp.html b/admin/views/login-totp.html deleted file mode 100644 index 33e8c88..0000000 --- a/admin/views/login-totp.html +++ /dev/null @@ -1,47 +0,0 @@ -{{define "head"}} -Login - ari melody 💫 - - - -{{end}} - -{{define "content"}} -
        - {{if .Session.Message.Valid}} -

        {{html .Session.Message.String}}

        - {{end}} - {{if .Session.Error.Valid}} -

        {{html .Session.Error.String}}

        - {{end}} - -
        -

        Two-Factor Authentication

        - -
        - - -
        - - -
        -
        -{{end}} diff --git a/admin/views/login.html b/admin/views/login.html index fbb7294..7744e91 100644 --- a/admin/views/login.html +++ b/admin/views/login.html @@ -3,7 +3,15 @@ {{end}} {{define "content"}}
        - {{if .Session.Message.Valid}} -

        {{html .Session.Message.String}}

        - {{end}} - {{if .Session.Error.Valid}} -

        {{html .Session.Error.String}}

        + {{if .Message}} +

        {{.Message}}

        {{end}} + {{if .Token}} + + +

        + Logged in successfully. + You should be redirected to /admin soon. +

        + + {{else}} +
        -

        Log In

        -
        - + - + + + +
        + + {{end}}
        {{end}} diff --git a/admin/views/logout.html b/admin/views/logout.html index f127fd6..1999377 100644 --- a/admin/views/logout.html +++ b/admin/views/logout.html @@ -12,10 +12,13 @@ p a { {{define "content"}}
        - +

        Logged out successfully. - You should be redirected to /admin/login shortly. + You should be redirected to / in 5 seconds. +

        diff --git a/admin/views/logs.html b/admin/views/logs.html deleted file mode 100644 index e3a3ccb..0000000 --- a/admin/views/logs.html +++ /dev/null @@ -1,68 +0,0 @@ -{{define "head"}} -Audit Logs - ari melody 💫 - - - -{{end}} - -{{define "content"}} -
        -

        Audit Logs

        - -
        - -
        -
        -

        Level:

        - - - - -
        -
        -

        Type:

        - - - - - - - - - - - - - - -
        -
        -
        - -
        - - - - - - - - - - - - {{range .Logs}} - - - - - - - {{end}} - -
        TimeLevelTypeMessage
        {{prettyTime .CreatedAt}}{{parseLevel .Level}}{{titleCase .Type}}{{.Content}}
        -
        -{{end}} diff --git a/admin/views/totp-confirm.html b/admin/views/totp-confirm.html deleted file mode 100644 index 7d305ec..0000000 --- a/admin/views/totp-confirm.html +++ /dev/null @@ -1,48 +0,0 @@ -{{define "head"}} -TOTP Confirmation - ari melody 💫 - - - -{{end}} - -{{define "content"}} -
        - {{if .Session.Error.Valid}} -

        {{html .Session.Error.String}}

        - {{end}} - -
        - {{if .QRBase64Image}} - - -

        - Scan the QR code above into your authentication app or password manager, - then enter your 2FA code below. -

        - -

        - If the QR code does not work, you may also enter this secret code: -

        - {{else}} -

        - Paste the below secret code into your authentication app or password manager, - then enter your 2FA code below: -

        - {{end}} - -

        {{.TOTP.Secret}}

        - - - - - -
        -
        -{{end}} diff --git a/admin/views/totp-setup.html b/admin/views/totp-setup.html deleted file mode 100644 index e74c970..0000000 --- a/admin/views/totp-setup.html +++ /dev/null @@ -1,20 +0,0 @@ -{{define "head"}} -TOTP Setup - ari melody 💫 - - -{{end}} - -{{define "content"}} -
        - {{if .Session.Error.Valid}} -

        {{html .Session.Error.String}}

        - {{end}} - -
        - - - - -
        -
        -{{end}} diff --git a/api/account.go b/api/account.go new file mode 100644 index 0000000..3ce52c8 --- /dev/null +++ b/api/account.go @@ -0,0 +1,202 @@ +package api + +import ( + "arimelody-web/controller" + "arimelody-web/model" + "arimelody-web/global" + "encoding/json" + "fmt" + "net/http" + "os" + "strings" + "time" + + "golang.org/x/crypto/bcrypt" +) + +func handleLogin() http.HandlerFunc { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.NotFound(w, r) + return + } + + type LoginRequest struct { + Username string `json:"username"` + Password string `json:"password"` + } + + credentials := LoginRequest{} + err := json.NewDecoder(r.Body).Decode(&credentials) + if err != nil { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + account, err := controller.GetAccount(global.DB, credentials.Username) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve account: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + if account == nil { + http.Error(w, "Invalid username or password", http.StatusBadRequest) + return + } + + err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(credentials.Password)) + if err != nil { + http.Error(w, "Invalid username or password", http.StatusBadRequest) + return + } + + token, err := controller.CreateToken(global.DB, account.ID, r.UserAgent()) + type LoginResponse struct { + Token string `json:"token"` + ExpiresAt time.Time `json:"expires_at"` + } + + err = json.NewEncoder(w).Encode(LoginResponse{ + Token: token.Token, + ExpiresAt: token.ExpiresAt, + }) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to return session token: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + }) +} + +func handleAccountRegistration() http.HandlerFunc { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.NotFound(w, r) + return + } + + type RegisterRequest struct { + Username string `json:"username"` + Email string `json:"email"` + Password string `json:"password"` + Invite string `json:"invite"` + } + + credentials := RegisterRequest{} + err := json.NewDecoder(r.Body).Decode(&credentials) + if err != nil { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + // make sure code exists in DB + invite, err := controller.GetInvite(global.DB, credentials.Invite) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve invite: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + if invite == nil { + http.Error(w, "Invalid invite code", http.StatusBadRequest) + return + } + + if time.Now().After(invite.ExpiresAt) { + err := controller.DeleteInvite(global.DB, invite.Code) + if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } + http.Error(w, "Invalid invite code", http.StatusBadRequest) + return + } + + hashedPassword, err := bcrypt.GenerateFromPassword([]byte(credentials.Password), bcrypt.DefaultCost) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to generate password hash: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + + account := model.Account{ + Username: credentials.Username, + Password: string(hashedPassword), + Email: credentials.Email, + AvatarURL: "/img/default-avatar.png", + } + err = controller.CreateAccount(global.DB, &account) + if err != nil { + if strings.HasPrefix(err.Error(), "pq: duplicate key") { + http.Error(w, "An account with that username already exists", http.StatusBadRequest) + return + } + fmt.Fprintf(os.Stderr, "WARN: Failed to create account: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + + err = controller.DeleteInvite(global.DB, invite.Code) + if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } + + token, err := controller.CreateToken(global.DB, account.ID, r.UserAgent()) + type LoginResponse struct { + Token string `json:"token"` + ExpiresAt time.Time `json:"expires_at"` + } + + err = json.NewEncoder(w).Encode(LoginResponse{ + Token: token.Token, + ExpiresAt: token.ExpiresAt, + }) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to return session token: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + }) +} + +func handleDeleteAccount() http.HandlerFunc { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodPost { + http.NotFound(w, r) + return + } + + type LoginRequest struct { + Username string `json:"username"` + Password string `json:"password"` + } + + credentials := LoginRequest{} + err := json.NewDecoder(r.Body).Decode(&credentials) + if err != nil { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + account, err := controller.GetAccount(global.DB, credentials.Username) + if err != nil { + if strings.Contains(err.Error(), "no rows") { + http.Error(w, "Invalid username or password", http.StatusBadRequest) + return + } + fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve account: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + + err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(credentials.Password)) + if err != nil { + http.Error(w, "Invalid password", http.StatusBadRequest) + return + } + + // TODO: check TOTP + + err = controller.DeleteAccount(global.DB, account.Username) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to delete account: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + + w.WriteHeader(http.StatusOK) + w.Write([]byte("Account deleted successfully\n")) + }) +} diff --git a/api/api.go b/api/api.go index 398db4b..26e2255 100644 --- a/api/api.go +++ b/api/api.go @@ -1,33 +1,44 @@ package api import ( - "context" - "errors" - "fmt" - "net/http" - "os" - "strings" + "fmt" + "net/http" + "strings" - "arimelody-web/controller" - "arimelody-web/model" + "arimelody-web/admin" + "arimelody-web/controller" + + "github.com/jmoiron/sqlx" ) -func Handler(app *model.AppState) http.Handler { +func Handler(db *sqlx.DB) http.Handler { mux := http.NewServeMux() + // ACCOUNT ENDPOINTS + + /* + // temporarily disabling these + // accounts should really be handled via the frontend rn, and juggling + // two different token bearer methods kinda sucks!! + // i'll look into generating API tokens on the frontend in the future // TODO: generate API keys on the frontend + mux.Handle("/v1/login", handleLogin()) + mux.Handle("/v1/register", handleAccountRegistration()) + mux.Handle("/v1/delete-account", handleDeleteAccount()) + */ + // ARTIST ENDPOINTS mux.Handle("/v1/artist/", http.StripPrefix("/v1/artist", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var artistID = strings.Split(r.URL.Path[1:], "/")[0] - artist, err := controller.GetArtist(app.DB, artistID) + artist, err := controller.GetArtist(db, artistID) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) return } - fmt.Printf("WARN: Error while retrieving artist %s: %s\n", artistID, err) + fmt.Printf("FATAL: Error while retrieving artist %s: %s\n", artistID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -35,13 +46,13 @@ func Handler(app *model.AppState) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/artist/{id} - ServeArtist(app, artist).ServeHTTP(w, r) + ServeArtist(artist).ServeHTTP(w, r) case http.MethodPut: // PUT /api/v1/artist/{id} (admin) - requireAccount(UpdateArtist(app, artist)).ServeHTTP(w, r) + admin.RequireAccount(db, UpdateArtist(artist)).ServeHTTP(w, r) case http.MethodDelete: // DELETE /api/v1/artist/{id} (admin) - requireAccount(DeleteArtist(app, artist)).ServeHTTP(w, r) + admin.RequireAccount(db, DeleteArtist(artist)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -50,10 +61,10 @@ func Handler(app *model.AppState) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/artist - ServeAllArtists(app).ServeHTTP(w, r) + ServeAllArtists().ServeHTTP(w, r) case http.MethodPost: // POST /api/v1/artist (admin) - requireAccount(CreateArtist(app)).ServeHTTP(w, r) + admin.RequireAccount(db, CreateArtist()).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -63,13 +74,13 @@ func Handler(app *model.AppState) http.Handler { mux.Handle("/v1/music/", http.StripPrefix("/v1/music", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var releaseID = strings.Split(r.URL.Path[1:], "/")[0] - release, err := controller.GetRelease(app.DB, releaseID, true) + release, err := controller.GetRelease(db, releaseID, true) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) return } - fmt.Printf("WARN: Error while retrieving release %s: %s\n", releaseID, err) + fmt.Printf("FATAL: Error while retrieving release %s: %s\n", releaseID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -77,13 +88,13 @@ func Handler(app *model.AppState) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/music/{id} - ServeRelease(app, release).ServeHTTP(w, r) + ServeRelease(release).ServeHTTP(w, r) case http.MethodPut: // PUT /api/v1/music/{id} (admin) - requireAccount(UpdateRelease(app, release)).ServeHTTP(w, r) + admin.RequireAccount(db, UpdateRelease(release)).ServeHTTP(w, r) case http.MethodDelete: // DELETE /api/v1/music/{id} (admin) - requireAccount(DeleteRelease(app, release)).ServeHTTP(w, r) + admin.RequireAccount(db, DeleteRelease(release)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -92,10 +103,10 @@ func Handler(app *model.AppState) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/music - ServeCatalog(app).ServeHTTP(w, r) + ServeCatalog().ServeHTTP(w, r) case http.MethodPost: // POST /api/v1/music (admin) - requireAccount(CreateRelease(app)).ServeHTTP(w, r) + admin.RequireAccount(db, CreateRelease()).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -105,13 +116,13 @@ func Handler(app *model.AppState) http.Handler { mux.Handle("/v1/track/", http.StripPrefix("/v1/track", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var trackID = strings.Split(r.URL.Path[1:], "/")[0] - track, err := controller.GetTrack(app.DB, trackID) + track, err := controller.GetTrack(db, trackID) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) return } - fmt.Printf("WARN: Error while retrieving track %s: %s\n", trackID, err) + fmt.Printf("FATAL: Error while retrieving track %s: %s\n", trackID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -119,13 +130,13 @@ func Handler(app *model.AppState) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/track/{id} (admin) - requireAccount(ServeTrack(app, track)).ServeHTTP(w, r) + admin.RequireAccount(db, ServeTrack(track)).ServeHTTP(w, r) case http.MethodPut: // PUT /api/v1/track/{id} (admin) - requireAccount(UpdateTrack(app, track)).ServeHTTP(w, r) + admin.RequireAccount(db, UpdateTrack(track)).ServeHTTP(w, r) case http.MethodDelete: // DELETE /api/v1/track/{id} (admin) - requireAccount(DeleteTrack(app, track)).ServeHTTP(w, r) + admin.RequireAccount(db, DeleteTrack(track)).ServeHTTP(w, r) default: http.NotFound(w, r) } @@ -134,66 +145,14 @@ func Handler(app *model.AppState) http.Handler { switch r.Method { case http.MethodGet: // GET /api/v1/track (admin) - requireAccount(ServeAllTracks(app)).ServeHTTP(w, r) + admin.RequireAccount(db, ServeAllTracks()).ServeHTTP(w, r) case http.MethodPost: // POST /api/v1/track (admin) - requireAccount(CreateTrack(app)).ServeHTTP(w, r) + admin.RequireAccount(db, CreateTrack()).ServeHTTP(w, r) default: http.NotFound(w, r) } })) - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session, err := getSession(app, r) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to get session: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - ctx := context.WithValue(r.Context(), "session", session) - mux.ServeHTTP(w, r.WithContext(ctx)) - }) -} - -func requireAccount(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) - if session == nil || session.Account == nil { - http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) - return - } - ctx := context.WithValue(r.Context(), "session", session) - next.ServeHTTP(w, r.WithContext(ctx)) - }) -} - -func getSession(app *model.AppState, r *http.Request) (*model.Session, error) { - var token string - - // check cookies first - sessionCookie, err := r.Cookie(model.COOKIE_TOKEN) - if err != nil && err != http.ErrNoCookie { - return nil, errors.New(fmt.Sprintf("Failed to retrieve session cookie: %v\n", err)) - } - if sessionCookie != nil { - token = sessionCookie.Value - } else { - // check Authorization header - token = strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ") - } - - if token == "" { return nil, nil } - - // fetch existing session - session, err := controller.GetSession(app.DB, token) - - if err != nil && !strings.Contains(err.Error(), "no rows") { - return nil, errors.New(fmt.Sprintf("Failed to retrieve session: %v\n", err)) - } - - if session != nil { - // TODO: consider running security checks here (i.e. user agent mismatches) - } - - return session, nil + return mux } diff --git a/api/artist.go b/api/artist.go index 01899a6..c46db59 100644 --- a/api/artist.go +++ b/api/artist.go @@ -1,66 +1,71 @@ package api import ( - "encoding/json" - "fmt" - "io/fs" - "net/http" - "os" - "path/filepath" - "strings" - "time" + "encoding/json" + "fmt" + "io/fs" + "net/http" + "os" + "path/filepath" + "strings" + "time" - "arimelody-web/controller" - "arimelody-web/log" - "arimelody-web/model" + "arimelody-web/global" + "arimelody-web/controller" + "arimelody-web/model" ) -func ServeAllArtists(app *model.AppState) http.Handler { +func ServeAllArtists() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { var artists = []*model.Artist{} - artists, err := controller.GetAllArtists(app.DB) - if err != nil { + artists, err := controller.GetAllArtists(global.DB) + if err != nil { fmt.Printf("WARN: Failed to serve all artists: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } - w.Header().Add("Content-Type", "application/json") + w.Header().Add("Content-Type", "application/json") encoder := json.NewEncoder(w) encoder.SetIndent("", "\t") err = encoder.Encode(artists) - if err != nil { - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } + if err != nil { + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } }) } -func ServeArtist(app *model.AppState, artist *model.Artist) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - type ( - creditJSON struct { +func ServeArtist(artist *model.Artist) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + type ( + creditJSON struct { ID string `json:"id"` Title string `json:"title"` ReleaseDate time.Time `json:"releaseDate" db:"release_date"` Artwork string `json:"artwork"` - Role string `json:"role"` - Primary bool `json:"primary"` - } - artistJSON struct { - *model.Artist - Credits map[string]creditJSON `json:"credits"` - } - ) + Role string `json:"role"` + Primary bool `json:"primary"` + } + artistJSON struct { + *model.Artist + Credits map[string]creditJSON `json:"credits"` + } + ) - session := r.Context().Value("session").(*model.Session) - show_hidden_releases := session != nil && session.Account != nil - - dbCredits, err := controller.GetArtistCredits(app.DB, artist.ID, show_hidden_releases) + account, err := controller.GetAccountByRequest(global.DB, r) if err != nil { - fmt.Printf("WARN: Failed to retrieve artist credits for %s: %v\n", artist.ID, err) + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } + show_hidden_releases := account != nil + + dbCredits, err := controller.GetArtistCredits(global.DB, artist.ID, show_hidden_releases) + if err != nil { + fmt.Printf("WARN: Failed to retrieve artist credits for %s: %v\n", artist.ID, err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } var credits = map[string]creditJSON{} for _, credit := range dbCredits { @@ -74,23 +79,21 @@ func ServeArtist(app *model.AppState, artist *model.Artist) http.Handler { } } - w.Header().Add("Content-Type", "application/json") + w.Header().Add("Content-Type", "application/json") encoder := json.NewEncoder(w) encoder.SetIndent("", "\t") err = encoder.Encode(artistJSON{ Artist: artist, Credits: credits, }) - if err != nil { - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } - }) + if err != nil { + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + }) } -func CreateArtist(app *model.AppState) http.Handler { +func CreateArtist() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) - var artist model.Artist err := json.NewDecoder(r.Body).Decode(&artist) if err != nil { @@ -104,7 +107,7 @@ func CreateArtist(app *model.AppState) http.Handler { } if artist.Name == "" { artist.Name = artist.ID } - err = controller.CreateArtist(app.DB, &artist) + err = controller.CreateArtist(global.DB, &artist) if err != nil { if strings.Contains(err.Error(), "duplicate key") { http.Error(w, fmt.Sprintf("Artist %s already exists\n", artist.ID), http.StatusBadRequest) @@ -115,16 +118,12 @@ func CreateArtist(app *model.AppState) http.Handler { return } - app.Log.Info(log.TYPE_ARTIST, "Artist \"%s\" created by \"%s\".", artist.Name, session.Account.Username) - w.WriteHeader(http.StatusCreated) }) } -func UpdateArtist(app *model.AppState, artist *model.Artist) http.Handler { +func UpdateArtist(artist *model.Artist) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) - err := json.NewDecoder(r.Body).Decode(&artist) if err != nil { fmt.Printf("WARN: Failed to update artist: %s\n", err) @@ -137,7 +136,7 @@ func UpdateArtist(app *model.AppState, artist *model.Artist) http.Handler { } else { if strings.Contains(artist.Avatar, ";base64,") { var artworkDirectory = filepath.Join("uploads", "avatar") - filename, err := HandleImageUpload(app, &artist.Avatar, artworkDirectory, artist.ID) + filename, err := HandleImageUpload(&artist.Avatar, artworkDirectory, artist.ID) // clean up files with this ID and different extensions err = filepath.Walk(artworkDirectory, func(path string, info fs.FileInfo, err error) error { @@ -156,7 +155,7 @@ func UpdateArtist(app *model.AppState, artist *model.Artist) http.Handler { } } - err = controller.UpdateArtist(app.DB, artist) + err = controller.UpdateArtist(global.DB, artist) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -165,16 +164,12 @@ func UpdateArtist(app *model.AppState, artist *model.Artist) http.Handler { fmt.Printf("WARN: Failed to update artist %s: %s\n", artist.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - - app.Log.Info(log.TYPE_ARTIST, "Artist \"%s\" updated by \"%s\".", artist.Name, session.Account.Username) }) } -func DeleteArtist(app *model.AppState, artist *model.Artist) http.Handler { +func DeleteArtist(artist *model.Artist) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) - - err := controller.DeleteArtist(app.DB, artist.ID) + err := controller.DeleteArtist(global.DB, artist.ID) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -183,7 +178,5 @@ func DeleteArtist(app *model.AppState, artist *model.Artist) http.Handler { fmt.Printf("WARN: Failed to delete artist %s: %s\n", artist.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - - app.Log.Info(log.TYPE_ARTIST, "Artist \"%s\" deleted by \"%s\".", artist.Name, session.Account.Username) }) } diff --git a/api/release.go b/api/release.go index e07f0d7..d17fb5f 100644 --- a/api/release.go +++ b/api/release.go @@ -1,33 +1,32 @@ package api import ( - "encoding/json" - "fmt" - "io/fs" - "net/http" - "os" - "path/filepath" - "strings" - "time" + "encoding/json" + "fmt" + "io/fs" + "net/http" + "os" + "path/filepath" + "strings" + "time" - "arimelody-web/controller" - "arimelody-web/log" - "arimelody-web/model" + "arimelody-web/global" + "arimelody-web/controller" + "arimelody-web/model" ) -func ServeRelease(app *model.AppState, release *model.Release) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { +func ServeRelease(release *model.Release) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // only allow authorised users to view hidden releases privileged := false if !release.Visible { - session, err := controller.GetSessionFromRequest(app, r) + account, err := controller.GetAccountByRequest(global.DB, r) if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err) + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } - - if session != nil && session.Account != nil { + if account != nil { // TODO: check privilege on release privileged = true } @@ -68,14 +67,14 @@ func ServeRelease(app *model.AppState, release *model.Release) http.Handler { if release.IsReleased() || privileged { // get credits - credits, err := controller.GetReleaseCredits(app.DB, release.ID) + credits, err := controller.GetReleaseCredits(global.DB, release.ID) if err != nil { fmt.Printf("WARN: Failed to serve release %s: Credits: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } for _, credit := range credits { - artist, err := controller.GetArtist(app.DB, credit.Artist.ID) + artist, err := controller.GetArtist(global.DB, credit.Artist.ID) if err != nil { fmt.Printf("WARN: Failed to serve release %s: Artists: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -90,7 +89,7 @@ func ServeRelease(app *model.AppState, release *model.Release) http.Handler { } // get tracks - tracks, err := controller.GetReleaseTracks(app.DB, release.ID) + tracks, err := controller.GetReleaseTracks(global.DB, release.ID) if err != nil { fmt.Printf("WARN: Failed to serve release %s: Tracks: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -105,7 +104,7 @@ func ServeRelease(app *model.AppState, release *model.Release) http.Handler { } // get links - links, err := controller.GetReleaseLinks(app.DB, release.ID) + links, err := controller.GetReleaseLinks(global.DB, release.ID) if err != nil { fmt.Printf("WARN: Failed to serve release %s: Links: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -116,20 +115,20 @@ func ServeRelease(app *model.AppState, release *model.Release) http.Handler { } } - w.Header().Add("Content-Type", "application/json") + w.Header().Add("Content-Type", "application/json") encoder := json.NewEncoder(w) encoder.SetIndent("", "\t") err := encoder.Encode(response) - if err != nil { - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - }) + if err != nil { + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + }) } -func ServeCatalog(app *model.AppState) http.Handler { +func ServeCatalog() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - releases, err := controller.GetAllReleases(app.DB, false, 0, true) + releases, err := controller.GetAllReleases(global.DB, false, 0, true) if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return @@ -147,11 +146,16 @@ func ServeCatalog(app *model.AppState) http.Handler { } catalog := []Release{} - session := r.Context().Value("session").(*model.Session) + account, err := controller.GetAccountByRequest(global.DB, r) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } for _, release := range releases { if !release.Visible { privileged := false - if session != nil && session.Account != nil { + if account != nil { // TODO: check privilege on release privileged = true } @@ -188,9 +192,12 @@ func ServeCatalog(app *model.AppState) http.Handler { }) } -func CreateRelease(app *model.AppState) http.Handler { +func CreateRelease() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) + if r.Method != http.MethodPost { + http.NotFound(w, r) + return + } var release model.Release err := json.NewDecoder(r.Body).Decode(&release) @@ -213,7 +220,7 @@ func CreateRelease(app *model.AppState) http.Handler { if release.Artwork == "" { release.Artwork = "/img/default-cover-art.png" } - err = controller.CreateRelease(app.DB, &release) + err = controller.CreateRelease(global.DB, &release) if err != nil { if strings.Contains(err.Error(), "duplicate key") { http.Error(w, fmt.Sprintf("Release %s already exists\n", release.ID), http.StatusBadRequest) @@ -224,8 +231,6 @@ func CreateRelease(app *model.AppState) http.Handler { return } - app.Log.Info(log.TYPE_MUSIC, "Release \"%s\" created by \"%s\".", release.ID, session.Account.Username) - w.Header().Add("Content-Type", "application/json") w.WriteHeader(http.StatusCreated) encoder := json.NewEncoder(w) @@ -238,10 +243,8 @@ func CreateRelease(app *model.AppState) http.Handler { }) } -func UpdateRelease(app *model.AppState, release *model.Release) http.Handler { +func UpdateRelease(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) - if r.URL.Path == "/" { http.NotFound(w, r) return @@ -252,11 +255,11 @@ func UpdateRelease(app *model.AppState, release *model.Release) http.Handler { if len(segments) == 2 { switch segments[1] { case "tracks": - UpdateReleaseTracks(app, release).ServeHTTP(w, r) + UpdateReleaseTracks(release).ServeHTTP(w, r) case "credits": - UpdateReleaseCredits(app, release).ServeHTTP(w, r) + UpdateReleaseCredits(release).ServeHTTP(w, r) case "links": - UpdateReleaseLinks(app, release).ServeHTTP(w, r) + UpdateReleaseLinks(release).ServeHTTP(w, r) } return } @@ -278,7 +281,7 @@ func UpdateRelease(app *model.AppState, release *model.Release) http.Handler { } else { if strings.Contains(release.Artwork, ";base64,") { var artworkDirectory = filepath.Join("uploads", "musicart") - filename, err := HandleImageUpload(app, &release.Artwork, artworkDirectory, release.ID) + filename, err := HandleImageUpload(&release.Artwork, artworkDirectory, release.ID) // clean up files with this ID and different extensions err = filepath.Walk(artworkDirectory, func(path string, info fs.FileInfo, err error) error { @@ -297,7 +300,7 @@ func UpdateRelease(app *model.AppState, release *model.Release) http.Handler { } } - err = controller.UpdateRelease(app.DB, release) + err = controller.UpdateRelease(global.DB, release) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -306,15 +309,11 @@ func UpdateRelease(app *model.AppState, release *model.Release) http.Handler { fmt.Printf("WARN: Failed to update release %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - - app.Log.Info(log.TYPE_MUSIC, "Release \"%s\" updated by \"%s\".", release.ID, session.Account.Username) }) } -func UpdateReleaseTracks(app *model.AppState, release *model.Release) http.Handler { +func UpdateReleaseTracks(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) - var trackIDs = []string{} err := json.NewDecoder(r.Body).Decode(&trackIDs) if err != nil { @@ -322,7 +321,7 @@ func UpdateReleaseTracks(app *model.AppState, release *model.Release) http.Handl return } - err = controller.UpdateReleaseTracks(app.DB, release.ID, trackIDs) + err = controller.UpdateReleaseTracks(global.DB, release.ID, trackIDs) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -331,15 +330,11 @@ func UpdateReleaseTracks(app *model.AppState, release *model.Release) http.Handl fmt.Printf("WARN: Failed to update tracks for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - - app.Log.Info(log.TYPE_MUSIC, "Tracklist for release \"%s\" updated by \"%s\".", release.ID, session.Account.Username) }) } -func UpdateReleaseCredits(app *model.AppState, release *model.Release) http.Handler { +func UpdateReleaseCredits(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) - type creditJSON struct { Artist string Role string @@ -363,7 +358,7 @@ func UpdateReleaseCredits(app *model.AppState, release *model.Release) http.Hand }) } - err = controller.UpdateReleaseCredits(app.DB, release.ID, credits) + err = controller.UpdateReleaseCredits(global.DB, release.ID, credits) if err != nil { if strings.Contains(err.Error(), "duplicate key") { http.Error(w, "Artists may only be credited once\n", http.StatusBadRequest) @@ -376,14 +371,15 @@ func UpdateReleaseCredits(app *model.AppState, release *model.Release) http.Hand fmt.Printf("WARN: Failed to update links for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - - app.Log.Info(log.TYPE_MUSIC, "Credits for release \"%s\" updated by \"%s\".", release.ID, session.Account.Username) }) } -func UpdateReleaseLinks(app *model.AppState, release *model.Release) http.Handler { +func UpdateReleaseLinks(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) + if r.Method != http.MethodPut { + http.NotFound(w, r) + return + } var links = []*model.Link{} err := json.NewDecoder(r.Body).Decode(&links) @@ -392,7 +388,7 @@ func UpdateReleaseLinks(app *model.AppState, release *model.Release) http.Handle return } - err = controller.UpdateReleaseLinks(app.DB, release.ID, links) + err = controller.UpdateReleaseLinks(global.DB, release.ID, links) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -401,16 +397,12 @@ func UpdateReleaseLinks(app *model.AppState, release *model.Release) http.Handle fmt.Printf("WARN: Failed to update links for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - - app.Log.Info(log.TYPE_MUSIC, "Links for release \"%s\" updated by \"%s\".", release.ID, session.Account.Username) }) } -func DeleteRelease(app *model.AppState, release *model.Release) http.Handler { +func DeleteRelease(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) - - err := controller.DeleteRelease(app.DB, release.ID) + err := controller.DeleteRelease(global.DB, release.ID) if err != nil { if strings.Contains(err.Error(), "no rows") { http.NotFound(w, r) @@ -419,7 +411,5 @@ func DeleteRelease(app *model.AppState, release *model.Release) http.Handler { fmt.Printf("WARN: Failed to delete release %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - - app.Log.Info(log.TYPE_MUSIC, "Release \"%s\" deleted by \"%s\".", release.ID, session.Account.Username) }) } diff --git a/api/track.go b/api/track.go index 4e48418..8727b4f 100644 --- a/api/track.go +++ b/api/track.go @@ -1,13 +1,13 @@ package api import ( - "encoding/json" - "fmt" - "net/http" + "encoding/json" + "fmt" + "net/http" - "arimelody-web/controller" - "arimelody-web/log" - "arimelody-web/model" + "arimelody-web/global" + "arimelody-web/controller" + "arimelody-web/model" ) type ( @@ -17,7 +17,7 @@ type ( } ) -func ServeAllTracks(app *model.AppState) http.Handler { +func ServeAllTracks() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { type Track struct { ID string `json:"id"` @@ -26,10 +26,10 @@ func ServeAllTracks(app *model.AppState) http.Handler { var tracks = []Track{} var dbTracks = []*model.Track{} - dbTracks, err := controller.GetAllTracks(app.DB) + dbTracks, err := controller.GetAllTracks(global.DB) if err != nil { fmt.Printf("WARN: Failed to pull tracks from DB: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } for _, track := range dbTracks { @@ -39,23 +39,23 @@ func ServeAllTracks(app *model.AppState) http.Handler { }) } - w.Header().Add("Content-Type", "application/json") + w.Header().Add("Content-Type", "application/json") encoder := json.NewEncoder(w) encoder.SetIndent("", "\t") err = encoder.Encode(tracks) - if err != nil { + if err != nil { fmt.Printf("WARN: Failed to serve all tracks: %s\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } }) } -func ServeTrack(app *model.AppState, track *model.Track) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - dbReleases, err := controller.GetTrackReleases(app.DB, track.ID, false) +func ServeTrack(track *model.Track) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + dbReleases, err := controller.GetTrackReleases(global.DB, track.ID, false) if err != nil { fmt.Printf("WARN: Failed to pull track releases for %s from DB: %s\n", track.ID, err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } releases := []string{} @@ -63,20 +63,23 @@ func ServeTrack(app *model.AppState, track *model.Track) http.Handler { releases = append(releases, release.ID) } - w.Header().Add("Content-Type", "application/json") + w.Header().Add("Content-Type", "application/json") encoder := json.NewEncoder(w) encoder.SetIndent("", "\t") err = encoder.Encode(Track{ track, releases }) - if err != nil { + if err != nil { fmt.Printf("WARN: Failed to serve track %s: %s\n", track.ID, err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } - }) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + }) } -func CreateTrack(app *model.AppState) http.Handler { +func CreateTrack() http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - session := r.Context().Value("session").(*model.Session) + if r.Method != http.MethodPost { + http.NotFound(w, r) + return + } var track model.Track err := json.NewDecoder(r.Body).Decode(&track) @@ -90,30 +93,26 @@ func CreateTrack(app *model.AppState) http.Handler { return } - id, err := controller.CreateTrack(app.DB, &track) + id, err := controller.CreateTrack(global.DB, &track) if err != nil { fmt.Printf("WARN: Failed to create track: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } - app.Log.Info(log.TYPE_MUSIC, "Track \"%s\" (%s) created by \"%s\".", track.Title, track.ID, session.Account.Username) - w.Header().Add("Content-Type", "text/plain") w.WriteHeader(http.StatusCreated) w.Write([]byte(id)) }) } -func UpdateTrack(app *model.AppState, track *model.Track) http.Handler { +func UpdateTrack(track *model.Track) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.URL.Path == "/" { + if r.Method != http.MethodPut || r.URL.Path == "/" { http.NotFound(w, r) return } - session := r.Context().Value("session").(*model.Session) - err := json.NewDecoder(r.Body).Decode(&track) if err != nil { http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) @@ -125,15 +124,13 @@ func UpdateTrack(app *model.AppState, track *model.Track) http.Handler { return } - err = controller.UpdateTrack(app.DB, track) + err = controller.UpdateTrack(global.DB, track) if err != nil { fmt.Printf("WARN: Failed to update track %s: %s\n", track.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } - app.Log.Info(log.TYPE_MUSIC, "Track \"%s\" (%s) updated by \"%s\".", track.Title, track.ID, session.Account.Username) - w.Header().Add("Content-Type", "application/json") encoder := json.NewEncoder(w) encoder.SetIndent("", "\t") @@ -144,22 +141,18 @@ func UpdateTrack(app *model.AppState, track *model.Track) http.Handler { }) } -func DeleteTrack(app *model.AppState, track *model.Track) http.Handler { +func DeleteTrack(track *model.Track) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.URL.Path == "/" { + if r.Method != http.MethodDelete || r.URL.Path == "/" { http.NotFound(w, r) return } - session := r.Context().Value("session").(*model.Session) - var trackID = r.URL.Path[1:] - err := controller.DeleteTrack(app.DB, trackID) + err := controller.DeleteTrack(global.DB, trackID) if err != nil { fmt.Printf("WARN: Failed to delete track %s: %s\n", trackID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } - - app.Log.Info(log.TYPE_MUSIC, "Track \"%s\" (%s) deleted by \"%s\".", track.Title, track.ID, session.Account.Username) }) } diff --git a/api/uploads.go b/api/uploads.go index 4678f22..6b1c496 100644 --- a/api/uploads.go +++ b/api/uploads.go @@ -1,56 +1,53 @@ package api import ( - "arimelody-web/log" - "arimelody-web/model" - "bufio" - "encoding/base64" - "errors" - "fmt" - "os" - "path/filepath" - "strings" + "arimelody-web/global" + "bufio" + "encoding/base64" + "errors" + "fmt" + "os" + "path/filepath" + "strings" ) -func HandleImageUpload(app *model.AppState, data *string, directory string, filename string) (string, error) { - split := strings.Split(*data, ";base64,") - header := split[0] - imageData, err := base64.StdEncoding.DecodeString(split[1]) - ext, _ := strings.CutPrefix(header, "data:image/") - directory = filepath.Join(app.Config.DataDirectory, directory) +func HandleImageUpload(data *string, directory string, filename string) (string, error) { + split := strings.Split(*data, ";base64,") + header := split[0] + imageData, err := base64.StdEncoding.DecodeString(split[1]) + ext, _ := strings.CutPrefix(header, "data:image/") + directory = filepath.Join(global.Config.DataDirectory, directory) - switch ext { - case "png": - case "jpg": - case "jpeg": - default: - return "", errors.New("Invalid image type. Allowed: .png, .jpg, .jpeg") - } + switch ext { + case "png": + case "jpg": + case "jpeg": + default: + return "", errors.New("Invalid image type. Allowed: .png, .jpg, .jpeg") + } filename = fmt.Sprintf("%s.%s", filename, ext) - // ensure directory exists - os.MkdirAll(directory, os.ModePerm) + // ensure directory exists + os.MkdirAll(directory, os.ModePerm) - imagePath := filepath.Join(directory, filename) - file, err := os.Create(imagePath) - if err != nil { - return "", err - } - defer file.Close() + imagePath := filepath.Join(directory, filename) + file, err := os.Create(imagePath) + if err != nil { + return "", err + } + defer file.Close() // TODO: generate compressed versions of image (512x512?) - buffer := bufio.NewWriter(file) - _, err = buffer.Write(imageData) - if err != nil { + buffer := bufio.NewWriter(file) + _, err = buffer.Write(imageData) + if err != nil { return "", nil - } + } - if err := buffer.Flush(); err != nil { + if err := buffer.Flush(); err != nil { return "", nil - } + } - app.Log.Info(log.TYPE_FILES, "\"%s/%s.%s\" created.", directory, filename, ext) - - return filename, nil + return filename, nil } diff --git a/bundle.sh b/bundle.sh new file mode 100755 index 0000000..4e7068b --- /dev/null +++ b/bundle.sh @@ -0,0 +1,9 @@ +#!/bin/bash +# simple script to pack up arimelody.me for production distribution + +if [ ! -f arimelody-web ]; then + echo "[FATAL] ./arimelody-web not found! please run \`go build -o arimelody-web\` first." + exit 1 +fi + +tar czvf arimelody-web.tar.gz arimelody-web admin/components/ admin/views/ admin/static/ views/ public/ diff --git a/controller/account.go b/controller/account.go index ab64ca5..3547d35 100644 --- a/controller/account.go +++ b/controller/account.go @@ -1,10 +1,14 @@ package controller import ( - "arimelody-web/model" - "strings" + "arimelody-web/global" + "arimelody-web/model" + "errors" + "fmt" + "net/http" + "strings" - "github.com/jmoiron/sqlx" + "github.com/jmoiron/sqlx" ) func GetAllAccounts(db *sqlx.DB) ([]model.Account, error) { @@ -18,21 +22,7 @@ func GetAllAccounts(db *sqlx.DB) ([]model.Account, error) { return accounts, nil } -func GetAccountByID(db *sqlx.DB, id string) (*model.Account, error) { - var account = model.Account{} - - err := db.Get(&account, "SELECT * FROM account WHERE id=$1", id) - if err != nil { - if strings.Contains(err.Error(), "no rows") { - return nil, nil - } - return nil, err - } - - return &account, nil -} - -func GetAccountByUsername(db *sqlx.DB, username string) (*model.Account, error) { +func GetAccount(db *sqlx.DB, username string) (*model.Account, error) { var account = model.Account{} err := db.Get(&account, "SELECT * FROM account WHERE username=$1", username) @@ -60,12 +50,12 @@ func GetAccountByEmail(db *sqlx.DB, email string) (*model.Account, error) { return &account, nil } -func GetAccountBySession(db *sqlx.DB, sessionToken string) (*model.Account, error) { - if sessionToken == "" { return nil, nil } +func GetAccountByToken(db *sqlx.DB, token string) (*model.Account, error) { + if token == "" { return nil, nil } account := model.Account{} - err := db.Get(&account, "SELECT account.* FROM account JOIN token ON id=account WHERE token=$1", sessionToken) + err := db.Get(&account, "SELECT account.* FROM account JOIN token ON id=account WHERE token=$1", token) if err != nil { if strings.Contains(err.Error(), "no rows") { return nil, nil @@ -76,6 +66,42 @@ func GetAccountBySession(db *sqlx.DB, sessionToken string) (*model.Account, erro return &account, nil } +func GetTokenFromRequest(db *sqlx.DB, r *http.Request) string { + tokenStr := strings.TrimPrefix(r.Header.Get("Authorization"), "Bearer ") + if len(tokenStr) > 0 { + return tokenStr + } + + cookie, err := r.Cookie(global.COOKIE_TOKEN) + if err != nil { + return "" + } + return cookie.Value +} + +func GetAccountByRequest(db *sqlx.DB, r *http.Request) (*model.Account, error) { + tokenStr := GetTokenFromRequest(db, r) + + token, err := GetToken(db, tokenStr) + if err != nil { + if strings.Contains(err.Error(), "no rows") { + return nil, nil + } + return nil, errors.New("GetToken: " + err.Error()) + } + + // does user-agent match the token? + if r.UserAgent() != token.UserAgent { + // invalidate the token + DeleteToken(db, tokenStr) + fmt.Printf("WARN: Attempted use of token by unauthorised User-Agent (Expected `%s`, got `%s`)\n", token.UserAgent, r.UserAgent()) + // TODO: log unauthorised activity to the user + return nil, errors.New("User agent mismatch") + } + + return GetAccountByToken(db, tokenStr) +} + func CreateAccount(db *sqlx.DB, account *model.Account) error { err := db.Get( &account.ID, @@ -94,7 +120,7 @@ func CreateAccount(db *sqlx.DB, account *model.Account) error { func UpdateAccount(db *sqlx.DB, account *model.Account) error { _, err := db.Exec( "UPDATE account " + - "SET username=$2,password=$3,email=$4,avatar_url=$5 " + + "SET username=$2, password=$3, email=$4, avatar_url=$5) " + "WHERE id=$1", account.ID, account.Username, @@ -106,30 +132,7 @@ func UpdateAccount(db *sqlx.DB, account *model.Account) error { return err } -func DeleteAccount(db *sqlx.DB, accountID string) error { - _, err := db.Exec("DELETE FROM account WHERE id=$1", accountID) - return err -} - -func IncrementAccountFails(db *sqlx.DB, accountID string) (bool, error) { - failAttempts := 0 - err := db.Get(&failAttempts, "UPDATE account SET fail_attempts = fail_attempts + 1 WHERE id=$1 RETURNING fail_attempts", accountID) - if err != nil { return false, err } - locked := false - if failAttempts >= model.MAX_LOGIN_FAIL_ATTEMPTS { - err = LockAccount(db, accountID) - if err != nil { return false, err } - locked = true - } - return locked, err -} - -func LockAccount(db *sqlx.DB, accountID string) error { - _, err := db.Exec("UPDATE account SET locked = true WHERE id=$1", accountID) - return err -} - -func UnlockAccount(db *sqlx.DB, accountID string) error { - _, err := db.Exec("UPDATE account SET locked = false, fail_attempts = 0 WHERE id=$1", accountID) +func DeleteAccount(db *sqlx.DB, username string) error { + _, err := db.Exec("DELETE FROM account WHERE username=$1", username) return err } diff --git a/controller/artist.go b/controller/artist.go index f086778..c52b78d 100644 --- a/controller/artist.go +++ b/controller/artist.go @@ -1,48 +1,47 @@ package controller import ( - "arimelody-web/model" - - "github.com/jmoiron/sqlx" + "arimelody-web/model" + "github.com/jmoiron/sqlx" ) // DATABASE func GetArtist(db *sqlx.DB, id string) (*model.Artist, error) { - var artist = model.Artist{} + var artist = model.Artist{} - err := db.Get(&artist, "SELECT * FROM artist WHERE id=$1", id) - if err != nil { - return nil, err - } + err := db.Get(&artist, "SELECT * FROM artist WHERE id=$1", id) + if err != nil { + return nil, err + } - return &artist, nil + return &artist, nil } func GetAllArtists(db *sqlx.DB) ([]*model.Artist, error) { - var artists = []*model.Artist{} + var artists = []*model.Artist{} - err := db.Select(&artists, "SELECT * FROM artist") - if err != nil { - return nil, err - } + err := db.Select(&artists, "SELECT * FROM artist") + if err != nil { + return nil, err + } - return artists, nil + return artists, nil } func GetArtistsNotOnRelease(db *sqlx.DB, releaseID string) ([]*model.Artist, error) { - var artists = []*model.Artist{} + var artists = []*model.Artist{} - err := db.Select(&artists, + err := db.Select(&artists, "SELECT * FROM artist "+ "WHERE id NOT IN "+ "(SELECT artist FROM musiccredit WHERE release=$1)", releaseID) - if err != nil { - return nil, err - } + if err != nil { + return nil, err + } - return artists, nil + return artists, nil } func GetArtistCredits(db *sqlx.DB, artistID string, show_hidden bool) ([]*model.Credit, error) { @@ -54,9 +53,9 @@ func GetArtistCredits(db *sqlx.DB, artistID string, show_hidden bool) ([]*model. if !show_hidden { query += "AND visible=true " } query += "ORDER BY release_date DESC" rows, err := db.Query(query, artistID) - if err != nil { - return nil, err - } + if err != nil { + return nil, err + } defer rows.Close() type NamePrimary struct { @@ -102,13 +101,13 @@ func GetArtistCredits(db *sqlx.DB, artistID string, show_hidden bool) ([]*model. func CreateArtist(db *sqlx.DB, artist *model.Artist) error { _, err := db.Exec( - "INSERT INTO artist (id, name, website, avatar) "+ + "INSERT INTO artist (id, name, website, avatar) "+ "VALUES ($1, $2, $3, $4)", - artist.ID, - artist.Name, - artist.Website, + artist.ID, + artist.Name, + artist.Website, artist.Avatar, - ) + ) if err != nil { return err } diff --git a/controller/invite.go b/controller/invite.go index a7bde40..f30db64 100644 --- a/controller/invite.go +++ b/controller/invite.go @@ -1,12 +1,12 @@ package controller import ( - "arimelody-web/model" - "math/rand" - "strings" - "time" + "arimelody-web/model" + "math/rand" + "strings" + "time" - "github.com/jmoiron/sqlx" + "github.com/jmoiron/sqlx" ) var inviteChars = []byte("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") diff --git a/controller/ip.go b/controller/ip.go deleted file mode 100644 index cbc3054..0000000 --- a/controller/ip.go +++ /dev/null @@ -1,23 +0,0 @@ -package controller - -import ( - "arimelody-web/model" - "net/http" - "slices" - "strings" -) - -// Returns the request's original IP address, resolving the `x-forwarded-for` -// header if the request originates from a trusted proxy. -func ResolveIP(app *model.AppState, r *http.Request) string { - addr := strings.Split(r.RemoteAddr, ":")[0] - if slices.Contains(app.Config.TrustedProxies, addr) { - forwardedFor := r.Header.Get("x-forwarded-for") - if len(forwardedFor) > 0 { - // discard extra IPs; cloudflare tends to append their nodes - forwardedFor = strings.Split(forwardedFor, ", ")[0] - return forwardedFor - } - } - return addr -} diff --git a/controller/migrator.go b/controller/migrator.go index 4b99b9c..3624255 100644 --- a/controller/migrator.go +++ b/controller/migrator.go @@ -1,14 +1,14 @@ package controller import ( - "fmt" - "os" - "time" + "fmt" + "os" + "time" - "github.com/jmoiron/sqlx" + "github.com/jmoiron/sqlx" ) -const DB_VERSION int = 4 +const DB_VERSION int = 2 func CheckDBVersionAndMigrate(db *sqlx.DB) { db.MustExec("CREATE SCHEMA IF NOT EXISTS arimelody") @@ -41,14 +41,6 @@ func CheckDBVersionAndMigrate(db *sqlx.DB) { ApplyMigration(db, "001-pre-versioning") oldDBVersion = 2 - case 2: - ApplyMigration(db, "002-audit-logs") - oldDBVersion = 3 - - case 3: - ApplyMigration(db, "003-fail-lock") - oldDBVersion = 4 - } } @@ -58,7 +50,7 @@ func CheckDBVersionAndMigrate(db *sqlx.DB) { func ApplyMigration(db *sqlx.DB, scriptFile string) { fmt.Printf("Applying schema migration %s...\n", scriptFile) - bytes, err := os.ReadFile("schema-migration/" + scriptFile + ".sql") + bytes, err := os.ReadFile("schema_migration/" + scriptFile + ".sql") if err != nil { fmt.Fprintf(os.Stderr, "FATAL: Failed to open schema file \"%s\": %v\n", scriptFile, err) os.Exit(1) diff --git a/controller/qr.go b/controller/qr.go deleted file mode 100644 index dd08637..0000000 --- a/controller/qr.go +++ /dev/null @@ -1,53 +0,0 @@ -package controller - -import ( - "encoding/base64" - "image" - "image/color" - - "github.com/skip2/go-qrcode" -) - -func GenerateQRCode(data string) (string, error) { - imgBytes, err := qrcode.Encode(data, qrcode.Medium, 256) - if err != nil { - return "", err - } - base64Img := base64.StdEncoding.EncodeToString(imgBytes) - return base64Img, nil -} - -// vvv DEPRECATED vvv - -const margin = 4 - -type QRCodeECCLevel int64 -const ( - LOW QRCodeECCLevel = iota - MEDIUM - QUARTILE - HIGH -) - -func drawLargeAlignmentSquare(x int, y int, img *image.Gray) { - for yi := range 7 { - for xi := range 7 { - if (xi == 0 || xi == 6) || (yi == 0 || yi == 6) { - img.Set(x + xi, y + yi, color.Black) - } else if (xi > 1 && xi < 5) && (yi > 1 && yi < 5) { - img.Set(x + xi, y + yi, color.Black) - } - } - } -} - -func drawSmallAlignmentSquare(x int, y int, img *image.Gray) { - for yi := range 5 { - for xi := range 5 { - if (xi == 0 || xi == 4) || (yi == 0 || yi == 4) { - img.Set(x + xi, y + yi, color.Black) - } - } - } - img.Set(x + 2, y + 2, color.Black) -} diff --git a/controller/release.go b/controller/release.go index 3dcad26..c9791ac 100644 --- a/controller/release.go +++ b/controller/release.go @@ -1,12 +1,11 @@ package controller import ( - "errors" - "fmt" + "errors" + "fmt" - "arimelody-web/model" - - "github.com/jmoiron/sqlx" + "arimelody-web/model" + "github.com/jmoiron/sqlx" ) func GetRelease(db *sqlx.DB, id string, full bool) (*model.Release, error) { diff --git a/controller/session.go b/controller/session.go deleted file mode 100644 index 5028789..0000000 --- a/controller/session.go +++ /dev/null @@ -1,194 +0,0 @@ -package controller - -import ( - "database/sql" - "errors" - "fmt" - "net/http" - "strings" - "time" - - "arimelody-web/log" - "arimelody-web/model" - - "github.com/jmoiron/sqlx" -) - -const TOKEN_LEN = 64 - -func GetSessionFromRequest(app *model.AppState, r *http.Request) (*model.Session, error) { - sessionCookie, err := r.Cookie(model.COOKIE_TOKEN) - if err != nil && err != http.ErrNoCookie { - return nil, errors.New(fmt.Sprintf("Failed to retrieve session cookie: %v", err)) - } - - var session *model.Session - - if sessionCookie != nil { - // fetch existing session - session, err = GetSession(app.DB, sessionCookie.Value) - - if err != nil && !strings.Contains(err.Error(), "no rows") { - return nil, errors.New(fmt.Sprintf("Failed to retrieve session: %v", err)) - } - - if session != nil { - if session.UserAgent != r.UserAgent() { - msg := "Session user agent mismatch. A cookie may have been hijacked!" - if session.Account != nil { - account, _ := GetAccountByID(app.DB, session.Account.ID) - msg += " (Account \"" + account.Username + "\")" - } - app.Log.Warn(log.TYPE_ACCOUNT, msg) - err = DeleteSession(app.DB, session.Token) - if err != nil { - app.Log.Warn(log.TYPE_ACCOUNT, "Failed to delete affected session") - } - return nil, nil - } - } - } - - return session, nil -} - -func CreateSession(db *sqlx.DB, userAgent string) (*model.Session, error) { - tokenString := GenerateAlnumString(TOKEN_LEN) - - session := model.Session{ - Token: string(tokenString), - UserAgent: userAgent, - CreatedAt: time.Now(), - ExpiresAt: time.Now().Add(time.Hour * 24), - } - - _, err := db.Exec("INSERT INTO session " + - "(token, user_agent, created_at, expires_at) VALUES " + - "($1, $2, $3, $4)", - session.Token, - session.UserAgent, - session.CreatedAt, - session.ExpiresAt, - ) - if err != nil { - return nil, err - } - - return &session, nil -} - -// func WriteSession(db *sqlx.DB, session *model.Session) error { -// _, err := db.Exec( -// "UPDATE session " + -// "SET account=$2,message=$3,error=$4 " + -// "WHERE token=$1", -// session.Token, -// session.Account.ID, -// session.Message, -// session.Error, -// ) -// return err -// } - -func SetSessionAttemptAccount(db *sqlx.DB, session *model.Session, account *model.Account) error { - var err error - session.AttemptAccount = account - if account == nil { - _, err = db.Exec("UPDATE session SET attempt_account=NULL WHERE token=$1", session.Token) - } else { - _, err = db.Exec("UPDATE session SET attempt_account=$2 WHERE token=$1", session.Token, account.ID) - } - return err -} - -func SetSessionAccount(db *sqlx.DB, session *model.Session, account *model.Account) error { - var err error - session.Account = account - if account == nil { - _, err = db.Exec("UPDATE session SET account=NULL WHERE token=$1", session.Token) - } else { - _, err = db.Exec("UPDATE session SET account=$2 WHERE token=$1", session.Token, account.ID) - } - return err -} - -func SetSessionMessage(db *sqlx.DB, session *model.Session, message string) error { - var err error - if message == "" { - if !session.Message.Valid { return nil } - session.Message = sql.NullString{ } - _, err = db.Exec("UPDATE session SET message=NULL WHERE token=$1", session.Token) - } else { - session.Message = sql.NullString{ String: message, Valid: true } - _, err = db.Exec("UPDATE session SET message=$2 WHERE token=$1", session.Token, message) - } - return err -} - -func SetSessionError(db *sqlx.DB, session *model.Session, message string) error { - var err error - if message == "" { - if !session.Error.Valid { return nil } - session.Error = sql.NullString{ } - _, err = db.Exec("UPDATE session SET error=NULL WHERE token=$1", session.Token) - } else { - session.Error = sql.NullString{ String: message, Valid: true } - _, err = db.Exec("UPDATE session SET error=$2 WHERE token=$1", session.Token, message) - } - return err -} - -func GetSession(db *sqlx.DB, token string) (*model.Session, error) { - type dbSession struct { - model.Session - AttemptAccountID sql.NullString `db:"attempt_account"` - AccountID sql.NullString `db:"account"` - } - - session := dbSession{} - err := db.Get( - &session, - "SELECT * FROM session WHERE token=$1", - token, - ) - if err != nil { - return nil, err - } - - if session.AccountID.Valid { - session.Account, err = GetAccountByID(db, session.AccountID.String) - if err != nil { - return nil, err - } - } - - if session.AttemptAccountID.Valid { - session.AttemptAccount, err = GetAccountByID(db, session.AttemptAccountID.String) - if err != nil { - return nil, err - } - } - - return &session.Session, err -} - -// func GetAllSessionsForAccount(db *sqlx.DB, accountID string) ([]model.Session, error) { -// sessions := []model.Session{} -// err := db.Select(&sessions, "SELECT * FROM session WHERE account=$1 AND expires_at>current_timestamp", accountID) -// return sessions, err -// } - -func DeleteAllSessionsForAccount(db *sqlx.DB, accountID string) error { - _, err := db.Exec("DELETE FROM session WHERE account=$1", accountID) - return err -} - -func DeleteSession(db *sqlx.DB, token string) error { - _, err := db.Exec("DELETE FROM session WHERE token=$1", token) - return err -} - -func DeleteExpiredSessions(db *sqlx.DB) error { - _, err := db.Exec("DELETE FROM session WHERE expires_atcurrent_timestamp", accountID) + return tokens, err +} + +func DeleteAllTokensForAccount(db *sqlx.DB, accountID string) error { + _, err := db.Exec("DELETE FROM token WHERE account=$1", accountID) + return err +} + +func DeleteToken(db *sqlx.DB, token string) error { + _, err := db.Exec("DELETE FROM token WHERE token=$1", token) + return err +} + diff --git a/controller/totp.go b/controller/totp.go index 076d3a1..18616da 100644 --- a/controller/totp.go +++ b/controller/totp.go @@ -1,25 +1,25 @@ package controller import ( - "arimelody-web/model" - "crypto/hmac" - "crypto/rand" - "crypto/sha1" - "encoding/base32" - "encoding/binary" - "fmt" - "math" - "net/url" - "os" - "strings" - "time" + "arimelody-web/model" + "crypto/hmac" + "crypto/rand" + "crypto/sha1" + "encoding/base32" + "encoding/binary" + "fmt" + "math" + "net/url" + "os" + "strings" + "time" - "github.com/jmoiron/sqlx" + "github.com/jmoiron/sqlx" ) const TOTP_SECRET_LENGTH = 32 -const TOTP_TIME_STEP int64 = 30 -const TOTP_CODE_LENGTH = 6 +const TIME_STEP int64 = 30 +const CODE_LENGTH = 6 func GenerateTOTP(secret string, timeStepOffset int) string { decodedSecret, err := base32.StdEncoding.WithPadding(base32.NoPadding).DecodeString(secret) @@ -27,7 +27,7 @@ func GenerateTOTP(secret string, timeStepOffset int) string { fmt.Fprintf(os.Stderr, "WARN: Invalid Base32 secret\n") } - counter := time.Now().Unix() / TOTP_TIME_STEP - int64(timeStepOffset) + counter := time.Now().Unix() / TIME_STEP - int64(timeStepOffset) counterBytes := make([]byte, 8) binary.BigEndian.PutUint64(counterBytes, uint64(counter)) @@ -37,9 +37,9 @@ func GenerateTOTP(secret string, timeStepOffset int) string { offset := hash[len(hash) - 1] & 0x0f binaryCode := int32(binary.BigEndian.Uint32(hash[offset : offset + 4]) & 0x7FFFFFFF) - code := binaryCode % int32(math.Pow10(TOTP_CODE_LENGTH)) + code := binaryCode % int32(math.Pow10(CODE_LENGTH)) - return fmt.Sprintf(fmt.Sprintf("%%0%dd", TOTP_CODE_LENGTH), code) + return fmt.Sprintf(fmt.Sprintf("%%0%dd", CODE_LENGTH), code) } func GenerateTOTPSecret(length int) string { @@ -64,9 +64,9 @@ func GenerateTOTPURI(username string, secret string) string { query := url.Query() query.Set("secret", secret) query.Set("issuer", "arimelody.me") - // query.Set("algorithm", "SHA1") - // query.Set("digits", fmt.Sprintf("%d", TOTP_CODE_LENGTH)) - // query.Set("period", fmt.Sprintf("%d", TOTP_TIME_STEP)) + query.Set("algorithm", "SHA1") + query.Set("digits", fmt.Sprintf("%d", CODE_LENGTH)) + query.Set("period", fmt.Sprintf("%d", TIME_STEP)) url.RawQuery = query.Encode() return url.String() @@ -78,7 +78,7 @@ func GetTOTPsForAccount(db *sqlx.DB, accountID string) ([]model.TOTP, error) { err := db.Select( &totps, "SELECT * FROM totp " + - "WHERE account=$1 AND confirmed=true " + + "WHERE account=$1 " + "ORDER BY created_at ASC", accountID, ) @@ -89,36 +89,14 @@ func GetTOTPsForAccount(db *sqlx.DB, accountID string) ([]model.TOTP, error) { return totps, nil } -func CheckTOTPForAccount(db *sqlx.DB, accountID string, totp string) (*model.TOTP, error) { - totps, err := GetTOTPsForAccount(db, accountID) - if err != nil { - return nil, err - } - for _, method := range totps { - check := GenerateTOTP(method.Secret, 0) - if check == totp { - return &method, nil - } - // try again with offset- maybe user input the code late? - check = GenerateTOTP(method.Secret, 1) - if check == totp { - return &method, nil - } - } - // user failed all TOTP checks - // note: this state will still occur even if the account has no TOTP methods. - return nil, nil -} - func GetTOTP(db *sqlx.DB, accountID string, name string) (*model.TOTP, error) { totp := model.TOTP{} err := db.Get( &totp, "SELECT * FROM totp " + - "WHERE account=$1 AND name=$2", + "WHERE account=$1", accountID, - name, ) if err != nil { if strings.Contains(err.Error(), "no rows") { @@ -130,15 +108,6 @@ func GetTOTP(db *sqlx.DB, accountID string, name string) (*model.TOTP, error) { return &totp, nil } -func ConfirmTOTP(db *sqlx.DB, accountID string, name string) error { - _, err := db.Exec( - "UPDATE totp SET confirmed=true WHERE account=$1 AND name=$2", - accountID, - name, - ) - return err -} - func CreateTOTP(db *sqlx.DB, totp *model.TOTP) error { _, err := db.Exec( "INSERT INTO totp (account, name, secret) " + @@ -158,8 +127,3 @@ func DeleteTOTP(db *sqlx.DB, accountID string, name string) error { ) return err } - -func DeleteUnconfirmedTOTPs(db *sqlx.DB) error { - _, err := db.Exec("DELETE FROM totp WHERE confirmed=false") - return err -} diff --git a/controller/track.go b/controller/track.go index ee7581c..d302045 100644 --- a/controller/track.go +++ b/controller/track.go @@ -1,9 +1,8 @@ package controller import ( - "arimelody-web/model" - - "github.com/jmoiron/sqlx" + "arimelody-web/model" + "github.com/jmoiron/sqlx" ) // DATABASE @@ -13,19 +12,19 @@ func GetTrack(db *sqlx.DB, id string) (*model.Track, error) { stmt, _ := db.Preparex("SELECT * FROM musictrack WHERE id=$1") err := stmt.Get(&track, id) - if err != nil { + if err != nil { return nil, err - } + } return &track, nil } func GetAllTracks(db *sqlx.DB) ([]*model.Track, error) { var tracks = []*model.Track{} - err := db.Select(&tracks, "SELECT * FROM musictrack") - if err != nil { + err := db.Select(&tracks, "SELECT * FROM musictrack") + if err != nil { return nil, err - } + } return tracks, nil } @@ -33,33 +32,33 @@ func GetAllTracks(db *sqlx.DB) ([]*model.Track, error) { func GetOrphanTracks(db *sqlx.DB) ([]*model.Track, error) { var tracks = []*model.Track{} - err := db.Select(&tracks, "SELECT * FROM musictrack WHERE id NOT IN (SELECT track FROM musicreleasetrack)") - if err != nil { + err := db.Select(&tracks, "SELECT * FROM musictrack WHERE id NOT IN (SELECT track FROM musicreleasetrack)") + if err != nil { return nil, err - } + } return tracks, nil } func GetTracksNotOnRelease(db *sqlx.DB, releaseID string) ([]*model.Track, error) { - var tracks = []*model.Track{} + var tracks = []*model.Track{} - err := db.Select(&tracks, + err := db.Select(&tracks, "SELECT * FROM musictrack "+ "WHERE id NOT IN "+ "(SELECT track FROM musicreleasetrack WHERE release=$1)", releaseID) - if err != nil { - return nil, err - } + if err != nil { + return nil, err + } - return tracks, nil + return tracks, nil } func GetTrackReleases(db *sqlx.DB, trackID string, full bool) ([]*model.Release, error) { var releases = []*model.Release{} - err := db.Select(&releases, + err := db.Select(&releases, "SELECT id,title,type,release_date,artwork,buylink "+ "FROM musicrelease "+ "JOIN musicreleasetrack ON release=id "+ @@ -67,9 +66,9 @@ func GetTrackReleases(db *sqlx.DB, trackID string, full bool) ([]*model.Release, "ORDER BY release_date", trackID, ) - if err != nil { + if err != nil { return nil, err - } + } type NamePrimary struct { Name string `json:"name"` @@ -114,14 +113,14 @@ func GetTrackReleases(db *sqlx.DB, trackID string, full bool) ([]*model.Release, func PullOrphanTracks(db *sqlx.DB) ([]*model.Track, error) { var tracks = []*model.Track{} - err := db.Select(&tracks, + err := db.Select(&tracks, "SELECT id, title, description, lyrics, preview_url FROM musictrack "+ "WHERE id NOT IN "+ "(SELECT track FROM musicreleasetrack)", ) - if err != nil { + if err != nil { return nil, err - } + } return tracks, nil } diff --git a/controller/twitch.go b/controller/twitch.go deleted file mode 100644 index 98d3b9a..0000000 --- a/controller/twitch.go +++ /dev/null @@ -1,94 +0,0 @@ -package controller - -import ( - "arimelody-web/model" - "bytes" - "encoding/json" - "net/http" - "net/url" - "time" -) - -const TWITCH_API_BASE = "https://api.twitch.tv/helix/" - -func TwitchSetup(app *model.AppState) error { - app.Twitch = &model.TwitchState{} - err := RefreshTwitchToken(app) - return err -} - -func RefreshTwitchToken(app *model.AppState) error { - if app.Twitch != nil && app.Twitch.Token != nil && time.Now().UTC().After(app.Twitch.Token.ExpiresAt) { - return nil - } - - requestUrl, _ := url.Parse("https://id.twitch.tv/oauth2/token") - req, _ := http.NewRequest(http.MethodPost, requestUrl.String(), bytes.NewBuffer([]byte(url.Values{ - "client_id": []string{ app.Config.Twitch.ClientID }, - "client_secret": []string{ app.Config.Twitch.Secret }, - "grant_type": []string{ "client_credentials" }, - }.Encode()))) - - res, err := http.DefaultClient.Do(req) - if err != nil { - return err - } - - type TwitchOAuthToken struct { - AccessToken string `json:"access_token"` - ExpiresIn int `json:"expires_in"` - TokenType string `json:"token_type"` - } - oauthResponse := TwitchOAuthToken{} - err = json.NewDecoder(res.Body).Decode(&oauthResponse) - if err != nil { - return err - } - - app.Twitch.Token = &model.TwitchOAuthToken{ - AccessToken: oauthResponse.AccessToken, - ExpiresAt: time.Now().UTC().Add(time.Second * time.Duration(oauthResponse.ExpiresIn)).UTC(), - TokenType: oauthResponse.TokenType, - } - - return nil -} - -var lastStreamState *model.TwitchStreamInfo -var lastStreamStateAt time.Time - -func GetTwitchStatus(app *model.AppState, broadcaster string) (*model.TwitchStreamInfo, error) { - if lastStreamState != nil && time.Now().UTC().Before(lastStreamStateAt.Add(time.Minute)) { - return lastStreamState, nil - } - - requestUrl, _ := url.Parse(TWITCH_API_BASE + "streams") - requestUrl.RawQuery = url.Values{ - "user_login": []string{ broadcaster }, - }.Encode() - req, _ := http.NewRequest(http.MethodGet, requestUrl.String(), nil) - req.Header.Set("Client-Id", app.Config.Twitch.ClientID) - req.Header.Set("Authorization", "Bearer " + app.Twitch.Token.AccessToken) - - res, err := http.DefaultClient.Do(req) - if err != nil { - return nil, err - } - - type StreamsResponse struct { - Data []model.TwitchStreamInfo `json:"data"` - } - streamInfo := StreamsResponse{} - err = json.NewDecoder(res.Body).Decode(&streamInfo) - if err != nil { - return nil, err - } - - if len(streamInfo.Data) == 0 { - return nil, nil - } - - lastStreamState = &streamInfo.Data[0] - lastStreamStateAt = time.Now().UTC() - return lastStreamState, nil -} diff --git a/cursor/cursor.go b/cursor/cursor.go deleted file mode 100644 index 56edb56..0000000 --- a/cursor/cursor.go +++ /dev/null @@ -1,201 +0,0 @@ -package cursor - -import ( - "arimelody-web/model" - "fmt" - "math/rand" - "net/http" - "strconv" - "strings" - "sync" - "time" - - "github.com/gorilla/websocket" -) - -type CursorClient struct { - ID int32 - Conn *websocket.Conn - Route string - X float32 - Y float32 - Click bool - Disconnected bool -} - -type CursorMessage struct { - Data []byte - Route string - Exclude []*CursorClient -} - -func (client *CursorClient) Send(data []byte) { - err := client.Conn.WriteMessage(websocket.TextMessage, data) - if err != nil { - client.Disconnect() - } -} - -func (client *CursorClient) Disconnect() { - client.Disconnected = true - broadcast <- CursorMessage{ - []byte(fmt.Sprintf("leave:%d", client.ID)), - client.Route, - []*CursorClient{}, - } -} - -var clients = make(map[int32]*CursorClient) -var broadcast = make(chan CursorMessage) -var mutex = &sync.Mutex{} - -func StartCursor(app *model.AppState) { - var includes = func (clients []*CursorClient, client *CursorClient) bool { - for _, c := range clients { - if c.ID == client.ID { return true } - } - return false - } - - log("Cursor message handler ready!") - - for { - message := <-broadcast - mutex.Lock() - for _, client := range clients { - if client.Route != message.Route { continue } - if includes(message.Exclude, client) { continue } - client.Send(message.Data) - } - mutex.Unlock() - } -} - -func handleClient(client *CursorClient) { - msgType, message, err := client.Conn.ReadMessage() - if err != nil { - client.Disconnect() - return - } - if msgType != websocket.TextMessage { return } - - args := strings.Split(string(message), ":") - if len(args) == 0 { return } - switch args[0] { - case "loc": - if len(args) < 2 { return } - - client.Route = args[1] - - mutex.Lock() - for otherClientID, otherClient := range clients { - if otherClientID == client.ID || otherClient.Route != client.Route { continue } - client.Send([]byte(fmt.Sprintf("join:%d", otherClientID))) - client.Send([]byte(fmt.Sprintf("pos:%d:%f:%f", otherClientID, otherClient.X, otherClient.Y))) - } - mutex.Unlock() - - broadcast <- CursorMessage{ - []byte(fmt.Sprintf("join:%d", client.ID)), - client.Route, - []*CursorClient{ client }, - } - case "char": - if len(args) < 2 { return } - // haha, turns out using ':' as a separator means you can't type ':'s - // i should really be writing byte packets, not this nonsense - msg := byte(':') - if len(args[1]) > 0 { - msg = args[1][0] - } - broadcast <- CursorMessage{ - []byte(fmt.Sprintf("char:%d:%c", client.ID, msg)), - client.Route, - []*CursorClient{ client }, - } - case "nochar": - broadcast <- CursorMessage{ - []byte(fmt.Sprintf("nochar:%d", client.ID)), - client.Route, - []*CursorClient{ client }, - } - case "click": - if len(args) < 2 { return } - click := 0 - if args[1][0] == '1' { - click = 1 - } - broadcast <- CursorMessage{ - []byte(fmt.Sprintf("click:%d:%d", client.ID, click)), - client.Route, - []*CursorClient{ client }, - } - case "pos": - if len(args) < 3 { return } - x, err := strconv.ParseFloat(args[1], 32) - y, err := strconv.ParseFloat(args[2], 32) - if err != nil { return } - client.X = float32(x) - client.Y = float32(y) - broadcast <- CursorMessage{ - []byte(fmt.Sprintf("pos:%d:%f:%f", client.ID, client.X, client.Y)), - client.Route, - []*CursorClient{ client }, - } - } -} - -func Handler(app *model.AppState) http.HandlerFunc { - var upgrader = websocket.Upgrader{ - CheckOrigin: func (r *http.Request) bool { - origin := r.Header.Get("Origin") - return origin == app.Config.BaseUrl - }, - } - - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - conn, err := upgrader.Upgrade(w, r, nil) - if err != nil { - log("Failed to upgrade to WebSocket connection: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - defer conn.Close() - - client := CursorClient{ - ID: rand.Int31(), - Conn: conn, - X: 0.0, - Y: 0.0, - Disconnected: false, - } - - err = client.Conn.WriteMessage(websocket.TextMessage, []byte(fmt.Sprintf("id:%d", client.ID))) - if err != nil { - client.Conn.Close() - return - } - - mutex.Lock() - clients[client.ID] = &client - mutex.Unlock() - - // log("Client connected: %s (%s)", fmt.Sprintf("0x%08x", client.ID), client.Conn.RemoteAddr().String()) - - for { - if client.Disconnected { - mutex.Lock() - delete(clients, client.ID) - client.Conn.Close() - mutex.Unlock() - return - } - handleClient(&client) - } - }) -} - -func log(format string, args ...any) { - logString := fmt.Sprintf(format, args...) - fmt.Printf("[%s] [CURSOR] %s\n", time.Now().Format(time.UnixDate), logString) -} diff --git a/discord/discord.go b/discord/discord.go index 0eb9b97..8952c85 100644 --- a/discord/discord.go +++ b/discord/discord.go @@ -1,17 +1,38 @@ package discord import ( - "arimelody-web/model" - "encoding/json" - "errors" - "fmt" - "net/http" - "net/url" - "strings" + "encoding/json" + "errors" + "fmt" + "net/http" + "net/url" + "strings" + + "arimelody-web/global" ) const API_ENDPOINT = "https://discord.com/api/v10" +var CREDENTIALS_PROVIDED = true +var CLIENT_ID = func() string { + id := global.Config.Discord.ClientID + if id == "" { + // fmt.Printf("WARN: Discord client ID (DISCORD_CLIENT) was not provided.\n") + CREDENTIALS_PROVIDED = false + } + return id +}() +var CLIENT_SECRET = func() string { + secret := global.Config.Discord.Secret + if secret == "" { + // fmt.Printf("WARN: Discord secret (DISCORD_SECRET) was not provided.\n") + CREDENTIALS_PROVIDED = false + } + return secret +}() +var OAUTH_CALLBACK_URI = fmt.Sprintf("%s/admin/login", global.Config.BaseUrl) +var REDIRECT_URI = fmt.Sprintf("https://discord.com/oauth2/authorize?client_id=%s&response_type=code&redirect_uri=%s&scope=identify", CLIENT_ID, OAUTH_CALLBACK_URI) + type ( AccessTokenResponse struct { AccessToken string `json:"access_token"` @@ -47,15 +68,15 @@ type ( } ) -func GetOAuthTokenFromCode(app *model.AppState, code string) (string, error) { +func GetOAuthTokenFromCode(code string) (string, error) { // let's get an oauth token! req, err := http.NewRequest(http.MethodPost, fmt.Sprintf("%s/oauth2/token", API_ENDPOINT), strings.NewReader(url.Values{ - "client_id": {app.Config.Discord.ClientID}, - "client_secret": {app.Config.Discord.Secret}, + "client_id": {CLIENT_ID}, + "client_secret": {CLIENT_SECRET}, "grant_type": {"authorization_code"}, "code": {code}, - "redirect_uri": {GetOAuthCallbackURI(app.Config.BaseUrl)}, + "redirect_uri": {OAUTH_CALLBACK_URI}, }.Encode())) req.Header.Add("Content-Type", "application/x-www-form-urlencoded") @@ -94,15 +115,3 @@ func GetDiscordUserFromAuth(token string) (DiscordUser, error) { return auth_info.User, nil } - -func GetOAuthCallbackURI(baseURL string) string { - return fmt.Sprintf("%s/admin/login", baseURL) -} - -func GetRedirectURI(app *model.AppState) string { - return fmt.Sprintf( - "https://discord.com/oauth2/authorize?client_id=%s&response_type=code&redirect_uri=%s&scope=identify", - app.Config.Discord.ClientID, - GetOAuthCallbackURI(app.Config.BaseUrl), - ) -} diff --git a/controller/config.go b/global/config.go similarity index 63% rename from controller/config.go rename to global/config.go index fdfa756..20e152f 100644 --- a/controller/config.go +++ b/global/config.go @@ -1,28 +1,49 @@ -package controller +package global import ( - "errors" - "fmt" - "os" - "strconv" + "errors" + "fmt" + "os" + "strconv" - "arimelody-web/model" - - "github.com/pelletier/go-toml/v2" + "github.com/jmoiron/sqlx" + "github.com/pelletier/go-toml/v2" ) -func GetConfig() model.Config { +type ( + dbConfig struct { + Host string `toml:"host"` + Port int64 `toml:"port"` + Name string `toml:"name"` + User string `toml:"user"` + Pass string `toml:"pass"` + } + + discordConfig struct { + AdminID string `toml:"admin_id" comment:"NOTE: admin_id to be deprecated in favour of local accounts and SSO."` + ClientID string `toml:"client_id"` + Secret string `toml:"secret"` + } + + config struct { + BaseUrl string `toml:"base_url" comment:"Used for OAuth redirects."` + Port int64 `toml:"port"` + DataDirectory string `toml:"data_dir"` + DB dbConfig `toml:"db"` + Discord discordConfig `toml:"discord"` + } +) + +var Config = func() config { configFile := os.Getenv("ARIMELODY_CONFIG") if configFile == "" { configFile = "config.toml" } - config := model.Config{ + config := config{ BaseUrl: "https://arimelody.me", - Host: "0.0.0.0", Port: 8080, - TrustedProxies: []string{ "127.0.0.1" }, - DB: model.DBConfig{ + DB: dbConfig{ Host: "127.0.0.1", Port: 5432, User: "arimelody", @@ -42,22 +63,23 @@ func GetConfig() model.Config { err = toml.Unmarshal([]byte(data), &config) if err != nil { - panic(fmt.Sprintf("FATAL: Failed to parse configuration file: %v\n", err)) + fmt.Fprintf(os.Stderr, "FATAL: Failed to parse configuration file: %v\n", err) + os.Exit(1) } err = handleConfigOverrides(&config) if err != nil { - panic(fmt.Sprintf("FATAL: Failed to parse environment variable %v\n", err)) + fmt.Fprintf(os.Stderr, "FATAL: Failed to parse environment variable %v\n", err) + os.Exit(1) } return config -} +}() -func handleConfigOverrides(config *model.Config) error { +func handleConfigOverrides(config *config) error { var err error if env, has := os.LookupEnv("ARIMELODY_BASE_URL"); has { config.BaseUrl = env } - if env, has := os.LookupEnv("ARIMELODY_HOST"); has { config.Host = env } if env, has := os.LookupEnv("ARIMELODY_PORT"); has { config.Port, err = strconv.ParseInt(env, 10, 0) if err != nil { return errors.New("ARIMELODY_PORT: " + err.Error()) } @@ -77,9 +99,7 @@ func handleConfigOverrides(config *model.Config) error { if env, has := os.LookupEnv("ARIMELODY_DISCORD_CLIENT_ID"); has { config.Discord.ClientID = env } if env, has := os.LookupEnv("ARIMELODY_DISCORD_SECRET"); has { config.Discord.Secret = env } - if env, has := os.LookupEnv("ARIMELODY_TWITCH_BROADCASTER"); has { config.Twitch.Broadcaster = env } - if env, has := os.LookupEnv("ARIMELODY_TWITCH_CLIENT_ID"); has { config.Twitch.ClientID = env } - if env, has := os.LookupEnv("ARIMELODY_TWITCH_SECRET"); has { config.Twitch.Secret = env } - return nil } + +var DB *sqlx.DB diff --git a/global/const.go b/global/const.go new file mode 100644 index 0000000..157668d --- /dev/null +++ b/global/const.go @@ -0,0 +1,3 @@ +package global + +const COOKIE_TOKEN string = "AM_TOKEN" diff --git a/global/funcs.go b/global/funcs.go new file mode 100644 index 0000000..49edb01 --- /dev/null +++ b/global/funcs.go @@ -0,0 +1,101 @@ +package global + +import ( + "fmt" + "math/rand" + "net/http" + "strconv" + "time" + + "arimelody-web/colour" +) + +var PoweredByStrings = []string{ + "nerd rage", + "estrogen", + "your mother", + "awesome powers beyond comprehension", + "jared", + "the weight of my sins", + "the arc reactor", + "AA batteries", + "15 euro solar panel from ebay", + "magnets, how do they work", + "a fax machine", + "dell optiplex", + "a trans girl's nintendo wii", + "BASS", + "electricity, duh", + "seven hamsters in a big wheel", + "girls", + "mzungu hosting", + "golang", + "the state of the world right now", + "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)", + "the good folks at aperture science", + "free2play CDs", + "aridoodle", + "the love of creating", + "not for the sake of art; not for the sake of money; we like painting naked people", + "30 billion dollars in VC funding", +} + +func DefaultHeaders(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + w.Header().Add("Server", "arimelody.me") + w.Header().Add("Do-Not-Stab", "1") + w.Header().Add("X-Clacks-Overhead", "GNU Terry Pratchett") + w.Header().Add("X-Hacker", "spare me please") + w.Header().Add("X-Robots-TXT", "'; DROP TABLE pages;") + w.Header().Add("X-Thinking-With", "Portals") + w.Header().Add( + "X-Powered-By", + PoweredByStrings[rand.Intn(len(PoweredByStrings))], + ) + next.ServeHTTP(w, r) + }) +} + +type LoggingResponseWriter struct { + http.ResponseWriter + Status int +} + +func (lrw *LoggingResponseWriter) WriteHeader(status int) { + lrw.Status = status + lrw.ResponseWriter.WriteHeader(status) +} + +func HTTPLog(next http.Handler) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + start := time.Now() + + lrw := LoggingResponseWriter{w, http.StatusOK} + + next.ServeHTTP(&lrw, r) + + after := time.Now() + difference := (after.Nanosecond() - start.Nanosecond()) / 1_000_000 + elapsed := "<1" + if difference >= 1 { + elapsed = strconv.Itoa(difference) + } + + statusColour := colour.Reset + + if lrw.Status - 600 <= 0 { statusColour = colour.Red } + if lrw.Status - 500 <= 0 { statusColour = colour.Yellow } + if lrw.Status - 400 <= 0 { statusColour = colour.White } + if lrw.Status - 300 <= 0 { statusColour = colour.Green } + + fmt.Printf("[%s] %s %s - %s%d%s (%sms) (%s)\n", + after.Format(time.UnixDate), + r.Method, + r.URL.Path, + statusColour, + lrw.Status, + colour.Reset, + elapsed, + r.Header["User-Agent"][0]) + }) +} diff --git a/go.mod b/go.mod index a1c6c76..73a1cf1 100644 --- a/go.mod +++ b/go.mod @@ -8,9 +8,4 @@ require ( ) require golang.org/x/crypto v0.27.0 // indirect - -require ( - github.com/gorilla/websocket v1.5.3 // indirect - github.com/pelletier/go-toml/v2 v2.2.3 // indirect - github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e // indirect -) +require github.com/pelletier/go-toml/v2 v2.2.3 // indirect diff --git a/go.sum b/go.sum index f2ec7e7..35e1b20 100644 --- a/go.sum +++ b/go.sum @@ -2,17 +2,13 @@ filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA= filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4= github.com/go-sql-driver/mysql v1.8.1 h1:LedoTUt/eveggdHS9qUFC1EFSa8bU2+1pZjSRpvNJ1Y= github.com/go-sql-driver/mysql v1.8.1/go.mod h1:wEBSXgmK//2ZFJyE+qWnIsVGmvmEKlqwuVSjsCm7DZg= -github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= -github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/jmoiron/sqlx v1.4.0 h1:1PLqN7S1UYp5t4SrVVnt4nUVNemrDAtxlulVe+Qgm3o= github.com/jmoiron/sqlx v1.4.0/go.mod h1:ZrZ7UsYB/weZdl2Bxg6jCRO9c3YHl8r3ahlKmRT4JLY= github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw= github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o= github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU= github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y= -github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= -github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= -github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e h1:MRM5ITcdelLK2j1vwZ3Je0FKVCfqOLp5zO6trqMLYs0= -github.com/skip2/go-qrcode v0.0.0-20200617195104-da1b6568686e/go.mod h1:XV66xRDqSt+GTGFMVlhk3ULuV0y9ZmzeVGR4mloJI3M= golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +github.com/pelletier/go-toml/v2 v2.2.3 h1:YmeHyLY8mFWbdkNWwpr+qIL2bEqT0o95WSdkNHvL12M= +github.com/pelletier/go-toml/v2 v2.2.3/go.mod h1:MfCQTFTvCcUyyvvwm1+G6H/jORL20Xlb6rzQu9GuUkc= diff --git a/log/log.go b/log/log.go deleted file mode 100644 index 88d328b..0000000 --- a/log/log.go +++ /dev/null @@ -1,143 +0,0 @@ -package log - -import ( - "fmt" - "os" - "time" - - "github.com/jmoiron/sqlx" -) - -type ( - Logger struct { - DB *sqlx.DB - } - - Log struct { - ID string `json:"id" db:"id"` - Level LogLevel `json:"level" db:"level"` - Type string `json:"type" db:"type"` - Content string `json:"content" db:"content"` - CreatedAt time.Time `json:"created_at" db:"created_at"` - } -) - -const ( - TYPE_ACCOUNT string = "account" - TYPE_MUSIC string = "music" - TYPE_ARTIST string = "artist" - TYPE_BLOG string = "blog" - TYPE_ARTWORK string = "artwork" - TYPE_FILES string = "files" - TYPE_MISC string = "misc" - TYPE_CURSOR string = "cursor" -) - -type LogLevel int -const ( - LEVEL_INFO LogLevel = 0 - LEVEL_WARN LogLevel = 1 -) - -const DEFAULT_LOG_PAGE_LENGTH = 25 - -func (self *Logger) Info(logType string, format string, args ...any) { - logString := fmt.Sprintf(format, args...) - fmt.Printf("[%s] [%s] INFO: %s\n", time.Now().Format(time.UnixDate), logType, logString) - err := createLog(self.DB, LEVEL_INFO, logType, logString) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to push log to database: %v\n", err) - } -} - -func (self *Logger) Warn(logType string, format string, args ...any) { - logString := fmt.Sprintf(format, args...) - fmt.Fprintf(os.Stderr, "[%s] [%s] WARN: %s\n", time.Now().Format(time.UnixDate), logType, logString) - err := createLog(self.DB, LEVEL_WARN, logType, logString) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to push log to database: %v\n", err) - } -} - -func (self *Logger) Fetch(id string) (*Log, error) { - log := Log{} - err := self.DB.Get(&log, "SELECT * FROM auditlog WHERE id=$1", id) - return &log, err -} - -func (self *Logger) Search(levelFilters []LogLevel, typeFilters []string, content string, limit int, offset int) ([]*Log, error) { - logs := []*Log{} - - params := []any{ limit, offset } - conditions := "" - - if len(content) > 0 { - content = "%" + content + "%" - conditions += " WHERE content LIKE $3" - params = append(params, content) - } - - if len(levelFilters) > 0 { - if len(conditions) > 0 { - conditions += " AND level IN (" - } else { - conditions += " WHERE level IN (" - } - for i := range levelFilters { - conditions += fmt.Sprintf("$%d", len(params) + 1) - if i < len(levelFilters) - 1 { - conditions += "," - } - params = append(params, levelFilters[i]) - } - conditions += ")" - } - - if len(typeFilters) > 0 { - if len(conditions) > 0 { - conditions += " AND type IN (" - } else { - conditions += " WHERE type IN (" - } - for i := range typeFilters { - conditions += fmt.Sprintf("$%d", len(params) + 1) - if i < len(typeFilters) - 1 { - conditions += "," - } - params = append(params, typeFilters[i]) - } - conditions += ")" - } - - query := fmt.Sprintf( - "SELECT * FROM auditlog%s ORDER BY created_at DESC LIMIT $1 OFFSET $2", - conditions, - ) - - /* - fmt.Printf("%s (", query) - for i, param := range params { - fmt.Print(param) - if i < len(params) - 1 { - fmt.Print(", ") - } - } - fmt.Print(")\n") - */ - - err := self.DB.Select(&logs, query, params...) - if err != nil { - return nil, err - } - return logs, nil -} - -func createLog(db *sqlx.DB, logLevel LogLevel, logType string, content string) error { - _, err := db.Exec( - "INSERT INTO auditlog (level, type, content) VALUES ($1,$2,$3)", - logLevel, - logType, - content, - ) - return err -} diff --git a/main.go b/main.go index 7bcd5ac..cbda0a7 100644 --- a/main.go +++ b/main.go @@ -1,32 +1,25 @@ package main import ( - "bufio" - "errors" - "fmt" - stdLog "log" - "math" - "math/rand" - "net" - "net/http" - "os" - "path/filepath" - "strconv" - "strings" - "time" + "errors" + "fmt" + "log" + "net/http" + "os" + "path/filepath" + "strings" + "time" - "arimelody-web/admin" - "arimelody-web/api" - "arimelody-web/colour" - "arimelody-web/controller" - "arimelody-web/cursor" - "arimelody-web/log" - "arimelody-web/model" - "arimelody-web/view" + "arimelody-web/admin" + "arimelody-web/api" + "arimelody-web/controller" + "arimelody-web/global" + "arimelody-web/model" + "arimelody-web/templates" + "arimelody-web/view" - "github.com/jmoiron/sqlx" - _ "github.com/lib/pq" - "golang.org/x/crypto/bcrypt" + "github.com/jmoiron/sqlx" + _ "github.com/lib/pq" ) // used for database migrations @@ -37,51 +30,48 @@ const DEFAULT_PORT int64 = 8080 func main() { fmt.Printf("made with <3 by ari melody\n\n") - app := model.AppState{ - Config: controller.GetConfig(), - Twitch: nil, - } + // TODO: refactor `global` to `AppState` + // this should contain `Config` and `DB`, and be passed through to all + // handlers that need it. it's better than weird static globals everywhere! // initialise database connection - if app.Config.DB.Host == "" { + if global.Config.DB.Host == "" { fmt.Fprintf(os.Stderr, "FATAL: db.host not provided! Exiting...\n") os.Exit(1) } - if app.Config.DB.Name == "" { + if global.Config.DB.Name == "" { fmt.Fprintf(os.Stderr, "FATAL: db.name not provided! Exiting...\n") os.Exit(1) } - if app.Config.DB.User == "" { + if global.Config.DB.User == "" { fmt.Fprintf(os.Stderr, "FATAL: db.user not provided! Exiting...\n") os.Exit(1) } - if app.Config.DB.Pass == "" { + if global.Config.DB.Pass == "" { fmt.Fprintf(os.Stderr, "FATAL: db.pass not provided! Exiting...\n") os.Exit(1) } var err error - app.DB, err = sqlx.Connect( + global.DB, err = sqlx.Connect( "postgres", fmt.Sprintf( "host=%s port=%d user=%s dbname=%s password='%s' sslmode=disable", - app.Config.DB.Host, - app.Config.DB.Port, - app.Config.DB.User, - app.Config.DB.Name, - app.Config.DB.Pass, + global.Config.DB.Host, + global.Config.DB.Port, + global.Config.DB.User, + global.Config.DB.Name, + global.Config.DB.Pass, ), ) if err != nil { fmt.Fprintf(os.Stderr, "FATAL: Unable to initialise database: %v\n", err) os.Exit(1) } - app.DB.SetConnMaxLifetime(time.Minute * 3) - app.DB.SetMaxOpenConns(10) - app.DB.SetMaxIdleConns(10) - defer app.DB.Close() - - app.Log = log.Logger{ DB: app.DB } + global.DB.SetConnMaxLifetime(time.Minute * 3) + global.DB.SetMaxOpenConns(10) + global.DB.SetMaxIdleConns(10) + defer global.DB.Close() // handle command arguments if len(os.Args) > 1 { @@ -95,36 +85,31 @@ func main() { } username := os.Args[2] totpName := os.Args[3] + secret := controller.GenerateTOTPSecret(controller.TOTP_SECRET_LENGTH) - account, err := controller.GetAccountByUsername(app.DB, username) + account, err := controller.GetAccount(global.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) os.Exit(1) } - secret := controller.GenerateTOTPSecret(controller.TOTP_SECRET_LENGTH) totp := model.TOTP { AccountID: account.ID, Name: totpName, Secret: string(secret), } - err = controller.CreateTOTP(app.DB, &totp) + err = controller.CreateTOTP(global.DB, &totp) if err != nil { - if strings.HasPrefix(err.Error(), "pq: duplicate key") { - fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" already has a TOTP method named \"%s\"!\n", account.Username, totp.Name) - os.Exit(1) - } - fmt.Fprintf(os.Stderr, "FATAL: Failed to create TOTP method: %v\n", err) + fmt.Fprintf(os.Stderr, "Failed to create TOTP method: %v\n", err) os.Exit(1) } - app.Log.Info(log.TYPE_ACCOUNT, "TOTP method \"%s\" for \"%s\" created via config utility.", totp.Name, account.Username) url := controller.GenerateTOTPURI(account.Username, totp.Secret) fmt.Printf("%s\n", url) return @@ -137,24 +122,23 @@ func main() { username := os.Args[2] totpName := os.Args[3] - account, err := controller.GetAccountByUsername(app.DB, username) + account, err := controller.GetAccount(global.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) os.Exit(1) } - err = controller.DeleteTOTP(app.DB, account.ID, totpName) + err = controller.DeleteTOTP(global.DB, account.ID, totpName) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to create TOTP method: %v\n", err) + fmt.Fprintf(os.Stderr, "Failed to create TOTP method: %v\n", err) os.Exit(1) } - app.Log.Info(log.TYPE_ACCOUNT, "TOTP method \"%s\" for \"%s\" deleted via config utility.", totpName, account.Username) fmt.Printf("TOTP method \"%s\" deleted.\n", totpName) return @@ -165,20 +149,20 @@ func main() { } username := os.Args[2] - account, err := controller.GetAccountByUsername(app.DB, username) + account, err := controller.GetAccount(global.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) os.Exit(1) } - totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) + totps, err := controller.GetTOTPsForAccount(global.DB, account.ID) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to create TOTP methods: %v\n", err) + fmt.Fprintf(os.Stderr, "Failed to create TOTP methods: %v\n", err) os.Exit(1) } @@ -198,25 +182,25 @@ func main() { username := os.Args[2] totpName := os.Args[3] - account, err := controller.GetAccountByUsername(app.DB, username) + account, err := controller.GetAccount(global.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) os.Exit(1) } - totp, err := controller.GetTOTP(app.DB, account.ID, totpName) + totp, err := controller.GetTOTP(global.DB, account.ID, totpName) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch TOTP method \"%s\": %v\n", totpName, err) + fmt.Fprintf(os.Stderr, "Failed to fetch TOTP method \"%s\": %v\n", totpName, err) os.Exit(1) } if totp == nil { - fmt.Fprintf(os.Stderr, "FATAL: TOTP method \"%s\" does not exist for account \"%s\"\n", totpName, username) + fmt.Fprintf(os.Stderr, "TOTP method \"%s\" does not exist for account \"%s\"\n", totpName, username) os.Exit(1) } @@ -224,103 +208,49 @@ func main() { fmt.Printf("%s\n", code) return - case "cleanTOTP": - err := controller.DeleteUnconfirmedTOTPs(app.DB) - if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to clean up TOTP methods: %v\n", err) - os.Exit(1) - } - app.Log.Info(log.TYPE_ACCOUNT, "TOTP methods pruned via config utility.") - fmt.Printf("Cleaned up dangling TOTP methods successfully.\n") - return - case "createInvite": fmt.Printf("Creating invite...\n") - invite, err := controller.CreateInvite(app.DB, 16, time.Hour * 24) + invite, err := controller.CreateInvite(global.DB, 16, time.Hour * 24) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to create invite code: %v\n", err) + fmt.Fprintf(os.Stderr, "Failed to create invite code: %v\n", err) os.Exit(1) } - app.Log.Info(log.TYPE_ACCOUNT, "Invite generted via config utility (%s).", invite.Code) - fmt.Printf( - "Here you go! This code expires in %d hours: %s\n", - int(math.Ceil(invite.ExpiresAt.Sub(invite.CreatedAt).Hours())), - invite.Code, - ) + fmt.Printf("Here you go! This code expires in 24 hours: %s\n", invite.Code) return case "purgeInvites": fmt.Printf("Deleting all invites...\n") - err := controller.DeleteAllInvites(app.DB) + err := controller.DeleteAllInvites(global.DB) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to delete invites: %v\n", err) + fmt.Fprintf(os.Stderr, "Failed to delete invites: %v\n", err) os.Exit(1) } - app.Log.Info(log.TYPE_ACCOUNT, "Invites purged via config utility.") fmt.Printf("Invites deleted successfully.\n") return case "listAccounts": - accounts, err := controller.GetAllAccounts(app.DB) + accounts, err := controller.GetAllAccounts(global.DB) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch accounts: %v\n", err) + fmt.Fprintf(os.Stderr, "Failed to fetch accounts: %v\n", err) os.Exit(1) } for _, account := range accounts { - email := "" - if account.Email.Valid { email = account.Email.String } fmt.Printf( "User: %s\n" + "\tID: %s\n" + "\tEmail: %s\n" + - "\tCreated: %s\n" + - "\tLocked: %t\n", + "\tCreated: %s\n", account.Username, account.ID, - email, + account.Email, account.CreatedAt, - account.Locked, ) } return - case "changePassword": - if len(os.Args) < 4 { - fmt.Fprintf(os.Stderr, "FATAL: `username` and `password` must be specified for changePassword\n") - os.Exit(1) - } - - username := os.Args[2] - password := os.Args[3] - account, err := controller.GetAccountByUsername(app.DB, username) - if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) - os.Exit(1) - } - if account == nil { - fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) - os.Exit(1) - } - - hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) - if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to update password: %v\n", err) - os.Exit(1) - } - account.Password = string(hashedPassword) - err = controller.UpdateAccount(app.DB, account) - if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to update password: %v\n", err) - os.Exit(1) - } - - app.Log.Info(log.TYPE_ACCOUNT, "Password for '%s' updated via config utility.", account.Username) - fmt.Printf("Password for \"%s\" updated successfully.\n", account.Username) - return - case "deleteAccount": if len(os.Args) < 3 { fmt.Fprintf(os.Stderr, "FATAL: `username` must be specified for deleteAccount\n") @@ -329,14 +259,14 @@ func main() { username := os.Args[2] fmt.Printf("Deleting account \"%s\"...\n", username) - account, err := controller.GetAccountByUsername(app.DB, username) + account, err := controller.GetAccount(global.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) + fmt.Fprintf(os.Stderr, "Failed to fetch account \"%s\": %v\n", username, err) os.Exit(1) } if account == nil { - fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) + fmt.Fprintf(os.Stderr, "Account \"%s\" does not exist.\n", username) os.Exit(1) } @@ -346,95 +276,16 @@ func main() { if !strings.HasPrefix(res, "y") { return } - - err = controller.DeleteAccount(app.DB, account.ID) + + err = controller.DeleteAccount(global.DB, username) if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to delete account: %v\n", err) + fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err) os.Exit(1) } - app.Log.Info(log.TYPE_ACCOUNT, "Account '%s' deleted via config utility.", account.Username) fmt.Printf("Account \"%s\" deleted successfully.\n", account.Username) return - - case "lockAccount": - if len(os.Args) < 3 { - fmt.Fprintf(os.Stderr, "FATAL: `username` must be specified for lockAccount\n") - os.Exit(1) - } - username := os.Args[2] - fmt.Printf("Unlocking account \"%s\"...\n", username) - - account, err := controller.GetAccountByUsername(app.DB, username) - if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) - os.Exit(1) - } - - if account == nil { - fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) - os.Exit(1) - } - - err = controller.LockAccount(app.DB, account.ID) - if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to lock account: %v\n", err) - os.Exit(1) - } - - app.Log.Info(log.TYPE_ACCOUNT, "Account '%s' locked via config utility.", account.Username) - fmt.Printf("Account \"%s\" locked successfully.\n", account.Username) - return - - case "unlockAccount": - if len(os.Args) < 3 { - fmt.Fprintf(os.Stderr, "FATAL: `username` must be specified for unlockAccount\n") - os.Exit(1) - } - username := os.Args[2] - fmt.Printf("Unlocking account \"%s\"...\n", username) - - account, err := controller.GetAccountByUsername(app.DB, username) - if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch account \"%s\": %v\n", username, err) - os.Exit(1) - } - - if account == nil { - fmt.Fprintf(os.Stderr, "FATAL: Account \"%s\" does not exist.\n", username) - os.Exit(1) - } - - err = controller.UnlockAccount(app.DB, account.ID) - if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to unlock account: %v\n", err) - os.Exit(1) - } - - app.Log.Info(log.TYPE_ACCOUNT, "Account '%s' unlocked via config utility.", account.Username) - fmt.Printf("Account \"%s\" unlocked successfully.\n", account.Username) - return - - case "logs": - // TODO: add log search parameters - logs, err := app.Log.Search([]log.LogLevel{}, []string{}, "", 100, 0) - if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to fetch logs: %v\n", err) - os.Exit(1) - } - for _, item := range(logs) { - levelStr := "" - switch item.Level { - case log.LEVEL_INFO: - levelStr = "INFO" - case log.LEVEL_WARN: - levelStr = "WARN" - default: - levelStr = fmt.Sprintf("? (%d)", item.Level) - } - fmt.Printf("[%s] %s:\n\t[%s] %s: %s\n", item.CreatedAt.Format(time.UnixDate), item.ID, item.Type, levelStr, item.Content) - } - return + } // command help @@ -444,41 +295,30 @@ func main() { "listTOTP :\n\tLists an account's TOTP methods.\n" + "deleteTOTP :\n\tDeletes an account's TOTP method.\n" + "testTOTP :\n\tGenerates the code for an account's TOTP method.\n" + - "cleanTOTP:\n\tCleans up unconfirmed (dangling) TOTP methods.\n" + "\n" + "createInvite:\n\tCreates an invite code to register new accounts.\n" + "purgeInvites:\n\tDeletes all available invite codes.\n" + "listAccounts:\n\tLists all active accounts.\n", - "deleteAccount :\n\tDeletes the account under `username`.\n", - "lockAccount :\n\tLocks the account under `username`.\n", - "unlockAccount :\n\tUnlocks the account under `username`.\n", - "logs:\n\tShows system logs.\n", + "deleteAccount :\n\tDeletes an account with a given `username`.\n", ) return } // handle DB migrations - controller.CheckDBVersionAndMigrate(app.DB) - - if app.Config.Twitch != nil { - err = controller.TwitchSetup(&app) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to set up Twitch integration: %v\n", err) - } - } + controller.CheckDBVersionAndMigrate(global.DB) // initial invite code accountsCount := 0 - err = app.DB.Get(&accountsCount, "SELECT count(*) FROM account") + err = global.DB.Get(&accountsCount, "SELECT count(*) FROM account") if err != nil { panic(err) } if accountsCount == 0 { - _, err := app.DB.Exec("DELETE FROM invite") + _, err := global.DB.Exec("DELETE FROM invite") if err != nil { fmt.Fprintf(os.Stderr, "FATAL: Failed to clear existing invite codes: %v\n", err) os.Exit(1) } - invite, err := controller.CreateInvite(app.DB, 16, time.Hour * 24) + invite, err := controller.CreateInvite(global.DB, 16, time.Hour * 24) if err != nil { fmt.Fprintf(os.Stderr, "FATAL: Failed to create invite code: %v\n", err) os.Exit(1) @@ -487,145 +327,66 @@ func main() { fmt.Printf("No accounts exist! Generated invite code: %s\n", invite.Code) } - // delete expired sessions - err = controller.DeleteExpiredSessions(app.DB) - if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to clear expired sessions: %v\n", err) - os.Exit(1) - } - // delete expired invites - err = controller.DeleteExpiredInvites(app.DB) + err = controller.DeleteExpiredInvites(global.DB) if err != nil { fmt.Fprintf(os.Stderr, "FATAL: Failed to clear expired invite codes: %v\n", err) os.Exit(1) } - // clean up unconfirmed TOTP methods - err = controller.DeleteUnconfirmedTOTPs(app.DB) - if err != nil { - fmt.Fprintf(os.Stderr, "FATAL: Failed to clean up unconfirmed TOTP methods: %v\n", err) - os.Exit(1) - } - - go cursor.StartCursor(&app) - // start the web server! - mux := createServeMux(&app) - fmt.Printf("Now serving at http://%s:%d\n", app.Config.Host, app.Config.Port) - stdLog.Fatal( - http.ListenAndServe(fmt.Sprintf("%s:%d", app.Config.Host, app.Config.Port), - HTTPLog(DefaultHeaders(mux)), + mux := createServeMux() + fmt.Printf("Now serving at %s:%d\n", global.Config.BaseUrl, global.Config.Port) + log.Fatal( + http.ListenAndServe(fmt.Sprintf(":%d", global.Config.Port), + global.HTTPLog(global.DefaultHeaders(mux)), )) } -func createServeMux(app *model.AppState) *http.ServeMux { +func createServeMux() *http.ServeMux { mux := http.NewServeMux() - mux.Handle("/admin/", http.StripPrefix("/admin", admin.Handler(app))) - mux.Handle("/api/", http.StripPrefix("/api", api.Handler(app))) - mux.Handle("/music/", http.StripPrefix("/music", view.MusicHandler(app))) - mux.Handle("/uploads/", http.StripPrefix("/uploads", view.StaticHandler(filepath.Join(app.Config.DataDirectory, "uploads")))) - mux.Handle("/cursor-ws", cursor.Handler(app)) - mux.Handle("/", view.IndexHandler(app)) + mux.Handle("/admin/", http.StripPrefix("/admin", admin.Handler(global.DB))) + mux.Handle("/api/", http.StripPrefix("/api", api.Handler(global.DB))) + mux.Handle("/music/", http.StripPrefix("/music", view.MusicHandler(global.DB))) + mux.Handle("/uploads/", http.StripPrefix("/uploads", staticHandler(filepath.Join(global.Config.DataDirectory, "uploads")))) + mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method == http.MethodHead { + w.WriteHeader(http.StatusOK) + return + } + + if r.URL.Path == "/" || r.URL.Path == "/index.html" { + err := templates.Pages["index"].Execute(w, nil) + if err != nil { + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + return + } + staticHandler("public").ServeHTTP(w, r) + })) return mux } -var PoweredByStrings = []string{ - "nerd rage", - "estrogen", - "your mother", - "awesome powers beyond comprehension", - "jared", - "the weight of my sins", - "the arc reactor", - "AA batteries", - "15 euro solar panel from ebay", - "magnets, how do they work", - "a fax machine", - "dell optiplex", - "a trans girl's nintendo wii", - "BASS", - "electricity, duh", - "seven hamsters in a big wheel", - "girls", - "mzungu hosting", - "golang", - "the state of the world right now", - "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)", - "the good folks at aperture science", - "free2play CDs", - "aridoodle", - "the love of creating", - "not for the sake of art; not for the sake of money; we like painting naked people", - "30 billion dollars in VC funding", -} - -func DefaultHeaders(next http.Handler) http.Handler { +func staticHandler(directory string) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - w.Header().Add("Server", "arimelody.me") - w.Header().Add("Do-Not-Stab", "1") - w.Header().Add("X-Clacks-Overhead", "GNU Terry Pratchett") - w.Header().Add("X-Hacker", "spare me please") - w.Header().Add("X-Robots-TXT", "'; DROP TABLE pages;") - w.Header().Add("X-Thinking-With", "Portals") - w.Header().Add( - "X-Powered-By", - PoweredByStrings[rand.Intn(len(PoweredByStrings))], - ) - next.ServeHTTP(w, r) - }) -} + info, err := os.Stat(filepath.Join(directory, filepath.Clean(r.URL.Path))) -type LoggingResponseWriter struct { - http.ResponseWriter - Status int -} - -func (lrw *LoggingResponseWriter) Hijack() (net.Conn, *bufio.ReadWriter, error) { - hijack, ok := lrw.ResponseWriter.(http.Hijacker) - if !ok { - return nil, nil, errors.New("Server does not support hijacking\n") - } - return hijack.Hijack() -} - -func (lrw *LoggingResponseWriter) WriteHeader(status int) { - lrw.Status = status - lrw.ResponseWriter.WriteHeader(status) -} - -func HTTPLog(next http.Handler) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - start := time.Now() - - lrw := LoggingResponseWriter{w, http.StatusOK} - - next.ServeHTTP(&lrw, r) - - after := time.Now() - difference := (after.Nanosecond() - start.Nanosecond()) / 1_000_000 - elapsed := "<1" - if difference >= 1 { - elapsed = strconv.Itoa(difference) + // does the file exist? + if err != nil { + if errors.Is(err, os.ErrNotExist) { + http.NotFound(w, r) + return + } } - statusColour := colour.Reset + // is thjs a directory? (forbidden) + if info.IsDir() { + http.NotFound(w, r) + return + } - if lrw.Status - 600 <= 0 { statusColour = colour.Red } - if lrw.Status - 500 <= 0 { statusColour = colour.Yellow } - if lrw.Status - 400 <= 0 { statusColour = colour.White } - if lrw.Status - 300 <= 0 { statusColour = colour.Green } - - fmt.Printf("[%s] %s %s - %s%d%s (%sms) (%s)\n", - after.Format(time.UnixDate), - r.Method, - r.URL.Path, - statusColour, - lrw.Status, - colour.Reset, - elapsed, - r.Header["User-Agent"][0]) + http.FileServer(http.Dir(directory)).ServeHTTP(w, r) }) } diff --git a/model/account.go b/model/account.go index 67424b7..031cae9 100644 --- a/model/account.go +++ b/model/account.go @@ -1,23 +1,15 @@ package model -import ( - "database/sql" - "time" -) - -const COOKIE_TOKEN string = "AM_SESSION" -const MAX_LOGIN_FAIL_ATTEMPTS int = 3 +import "time" type ( Account struct { - ID string `json:"id" db:"id"` - Username string `json:"username" db:"username"` - Password string `json:"password" db:"password"` - Email sql.NullString `json:"email" db:"email"` - AvatarURL sql.NullString `json:"avatar_url" db:"avatar_url"` - CreatedAt time.Time `json:"created_at" db:"created_at"` - FailAttempts int `json:"fail_attempts" db:"fail_attempts"` - Locked bool `json:"locked" db:"locked"` + ID string `json:"id" db:"id"` + Username string `json:"username" db:"username"` + Password string `json:"password" db:"password"` + Email string `json:"email" db:"email"` + AvatarURL string `json:"avatar_url" db:"avatar_url"` + CreatedAt time.Time `json:"created_at" db:"created_at"` Privileges []AccountPrivilege `json:"privileges"` } diff --git a/model/appstate.go b/model/appstate.go deleted file mode 100644 index 3a1c230..0000000 --- a/model/appstate.go +++ /dev/null @@ -1,47 +0,0 @@ -package model - -import ( - "github.com/jmoiron/sqlx" - - "arimelody-web/log" -) - -type ( - DBConfig struct { - Host string `toml:"host"` - Port int64 `toml:"port"` - Name string `toml:"name"` - User string `toml:"user"` - Pass string `toml:"pass"` - } - - DiscordConfig struct { - AdminID string `toml:"admin_id" comment:"NOTE: admin_id to be deprecated in favour of local accounts and SSO."` - ClientID string `toml:"client_id"` - Secret string `toml:"secret"` - } - - TwitchConfig struct { - Broadcaster string `toml:"broadcaster"` - ClientID string `toml:"client_id"` - Secret string `toml:"secret"` - } - - Config struct { - BaseUrl string `toml:"base_url" comment:"Used for OAuth redirects."` - Host string `toml:"host"` - Port int64 `toml:"port"` - DataDirectory string `toml:"data_dir"` - TrustedProxies []string `toml:"trusted_proxies"` - DB DBConfig `toml:"db"` - Discord *DiscordConfig `toml:"discord"` - Twitch *TwitchConfig `toml:"twitch"` - } - - AppState struct { - DB *sqlx.DB - Config Config - Log log.Logger - Twitch *TwitchState - } -) diff --git a/model/artist.go b/model/artist.go index 746a7dd..733e537 100644 --- a/model/artist.go +++ b/model/artist.go @@ -1,17 +1,21 @@ package model type ( - Artist struct { - ID string `json:"id"` - Name string `json:"name"` - Website string `json:"website"` - Avatar string `json:"avatar"` - } + Artist struct { + ID string `json:"id"` + Name string `json:"name"` + Website string `json:"website"` + Avatar string `json:"avatar"` + } ) -func (artist Artist) GetAvatar() string { - if artist.Avatar == "" { - return "/img/default-avatar.png" - } - return artist.Avatar +func (artist Artist) GetWebsite() string { + return artist.Website +} + +func (artist Artist) GetAvatar() string { + if artist.Avatar == "" { + return "/img/default-avatar.png" + } + return artist.Avatar } diff --git a/model/artist_test.go b/model/artist_test.go deleted file mode 100644 index feb9a18..0000000 --- a/model/artist_test.go +++ /dev/null @@ -1,23 +0,0 @@ -package model - -import ( - "testing" -) - -func Test_Artist_GetAvatar(t *testing.T) { - want := "testavatar.png" - artist := Artist{ Avatar: want } - - got := artist.GetAvatar() - if want != got { - t.Errorf(`correct value not returned when avatar is populated (want "%s", got "%s")`, want, got) - } - - artist = Artist{} - - want = "/img/default-avatar.png" - got = artist.GetAvatar() - if want != got { - t.Errorf(`default value not returned when avatar is empty (want "%s", got "%s")`, want, got) - } -} diff --git a/model/link.go b/model/link.go index ba83e22..8b48ced 100644 --- a/model/link.go +++ b/model/link.go @@ -1,16 +1,16 @@ package model import ( - "regexp" - "strings" + "regexp" + "strings" ) type Link struct { - Name string `json:"name"` - URL string `json:"url"` + Name string `json:"name"` + URL string `json:"url"` } func (link Link) NormaliseName() string { - rgx := regexp.MustCompile(`[^a-z0-9\-]`) - return rgx.ReplaceAllString(strings.ToLower(link.Name), "") + rgx := regexp.MustCompile(`[^a-z0-9]`) + return strings.ToLower(rgx.ReplaceAllString(link.Name, "")) } diff --git a/model/link_test.go b/model/link_test.go deleted file mode 100644 index b368094..0000000 --- a/model/link_test.go +++ /dev/null @@ -1,23 +0,0 @@ -package model - -import ( - "testing" -) - -func Test_Link_NormaliseName(t *testing.T) { - link := Link{ - Name: "!c@o#o$l%-^a&w*e(s)o_m=e+-[l{i]n}k-0123456789ABCDEF", - } - - want := "cool-awesome-link-0123456789abcdef" - got := link.NormaliseName() - if want != got { - t.Errorf(`name with invalid characters not properly formatted (want "%s", got "%s")`, want, got) - } - - link.Name = want - got = link.NormaliseName() - if want != got { - t.Errorf(`valid name mangled by formatter (want "%s", got "%s")`, want, got) - } -} diff --git a/model/release.go b/model/release.go index e64317b..7b0c8d5 100644 --- a/model/release.go +++ b/model/release.go @@ -1,9 +1,9 @@ package model import ( - "html/template" - "strings" - "time" + "html/template" + "strings" + "time" ) type ( @@ -24,7 +24,6 @@ type ( Tracks []*Track `json:"tracks"` Credits []*Credit `json:"credits"` Links []*Link `json:"links"` - CreatedAt time.Time `json:"-" db:"created_at"` } ) @@ -50,6 +49,10 @@ func (release Release) PrintReleaseDate() string { return release.ReleaseDate.Format("02 January 2006") } +func (release Release) GetReleaseYear() int { + return release.ReleaseDate.Year() +} + func (release Release) GetArtwork() string { if release.Artwork == "" { return "/img/default-cover-art.png" @@ -73,23 +76,23 @@ func (release Release) GetUniqueArtistNames(only_primary bool) []string { names = append(names, credit.Artist.Name) } - return names + return names } func (release Release) PrintArtists(only_primary bool, ampersand bool) string { names := release.GetUniqueArtistNames(only_primary) - if len(names) == 0 { - return "Unknown Artist" - } else if len(names) == 1 { - return names[0] - } + if len(names) == 0 { + return "Unknown Artist" + } else if len(names) == 1 { + return names[0] + } - if ampersand { - res := strings.Join(names[:len(names)-1], ", ") - res += " & " + names[len(names)-1] - return res - } else { - return strings.Join(names[:], ", ") - } + if ampersand { + res := strings.Join(names[:len(names)-1], ", ") + res += " & " + names[len(names)-1] + return res + } else { + return strings.Join(names[:], ", ") + } } diff --git a/model/release_test.go b/model/release_test.go deleted file mode 100644 index b0ddaf5..0000000 --- a/model/release_test.go +++ /dev/null @@ -1,157 +0,0 @@ -package model - -import ( - "testing" - "time" -) - -func Test_Release_DescriptionHTML(t *testing.T) { - release := Release{ - Description: "this is\na test\ndescription!", - } - - // descriptions are set by privileged users, - // so we'll allow HTML injection here - want := "this is
        a test
        description!" - got := release.GetDescriptionHTML() - if want != string(got) { - t.Errorf(`release description incorrectly formatted (want "%s", got "%s")`, want, got) - } -} - -func Test_Release_ReleaseDate(t *testing.T) { - release := Release{ - ReleaseDate: time.Date(2025, time.July, 26, 16, 0, 0, 0, time.UTC), - } - - want := "2025-07-26T16:00" - got := release.TextReleaseDate() - if want != got { - t.Errorf(`release date incorrectly formatted (want "%s", got "%s")`, want, got) - } - - want = "26 July 2025" - got = release.PrintReleaseDate() - if want != got { - t.Errorf(`release date (print) incorrectly formatted (want "%s", got "%s")`, want, got) - } -} - -func Test_Release_Artwork(t *testing.T) { - want := "testartwork.png" - release := Release{ Artwork: want } - - got := release.GetArtwork() - if want != got { - t.Errorf(`correct value not returned when artwork is populated (want "%s", got "%s")`, want, got) - } - - release = Release{} - - want = "/img/default-cover-art.png" - got = release.GetArtwork() - if want != got { - t.Errorf(`default value not returned when artwork is empty (want "%s", got "%s")`, want, got) - } -} - -func Test_Release_IsSingle(t *testing.T) { - release := Release{ - Tracks: []*Track{}, - } - - if release.IsSingle() { - t.Errorf("IsSingle() == true when no tracks are present") - } - - release.Tracks = append(release.Tracks, &Track{}) - if !release.IsSingle() { - t.Errorf("IsSingle() == false when one track is present") - } - - release.Tracks = append(release.Tracks, &Track{}) - if release.IsSingle() { - t.Errorf("IsSingle() == true when >1 tracks are present") - } -} - -func Test_Release_IsReleased(t *testing.T) { - release := Release { - ReleaseDate: time.Now(), - } - - if !release.IsReleased() { - t.Errorf("IsRelease() == false when release date in the past") - } - - release.ReleaseDate = time.Now().Add(time.Hour) - if release.IsReleased() { - t.Errorf("IsRelease() == true when release date in the future") - } -} - -func Test_Release_PrintArtists(t *testing.T) { - artist1 := "ari melody" - artist2 := "aridoodle" - artist3 := "idk" - artist4 := "guest" - - release := Release { - Credits: []*Credit{ - { Artist: Artist{ Name: artist1 }, Primary: true }, - { Artist: Artist{ Name: artist2 }, Primary: true }, - { Artist: Artist{ Name: artist3 }, Primary: false }, - { Artist: Artist{ Name: artist4 }, Primary: true }, - }, - } - - { - want := []string{ artist1, artist2, artist4 } - got := release.GetUniqueArtistNames(true) - if len(want) != len(got) { - t.Errorf(`len(GetUniqueArtistNames) (primary only) == %d, want %d`, len(got), len(want)) - } - for i := range got { - if want[i] != got[i] { - t.Errorf(`GetUniqueArtistNames[%d] (primary only) == %s, want %s`, i, got[i], want[i]) - } - } - - want = []string{ artist1, artist2, artist3, artist4 } - got = release.GetUniqueArtistNames(false) - if len(want) != len(got) { - t.Errorf(`len(GetUniqueArtistNames) == %d, want %d`, len(got), len(want)) - } - for i := range got { - if want[i] != got[i] { - t.Errorf(`GetUniqueArtistNames[%d] == %s, want %s`, i, got[i], want[i]) - } - } - } - - { - want := "ari melody, aridoodle & guest" - got := release.PrintArtists(true, true) - if want != got { - t.Errorf(`PrintArtists (primary only, ampersand) == "%s", want "%s"`, want, got) - } - - want = "ari melody, aridoodle, guest" - got = release.PrintArtists(true, false) - if want != got { - t.Errorf(`PrintArtists (primary only) == "%s", want "%s"`, want, got) - } - - want = "ari melody, aridoodle, idk & guest" - got = release.PrintArtists(false, true) - if want != got { - t.Errorf(`PrintArtists (all, ampersand) == "%s", want "%s"`, want, got) - } - - want = "ari melody, aridoodle, idk, guest" - got = release.PrintArtists(false, false) - if want != got { - t.Errorf(`PrintArtists (all) == "%s", want "%s"`, want, got) - } - } -} diff --git a/model/session.go b/model/session.go deleted file mode 100644 index 7382de3..0000000 --- a/model/session.go +++ /dev/null @@ -1,18 +0,0 @@ -package model - -import ( - "database/sql" - "time" -) - -type Session struct { - Token string `json:"-" db:"token"` - UserAgent string `json:"user_agent" db:"user_agent"` - CreatedAt time.Time `json:"created_at" db:"created_at"` - ExpiresAt time.Time `json:"-" db:"expires_at"` - - Account *Account `json:"-" db:"-"` - AttemptAccount *Account `json:"-" db:"-"` - Message sql.NullString `json:"-" db:"message"` - Error sql.NullString `json:"-" db:"error"` -} diff --git a/model/token.go b/model/token.go new file mode 100644 index 0000000..31beb72 --- /dev/null +++ b/model/token.go @@ -0,0 +1,11 @@ +package model + +import "time" + +type Token struct { + Token string `json:"token" db:"token"` + AccountID string `json:"-" db:"account"` + UserAgent string `json:"user_agent" db:"user_agent"` + CreatedAt time.Time `json:"created_at" db:"created_at"` + ExpiresAt time.Time `json:"expires_at" db:"expires_at"` +} diff --git a/model/totp.go b/model/totp.go index 108dae5..8d8422f 100644 --- a/model/totp.go +++ b/model/totp.go @@ -1,7 +1,7 @@ package model import ( - "time" + "time" ) type TOTP struct { @@ -9,5 +9,4 @@ type TOTP struct { AccountID string `json:"accountID" db:"account"` Secret string `json:"-" db:"secret"` CreatedAt time.Time `json:"created_at" db:"created_at"` - Confirmed bool `json:"-" db:"confirmed"` } diff --git a/model/track.go b/model/track.go index deaf086..d44c224 100644 --- a/model/track.go +++ b/model/track.go @@ -1,20 +1,18 @@ package model import ( - "html/template" - "strings" + "html/template" + "strings" ) type ( - Track struct { - ID string `json:"id"` - Title string `json:"title"` - Description string `json:"description"` + Track struct { + ID string `json:"id"` + Title string `json:"title"` + Description string `json:"description"` Lyrics string `json:"lyrics" db:"lyrics"` - PreviewURL string `json:"previewURL" db:"preview_url"` - - Number int - } + PreviewURL string `json:"previewURL" db:"preview_url"` + } ) func (track Track) GetDescriptionHTML() template.HTML { diff --git a/model/track_test.go b/model/track_test.go deleted file mode 100644 index fd500d7..0000000 --- a/model/track_test.go +++ /dev/null @@ -1,43 +0,0 @@ -package model - -import ( - "testing" -) - -func Test_Track_DescriptionHTML(t *testing.T) { - track := Track{ - Description: "this is\na test\ndescription!", - } - - // descriptions are set by privileged users, - // so we'll allow HTML injection here - want := "this is
        a test
        description!" - got := track.GetDescriptionHTML() - if want != string(got) { - t.Errorf(`track description incorrectly formatted (want "%s", got "%s")`, want, got) - } -} - -func Test_Track_LyricsHTML(t *testing.T) { - track := Track{ - Lyrics: "these are\ntest\nlyrics!", - } - - // lyrics are set by privileged users, - // so we'll allow HTML injection here - want := "these are
        test
        lyrics!" - got := track.GetLyricsHTML() - if want != string(got) { - t.Errorf(`track lyrics incorrectly formatted (want "%s", got "%s")`, want, got) - } -} - -func Test_Track_Add(t *testing.T) { - track := Track{} - - want := 4 - got := track.Add(2, 2) - if want != got { - t.Errorf(`somehow, we screwed up addition. (want %d, got %d)`, want, got) - } -} diff --git a/model/twitch.go b/model/twitch.go deleted file mode 100644 index 6bca17d..0000000 --- a/model/twitch.go +++ /dev/null @@ -1,43 +0,0 @@ -package model - -import ( - "fmt" - "strings" - "time" -) - -type ( - TwitchOAuthToken struct { - AccessToken string - ExpiresAt time.Time - TokenType string - } - - TwitchState struct { - Token *TwitchOAuthToken - } - - TwitchStreamInfo struct { - ID string `json:"id"` - UserID string `json:"user_id"` - UserLogin string `json:"user_login"` - UserName string `json:"user_name"` - GameID string `json:"game_id"` - GameName string `json:"game_name"` - Type string `json:"type"` - Title string `json:"title"` - ViewerCount int `json:"viewer_count"` - StartedAt string `json:"started_at"` - Language string `json:"language"` - ThumbnailURL string `json:"thumbnail_url"` - TagIDs []string `json:"tag_ids"` - Tags []string `json:"tags"` - IsMature bool `json:"is_mature"` - } -) - -func (info *TwitchStreamInfo) Thumbnail(width int, height int) string { - res := strings.Replace(info.ThumbnailURL, "{width}", fmt.Sprintf("%d", width), 1) - res = strings.Replace(res, "{height}", fmt.Sprintf("%d", height), 1) - return res -} diff --git a/public/img/brand/bandcamp.svg b/public/img/brand/bandcamp.svg deleted file mode 100644 index 9623ec2..0000000 --- a/public/img/brand/bandcamp.svg +++ /dev/null @@ -1,10 +0,0 @@ - - - - - - - - - - diff --git a/public/img/brand/bluesky.svg b/public/img/brand/bluesky.svg deleted file mode 100644 index d77fafe..0000000 --- a/public/img/brand/bluesky.svg +++ /dev/null @@ -1,10 +0,0 @@ - - - - - - - - - - diff --git a/public/img/brand/codeberg.svg b/public/img/brand/codeberg.svg deleted file mode 100644 index 028b729..0000000 --- a/public/img/brand/codeberg.svg +++ /dev/null @@ -1,164 +0,0 @@ - - - Codeberg logo - - - - - - - - - - - - - - - - - - - - - image/svg+xml - - Codeberg logo - - - - Robert Martinez - - - - - Codeberg and the Codeberg Logo are trademarks of Codeberg e.V. - - - 2020-04-09 - - - Codeberg e.V. - - - codeberg.org - - - - - - - - - - - - - diff --git a/public/img/brand/discord.svg b/public/img/brand/discord.svg deleted file mode 100644 index b636d15..0000000 --- a/public/img/brand/discord.svg +++ /dev/null @@ -1 +0,0 @@ - \ No newline at end of file diff --git a/public/img/brand/twitch.svg b/public/img/brand/twitch.svg deleted file mode 100644 index 3120fea..0000000 --- a/public/img/brand/twitch.svg +++ /dev/null @@ -1,21 +0,0 @@ - - - - -Asset 2 - - - - - - - - - - - diff --git a/public/img/brand/youtube.svg b/public/img/brand/youtube.svg deleted file mode 100644 index 3286071..0000000 --- a/public/img/brand/youtube.svg +++ /dev/null @@ -1,10 +0,0 @@ - - - - - - - - - - diff --git a/public/img/buttons/girlonthemoon.png b/public/img/buttons/girlonthemoon.png deleted file mode 100644 index 4e98a12..0000000 Binary files a/public/img/buttons/girlonthemoon.png and /dev/null differ diff --git a/public/img/buttons/thermia.gif b/public/img/buttons/thermia.gif deleted file mode 100644 index a7ee70a..0000000 Binary files a/public/img/buttons/thermia.gif and /dev/null differ diff --git a/public/keys/ari melody_0x92678188_public.asc b/public/keys/ari melody_0x92678188_public.asc index 80a4676..2b37d88 100644 --- a/public/keys/ari melody_0x92678188_public.asc +++ b/public/keys/ari melody_0x92678188_public.asc @@ -1,26 +1,13 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEZNW03RYJKwYBBAHaRw8BAQdAuMUNVjXT7m/YisePPnSYY6lc1Xmm3oS79ZEO -JriRCZy0HWFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkubWU+iJkEExYKAEECGwMF -CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AWIQTujeuNYocuegkeKt/PmYKckmeB -iAUCZ7UqUAUJCIMP8wAKCRDPmYKckmeBiO/NAP0SoJL4aKZqCeYiSoDF/Uw6nMmZ -+oR1Uig41wQ/IDbhCAEApP2vbjSIu6pcp0AQlL7qcoyPWv+XkqPSFqW9KEZZVwqI -kwQTFgoAOxYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJk1bTdAhsDBQsJCAcCAiIC -BhUKCQgLAgQWAgMBAh4HAheAAAoJEM+ZgpySZ4GIYJsA/jBNwsJTlmV9JMmsW0aF -ApYDoPG1Q7sJ6CRW7xKCRjcqAQDX9iqNnW9Jqo8M3jXfu+aGSF926hg6M3SKm02P -f27bAbgzBGe1JooWCSsGAQQB2kcPAQEHQJbfh5iLHEpZndMgekqYzqTrUoAJ8ZIL -d4WH0dcw9tOaiPUEGBYKACYCGwIWIQTujeuNYocuegkeKt/PmYKckmeBiAUCZ7Uq -VgUJBaOeTACBdiAEGRYKAB0WIQQlu5dWmBR/P3ZxngxgtfA4bj3bfgUCZ7UmigAK -CRBgtfA4bj3bfux+AP4y5ydrjnGBMX7GuB2nh55SRdscSiXsZ66ntnjXyQcbWgEA -pDuu7FqXzXcnluuZxNFDT740Rnzs60tTeplDqGGWcAQJEM+ZgpySZ4GIc0kA/iSw -Nw+r3FC75omwrPpJF13B5fq93FweFx+oSaES6qzkAQDvgCK77qKKbvCju0g8zSsK -EZnv6xR4uvtGdVkvLpBdC7gzBGe1JpkWCSsGAQQB2kcPAQEHQGnU4lXFLchhKYkC -PshP+jvuRsNoedaDOK2p4dkQC8JuiH4EGBYKACYCGyAWIQTujeuNYocuegkeKt/P -mYKckmeBiAUCZ7UqXgUJBaOeRQAKCRDPmYKckmeBiL9KAQCJZIBhuSsoYa61I0XZ -cKzGZbB0h9pD6eg1VRswNIgHtQEAwu9Hgs1rs9cySvKbO7WgK6Qh6EfrvGgGOXCO -m3wVsg24OARntSo5EgorBgEEAZdVAQUBAQdA+/k586W1OHxndzDJNpbd+wqjyjr0 -D5IXxfDs00advB0DAQgHiH4EGBYKACYWIQTujeuNYocuegkeKt/PmYKckmeBiAUC -Z7UqOQIbDAUJBaOagAAKCRDPmYKckmeBiEFxAQCgziQt2l3u7jnZVij4zop+K2Lv -TVFtkbG61tf6brRzBgD/X6c6X5BRyQC51JV1I1RFRBdeMAIXzcLFg2v3WUMccQs= -=YmHI +JriRCZy0HWFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkubWU+iJMEExYKADsWIQTu +jeuNYocuegkeKt/PmYKckmeBiAUCZNW03QIbAwULCQgHAgIiAgYVCgkICwIEFgID +AQIeBwIXgAAKCRDPmYKckmeBiGCbAP4wTcLCU5ZlfSTJrFtGhQKWA6DxtUO7Cegk +Vu8SgkY3KgEA1/YqjZ1vSaqPDN4137vmhkhfduoYOjN0iptNj39u2wG4OARk1bTd +EgorBgEEAZdVAQUBAQdAnA2drPzQBoXNdwIrFnovuF0CjX+8+8QSugCF4a5ZEXED +AQgHiHgEGBYKACAWIQTujeuNYocuegkeKt/PmYKckmeBiAUCZNW03QIbDAAKCRDP +mYKckmeBiC/xAQD1hu4WcstR40lkUxMqhZ44wmizrDA+eGCdh7Ge3Gy79wEAx385 +GnYoNplMTA4BTGs7orV4WSfSkoBx0+px1UOewgs= +=M1Bp -----END PGP PUBLIC KEY BLOCK----- diff --git a/public/script/config.js b/public/script/config.js index 402a74b..b3dd135 100644 --- a/public/script/config.js +++ b/public/script/config.js @@ -1,106 +1,42 @@ -const ARIMELODY_CONFIG_NAME = "arimelody.me-config"; - -class Config { - _crt = false; - _cursor = false; - _cursorFunMode = false; - - /** @type Map> */ - #listeners = new Map(); - - constructor(values) { - function thisOrElse(values, name, defaultValue) { - if (values === null) return defaultValue; - if (values[name] === undefined) return defaultValue; - return values[name]; - } - - this.#listeners.set('crt', new Array()); - this.crt = thisOrElse(values, 'crt', false); - this.#listeners.set('cursor', new Array()); - this.cursor = thisOrElse(values, 'cursor', false); - this.#listeners.set('cursorFunMode', new Array()); - this.cursorFunMode = thisOrElse(values, 'cursorFunMode', false); - this.save(); - } - - /** - * Appends a listener function to be called when the config value of `name` - * is changed. - */ - addListener(name, callback) { - const callbacks = this.#listeners.get(name); - if (!callbacks) return; - callbacks.push(callback); - } - - /** - * Removes the listener function `callback` from the list of callbacks when - * the config value of `name` is changed. - */ - removeListener(name, callback) { - const callbacks = this.#listeners.get(name); - if (!callbacks) return; - callbacks.set(name, callbacks.filter(c => c !== callback)); - } - - save() { - localStorage.setItem(ARIMELODY_CONFIG_NAME, JSON.stringify({ - crt: this.crt, - cursor: this.cursor, - cursorFunMode: this.cursorFunMode - })); - } - - get crt() { return this._crt } - set crt(/** @type boolean */ enabled) { - this._crt = enabled; - this.save(); - - if (enabled) { - document.body.classList.add("crt"); - } else { - document.body.classList.remove("crt"); - } - document.getElementById('toggle-crt').className = enabled ? "" : "disabled"; - - this.#listeners.get('crt').forEach(callback => { - callback(this._crt); - }) - } - - get cursor() { return this._cursor } - set cursor(/** @type boolean */ value) { - this._cursor = value; - this.save(); - this.#listeners.get('cursor').forEach(callback => { - callback(this._cursor); - }) - } - - get cursorFunMode() { return this._cursorFunMode } - set cursorFunMode(/** @type boolean */ value) { - this._cursorFunMode = value; - this.save(); - this.#listeners.get('cursorFunMode').forEach(callback => { - callback(this._cursorFunMode); - }) - } +function toggle_config_setting(config, name) { + if (config[name]) { + delete config[name]; + update_config(config); + return true; + } + config[name] = true; + update_config(config); + return true; } -const config = (() => { - let values = null; +function set_config_setting(config, name, value) { + config[name] = value; + update_config(config); + return true; +} - const saved = localStorage.getItem(ARIMELODY_CONFIG_NAME); - if (saved) - values = JSON.parse(saved); +function clear_config_setting(config, name) { + if (!config[name]) return false; + delete config[name]; + update_config(config); + return true; +} - return new Config(values); -})(); +function update_config(config) { + localStorage.setItem("config", JSON.stringify(config)); +} + +const config = JSON.parse(localStorage.getItem("config")) || {}; +if (config) { + if (config.disable_crt) { + document.querySelector('div#overlay').setAttribute("hidden", true); + document.body.style.textShadow = "none"; + document.getElementById('toggle-crt').classList.add("disabled"); + } +} document.getElementById("toggle-crt").addEventListener("click", () => { - config.crt = !config.crt; + toggle_config_setting(config, "disable_crt"); + document.querySelector('div#overlay').toggleAttribute("hidden"); + document.getElementById('toggle-crt').className = config.disable_crt ? "disabled" : ""; }); - -window.config = config; -export default config; diff --git a/public/script/cursor.js b/public/script/cursor.js deleted file mode 100644 index ff87068..0000000 --- a/public/script/cursor.js +++ /dev/null @@ -1,403 +0,0 @@ -import config from './config.js'; - -const CURSOR_LERP_RATE = 1/100; -const CURSOR_FUNCHAR_RATE = 20; -const CURSOR_CHAR_MAX_LIFE = 5000; -const CURSOR_MAX_CHARS = 64; - -/** @type HTMLCanvasElement */ -let canvas; -/** @type CanvasRenderingContext2D */ -let ctx; -/** @type Cursor */ -let myCursor; -/** @type Map */ -let cursors = new Map(); - -/** @type WebSocket */ -let ws; - -let running = false; -let lastUpdate = 0; - -let cursorBoxHeight = 0; -let cursorBoxRadius = 0; -let cursorIDFontSize = 0; -let cursorCharFontSize = 0; - -class Cursor { - #funCharCooldown = CURSOR_FUNCHAR_RATE; - - /** - * @param {string} id - * @param {number} x - * @param {number} y - */ - constructor(id, x, y) { - this.id = id; - - // real coordinates (canonical) - this.x = x; - this.y = y; - // render coordinates (interpolated) - this.rx = x; - this.ry = y; - - this.msg = ''; - /** @type Array */ - this.funChars = new Array(); - this.colour = randomColour(); - this.click = false; - } - - /** - * @param {number} deltaTime - */ - update(deltaTime) { - this.rx += (this.x - this.rx) * CURSOR_LERP_RATE * deltaTime; - this.ry += (this.y - this.ry) * CURSOR_LERP_RATE * deltaTime; - - if (this.#funCharCooldown > 0) - this.#funCharCooldown -= deltaTime; - - const x = this.rx * innerWidth - scrollX; - const y = this.ry * innerHeight - scrollY; - const onBackground = ctx.fillStyle = getComputedStyle(document.body).getPropertyValue('--on-background'); - - if (config.cursorFunMode === true) { - if (this.msg.length > 0) { - if (this.#funCharCooldown <= 0) { - this.#funCharCooldown = CURSOR_FUNCHAR_RATE; - if (this.funChars.length >= CURSOR_MAX_CHARS) { - this.funChars.shift(); - } - const yOffset = -10 / innerHeight; - const accelMultiplier = 0.002; - this.funChars.push(new FunChar( - this.x, this.y + yOffset, - (this.x - this.rx) * accelMultiplier, (this.y - this.ry) * accelMultiplier, - this.msg)); - } - } - - this.funChars.forEach(char => { - if (char.life > CURSOR_CHAR_MAX_LIFE || - char.y - scrollY > innerHeight || - char.x < 0 || - char.x * innerWidth - scrollX > innerWidth - ) { - this.funChars = this.funChars.filter(c => c !== this); - return; - } - char.update(deltaTime); - }); - } else if (this.msg.length > 0) { - ctx.font = 'normal bold ' + cursorCharFontSize + 'px monospace'; - ctx.fillStyle = onBackground; - ctx.fillText( - this.msg, - (x + 6) * devicePixelRatio, - (y + -8) * devicePixelRatio); - } - - const lightTheme = matchMedia && matchMedia('(prefers-color-scheme: light)').matches; - - if (lightTheme) - ctx.filter = 'saturate(5) brightness(0.8)'; - - const idText = '0x' + this.id.toString(16).padStart(8, '0'); - const colour = this.click ? onBackground : this.colour; - - ctx.beginPath(); - ctx.roundRect( - (x) * devicePixelRatio, - (y) * devicePixelRatio, - (12 + 7.2 * idText.length) * devicePixelRatio, - cursorBoxHeight, - cursorBoxRadius); - ctx.closePath(); - ctx.fillStyle = lightTheme ? '#fff8' : '#0008'; - ctx.fill(); - ctx.strokeStyle = colour; - ctx.lineWidth = devicePixelRatio; - ctx.stroke(); - - ctx.font = cursorIDFontSize + 'px monospace'; - ctx.fillStyle = colour; - ctx.fillText( - idText, - (x + 6) * devicePixelRatio, - (y + 14) * devicePixelRatio); - - ctx.filter = ''; - } -} - -class FunChar { - /** - * @param {number} x - * @param {number} y - * @param {number} xa - * @param {number} ya - * @param {string} text - */ - constructor(x, y, xa, ya, text) { - this.x = x; - this.y = y; - this.xa = xa + Math.random() * .0005 - .00025; - this.ya = ya + Math.random() * -.00025; - this.r = this.xa * 1000; - this.ra = this.r * 0.01; - this.text = text; - this.life = 0; - } - - /** - * @param {number} deltaTime - */ - update(deltaTime) { - this.life += deltaTime; - - this.x += this.xa * deltaTime; - this.y += this.ya * deltaTime; - this.r += this.ra * deltaTime; - this.ya = Math.min(this.ya + 0.000001 * deltaTime, 10); - - const x = this.x * innerWidth - scrollX; - const y = this.y * innerHeight - scrollY; - - const translateOffset = { - x: (x + 7.2) * devicePixelRatio, - y: (y - 7.2) * devicePixelRatio, - }; - ctx.translate(translateOffset.x, translateOffset.y); - ctx.rotate(this.r); - ctx.translate(-translateOffset.x, -translateOffset.y); - - ctx.font = 'normal bold ' + cursorCharFontSize + 'px monospace'; - ctx.fillStyle = getComputedStyle(document.body).getPropertyValue('--on-background'); - ctx.fillText( - this.text, - x * devicePixelRatio, - y * devicePixelRatio); - - ctx.resetTransform(); - } -} - -/** - * @returns string - */ -function randomColour() { - const min = 128; - const range = 100; - const red = Math.round((min + Math.random() * range)).toString(16); - const green = Math.round((min + Math.random() * range)).toString(16); - const blue = Math.round((min + Math.random() * range)).toString(16); - - return '#' + red + green + blue; -} - -/** - * @param {MouseEvent} event - */ -let mouseMoveLock = false; -const mouseMoveCooldown = 1000/30; -function handleMouseMove(event) { - if (!myCursor) return; - - const x = event.pageX / innerWidth; - const y = event.pageY / innerHeight; - const f = 10000; // four digit floating-point precision - - if (!mouseMoveLock) { - mouseMoveLock = true; - if (ws && ws.readyState == WebSocket.OPEN) - ws.send(`pos:${Math.round(x * f) / f}:${Math.round(y * f) / f}`); - setTimeout(() => { - mouseMoveLock = false; - }, mouseMoveCooldown); - } - - myCursor.x = x; - myCursor.y = y; -} - -function handleMouseDown() { - myCursor.click = true; - if (ws && ws.readyState == WebSocket.OPEN) - ws.send('click:1'); -} -function handleMouseUp() { - myCursor.click = false; - if (ws && ws.readyState == WebSocket.OPEN) - ws.send('click:0'); -} - -/** - * @param {KeyboardEvent} event - */ -function handleKeyPress(event) { - if (event.key.length > 1) return; - if (event.metaKey || event.ctrlKey) return; - if (myCursor.msg === event.key) return; - if (ws && ws.readyState == WebSocket.OPEN) - ws.send(`char:${event.key}`); - myCursor.msg = event.key; -} - -function handleKeyUp() { - if (ws && ws.readyState == WebSocket.OPEN) - ws.send(`nochar`); - myCursor.msg = ''; -} - -/** - * @param {number} timestamp - */ -function update(timestamp) { - if (!running) return; - - const deltaTime = timestamp - lastUpdate; - lastUpdate = timestamp; - - ctx.clearRect(0, 0, canvas.width, canvas.height); - - cursors.forEach(cursor => { - cursor.update(deltaTime); - }); - - requestAnimationFrame(update); -} - -function handleWindowResize() { - canvas.width = innerWidth * devicePixelRatio; - canvas.height = innerHeight * devicePixelRatio; - cursorBoxHeight = 20 * devicePixelRatio; - cursorBoxRadius = 4 * devicePixelRatio; - cursorIDFontSize = 12 * devicePixelRatio; - cursorCharFontSize = 20 * devicePixelRatio; -} - -function cursorSetup() { - if (running) throw new Error('Only one instance of Cursor can run at a time.'); - running = true; - - canvas = document.createElement('canvas'); - canvas.id = 'cursors'; - handleWindowResize(); - document.body.appendChild(canvas); - - ctx = canvas.getContext('2d'); - - myCursor = new Cursor('You!', innerWidth / 2, innerHeight / 2); - cursors.set(0, myCursor); - - addEventListener('resize', handleWindowResize); - document.addEventListener('mousemove', handleMouseMove); - document.addEventListener('mousedown', handleMouseDown); - document.addEventListener('mouseup', handleMouseUp); - document.addEventListener('keypress', handleKeyPress); - document.addEventListener('keyup', handleKeyUp); - - requestAnimationFrame(update); - - ws = new WebSocket('/cursor-ws'); - ws.addEventListener('open', () => { - console.log('Cursor connected to server successfully.'); - - ws.send(`loc:${location.pathname}`); - }); - ws.addEventListener('error', error => { - console.error('Cursor WebSocket error:', error); - }); - ws.addEventListener('close', () => { - console.log('Cursor connection closed.'); - }); - ws.addEventListener('message', event => { - const args = String(event.data).split(':'); - if (args.length == 0) return; - - let id = 0; - /** @type Cursor */ - let cursor; - if (args.length > 1) { - id = Number(args[1]); - cursor = cursors.get(id); - } - - switch (args[0]) { - case 'id': { - myCursor.id = id; - break; - } - case 'join': { - if (id === myCursor.id) break; - cursors.set(id, new Cursor(id, 0, 0)); - break; - } - case 'leave': { - if (!cursor || cursor === myCursor) break; - cursors.delete(id); - break; - } - case 'char': { - if (!cursor || cursor === myCursor) break; - cursor.msg = args[2]; - break; - } - case 'nochar': { - if (!cursor || cursor === myCursor) break; - cursor.msg = ''; - break; - } - case 'click': { - if (!cursor || cursor === myCursor) break; - cursor.click = args[2] == '1'; - break; - } - case 'pos': { - if (!cursor || cursor === myCursor) break; - cursor.x = Number(args[2]); - cursor.y = Number(args[3]); - break; - } - default: { - console.warn('Cursor: Unknown command received from server:', args[0]); - break; - } - } - }); - - console.log(`Cursor tracking @ ${location.pathname}`); -} - -function cursorDestroy() { - if (!running) return; - - removeEventListener('resize', handleWindowResize); - document.removeEventListener('mousemove', handleMouseMove); - document.removeEventListener('mousedown', handleMouseDown); - document.removeEventListener('mouseup', handleMouseUp); - document.removeEventListener('keypress', handleKeyPress); - document.removeEventListener('keyup', handleKeyUp); - - ctx.clearRect(0, 0, canvas.width, canvas.height); - - cursors.clear(); - myCursor = null; - - console.log(`Cursor no longer tracking.`); - running = false; -} - -if (config.cursor === true) { - cursorSetup(); -} - -config.addListener('cursor', enabled => { - if (enabled === true) - cursorSetup(); - else - cursorDestroy(); -}); diff --git a/public/script/index.js b/public/script/index.js deleted file mode 100644 index 2197bd4..0000000 --- a/public/script/index.js +++ /dev/null @@ -1,23 +0,0 @@ -import { hijackClickEvent } from "./main.js"; - -const hexPrimary = document.getElementById("hex-primary"); -const hexSecondary = document.getElementById("hex-secondary"); -const hexTertiary = document.getElementById("hex-tertiary"); - -function updateHexColours() { - const style = getComputedStyle(document.body); - hexPrimary.textContent = style.getPropertyValue('--primary'); - hexSecondary.textContent = style.getPropertyValue('--secondary'); - hexTertiary.textContent = style.getPropertyValue('--tertiary'); -} - -updateHexColours(); - -window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change", () => { - updateHexColours(); -}); - -document.querySelectorAll("ul#projects li.project-item").forEach(projectItem => { - const link = projectItem.querySelector('a'); - hijackClickEvent(projectItem, link); -}); diff --git a/public/script/main.js b/public/script/main.js index 19eddc2..5c22ce4 100644 --- a/public/script/main.js +++ b/public/script/main.js @@ -1,6 +1,5 @@ import "./header.js"; import "./config.js"; -import "./cursor.js"; function type_out(e) { const text = e.innerText; @@ -45,28 +44,12 @@ function fill_list(list) { }); } -export function hijackClickEvent(container, link) { - container.addEventListener('click', event => { - if (event.target.tagName.toLowerCase() === 'a') return; - event.preventDefault(); - link.dispatchEvent(new MouseEvent('click', { - bubbles: true, - cancelable: true, - view: window, - ctrlKey: event.ctrlKey, - metaKey: event.metaKey, - shiftKey: event.shiftKey, - altKey: event.altKey, - button: event.button, - })); - }); -} - document.addEventListener("DOMContentLoaded", () => { [...document.querySelectorAll(".typeout")] .filter((e) => e.innerText != "") .forEach((e) => { type_out(e); + console.log(e); }); [...document.querySelectorAll("ol, ul")] .filter((e) => e.innerText != "") diff --git a/public/script/music.js b/public/script/music.js index 91f34ab..273ce2b 100644 --- a/public/script/music.js +++ b/public/script/music.js @@ -1,6 +1,12 @@ -import { hijackClickEvent } from "./main.js"; +import "./main.js"; document.querySelectorAll("div.music").forEach(container => { - const link = container.querySelector(".music-title a") - hijackClickEvent(container, link); + const link = container.querySelector(".music-title a").href + + container.addEventListener("click", event => { + if (event.target.href) return; + + event.preventDefault(); + location = link; + }); }); diff --git a/public/script/prideflag.js b/public/script/prideflag.js index 03aecf9..19181e6 100644 --- a/public/script/prideflag.js +++ b/public/script/prideflag.js @@ -1,74 +1,66 @@ -// -// pride flag - copyright (c) 2024 ari melody -// -// this code is provided AS-IS, WITHOUT ANY WARRANTY, to be -// freely redistributed and/or modified as you please, however -// retaining this license in any redistribution. -// -// please use this flag to link to an LGBTQI+-supporting page -// of your choosing! -// -// web: https://arimelody.me -// source: https://git.arimelody.me/ari/prideflag -// - -const pride_url = "https://git.arimelody.me/ari/prideflag"; +/** + * 🏳️‍🌈🏳️‍⚧️💖 pride flag 💖🏳️‍⚧️🏳️‍🌈 + * made with ❤️ by ari melody, 2023 + * + * web: https://arimelody.me + * source: https://github.com/mellodoot/prideflag + */ const pride_flag_svg = - ` - - - - - - - - - - - - - - - - `; + ` + + + + + + + + + + + + + + + + `; const pride_flag_css = - `#prideflag { - position: fixed; - top: 0; - right: 0; - width: 120px; - transform-origin: 100% 0%; - transition: transform .5s cubic-bezier(.32,1.63,.41,1.01); - z-index: 8008135; - pointer-events: none; - } - #prideflag:hover { - transform: scale(110%); - } - #prideflag:active { - transform: scale(110%); - } - #prideflag * { - pointer-events: all; - }`; + `#pride-flag svg { + position: fixed; + top: 0; + right: 0; + width: 120px; + transform-origin: 100% 0%; + transition: transform .5s cubic-bezier(.32,1.63,.41,1.01); + z-index: 8008135; + pointer-events: none; + } + #pride-flag svg:hover { + transform: scale(110%); + } + #pride-flag svg:active { + transform: scale(110%); + } + #pride-flag svg * { + pointer-events: all; + }`; function create_pride_flag() { - const flag = document.createElement("a"); - flag.id = "prideflag"; - flag.href = pride_url; - flag.target = "_blank"; - flag.innerHTML = pride_flag_svg; - return flag; + const container = document.createElement("a"); + container.id = "pride-flag"; + container.href = "https://github.com/mellodoot/prideflag"; + container.target = "_blank"; + container.innerHTML = pride_flag_svg; + return container; } function load_pride_flag_style() { - const pride_stylesheet = document.createElement('style'); - pride_stylesheet.textContent = pride_flag_css; - document.head.appendChild(pride_stylesheet); + const pride_stylesheet = document.createElement('style'); + pride_stylesheet.textContent = pride_flag_css; + document.head.appendChild(pride_stylesheet); } load_pride_flag_style(); -flag = create_pride_flag(); -document.body.appendChild(flag); +pride_flag = create_pride_flag(); +document.querySelector("main").appendChild(pride_flag); diff --git a/public/style/colours.css b/public/style/colours.css index de63198..e45d964 100644 --- a/public/style/colours.css +++ b/public/style/colours.css @@ -1,35 +1,19 @@ :root { - --background: #080808; - --on-background: #f0f0f0; - - --primary: #b7fd49; - --secondary: #f8e05b; - --tertiary: #f788fe; - --links: #5eb2ff; - --live: #fd3737; -} - -@media (prefers-color-scheme: light) { - :root { - --background: #ffffff; - --on-background: #101010; - - --primary: #6d9e23; - --secondary: #a5911e; - --tertiary: #a92cb1; - --links: #3ba1ff; - } + --primary: #b7fd49; + --secondary: #f8e05b; + --tertiary: #f788fe; + --links: #5eb2ff; } .col-primary { - color: var(--primary); + color: var(--primary); } .col-secondary { - color: var(--secondary); + color: var(--secondary); } .col-tertiary { - color: var(--tertiary); + color: var(--tertiary); } diff --git a/public/style/cursor.css b/public/style/cursor.css deleted file mode 100644 index 73019ee..0000000 --- a/public/style/cursor.css +++ /dev/null @@ -1,9 +0,0 @@ -canvas#cursors { - position: fixed; - top: 0; - left: 0; - width: 100vw; - height: 100vh; - pointer-events: none; - z-index: 100; -} diff --git a/public/style/footer.css b/public/style/footer.css index d9682b1..72cdebb 100644 --- a/public/style/footer.css +++ b/public/style/footer.css @@ -1,11 +1,11 @@ footer { - border-top: 1px solid #8888; + border-top: 1px solid #888; } #footer { - width: min(calc(100% - 4rem), 720px); - margin: auto; - padding: 2rem 0; - color: #aaa; + width: min(calc(100% - 4rem), 720px); + margin: auto; + padding: 2rem 0; + color: #aaa; } diff --git a/public/style/header.css b/public/style/header.css index f399d4d..21b9109 100644 --- a/public/style/header.css +++ b/public/style/header.css @@ -1,188 +1,187 @@ header { - position: fixed; - top: 0; - left: 0; - width: 100vw; - border-bottom: 1px solid #8888; - background-color: var(--background); - z-index: 1; - - transition: color .2s, background-color .2s; + position: fixed; + top: 0; + left: 0; + width: 100vw; + border-bottom: 1px solid #888; + background-color: #080808; + z-index: 1; } nav { - width: min(calc(100% - 4rem), 720px); - height: 3em; - margin: auto; - padding: 0 1em; - display: flex; - flex-direction: row; - gap: .8em; - align-items: center; + width: min(calc(100% - 4rem), 720px); + height: 3em; + margin: auto; + padding: 0 1em; + display: flex; + flex-direction: row; + gap: .8em; + align-items: center; } #header-home { - flex-grow: 1; - display: flex; - gap: .5em; + flex-grow: 1; + display: flex; + gap: .5em; + cursor: pointer; } img#header-icon { - width: 2em; - height: 2em; - margin: .5em; - display: block; + width: 2em; + height: 2em; + margin: .5em; + display: block; } #header-text { - display: flex; - flex-direction: column; - justify-content: center; + width: 11em; + display: flex; + flex-direction: column; + justify-content: center; + flex-grow: 1; } #header-text h1 { - width: fit-content; - margin: 0; - font-size: 1em; + margin: 0; + font-size: 1em; } #header-text h2 { - width: fit-content; - height: 1.2em; - line-height: 1.2em; - margin: 0; - font-size: .7em; - color: #bbb; + height: 1.2em; + line-height: 1.2em; + margin: 0; + font-size: .7em; + color: #bbb; } #header-links-toggle { - width: 3em; - height: 3em; - display: none; - justify-content: center; - align-items: center; - transition: background-color .2s; + width: 3em; + height: 3em; + display: none; + justify-content: center; + align-items: center; + transition: background-color .2s; } #header-links-toggle:hover { - background-color: #fff2; + background-color: #fff2; } header ul#header-links { - margin: 0; - padding: 0; - display: flex; - flex-direction: row; - gap: .5em; - align-items: center; + margin: 0; + padding: 0; + display: flex; + flex-direction: row; + gap: .5em; + align-items: center; } header ul li { - list-style: none; + list-style: none; } header ul li a, header ul li span { - padding: .4em .5em; - border: 1px solid var(--links); - color: var(--links); - border-radius: 2px; - background-color: transparent; - transition-property: color, border-color, background-color; - transition-duration: .2s; - animation-delay: 0s; - animation: list-item-fadein .2s forwards; - opacity: 0; - text-decoration: none; + padding: .4em .5em; + border: 1px solid var(--links); + color: var(--links); + border-radius: 2px; + background-color: transparent; + transition-property: color, border-color, background-color; + transition-duration: .2s; + animation-delay: 0s; + animation: list-item-fadein .2s forwards; + opacity: 0; + text-decoration: none; } header ul li span { - color: #aaa; - border-color: #aaa; - cursor: default; - text-decoration: none; + color: #aaa; + border-color: #aaa; + cursor: default; + text-decoration: none; } header ul li a:hover { - color: #eee; - border-color: #eee; - background-color: var(--links) !important; - text-decoration: none; + color: #eee; + border-color: #eee; + background-color: var(--links) !important; + text-decoration: none; } #toggle-crt a { - color: var(--primary); - border-color: var(--primary); - opacity: 1; + color: var(--primary); + border-color: var(--primary); + opacity: 1; } #toggle-crt a:hover { - color: #111; - background-color: var(--primary) !important; + color: #111; + background-color: var(--primary) !important; } #toggle-crt.disabled a { - opacity: .5 !important; + opacity: .5 !important; } @media screen and (max-width: 780px) { - header { - font-size: 14px; - } + header { + font-size: 14px; + } - nav { - width: calc(100vw - 2rem); - margin: 0; - } + nav { + width: calc(100vw - 2rem); + margin: 0; + } - div#header-text { - flex-grow: 1; - } + div#header-text { + flex-grow: 1; + } - a#header-links-toggle { - display: flex; - } + a#header-links-toggle { + display: flex; + } - header ul#header-links { - position: fixed; - left: 0; - top: 2.7rem; - width: calc(100vw - 2rem); - padding: 1rem; - flex-direction: column; - gap: 1rem; - border-bottom: 1px solid #888; - background: var(--background); - display: none; - } + header ul#header-links { + position: fixed; + left: 0; + top: 2.7rem; + width: calc(100vw - 2rem); + padding: 1rem; + flex-direction: column; + gap: 1rem; + border-bottom: 1px solid #888; + background: #080808; + display: none; + } - header ul#header-links.open { - display: flex; - } + header ul#header-links.open { + display: flex; + } - ul#header-links li { - width: 100%; - } + ul#header-links li { + width: 100%; + } - ul#header-links li a, - ul#header-links li span { - margin: 0; - display: block; - font-size: 1em; - text-align: center; - } + ul#header-links li a, + ul#header-links li span { + margin: 0; + display: block; + font-size: 1em; + text-align: center; + } } @keyframes list-item-fadein { - from { - opacity: 1; - background: #fff8; - } + from { + opacity: 1; + background: #fff8; + } - to { - opacity: 1; - background: transparent; - } + to { + opacity: 1; + background: transparent; + } } diff --git a/public/style/index.css b/public/style/index.css index b970c17..6e04a37 100644 --- a/public/style/index.css +++ b/public/style/index.css @@ -1,43 +1,43 @@ main { - width: min(calc(100% - 4rem), 720px); - min-height: calc(100vh - 10.3rem); - margin: 0 auto 2rem auto; - padding-top: 4rem; + width: min(calc(100% - 4rem), 720px); + min-height: calc(100vh - 10.3rem); + margin: 0 auto 2rem auto; + padding-top: 4rem; } main h1 { - line-height: 3rem; - color: var(--primary); + line-height: 3rem; + color: var(--primary); } main h2 { - color: var(--secondary); + color: var(--secondary); } main h3 { - color: var(--tertiary); + color: var(--tertiary); } div#me_irl { - width: fit-content; - height: fit-content; - border: 2px solid white; + width: fit-content; + height: fit-content; + border: 2px solid white; } div#me_irl img { - display: block; + display: block; } div#me_irl::before { - content: ""; - position: absolute; - width: 104px; - height: 104px; - transform: translate(2px, 2px); - background-image: linear-gradient(to top right, - var(--primary), - var(--secondary)); - z-index: -1; + content: ""; + position: absolute; + width: 104px; + height: 104px; + transform: translate(2px, 2px); + background-image: linear-gradient(to top right, + var(--primary), + var(--secondary)); + z-index: -1; } h1, @@ -49,7 +49,7 @@ h6, p, small, blockquote { - transition: background-color 0.1s; + transition: background-color 0.1s; } h1 a, @@ -58,7 +58,7 @@ h3 a, h4 a, h5 a, h6 a { - color: inherit; + color: inherit; } h1 a:hover, @@ -67,7 +67,7 @@ h3 a:hover, h4 a:hover, h5 a:hover, h6 a:hover { - text-decoration: none; + text-decoration: none; } main h1:hover, @@ -79,256 +79,72 @@ main h6:hover, main p:hover, main small:hover, main blockquote:hover { - background-color: #fff1; + background-color: #fff1; } blockquote { - margin: 1rem 0; - padding: 0 2.5rem; + margin: 1rem 0; + padding: 0 2.5rem; } hr { - text-align: center; - line-height: 0px; - border-width: 1px 0 0 0; - border-color: #888; - margin: 1.5em 0; - overflow: visible; + text-align: center; + line-height: 0px; + border-width: 1px 0 0 0; + border-color: #888f; + margin: 1.5em 0; + overflow: visible; } -ul.platform-links { - padding-left: 1em; - display: flex; - gap: .5em; - flex-wrap: wrap; +ul.links { + display: flex; + gap: 1em .5em; + flex-wrap: wrap; } -ul.platform-links li { - list-style: none; +ul.links li { + list-style: none; } -ul.platform-links li a { - padding: .4em .5em; - display: flex; - flex-direction: row; - justify-content: center; - align-items: center; - gap: .5em; - border: 1px solid var(--links); - color: var(--links); - border-radius: 2px; - background-color: transparent; - transition-property: color, border-color, background-color, box-shadow; - transition-duration: .2s; - animation-delay: 0s; - animation: list-item-fadein .2s forwards; - opacity: 0; +ul.links li a { + padding: .4em .5em; + border: 1px solid var(--links); + color: var(--links); + border-radius: 2px; + background-color: transparent; + transition-property: color, border-color, background-color; + transition-duration: .2s; + animation-delay: 0s; + animation: list-item-fadein .2s forwards; + opacity: 0; } -ul.platform-links li a:hover { - color: #eee; - border-color: #eee; - background-color: var(--links) !important; - text-decoration: none; - box-shadow: 0 0 1em var(--links); -} - -ul.platform-links li a img { - height: 1em; - width: 1em; -} - -ul#projects { - padding: 0; - list-style: none; -} - -li.project-item { - padding: .5em; - border: 1px solid var(--links); - margin: 1em 0; - display: flex; - flex-direction: row; - gap: .5em; - border-radius: 2px; - transition-property: color, border-color, background-color, box-shadow; - transition-duration: .2s; - cursor: pointer; -} -li.project-item a { - transition: color .2s linear; -} - -li.project-item:hover { - color: #eee; - border-color: #eee; - background-color: var(--links) !important; - text-decoration: none; - box-shadow: 0 0 1em var(--links); -} -li.project-item:hover a { - color: #eee; -} - -li.project-item .project-info { - display: flex; - flex-direction: column; - justify-content: center; -} - -li.project-item img.project-icon { - width: 2.5em; - height: 2.5em; - object-fit: cover; - border-radius: 2px; -} - -li.project-item span.project-icon { - font-size: 2em; - display: block; - width: 45px; - height: 45px; - text-align: center; - /* background: #0004; */ - /* border: 1px solid var(--on-background); */ - border-radius: 2px; -} - -li.project-item a { - text-decoration: none; -} - -li.project-item p { - margin: 0; +ul.links li a:hover { + color: #eee; + border-color: #eee; + background-color: var(--links) !important; + text-decoration: none; + box-shadow: 0 0 1em var(--links); } div#web-buttons { - margin: 2rem 0; + margin: 2rem 0; } #web-buttons a { - text-decoration: none; + text-decoration: none; } #web-buttons img { - image-rendering: auto; - image-rendering: crisp-edges; - image-rendering: pixelated; + image-rendering: auto; + image-rendering: crisp-edges; + image-rendering: pixelated; } #web-buttons img:hover { - margin: -1px; - border: 1px solid #eee; - transform: translate(-2px, -2px); - box-shadow: 1px 1px 0 #eee, 2px 2px 0 #eee; + margin: -1px; + border: 1px solid #eee; + transform: translate(-2px, -2px); + box-shadow: 1px 1px 0 #eee, 2px 2px 0 #eee; } -#live-banner { - margin: 1em 0 2em 0; - padding: 1em; - border-radius: 4px; - border: 1px solid var(--primary); - box-shadow: 0 0 8px var(--primary); -} - -#live-banner p { - margin: 0; -} - -.live-highlight { - color: var(--primary); -} - -.live-preview { - display: flex; - flex-direction: row; - justify-content: start; - gap: 1em; -} - -.live-preview div:first-of-type { - display: flex; - flex-direction: column; - justify-content: space-between; - align-items: center; - gap: .3em; -} - -.live-thumbnail { - border-radius: 4px; -} - -.live-button { - margin: .2em; - padding: .4em .5em; - display: inline-block; - color: var(--primary); - border: 1px solid var(--primary); - border-radius: 4px; - transition: color .1s linear, background-color .1s linear, box-shadow .1s linear; -} - -.live-button:hover { - color: var(--background); - background-color: var(--primary); - box-shadow: 0 0 8px var(--primary); - text-decoration: none; -} - -.live-info { - display: flex; - flex-direction: column; - gap: .3em; - overflow-x: hidden; -} - -#live-banner h2 { - margin: 0; - color: var(--on-background); - font-family: 'Inter', sans-serif; - font-weight: 800; - font-style: italic; -} - -.live-pinger { - width: .5em; - height: .5em; - margin: .1em .2em; - display: inline-block; - border-radius: 100%; - background-color: var(--primary); - box-shadow: 0 0 4px var(--primary); - animation: live-pinger-pulse 1s infinite alternate ease-in-out; -} - -@keyframes live-pinger-pulse { - from { - opacity: .8; - transform: scale(1.0); - } - to { - opacity: 1; - transform: scale(1.1); - } -} - -.live-game { - overflow: hidden; - text-wrap: nowrap; - text-overflow: ellipsis; -} - -.live-game .live-game-prefix { - opacity: .8; -} - -.live-title { - display: -webkit-box; - -webkit-line-clamp: 2; - -webkit-box-orient: vertical; - overflow: hidden; -} - -.live-viewers { - opacity: .5; -} diff --git a/public/style/main.css b/public/style/main.css index 680ee2b..1e71673 100644 --- a/public/style/main.css +++ b/public/style/main.css @@ -2,8 +2,6 @@ @import url("/style/header.css"); @import url("/style/footer.css"); @import url("/style/prideflag.css"); -@import url("/style/cursor.css"); -@import url("/font/inter/inter.css"); @font-face { font-family: "Monaspace Argon"; @@ -16,17 +14,15 @@ body { margin: 0; padding: 0; - background: var(--background); - color: var(--on-background); + background: #080808; + color: #eee; font-family: "Monaspace Argon", monospace; font-size: 18px; + text-shadow: 0 0 3em; scroll-behavior: smooth; - - transition: color .2s, background-color .2s; } -body.crt #overlay { - display: block; +main { } a { @@ -122,7 +118,6 @@ a#backtotop:hover { left: 0; width: 100vw; height: 100vh; - display: none; background-image: linear-gradient(180deg, rgba(0,0,0,0) 15%, rgb(0, 0, 0) 40%, rgb(0, 0, 0) 60%, rgba(0,0,0,0) 85%); background-size: 100vw .2em; background-repeat: repeat; @@ -141,27 +136,3 @@ a#backtotop:hover { } } - -@media (prefers-color-scheme: light) { - a.link-button:hover { - box-shadow: none; - } - - @keyframes list-item-fadein { - from { - opacity: 1; - background: var(--links); - } - - to { - opacity: 1; - background: transparent; - } - } -} - -@media (prefers-color-scheme: dark) { - body.crt { - text-shadow: 0 0 3em; - } -} diff --git a/public/style/music-gateway.css b/public/style/music-gateway.css index 1c10e0b..6790828 100644 --- a/public/style/music-gateway.css +++ b/public/style/music-gateway.css @@ -17,10 +17,6 @@ body { font-family: "Monaspace Argon", monospace; } -header { - background-color: #111; -} - #background { position: fixed; top: 0; @@ -262,7 +258,7 @@ div#info p { #title, #artist { - text-shadow: 0 .05em 2px #0004; + text-shadow: 0 .05em 2px #0004 } #type { @@ -613,10 +609,6 @@ footer a:hover { margin: 0 auto; } - #tracks h2 { - margin: 0 auto .8em auto; - } - #lyrics p.album-track-subheading { margin-bottom: 1em; } diff --git a/public/style/music.css b/public/style/music.css index 4973e44..9700526 100644 --- a/public/style/music.css +++ b/public/style/music.css @@ -1,129 +1,146 @@ main { - width: min(calc(100% - 4rem), 720px); - min-height: calc(100vh - 10.3rem); - margin: 0 auto 2rem auto; - padding-top: 4rem; + width: min(calc(100% - 4rem), 720px); + min-height: calc(100vh - 10.3rem); + margin: 0 auto 2rem auto; + padding-top: 4rem; } main nav { - margin: -1rem .5rem 1rem .5rem; + margin: -1rem .5rem 1rem .5rem; } div.music { - margin-bottom: 1rem; - padding: 1.5rem; - display: flex; - flex-direction: row; - gap: 1.5em; - border: 1px solid #8882; - border-radius: 4px; - background-color: #ffffff08; - transition: background-color .1s; - text-decoration: none; - cursor: pointer; + margin-bottom: 1rem; + padding: 1.5rem; + display: flex; + flex-direction: row; + gap: 1.5em; + border: 1px solid #222; + border-radius: 4px; + background-color: #ffffff08; + transition: background-color .1s; + text-decoration: none; + cursor: pointer; } div.music:hover { - background-color: #fff1; + background-color: #fff1; } div.music a { - text-decoration: none; + text-decoration: none; } .music h1:hover, .music h2:hover, .music h3:hover { - background: initial; + background: initial; } .music-artwork img { - border: 1px solid #8888; + border: 1px solid #888; } .music-title { - margin: 0; - color: var(--on-background); - font-size: 1.6em; - line-height: 1.6em; -} -.music-title a { - color: inherit; - transition: color .2s; + margin: 0; + color: #eee; + font-size: 1.6em; + line-height: 1.6em; } .music-year { - color: #888; + color: #888; } .music-artist { - margin: -.5rem 0 0 0; - font-size: 1em; - color: #aaa; + margin: -.5rem 0 0 0; + font-size: 1em; + color: #aaa; } h3[class^=music-type] { - margin: 0 0 1rem 0; - font-size: .8em; - color: #eee; - transition: color .2s; + margin: 0 0 1rem 0; + font-size: .8em; + color: #eee; } h3.music-type-single { - color: var(--tertiary); + color: var(--tertiary); } h3.music-type-compilation { - color: var(--secondary); + color: var(--secondary); } h3.music-type-album { - color: var(--primary); + color: var(--primary); } h3.music-type-upcoming { - color: #f47070; + color: #f47070; } .music-links { - width: fit-content; - margin: .5em 0; - padding: 0; - display: flex; - gap: .5rem; - flex-wrap: wrap; - line-height: 1.7em; - justify-content: center; + width: fit-content; + margin: .5em 0; + padding: 0; + display: flex; + gap: .5rem; + flex-wrap: wrap; + line-height: 1.7em; + justify-content: center; } .music-links li { - list-style: none; + list-style: none; } +/* +.music-links li a { + padding: .2em .5em; + border: 1px solid #65b4fd; + color: #65b4fd; + border-radius: 2px; + background-color: transparent; + transition-property: color, border-color, background-color; + transition-duration: .2s; + animation: list-item-fadein .2s forwards; + animation-delay: 0s; + opacity: 0; +} + +.music-links li a:hover { + color: #eee; + border-color: #eee; + background-color: var(--links) !important; + text-decoration: none; +} +*/ + h2.question { - margin: 1rem 0; - padding: 1rem 1.5rem; - border-radius: 4px; - cursor: pointer; + margin: 1rem 0; + padding: 1rem 1.5rem; + border-radius: 4px; + cursor: pointer; } div.answer { - margin: -1rem 0 1rem 0; - padding: .5em 1.5em; - border-radius: 4px; + margin: -1rem 0 1rem 0; + padding: .5em 1.5em; + border-radius: 4px; } @media screen and (max-width: 740px) { - div.music { - flex-direction: column; - } + div.music { + flex-direction: column; + } - .music-artwork, - .music-details { - text-align: center; - align-items: center; - display: flex; - flex-direction: column; - } + .music-artwork, + .music-details { + text-align: center; + align-items: center; + display: flex; + flex-direction: column; + } } diff --git a/schema-migration/002-audit-logs.sql b/schema-migration/002-audit-logs.sql deleted file mode 100644 index 7da43b5..0000000 --- a/schema-migration/002-audit-logs.sql +++ /dev/null @@ -1,12 +0,0 @@ --- Audit logs -CREATE TABLE arimelody.auditlog ( - id UUID DEFAULT gen_random_uuid(), - level int NOT NULL DEFAULT 0, - type TEXT NOT NULL, - content TEXT NOT NULL, - created_at TIMESTAMP NOT NULL DEFAULT current_timestamp -); - --- Need moar timestamps -ALTER TABLE arimelody.musicrelease ADD COLUMN created_at TIMESTAMP NOT NULL DEFAULT current_timestamp; -ALTER TABLE arimelody.account ALTER COLUMN created_at SET NOT NULL; diff --git a/schema-migration/003-fail-lock.sql b/schema-migration/003-fail-lock.sql deleted file mode 100644 index 32d19bf..0000000 --- a/schema-migration/003-fail-lock.sql +++ /dev/null @@ -1,3 +0,0 @@ --- it would be nice to prevent brute-forcing -ALTER TABLE arimelody.account ADD COLUMN fail_attempts INT NOT NULL DEFAULT 0; -ALTER TABLE arimelody.account ADD COLUMN locked BOOLEAN DEFAULT false; diff --git a/schema-migration/000-init.sql b/schema_migration/000-init.sql similarity index 74% rename from schema-migration/000-init.sql rename to schema_migration/000-init.sql index 90385ac..3f4c723 100644 --- a/schema-migration/000-init.sql +++ b/schema_migration/000-init.sql @@ -1,64 +1,51 @@ +CREATE SCHEMA IF NOT EXISTS arimelody; + -- -- Tables -- --- Audit logs -CREATE TABLE arimelody.auditlog ( - id UUID DEFAULT gen_random_uuid(), - level int NOT NULL DEFAULT 0, - type TEXT NOT NULL, - content TEXT NOT NULL, - created_at TIMESTAMP NOT NULL DEFAULT current_timestamp -); - -- Accounts CREATE TABLE arimelody.account ( - id UUID DEFAULT gen_random_uuid(), - username TEXT NOT NULL UNIQUE, - password TEXT NOT NULL, - email TEXT, - avatar_url TEXT, - created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, - fail_attempts INT NOT NULL DEFAULT 0, - locked BOOLEAN DEFAULT false + id uuid DEFAULT gen_random_uuid(), + username text NOT NULL UNIQUE, + password text NOT NULL, + email text, + avatar_url text, + created_at TIMESTAMP DEFAULT current_timestamp ); ALTER TABLE arimelody.account ADD CONSTRAINT account_pk PRIMARY KEY (id); -- Privilege CREATE TABLE arimelody.privilege ( - account UUID NOT NULL, - privilege TEXT NOT NULL + account uuid NOT NULL, + privilege text NOT NULL ); ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_pk PRIMARY KEY (account, privilege); -- Invites CREATE TABLE arimelody.invite ( code text NOT NULL, - created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, expires_at TIMESTAMP NOT NULL ); ALTER TABLE arimelody.invite ADD CONSTRAINT invite_pk PRIMARY KEY (code); --- Sessions -CREATE TABLE arimelody.session ( +-- Tokens +CREATE TABLE arimelody.token ( token TEXT, + account UUID NOT NULL, user_agent TEXT NOT NULL, created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, - expires_at TIMESTAMP DEFAULT NULL, - account UUID, - attempt_account UUID, - message TEXT, - error TEXT + expires_at TIMESTAMP DEFAULT NULL ); -ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (token); +ALTER TABLE arimelody.token ADD CONSTRAINT token_pk PRIMARY KEY (token); --- TOTP methods +-- TOTPs CREATE TABLE arimelody.totp ( name TEXT NOT NULL, account UUID NOT NULL, secret TEXT, - created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, - confirmed BOOLEAN DEFAULT false + created_at TIMESTAMP NOT NULL DEFAULT current_timestamp ); ALTER TABLE arimelody.totp ADD CONSTRAINT totp_pk PRIMARY KEY (account, name); @@ -85,8 +72,7 @@ CREATE TABLE arimelody.musicrelease ( buyname text, buylink text, copyright text, - copyrightURL text, - created_at TIMESTAMP NOT NULL DEFAULT current_timestamp + copyrightURL text ); ALTER TABLE arimelody.musicrelease ADD CONSTRAINT musicrelease_pk PRIMARY KEY (id); @@ -132,8 +118,7 @@ ALTER TABLE arimelody.musicreleasetrack ADD CONSTRAINT musicreleasetrack_pk PRIM -- ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; -ALTER TABLE arimelody.session ADD CONSTRAINT session_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; -ALTER TABLE arimelody.session ADD CONSTRAINT session_attempt_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; +ALTER TABLE arimelody.token ADD CONSTRAINT token_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; ALTER TABLE arimelody.totp ADD CONSTRAINT totp_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; ALTER TABLE arimelody.musiccredit ADD CONSTRAINT musiccredit_artist_fk FOREIGN KEY (artist) REFERENCES artist(id) ON DELETE CASCADE ON UPDATE CASCADE; diff --git a/schema-migration/001-pre-versioning.sql b/schema_migration/001-pre-versioning.sql similarity index 51% rename from schema-migration/001-pre-versioning.sql rename to schema_migration/001-pre-versioning.sql index 1447bae..62bc15b 100644 --- a/schema-migration/001-pre-versioning.sql +++ b/schema_migration/001-pre-versioning.sql @@ -1,58 +1,67 @@ +-- +-- Migration +-- + +-- Move existing tables to new schema +ALTER TABLE public.artist SET SCHEMA arimelody; +ALTER TABLE public.musicrelease SET SCHEMA arimelody; +ALTER TABLE public.musiclink SET SCHEMA arimelody; +ALTER TABLE public.musiccredit SET SCHEMA arimelody; +ALTER TABLE public.musictrack SET SCHEMA arimelody; +ALTER TABLE public.musicreleasetrack SET SCHEMA arimelody; + + + -- -- New items -- --- Accounts +-- Acounts CREATE TABLE arimelody.account ( - id UUID DEFAULT gen_random_uuid(), - username TEXT NOT NULL UNIQUE, - password TEXT NOT NULL, - email TEXT, - avatar_url TEXT, + id uuid DEFAULT gen_random_uuid(), + username text NOT NULL UNIQUE, + password text NOT NULL, + email text, + avatar_url text, created_at TIMESTAMP DEFAULT current_timestamp ); ALTER TABLE arimelody.account ADD CONSTRAINT account_pk PRIMARY KEY (id); -- Privilege CREATE TABLE arimelody.privilege ( - account UUID NOT NULL, - privilege TEXT NOT NULL + account uuid NOT NULL, + privilege text NOT NULL ); ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_pk PRIMARY KEY (account, privilege); -- Invites CREATE TABLE arimelody.invite ( code text NOT NULL, - created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, + created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, expires_at TIMESTAMP NOT NULL ); ALTER TABLE arimelody.invite ADD CONSTRAINT invite_pk PRIMARY KEY (code); --- Sessions -CREATE TABLE arimelody.session ( +-- Tokens +CREATE TABLE arimelody.token ( token TEXT, + account UUID NOT NULL, user_agent TEXT NOT NULL, created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, - expires_at TIMESTAMP DEFAULT NULL, - account UUID, - attempt_account UUID, - message TEXT, - error TEXT + expires_at TIMESTAMP DEFAULT NULL ); -ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (token); +ALTER TABLE arimelody.token ADD CONSTRAINT token_pk PRIMARY KEY (token); --- TOTP methods +-- TOTPs CREATE TABLE arimelody.totp ( name TEXT NOT NULL, account UUID NOT NULL, secret TEXT, - created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, - confirmed BOOLEAN DEFAULT false + created_at TIMESTAMP NOT NULL DEFAULT current_timestamp ); ALTER TABLE arimelody.totp ADD CONSTRAINT totp_pk PRIMARY KEY (account, name); -- Foreign keys ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; -ALTER TABLE arimelody.session ADD CONSTRAINT session_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; -ALTER TABLE arimelody.session ADD CONSTRAINT session_attempt_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; +ALTER TABLE arimelody.token ADD CONSTRAINT token_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; ALTER TABLE arimelody.totp ADD CONSTRAINT totp_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; diff --git a/templates/templates.go b/templates/templates.go index 752c78d..094e61d 100644 --- a/templates/templates.go +++ b/templates/templates.go @@ -1,28 +1,33 @@ package templates import ( - "html/template" - "path/filepath" + "html/template" + "path/filepath" ) -var IndexTemplate = template.Must(template.ParseFiles( - filepath.Join("views", "layout.html"), - filepath.Join("views", "header.html"), - filepath.Join("views", "footer.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("views", "index.html"), -)) -var MusicTemplate = template.Must(template.ParseFiles( - filepath.Join("views", "layout.html"), - filepath.Join("views", "header.html"), - filepath.Join("views", "footer.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("views", "music.html"), -)) -var MusicGatewayTemplate = template.Must(template.ParseFiles( - filepath.Join("views", "layout.html"), - filepath.Join("views", "header.html"), - filepath.Join("views", "footer.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("views", "music-gateway.html"), -)) +var Pages = map[string]*template.Template{ + "index": template.Must(template.ParseFiles( + filepath.Join("views", "layout.html"), + filepath.Join("views", "header.html"), + filepath.Join("views", "footer.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("views", "index.html"), + )), + "music": template.Must(template.ParseFiles( + filepath.Join("views", "layout.html"), + filepath.Join("views", "header.html"), + filepath.Join("views", "footer.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("views", "music.html"), + )), + "music-gateway": template.Must(template.ParseFiles( + filepath.Join("views", "layout.html"), + filepath.Join("views", "header.html"), + filepath.Join("views", "footer.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("views", "music-gateway.html"), + )), +} + +var Components = map[string]*template.Template{ +} diff --git a/view/index.go b/view/index.go deleted file mode 100644 index b6e3891..0000000 --- a/view/index.go +++ /dev/null @@ -1,45 +0,0 @@ -package view - -import ( - "arimelody-web/controller" - "arimelody-web/model" - "arimelody-web/templates" - "fmt" - "net/http" - "os" -) - -func IndexHandler(app *model.AppState) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - if r.Method == http.MethodHead { - w.WriteHeader(http.StatusOK) - return - } - - type IndexData struct { - TwitchStatus *model.TwitchStreamInfo - } - - var err error - var twitchStatus *model.TwitchStreamInfo = nil - if app.Twitch != nil && len(app.Config.Twitch.Broadcaster) > 0 { - twitchStatus, err = controller.GetTwitchStatus(app, app.Config.Twitch.Broadcaster) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to get Twitch status for %s: %v\n", app.Config.Twitch.Broadcaster, err) - } - } - - if r.URL.Path == "/" || r.URL.Path == "/index.html" { - err := templates.IndexTemplate.Execute(w, IndexData{ - TwitchStatus: twitchStatus, - }) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to render index page: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - } - return - } - - StaticHandler("public").ServeHTTP(w, r) - }) -} diff --git a/view/music.go b/view/music.go index 8ed5279..227aa5c 100644 --- a/view/music.go +++ b/view/music.go @@ -1,43 +1,45 @@ package view import ( - "fmt" - "net/http" - "os" + "fmt" + "net/http" + "os" - "arimelody-web/controller" - "arimelody-web/model" - "arimelody-web/templates" + "arimelody-web/controller" + "arimelody-web/model" + "arimelody-web/templates" + + "github.com/jmoiron/sqlx" ) // HTTP HANDLER METHODS -func MusicHandler(app *model.AppState) http.Handler { +func MusicHandler(db *sqlx.DB) http.Handler { mux := http.NewServeMux() mux.Handle("/", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.URL.Path == "/" { - ServeCatalog(app).ServeHTTP(w, r) + ServeCatalog(db).ServeHTTP(w, r) return } - release, err := controller.GetRelease(app.DB, r.URL.Path[1:], true) + release, err := controller.GetRelease(db, r.URL.Path[1:], true) if err != nil { http.NotFound(w, r) return } - ServeGateway(app, release).ServeHTTP(w, r) + ServeGateway(db, release).ServeHTTP(w, r) })) return mux } -func ServeCatalog(app *model.AppState) http.Handler { +func ServeCatalog(db *sqlx.DB) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - releases, err := controller.GetAllReleases(app.DB, true, 0, true) + releases, err := controller.GetAllReleases(db, true, 0, true) if err != nil { - fmt.Printf("WARN: Failed to pull releases for catalog: %s\n", err) + fmt.Printf("FATAL: Failed to pull releases for catalog: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -48,26 +50,25 @@ func ServeCatalog(app *model.AppState) http.Handler { } } - err = templates.MusicTemplate.Execute(w, releases) + err = templates.Pages["music"].Execute(w, releases) if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } }) } -func ServeGateway(app *model.AppState, release *model.Release) http.Handler { +func ServeGateway(db *sqlx.DB, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // only allow authorised users to view hidden releases privileged := false if !release.Visible { - session, err := controller.GetSessionFromRequest(app, r) + account, err := controller.GetAccountByRequest(db, r) if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err) + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } - - if session != nil && session.Account != nil { + if account != nil { // TODO: check privilege on release privileged = true } @@ -86,7 +87,7 @@ func ServeGateway(app *model.AppState, release *model.Release) http.Handler { response.Links = release.Links } - err := templates.MusicGatewayTemplate.Execute(w, response) + err := templates.Pages["music-gateway"].Execute(w, response) if err != nil { fmt.Printf("Error rendering music gateway for %s: %s\n", release.ID, err) diff --git a/view/static.go b/view/static.go deleted file mode 100644 index 52263a2..0000000 --- a/view/static.go +++ /dev/null @@ -1,31 +0,0 @@ -package view - -import ( - "errors" - "net/http" - "os" - "path/filepath" -) - -func StaticHandler(directory string) http.Handler { - return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - info, err := os.Stat(filepath.Join(directory, filepath.Clean(r.URL.Path))) - - // does the file exist? - if err != nil { - if errors.Is(err, os.ErrNotExist) { - http.NotFound(w, r) - return - } - } - - // is thjs a directory? (forbidden) - if info.IsDir() { - http.NotFound(w, r) - return - } - - http.FileServer(http.Dir(directory)).ServeHTTP(w, r) - }) -} - diff --git a/views/404.html b/views/404.html index 19a0957..b9007bd 100644 --- a/views/404.html +++ b/views/404.html @@ -6,16 +6,16 @@ {{define "content"}}
        -

        - # 404 - not found! -

        +

        + # 404 - not found! +

        -

        - the page you're looking for does not exist. -
        - if you like, you can head back home or try again! -

        +

        + the page you're looking for does not exist. +
        + if you like, you can head back home or try again! +

        -

        status: ERR_NOT_FOUND

        +

        status: ERR_NOT_FOUND

        {{end}} diff --git a/views/footer.html b/views/footer.html index eccf125..46450d7 100644 --- a/views/footer.html +++ b/views/footer.html @@ -1,14 +1,9 @@ {{define "footer"}}
        - +
        {{end}} diff --git a/views/header.html b/views/header.html index 03a8384..db8987d 100644 --- a/views/header.html +++ b/views/header.html @@ -1,41 +1,44 @@ {{define "header"}}
        - +
        {{end}} diff --git a/views/index.html b/views/index.html index df4d341..6a598c9 100644 --- a/views/index.html +++ b/views/index.html @@ -6,8 +6,8 @@ - - + + @@ -16,29 +16,10 @@ - - {{end}} {{define "content"}}
        - {{if .TwitchStatus}} -
        -
        -
        - livestream thumbnail - join in! -
        -
        -

        ari melody LIVE

        -

        streaming: {{.TwitchStatus.GameName}}

        -

        {{.TwitchStatus.Title}}

        -

        {{.TwitchStatus.ViewerCount}} viewers

        -
        -
        -
        - {{end}} -

        # hello, world!

        @@ -50,7 +31,7 @@

        - i'm a musician, developer, + i'm a musician, developer, streamer, youtuber, and probably a bunch of other things i forgot to mention!

        @@ -61,7 +42,7 @@

        if you're looking to support me financially, that's so cool of you!! if you like, you can buy some of my music over on - bandcamp + bandcamp so you can at least get something for your money. thank you very much either way!! 💕

        @@ -85,9 +66,9 @@ my colours 🌈

          -
        • primary: #b7fd49
          • -
        • secondary: #f8e05b
          • -
        • tertiary: #f788fe
          • +
        • primary: #b7fd49
          • +
        • secondary: #f8e05b
          • +
        • tertiary: #f788fe

        @@ -101,97 +82,57 @@

        where to find me 🛰️

        -