diff --git a/.editorconfig b/.editorconfig new file mode 100644 index 0000000..a882442 --- /dev/null +++ b/.editorconfig @@ -0,0 +1,7 @@ +root = true + +[*] +end_of_line = lf +insert_final_newline = true +indent_style = space +indent_size = 4 diff --git a/.gitignore b/.gitignore index 9bdf788..2e63958 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ docker-compose*.yml !docker-compose.example.yml config*.toml arimelody-web +arimelody-web.tar.gz diff --git a/LICENSE.md b/LICENSE.md new file mode 100644 index 0000000..95557e7 --- /dev/null +++ b/LICENSE.md @@ -0,0 +1,22 @@ +MIT License + +Copyright (c) 2025-present ari melody + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. + diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..11e565a --- /dev/null +++ b/Makefile @@ -0,0 +1,12 @@ +EXEC = arimelody-web + +.PHONY: $(EXEC) + +$(EXEC): + GOOS=linux GOARCH=amd64 go build -o $(EXEC) + +bundle: $(EXEC) + tar czf $(EXEC).tar.gz $(EXEC) admin/components/ admin/views/ admin/static/ views/ public/ schema-migration/ + +clean: + rm $(EXEC) $(EXEC).tar.gz diff --git a/README.md b/README.md index 7e7860c..464379e 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,11 @@ need to be up for this, making this ideal for some offline maintenance. - `listTOTP `: Lists an account's TOTP methods. - `deleteTOTP `: Deletes an account's TOTP method. - `testTOTP `: Generates the code for an account's TOTP method. +- `cleanTOTP`: Cleans up unconfirmed (dangling) TOTP methods. - `createInvite`: Creates an invite code to register new accounts. - `purgeInvites`: Deletes all available invite codes. - `listAccounts`: Lists all active accounts. - `deleteAccount `: Deletes an account with a given `username`. +- `lockAccount `: Locks the account under `username`. +- `unlockAccount `: Unlocks the account under `username`. +- `logs`: Shows system logs. diff --git a/admin/accounthttp.go b/admin/accounthttp.go index 9402410..945a507 100644 --- a/admin/accounthttp.go +++ b/admin/accounthttp.go @@ -1,16 +1,17 @@ package admin import ( - "fmt" - "net/http" - "net/url" - "os" - "time" + "database/sql" + "fmt" + "net/http" + "net/url" + "os" - "arimelody-web/controller" - "arimelody-web/model" + "arimelody-web/controller" + "arimelody-web/log" + "arimelody-web/model" - "golang.org/x/crypto/bcrypt" + "golang.org/x/crypto/bcrypt" ) func accountHandler(app *model.AppState) http.Handler { @@ -63,7 +64,7 @@ func accountIndexHandler(app *model.AppState) http.Handler { session.Message = sessionMessage session.Error = sessionError - err = pages["account"].Execute(w, accountResponse{ + err = accountTemplate.Execute(w, accountResponse{ Session: session, TOTPs: totps, }) @@ -114,6 +115,8 @@ func changePasswordHandler(app *model.AppState) http.Handler { return } + app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" changed password by user request. (%s)", session.Account.Username, controller.ResolveIP(app, r)) + controller.SetSessionError(app.DB, session, "") controller.SetSessionMessage(app.DB, session, "Password updated successfully.") http.Redirect(w, r, "/admin/account", http.StatusFound) @@ -133,7 +136,7 @@ func deleteAccountHandler(app *model.AppState) http.Handler { return } - if !r.Form.Has("password") || !r.Form.Has("totp") { + if !r.Form.Has("password") { http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } @@ -142,33 +145,12 @@ func deleteAccountHandler(app *model.AppState) http.Handler { // check password if err := bcrypt.CompareHashAndPassword([]byte(session.Account.Password), []byte(r.Form.Get("password"))); err != nil { - fmt.Printf( - "[%s] WARN: Account \"%s\" attempted account deletion with incorrect password.\n", - time.Now().Format(time.UnixDate), - session.Account.Username, - ) + app.Log.Warn(log.TYPE_ACCOUNT, "Account \"%s\" attempted account deletion with incorrect password. (%s)", session.Account.Username, controller.ResolveIP(app, r)) controller.SetSessionError(app.DB, session, "Incorrect password.") http.Redirect(w, r, "/admin/account", http.StatusFound) return } - totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.Account.ID, r.Form.Get("totp")) - if err != nil { - fmt.Fprintf(os.Stderr, "Failed to fetch account: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - http.Redirect(w, r, "/admin/account", http.StatusFound) - return - } - if totpMethod == nil { - fmt.Printf( - "[%s] WARN: Account \"%s\" attempted account deletion with incorrect TOTP.\n", - time.Now().Format(time.UnixDate), - session.Account.Username, - ) - controller.SetSessionError(app.DB, session, "Incorrect TOTP.") - http.Redirect(w, r, "/admin/account", http.StatusFound) - } - err = controller.DeleteAccount(app.DB, session.Account.ID) if err != nil { fmt.Fprintf(os.Stderr, "Failed to delete account: %v\n", err) @@ -177,11 +159,7 @@ func deleteAccountHandler(app *model.AppState) http.Handler { return } - fmt.Printf( - "[%s] INFO: Account \"%s\" deleted by user request.\n", - time.Now().Format(time.UnixDate), - session.Account.Username, - ) + app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" deleted by user request. (%s)", session.Account.Username, controller.ResolveIP(app, r)) controller.SetSessionAccount(app.DB, session, nil) controller.SetSessionError(app.DB, session, "") @@ -190,6 +168,13 @@ func deleteAccountHandler(app *model.AppState) http.Handler { }) } +type totpConfirmData struct { + Session *model.Session + TOTP *model.TOTP + NameEscaped string + QRBase64Image string +} + func totpSetupHandler(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { if r.Method == http.MethodGet { @@ -199,7 +184,7 @@ func totpSetupHandler(app *model.AppState) http.Handler { session := r.Context().Value("session").(*model.Session) - err := pages["totp-setup"].Execute(w, totpSetupData{ Session: session }) + err := totpSetupTemplate.Execute(w, totpSetupData{ Session: session }) if err != nil { fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -212,12 +197,6 @@ func totpSetupHandler(app *model.AppState) http.Handler { return } - type totpSetupData struct { - Session *model.Session - TOTP *model.TOTP - NameEscaped string - } - err := r.ParseForm() if err != nil { http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) @@ -242,7 +221,7 @@ func totpSetupHandler(app *model.AppState) http.Handler { if err != nil { fmt.Printf("WARN: Failed to create TOTP method: %s\n", err) controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - err := pages["totp-setup"].Execute(w, totpSetupData{ Session: session }) + err := totpSetupTemplate.Execute(w, totpConfirmData{ Session: session }) if err != nil { fmt.Printf("WARN: Failed to render TOTP setup page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -250,10 +229,17 @@ func totpSetupHandler(app *model.AppState) http.Handler { return } - err = pages["totp-confirm"].Execute(w, totpSetupData{ + qrBase64Image, err := controller.GenerateQRCode( + controller.GenerateTOTPURI(session.Account.Username, totp.Secret)) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to generate TOTP QR code: %v\n", err) + } + + err = totpConfirmTemplate.Execute(w, totpConfirmData{ Session: session, TOTP: &totp, NameEscaped: url.PathEscape(totp.Name), + QRBase64Image: qrBase64Image, }) if err != nil { fmt.Printf("WARN: Failed to render TOTP confirm page: %s\n", err) @@ -269,11 +255,6 @@ func totpConfirmHandler(app *model.AppState) http.Handler { return } - type totpConfirmData struct { - Session *model.Session - TOTP *model.TOTP - } - session := r.Context().Value("session").(*model.Session) err := r.ParseForm() @@ -294,7 +275,7 @@ func totpConfirmHandler(app *model.AppState) http.Handler { totp, err := controller.GetTOTP(app.DB, session.Account.ID, name) if err != nil { - fmt.Printf("WARN: Failed to fetch TOTP method: %s\n", err) + fmt.Printf("WARN: Failed to fetch TOTP method: %v\n", err) controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") http.Redirect(w, r, "/admin/account", http.StatusFound) return @@ -304,19 +285,41 @@ func totpConfirmHandler(app *model.AppState) http.Handler { return } + qrBase64Image, err := controller.GenerateQRCode( + controller.GenerateTOTPURI(session.Account.Username, totp.Secret)) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to generate TOTP QR code: %v\n", err) + } + confirmCode := controller.GenerateTOTP(totp.Secret, 0) if code != confirmCode { confirmCodeOffset := controller.GenerateTOTP(totp.Secret, 1) if code != confirmCodeOffset { - controller.SetSessionError(app.DB, session, "Incorrect TOTP code. Please try again.") - err = pages["totp-confirm"].Execute(w, totpConfirmData{ + session.Error = sql.NullString{ Valid: true, String: "Incorrect TOTP code. Please try again." } + err = totpConfirmTemplate.Execute(w, totpConfirmData{ Session: session, TOTP: totp, + NameEscaped: url.PathEscape(totp.Name), + QRBase64Image: qrBase64Image, }) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to render TOTP setup page: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } return } } + err = controller.ConfirmTOTP(app.DB, session.Account.ID, name) + if err != nil { + fmt.Printf("WARN: Failed to confirm TOTP method: %s\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + http.Redirect(w, r, "/admin/account", http.StatusFound) + return + } + + app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" created TOTP method \"%s\".", session.Account.Username, totp.Name) + controller.SetSessionError(app.DB, session, "") controller.SetSessionMessage(app.DB, session, fmt.Sprintf("TOTP method \"%s\" created successfully.", totp.Name)) http.Redirect(w, r, "/admin/account", http.StatusFound) @@ -330,12 +333,11 @@ func totpDeleteHandler(app *model.AppState) http.Handler { return } - name := r.URL.Path - fmt.Printf("%s\n", name); - if len(name) == 0 { + if len(r.URL.Path) < 2 { http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) return } + name := r.URL.Path[1:] session := r.Context().Value("session").(*model.Session) @@ -359,6 +361,8 @@ func totpDeleteHandler(app *model.AppState) http.Handler { return } + app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" deleted TOTP method \"%s\".", session.Account.Username, totp.Name) + controller.SetSessionError(app.DB, session, "") controller.SetSessionMessage(app.DB, session, fmt.Sprintf("TOTP method \"%s\" deleted successfully.", totp.Name)) http.Redirect(w, r, "/admin/account", http.StatusFound) diff --git a/admin/artisthttp.go b/admin/artisthttp.go index 5979493..9fa6bb2 100644 --- a/admin/artisthttp.go +++ b/admin/artisthttp.go @@ -1,9 +1,9 @@ package admin import ( - "fmt" - "net/http" - "strings" + "fmt" + "net/http" + "strings" "arimelody-web/model" "arimelody-web/controller" @@ -39,7 +39,7 @@ func serveArtist(app *model.AppState) http.Handler { session := r.Context().Value("session").(*model.Session) - err = pages["artist"].Execute(w, ArtistResponse{ + err = artistTemplate.Execute(w, ArtistResponse{ Session: session, Artist: artist, Credits: credits, diff --git a/admin/components/credits/addcredit.html b/admin/components/credits/addcredit.html index 32c43fa..c09a550 100644 --- a/admin/components/credits/addcredit.html +++ b/admin/components/credits/addcredit.html @@ -1,6 +1,6 @@
-

Add artist credit

+

Add Artist Credit

    diff --git a/admin/components/release/release-list-item.html b/admin/components/release/release-list-item.html index 677318d..4b8f41e 100644 --- a/admin/components/release/release-list-item.html +++ b/admin/components/release/release-list-item.html @@ -7,7 +7,7 @@

    {{.Title}} - {{.GetReleaseYear}} + {{.ReleaseDate.Year}} {{if not .Visible}}(hidden){{end}}

    diff --git a/admin/components/tracks/addtrack.html b/admin/components/tracks/addtrack.html index f402763..a6dd433 100644 --- a/admin/components/tracks/addtrack.html +++ b/admin/components/tracks/addtrack.html @@ -1,6 +1,6 @@
    -

    Add track

    +

    Add Track

      diff --git a/admin/http.go b/admin/http.go index b6a71ee..245a152 100644 --- a/admin/http.go +++ b/admin/http.go @@ -1,39 +1,54 @@ package admin import ( - "context" - "database/sql" - "fmt" - "net/http" - "os" - "path/filepath" - "strings" - "time" + "context" + "database/sql" + "fmt" + "net/http" + "os" + "path/filepath" + "strings" + "time" - "arimelody-web/controller" - "arimelody-web/model" + "arimelody-web/controller" + "arimelody-web/log" + "arimelody-web/model" - "golang.org/x/crypto/bcrypt" + "golang.org/x/crypto/bcrypt" ) func Handler(app *model.AppState) http.Handler { mux := http.NewServeMux() + mux.Handle("/qr-test", http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + qrB64Img, err := controller.GenerateQRCode("super epic mega gaming test message. be sure to buy free2play on bandcamp so i can put food on my family") + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to generate QR code: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + + w.Write([]byte("")) + })) + mux.Handle("/login", loginHandler(app)) - mux.Handle("/logout", requireAccount(app, logoutHandler(app))) + mux.Handle("/totp", loginTOTPHandler(app)) + mux.Handle("/logout", requireAccount(logoutHandler(app))) mux.Handle("/register", registerAccountHandler(app)) - mux.Handle("/account", requireAccount(app, accountIndexHandler(app))) - mux.Handle("/account/", requireAccount(app, http.StripPrefix("/account", accountHandler(app)))) + mux.Handle("/account", requireAccount(accountIndexHandler(app))) + mux.Handle("/account/", requireAccount(http.StripPrefix("/account", accountHandler(app)))) - mux.Handle("/release/", requireAccount(app, http.StripPrefix("/release", serveRelease(app)))) - mux.Handle("/artist/", requireAccount(app, http.StripPrefix("/artist", serveArtist(app)))) - mux.Handle("/track/", requireAccount(app, http.StripPrefix("/track", serveTrack(app)))) + mux.Handle("/logs", requireAccount(logsHandler(app))) + + mux.Handle("/release/", requireAccount(http.StripPrefix("/release", serveRelease(app)))) + mux.Handle("/artist/", requireAccount(http.StripPrefix("/artist", serveArtist(app)))) + mux.Handle("/track/", requireAccount(http.StripPrefix("/track", serveTrack(app)))) mux.Handle("/static/", http.StripPrefix("/static", staticHandler())) - mux.Handle("/", requireAccount(app, AdminIndexHandler(app))) + mux.Handle("/", requireAccount(AdminIndexHandler(app))) // response wrapper to make sure a session cookie exists return enforceSession(app, mux) @@ -76,7 +91,7 @@ func AdminIndexHandler(app *model.AppState) http.Handler { Tracks []*model.Track } - err = pages["index"].Execute(w, IndexData{ + err = indexTemplate.Execute(w, IndexData{ Session: session, Releases: releases, Artists: artists, @@ -105,7 +120,7 @@ func registerAccountHandler(app *model.AppState) http.Handler { } render := func() { - err := pages["register"].Execute(w, registerData{ Session: session }) + err := registerTemplate.Execute(w, registerData{ Session: session }) if err != nil { fmt.Printf("WARN: Error rendering create account page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -186,15 +201,12 @@ func registerAccountHandler(app *model.AppState) http.Handler { return } - fmt.Printf( - "[%s]: Account registered: %s (%s)\n", - time.Now().Format(time.UnixDate), - account.Username, - account.ID, - ) + app.Log.Info(log.TYPE_ACCOUNT, "Account \"%s\" (%s) created using invite \"%s\". (%s)", account.Username, account.ID, invite.Code, controller.ResolveIP(app, r)) err = controller.DeleteInvite(app.DB, invite.Code) - if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to delete expired invite: %v\n", err) } + if err != nil { + app.Log.Warn(log.TYPE_ACCOUNT, "Failed to delete expired invite \"%s\": %v", invite.Code, err) + } // registration success! controller.SetSessionAccount(app.DB, session, &account) @@ -218,7 +230,7 @@ func loginHandler(app *model.AppState) http.Handler { } render := func() { - err := pages["login"].Execute(w, loginData{ Session: session }) + err := loginTemplate.Execute(w, loginData{ Session: session }) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Error rendering admin login page: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -232,7 +244,6 @@ func loginHandler(app *model.AppState) http.Handler { http.Redirect(w, r, "/admin", http.StatusFound) return } - render() return } @@ -243,23 +254,15 @@ func loginHandler(app *model.AppState) http.Handler { return } - // new accounts won't have TOTP methods at first. there should be a - // second phase of login that prompts the user for a TOTP *only* - // if that account has a TOTP method. - // TODO: login phases (username & password -> TOTP) - - type LoginRequest struct { - Username string `json:"username"` - Password string `json:"password"` - TOTP string `json:"totp"` - } - credentials := LoginRequest{ - Username: r.Form.Get("username"), - Password: r.Form.Get("password"), - TOTP: r.Form.Get("totp"), + if !r.Form.Has("username") || !r.Form.Has("password") { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return } - account, err := controller.GetAccountByUsername(app.DB, credentials.Username) + username := r.FormValue("username") + password := r.FormValue("password") + + account, err := controller.GetAccountByUsername(app.DB, username) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to fetch account for login: %v\n", err) controller.SetSessionError(app.DB, session, "Invalid username or password.") @@ -271,81 +274,145 @@ func loginHandler(app *model.AppState) http.Handler { render() return } - - err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(credentials.Password)) - if err != nil { - fmt.Printf( - "[%s] INFO: Account \"%s\" attempted login with incorrect password.\n", - time.Now().Format(time.UnixDate), - account.Username, - ) - controller.SetSessionError(app.DB, session, "Invalid username or password.") + if account.Locked { + controller.SetSessionError(app.DB, session, "This account is locked.") render() return } - var totpMethod *model.TOTP - if len(credentials.TOTP) == 0 { - // check if user has TOTP - totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) + err = bcrypt.CompareHashAndPassword([]byte(account.Password), []byte(password)) + if err != nil { + app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" attempted login with incorrect password. (%s)", account.Username, controller.ResolveIP(app, r)) + if locked := handleFailedLogin(app, account, r); locked { + controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.") + } else { + controller.SetSessionError(app.DB, session, "Invalid username or password.") + } + render() + return + } + + totps, err := controller.GetTOTPsForAccount(app.DB, account.ID) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + render() + return + } + + if len(totps) > 0 { + err = controller.SetSessionAttemptAccount(app.DB, session, account) if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) + fmt.Fprintf(os.Stderr, "WARN: Failed to set attempt session: %v\n", err) controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") render() return } - - if len(totps) > 0 { - type loginTOTPData struct { - Session *model.Session - Username string - Password string - } - err = pages["login-totp"].Execute(w, loginTOTPData{ - Session: session, - Username: credentials.Username, - Password: credentials.Password, - }) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to render login TOTP page: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - } - } else { - totpMethod, err = controller.CheckTOTPForAccount(app.DB, account.ID, credentials.TOTP) - if err != nil { - fmt.Fprintf(os.Stderr, "WARN: Failed to fetch TOTPs: %v\n", err) - controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") - render() - return - } - if totpMethod == nil { - controller.SetSessionError(app.DB, session, "Invalid TOTP.") - render() - return - } + controller.SetSessionMessage(app.DB, session, "") + controller.SetSessionError(app.DB, session, "") + http.Redirect(w, r, "/admin/totp", http.StatusFound) + return } - if totpMethod != nil { - fmt.Printf( - "[%s] INFO: Account \"%s\" logged in with method \"%s\"\n", - time.Now().Format(time.UnixDate), - account.Username, - totpMethod.Name, - ) - } else { - fmt.Printf( - "[%s] INFO: Account \"%s\" logged in\n", - time.Now().Format(time.UnixDate), - account.Username, - ) - } - - // TODO: log login activity to user - // login success! - controller.SetSessionAccount(app.DB, session, account) + // TODO: log login activity to user + app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in. (%s)", account.Username, controller.ResolveIP(app, r)) + app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" does not have any TOTP methods assigned.", account.Username) + + err = controller.SetSessionAccount(app.DB, session, account) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to set session account: %v\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + render() + return + } + controller.SetSessionMessage(app.DB, session, "") + controller.SetSessionError(app.DB, session, "") + http.Redirect(w, r, "/admin", http.StatusFound) + }) +} + +func loginTOTPHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + session := r.Context().Value("session").(*model.Session) + + if session.AttemptAccount == nil { + http.Error(w, http.StatusText(http.StatusUnauthorized), http.StatusUnauthorized) + return + } + + type loginTOTPData struct { + Session *model.Session + } + + render := func() { + err := loginTOTPTemplate.Execute(w, loginTOTPData{ Session: session }) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to render login TOTP page: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + } + + if r.Method == http.MethodGet { + render() + return + } + + if r.Method != http.MethodPost { + http.NotFound(w, r) + return + } + + r.ParseForm() + + if !r.Form.Has("totp") { + http.Error(w, http.StatusText(http.StatusBadRequest), http.StatusBadRequest) + return + } + + totpCode := r.FormValue("totp") + + if len(totpCode) != controller.TOTP_CODE_LENGTH { + app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Invalid TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r)) + controller.SetSessionError(app.DB, session, "Invalid TOTP.") + render() + return + } + + totpMethod, err := controller.CheckTOTPForAccount(app.DB, session.AttemptAccount.ID, totpCode) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to check TOTPs: %v\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + render() + return + } + if totpMethod == nil { + app.Log.Warn(log.TYPE_ACCOUNT, "\"%s\" failed login (Incorrect TOTP). (%s)", session.AttemptAccount.Username, controller.ResolveIP(app, r)) + if locked := handleFailedLogin(app, session.AttemptAccount, r); locked { + controller.SetSessionError(app.DB, session, "Too many failed attempts. This account is now locked.") + controller.SetSessionAttemptAccount(app.DB, session, nil) + http.Redirect(w, r, "/admin", http.StatusFound) + } else { + controller.SetSessionError(app.DB, session, "Incorrect TOTP.") + } + render() + return + } + + app.Log.Info(log.TYPE_ACCOUNT, "\"%s\" logged in with TOTP method \"%s\". (%s)", session.AttemptAccount.Username, totpMethod.Name, controller.ResolveIP(app, r)) + + err = controller.SetSessionAccount(app.DB, session, session.AttemptAccount) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to set session account: %v\n", err) + controller.SetSessionError(app.DB, session, "Something went wrong. Please try again.") + render() + return + } + err = controller.SetSessionAttemptAccount(app.DB, session, nil) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to clear attempt session: %v\n", err) + } controller.SetSessionMessage(app.DB, session, "") controller.SetSessionError(app.DB, session, "") http.Redirect(w, r, "/admin", http.StatusFound) @@ -373,7 +440,7 @@ func logoutHandler(app *model.AppState) http.Handler { Path: "/", }) - err = pages["logout"].Execute(w, nil) + err = logoutTemplate.Execute(w, nil) if err != nil { fmt.Fprintf(os.Stderr, "WARN: Failed to render logout page: %v\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -381,7 +448,7 @@ func logoutHandler(app *model.AppState) http.Handler { }) } -func requireAccount(app *model.AppState, next http.Handler) http.HandlerFunc { +func requireAccount(next http.Handler) http.HandlerFunc { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { session := r.Context().Value("session").(*model.Session) if session.Account == nil { @@ -416,30 +483,13 @@ func staticHandler() http.Handler { func enforceSession(app *model.AppState, next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - sessionCookie, err := r.Cookie(model.COOKIE_TOKEN) - if err != nil && err != http.ErrNoCookie { - fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session cookie: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + session, err := controller.GetSessionFromRequest(app, r) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } - var session *model.Session - - if sessionCookie != nil { - // fetch existing session - session, err = controller.GetSession(app.DB, sessionCookie.Value) - - if err != nil && !strings.Contains(err.Error(), "no rows") { - fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err) - http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) - return - } - - if session != nil { - // TODO: consider running security checks here (i.e. user agent mismatches) - } - } - if session == nil { // create a new session session, err = controller.CreateSession(app.DB, r.UserAgent()) @@ -463,3 +513,30 @@ func enforceSession(app *model.AppState, next http.Handler) http.Handler { next.ServeHTTP(w, r.WithContext(ctx)) }) } + +func handleFailedLogin(app *model.AppState, account *model.Account, r *http.Request) bool { + locked, err := controller.IncrementAccountFails(app.DB, account.ID) + if err != nil { + fmt.Fprintf( + os.Stderr, + "WARN: Failed to increment login failures for \"%s\": %v\n", + account.Username, + err, + ) + app.Log.Warn( + log.TYPE_ACCOUNT, + "Failed to increment login failures for \"%s\"", + account.Username, + ) + } + if locked { + app.Log.Warn( + log.TYPE_ACCOUNT, + "Account \"%s\" was locked: %d failed login attempts (IP: %s)", + account.Username, + model.MAX_LOGIN_FAIL_ATTEMPTS, + controller.ResolveIP(app, r), + ) + } + return locked +} diff --git a/admin/logshttp.go b/admin/logshttp.go new file mode 100644 index 0000000..7249b16 --- /dev/null +++ b/admin/logshttp.go @@ -0,0 +1,67 @@ +package admin + +import ( + "arimelody-web/log" + "arimelody-web/model" + "fmt" + "net/http" + "os" + "strings" +) + +func logsHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method != http.MethodGet { + http.NotFound(w, r) + return + } + + session := r.Context().Value("session").(*model.Session) + + levelFilter := []log.LogLevel{} + typeFilter := []string{} + + query := r.URL.Query().Get("q") + + for key, value := range r.URL.Query() { + if strings.HasPrefix(key, "level-") && value[0] == "on" { + m := map[string]log.LogLevel{ + "info": log.LEVEL_INFO, + "warn": log.LEVEL_WARN, + } + level, ok := m[strings.TrimPrefix(key, "level-")] + if ok { + levelFilter = append(levelFilter, level) + } + continue + } + + if strings.HasPrefix(key, "type-") && value[0] == "on" { + typeFilter = append(typeFilter, string(strings.TrimPrefix(key, "type-"))) + continue + } + } + + logs, err := app.Log.Search(levelFilter, typeFilter, query, 100, 0) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to fetch audit logs: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + + type LogsResponse struct { + Session *model.Session + Logs []*log.Log + } + + err = logsTemplate.Execute(w, LogsResponse{ + Session: session, + Logs: logs, + }) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to render audit logs page: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + }) +} diff --git a/admin/releasehttp.go b/admin/releasehttp.go index cd73e98..c6b68ab 100644 --- a/admin/releasehttp.go +++ b/admin/releasehttp.go @@ -1,12 +1,12 @@ package admin import ( - "fmt" - "net/http" - "strings" + "fmt" + "net/http" + "strings" - "arimelody-web/controller" - "arimelody-web/model" + "arimelody-web/controller" + "arimelody-web/model" ) func serveRelease(app *model.AppState) http.Handler { @@ -22,7 +22,7 @@ func serveRelease(app *model.AppState) http.Handler { http.NotFound(w, r) return } - fmt.Printf("FATAL: Failed to pull full release data for %s: %s\n", releaseID, err) + fmt.Printf("WARN: Failed to pull full release data for %s: %s\n", releaseID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -60,7 +60,7 @@ func serveRelease(app *model.AppState) http.Handler { Release *model.Release } - err = pages["release"].Execute(w, ReleaseResponse{ + err = releaseTemplate.Execute(w, ReleaseResponse{ Session: session, Release: release, }) @@ -74,7 +74,7 @@ func serveRelease(app *model.AppState) http.Handler { func serveEditCredits(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") - err := components["editcredits"].Execute(w, release) + err := editCreditsTemplate.Execute(w, release) if err != nil { fmt.Printf("Error rendering edit credits component for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -86,7 +86,7 @@ func serveAddCredit(app *model.AppState, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { artists, err := controller.GetArtistsNotOnRelease(app.DB, release.ID) if err != nil { - fmt.Printf("FATAL: Failed to pull artists not on %s: %s\n", release.ID, err) + fmt.Printf("WARN: Failed to pull artists not on %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -97,7 +97,7 @@ func serveAddCredit(app *model.AppState, release *model.Release) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = components["addcredit"].Execute(w, response{ + err = addCreditTemplate.Execute(w, response{ ReleaseID: release.ID, Artists: artists, }) @@ -113,7 +113,7 @@ func serveNewCredit(app *model.AppState) http.Handler { artistID := strings.Split(r.URL.Path, "/")[3] artist, err := controller.GetArtist(app.DB, artistID) if err != nil { - fmt.Printf("FATAL: Failed to pull artists %s: %s\n", artistID, err) + fmt.Printf("WARN: Failed to pull artists %s: %s\n", artistID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -123,7 +123,7 @@ func serveNewCredit(app *model.AppState) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = components["newcredit"].Execute(w, artist) + err = newCreditTemplate.Execute(w, artist) if err != nil { fmt.Printf("Error rendering new credit component for %s: %s\n", artist.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -134,7 +134,7 @@ func serveNewCredit(app *model.AppState) http.Handler { func serveEditLinks(release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { w.Header().Set("Content-Type", "text/html") - err := components["editlinks"].Execute(w, release) + err := editLinksTemplate.Execute(w, release) if err != nil { fmt.Printf("Error rendering edit links component for %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) @@ -151,7 +151,7 @@ func serveEditTracks(release *model.Release) http.Handler { Add func(a int, b int) int } - err := components["edittracks"].Execute(w, editTracksData{ + err := editTracksTemplate.Execute(w, editTracksData{ Release: release, Add: func(a, b int) int { return a + b }, }) @@ -166,7 +166,7 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { tracks, err := controller.GetTracksNotOnRelease(app.DB, release.ID) if err != nil { - fmt.Printf("FATAL: Failed to pull tracks not on %s: %s\n", release.ID, err) + fmt.Printf("WARN: Failed to pull tracks not on %s: %s\n", release.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -177,7 +177,7 @@ func serveAddTrack(app *model.AppState, release *model.Release) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = components["addtrack"].Execute(w, response{ + err = addTrackTemplate.Execute(w, response{ ReleaseID: release.ID, Tracks: tracks, }) @@ -204,7 +204,7 @@ func serveNewTrack(app *model.AppState) http.Handler { } w.Header().Set("Content-Type", "text/html") - err = components["newtrack"].Execute(w, track) + err = newTrackTemplate.Execute(w, track) if err != nil { fmt.Printf("Error rendering new track component for %s: %s\n", track.ID, err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) diff --git a/admin/static/logs.css b/admin/static/logs.css new file mode 100644 index 0000000..f0df299 --- /dev/null +++ b/admin/static/logs.css @@ -0,0 +1,86 @@ +main { + width: min(1080px, calc(100% - 2em))!important +} + +form { + margin: 1em 0; +} + +div#search { + display: flex; +} + +#search input { + margin: 0; + flex-grow: 1; + + border-right: none; + border-top-right-radius: 0; + border-bottom-right-radius: 0; +} + +#search button { + padding: 0 .5em; + + border-top-left-radius: 0; + border-bottom-left-radius: 0; +} + +form #filters p { + margin: .5em 0 0 0; +} +form #filters label { + display: inline; +} +form #filters input { + margin-right: 1em; + display: inline; +} + +#logs { + width: 100%; + border-collapse: collapse; +} + +#logs tr { +} + +#logs tr td { + border-bottom: 1px solid #8888; +} + +#logs tr td:nth-child(even) { + background: #00000004; +} + +#logs th, #logs td { + padding: .4em .8em; +} + +td, th { + width: 1%; + text-align: left; + white-space: nowrap; +} +td.log-level, +th.log-level, +td.log-type, +th.log-type { + text-align: center; +} +td.log-content, +td.log-content { + width: 100%; + white-space: collapse; +} + +.log:hover { + background: #fff8; +} + +.log.warn { + background: #ffe86a; +} +.log.warn:hover { + background: #ffec81; +} diff --git a/admin/templates.go b/admin/templates.go index d9a74ca..606d569 100644 --- a/admin/templates.go +++ b/admin/templates.go @@ -1,80 +1,125 @@ package admin import ( - "html/template" - "path/filepath" + "arimelody-web/log" + "fmt" + "html/template" + "path/filepath" + "strings" + "time" ) -var pages = map[string]*template.Template{ - "index": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "components", "release", "release-list-item.html"), - filepath.Join("admin", "views", "index.html"), - )), +var indexTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "components", "release", "release-list-item.html"), + filepath.Join("admin", "views", "index.html"), +)) - "login": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "login.html"), - )), - "login-totp": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "login-totp.html"), - )), - "register": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "register.html"), - )), - "logout": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "logout.html"), - )), - "account": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-account.html"), - )), - "totp-setup": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "totp-setup.html"), - )), - "totp-confirm": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "totp-confirm.html"), - )), +var loginTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "login.html"), +)) +var loginTOTPTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "login-totp.html"), +)) +var registerTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "register.html"), +)) +var logoutTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "logout.html"), +)) +var accountTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "edit-account.html"), +)) +var totpSetupTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "totp-setup.html"), +)) +var totpConfirmTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "totp-confirm.html"), +)) - "release": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-release.html"), - )), - "artist": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "views", "edit-artist.html"), - )), - "track": template.Must(template.ParseFiles( - filepath.Join("admin", "views", "layout.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("admin", "components", "release", "release-list-item.html"), - filepath.Join("admin", "views", "edit-track.html"), - )), -} +var logsTemplate = template.Must(template.New("layout.html").Funcs(template.FuncMap{ + "parseLevel": func(level log.LogLevel) string { + switch level { + case log.LEVEL_INFO: + return "INFO" + case log.LEVEL_WARN: + return "WARN" + } + return fmt.Sprintf("%d?", level) + }, + "titleCase": func(logType string) string { + runes := []rune(logType) + for i, r := range runes { + if (i == 0 || runes[i - 1] == ' ') && r >= 'a' && r <= 'z' { + runes[i] = r + ('A' - 'a') + } + } + return string(runes) + }, + "lower": func(str string) string { return strings.ToLower(str) }, + "prettyTime": func(t time.Time) string { + // return t.Format("2006-01-02 15:04:05") + // return t.Format("15:04:05, 2 Jan 2006") + return t.Format("02 Jan 2006, 15:04:05") + }, +}).ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "logs.html"), +)) -var components = map[string]*template.Template{ - "editcredits": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "editcredits.html"))), - "addcredit": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "addcredit.html"))), - "newcredit": template.Must(template.ParseFiles(filepath.Join("admin", "components", "credits", "newcredit.html"))), +var releaseTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "edit-release.html"), +)) +var artistTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "views", "edit-artist.html"), +)) +var trackTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "views", "layout.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("admin", "components", "release", "release-list-item.html"), + filepath.Join("admin", "views", "edit-track.html"), +)) - "editlinks": template.Must(template.ParseFiles(filepath.Join("admin", "components", "links", "editlinks.html"))), +var editCreditsTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "credits", "editcredits.html"), +)) +var addCreditTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "credits", "addcredit.html"), +)) +var newCreditTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "credits", "newcredit.html"), +)) - "edittracks": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "edittracks.html"))), - "addtrack": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "addtrack.html"))), - "newtrack": template.Must(template.ParseFiles(filepath.Join("admin", "components", "tracks", "newtrack.html"))), -} +var editLinksTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "links", "editlinks.html"), +)) + +var editTracksTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "tracks", "edittracks.html"), +)) +var addTrackTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "tracks", "addtrack.html"), +)) +var newTrackTemplate = template.Must(template.ParseFiles( + filepath.Join("admin", "components", "tracks", "newtrack.html"), +)) diff --git a/admin/trackhttp.go b/admin/trackhttp.go index 9436671..93eacdb 100644 --- a/admin/trackhttp.go +++ b/admin/trackhttp.go @@ -1,9 +1,9 @@ package admin import ( - "fmt" - "net/http" - "strings" + "fmt" + "net/http" + "strings" "arimelody-web/model" "arimelody-web/controller" @@ -39,7 +39,7 @@ func serveTrack(app *model.AppState) http.Handler { session := r.Context().Value("session").(*model.Session) - err = pages["track"].Execute(w, TrackResponse{ + err = trackTemplate.Execute(w, TrackResponse{ Session: session, Track: track, Releases: releases, diff --git a/admin/views/layout.html b/admin/views/layout.html index 8c34c8e..52b0620 100644 --- a/admin/views/layout.html +++ b/admin/views/layout.html @@ -23,7 +23,14 @@
      home
      + {{if .Session.Account}} +
      + logs +
      + {{end}} +
      + {{if .Session.Account}}
      account ({{.Session.Account.Username}}) diff --git a/admin/views/login-totp.html b/admin/views/login-totp.html index d959e3c..33e8c88 100644 --- a/admin/views/login-totp.html +++ b/admin/views/login-totp.html @@ -26,14 +26,19 @@ input { {{define "content"}}
      -
      + {{if .Session.Message.Valid}} +

      {{html .Session.Message.String}}

      + {{end}} + {{if .Session.Error.Valid}} +

      {{html .Session.Error.String}}

      + {{end}} + +

      Two-Factor Authentication

      - -
      diff --git a/admin/views/logs.html b/admin/views/logs.html new file mode 100644 index 0000000..e3a3ccb --- /dev/null +++ b/admin/views/logs.html @@ -0,0 +1,68 @@ +{{define "head"}} +Audit Logs - ari melody 💫 + + + +{{end}} + +{{define "content"}} +
      +

      Audit Logs

      + + + +
      +
      +

      Level:

      + + + + +
      +
      +

      Type:

      + + + + + + + + + + + + + + +
      +
      + + +
      + + + + + + + + + + + + {{range .Logs}} + + + + + + + {{end}} + +
      TimeLevelTypeMessage
      {{prettyTime .CreatedAt}}{{parseLevel .Level}}{{titleCase .Type}}{{.Content}}
      +
      +{{end}} diff --git a/admin/views/totp-confirm.html b/admin/views/totp-confirm.html index ac39e52..7d305ec 100644 --- a/admin/views/totp-confirm.html +++ b/admin/views/totp-confirm.html @@ -3,6 +3,9 @@ \ No newline at end of file diff --git a/public/img/brand/twitch.svg b/public/img/brand/twitch.svg new file mode 100644 index 0000000..3120fea --- /dev/null +++ b/public/img/brand/twitch.svg @@ -0,0 +1,21 @@ + + + + +Asset 2 + + + + + + + + + + + diff --git a/public/img/brand/youtube.svg b/public/img/brand/youtube.svg new file mode 100644 index 0000000..3286071 --- /dev/null +++ b/public/img/brand/youtube.svg @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/public/img/buttons/girlonthemoon.png b/public/img/buttons/girlonthemoon.png new file mode 100644 index 0000000..4e98a12 Binary files /dev/null and b/public/img/buttons/girlonthemoon.png differ diff --git a/public/img/buttons/thermia.gif b/public/img/buttons/thermia.gif new file mode 100644 index 0000000..a7ee70a Binary files /dev/null and b/public/img/buttons/thermia.gif differ diff --git a/public/keys/ari melody_0x92678188_public.asc b/public/keys/ari melody_0x92678188_public.asc index 2b37d88..80a4676 100644 --- a/public/keys/ari melody_0x92678188_public.asc +++ b/public/keys/ari melody_0x92678188_public.asc @@ -1,13 +1,26 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- mDMEZNW03RYJKwYBBAHaRw8BAQdAuMUNVjXT7m/YisePPnSYY6lc1Xmm3oS79ZEO -JriRCZy0HWFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkubWU+iJMEExYKADsWIQTu -jeuNYocuegkeKt/PmYKckmeBiAUCZNW03QIbAwULCQgHAgIiAgYVCgkICwIEFgID -AQIeBwIXgAAKCRDPmYKckmeBiGCbAP4wTcLCU5ZlfSTJrFtGhQKWA6DxtUO7Cegk -Vu8SgkY3KgEA1/YqjZ1vSaqPDN4137vmhkhfduoYOjN0iptNj39u2wG4OARk1bTd -EgorBgEEAZdVAQUBAQdAnA2drPzQBoXNdwIrFnovuF0CjX+8+8QSugCF4a5ZEXED -AQgHiHgEGBYKACAWIQTujeuNYocuegkeKt/PmYKckmeBiAUCZNW03QIbDAAKCRDP -mYKckmeBiC/xAQD1hu4WcstR40lkUxMqhZ44wmizrDA+eGCdh7Ge3Gy79wEAx385 -GnYoNplMTA4BTGs7orV4WSfSkoBx0+px1UOewgs= -=M1Bp +JriRCZy0HWFyaSBtZWxvZHkgPGFyaUBhcmltZWxvZHkubWU+iJkEExYKAEECGwMF +CwkIBwICIgIGFQoJCAsCBBYCAwECHgcCF4AWIQTujeuNYocuegkeKt/PmYKckmeB +iAUCZ7UqUAUJCIMP8wAKCRDPmYKckmeBiO/NAP0SoJL4aKZqCeYiSoDF/Uw6nMmZ ++oR1Uig41wQ/IDbhCAEApP2vbjSIu6pcp0AQlL7qcoyPWv+XkqPSFqW9KEZZVwqI +kwQTFgoAOxYhBO6N641ihy56CR4q38+ZgpySZ4GIBQJk1bTdAhsDBQsJCAcCAiIC +BhUKCQgLAgQWAgMBAh4HAheAAAoJEM+ZgpySZ4GIYJsA/jBNwsJTlmV9JMmsW0aF +ApYDoPG1Q7sJ6CRW7xKCRjcqAQDX9iqNnW9Jqo8M3jXfu+aGSF926hg6M3SKm02P +f27bAbgzBGe1JooWCSsGAQQB2kcPAQEHQJbfh5iLHEpZndMgekqYzqTrUoAJ8ZIL +d4WH0dcw9tOaiPUEGBYKACYCGwIWIQTujeuNYocuegkeKt/PmYKckmeBiAUCZ7Uq +VgUJBaOeTACBdiAEGRYKAB0WIQQlu5dWmBR/P3ZxngxgtfA4bj3bfgUCZ7UmigAK +CRBgtfA4bj3bfux+AP4y5ydrjnGBMX7GuB2nh55SRdscSiXsZ66ntnjXyQcbWgEA +pDuu7FqXzXcnluuZxNFDT740Rnzs60tTeplDqGGWcAQJEM+ZgpySZ4GIc0kA/iSw +Nw+r3FC75omwrPpJF13B5fq93FweFx+oSaES6qzkAQDvgCK77qKKbvCju0g8zSsK +EZnv6xR4uvtGdVkvLpBdC7gzBGe1JpkWCSsGAQQB2kcPAQEHQGnU4lXFLchhKYkC +PshP+jvuRsNoedaDOK2p4dkQC8JuiH4EGBYKACYCGyAWIQTujeuNYocuegkeKt/P +mYKckmeBiAUCZ7UqXgUJBaOeRQAKCRDPmYKckmeBiL9KAQCJZIBhuSsoYa61I0XZ +cKzGZbB0h9pD6eg1VRswNIgHtQEAwu9Hgs1rs9cySvKbO7WgK6Qh6EfrvGgGOXCO +m3wVsg24OARntSo5EgorBgEEAZdVAQUBAQdA+/k586W1OHxndzDJNpbd+wqjyjr0 +D5IXxfDs00advB0DAQgHiH4EGBYKACYWIQTujeuNYocuegkeKt/PmYKckmeBiAUC +Z7UqOQIbDAUJBaOagAAKCRDPmYKckmeBiEFxAQCgziQt2l3u7jnZVij4zop+K2Lv +TVFtkbG61tf6brRzBgD/X6c6X5BRyQC51JV1I1RFRBdeMAIXzcLFg2v3WUMccQs= +=YmHI -----END PGP PUBLIC KEY BLOCK----- diff --git a/public/script/config.js b/public/script/config.js index 2bb33a6..402a74b 100644 --- a/public/script/config.js +++ b/public/script/config.js @@ -1,33 +1,106 @@ -const DEFAULT_CONFIG = { - crt: false -}; -const config = (() => { - let saved = localStorage.getItem("config"); - if (saved) { - const config = JSON.parse(saved); - setCRT(config.crt || DEFAULT_CONFIG.crt); - return config; +const ARIMELODY_CONFIG_NAME = "arimelody.me-config"; + +class Config { + _crt = false; + _cursor = false; + _cursorFunMode = false; + + /** @type Map> */ + #listeners = new Map(); + + constructor(values) { + function thisOrElse(values, name, defaultValue) { + if (values === null) return defaultValue; + if (values[name] === undefined) return defaultValue; + return values[name]; + } + + this.#listeners.set('crt', new Array()); + this.crt = thisOrElse(values, 'crt', false); + this.#listeners.set('cursor', new Array()); + this.cursor = thisOrElse(values, 'cursor', false); + this.#listeners.set('cursorFunMode', new Array()); + this.cursorFunMode = thisOrElse(values, 'cursorFunMode', false); + this.save(); } - localStorage.setItem("config", JSON.stringify(DEFAULT_CONFIG)); - return DEFAULT_CONFIG; -})(); + /** + * Appends a listener function to be called when the config value of `name` + * is changed. + */ + addListener(name, callback) { + const callbacks = this.#listeners.get(name); + if (!callbacks) return; + callbacks.push(callback); + } -function saveConfig() { - localStorage.setItem("config", JSON.stringify(config)); + /** + * Removes the listener function `callback` from the list of callbacks when + * the config value of `name` is changed. + */ + removeListener(name, callback) { + const callbacks = this.#listeners.get(name); + if (!callbacks) return; + callbacks.set(name, callbacks.filter(c => c !== callback)); + } + + save() { + localStorage.setItem(ARIMELODY_CONFIG_NAME, JSON.stringify({ + crt: this.crt, + cursor: this.cursor, + cursorFunMode: this.cursorFunMode + })); + } + + get crt() { return this._crt } + set crt(/** @type boolean */ enabled) { + this._crt = enabled; + this.save(); + + if (enabled) { + document.body.classList.add("crt"); + } else { + document.body.classList.remove("crt"); + } + document.getElementById('toggle-crt').className = enabled ? "" : "disabled"; + + this.#listeners.get('crt').forEach(callback => { + callback(this._crt); + }) + } + + get cursor() { return this._cursor } + set cursor(/** @type boolean */ value) { + this._cursor = value; + this.save(); + this.#listeners.get('cursor').forEach(callback => { + callback(this._cursor); + }) + } + + get cursorFunMode() { return this._cursorFunMode } + set cursorFunMode(/** @type boolean */ value) { + this._cursorFunMode = value; + this.save(); + this.#listeners.get('cursorFunMode').forEach(callback => { + callback(this._cursorFunMode); + }) + } } +const config = (() => { + let values = null; + + const saved = localStorage.getItem(ARIMELODY_CONFIG_NAME); + if (saved) + values = JSON.parse(saved); + + return new Config(values); +})(); + document.getElementById("toggle-crt").addEventListener("click", () => { config.crt = !config.crt; - setCRT(config.crt); - saveConfig(); }); -function setCRT(/** @type boolean */ enabled) { - if (enabled) { - document.body.classList.add("crt"); - } else { - document.body.classList.remove("crt"); - } - document.getElementById('toggle-crt').className = enabled ? "" : "disabled"; -} +window.config = config; +export default config; diff --git a/public/script/cursor.js b/public/script/cursor.js new file mode 100644 index 0000000..ff87068 --- /dev/null +++ b/public/script/cursor.js @@ -0,0 +1,403 @@ +import config from './config.js'; + +const CURSOR_LERP_RATE = 1/100; +const CURSOR_FUNCHAR_RATE = 20; +const CURSOR_CHAR_MAX_LIFE = 5000; +const CURSOR_MAX_CHARS = 64; + +/** @type HTMLCanvasElement */ +let canvas; +/** @type CanvasRenderingContext2D */ +let ctx; +/** @type Cursor */ +let myCursor; +/** @type Map */ +let cursors = new Map(); + +/** @type WebSocket */ +let ws; + +let running = false; +let lastUpdate = 0; + +let cursorBoxHeight = 0; +let cursorBoxRadius = 0; +let cursorIDFontSize = 0; +let cursorCharFontSize = 0; + +class Cursor { + #funCharCooldown = CURSOR_FUNCHAR_RATE; + + /** + * @param {string} id + * @param {number} x + * @param {number} y + */ + constructor(id, x, y) { + this.id = id; + + // real coordinates (canonical) + this.x = x; + this.y = y; + // render coordinates (interpolated) + this.rx = x; + this.ry = y; + + this.msg = ''; + /** @type Array */ + this.funChars = new Array(); + this.colour = randomColour(); + this.click = false; + } + + /** + * @param {number} deltaTime + */ + update(deltaTime) { + this.rx += (this.x - this.rx) * CURSOR_LERP_RATE * deltaTime; + this.ry += (this.y - this.ry) * CURSOR_LERP_RATE * deltaTime; + + if (this.#funCharCooldown > 0) + this.#funCharCooldown -= deltaTime; + + const x = this.rx * innerWidth - scrollX; + const y = this.ry * innerHeight - scrollY; + const onBackground = ctx.fillStyle = getComputedStyle(document.body).getPropertyValue('--on-background'); + + if (config.cursorFunMode === true) { + if (this.msg.length > 0) { + if (this.#funCharCooldown <= 0) { + this.#funCharCooldown = CURSOR_FUNCHAR_RATE; + if (this.funChars.length >= CURSOR_MAX_CHARS) { + this.funChars.shift(); + } + const yOffset = -10 / innerHeight; + const accelMultiplier = 0.002; + this.funChars.push(new FunChar( + this.x, this.y + yOffset, + (this.x - this.rx) * accelMultiplier, (this.y - this.ry) * accelMultiplier, + this.msg)); + } + } + + this.funChars.forEach(char => { + if (char.life > CURSOR_CHAR_MAX_LIFE || + char.y - scrollY > innerHeight || + char.x < 0 || + char.x * innerWidth - scrollX > innerWidth + ) { + this.funChars = this.funChars.filter(c => c !== this); + return; + } + char.update(deltaTime); + }); + } else if (this.msg.length > 0) { + ctx.font = 'normal bold ' + cursorCharFontSize + 'px monospace'; + ctx.fillStyle = onBackground; + ctx.fillText( + this.msg, + (x + 6) * devicePixelRatio, + (y + -8) * devicePixelRatio); + } + + const lightTheme = matchMedia && matchMedia('(prefers-color-scheme: light)').matches; + + if (lightTheme) + ctx.filter = 'saturate(5) brightness(0.8)'; + + const idText = '0x' + this.id.toString(16).padStart(8, '0'); + const colour = this.click ? onBackground : this.colour; + + ctx.beginPath(); + ctx.roundRect( + (x) * devicePixelRatio, + (y) * devicePixelRatio, + (12 + 7.2 * idText.length) * devicePixelRatio, + cursorBoxHeight, + cursorBoxRadius); + ctx.closePath(); + ctx.fillStyle = lightTheme ? '#fff8' : '#0008'; + ctx.fill(); + ctx.strokeStyle = colour; + ctx.lineWidth = devicePixelRatio; + ctx.stroke(); + + ctx.font = cursorIDFontSize + 'px monospace'; + ctx.fillStyle = colour; + ctx.fillText( + idText, + (x + 6) * devicePixelRatio, + (y + 14) * devicePixelRatio); + + ctx.filter = ''; + } +} + +class FunChar { + /** + * @param {number} x + * @param {number} y + * @param {number} xa + * @param {number} ya + * @param {string} text + */ + constructor(x, y, xa, ya, text) { + this.x = x; + this.y = y; + this.xa = xa + Math.random() * .0005 - .00025; + this.ya = ya + Math.random() * -.00025; + this.r = this.xa * 1000; + this.ra = this.r * 0.01; + this.text = text; + this.life = 0; + } + + /** + * @param {number} deltaTime + */ + update(deltaTime) { + this.life += deltaTime; + + this.x += this.xa * deltaTime; + this.y += this.ya * deltaTime; + this.r += this.ra * deltaTime; + this.ya = Math.min(this.ya + 0.000001 * deltaTime, 10); + + const x = this.x * innerWidth - scrollX; + const y = this.y * innerHeight - scrollY; + + const translateOffset = { + x: (x + 7.2) * devicePixelRatio, + y: (y - 7.2) * devicePixelRatio, + }; + ctx.translate(translateOffset.x, translateOffset.y); + ctx.rotate(this.r); + ctx.translate(-translateOffset.x, -translateOffset.y); + + ctx.font = 'normal bold ' + cursorCharFontSize + 'px monospace'; + ctx.fillStyle = getComputedStyle(document.body).getPropertyValue('--on-background'); + ctx.fillText( + this.text, + x * devicePixelRatio, + y * devicePixelRatio); + + ctx.resetTransform(); + } +} + +/** + * @returns string + */ +function randomColour() { + const min = 128; + const range = 100; + const red = Math.round((min + Math.random() * range)).toString(16); + const green = Math.round((min + Math.random() * range)).toString(16); + const blue = Math.round((min + Math.random() * range)).toString(16); + + return '#' + red + green + blue; +} + +/** + * @param {MouseEvent} event + */ +let mouseMoveLock = false; +const mouseMoveCooldown = 1000/30; +function handleMouseMove(event) { + if (!myCursor) return; + + const x = event.pageX / innerWidth; + const y = event.pageY / innerHeight; + const f = 10000; // four digit floating-point precision + + if (!mouseMoveLock) { + mouseMoveLock = true; + if (ws && ws.readyState == WebSocket.OPEN) + ws.send(`pos:${Math.round(x * f) / f}:${Math.round(y * f) / f}`); + setTimeout(() => { + mouseMoveLock = false; + }, mouseMoveCooldown); + } + + myCursor.x = x; + myCursor.y = y; +} + +function handleMouseDown() { + myCursor.click = true; + if (ws && ws.readyState == WebSocket.OPEN) + ws.send('click:1'); +} +function handleMouseUp() { + myCursor.click = false; + if (ws && ws.readyState == WebSocket.OPEN) + ws.send('click:0'); +} + +/** + * @param {KeyboardEvent} event + */ +function handleKeyPress(event) { + if (event.key.length > 1) return; + if (event.metaKey || event.ctrlKey) return; + if (myCursor.msg === event.key) return; + if (ws && ws.readyState == WebSocket.OPEN) + ws.send(`char:${event.key}`); + myCursor.msg = event.key; +} + +function handleKeyUp() { + if (ws && ws.readyState == WebSocket.OPEN) + ws.send(`nochar`); + myCursor.msg = ''; +} + +/** + * @param {number} timestamp + */ +function update(timestamp) { + if (!running) return; + + const deltaTime = timestamp - lastUpdate; + lastUpdate = timestamp; + + ctx.clearRect(0, 0, canvas.width, canvas.height); + + cursors.forEach(cursor => { + cursor.update(deltaTime); + }); + + requestAnimationFrame(update); +} + +function handleWindowResize() { + canvas.width = innerWidth * devicePixelRatio; + canvas.height = innerHeight * devicePixelRatio; + cursorBoxHeight = 20 * devicePixelRatio; + cursorBoxRadius = 4 * devicePixelRatio; + cursorIDFontSize = 12 * devicePixelRatio; + cursorCharFontSize = 20 * devicePixelRatio; +} + +function cursorSetup() { + if (running) throw new Error('Only one instance of Cursor can run at a time.'); + running = true; + + canvas = document.createElement('canvas'); + canvas.id = 'cursors'; + handleWindowResize(); + document.body.appendChild(canvas); + + ctx = canvas.getContext('2d'); + + myCursor = new Cursor('You!', innerWidth / 2, innerHeight / 2); + cursors.set(0, myCursor); + + addEventListener('resize', handleWindowResize); + document.addEventListener('mousemove', handleMouseMove); + document.addEventListener('mousedown', handleMouseDown); + document.addEventListener('mouseup', handleMouseUp); + document.addEventListener('keypress', handleKeyPress); + document.addEventListener('keyup', handleKeyUp); + + requestAnimationFrame(update); + + ws = new WebSocket('/cursor-ws'); + ws.addEventListener('open', () => { + console.log('Cursor connected to server successfully.'); + + ws.send(`loc:${location.pathname}`); + }); + ws.addEventListener('error', error => { + console.error('Cursor WebSocket error:', error); + }); + ws.addEventListener('close', () => { + console.log('Cursor connection closed.'); + }); + ws.addEventListener('message', event => { + const args = String(event.data).split(':'); + if (args.length == 0) return; + + let id = 0; + /** @type Cursor */ + let cursor; + if (args.length > 1) { + id = Number(args[1]); + cursor = cursors.get(id); + } + + switch (args[0]) { + case 'id': { + myCursor.id = id; + break; + } + case 'join': { + if (id === myCursor.id) break; + cursors.set(id, new Cursor(id, 0, 0)); + break; + } + case 'leave': { + if (!cursor || cursor === myCursor) break; + cursors.delete(id); + break; + } + case 'char': { + if (!cursor || cursor === myCursor) break; + cursor.msg = args[2]; + break; + } + case 'nochar': { + if (!cursor || cursor === myCursor) break; + cursor.msg = ''; + break; + } + case 'click': { + if (!cursor || cursor === myCursor) break; + cursor.click = args[2] == '1'; + break; + } + case 'pos': { + if (!cursor || cursor === myCursor) break; + cursor.x = Number(args[2]); + cursor.y = Number(args[3]); + break; + } + default: { + console.warn('Cursor: Unknown command received from server:', args[0]); + break; + } + } + }); + + console.log(`Cursor tracking @ ${location.pathname}`); +} + +function cursorDestroy() { + if (!running) return; + + removeEventListener('resize', handleWindowResize); + document.removeEventListener('mousemove', handleMouseMove); + document.removeEventListener('mousedown', handleMouseDown); + document.removeEventListener('mouseup', handleMouseUp); + document.removeEventListener('keypress', handleKeyPress); + document.removeEventListener('keyup', handleKeyUp); + + ctx.clearRect(0, 0, canvas.width, canvas.height); + + cursors.clear(); + myCursor = null; + + console.log(`Cursor no longer tracking.`); + running = false; +} + +if (config.cursor === true) { + cursorSetup(); +} + +config.addListener('cursor', enabled => { + if (enabled === true) + cursorSetup(); + else + cursorDestroy(); +}); diff --git a/public/script/index.js b/public/script/index.js index 512ed8f..2197bd4 100644 --- a/public/script/index.js +++ b/public/script/index.js @@ -1,3 +1,5 @@ +import { hijackClickEvent } from "./main.js"; + const hexPrimary = document.getElementById("hex-primary"); const hexSecondary = document.getElementById("hex-secondary"); const hexTertiary = document.getElementById("hex-tertiary"); @@ -14,3 +16,8 @@ updateHexColours(); window.matchMedia("(prefers-color-scheme: dark)").addEventListener("change", () => { updateHexColours(); }); + +document.querySelectorAll("ul#projects li.project-item").forEach(projectItem => { + const link = projectItem.querySelector('a'); + hijackClickEvent(projectItem, link); +}); diff --git a/public/script/main.js b/public/script/main.js index 5c22ce4..19eddc2 100644 --- a/public/script/main.js +++ b/public/script/main.js @@ -1,5 +1,6 @@ import "./header.js"; import "./config.js"; +import "./cursor.js"; function type_out(e) { const text = e.innerText; @@ -44,12 +45,28 @@ function fill_list(list) { }); } +export function hijackClickEvent(container, link) { + container.addEventListener('click', event => { + if (event.target.tagName.toLowerCase() === 'a') return; + event.preventDefault(); + link.dispatchEvent(new MouseEvent('click', { + bubbles: true, + cancelable: true, + view: window, + ctrlKey: event.ctrlKey, + metaKey: event.metaKey, + shiftKey: event.shiftKey, + altKey: event.altKey, + button: event.button, + })); + }); +} + document.addEventListener("DOMContentLoaded", () => { [...document.querySelectorAll(".typeout")] .filter((e) => e.innerText != "") .forEach((e) => { type_out(e); - console.log(e); }); [...document.querySelectorAll("ol, ul")] .filter((e) => e.innerText != "") diff --git a/public/script/music.js b/public/script/music.js index 273ce2b..91f34ab 100644 --- a/public/script/music.js +++ b/public/script/music.js @@ -1,12 +1,6 @@ -import "./main.js"; +import { hijackClickEvent } from "./main.js"; document.querySelectorAll("div.music").forEach(container => { - const link = container.querySelector(".music-title a").href - - container.addEventListener("click", event => { - if (event.target.href) return; - - event.preventDefault(); - location = link; - }); + const link = container.querySelector(".music-title a") + hijackClickEvent(container, link); }); diff --git a/public/script/prideflag.js b/public/script/prideflag.js index 19181e6..03aecf9 100644 --- a/public/script/prideflag.js +++ b/public/script/prideflag.js @@ -1,66 +1,74 @@ -/** - * 🏳️‍🌈🏳️‍⚧️💖 pride flag 💖🏳️‍⚧️🏳️‍🌈 - * made with ❤️ by ari melody, 2023 - * - * web: https://arimelody.me - * source: https://github.com/mellodoot/prideflag - */ +// +// pride flag - copyright (c) 2024 ari melody +// +// this code is provided AS-IS, WITHOUT ANY WARRANTY, to be +// freely redistributed and/or modified as you please, however +// retaining this license in any redistribution. +// +// please use this flag to link to an LGBTQI+-supporting page +// of your choosing! +// +// web: https://arimelody.me +// source: https://git.arimelody.me/ari/prideflag +// + +const pride_url = "https://git.arimelody.me/ari/prideflag"; const pride_flag_svg = - ` - - - - - - - - - - - - - - - - `; + ` + + + + + + + + + + + + + + + + `; const pride_flag_css = - `#pride-flag svg { - position: fixed; - top: 0; - right: 0; - width: 120px; - transform-origin: 100% 0%; - transition: transform .5s cubic-bezier(.32,1.63,.41,1.01); - z-index: 8008135; - pointer-events: none; - } - #pride-flag svg:hover { - transform: scale(110%); - } - #pride-flag svg:active { - transform: scale(110%); - } - #pride-flag svg * { - pointer-events: all; - }`; + `#prideflag { + position: fixed; + top: 0; + right: 0; + width: 120px; + transform-origin: 100% 0%; + transition: transform .5s cubic-bezier(.32,1.63,.41,1.01); + z-index: 8008135; + pointer-events: none; + } + #prideflag:hover { + transform: scale(110%); + } + #prideflag:active { + transform: scale(110%); + } + #prideflag * { + pointer-events: all; + }`; function create_pride_flag() { - const container = document.createElement("a"); - container.id = "pride-flag"; - container.href = "https://github.com/mellodoot/prideflag"; - container.target = "_blank"; - container.innerHTML = pride_flag_svg; - return container; + const flag = document.createElement("a"); + flag.id = "prideflag"; + flag.href = pride_url; + flag.target = "_blank"; + flag.innerHTML = pride_flag_svg; + return flag; } function load_pride_flag_style() { - const pride_stylesheet = document.createElement('style'); - pride_stylesheet.textContent = pride_flag_css; - document.head.appendChild(pride_stylesheet); + const pride_stylesheet = document.createElement('style'); + pride_stylesheet.textContent = pride_flag_css; + document.head.appendChild(pride_stylesheet); } load_pride_flag_style(); -pride_flag = create_pride_flag(); -document.querySelector("main").appendChild(pride_flag); +flag = create_pride_flag(); +document.body.appendChild(flag); diff --git a/public/style/colours.css b/public/style/colours.css index 2bf607d..de63198 100644 --- a/public/style/colours.css +++ b/public/style/colours.css @@ -6,6 +6,7 @@ --secondary: #f8e05b; --tertiary: #f788fe; --links: #5eb2ff; + --live: #fd3737; } @media (prefers-color-scheme: light) { diff --git a/public/style/cursor.css b/public/style/cursor.css new file mode 100644 index 0000000..73019ee --- /dev/null +++ b/public/style/cursor.css @@ -0,0 +1,9 @@ +canvas#cursors { + position: fixed; + top: 0; + left: 0; + width: 100vw; + height: 100vh; + pointer-events: none; + z-index: 100; +} diff --git a/public/style/header.css b/public/style/header.css index 48971b5..f399d4d 100644 --- a/public/style/header.css +++ b/public/style/header.css @@ -25,7 +25,6 @@ nav { flex-grow: 1; display: flex; gap: .5em; - cursor: pointer; } img#header-icon { @@ -36,19 +35,19 @@ img#header-icon { } #header-text { - width: 11em; display: flex; flex-direction: column; justify-content: center; - flex-grow: 1; } #header-text h1 { + width: fit-content; margin: 0; font-size: 1em; } #header-text h2 { + width: fit-content; height: 1.2em; line-height: 1.2em; margin: 0; @@ -154,7 +153,7 @@ header ul li a:hover { flex-direction: column; gap: 1rem; border-bottom: 1px solid #888; - background: #080808; + background: var(--background); display: none; } diff --git a/public/style/index.css b/public/style/index.css index f3cb761..b970c17 100644 --- a/public/style/index.css +++ b/public/style/index.css @@ -96,30 +96,36 @@ hr { overflow: visible; } -ul.links { +ul.platform-links { + padding-left: 1em; display: flex; - gap: 1em .5em; + gap: .5em; flex-wrap: wrap; } -ul.links li { +ul.platform-links li { list-style: none; } -ul.links li a { +ul.platform-links li a { padding: .4em .5em; + display: flex; + flex-direction: row; + justify-content: center; + align-items: center; + gap: .5em; border: 1px solid var(--links); color: var(--links); border-radius: 2px; background-color: transparent; - transition-property: color, border-color, background-color; + transition-property: color, border-color, background-color, box-shadow; transition-duration: .2s; animation-delay: 0s; animation: list-item-fadein .2s forwards; opacity: 0; } -ul.links li a:hover { +ul.platform-links li a:hover { color: #eee; border-color: #eee; background-color: var(--links) !important; @@ -127,6 +133,75 @@ ul.links li a:hover { box-shadow: 0 0 1em var(--links); } +ul.platform-links li a img { + height: 1em; + width: 1em; +} + +ul#projects { + padding: 0; + list-style: none; +} + +li.project-item { + padding: .5em; + border: 1px solid var(--links); + margin: 1em 0; + display: flex; + flex-direction: row; + gap: .5em; + border-radius: 2px; + transition-property: color, border-color, background-color, box-shadow; + transition-duration: .2s; + cursor: pointer; +} +li.project-item a { + transition: color .2s linear; +} + +li.project-item:hover { + color: #eee; + border-color: #eee; + background-color: var(--links) !important; + text-decoration: none; + box-shadow: 0 0 1em var(--links); +} +li.project-item:hover a { + color: #eee; +} + +li.project-item .project-info { + display: flex; + flex-direction: column; + justify-content: center; +} + +li.project-item img.project-icon { + width: 2.5em; + height: 2.5em; + object-fit: cover; + border-radius: 2px; +} + +li.project-item span.project-icon { + font-size: 2em; + display: block; + width: 45px; + height: 45px; + text-align: center; + /* background: #0004; */ + /* border: 1px solid var(--on-background); */ + border-radius: 2px; +} + +li.project-item a { + text-decoration: none; +} + +li.project-item p { + margin: 0; +} + div#web-buttons { margin: 2rem 0; } @@ -148,3 +223,112 @@ div#web-buttons { box-shadow: 1px 1px 0 #eee, 2px 2px 0 #eee; } +#live-banner { + margin: 1em 0 2em 0; + padding: 1em; + border-radius: 4px; + border: 1px solid var(--primary); + box-shadow: 0 0 8px var(--primary); +} + +#live-banner p { + margin: 0; +} + +.live-highlight { + color: var(--primary); +} + +.live-preview { + display: flex; + flex-direction: row; + justify-content: start; + gap: 1em; +} + +.live-preview div:first-of-type { + display: flex; + flex-direction: column; + justify-content: space-between; + align-items: center; + gap: .3em; +} + +.live-thumbnail { + border-radius: 4px; +} + +.live-button { + margin: .2em; + padding: .4em .5em; + display: inline-block; + color: var(--primary); + border: 1px solid var(--primary); + border-radius: 4px; + transition: color .1s linear, background-color .1s linear, box-shadow .1s linear; +} + +.live-button:hover { + color: var(--background); + background-color: var(--primary); + box-shadow: 0 0 8px var(--primary); + text-decoration: none; +} + +.live-info { + display: flex; + flex-direction: column; + gap: .3em; + overflow-x: hidden; +} + +#live-banner h2 { + margin: 0; + color: var(--on-background); + font-family: 'Inter', sans-serif; + font-weight: 800; + font-style: italic; +} + +.live-pinger { + width: .5em; + height: .5em; + margin: .1em .2em; + display: inline-block; + border-radius: 100%; + background-color: var(--primary); + box-shadow: 0 0 4px var(--primary); + animation: live-pinger-pulse 1s infinite alternate ease-in-out; +} + +@keyframes live-pinger-pulse { + from { + opacity: .8; + transform: scale(1.0); + } + to { + opacity: 1; + transform: scale(1.1); + } +} + +.live-game { + overflow: hidden; + text-wrap: nowrap; + text-overflow: ellipsis; +} + +.live-game .live-game-prefix { + opacity: .8; +} + +.live-title { + display: -webkit-box; + -webkit-line-clamp: 2; + -webkit-box-orient: vertical; + overflow: hidden; +} + +.live-viewers { + opacity: .5; +} diff --git a/public/style/main.css b/public/style/main.css index f7f2131..680ee2b 100644 --- a/public/style/main.css +++ b/public/style/main.css @@ -2,6 +2,8 @@ @import url("/style/header.css"); @import url("/style/footer.css"); @import url("/style/prideflag.css"); +@import url("/style/cursor.css"); +@import url("/font/inter/inter.css"); @font-face { font-family: "Monaspace Argon"; diff --git a/public/style/music-gateway.css b/public/style/music-gateway.css index 0bb7232..1c10e0b 100644 --- a/public/style/music-gateway.css +++ b/public/style/music-gateway.css @@ -613,6 +613,10 @@ footer a:hover { margin: 0 auto; } + #tracks h2 { + margin: 0 auto .8em auto; + } + #lyrics p.album-track-subheading { margin-bottom: 1em; } diff --git a/schema_migration/000-init.sql b/schema-migration/000-init.sql similarity index 84% rename from schema_migration/000-init.sql rename to schema-migration/000-init.sql index ff5c1af..90385ac 100644 --- a/schema_migration/000-init.sql +++ b/schema-migration/000-init.sql @@ -2,6 +2,15 @@ -- Tables -- +-- Audit logs +CREATE TABLE arimelody.auditlog ( + id UUID DEFAULT gen_random_uuid(), + level int NOT NULL DEFAULT 0, + type TEXT NOT NULL, + content TEXT NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT current_timestamp +); + -- Accounts CREATE TABLE arimelody.account ( id UUID DEFAULT gen_random_uuid(), @@ -9,7 +18,9 @@ CREATE TABLE arimelody.account ( password TEXT NOT NULL, email TEXT, avatar_url TEXT, - created_at TIMESTAMP DEFAULT current_timestamp + created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, + fail_attempts INT NOT NULL DEFAULT 0, + locked BOOLEAN DEFAULT false ); ALTER TABLE arimelody.account ADD CONSTRAINT account_pk PRIMARY KEY (id); @@ -23,29 +34,31 @@ ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_pk PRIMARY KEY (account -- Invites CREATE TABLE arimelody.invite ( code text NOT NULL, - created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, expires_at TIMESTAMP NOT NULL ); ALTER TABLE arimelody.invite ADD CONSTRAINT invite_pk PRIMARY KEY (code); --- Session +-- Sessions CREATE TABLE arimelody.session ( token TEXT, user_agent TEXT NOT NULL, created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, expires_at TIMESTAMP DEFAULT NULL, account UUID, + attempt_account UUID, message TEXT, error TEXT ); ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (token); --- TOTPs +-- TOTP methods CREATE TABLE arimelody.totp ( name TEXT NOT NULL, account UUID NOT NULL, secret TEXT, - created_at TIMESTAMP NOT NULL DEFAULT current_timestamp + created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, + confirmed BOOLEAN DEFAULT false ); ALTER TABLE arimelody.totp ADD CONSTRAINT totp_pk PRIMARY KEY (account, name); @@ -72,7 +85,8 @@ CREATE TABLE arimelody.musicrelease ( buyname text, buylink text, copyright text, - copyrightURL text + copyrightURL text, + created_at TIMESTAMP NOT NULL DEFAULT current_timestamp ); ALTER TABLE arimelody.musicrelease ADD CONSTRAINT musicrelease_pk PRIMARY KEY (id); @@ -119,6 +133,7 @@ ALTER TABLE arimelody.musicreleasetrack ADD CONSTRAINT musicreleasetrack_pk PRIM ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; ALTER TABLE arimelody.session ADD CONSTRAINT session_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; +ALTER TABLE arimelody.session ADD CONSTRAINT session_attempt_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; ALTER TABLE arimelody.totp ADD CONSTRAINT totp_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; ALTER TABLE arimelody.musiccredit ADD CONSTRAINT musiccredit_artist_fk FOREIGN KEY (artist) REFERENCES artist(id) ON DELETE CASCADE ON UPDATE CASCADE; diff --git a/schema_migration/001-pre-versioning.sql b/schema-migration/001-pre-versioning.sql similarity index 75% rename from schema_migration/001-pre-versioning.sql rename to schema-migration/001-pre-versioning.sql index cd0c061..1447bae 100644 --- a/schema_migration/001-pre-versioning.sql +++ b/schema-migration/001-pre-versioning.sql @@ -23,33 +23,36 @@ ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_pk PRIMARY KEY (account -- Invites CREATE TABLE arimelody.invite ( code text NOT NULL, - created_at TIMESTAMP NOT NULL DEFAULT CURRENT_TIMESTAMP, + created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, expires_at TIMESTAMP NOT NULL ); ALTER TABLE arimelody.invite ADD CONSTRAINT invite_pk PRIMARY KEY (code); --- Session +-- Sessions CREATE TABLE arimelody.session ( token TEXT, user_agent TEXT NOT NULL, created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, expires_at TIMESTAMP DEFAULT NULL, account UUID, + attempt_account UUID, message TEXT, error TEXT ); ALTER TABLE arimelody.session ADD CONSTRAINT session_pk PRIMARY KEY (token); --- TOTPs +-- TOTP methods CREATE TABLE arimelody.totp ( name TEXT NOT NULL, account UUID NOT NULL, secret TEXT, - created_at TIMESTAMP NOT NULL DEFAULT current_timestamp + created_at TIMESTAMP NOT NULL DEFAULT current_timestamp, + confirmed BOOLEAN DEFAULT false ); ALTER TABLE arimelody.totp ADD CONSTRAINT totp_pk PRIMARY KEY (account, name); -- Foreign keys ALTER TABLE arimelody.privilege ADD CONSTRAINT privilege_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; -ALTER TABLE arimelody.token ADD CONSTRAINT token_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; +ALTER TABLE arimelody.session ADD CONSTRAINT session_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; +ALTER TABLE arimelody.session ADD CONSTRAINT session_attempt_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; ALTER TABLE arimelody.totp ADD CONSTRAINT totp_account_fk FOREIGN KEY (account) REFERENCES account(id) ON DELETE CASCADE; diff --git a/schema-migration/002-audit-logs.sql b/schema-migration/002-audit-logs.sql new file mode 100644 index 0000000..7da43b5 --- /dev/null +++ b/schema-migration/002-audit-logs.sql @@ -0,0 +1,12 @@ +-- Audit logs +CREATE TABLE arimelody.auditlog ( + id UUID DEFAULT gen_random_uuid(), + level int NOT NULL DEFAULT 0, + type TEXT NOT NULL, + content TEXT NOT NULL, + created_at TIMESTAMP NOT NULL DEFAULT current_timestamp +); + +-- Need moar timestamps +ALTER TABLE arimelody.musicrelease ADD COLUMN created_at TIMESTAMP NOT NULL DEFAULT current_timestamp; +ALTER TABLE arimelody.account ALTER COLUMN created_at SET NOT NULL; diff --git a/schema-migration/003-fail-lock.sql b/schema-migration/003-fail-lock.sql new file mode 100644 index 0000000..32d19bf --- /dev/null +++ b/schema-migration/003-fail-lock.sql @@ -0,0 +1,3 @@ +-- it would be nice to prevent brute-forcing +ALTER TABLE arimelody.account ADD COLUMN fail_attempts INT NOT NULL DEFAULT 0; +ALTER TABLE arimelody.account ADD COLUMN locked BOOLEAN DEFAULT false; diff --git a/templates/templates.go b/templates/templates.go index 094e61d..752c78d 100644 --- a/templates/templates.go +++ b/templates/templates.go @@ -1,33 +1,28 @@ package templates import ( - "html/template" - "path/filepath" + "html/template" + "path/filepath" ) -var Pages = map[string]*template.Template{ - "index": template.Must(template.ParseFiles( - filepath.Join("views", "layout.html"), - filepath.Join("views", "header.html"), - filepath.Join("views", "footer.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("views", "index.html"), - )), - "music": template.Must(template.ParseFiles( - filepath.Join("views", "layout.html"), - filepath.Join("views", "header.html"), - filepath.Join("views", "footer.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("views", "music.html"), - )), - "music-gateway": template.Must(template.ParseFiles( - filepath.Join("views", "layout.html"), - filepath.Join("views", "header.html"), - filepath.Join("views", "footer.html"), - filepath.Join("views", "prideflag.html"), - filepath.Join("views", "music-gateway.html"), - )), -} - -var Components = map[string]*template.Template{ -} +var IndexTemplate = template.Must(template.ParseFiles( + filepath.Join("views", "layout.html"), + filepath.Join("views", "header.html"), + filepath.Join("views", "footer.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("views", "index.html"), +)) +var MusicTemplate = template.Must(template.ParseFiles( + filepath.Join("views", "layout.html"), + filepath.Join("views", "header.html"), + filepath.Join("views", "footer.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("views", "music.html"), +)) +var MusicGatewayTemplate = template.Must(template.ParseFiles( + filepath.Join("views", "layout.html"), + filepath.Join("views", "header.html"), + filepath.Join("views", "footer.html"), + filepath.Join("views", "prideflag.html"), + filepath.Join("views", "music-gateway.html"), +)) diff --git a/view/index.go b/view/index.go new file mode 100644 index 0000000..b6e3891 --- /dev/null +++ b/view/index.go @@ -0,0 +1,45 @@ +package view + +import ( + "arimelody-web/controller" + "arimelody-web/model" + "arimelody-web/templates" + "fmt" + "net/http" + "os" +) + +func IndexHandler(app *model.AppState) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + if r.Method == http.MethodHead { + w.WriteHeader(http.StatusOK) + return + } + + type IndexData struct { + TwitchStatus *model.TwitchStreamInfo + } + + var err error + var twitchStatus *model.TwitchStreamInfo = nil + if app.Twitch != nil && len(app.Config.Twitch.Broadcaster) > 0 { + twitchStatus, err = controller.GetTwitchStatus(app, app.Config.Twitch.Broadcaster) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to get Twitch status for %s: %v\n", app.Config.Twitch.Broadcaster, err) + } + } + + if r.URL.Path == "/" || r.URL.Path == "/index.html" { + err := templates.IndexTemplate.Execute(w, IndexData{ + TwitchStatus: twitchStatus, + }) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to render index page: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + } + return + } + + StaticHandler("public").ServeHTTP(w, r) + }) +} diff --git a/view/music.go b/view/music.go index e3eb449..8ed5279 100644 --- a/view/music.go +++ b/view/music.go @@ -1,12 +1,13 @@ package view import ( - "fmt" - "net/http" + "fmt" + "net/http" + "os" - "arimelody-web/controller" - "arimelody-web/model" - "arimelody-web/templates" + "arimelody-web/controller" + "arimelody-web/model" + "arimelody-web/templates" ) // HTTP HANDLER METHODS @@ -36,7 +37,7 @@ func ServeCatalog(app *model.AppState) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { releases, err := controller.GetAllReleases(app.DB, true, 0, true) if err != nil { - fmt.Printf("FATAL: Failed to pull releases for catalog: %s\n", err) + fmt.Printf("WARN: Failed to pull releases for catalog: %s\n", err) http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) return } @@ -47,7 +48,7 @@ func ServeCatalog(app *model.AppState) http.Handler { } } - err = templates.Pages["music"].Execute(w, releases) + err = templates.MusicTemplate.Execute(w, releases) if err != nil { http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) } @@ -59,7 +60,13 @@ func ServeGateway(app *model.AppState, release *model.Release) http.Handler { // only allow authorised users to view hidden releases privileged := false if !release.Visible { - session := r.Context().Value("session").(*model.Session) + session, err := controller.GetSessionFromRequest(app, r) + if err != nil { + fmt.Fprintf(os.Stderr, "WARN: Failed to retrieve session: %v\n", err) + http.Error(w, http.StatusText(http.StatusInternalServerError), http.StatusInternalServerError) + return + } + if session != nil && session.Account != nil { // TODO: check privilege on release privileged = true @@ -79,7 +86,7 @@ func ServeGateway(app *model.AppState, release *model.Release) http.Handler { response.Links = release.Links } - err := templates.Pages["music-gateway"].Execute(w, response) + err := templates.MusicGatewayTemplate.Execute(w, response) if err != nil { fmt.Printf("Error rendering music gateway for %s: %s\n", release.ID, err) diff --git a/view/static.go b/view/static.go new file mode 100644 index 0000000..52263a2 --- /dev/null +++ b/view/static.go @@ -0,0 +1,31 @@ +package view + +import ( + "errors" + "net/http" + "os" + "path/filepath" +) + +func StaticHandler(directory string) http.Handler { + return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + info, err := os.Stat(filepath.Join(directory, filepath.Clean(r.URL.Path))) + + // does the file exist? + if err != nil { + if errors.Is(err, os.ErrNotExist) { + http.NotFound(w, r) + return + } + } + + // is thjs a directory? (forbidden) + if info.IsDir() { + http.NotFound(w, r) + return + } + + http.FileServer(http.Dir(directory)).ServeHTTP(w, r) + }) +} + diff --git a/views/404.html b/views/404.html index b9007bd..19a0957 100644 --- a/views/404.html +++ b/views/404.html @@ -6,16 +6,16 @@ {{define "content"}}
      -

      - # 404 - not found! -

      +

      + # 404 - not found! +

      -

      - the page you're looking for does not exist. -
      - if you like, you can head back home or try again! -

      +

      + the page you're looking for does not exist. +
      + if you like, you can head back home or try again! +

      -

      status: ERR_NOT_FOUND

      +

      status: ERR_NOT_FOUND

      {{end}} diff --git a/views/footer.html b/views/footer.html index 46450d7..eccf125 100644 --- a/views/footer.html +++ b/views/footer.html @@ -1,9 +1,14 @@ {{define "footer"}}
      - +
      {{end}} diff --git a/views/header.html b/views/header.html index db8987d..03a8384 100644 --- a/views/header.html +++ b/views/header.html @@ -1,44 +1,41 @@ {{define "header"}}
      - +
      {{end}} diff --git a/views/index.html b/views/index.html index 636c369..df4d341 100644 --- a/views/index.html +++ b/views/index.html @@ -6,8 +6,8 @@ - - + + @@ -17,11 +17,28 @@ - + {{end}} {{define "content"}}
      + {{if .TwitchStatus}} +
      +
      +
      + livestream thumbnail + join in! +
      +
      +

      ari melody LIVE

      +

      streaming: {{.TwitchStatus.GameName}}

      +

      {{.TwitchStatus.Title}}

      +

      {{.TwitchStatus.ViewerCount}} viewers

      +
      +
      +
      + {{end}} +

      # hello, world!

      @@ -33,7 +50,7 @@

      - i'm a musician, developer, + i'm a musician, developer, streamer, youtuber, and probably a bunch of other things i forgot to mention!

      @@ -44,7 +61,7 @@

      if you're looking to support me financially, that's so cool of you!! if you like, you can buy some of my music over on - bandcamp + bandcamp so you can at least get something for your money. thank you very much either way!! 💕

      @@ -84,57 +101,97 @@

      where to find me 🛰️

      -