pixelfed/app/Http/Controllers/AccountController.php

501 lines
15 KiB
PHP
Raw Normal View History

2018-05-26 23:00:07 +00:00
<?php
namespace App\Http\Controllers;
2018-08-28 03:07:36 +00:00
use App\EmailVerification;
2018-09-03 04:01:51 +00:00
use App\Follower;
use App\FollowRequest;
use App\Jobs\FollowPipeline\FollowPipeline;
2018-06-14 05:30:43 +00:00
use App\Mail\ConfirmEmail;
2018-08-28 03:07:36 +00:00
use App\Notification;
use App\Profile;
use App\User;
use App\UserFilter;
use Auth;
use Cache;
use Carbon\Carbon;
use Illuminate\Http\Request;
use Mail;
use Redis;
2018-09-16 05:15:45 +00:00
use PragmaRX\Google2FA\Google2FA;
2018-05-26 23:00:07 +00:00
class AccountController extends Controller
{
2018-08-22 06:56:16 +00:00
protected $filters = [
'user.mute',
2018-08-28 03:07:36 +00:00
'user.block',
2018-08-22 06:56:16 +00:00
];
2018-05-26 23:00:07 +00:00
public function __construct()
{
2018-08-28 03:07:36 +00:00
$this->middleware('auth');
2018-05-26 23:00:07 +00:00
}
public function notifications(Request $request)
{
2018-08-28 03:07:36 +00:00
$this->validate($request, [
2018-07-18 00:06:57 +00:00
'page' => 'nullable|min:1|max:3',
'a' => 'nullable|alpha_dash',
]);
2018-08-28 03:07:36 +00:00
$profile = Auth::user()->profile;
$action = $request->input('a');
$timeago = Carbon::now()->subMonths(6);
if ($action && in_array($action, ['comment', 'follow', 'mention'])) {
$notifications = Notification::whereProfileId($profile->id)
2018-07-18 00:06:57 +00:00
->whereAction($action)
->whereDate('created_at', '>', $timeago)
2018-08-28 03:07:36 +00:00
->orderBy('id', 'desc')
2018-07-18 00:06:57 +00:00
->simplePaginate(30);
2018-08-28 03:07:36 +00:00
} else {
$notifications = Notification::whereProfileId($profile->id)
2018-07-18 00:06:57 +00:00
->whereDate('created_at', '>', $timeago)
2018-08-28 03:07:36 +00:00
->orderBy('id', 'desc')
2018-07-18 00:06:57 +00:00
->simplePaginate(30);
2018-08-28 03:07:36 +00:00
}
2018-08-28 03:07:36 +00:00
return view('account.activity', compact('profile', 'notifications'));
2018-05-27 03:25:04 +00:00
}
2018-08-10 01:56:50 +00:00
public function followingActivity(Request $request)
{
2018-08-28 03:07:36 +00:00
$this->validate($request, [
2018-08-10 01:56:50 +00:00
'page' => 'nullable|min:1|max:3',
'a' => 'nullable|alpha_dash',
]);
2018-08-28 03:07:36 +00:00
$profile = Auth::user()->profile;
$action = $request->input('a');
2018-11-13 04:46:16 +00:00
$allowed = ['like', 'follow'];
2018-10-10 01:22:09 +00:00
$timeago = Carbon::now()->subMonths(3);
2018-08-28 03:07:36 +00:00
$following = $profile->following->pluck('id');
$notifications = Notification::whereIn('actor_id', $following)
2018-11-13 04:46:16 +00:00
->whereIn('action', $allowed)
->where('actor_id', '<>', $profile->id)
2018-11-19 04:47:41 +00:00
->where('profile_id', '<>', $profile->id)
2018-08-10 01:56:50 +00:00
->whereDate('created_at', '>', $timeago)
2018-10-10 01:22:09 +00:00
->orderBy('notifications.created_at', 'desc')
2018-08-10 01:56:50 +00:00
->simplePaginate(30);
2018-08-28 03:07:36 +00:00
return view('account.following', compact('profile', 'notifications'));
2018-08-10 01:56:50 +00:00
}
2018-06-14 05:30:43 +00:00
public function verifyEmail(Request $request)
{
2018-08-28 03:07:36 +00:00
return view('account.verify_email');
2018-06-14 05:30:43 +00:00
}
public function sendVerifyEmail(Request $request)
{
2018-07-12 16:34:33 +00:00
$timeLimit = Carbon::now()->subDays(1)->toDateTimeString();
$recentAttempt = EmailVerification::whereUserId(Auth::id())
->where('created_at', '>', $timeLimit)->count();
$exists = EmailVerification::whereUserId(Auth::id())->count();
2018-08-28 03:07:36 +00:00
if ($recentAttempt == 1 && $exists == 1) {
2018-07-12 16:34:33 +00:00
return redirect()->back()->with('error', 'A verification email has already been sent recently. Please check your email, or try again later.');
} elseif ($recentAttempt == 0 && $exists !== 0) {
// Delete old verification and send new one.
EmailVerification::whereUserId(Auth::id())->delete();
2018-06-14 05:30:43 +00:00
}
2018-06-14 07:42:47 +00:00
2018-06-14 05:30:43 +00:00
$user = User::whereNull('email_verified_at')->find(Auth::id());
$utoken = hash('sha512', $user->id);
$rtoken = str_random(40);
2018-08-28 03:07:36 +00:00
$verify = new EmailVerification();
2018-06-14 05:30:43 +00:00
$verify->user_id = $user->id;
$verify->email = $user->email;
$verify->user_token = $utoken;
$verify->random_token = $rtoken;
$verify->save();
Mail::to($user->email)->send(new ConfirmEmail($verify));
2018-08-18 21:19:14 +00:00
return redirect()->back()->with('status', 'Verification email sent!');
2018-06-14 05:30:43 +00:00
}
public function confirmVerifyEmail(Request $request, $userToken, $randomToken)
{
2018-07-12 16:34:33 +00:00
$verify = EmailVerification::where('user_token', $userToken)
->where('random_token', $randomToken)
2018-06-14 05:30:43 +00:00
->firstOrFail();
2018-07-12 16:34:33 +00:00
2018-08-28 03:07:36 +00:00
if (Auth::id() === $verify->user_id) {
$user = User::find(Auth::id());
$user->email_verified_at = Carbon::now();
$user->save();
return redirect('/');
2018-06-14 05:30:43 +00:00
}
}
2019-04-08 03:08:57 +00:00
public function fetchNotifications(int $id)
2018-05-27 03:25:04 +00:00
{
2018-08-28 03:07:36 +00:00
$key = config('cache.prefix').":user.{$id}.notifications";
$redis = Redis::connection();
$notifications = $redis->lrange($key, 0, 30);
if (empty($notifications)) {
$notifications = Notification::whereProfileId($id)
->orderBy('id', 'desc')->take(30)->get();
} else {
$notifications = $this->hydrateNotifications($notifications);
}
return $notifications;
2018-05-27 03:25:04 +00:00
}
public function hydrateNotifications($keys)
{
2018-08-28 03:07:36 +00:00
$prefix = 'notification.';
$notifications = collect([]);
foreach ($keys as $key) {
$notifications->push(Cache::get("{$prefix}{$key}"));
}
return $notifications;
2018-05-26 23:00:07 +00:00
}
2018-07-18 00:06:57 +00:00
2018-08-22 06:56:16 +00:00
public function messages()
{
2018-08-28 03:07:36 +00:00
return view('account.messages');
2018-08-22 06:56:16 +00:00
}
2019-05-28 05:10:56 +00:00
public function direct()
{
return view('account.direct');
}
2018-08-22 06:56:16 +00:00
public function showMessage(Request $request, $id)
{
2018-08-28 03:07:36 +00:00
return view('account.message');
2018-08-22 06:56:16 +00:00
}
public function mute(Request $request)
{
$this->validate($request, [
2019-04-08 03:08:57 +00:00
'type' => 'required|alpha_dash',
2018-08-28 03:07:36 +00:00
'item' => 'required|integer|min:1',
2018-08-22 06:56:16 +00:00
]);
$user = Auth::user()->profile;
$type = $request->input('type');
$item = $request->input('item');
2019-04-08 03:08:57 +00:00
$action = $type . '.mute';
2018-08-22 06:56:16 +00:00
2018-08-28 03:07:36 +00:00
if (!in_array($action, $this->filters)) {
return abort(406);
2018-08-22 06:56:16 +00:00
}
$filterable = [];
switch ($type) {
case 'user':
$profile = Profile::findOrFail($item);
2018-08-28 03:07:36 +00:00
if ($profile->id == $user->id) {
return abort(403);
2018-08-22 06:56:16 +00:00
}
$class = get_class($profile);
$filterable['id'] = $profile->id;
$filterable['type'] = $class;
break;
2018-08-28 03:07:36 +00:00
2018-08-22 06:56:16 +00:00
default:
2018-08-28 03:07:36 +00:00
// code...
2018-08-22 06:56:16 +00:00
break;
}
$filter = UserFilter::firstOrCreate([
2018-08-28 03:07:36 +00:00
'user_id' => $user->id,
'filterable_id' => $filterable['id'],
2018-08-22 06:56:16 +00:00
'filterable_type' => $filterable['type'],
2018-08-28 03:07:36 +00:00
'filter_type' => 'mute',
2018-08-22 06:56:16 +00:00
]);
2018-11-22 19:30:20 +00:00
$pid = $user->id;
2018-11-25 06:43:06 +00:00
Cache::forget("user:filter:list:$pid");
Cache::forget("feature:discover:people:$pid");
Cache::forget("feature:discover:posts:$pid");
2019-04-29 03:49:17 +00:00
Cache::forget("api:local:exp:rec:$pid");
2018-11-22 19:30:20 +00:00
2018-08-22 06:56:16 +00:00
return redirect()->back();
}
2019-04-08 03:08:57 +00:00
public function unmute(Request $request)
{
$this->validate($request, [
'type' => 'required|alpha_dash',
'item' => 'required|integer|min:1',
]);
$user = Auth::user()->profile;
$type = $request->input('type');
$item = $request->input('item');
$action = $type . '.mute';
if (!in_array($action, $this->filters)) {
return abort(406);
}
$filterable = [];
switch ($type) {
case 'user':
$profile = Profile::findOrFail($item);
if ($profile->id == $user->id) {
return abort(403);
}
$class = get_class($profile);
$filterable['id'] = $profile->id;
$filterable['type'] = $class;
break;
default:
abort(400);
break;
}
$filter = UserFilter::whereUserId($user->id)
->whereFilterableId($filterable['id'])
->whereFilterableType($filterable['type'])
->whereFilterType('mute')
->first();
if($filter) {
$filter->delete();
}
$pid = $user->id;
Cache::forget("user:filter:list:$pid");
Cache::forget("feature:discover:people:$pid");
Cache::forget("feature:discover:posts:$pid");
2019-04-29 03:49:17 +00:00
Cache::forget("api:local:exp:rec:$pid");
2019-04-08 03:08:57 +00:00
if($request->wantsJson()) {
return response()->json([200]);
} else {
return redirect()->back();
}
}
2018-08-22 06:56:16 +00:00
public function block(Request $request)
{
$this->validate($request, [
2019-04-08 03:08:57 +00:00
'type' => 'required|alpha_dash',
2018-08-28 03:07:36 +00:00
'item' => 'required|integer|min:1',
2018-08-22 06:56:16 +00:00
]);
2018-08-28 03:07:36 +00:00
2018-08-22 06:56:16 +00:00
$user = Auth::user()->profile;
$type = $request->input('type');
$item = $request->input('item');
2019-04-08 03:08:57 +00:00
$action = $type.'.block';
2018-08-28 03:07:36 +00:00
if (!in_array($action, $this->filters)) {
return abort(406);
2018-08-22 06:56:16 +00:00
}
$filterable = [];
switch ($type) {
case 'user':
$profile = Profile::findOrFail($item);
2018-11-22 19:30:20 +00:00
if ($profile->id == $user->id) {
return abort(403);
}
2018-08-22 06:56:16 +00:00
$class = get_class($profile);
$filterable['id'] = $profile->id;
$filterable['type'] = $class;
2018-11-03 02:41:39 +00:00
Follower::whereProfileId($profile->id)->whereFollowingId($user->id)->delete();
Notification::whereProfileId($user->id)->whereActorId($profile->id)->delete();
2018-08-22 06:56:16 +00:00
break;
2018-08-28 03:07:36 +00:00
2018-08-22 06:56:16 +00:00
default:
2018-08-28 03:07:36 +00:00
// code...
2018-08-22 06:56:16 +00:00
break;
}
$filter = UserFilter::firstOrCreate([
2018-08-28 03:07:36 +00:00
'user_id' => $user->id,
'filterable_id' => $filterable['id'],
2018-08-22 06:56:16 +00:00
'filterable_type' => $filterable['type'],
2018-08-28 03:07:36 +00:00
'filter_type' => 'block',
2018-08-22 06:56:16 +00:00
]);
2018-11-22 19:30:20 +00:00
$pid = $user->id;
2018-11-25 06:43:06 +00:00
Cache::forget("user:filter:list:$pid");
Cache::forget("feature:discover:people:$pid");
Cache::forget("feature:discover:posts:$pid");
2019-04-29 03:49:17 +00:00
Cache::forget("api:local:exp:rec:$pid");
2018-08-22 06:56:16 +00:00
return redirect()->back();
}
2018-09-03 04:01:51 +00:00
2019-04-08 03:08:57 +00:00
public function unblock(Request $request)
{
$this->validate($request, [
'type' => 'required|alpha_dash',
'item' => 'required|integer|min:1',
]);
$user = Auth::user()->profile;
$type = $request->input('type');
$item = $request->input('item');
$action = $type . '.block';
if (!in_array($action, $this->filters)) {
return abort(406);
}
$filterable = [];
switch ($type) {
case 'user':
$profile = Profile::findOrFail($item);
if ($profile->id == $user->id) {
return abort(403);
}
$class = get_class($profile);
$filterable['id'] = $profile->id;
$filterable['type'] = $class;
break;
default:
abort(400);
break;
}
$filter = UserFilter::whereUserId($user->id)
->whereFilterableId($filterable['id'])
->whereFilterableType($filterable['type'])
->whereFilterType('block')
->first();
if($filter) {
$filter->delete();
}
$pid = $user->id;
Cache::forget("user:filter:list:$pid");
Cache::forget("feature:discover:people:$pid");
Cache::forget("feature:discover:posts:$pid");
2019-04-29 03:49:17 +00:00
Cache::forget("api:local:exp:rec:$pid");
2019-04-08 03:08:57 +00:00
return redirect()->back();
}
2018-09-03 04:01:51 +00:00
public function followRequests(Request $request)
{
$pid = Auth::user()->profile->id;
$followers = FollowRequest::whereFollowingId($pid)->orderBy('id','desc')->whereIsRejected(0)->simplePaginate(10);
return view('account.follow-requests', compact('followers'));
}
public function followRequestHandle(Request $request)
{
$this->validate($request, [
'action' => 'required|string|max:10',
'id' => 'required|integer|min:1'
]);
$pid = Auth::user()->profile->id;
$action = $request->input('action') === 'accept' ? 'accept' : 'reject';
$id = $request->input('id');
$followRequest = FollowRequest::whereFollowingId($pid)->findOrFail($id);
$follower = $followRequest->follower;
switch ($action) {
case 'accept':
$follow = new Follower();
$follow->profile_id = $follower->id;
$follow->following_id = $pid;
$follow->save();
FollowPipeline::dispatch($follow);
$followRequest->delete();
break;
case 'reject':
$followRequest->is_rejected = true;
$followRequest->save();
break;
}
return response()->json(['msg' => 'success'], 200);
}
2018-09-09 20:22:15 +00:00
public function sudoMode(Request $request)
{
return view('auth.sudo');
}
public function sudoModeVerify(Request $request)
{
$this->validate($request, [
'password' => 'required|string|max:500'
]);
$user = Auth::user();
$password = $request->input('password');
$next = $request->session()->get('redirectNext', '/');
2018-09-09 20:22:15 +00:00
if(password_verify($password, $user->password) === true) {
$request->session()->put('sudoMode', time());
return redirect($next);
2018-09-13 03:45:08 +00:00
} else {
return redirect()
->back()
->withErrors(['password' => __('auth.failed')]);
2018-09-09 20:22:15 +00:00
}
}
2018-09-16 05:15:45 +00:00
public function twoFactorCheckpoint(Request $request)
{
return view('auth.checkpoint');
}
public function twoFactorVerify(Request $request)
{
$this->validate($request, [
'code' => 'required|string|max:32'
]);
$user = Auth::user();
$code = $request->input('code');
$google2fa = new Google2FA();
$verify = $google2fa->verifyKey($user->{'2fa_secret'}, $code);
if($verify) {
$request->session()->push('2fa.session.active', true);
return redirect('/');
} else {
if($this->twoFactorBackupCheck($request, $code, $user)) {
return redirect('/');
}
if($request->session()->has('2fa.attempts')) {
$count = (int) $request->session()->has('2fa.attempts');
$request->session()->push('2fa.attempts', $count + 1);
} else {
$request->session()->push('2fa.attempts', 1);
}
2018-09-16 05:15:45 +00:00
return redirect()->back()->withErrors([
'code' => 'Invalid code'
]);
}
}
protected function twoFactorBackupCheck($request, $code, User $user)
{
$backupCodes = $user->{'2fa_backup_codes'};
if($backupCodes) {
$codes = json_decode($backupCodes, true);
foreach ($codes as $c) {
if(hash_equals($c, $code)) {
// remove code
$codes = array_flatten(array_diff($codes, [$code]));
$user->{'2fa_backup_codes'} = json_encode($codes);
$user->save();
$request->session()->push('2fa.session.active', true);
return true;
} else {
return false;
}
}
} else {
return false;
}
}
public function accountRestored(Request $request)
{
//
}
2018-05-26 23:00:07 +00:00
}