b6f68628c0
* First pass at chat user registration and validation * Disable chat if the user is disabled/blocked or the server hits max connections * Handle dropping sockets if chat is disabled * Fix origin in automated chat test * Work for updated chat moderation * Chat message markdown rendering and fix tests * Put /api/chat behind a chat user access token. Closes #1085 * Reject blocked username changes * More WIP moderation * Defer configuring chat until we know if it is enabled. Closes #1135 * chat user blocking. Closes #1096 * Add tests around user access for #1096 * Add external integration chat message API + update integration auth middleware to pass along integration name. Closes #1092 * Delete old chat messages from db as to not hold on to excessive data. Closes #1152 * Add schema migration for messages. Closes #1155 * Commit updated API documentation * Add chat load test * Shared db mutex and db optimizations * Simplify past display name handling * Use a new test db for each test run * Wire up the external messages actions + add tests for them * Move access tokens to be actual users * Run message pruning at launch + fix comparison * Do not return API users in disabled users response * Fix incorrect highlighting. Closes #1160 * Consolidate user table statements * Set the max process connection limit to 70% of maximum * Fix wrong old display name being returned in name change event * Delete the old chat server files * Wire back up the webhooks * Remove unused * Invalidate user cache on changes * Do not send rendered body as RawBody * Some cleanup * Standardize names for external API users to ExternalAPIUser * Do not log token * Checkout branch when building admin for testing * Bundle in dev admin for testing * Some cleanup * Cleanup js logs * Cleanup and standardize event names * Clean up some logging * Update API spec. Closes #1133 * Commit updated API documentation * Change paths to be better named * Commit updated API documentation * Update admin bundle * Fix duplicate event name * Rename scope var * Update admin bundle * Move connected clients controller into admin package * Fix collecting usernames for autocomplete purposes * No longer generate username when it is empty * Sort clients and users by timestamp * Move file to admin controller package * Swap, so the comments stay correct Co-authored-by: Jannik <jannik@outlook.com> * Use explicit type alias Co-authored-by: Jannik <jannik@outlook.com> * Remove commented code. Co-authored-by: Jannik <jannik@outlook.com> * Cleanup test * Remove some extra logging * Add some clarity * Update dev instance of admin for testing * Consolidate lines Co-authored-by: Jannik <jannik@outlook.com> * Remove commented unused vars Co-authored-by: Jannik <jannik@outlook.com> * Until needed do not return IP address with client list * Fix typo of wrong var * Typo led to a bad test. Fix typo and fix test. * Guard against the socket reconnecting on error if previously set to shutdown * Do not log access tokens * Return success message on enable/disable user * Clean up some inactionable error messages. Sent ban message. Sort banned users. * fix styling for when chat is completely disabled * Unused * guard against nil clients * Update dev admin bundle * Do not unhide messages when unblocking user just to be safe. Send removal action from the controller * Add convinience function for getting active connections for a single user * Lock db on these mutations * Cleanup force disconnect using GetClientsForUser and capture client reference explicitly * No longer re-showing banned user messages for safety. Removing this test. * Remove no longer needed comment * Tweaks to forbidden username handling. - Standardize naming to not use "block" but "forbidden" instead. - Pass array over the wire instead of string. - Add API test - Fix default list incorrectly being appended to custom list. * Logging cleanup * Update dev admin bundle * Add an artificial delay in order to visually see message being hidden when testing * Remove the user cache as it is a premature optimization * When connected to chat let the user know their current user details to sync the username in the UI * On connected send current display name back to client. - Move name change out of chat component. - Add additional event type constants. * Fix broken workflow due to typo * Troubleshoot workflow * Bump htm from 3.0.4 to 3.1.0 in /build/javascript (#1181) * Bump htm from 3.0.4 to 3.1.0 in /build/javascript Bumps [htm](https://github.com/developit/htm) from 3.0.4 to 3.1.0. - [Release notes](https://github.com/developit/htm/releases) - [Commits](https://github.com/developit/htm/compare/3.0.4...3.1.0) --- updated-dependencies: - dependency-name: htm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> * Run npm run build and update libraries Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gabe Kangas <gabek@real-ity.com> * Commit updated Javascript packages * Re-send current user info when a rejected name change takes place * All socket writes should be through the send chan and not directly * Seed the random generator * Add keys and indexes to users table * a util to generate consistent emoji markup * console clean up * mod tidy * Commit updated API documentation * Handle the max payload size of a socket message. - Only close socket if x2 greater than the max size. - Send the user a message if a message is too large. - Surface the max size in bytes in the config. * Update admin bundle * Force all events to be sent in their own socket message and do not concatinate in a single message * Update chat embed to register for access token * Use a different access token for embed chat * Update the chat message bubble background color to be bolder * add base tag to open links in new window, closes #1220 * Support text input of :emoji: in chat (#1190) * Initial implementation of emoji injection * fix bookkeeping with multiple emoji * make the emoji lookup case-insensitive * try another solution for Caretposition * add title to emojis minor refactoring * bind moji injection to InputKeyUp * simplify the code replace all found emojis * inject emoji if the modifer is released earlier * more efficient emoji tag search * use json emoji.emoji as url * use createEmojiMarkup() * move emojify() to chat.js * emojify on paste * cleanup emoji titles in paste * update inputText in InputKeyup * mark emoji titles with 2*zwnj this way paste cleanup will not interfere with text which include zwnj * emoji should not change the inputText * Do not show join messages when chat is offline. Closes #1224 - Show stream starting/ending messages in chat. - When stream starts show everyone the welcome message. * Force scrolling chat to bottom after history is populated regardless of scroll position. Closes https://github.com/owncast/owncast/issues/1222 * use maxSocketPayloadSize to calculate total bytes of message payload (#1221) * utilize maxSocketPayloadSize from config; update chatInput to calculate based on that value instead of text value; remove usage of inputText for counting * add a buffer to account for entire websocket payload for message char counting; trim nbsp;'s from ends of messages when calculating count Co-authored-by: Gabe Kangas <gabek@real-ity.com> Co-authored-by: Owncast <owncast@owncast.online> Co-authored-by: Jannik <jannik@outlook.com> Co-authored-by: Ginger Wong <omqmail@gmail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Meisam <39205857+MFTabriz@users.noreply.github.com>
262 lines
6.0 KiB
Go
262 lines
6.0 KiB
Go
package user
|
|
|
|
import (
|
|
"database/sql"
|
|
"fmt"
|
|
"sort"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/owncast/owncast/core/data"
|
|
"github.com/owncast/owncast/utils"
|
|
"github.com/teris-io/shortid"
|
|
|
|
log "github.com/sirupsen/logrus"
|
|
)
|
|
|
|
var _datastore *data.Datastore
|
|
|
|
type User struct {
|
|
Id string `json:"id"`
|
|
AccessToken string `json:"-"`
|
|
DisplayName string `json:"displayName"`
|
|
DisplayColor int `json:"displayColor"`
|
|
CreatedAt time.Time `json:"createdAt"`
|
|
DisabledAt *time.Time `json:"disabledAt,omitempty"`
|
|
PreviousNames []string `json:"previousNames"`
|
|
NameChangedAt *time.Time `json:"nameChangedAt,omitempty"`
|
|
}
|
|
|
|
func (u *User) IsEnabled() bool {
|
|
return u.DisabledAt == nil
|
|
}
|
|
|
|
func SetupUsers() {
|
|
_datastore = data.GetDatastore()
|
|
}
|
|
|
|
func CreateAnonymousUser(username string) (*User, error) {
|
|
id := shortid.MustGenerate()
|
|
accessToken, err := utils.GenerateAccessToken()
|
|
if err != nil {
|
|
log.Errorln("Unable to create access token for new user")
|
|
return nil, err
|
|
}
|
|
|
|
var displayName = username
|
|
if displayName == "" {
|
|
displayName = utils.GeneratePhrase()
|
|
}
|
|
|
|
displayColor := utils.GenerateRandomDisplayColor()
|
|
|
|
user := &User{
|
|
Id: id,
|
|
AccessToken: accessToken,
|
|
DisplayName: displayName,
|
|
DisplayColor: displayColor,
|
|
CreatedAt: time.Now(),
|
|
}
|
|
|
|
if err := create(user); err != nil {
|
|
return nil, err
|
|
}
|
|
|
|
return user, nil
|
|
}
|
|
|
|
func ChangeUsername(userId string, username string) {
|
|
_datastore.DbLock.Lock()
|
|
defer _datastore.DbLock.Unlock()
|
|
|
|
tx, err := _datastore.DB.Begin()
|
|
|
|
if err != nil {
|
|
log.Debugln(err)
|
|
}
|
|
defer func() {
|
|
if err := tx.Rollback(); err != nil {
|
|
log.Debugln(err)
|
|
}
|
|
}()
|
|
|
|
stmt, err := tx.Prepare("UPDATE users SET display_name = ?, previous_names = previous_names || ?, namechanged_at = ? WHERE id = ?")
|
|
|
|
if err != nil {
|
|
log.Debugln(err)
|
|
}
|
|
defer stmt.Close()
|
|
|
|
_, err = stmt.Exec(username, fmt.Sprintf(",%s", username), time.Now(), userId)
|
|
if err != nil {
|
|
log.Errorln(err)
|
|
}
|
|
|
|
if err := tx.Commit(); err != nil {
|
|
log.Errorln("error changing display name of user", userId, err)
|
|
}
|
|
}
|
|
|
|
func create(user *User) error {
|
|
_datastore.DbLock.Lock()
|
|
defer _datastore.DbLock.Unlock()
|
|
|
|
tx, err := _datastore.DB.Begin()
|
|
if err != nil {
|
|
log.Debugln(err)
|
|
}
|
|
defer func() {
|
|
_ = tx.Rollback()
|
|
}()
|
|
|
|
stmt, err := tx.Prepare("INSERT INTO users(id, access_token, display_name, display_color, previous_names, created_at) values(?, ?, ?, ?, ?, ?)")
|
|
|
|
if err != nil {
|
|
log.Debugln(err)
|
|
}
|
|
defer stmt.Close()
|
|
|
|
_, err = stmt.Exec(user.Id, user.AccessToken, user.DisplayName, user.DisplayColor, user.DisplayName, user.CreatedAt)
|
|
if err != nil {
|
|
log.Errorln("error creating new user", err)
|
|
}
|
|
|
|
return tx.Commit()
|
|
}
|
|
|
|
func SetEnabled(userID string, enabled bool) error {
|
|
_datastore.DbLock.Lock()
|
|
defer _datastore.DbLock.Unlock()
|
|
|
|
tx, err := _datastore.DB.Begin()
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
defer tx.Rollback() //nolint
|
|
|
|
var stmt *sql.Stmt
|
|
if !enabled {
|
|
stmt, err = tx.Prepare("UPDATE users SET disabled_at=DATETIME('now', 'localtime') WHERE id IS ?")
|
|
} else {
|
|
stmt, err = tx.Prepare("UPDATE users SET disabled_at=null WHERE id IS ?")
|
|
}
|
|
|
|
if err != nil {
|
|
return err
|
|
}
|
|
|
|
defer stmt.Close()
|
|
|
|
if _, err := stmt.Exec(userID); err != nil {
|
|
return err
|
|
}
|
|
|
|
return tx.Commit()
|
|
}
|
|
|
|
// GetUserByToken will return a user by an access token.
|
|
func GetUserByToken(token string) *User {
|
|
_datastore.DbLock.Lock()
|
|
defer _datastore.DbLock.Unlock()
|
|
|
|
query := "SELECT id, display_name, display_color, created_at, disabled_at, previous_names, namechanged_at FROM users WHERE access_token = ?"
|
|
row := _datastore.DB.QueryRow(query, token)
|
|
|
|
return getUserFromRow(row)
|
|
}
|
|
|
|
// GetUserById will return a user by a user ID.
|
|
func GetUserById(id string) *User {
|
|
_datastore.DbLock.Lock()
|
|
defer _datastore.DbLock.Unlock()
|
|
|
|
query := "SELECT id, display_name, display_color, created_at, disabled_at, previous_names, namechanged_at FROM users WHERE id = ?"
|
|
row := _datastore.DB.QueryRow(query, id)
|
|
if row == nil {
|
|
log.Errorln(row)
|
|
return nil
|
|
}
|
|
return getUserFromRow(row)
|
|
}
|
|
|
|
// GetDisabledUsers will return back all the currently disabled users that are not API users.
|
|
func GetDisabledUsers() []*User {
|
|
query := "SELECT id, display_name, display_color, created_at, disabled_at, previous_names, namechanged_at FROM users WHERE disabled_at IS NOT NULL AND type IS NOT 'API'"
|
|
|
|
rows, err := _datastore.DB.Query(query)
|
|
if err != nil {
|
|
log.Errorln(err)
|
|
return nil
|
|
}
|
|
defer rows.Close()
|
|
|
|
users := getUsersFromRows(rows)
|
|
|
|
sort.Slice(users, func(i, j int) bool {
|
|
return users[i].DisabledAt.Before(*users[j].DisabledAt)
|
|
})
|
|
|
|
return users
|
|
}
|
|
|
|
func getUsersFromRows(rows *sql.Rows) []*User {
|
|
users := make([]*User, 0)
|
|
|
|
for rows.Next() {
|
|
var id string
|
|
var displayName string
|
|
var displayColor int
|
|
var createdAt time.Time
|
|
var disabledAt *time.Time
|
|
var previousUsernames string
|
|
var userNameChangedAt *time.Time
|
|
|
|
if err := rows.Scan(&id, &displayName, &displayColor, &createdAt, &disabledAt, &previousUsernames, &userNameChangedAt); err != nil {
|
|
log.Errorln("error creating collection of users from results", err)
|
|
return nil
|
|
}
|
|
|
|
user := &User{
|
|
Id: id,
|
|
DisplayName: displayName,
|
|
DisplayColor: displayColor,
|
|
CreatedAt: createdAt,
|
|
DisabledAt: disabledAt,
|
|
PreviousNames: strings.Split(previousUsernames, ","),
|
|
NameChangedAt: userNameChangedAt,
|
|
}
|
|
users = append(users, user)
|
|
}
|
|
|
|
sort.Slice(users, func(i, j int) bool {
|
|
return users[i].CreatedAt.Before(users[j].CreatedAt)
|
|
})
|
|
|
|
return users
|
|
}
|
|
|
|
func getUserFromRow(row *sql.Row) *User {
|
|
var id string
|
|
var displayName string
|
|
var displayColor int
|
|
var createdAt time.Time
|
|
var disabledAt *time.Time
|
|
var previousUsernames string
|
|
var userNameChangedAt *time.Time
|
|
|
|
if err := row.Scan(&id, &displayName, &displayColor, &createdAt, &disabledAt, &previousUsernames, &userNameChangedAt); err != nil {
|
|
return nil
|
|
}
|
|
|
|
return &User{
|
|
Id: id,
|
|
DisplayName: displayName,
|
|
DisplayColor: displayColor,
|
|
CreatedAt: createdAt,
|
|
DisabledAt: disabledAt,
|
|
PreviousNames: strings.Split(previousUsernames, ","),
|
|
NameChangedAt: userNameChangedAt,
|
|
}
|
|
}
|