vervis/src/Vervis/Handler/Person.hs

{- This file is part of Vervis.
 -
 - Written in 2016, 2018, 2019 by fr33domlover <fr33domlover@riseup.net>.
 -
 - ♡ Copying is an act of love. Please copy, reuse and share.
 -
 - The author(s) have dedicated all copyright and related and neighboring
 - rights to this software to the public domain worldwide. This software is
 - distributed without any warranty.
 -
 - You should have received a copy of the CC0 Public Domain Dedication along
 - with this software. If not, see
 - <http://creativecommons.org/publicdomain/zero/1.0/>.
 -}

module Vervis.Handler.Person
    ( getResendVerifyEmailR
    , getPeopleR
    , getPerson
    )
where

import Vervis.Import hiding ((==.))
--import Prelude

import Data.List.NonEmpty (NonEmpty (..))
import Database.Esqueleto hiding (isNothing, count)
import Vervis.Form.Person
--import Model
import Text.Blaze.Html (toHtml)
import Yesod.Auth.Account (newAccountR, resendVerifyEmailWidget, username)
import Yesod.Auth.Account.Message (AccountMsg (MsgEmailUnverified))

import qualified Data.Text as T (unpack)

import Yesod.Auth.Unverified (requireUnverifiedAuth)

import Text.Email.Local

import Network.FedURI
import Web.ActivityPub

--import Vervis.ActivityStreams
import Vervis.ActorKey
import Vervis.Model.Ident
import Vervis.Secure
import Vervis.Widget (avatarW)

-- | Account verification email resend form
getResendVerifyEmailR :: Handler Html
getResendVerifyEmailR = do
    person <- requireUnverifiedAuth
    defaultLayout $ do
        setTitleI MsgEmailUnverified
        [whamlet|
            <p>_{MsgEmailUnverified}
            ^{resendVerifyEmailWidget (username person) AuthR}
        |]

-- | Get list of users
getPeopleR :: Handler Html
getPeopleR = do
    people <- runDB $ select $ from $ \ (sharer, person) -> do
        where_ $ sharer ^. SharerId ==. person ^. PersonIdent
        orderBy [asc $ sharer ^. SharerIdent]
        return $ sharer ^. SharerIdent
    defaultLayout $(widgetFile "people")

{-
-- | Create new user
postPeopleR :: Handler Html
postPeopleR = redirect $ AuthR newAccountR
    settings <- getsYesod appSettings
    if appRegister settings
        then do
            room <- case appAccounts settings of
                Nothing -> return True
                Just cap -> do
                    current <- runDB $ count ([] :: [Filter Person])
                    return $ current < cap
            if room
                then do
                    ((result, widget), enctype) <- runFormPost newPersonForm
                    case result of
                        FormSuccess np -> do
                            now <- liftIO getCurrentTime
                            runDB $ do
                                let sharer = Sharer
                                        { sharerIdent   = npLogin np
                                        , sharerName    = npName np
                                        , sharerCreated = now
                                        }
                                sid <- insert sharer
                                let person = Person
                                        { personIdent = sid
                                        , personLogin = shr2text $ npLogin np
                                        , personHash  = Nothing
                                        , personEmail = npEmail np
                                        }
                                person' <- setPassword (npPass np) person
                                insert_ person'
                            redirectUltDest HomeR
                        FormMissing -> do
                            setMessage "Field(s) missing"
                            defaultLayout $(widgetFile "person-new")
                        FormFailure _l -> do
                            setMessage
                                "User registration failed, see errors below"
                            defaultLayout $(widgetFile "person-new")
                else do
                    setMessage "Maximal number of registered users reached"
                    redirect PeopleR
        else do
            setMessage "User registration disabled"
            redirect PeopleR
-}

{-
getPersonNewR :: Handler Html
getPersonNewR = redirect $ AuthR newAccountR
    regEnabled <- getsYesod $ appRegister . appSettings
    if regEnabled
        then do
            ((_result, widget), enctype) <- runFormPost newPersonForm
            defaultLayout $(widgetFile "person-new")
        else notFound
-}

getPerson :: ShrIdent -> Person -> Handler TypedContent
getPerson shr person = do
    renderUrl <- getUrlRender
    let route2uri route =
            case parseFedURI $ renderUrl route of
                Left e -> error $ "getRenderUrl produced invalid FedURI!!! " ++ e
                Right u -> u
        route2local = snd . f2l . route2uri
        (host, me) = f2l $ route2uri $ SharerR shr
    selectRep $ do
        provideRep $ do
            secure <- getSecure
            defaultLayout $(widgetFile "person")
        provideAP $ Doc host Actor
            { actorId         = me
            , actorType       = ActorTypePerson
            , actorUsername   = shr2text shr
            , actorInbox      = route2local InboxR
            , actorPublicKeys =
                [ Left $ route2local ActorKey1R
                , Left $ route2local ActorKey2R
                ]
            }
Add people and person pages 2016-02-18 01:43:23 +09:00			`{- This file is part of Vervis.`
			`-`
Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`- Written in 2016, 2018, 2019 by fr33domlover <fr33domlover@riseup.net>.`
Add people and person pages 2016-02-18 01:43:23 +09:00			`-`
			`- ♡ Copying is an act of love. Please copy, reuse and share.`
			`-`
			`- The author(s) have dedicated all copyright and related and neighboring`
			`- rights to this software to the public domain worldwide. This software is`
			`- distributed without any warranty.`
			`-`
			`- You should have received a copy of the CC0 Public Domain Dedication along`
			`- with this software. If not, see`
			`- <http://creativecommons.org/publicdomain/zero/1.0/>.`
			`-}`

Put all modules under a new Vervis module 2016-02-23 17:45:03 +09:00			`module Vervis.Handler.Person`
Unverified variants of setCreds and clearCreds 2018-03-18 07:16:02 +09:00			`( getResendVerifyEmailR`
			`, getPeopleR`
Switch actor ID URIs to be /s/ACTOR instead of /p and /g See Vervis ticket #60. 2019-02-15 07:13:58 +09:00			`, getPerson`
Add people and person pages 2016-02-18 01:43:23 +09:00			`)`
			`where`

Put all modules under a new Vervis module 2016-02-23 17:45:03 +09:00			`import Vervis.Import hiding ((==.))`
Add people and person pages 2016-02-18 01:43:23 +09:00			`--import Prelude`

Remove hardcoded-to-2 limit on length of an actor's list of public keys 2019-02-24 10:21:42 +09:00			`import Data.List.NonEmpty (NonEmpty (..))`
New YAML setting: Optional user limit 2016-07-28 06:46:48 +09:00			`import Database.Esqueleto hiding (isNothing, count)`
Write initial overview content and add project creation form 2016-02-25 12:10:30 +09:00			`import Vervis.Form.Person`
Add people and person pages 2016-02-18 01:43:23 +09:00			`--import Model`
Use 'toHtml' instead of generic markup combinator 'text' 2016-03-07 09:39:07 +09:00			`import Text.Blaze.Html (toHtml)`
Unverified variants of setCreds and clearCreds 2018-03-18 07:16:02 +09:00			`import Yesod.Auth.Account (newAccountR, resendVerifyEmailWidget, username)`
			`import Yesod.Auth.Account.Message (AccountMsg (MsgEmailUnverified))`

Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`import qualified Data.Text as T (unpack)`

Unverified variants of setCreds and clearCreds 2018-03-18 07:16:02 +09:00			`import Yesod.Auth.Unverified (requireUnverifiedAuth)`
Add people and person pages 2016-02-18 01:43:23 +09:00
Treat email address as `EmailAddress` instead of `Text` including in the mailer 2018-03-06 11:26:27 +09:00			`import Text.Email.Local`

New datatype `FedURI` for @id URIs Using a dedicated type allows to record in the type the guarantees that we provide, such as scheme being HTTPS and authority being present. Allows to replace ugly `fromJust` and such with direct field access. 2019-02-08 08:08:28 +09:00			`import Network.FedURI`
Federation test outbox page with form for entering JSON 2019-01-22 00:54:57 +09:00			`import Web.ActivityPub`

Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`--import Vervis.ActivityStreams`
			`import Vervis.ActorKey`
Finish route change, it builds now I used this chance to make some name changes, add some utils, tweak some imports, remove more `setTitle`s and so on. I also made person, repo, key and project creation forms verify CI-uniqueness. 2016-05-24 05:46:54 +09:00			`import Vervis.Model.Ident`
Use HTTPS for avatar URL if approot in settings is https:// 2018-03-06 09:55:52 +09:00			`import Vervis.Secure`
Libravatar support \o/ 2016-05-26 06:10:41 +09:00			`import Vervis.Widget (avatarW)`
Finish route change, it builds now I used this chance to make some name changes, add some utils, tweak some imports, remove more `setTitle`s and so on. I also made person, repo, key and project creation forms verify CI-uniqueness. 2016-05-24 05:46:54 +09:00
Unverified variants of setCreds and clearCreds 2018-03-18 07:16:02 +09:00			`-- \| Account verification email resend form`
			`getResendVerifyEmailR :: Handler Html`
			`getResendVerifyEmailR = do`
			`person <- requireUnverifiedAuth`
			`defaultLayout $ do`
			`setTitleI MsgEmailUnverified`
			`[whamlet\|`
			`<p>_{MsgEmailUnverified}`
			`^{resendVerifyEmailWidget (username person) AuthR}`
			`\|]`

Add user registration form view, still no-op 2016-02-19 13:10:42 +09:00			`-- \| Get list of users`
Add people and person pages 2016-02-18 01:43:23 +09:00			`getPeopleR :: Handler Html`
			`getPeopleR = do`
			`people <- runDB $ select $ from $ \ (sharer, person) -> do`
			`where_ $ sharer ^. SharerId ==. person ^. PersonIdent`
			`orderBy [asc $ sharer ^. SharerIdent]`
			`return $ sharer ^. SharerIdent`
Finish route change, it builds now I used this chance to make some name changes, add some utils, tweak some imports, remove more `setTitle`s and so on. I also made person, repo, key and project creation forms verify CI-uniqueness. 2016-05-24 05:46:54 +09:00			`defaultLayout $(widgetFile "people")`
Add people and person pages 2016-02-18 01:43:23 +09:00
Switch actor ID URIs to be /s/ACTOR instead of /p and /g See Vervis ticket #60. 2019-02-15 07:13:58 +09:00			`{-`
Add user registration form view, still no-op 2016-02-19 13:10:42 +09:00			`-- \| Create new user`
Implement registration and make it build 2016-02-23 11:27:01 +09:00			`postPeopleR :: Handler Html`
Switch to yesod-auth-account and make the mail code independent of Vervis 2018-03-04 06:33:59 +09:00			`postPeopleR = redirect $ AuthR newAccountR`
New YAML setting: Optional user limit 2016-07-28 06:46:48 +09:00			`settings <- getsYesod appSettings`
			`if appRegister settings`
Add settings option to disable registration 2016-04-20 01:03:27 +09:00			`then do`
New YAML setting: Optional user limit 2016-07-28 06:46:48 +09:00			`room <- case appAccounts settings of`
			`Nothing -> return True`
			`Just cap -> do`
			`current <- runDB $ count ([] :: [Filter Person])`
			`return $ current < cap`
			`if room`
			`then do`
			`((result, widget), enctype) <- runFormPost newPersonForm`
			`case result of`
			`FormSuccess np -> do`
			`now <- liftIO getCurrentTime`
			`runDB $ do`
			`let sharer = Sharer`
			`{ sharerIdent = npLogin np`
			`, sharerName = npName np`
			`, sharerCreated = now`
			`}`
			`sid <- insert sharer`
			`let person = Person`
			`{ personIdent = sid`
			`, personLogin = shr2text $ npLogin np`
			`, personHash = Nothing`
			`, personEmail = npEmail np`
			`}`
			`person' <- setPassword (npPass np) person`
			`insert_ person'`
			`redirectUltDest HomeR`
			`FormMissing -> do`
			`setMessage "Field(s) missing"`
			`defaultLayout $(widgetFile "person-new")`
			`FormFailure _l -> do`
			`setMessage`
			`"User registration failed, see errors below"`
			`defaultLayout $(widgetFile "person-new")`
			`else do`
			`setMessage "Maximal number of registered users reached"`
			`redirect PeopleR`
			`else do`
			`setMessage "User registration disabled"`
			`redirect PeopleR`
Switch to yesod-auth-account and make the mail code independent of Vervis 2018-03-04 06:33:59 +09:00			`-}`
Add user registration form view, still no-op 2016-02-19 13:10:42 +09:00
Switch actor ID URIs to be /s/ACTOR instead of /p and /g See Vervis ticket #60. 2019-02-15 07:13:58 +09:00			`{-`
Add user registration form view, still no-op 2016-02-19 13:10:42 +09:00			`getPersonNewR :: Handler Html`
Switch to yesod-auth-account and make the mail code independent of Vervis 2018-03-04 06:33:59 +09:00			`getPersonNewR = redirect $ AuthR newAccountR`
Add group routes 2016-05-25 06:48:21 +09:00			`regEnabled <- getsYesod $ appRegister . appSettings`
			`if regEnabled`
			`then do`
			`((_result, widget), enctype) <- runFormPost newPersonForm`
			`defaultLayout $(widgetFile "person-new")`
			`else notFound`
Switch to yesod-auth-account and make the mail code independent of Vervis 2018-03-04 06:33:59 +09:00			`-}`
Add user registration form view, still no-op 2016-02-19 13:10:42 +09:00
Switch actor ID URIs to be /s/ACTOR instead of /p and /g See Vervis ticket #60. 2019-02-15 07:13:58 +09:00			`getPerson :: ShrIdent -> Person -> Handler TypedContent`
			`getPerson shr person = do`
Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`renderUrl <- getUrlRender`
			`let route2uri route =`
New datatype `FedURI` for @id URIs Using a dedicated type allows to record in the type the guarantees that we provide, such as scheme being HTTPS and authority being present. Allows to replace ugly `fromJust` and such with direct field access. 2019-02-08 08:08:28 +09:00			`case parseFedURI $ renderUrl route of`
			`Left e -> error $ "getRenderUrl produced invalid FedURI!!! " ++ e`
			`Right u -> u`
Add LocalURI type for recording shared URI host 2019-02-22 08:59:53 +09:00			`route2local = snd . f2l . route2uri`
			`(host, me) = f2l $ route2uri $ SharerR shr`
getPersonR respond with minimal ActivityPub actor 2018-03-26 04:26:30 +09:00			`selectRep $ do`
			`provideRep $ do`
			`secure <- getSecure`
			`defaultLayout $(widgetFile "person")`
Add LocalURI type for recording shared URI host 2019-02-22 08:59:53 +09:00			`provideAP $ Doc host Actor`
Support remote actors specifying 2 keys, and DB storage of these keys It's now possible for activities we be attributed to actors that have more than one key. We allow up to 2 keys. We also store in the DB. Scaling to support any number of keys is trivial, but I'm limiting to 2 to avoid potential trouble and because 2 is the actual number we need. By having 2 keys, and replacing only one of them in each rotation, we avoid race conditions. With 1 key, the following can happen: 1. We send an activity to another server 2. We rotate our key 3. The server reaches the activity in its processing queue, tries to verify our request signature, but fails because it can't fetch the key. It's the old key and we discarded it already, replaced it with the new one When we use 2 keys, the previous key remains available and other servers have time to finish processing our requests signed with that key. We can safely rotate, without worrying about whether the user sent anything right before the rotation time. Caveat: With this feature, we allow OTHER servers to rotate freely. It's safe because it's optional, but it's just Vervis right now. Once Vervis itself starts using 2 keys, it will be able to rotate freely without race condition risk, but probably Mastodon etc. won't accept its signatures because of the use of 2 keys and because they're server-scope keys. Maybe I can get these features adopted by the fediverse? 2019-02-05 04:38:50 +09:00			`{ actorId = me`
			`, actorType = ActorTypePerson`
			`, actorUsername = shr2text shr`
Add LocalURI type for recording shared URI host 2019-02-22 08:59:53 +09:00			`, actorInbox = route2local InboxR`
Remove hardcoded-to-2 limit on length of an actor's list of public keys 2019-02-24 10:21:42 +09:00			`, actorPublicKeys =`
Allow actors not to list any public keys at all 2019-03-20 18:31:08 +09:00			`[ Left $ route2local ActorKey1R`
			`, Left $ route2local ActorKey2R`
			`]`
Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`}`