vervis/src/Vervis/Handler/Person.hs

{- This file is part of Vervis.
 -
 - Written in 2016, 2018, 2019 by fr33domlover <fr33domlover@riseup.net>.
 -
 - ♡ Copying is an act of love. Please copy, reuse and share.
 -
 - The author(s) have dedicated all copyright and related and neighboring
 - rights to this software to the public domain worldwide. This software is
 - distributed without any warranty.
 -
 - You should have received a copy of the CC0 Public Domain Dedication along
 - with this software. If not, see
 - <http://creativecommons.org/publicdomain/zero/1.0/>.
 -}

module Vervis.Handler.Person
    ( getResendVerifyEmailR
    , getPeopleR
    , postPeopleR
    , getPersonNewR
    , getPersonR
    , postPersonR
    , getPersonActivitiesR
    )
where

import Vervis.Import hiding ((==.))
--import Prelude

import Database.Esqueleto hiding (isNothing, count)
import Network.URI (uriFragment, parseAbsoluteURI)
import Vervis.Form.Person
--import Model
import Text.Blaze.Html (toHtml)
import Yesod.Auth.Account (newAccountR, resendVerifyEmailWidget, username)
import Yesod.Auth.Account.Message (AccountMsg (MsgEmailUnverified))

import qualified Data.Text as T (unpack)

import Yesod.Auth.Unverified (requireUnverifiedAuth)

import Text.Email.Local

import Web.ActivityPub

--import Vervis.ActivityStreams
import Vervis.ActorKey
import Vervis.Model.Ident
import Vervis.Secure
import Vervis.Widget (avatarW)

-- | Account verification email resend form
getResendVerifyEmailR :: Handler Html
getResendVerifyEmailR = do
    person <- requireUnverifiedAuth
    defaultLayout $ do
        setTitleI MsgEmailUnverified
        [whamlet|
            <p>_{MsgEmailUnverified}
            ^{resendVerifyEmailWidget (username person) AuthR}
        |]

-- | Get list of users
getPeopleR :: Handler Html
getPeopleR = do
    people <- runDB $ select $ from $ \ (sharer, person) -> do
        where_ $ sharer ^. SharerId ==. person ^. PersonIdent
        orderBy [asc $ sharer ^. SharerIdent]
        return $ sharer ^. SharerIdent
    defaultLayout $(widgetFile "people")

-- | Create new user
postPeopleR :: Handler Html
postPeopleR = redirect $ AuthR newAccountR
{-
    settings <- getsYesod appSettings
    if appRegister settings
        then do
            room <- case appAccounts settings of
                Nothing -> return True
                Just cap -> do
                    current <- runDB $ count ([] :: [Filter Person])
                    return $ current < cap
            if room
                then do
                    ((result, widget), enctype) <- runFormPost newPersonForm
                    case result of
                        FormSuccess np -> do
                            now <- liftIO getCurrentTime
                            runDB $ do
                                let sharer = Sharer
                                        { sharerIdent   = npLogin np
                                        , sharerName    = npName np
                                        , sharerCreated = now
                                        }
                                sid <- insert sharer
                                let person = Person
                                        { personIdent = sid
                                        , personLogin = shr2text $ npLogin np
                                        , personHash  = Nothing
                                        , personEmail = npEmail np
                                        }
                                person' <- setPassword (npPass np) person
                                insert_ person'
                            redirectUltDest HomeR
                        FormMissing -> do
                            setMessage "Field(s) missing"
                            defaultLayout $(widgetFile "person-new")
                        FormFailure _l -> do
                            setMessage
                                "User registration failed, see errors below"
                            defaultLayout $(widgetFile "person-new")
                else do
                    setMessage "Maximal number of registered users reached"
                    redirect PeopleR
        else do
            setMessage "User registration disabled"
            redirect PeopleR
-}

getPersonNewR :: Handler Html
getPersonNewR = redirect $ AuthR newAccountR
{-
    regEnabled <- getsYesod $ appRegister . appSettings
    if regEnabled
        then do
            ((_result, widget), enctype) <- runFormPost newPersonForm
            defaultLayout $(widgetFile "person-new")
        else notFound
-}

getPersonR :: ShrIdent -> Handler TypedContent
getPersonR shr = do
    person <- runDB $ do
        Entity sid _s <- getBy404 $ UniqueSharer shr
        Entity _pid p <- getBy404 $ UniquePersonIdent sid
        return p
    renderUrl <- getUrlRender
    let route2uri route =
            case parseAbsoluteURI $ T.unpack $ renderUrl route of
                Nothing -> error "getRenderUrl produced invalid URI!!!"
                Just u  -> u
        me = route2uri $ PersonR shr
    selectRep $ do
        provideRep $ do
            secure <- getSecure
            defaultLayout $(widgetFile "person")
        provideAP Actor
            { actorId         = me
            , actorType       = ActorTypePerson
            , actorUsername   = shr2text shr
            , actorInbox      = route2uri InboxR
            , actorPublicKeys = PublicKeySet
                { publicKey1 = Left $ route2uri ActorKey1R
                , publicKey2 = Just $ Left $ route2uri ActorKey2R
                }
            }

postPersonR :: ShrIdent -> Handler TypedContent
postPersonR _ = notFound

getPersonActivitiesR :: ShrIdent -> Handler TypedContent
getPersonActivitiesR _ = notFound
Add people and person pages 2016-02-18 01:43:23 +09:00			`{- This file is part of Vervis.`
			`-`
Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`- Written in 2016, 2018, 2019 by fr33domlover <fr33domlover@riseup.net>.`
Add people and person pages 2016-02-18 01:43:23 +09:00			`-`
			`- ♡ Copying is an act of love. Please copy, reuse and share.`
			`-`
			`- The author(s) have dedicated all copyright and related and neighboring`
			`- rights to this software to the public domain worldwide. This software is`
			`- distributed without any warranty.`
			`-`
			`- You should have received a copy of the CC0 Public Domain Dedication along`
			`- with this software. If not, see`
			`- <http://creativecommons.org/publicdomain/zero/1.0/>.`
			`-}`

Put all modules under a new Vervis module 2016-02-23 17:45:03 +09:00			`module Vervis.Handler.Person`
Unverified variants of setCreds and clearCreds 2018-03-18 07:16:02 +09:00			`( getResendVerifyEmailR`
			`, getPeopleR`
Implement registration and make it build 2016-02-23 11:27:01 +09:00			`, postPeopleR`
Add user registration form view, still no-op 2016-02-19 13:10:42 +09:00			`, getPersonNewR`
Add people and person pages 2016-02-18 01:43:23 +09:00			`, getPersonR`
getPersonR respond with minimal ActivityPub actor 2018-03-26 04:26:30 +09:00			`, postPersonR`
			`, getPersonActivitiesR`
Add people and person pages 2016-02-18 01:43:23 +09:00			`)`
			`where`

Put all modules under a new Vervis module 2016-02-23 17:45:03 +09:00			`import Vervis.Import hiding ((==.))`
Add people and person pages 2016-02-18 01:43:23 +09:00			`--import Prelude`

New YAML setting: Optional user limit 2016-07-28 06:46:48 +09:00			`import Database.Esqueleto hiding (isNothing, count)`
Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`import Network.URI (uriFragment, parseAbsoluteURI)`
Write initial overview content and add project creation form 2016-02-25 12:10:30 +09:00			`import Vervis.Form.Person`
Add people and person pages 2016-02-18 01:43:23 +09:00			`--import Model`
Use 'toHtml' instead of generic markup combinator 'text' 2016-03-07 09:39:07 +09:00			`import Text.Blaze.Html (toHtml)`
Unverified variants of setCreds and clearCreds 2018-03-18 07:16:02 +09:00			`import Yesod.Auth.Account (newAccountR, resendVerifyEmailWidget, username)`
			`import Yesod.Auth.Account.Message (AccountMsg (MsgEmailUnverified))`

Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`import qualified Data.Text as T (unpack)`

Unverified variants of setCreds and clearCreds 2018-03-18 07:16:02 +09:00			`import Yesod.Auth.Unverified (requireUnverifiedAuth)`
Add people and person pages 2016-02-18 01:43:23 +09:00
Treat email address as `EmailAddress` instead of `Text` including in the mailer 2018-03-06 11:26:27 +09:00			`import Text.Email.Local`

Federation test outbox page with form for entering JSON 2019-01-22 00:54:57 +09:00			`import Web.ActivityPub`

Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`--import Vervis.ActivityStreams`
			`import Vervis.ActorKey`
Finish route change, it builds now I used this chance to make some name changes, add some utils, tweak some imports, remove more `setTitle`s and so on. I also made person, repo, key and project creation forms verify CI-uniqueness. 2016-05-24 05:46:54 +09:00			`import Vervis.Model.Ident`
Use HTTPS for avatar URL if approot in settings is https:// 2018-03-06 09:55:52 +09:00			`import Vervis.Secure`
Libravatar support \o/ 2016-05-26 06:10:41 +09:00			`import Vervis.Widget (avatarW)`
Finish route change, it builds now I used this chance to make some name changes, add some utils, tweak some imports, remove more `setTitle`s and so on. I also made person, repo, key and project creation forms verify CI-uniqueness. 2016-05-24 05:46:54 +09:00
Unverified variants of setCreds and clearCreds 2018-03-18 07:16:02 +09:00			`-- \| Account verification email resend form`
			`getResendVerifyEmailR :: Handler Html`
			`getResendVerifyEmailR = do`
			`person <- requireUnverifiedAuth`
			`defaultLayout $ do`
			`setTitleI MsgEmailUnverified`
			`[whamlet\|`
			`<p>_{MsgEmailUnverified}`
			`^{resendVerifyEmailWidget (username person) AuthR}`
			`\|]`

Add user registration form view, still no-op 2016-02-19 13:10:42 +09:00			`-- \| Get list of users`
Add people and person pages 2016-02-18 01:43:23 +09:00			`getPeopleR :: Handler Html`
			`getPeopleR = do`
			`people <- runDB $ select $ from $ \ (sharer, person) -> do`
			`where_ $ sharer ^. SharerId ==. person ^. PersonIdent`
			`orderBy [asc $ sharer ^. SharerIdent]`
			`return $ sharer ^. SharerIdent`
Finish route change, it builds now I used this chance to make some name changes, add some utils, tweak some imports, remove more `setTitle`s and so on. I also made person, repo, key and project creation forms verify CI-uniqueness. 2016-05-24 05:46:54 +09:00			`defaultLayout $(widgetFile "people")`
Add people and person pages 2016-02-18 01:43:23 +09:00
Add user registration form view, still no-op 2016-02-19 13:10:42 +09:00			`-- \| Create new user`
Implement registration and make it build 2016-02-23 11:27:01 +09:00			`postPeopleR :: Handler Html`
Switch to yesod-auth-account and make the mail code independent of Vervis 2018-03-04 06:33:59 +09:00			`postPeopleR = redirect $ AuthR newAccountR`
			`{-`
New YAML setting: Optional user limit 2016-07-28 06:46:48 +09:00			`settings <- getsYesod appSettings`
			`if appRegister settings`
Add settings option to disable registration 2016-04-20 01:03:27 +09:00			`then do`
New YAML setting: Optional user limit 2016-07-28 06:46:48 +09:00			`room <- case appAccounts settings of`
			`Nothing -> return True`
			`Just cap -> do`
			`current <- runDB $ count ([] :: [Filter Person])`
			`return $ current < cap`
			`if room`
			`then do`
			`((result, widget), enctype) <- runFormPost newPersonForm`
			`case result of`
			`FormSuccess np -> do`
			`now <- liftIO getCurrentTime`
			`runDB $ do`
			`let sharer = Sharer`
			`{ sharerIdent = npLogin np`
			`, sharerName = npName np`
			`, sharerCreated = now`
			`}`
			`sid <- insert sharer`
			`let person = Person`
			`{ personIdent = sid`
			`, personLogin = shr2text $ npLogin np`
			`, personHash = Nothing`
			`, personEmail = npEmail np`
			`}`
			`person' <- setPassword (npPass np) person`
			`insert_ person'`
			`redirectUltDest HomeR`
			`FormMissing -> do`
			`setMessage "Field(s) missing"`
			`defaultLayout $(widgetFile "person-new")`
			`FormFailure _l -> do`
			`setMessage`
			`"User registration failed, see errors below"`
			`defaultLayout $(widgetFile "person-new")`
			`else do`
			`setMessage "Maximal number of registered users reached"`
			`redirect PeopleR`
			`else do`
			`setMessage "User registration disabled"`
			`redirect PeopleR`
Switch to yesod-auth-account and make the mail code independent of Vervis 2018-03-04 06:33:59 +09:00			`-}`
Add user registration form view, still no-op 2016-02-19 13:10:42 +09:00
			`getPersonNewR :: Handler Html`
Switch to yesod-auth-account and make the mail code independent of Vervis 2018-03-04 06:33:59 +09:00			`getPersonNewR = redirect $ AuthR newAccountR`
			`{-`
Add group routes 2016-05-25 06:48:21 +09:00			`regEnabled <- getsYesod $ appRegister . appSettings`
			`if regEnabled`
			`then do`
			`((_result, widget), enctype) <- runFormPost newPersonForm`
			`defaultLayout $(widgetFile "person-new")`
			`else notFound`
Switch to yesod-auth-account and make the mail code independent of Vervis 2018-03-04 06:33:59 +09:00			`-}`
Add user registration form view, still no-op 2016-02-19 13:10:42 +09:00
getPersonR respond with minimal ActivityPub actor 2018-03-26 04:26:30 +09:00			`getPersonR :: ShrIdent -> Handler TypedContent`
			`getPersonR shr = do`
Replace some Esqueleto with much simpler Persistent queries 2016-03-03 17:35:29 +09:00			`person <- runDB $ do`
getPersonR respond with minimal ActivityPub actor 2018-03-26 04:26:30 +09:00			`Entity sid _s <- getBy404 $ UniqueSharer shr`
Replace some Esqueleto with much simpler Persistent queries 2016-03-03 17:35:29 +09:00			`Entity _pid p <- getBy404 $ UniquePersonIdent sid`
			`return p`
Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`renderUrl <- getUrlRender`
			`let route2uri route =`
			`case parseAbsoluteURI $ T.unpack $ renderUrl route of`
			`Nothing -> error "getRenderUrl produced invalid URI!!!"`
			`Just u -> u`
			`me = route2uri $ PersonR shr`
getPersonR respond with minimal ActivityPub actor 2018-03-26 04:26:30 +09:00			`selectRep $ do`
			`provideRep $ do`
			`secure <- getSecure`
			`defaultLayout $(widgetFile "person")`
Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`provideAP Actor`
Support remote actors specifying 2 keys, and DB storage of these keys It's now possible for activities we be attributed to actors that have more than one key. We allow up to 2 keys. We also store in the DB. Scaling to support any number of keys is trivial, but I'm limiting to 2 to avoid potential trouble and because 2 is the actual number we need. By having 2 keys, and replacing only one of them in each rotation, we avoid race conditions. With 1 key, the following can happen: 1. We send an activity to another server 2. We rotate our key 3. The server reaches the activity in its processing queue, tries to verify our request signature, but fails because it can't fetch the key. It's the old key and we discarded it already, replaced it with the new one When we use 2 keys, the previous key remains available and other servers have time to finish processing our requests signed with that key. We can safely rotate, without worrying about whether the user sent anything right before the rotation time. Caveat: With this feature, we allow OTHER servers to rotate freely. It's safe because it's optional, but it's just Vervis right now. Once Vervis itself starts using 2 keys, it will be able to rotate freely without race condition risk, but probably Mastodon etc. won't accept its signatures because of the use of 2 keys and because they're server-scope keys. Maybe I can get these features adopted by the fediverse? 2019-02-05 04:38:50 +09:00			`{ actorId = me`
			`, actorType = ActorTypePerson`
			`, actorUsername = shr2text shr`
			`, actorInbox = route2uri InboxR`
			`, actorPublicKeys = PublicKeySet`
Publish 2 rotating instance-scope keys instead of the one-implicitly-shared-key Before, there was a single key used as a personal key for all actors. Now, things work like this: - There are 2 keys, each time one is rotated, this way the old key remains valid and we can freely rotate without a risk of race conditions on other servers and end up with our posts being rejected - The keys are explicitly instance-scope keys, all actors refer to them - We add the ActivityPub-Actor header to all activity POSTs we send, to declare for which specific actor our signature applies. Activities and otherwise different payloads may have varying ways to specify attribution; using this header will be a standard uniform way to specify the actor, regardless of payload format. Of course, servers should make sure the actual activity is attributed to the same actor we specified in the header. (This is important with instance-scope keys; for personal keys it's not critical) 2019-02-07 19:34:33 +09:00			`{ publicKey1 = Left $ route2uri ActorKey1R`
			`, publicKey2 = Just $ Left $ route2uri ActorKey2R`
Public ActivityPub actor in PersonR It already had one, but it didn't have a public key and it was using the old mess of the Vervis.ActivityStreams module, which I'll possibly remove soon. It's hopefully more elegant now. 2019-01-19 14:56:58 +09:00			`}`
			`}`
getPersonR respond with minimal ActivityPub actor 2018-03-26 04:26:30 +09:00
			`postPersonR :: ShrIdent -> Handler TypedContent`
			`postPersonR _ = notFound`

			`getPersonActivitiesR :: ShrIdent -> Handler TypedContent`
			`getPersonActivitiesR _ = notFound`