diff --git a/account.go b/account.go
index 72d12ee..0a6c4ae 100644
--- a/account.go
+++ b/account.go
@@ -869,12 +869,19 @@ func viewEditCollection(app *App, u *User, w http.ResponseWriter, r *http.Reques
*UserPage
*Collection
Silenced bool
+
+ config.LettersCfg
+ LetterReplyTo string
}{
UserPage: NewUserPage(app, r, u, "Edit "+c.DisplayTitle(), flashes),
Collection: c,
Silenced: silenced,
+ LettersCfg: app.cfg.Letters,
}
obj.UserPage.CollAlias = c.Alias
+ if obj.LettersCfg.Enabled() {
+ obj.LetterReplyTo = app.db.GetCollectionAttribute(c.ID, collAttrLetterReplyTo)
+ }
showUserPage(w, "collection", obj)
return nil
diff --git a/app.go b/app.go
index 40eb858..9a72dc9 100644
--- a/app.go
+++ b/app.go
@@ -415,6 +415,17 @@ func Initialize(apper Apper, debug bool) (*App, error) {
initActivityPub(apper.App())
+ if apper.App().cfg.Letters.Domain != "" || apper.App().cfg.Letters.MailgunPrivate != "" {
+ if apper.App().cfg.Letters.Domain == "" {
+ log.Error("[FAILED] Starting publish jobs queue: no [letters]domain config value set.")
+ } else if apper.App().cfg.Letters.MailgunPrivate == "" {
+ log.Error("[FAILED] Starting publish jobs queue: no [letters]mailgun_private config value set.")
+ } else {
+ log.Info("Starting publish jobs queue...")
+ go startPublishJobsQueue(apper.App())
+ }
+ }
+
// Handle local timeline, if enabled
if apper.App().cfg.App.LocalTimeline {
log.Info("Initializing local timeline...")
diff --git a/collections.go b/collections.go
index f79cc2d..4f1cfad 100644
--- a/collections.go
+++ b/collections.go
@@ -33,9 +33,12 @@ import (
"github.com/writefreely/writefreely/author"
"github.com/writefreely/writefreely/config"
"github.com/writefreely/writefreely/page"
+ "github.com/writefreely/writefreely/spam"
"golang.org/x/net/idna"
)
+const collAttrLetterReplyTo = "letter_reply_to"
+
type (
// TODO: add Direction to db
// TODO: add Language to db
@@ -87,6 +90,7 @@ type (
Privacy int `schema:"privacy" json:"privacy"`
Pass string `schema:"password" json:"password"`
MathJax bool `schema:"mathjax" json:"mathjax"`
+ EmailSubs bool `schema:"email_subs" json:"email_subs"`
Handle string `schema:"handle" json:"handle"`
// Actual collection values updated in the DB
@@ -97,6 +101,7 @@ type (
Script *sql.NullString `schema:"script" json:"script"`
Signature *sql.NullString `schema:"signature" json:"signature"`
Monetization *string `schema:"monetization_pointer" json:"monetization_pointer"`
+ LetterReply *string `schema:"letter_reply" json:"letter_reply"`
Visibility *int `schema:"visibility" json:"public"`
Format *sql.NullString `schema:"format" json:"format"`
}
@@ -353,6 +358,10 @@ func (c *Collection) RenderMathJax() bool {
return c.db.CollectionHasAttribute(c.ID, "render_mathjax")
}
+func (c *Collection) EmailSubsEnabled() bool {
+ return c.db.CollectionHasAttribute(c.ID, "email_subs")
+}
+
func (c *Collection) MonetizationURL() string {
if c.Monetization == "" {
return ""
@@ -575,13 +584,17 @@ type CollectionPage struct {
IsWelcome bool
IsOwner bool
IsCollLoggedIn bool
+ Honeypot string
+ IsSubscriber bool
CanPin bool
Username string
Monetization string
+ Flash template.HTML
Collections *[]Collection
PinnedPosts *[]PublicPost
- IsAdmin bool
- CanInvite bool
+
+ IsAdmin bool
+ CanInvite bool
// Helper field for Chorus mode
CollAlias string
@@ -821,14 +834,20 @@ func handleViewCollection(app *App, w http.ResponseWriter, r *http.Request) erro
StaticPage: pageForReq(app, r),
IsCustomDomain: cr.isCustomDomain,
IsWelcome: r.FormValue("greeting") != "",
+ Honeypot: spam.HoneypotFieldName(),
CollAlias: c.Alias,
}
+ flashes, _ := getSessionFlashes(app, w, r, nil)
+ for _, f := range flashes {
+ displayPage.Flash = template.HTML(f)
+ }
displayPage.IsAdmin = u != nil && u.IsAdmin()
displayPage.CanInvite = canUserInvite(app.cfg, displayPage.IsAdmin)
var owner *User
if u != nil {
displayPage.Username = u.Username
displayPage.IsOwner = u.ID == coll.OwnerID
+ displayPage.IsSubscriber = u.IsEmailSubscriber(app, coll.ID)
if displayPage.IsOwner {
// Add in needed information for users viewing their own collection
owner = u
diff --git a/config/config.go b/config/config.go
index 0f07329..00dd6a5 100644
--- a/config/config.go
+++ b/config/config.go
@@ -170,11 +170,17 @@ type (
DisablePasswordAuth bool `ini:"disable_password_auth"`
}
+ LettersCfg struct {
+ Domain string `ini:"domain"`
+ MailgunPrivate string `ini:"mailgun_private"`
+ }
+
// Config holds the complete configuration for running a writefreely instance
Config struct {
Server ServerCfg `ini:"server"`
Database DatabaseCfg `ini:"database"`
App AppCfg `ini:"app"`
+ Letters LettersCfg `ini:"letters"`
SlackOauth SlackOauthCfg `ini:"oauth.slack"`
WriteAsOauth WriteAsOauthCfg `ini:"oauth.writeas"`
GitlabOauth GitlabOauthCfg `ini:"oauth.gitlab"`
@@ -235,6 +241,10 @@ func (ac *AppCfg) LandingPath() string {
return ac.Landing
}
+func (lc LettersCfg) Enabled() bool {
+ return lc.Domain != "" && lc.MailgunPrivate != ""
+}
+
func (ac AppCfg) SignupPath() string {
if !ac.OpenRegistration {
return ""
diff --git a/database.go b/database.go
index fefc3c1..2232652 100644
--- a/database.go
+++ b/database.go
@@ -14,6 +14,7 @@ import (
"context"
"database/sql"
"fmt"
+ "github.com/go-sql-driver/mysql"
"github.com/writeas/web-core/silobridge"
wf_db "github.com/writefreely/writefreely/db"
"net/http"
@@ -932,6 +933,41 @@ func (db *datastore) UpdateCollection(c *SubmittedCollection, alias string) erro
}
}
+ // Update EmailSub value
+ if c.EmailSubs {
+ // TODO: ensure these work with SQLite
+ _, err = db.Exec("INSERT INTO collectionattributes (collection_id, attribute, value) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE value = ?", collID, "email_subs", "1", "1")
+ if err != nil {
+ log.Error("Unable to insert email_subs value: %v", err)
+ return err
+ }
+ skipUpdate := false
+ if c.LetterReply != nil {
+ // Strip away any excess spaces
+ trimmed := strings.TrimSpace(*c.LetterReply)
+ // Only update value when it contains "@"
+ if strings.IndexRune(trimmed, '@') > 0 {
+ c.LetterReply = &trimmed
+ } else {
+ // Value appears invalid, so don't update
+ skipUpdate = true
+ }
+ if !skipUpdate {
+ _, err = db.Exec("INSERT INTO collectionattributes (collection_id, attribute, value) VALUES (?, ?, ?) ON DUPLICATE KEY UPDATE value = ?", collID, collAttrLetterReplyTo, *c.LetterReply, *c.LetterReply)
+ if err != nil {
+ log.Error("Unable to insert %s value: %v", collAttrLetterReplyTo, err)
+ return err
+ }
+ }
+ }
+ } else {
+ _, err = db.Exec("DELETE FROM collectionattributes WHERE collection_id = ? AND attribute = ?", collID, "email_subs")
+ if err != nil {
+ log.Error("Unable to delete email_subs value: %v", err)
+ return err
+ }
+ }
+
// Update rest of the collection data
if q.Updates != "" {
res, err = db.Exec("UPDATE collections SET "+q.Updates+" WHERE "+q.Conditions, q.Params...)
@@ -2812,3 +2848,243 @@ func (db *datastore) GetProfilePageFromHandle(app *App, handle string) (string,
}
return actorIRI, nil
}
+
+func (db *datastore) AddEmailSubscription(collID, userID int64, email string, confirmed bool) (*EmailSubscriber, error) {
+ friendlyChars := "0123456789BCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz"
+ subID := id.GenerateRandomString(friendlyChars, 8)
+ token := id.GenerateRandomString(friendlyChars, 16)
+ emailVal := sql.NullString{
+ String: email,
+ Valid: email != "",
+ }
+ userIDVal := sql.NullInt64{
+ Int64: userID,
+ Valid: userID > 0,
+ }
+
+ _, err := db.Exec("INSERT INTO emailsubscribers (id, collection_id, user_id, email, subscribed, token, confirmed) VALUES (?, ?, ?, ?, NOW(), ?, ?)", subID, collID, userIDVal, emailVal, token, confirmed)
+ if err != nil {
+ if mysqlErr, ok := err.(*mysql.MySQLError); ok {
+ if mysqlErr.Number == mySQLErrDuplicateKey {
+ // Duplicate, so just return existing subscriber information
+ log.Info("Duplicate subscriber for email %s, user %d; returning existing subscriber", email, userID)
+ return db.FetchEmailSubscriber(email, userID, collID)
+ }
+ }
+ return nil, err
+ }
+
+ return &EmailSubscriber{
+ ID: subID,
+ CollID: collID,
+ UserID: userIDVal,
+ Email: emailVal,
+ Token: token,
+ }, nil
+}
+
+func (db *datastore) IsEmailSubscriber(email string, userID, collID int64) bool {
+ var dummy int
+ var err error
+ if email != "" {
+ err = db.QueryRow("SELECT 1 FROM emailsubscribers WHERE email = ? AND collection_id = ?", email, collID).Scan(&dummy)
+ } else {
+ err = db.QueryRow("SELECT 1 FROM emailsubscribers WHERE user_id = ? AND collection_id = ?", userID, collID).Scan(&dummy)
+ }
+ switch {
+ case err == sql.ErrNoRows:
+ return false
+ case err != nil:
+ return false
+ }
+ return true
+}
+
+func (db *datastore) GetEmailSubscribers(collID int64, reqConfirmed bool) ([]*EmailSubscriber, error) {
+ cond := ""
+ if reqConfirmed {
+ cond = " AND confirmed = 1"
+ }
+ rows, err := db.Query(`SELECT s.id, collection_id, user_id, s.email, u.email, subscribed, token, confirmed, allow_export
+FROM emailsubscribers s
+LEFT JOIN users u
+ ON u.id = user_id
+WHERE collection_id = ?`+cond+`
+ORDER BY subscribed DESC`, collID)
+ if err != nil {
+ log.Error("Failed selecting email subscribers for collection %d: %v", collID, err)
+ return nil, err
+ }
+ defer rows.Close()
+
+ var subs []*EmailSubscriber
+ for rows.Next() {
+ s := &EmailSubscriber{}
+ err = rows.Scan(&s.ID, &s.CollID, &s.UserID, &s.Email, &s.acctEmail, &s.Subscribed, &s.Token, &s.Confirmed, &s.AllowExport)
+ if err != nil {
+ log.Error("Failed scanning row from email subscribers: %v", err)
+ continue
+ }
+ subs = append(subs, s)
+ }
+ return subs, nil
+}
+
+func (db *datastore) FetchEmailSubscriberEmail(subID, token string) (string, error) {
+ var email sql.NullString
+ // TODO: return user email if there's a user_id ?
+ err := db.QueryRow("SELECT email FROM emailsubscribers WHERE id = ? AND token = ?", subID, token).Scan(&email)
+ switch {
+ case err == sql.ErrNoRows:
+ return "", fmt.Errorf("Subscriber doesn't exist or token is invalid.")
+ case err != nil:
+ log.Error("Couldn't SELECT email from emailsubscribers: %v", err)
+ return "", fmt.Errorf("Something went very wrong.")
+ }
+
+ return email.String, nil
+}
+
+func (db *datastore) FetchEmailSubscriber(email string, userID, collID int64) (*EmailSubscriber, error) {
+ const emailSubCols = "id, collection_id, user_id, email, subscribed, token, confirmed, allow_export"
+
+ s := &EmailSubscriber{}
+ var row *sql.Row
+ if email != "" {
+ row = db.QueryRow("SELECT "+emailSubCols+" FROM emailsubscribers WHERE email = ? AND collection_id = ?", email, collID)
+ } else {
+ row = db.QueryRow("SELECT "+emailSubCols+" FROM emailsubscribers WHERE user_id = ? AND collection_id = ?", userID, collID)
+ }
+ err := row.Scan(&s.ID, &s.CollID, &s.UserID, &s.Email, &s.Subscribed, &s.Token, &s.Confirmed, &s.AllowExport)
+ switch {
+ case err == sql.ErrNoRows:
+ return nil, nil
+ case err != nil:
+ return nil, err
+ }
+ return s, nil
+}
+
+func (db *datastore) DeleteEmailSubscriber(subID, token string) error {
+ res, err := db.Exec("DELETE FROM emailsubscribers WHERE id = ? AND token = ?", subID, token)
+ if err != nil {
+ return err
+ }
+
+ rowsAffected, _ := res.RowsAffected()
+ if rowsAffected == 0 {
+ return impart.HTTPError{http.StatusNotFound, "Invalid token, or subscriber doesn't exist"}
+ }
+ return nil
+}
+
+func (db *datastore) DeleteEmailSubscriberByUser(email string, userID, collID int64) error {
+ var res sql.Result
+ var err error
+ if email != "" {
+ res, err = db.Exec("DELETE FROM emailsubscribers WHERE email = ? AND collection_id = ?", email, collID)
+ } else {
+ res, err = db.Exec("DELETE FROM emailsubscribers WHERE user_id = ? AND collection_id = ?", userID, collID)
+ }
+ if err != nil {
+ return err
+ }
+
+ rowsAffected, _ := res.RowsAffected()
+ if rowsAffected == 0 {
+ return impart.HTTPError{http.StatusNotFound, "Subscriber doesn't exist"}
+ }
+ return nil
+}
+
+func (db *datastore) UpdateSubscriberConfirmed(subID, token string) error {
+ email, err := db.FetchEmailSubscriberEmail(subID, token)
+ if err != nil {
+ log.Error("Didn't fetch email subscriber: %v", err)
+ return err
+ }
+
+ // TODO: ensure all addresses with original name are also confirmed, e.g. matt+fake@write.as and matt@write.as are now confirmed
+ _, err = db.Exec("UPDATE emailsubscribers SET confirmed = 1 WHERE email = ?", email)
+ if err != nil {
+ log.Error("Could not update email subscriber confirmation status: %v", err)
+ return err
+ }
+ return nil
+}
+
+func (db *datastore) IsSubscriberConfirmed(email string) bool {
+ var dummy int64
+ err := db.QueryRow("SELECT 1 FROM emailsubscribers WHERE email = ? AND confirmed = 1", email).Scan(&dummy)
+ switch {
+ case err == sql.ErrNoRows:
+ return false
+ case err != nil:
+ log.Error("Couldn't SELECT in isSubscriberConfirmed: %v", err)
+ return false
+ }
+
+ return true
+}
+
+func (db *datastore) InsertJob(j *PostJob) error {
+ res, err := db.Exec("INSERT INTO publishjobs (post_id, action, delay) VALUES (?, ?, ?)", j.PostID, j.Action, j.Delay)
+ if err != nil {
+ return err
+ }
+ jobID, err := res.LastInsertId()
+ if err != nil {
+ log.Error("[jobs] Couldn't get last insert ID! %s", err)
+ }
+ log.Info("[jobs] Queued %s job #%d for post %s, delayed %d minutes", j.Action, jobID, j.PostID, j.Delay)
+ return nil
+}
+
+func (db *datastore) UpdateJobForPost(postID string, delay int64) error {
+ _, err := db.Exec("UPDATE publishjobs SET delay = ? WHERE post_id = ?", delay, postID)
+ if err != nil {
+ return fmt.Errorf("Unable to update publish job: %s", err)
+ }
+ log.Info("Updated job for post %s: delay %d", postID, delay)
+ return nil
+}
+
+func (db *datastore) DeleteJob(id int64) error {
+ _, err := db.Exec("DELETE FROM publishjobs WHERE id = ?", id)
+ if err != nil {
+ return err
+ }
+ log.Info("[job #%d] Deleted.", id)
+ return nil
+}
+
+func (db *datastore) DeleteJobByPost(postID string) error {
+ _, err := db.Exec("DELETE FROM publishjobs WHERE post_id = ?", postID)
+ if err != nil {
+ return err
+ }
+ log.Info("[job] Deleted job for post %s", postID)
+ return nil
+}
+
+func (db *datastore) GetJobsToRun(action string) ([]*PostJob, error) {
+ rows, err := db.Query(`SELECT pj.id, post_id, action, delay
+ FROM publishjobs pj
+ INNER JOIN posts p
+ ON post_id = p.id
+ WHERE action = ? AND created < DATE_SUB(NOW(), INTERVAL delay MINUTE) AND created > DATE_SUB(NOW(), INTERVAL delay + 5 MINUTE)
+ ORDER BY created ASC`, action)
+ if err != nil {
+ log.Error("Failed selecting from publishjobs: %v", err)
+ return nil, impart.HTTPError{http.StatusInternalServerError, "Couldn't retrieve publish jobs."}
+ }
+ defer rows.Close()
+
+ jobs := []*PostJob{}
+ for rows.Next() {
+ j := &PostJob{}
+ err = rows.Scan(&j.ID, &j.PostID, &j.Action, &j.Delay)
+ jobs = append(jobs, j)
+ }
+ return jobs, nil
+}
diff --git a/email.go b/email.go
new file mode 100644
index 0000000..451f988
--- /dev/null
+++ b/email.go
@@ -0,0 +1,466 @@
+/*
+ * Copyright © 2019-2021 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package writefreely
+
+import (
+ "database/sql"
+ "encoding/json"
+ "fmt"
+ "html/template"
+ "net/http"
+ "strings"
+ "time"
+
+ "github.com/aymerick/douceur/inliner"
+ "github.com/gorilla/mux"
+ "github.com/mailgun/mailgun-go"
+ stripmd "github.com/writeas/go-strip-markdown/v2"
+ "github.com/writeas/impart"
+ "github.com/writeas/web-core/data"
+ "github.com/writeas/web-core/log"
+ "github.com/writefreely/writefreely/key"
+ "github.com/writefreely/writefreely/spam"
+)
+
+const (
+ emailSendDelay = 15
+)
+
+type (
+ SubmittedSubscription struct {
+ CollAlias string
+ UserID int64
+
+ Email string `schema:"email" json:"email"`
+ Web bool `schema:"web" json:"web"`
+ Slug string `schema:"slug" json:"slug"`
+ From string `schema:"from" json:"from"`
+ }
+
+ EmailSubscriber struct {
+ ID string
+ CollID int64
+ UserID sql.NullInt64
+ Email sql.NullString
+ Subscribed time.Time
+ Token string
+ Confirmed bool
+ AllowExport bool
+ acctEmail sql.NullString
+ }
+)
+
+func (es *EmailSubscriber) FinalEmail(keys *key.Keychain) string {
+ if !es.UserID.Valid || es.Email.Valid {
+ return es.Email.String
+ }
+
+ decEmail, err := data.Decrypt(keys.EmailKey, []byte(es.acctEmail.String))
+ if err != nil {
+ log.Error("Error decrypting user email: %v", err)
+ return ""
+ }
+ return string(decEmail)
+}
+
+func (es *EmailSubscriber) SubscribedFriendly() string {
+ return es.Subscribed.Format("January 2, 2006")
+}
+
+func handleCreateEmailSubscription(app *App, w http.ResponseWriter, r *http.Request) error {
+ reqJSON := IsJSON(r)
+ vars := mux.Vars(r)
+ var err error
+
+ ss := SubmittedSubscription{
+ CollAlias: vars["alias"],
+ }
+ u := getUserSession(app, r)
+ if u != nil {
+ ss.UserID = u.ID
+ }
+ if reqJSON {
+ // Decode JSON request
+ decoder := json.NewDecoder(r.Body)
+ err = decoder.Decode(&ss)
+ if err != nil {
+ log.Error("Couldn't parse new subscription JSON request: %v\n", err)
+ return ErrBadJSON
+ }
+ } else {
+ err = r.ParseForm()
+ if err != nil {
+ log.Error("Couldn't parse new subscription form request: %v\n", err)
+ return ErrBadFormData
+ }
+
+ err = app.formDecoder.Decode(&ss, r.PostForm)
+ if err != nil {
+ log.Error("Continuing, but error decoding new subscription form request: %v\n", err)
+ //return ErrBadFormData
+ }
+ }
+
+ c, err := app.db.GetCollection(ss.CollAlias)
+ if err != nil {
+ log.Error("getCollection: %s", err)
+ return err
+ }
+ c.hostName = app.cfg.App.Host
+
+ from := c.CanonicalURL()
+ isAuthorBanned, err := app.db.IsUserSilenced(c.OwnerID)
+ if isAuthorBanned {
+ log.Info("Author is silenced, so subscription is blocked.")
+ return impart.HTTPError{http.StatusFound, from}
+ }
+
+ if ss.Web {
+ if u != nil && u.ID == c.OwnerID {
+ from = "/" + c.Alias + "/"
+ }
+ from += ss.Slug
+ }
+
+ if r.FormValue(spam.HoneypotFieldName()) != "" || r.FormValue("fake_password") != "" {
+ log.Info("Honeypot field was filled out! Not subscribing.")
+ return impart.HTTPError{http.StatusFound, from}
+ }
+
+ if ss.Email == "" && ss.UserID < 1 {
+ log.Info("No subscriber data. Not subscribing.")
+ return impart.HTTPError{http.StatusFound, from}
+ }
+
+ // Do email validation
+ // TODO: move this to an AJAX call before submitting email address, so we can immediately show errors to user
+ /*
+ err := validate(ss.Email)
+ if err != nil {
+ addSessionFlash(w, r, err.Error(), nil)
+ return impart.HTTPError{http.StatusFound, from}
+ }
+ */
+
+ confirmed := app.db.IsSubscriberConfirmed(ss.Email)
+ es, err := app.db.AddEmailSubscription(c.ID, ss.UserID, ss.Email, confirmed)
+ if err != nil {
+ log.Error("addEmailSubscription: %s", err)
+ return err
+ }
+
+ // Send confirmation email if needed
+ if !confirmed {
+ sendSubConfirmEmail(app, c, ss.Email, es.ID, es.Token)
+ }
+
+ if ss.Web {
+ session, err := app.sessionStore.Get(r, userEmailCookieName)
+ if err != nil {
+ // The cookie should still save, even if there's an error.
+ // Source: https://github.com/gorilla/sessions/issues/16#issuecomment-143642144
+ log.Error("Getting user email cookie: %v; ignoring", err)
+ }
+ if confirmed {
+ addSessionFlash(app, w, r, "Subscribed . You'll now receive future blog posts via email.", nil)
+ } else {
+ addSessionFlash(app, w, r, "Please check your email and click the confirmation link to subscribe.", nil)
+ }
+ session.Values[userEmailCookieVal] = ss.Email
+ err = session.Save(r, w)
+ if err != nil {
+ log.Error("save email cookie: %s", err)
+ return err
+ }
+
+ return impart.HTTPError{http.StatusFound, from}
+ }
+ return impart.WriteSuccess(w, "", http.StatusAccepted)
+}
+
+func handleDeleteEmailSubscription(app *App, w http.ResponseWriter, r *http.Request) error {
+ alias := collectionAliasFromReq(r)
+
+ vars := mux.Vars(r)
+ subID := vars["subscriber"]
+ email := r.FormValue("email")
+ token := r.FormValue("t")
+ slug := r.FormValue("slug")
+ isWeb := r.Method == "GET"
+
+ // Display collection if this is a collection
+ var c *Collection
+ var err error
+ if app.cfg.App.SingleUser {
+ c, err = app.db.GetCollectionByID(1)
+ } else {
+ c, err = app.db.GetCollection(alias)
+ }
+ if err != nil {
+ log.Error("Get collection: %s", err)
+ return err
+ }
+
+ from := c.CanonicalURL()
+
+ if subID != "" {
+ // User unsubscribing via email, so assume action is taken by either current
+ // user or not current user, and only use the request's information to
+ // satisfy this unsubscribe, i.e. subscriberID and token.
+ err = app.db.DeleteEmailSubscriber(subID, token)
+ } else {
+ // User unsubscribing through the web app, so assume action is taken by
+ // currently-auth'd user.
+ var userID int64
+ u := getUserSession(app, r)
+ if u != nil {
+ // User is logged in
+ userID = u.ID
+ if userID == c.OwnerID {
+ from = "/" + c.Alias + "/"
+ }
+ }
+ if email == "" && userID <= 0 {
+ // Get email address from saved cookie
+ session, err := app.sessionStore.Get(r, userEmailCookieName)
+ if err != nil {
+ log.Error("Unable to get email cookie: %s", err)
+ } else {
+ email = session.Values[userEmailCookieVal].(string)
+ }
+ }
+
+ if email == "" && userID <= 0 {
+ err = fmt.Errorf("No subscriber given.")
+ log.Error("Not deleting subscription: %s", err)
+ return err
+ }
+
+ err = app.db.DeleteEmailSubscriberByUser(email, userID, c.ID)
+ }
+ if err != nil {
+ log.Error("Unable to delete subscriber: %v", err)
+ return err
+ }
+
+ if isWeb {
+ from += slug
+ addSessionFlash(app, w, r, "Unsubscribed . You will no longer receive these blog posts via email.", nil)
+ return impart.HTTPError{http.StatusFound, from}
+ }
+ return impart.WriteSuccess(w, "", http.StatusAccepted)
+}
+
+func handleConfirmEmailSubscription(app *App, w http.ResponseWriter, r *http.Request) error {
+ alias := collectionAliasFromReq(r)
+ subID := mux.Vars(r)["subscriber"]
+ token := r.FormValue("t")
+
+ var c *Collection
+ var err error
+ if app.cfg.App.SingleUser {
+ c, err = app.db.GetCollectionByID(1)
+ } else {
+ c, err = app.db.GetCollection(alias)
+ }
+ if err != nil {
+ log.Error("Get collection: %s", err)
+ return err
+ }
+
+ from := c.CanonicalURL()
+
+ err = app.db.UpdateSubscriberConfirmed(subID, token)
+ if err != nil {
+ addSessionFlash(app, w, r, err.Error(), nil)
+ return impart.HTTPError{http.StatusFound, from}
+ }
+
+ addSessionFlash(app, w, r, "Confirmed ! Thanks. Now you'll receive future blog posts via email.", nil)
+ return impart.HTTPError{http.StatusFound, from}
+}
+
+func emailPost(app *App, p *PublicPost, collID int64) error {
+ p.augmentContent()
+
+ // Do some shortcode replacement.
+ // Since the user is receiving this email, we can assume they're subscribed via email.
+ p.Content = strings.Replace(p.Content, "", `You're subscribed to email updates.
`, -1)
+
+ if p.HTMLContent == template.HTML("") {
+ p.formatContent(app.cfg, false, false)
+ }
+ p.augmentReadingDestination()
+
+ title := p.Title.String
+ if title != "" {
+ title = p.Title.String + "\n\n"
+ }
+ plainMsg := title + "A new post from " + p.CanonicalURL(app.cfg.App.Host) + "\n\n" + stripmd.Strip(p.Content)
+ plainMsg += `
+
+---------------------------------------------------------------------------------
+
+Originally published on ` + p.Collection.DisplayTitle() + ` (` + p.Collection.CanonicalURL() + `), a blog you subscribe to.
+
+Sent to %recipient.to%. Unsubscribe: ` + p.Collection.CanonicalURL() + `email/unsubscribe/%recipient.id%?t=%recipient.token%`
+
+ gun := mailgun.NewMailgun(app.cfg.Letters.Domain, app.cfg.Letters.MailgunPrivate)
+ m := mailgun.NewMessage(p.Collection.DisplayTitle()+" <"+p.Collection.Alias+"@"+app.cfg.Letters.Domain+">", p.Collection.DisplayTitle()+": "+p.DisplayTitle(), plainMsg)
+ replyTo := app.db.GetCollectionAttribute(collID, collAttrLetterReplyTo)
+ if replyTo != "" {
+ m.SetReplyTo(replyTo)
+ }
+
+ subs, err := app.db.GetEmailSubscribers(collID, true)
+ if err != nil {
+ log.Error("Unable to get email subscribers: %v", err)
+ return err
+ }
+ if len(subs) == 0 {
+ return nil
+ }
+ log.Info("[email] Adding %d recipient(s)", len(subs))
+ for _, s := range subs {
+ e := s.FinalEmail(app.keys)
+ log.Info("[email] Adding %s", e)
+ err = m.AddRecipientAndVariables(e, map[string]interface{}{
+ "id": s.ID,
+ "to": e,
+ "token": s.Token,
+ })
+ if err != nil {
+ log.Error("Unable to add receipient %s: %s", e, err)
+ }
+ }
+
+ if title != "" {
+ title = string(`` + p.FormattedDisplayTitle() + ` `)
+ }
+ m.AddTag("New post")
+
+ fontFam := "Lora, Palatino, Baskerville, serif"
+ if p.IsSans() {
+ fontFam = `"Open Sans", Tahoma, Arial, sans-serif`
+ } else if p.IsMonospace() {
+ fontFam = `Hack, consolas, Menlo-Regular, Menlo, Monaco, monospace, monospace`
+ }
+
+ // TODO: move this to a templated file and LESS-generated stylesheet
+ fullHTML := `
+
+
+
+
+ ` + title + `
From ` + p.DisplayCanonicalURL() + `
+
+` + string(p.HTMLContent) + `
You're subscribed to email updates. Unsubscribe .
`, -1)
+ } else {
+ p.Content = strings.Replace(p.Content, "", ``, -1)
+ }
+ }
+ p.Content = strings.Replace(p.Content, "<!--emailsub-->", "", 1)
// TODO: move this to function
p.formatContent(app.cfg, cr.isCollOwner, true)
tp := CollectionPostPage{
@@ -1593,6 +1628,14 @@ func (p *Post) extractData() {
p.extractImages()
}
+func (p *Post) IsSans() bool {
+ return p.Font == "sans"
+}
+
+func (p *Post) IsMonospace() bool {
+ return p.Font == "mono"
+}
+
func (rp *RawPost) UserFacingCreated() string {
return rp.Created.Format(postMetaDateFormat)
}
diff --git a/routes.go b/routes.go
index 213958d..e1b6261 100644
--- a/routes.go
+++ b/routes.go
@@ -147,6 +147,9 @@ func InitRoutes(apper Apper, r *mux.Router) *mux.Router {
apiColls.HandleFunc("/{alias}/collect", handler.All(addPost)).Methods("POST")
apiColls.HandleFunc("/{alias}/pin", handler.All(pinPost)).Methods("POST")
apiColls.HandleFunc("/{alias}/unpin", handler.All(pinPost)).Methods("POST")
+ apiColls.HandleFunc("/{alias}/email/subscribe", handler.All(handleCreateEmailSubscription)).Methods("POST")
+ apiColls.HandleFunc("/{alias}/email/subscribe", handler.All(handleDeleteEmailSubscription)).Methods("DELETE")
+ apiColls.HandleFunc("/{collection}/email/unsubscribe", handler.All(handleDeleteEmailSubscription)).Methods("GET")
apiColls.HandleFunc("/{alias}/inbox", handler.All(handleFetchCollectionInbox)).Methods("POST")
apiColls.HandleFunc("/{alias}/outbox", handler.AllReader(handleFetchCollectionOutbox)).Methods("GET")
apiColls.HandleFunc("/{alias}/following", handler.AllReader(handleFetchCollectionFollowing)).Methods("GET")
@@ -220,6 +223,8 @@ func RouteCollections(handler *Handler, r *mux.Router) {
r.HandleFunc("/tag:{tag}/feed/", handler.Web(ViewFeed, UserLevelReader))
r.HandleFunc("/sitemap.xml", handler.AllReader(handleViewSitemap))
r.HandleFunc("/feed/", handler.AllReader(ViewFeed))
+ r.HandleFunc("/email/confirm/{subscriber}", handler.All(handleConfirmEmailSubscription)).Methods("GET")
+ r.HandleFunc("/email/unsubscribe/{subscriber}", handler.All(handleDeleteEmailSubscription)).Methods("GET")
r.HandleFunc("/{slug}", handler.CollectionPostOrStatic)
r.HandleFunc("/{slug}/edit", handler.Web(handleViewPad, UserLevelUser))
r.HandleFunc("/{slug}/edit/meta", handler.Web(handleViewMeta, UserLevelUser))
diff --git a/session.go b/session.go
index 81d628f..100842f 100644
--- a/session.go
+++ b/session.go
@@ -21,6 +21,10 @@ import (
const (
day = 86400
sessionLength = 180 * day
+
+ userEmailCookieName = "ue"
+ userEmailCookieVal = "email"
+
cookieName = "wfu"
cookieUserVal = "u"
diff --git a/spam/email.go b/spam/email.go
new file mode 100644
index 0000000..76158f5
--- /dev/null
+++ b/spam/email.go
@@ -0,0 +1,43 @@
+/*
+ * Copyright © 2020-2021 A Bunch Tell LLC.
+ *
+ * This file is part of WriteFreely.
+ *
+ * WriteFreely is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, included
+ * in the LICENSE file in this source code package.
+ */
+
+package spam
+
+import (
+ "github.com/writeas/web-core/id"
+ "strings"
+)
+
+var honeypotField string
+
+func HoneypotFieldName() string {
+ if honeypotField == "" {
+ honeypotField = id.Generate62RandomString(39)
+ }
+ return honeypotField
+}
+
+// CleanEmail takes an email address and strips it down to a unique address that can be blocked.
+func CleanEmail(email string) string {
+ emailParts := strings.Split(strings.ToLower(email), "@")
+ if len(emailParts) < 2 {
+ return ""
+ }
+ u := emailParts[0]
+ d := emailParts[1]
+ // Ignore anything after '+'
+ plusIdx := strings.IndexRune(u, '+')
+ if plusIdx > -1 {
+ u = u[:plusIdx]
+ }
+ // Strip dots in email address
+ u = strings.ReplaceAll(u, ".", "")
+ return u + "@" + d
+}
diff --git a/templates/collection.tmpl b/templates/collection.tmpl
index 493e6b7..7669c88 100644
--- a/templates/collection.tmpl
+++ b/templates/collection.tmpl
@@ -102,6 +102,12 @@
{{end}}
+ {{if .Flash}}
+
+ {{end}}
+
{{template "posts" .}}
{{if gt .TotalPages 1}}
@@ -114,6 +120,8 @@
{{end}}
{{end}}
+ {{if not .IsWelcome}}{{template "emailsubscribe" .}}{{end}}
+
{{if .Posts}}{{else}}{{end}}
{{if .ShowFooterBranding }}
diff --git a/templates/include/post-render.tmpl b/templates/include/post-render.tmpl
index 5b84845..fd3cbf2 100644
--- a/templates/include/post-render.tmpl
+++ b/templates/include/post-render.tmpl
@@ -102,3 +102,28 @@
{{end}}
+
+{{define "emailsubscribe"}}
+ {{if .EmailSubsEnabled}}
+
+ {{if .IsSubscriber}}
+
You're subscribed to email updates. Unsubscribe .
+ {{else}}
+
+
+ {{end}}
+
+
Updates
+
+
Keep readers updated with your latest posts wherever they are.
+
+
+
Display Format
@@ -249,6 +287,13 @@ var $customDomain = document.getElementById('domain-alias');
var $customHandleEnv = document.getElementById('custom-handle-env');
var $normalHandleEnv = document.getElementById('normal-handle-env');
+var $emailSubsCheck = document.getElementById('email_subs');
+var $letterReply = document.getElementById('letter_reply');
+H.getEl('email_subs').on('click', function() {
+ let show = $emailSubsCheck.checked
+ $letterReply.disabled = !show
+})
+
if (matchMedia('(pointer:fine)').matches) {
// Only initialize Ace editor on devices with a mouse
var opt = {
diff --git a/users.go b/users.go
index cc6764f..1e18e24 100644
--- a/users.go
+++ b/users.go
@@ -134,3 +134,7 @@ func (u *User) IsAdmin() bool {
func (u *User) IsSilenced() bool {
return u.Status&UserSilenced != 0
}
+
+func (u *User) IsEmailSubscriber(app *App, collID int64) bool {
+ return app.db.IsEmailSubscriber("", u.ID, collID)
+}