Add Parental Controls feature

app/Http/Controllers/Auth/RegisterController.php

@@ -60,7 +60,7 @@ class RegisterController extends Controller
 	 *
 	 * @return \Illuminate\Contracts\Validation\Validator
 	 */
-	protected function validator(array $data)
+	public function validator(array $data)
 	{
 		if(config('database.default') == 'pgsql') {
 			$data['username'] = strtolower($data['username']);
@@ -151,7 +151,7 @@ class RegisterController extends Controller
 	 *
 	 * @return \App\User
 	 */
-	protected function create(array $data)
+	public function create(array $data)
 	{
 		if(config('database.default') == 'pgsql') {
 			$data['username'] = strtolower($data['username']);

app/Http/Controllers/ParentalControlsController.php

@@ -0,0 +1,207 @@
+<?php
+
+namespace App\Http\Controllers;
+
+use Illuminate\Http\Request;
+use App\Models\ParentalControls;
+use App\Models\UserRoles;
+use App\User;
+use App\Http\Controllers\Auth\RegisterController;
+use Illuminate\Auth\Events\Registered;
+use Illuminate\Support\Facades\Auth;
+use App\Services\UserRoleService;
+use App\Jobs\ParentalControlsPipeline\DispatchChildInvitePipeline;
+
+class ParentalControlsController extends Controller
+{
+    public function authPreflight($request, $maxUserCheck = false, $authCheck = true)
+    {
+        if($authCheck) {
+            abort_unless($request->user(), 404);
+        }
+        abort_unless(config('instance.parental_controls.enabled'), 404);
+        if(config_cache('pixelfed.open_registration') == false) {
+            abort_if(config('instance.parental_controls.limits.respect_open_registration'), 404);
+        }
+        if($maxUserCheck == true) {
+            $hasLimit = config('pixelfed.enforce_max_users');
+            if($hasLimit) {
+                $count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count();
+                $limit = (int) config('pixelfed.max_users');
+
+                abort_if($limit && $limit <= $count, 404);
+            }
+        }
+    }
+
+    public function index(Request $request)
+    {
+        $this->authPreflight($request);
+        $children = ParentalControls::whereParentId($request->user()->id)->latest()->paginate(5);
+        return view('settings.parental-controls.index', compact('children'));
+    }
+
+    public function add(Request $request)
+    {
+        $this->authPreflight($request, true);
+        return view('settings.parental-controls.add');
+    }
+
+    public function view(Request $request, $id)
+    {
+        $this->authPreflight($request);
+        $uid = $request->user()->id;
+        $pc = ParentalControls::whereParentId($uid)->findOrFail($id);
+        return view('settings.parental-controls.manage', compact('pc'));
+    }
+
+    public function update(Request $request, $id)
+    {
+        $this->authPreflight($request);
+        $uid = $request->user()->id;
+        $pc = ParentalControls::whereParentId($uid)->findOrFail($id);
+        $pc->permissions = $this->requestFormFields($request);
+        $pc->save();
+        return redirect($pc->manageUrl() . '?permissions');
+    }
+
+    public function store(Request $request)
+    {
+        $this->authPreflight($request, true);
+        $this->validate($request, [
+            'email' => 'required|email|unique:parental_controls,email|unique:users,email',
+        ]);
+
+        $state = $this->requestFormFields($request);
+
+        $pc = new ParentalControls;
+        $pc->parent_id = $request->user()->id;
+        $pc->email = $request->input('email');
+        $pc->verify_code = str_random(32);
+        $pc->permissions = $state;
+        $pc->save();
+
+        DispatchChildInvitePipeline::dispatch($pc);
+        return redirect($pc->manageUrl());
+    }
+
+    public function inviteRegister(Request $request, $id, $code)
+    {
+        $this->authPreflight($request, true, false);
+        $pc = ParentalControls::whereRaw('verify_code = BINARY ?', $code)->whereNull(['email_verified_at', 'child_id'])->findOrFail($id);
+        abort_unless(User::whereId($pc->parent_id)->exists(), 404);
+        return view('settings.parental-controls.invite-register-form', compact('pc'));
+    }
+
+    public function inviteRegisterStore(Request $request, $id, $code)
+    {
+        $this->authPreflight($request, true, false);
+
+        $pc = ParentalControls::whereRaw('verify_code = BINARY ?', $code)->whereNull('email_verified_at')->findOrFail($id);
+
+        $fields = $request->all();
+        $fields['email'] = $pc->email;
+        $defaults = UserRoleService::defaultRoles();
+        $validator = (new RegisterController)->validator($fields);
+        $valid = $validator->validate();
+        abort_if(!$valid, 404);
+        event(new Registered($user = (new RegisterController)->create($fields)));
+        sleep(5);
+        $user->has_roles = true;
+        $user->parent_id = $pc->parent_id;
+        if(config('instance.parental_controls.limits.auto_verify_email')) {
+            $user->email_verified_at = now();
+            $user->save();
+            sleep(3);
+        } else {
+            $user->save();
+            sleep(3);
+        }
+        $ur = UserRoles::updateOrCreate([
+            'user_id' => $user->id,
+        ],[
+            'roles' => UserRoleService::mapInvite($user->id, $pc->permissions)
+        ]);
+        $pc->email_verified_at = now();
+        $pc->child_id = $user->id;
+        $pc->save();
+        sleep(2);
+        Auth::guard()->login($user);
+
+        return redirect('/i/web');
+    }
+
+    public function cancelInvite(Request $request, $id)
+    {
+        $this->authPreflight($request);
+        $pc = ParentalControls::whereParentId($request->user()->id)
+            ->whereNull(['email_verified_at', 'child_id'])
+            ->findOrFail($id);
+
+        return view('settings.parental-controls.delete-invite', compact('pc'));
+    }
+
+    public function cancelInviteHandle(Request $request, $id)
+    {
+        $this->authPreflight($request);
+        $pc = ParentalControls::whereParentId($request->user()->id)
+            ->whereNull(['email_verified_at', 'child_id'])
+            ->findOrFail($id);
+
+        $pc->delete();
+
+        return redirect('/settings/parental-controls');
+    }
+
+    public function stopManaging(Request $request, $id)
+    {
+        $this->authPreflight($request);
+        $pc = ParentalControls::whereParentId($request->user()->id)
+            ->whereNotNull(['email_verified_at', 'child_id'])
+            ->findOrFail($id);
+
+        return view('settings.parental-controls.stop-managing', compact('pc'));
+    }
+
+    public function stopManagingHandle(Request $request, $id)
+    {
+        $this->authPreflight($request);
+        $pc = ParentalControls::whereParentId($request->user()->id)
+            ->whereNotNull(['email_verified_at', 'child_id'])
+            ->findOrFail($id);
+        $pc->child()->update([
+            'has_roles' => false,
+            'parent_id' => null,
+        ]);
+        $pc->delete();
+
+        return redirect('/settings/parental-controls');
+    }
+
+    protected function requestFormFields($request)
+    {
+        $state = [];
+        $fields = [
+            'post',
+            'comment',
+            'like',
+            'share',
+            'follow',
+            'bookmark',
+            'story',
+            'collection',
+            'discovery_feeds',
+            'dms',
+            'federation',
+            'hide_network',
+            'private',
+            'hide_cw'
+        ];
+
+        foreach ($fields as $field) {
+            $state[$field] = $request->input($field) == 'on';
+        }
+
+        return $state;
+    }
+}

app/Jobs/ParentalControlsPipeline/DispatchChildInvitePipeline.php

@@ -0,0 +1,38 @@
+<?php
+
+namespace App\Jobs\ParentalControlsPipeline;
+
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldBeUnique;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Foundation\Bus\Dispatchable;
+use Illuminate\Queue\InteractsWithQueue;
+use Illuminate\Queue\SerializesModels;
+use App\Models\ParentalControls;
+use App\Mail\ParentChildInvite;
+use Illuminate\Support\Facades\Mail;
+
+class DispatchChildInvitePipeline implements ShouldQueue
+{
+    use Dispatchable, InteractsWithQueue, Queueable, SerializesModels;
+
+    public $pc;
+
+    /**
+     * Create a new job instance.
+     */
+    public function __construct(ParentalControls $pc)
+    {
+        $this->pc = $pc;
+    }
+
+    /**
+     * Execute the job.
+     */
+    public function handle(): void
+    {
+        $pc = $this->pc;
+
+        Mail::to($pc->email)->send(new ParentChildInvite($pc));
+    }
+}

app/Mail/ParentChildInvite.php

@@ -0,0 +1,49 @@
+<?php
+
+namespace App\Mail;
+
+use Illuminate\Bus\Queueable;
+use Illuminate\Contracts\Queue\ShouldQueue;
+use Illuminate\Mail\Mailable;
+use Illuminate\Mail\Mailables\Content;
+use Illuminate\Mail\Mailables\Envelope;
+use Illuminate\Queue\SerializesModels;
+
+class ParentChildInvite extends Mailable
+{
+    use Queueable, SerializesModels;
+
+    public function __construct(
+        public $verify,
+    ) {}
+
+    /**
+     * Get the message envelope.
+     */
+    public function envelope(): Envelope
+    {
+        return new Envelope(
+            subject: 'You\'ve been invited to join Pixelfed!',
+        );
+    }
+
+    /**
+     * Get the message content definition.
+     */
+    public function content(): Content
+    {
+        return new Content(
+            markdown: 'emails.parental-controls.invite',
+        );
+    }
+
+    /**
+     * Get the attachments for the message.
+     *
+     * @return array<int, \Illuminate\Mail\Mailables\Attachment>
+     */
+    public function attachments(): array
+    {
+        return [];
+    }
+}

app/Models/ParentalControls.php

@@ -0,0 +1,55 @@
+<?php
+
+namespace App\Models;
+
+use Illuminate\Database\Eloquent\Factories\HasFactory;
+use Illuminate\Database\Eloquent\Model;
+use Illuminate\Database\Eloquent\SoftDeletes;
+use App\User;
+use App\Services\AccountService;
+
+class ParentalControls extends Model
+{
+    use HasFactory, SoftDeletes;
+
+    protected $casts = [
+        'permissions' => 'array',
+        'email_sent_at' => 'datetime',
+        'email_verified_at' => 'datetime'
+    ];
+
+    protected $guarded = [];
+
+    public function parent()
+    {
+        return $this->belongsTo(User::class, 'parent_id');
+    }
+
+    public function child()
+    {
+        return $this->belongsTo(User::class, 'child_id');
+    }
+
+    public function childAccount()
+    {
+        if($u = $this->child) {
+            if($u->profile_id) {
+                return AccountService::get($u->profile_id, true);
+            } else {
+                return [];
+            }
+        } else {
+            return [];
+        }
+    }
+
+    public function manageUrl()
+    {
+        return url('/settings/parental-controls/manage/' . $this->id);
+    }
+
+    public function inviteUrl()
+    {
+        return url('/auth/pci/' . $this->id . '/' . $this->verify_code);
+    }
+}

app/Services/UserRoleService.php

@@ -52,6 +52,13 @@ class UserRoleService
 
             'can-follow' => false,
             'can-make-public' => false,
+
+            'can-direct-message' => false,
+            'can-use-stories' => false,
+            'can-view-sensitive' => false,
+            'can-bookmark' => false,
+            'can-collections' => false,
+            'can-federation' => false,
         ];
     }
 
@@ -114,6 +121,71 @@ class UserRoleService
                 'title' => 'Can make account public',
                 'action' => 'Allows the ability to make account public'
             ],
+
+            'can-direct-message' => [
+                'title' => '',
+                'action' => ''
+            ],
+            'can-use-stories' => [
+                'title' => '',
+                'action' => ''
+            ],
+            'can-view-sensitive' => [
+                'title' => '',
+                'action' => ''
+            ],
+            'can-bookmark' => [
+                'title' => '',
+                'action' => ''
+            ],
+            'can-collections' => [
+                'title' => '',
+                'action' => ''
+            ],
+            'can-federation' => [
+                'title' => '',
+                'action' => ''
+            ],
         ];
     }
+
+    public static function mapInvite($id, $data = [])
+    {
+        $roles = self::get($id);
+
+        $map = [
+            'account-force-private' => 'private',
+            'account-ignore-follow-requests' => 'private',
+
+            'can-view-public-feed' => 'discovery_feeds',
+            'can-view-network-feed' => 'discovery_feeds',
+            'can-view-discover' => 'discovery_feeds',
+            'can-view-hashtag-feed' => 'discovery_feeds',
+
+            'can-post' => 'post',
+            'can-comment' => 'comment',
+            'can-like' => 'like',
+            'can-share' => 'share',
+
+            'can-follow' => 'follow',
+            'can-make-public' => '!private',
+
+            'can-direct-message' => 'dms',
+            'can-use-stories' => 'story',
+            'can-view-sensitive' => '!hide_cw',
+            'can-bookmark' => 'bookmark',
+            'can-collections' => 'collection',
+            'can-federation' => 'federation',
+        ];
+
+        foreach ($map as $key => $value) {
+            if(!isset($data[$value], $data[substr($value, 1)])) {
+                $map[$key] = false;
+                continue;
+            }
+            $map[$key] = str_starts_with($value, '!') ? !$data[substr($value, 1)] : $data[$value];
+        }
+
+        return $map;
+    }
 }

config/instance.php

@@ -129,5 +129,15 @@ return [
 
 	'banner' => [
 		'blurhash' => env('INSTANCE_BANNER_BLURHASH', 'UzJR]l{wHZRjM}R%XRkCH?X9xaWEjZj]kAjt')
-	]
+	],
+
+    'parental_controls' => [
+        'enabled' => env('INSTANCE_PARENTAL_CONTROLS', true),
+
+        'limits' => [
+            'respect_open_registration' => env('INSTANCE_PARENTAL_CONTROLS_RESPECT_OPENREG', true),
+            'max_children' => env('INSTANCE_PARENTAL_CONTROLS_MAX_CHILDREN', 10),
+            'auto_verify_email' => true,
+        ],
+    ]
 ];

database/migrations/2024_01_09_052419_create_parental_controls_table.php

@@ -0,0 +1,45 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Database\Schema\Blueprint;
+use Illuminate\Support\Facades\Schema;
+
+return new class extends Migration
+{
+    /**
+     * Run the migrations.
+     */
+    public function up(): void
+    {
+        Schema::create('parental_controls', function (Blueprint $table) {
+            $table->id();
+            $table->unsignedInteger('parent_id')->index();
+            $table->unsignedInteger('child_id')->unique()->index()->nullable();
+            $table->string('email')->unique()->nullable();
+            $table->string('verify_code')->nullable();
+            $table->timestamp('email_sent_at')->nullable();
+            $table->timestamp('email_verified_at')->nullable();
+            $table->json('permissions')->nullable();
+            $table->softDeletes();
+            $table->timestamps();
+        });
+
+        Schema::table('user_roles', function (Blueprint $table) {
+            $table->dropIndex('user_roles_profile_id_unique');
+            $table->unsignedBigInteger('profile_id')->unique()->nullable()->index()->change();
+        });
+    }
+
+    /**
+     * Reverse the migrations.
+     */
+    public function down(): void
+    {
+        Schema::dropIfExists('parental_controls');
+
+        Schema::table('user_roles', function (Blueprint $table) {
+            $table->dropIndex('user_roles_profile_id_unique');
+            $table->unsignedBigInteger('profile_id')->unique()->index()->change();
+        });
+    }
+};

resources/views/components/collapse.blade.php

@@ -0,0 +1,12 @@
+@php
+$cid = 'col' . str_random(6);
+@endphp
+<p>
+  <a class="text-dark font-weight-bold" data-toggle="collapse" href="#{{$cid}}" role="button" aria-expanded="false" aria-controls="{{$cid}}">
+    <i class="fas fa-chevron-down mr-2"></i>
+    {{ $title }}
+  </a>
+  <div class="collapse" id="{{$cid}}">
+    {{ $slot }}
+  </div>
+</p>

resources/views/emails/parental-controls/invite.blade.php

@@ -0,0 +1,18 @@
+<x-mail::message>
+# You've been invited to join Pixelfed!
+
+<x-mail::panel>
+A parent account with the username **{{ $verify->parent->username }}** has invited you to join Pixelfed with a special youth account managed by them.
+
+If you do not recognize this account as your parents or a trusted guardian, please check with them first.
+</x-mail::panel>
+
+<x-mail::button :url="$verify->inviteUrl()">
+Accept Invite
+</x-mail::button>
+
+Thanks,<br>
+Pixelfed
+
+<small>This email is automatically generated. Please do not reply to this message.</small>
+</x-mail::message>

resources/views/settings/parental-controls/add.blade.php

@@ -0,0 +1,59 @@
+@extends('settings.template-vue')
+
+@section('section')
+<form class="d-flex h-100 flex-column" method="post">
+    @csrf
+<div class="d-flex h-100 flex-column">
+    <div class="d-flex justify-content-between align-items-center">
+        <div class="title d-flex align-items-center" style="gap: 1rem;">
+            <p class="mb-0"><a href="/settings/parental-controls"><i class="far fa-chevron-left fa-lg"></i></a></p>
+            <h3 class="font-weight-bold mb-0">Add child</h3>
+        </div>
+    </div>
+
+    <hr />
+
+    <div class="d-flex flex-column flex-grow-1">
+        <h4>Choose your child's policies</h4>
+
+        <div class="mb-4">
+            <p class="font-weight-bold mb-1">Allowed Actions</p>
+
+            @include('settings.parental-controls.checkbox', ['name' => 'post', 'title' => 'Post', 'checked' => true])
+            @include('settings.parental-controls.checkbox', ['name' => 'comment', 'title' => 'Comment', 'checked' => true])
+            @include('settings.parental-controls.checkbox', ['name' => 'like', 'title' => 'Like', 'checked' => true])
+            @include('settings.parental-controls.checkbox', ['name' => 'share', 'title' => 'Share', 'checked' => true])
+            @include('settings.parental-controls.checkbox', ['name' => 'follow', 'title' => 'Follow'])
+            @include('settings.parental-controls.checkbox', ['name' => 'bookmark', 'title' => 'Bookmark'])
+            @include('settings.parental-controls.checkbox', ['name' => 'story', 'title' => 'Add to story'])
+            @include('settings.parental-controls.checkbox', ['name' => 'collection', 'title' => 'Add to collection'])
+        </div>
+        <div class="mb-4">
+            <p class="font-weight-bold mb-1">Enabled features</p>
+
+            @include('settings.parental-controls.checkbox', ['name' => 'discovery_feeds', 'title' => 'Discovery Feeds'])
+            @include('settings.parental-controls.checkbox', ['name' => 'dms', 'title' => 'Direct Messages'])
+            @include('settings.parental-controls.checkbox', ['name' => 'federation', 'title' => 'Federation'])
+        </div>
+        <div class="mb-4">
+            <p class="font-weight-bold mb-1">Preferences</p>
+
+            @include('settings.parental-controls.checkbox', ['name' => 'hide_network', 'title' => 'Hide my child\'s connections'])
+            @include('settings.parental-controls.checkbox', ['name' => 'private', 'title' => 'Make my child\'s account private'])
+            @include('settings.parental-controls.checkbox', ['name' => 'hide_cw', 'title' => 'Hide sensitive media'])
+        </div>
+    </div>
+
+    <div>
+        <div class="form-group">
+            <label class="font-weight-bold mb-0">Email address</label>
+            <p class="help-text lh-1 small">Where should we send this invite?</p>
+            <input class="form-control" placeholder="Enter your childs email address" name="email" required>
+        </div>
+
+        <button class="btn btn-dark btn-block font-weight-bold">Add Child</button>
+    </div>
+</div>
+</form>
+@endsection
+

resources/views/settings/parental-controls/checkbox.blade.php

@@ -0,0 +1,7 @@
+@php
+$id = str_random(6) . '_' . str_slug($name);
+$defaultChecked = isset($checked) && $checked ? 'checked=""' : '';
+@endphp<div class="custom-control custom-checkbox">
+                <input type="checkbox" class="custom-control-input" id="{{$id}}" name="{{$name}}" {!!$defaultChecked!!}>
+                <label class="custom-control-label pl-2" for="{{$id}}">{{ $title }}</label>
+            </div>

resources/views/settings/parental-controls/child-status.blade.php

@@ -0,0 +1,44 @@
+@if($state)
+<div class="card shadow-none border">
+    @if($state === 'sent_invite')
+    <div class="card-body d-flex justify-content-center flex-column align-items-center py-5" style="gap:1rem">
+        <i class="far fa-envelope fa-3x"></i>
+        <p class="lead mb-0 font-weight-bold">Child Invite Sent!</p>
+
+        <div class="list-group">
+            <div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Created child invite</div>
+            <div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Sent invite email to child</div>
+            <div class="list-group-item py-1"><i class="far fa-times-circle text-dark mr-2"></i> Child joined via invite</div>
+            <div class="list-group-item py-1"><i class="far fa-times-circle text-dark mr-2"></i> Child account is active</div>
+        </div>
+    </div>
+    @elseif($state === 'awaiting_email_confirmation')
+    <div class="card-body d-flex justify-content-center flex-column align-items-center py-5" style="gap:1rem">
+        <i class="far fa-envelope fa-3x"></i>
+        <p class="lead mb-0 font-weight-bold">Child Invite Sent!</p>
+
+        <div class="list-group">
+            <div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Created child invite</div>
+            <div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Sent invite email to child</div>
+            <div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Child joined via invite</div>
+            <div class="list-group-item py-1"><i class="far fa-times-circle text-dark mr-2"></i> Child account is active</div>
+        </div>
+    </div>
+    @elseif($state === 'active')
+    <div class="card-body d-flex justify-content-center flex-column align-items-center py-5" style="gap:1rem">
+        <i class="far fa-check-circle fa-3x text-success"></i>
+        <p class="lead mb-0 font-weight-bold">Child Account Active</p>
+
+        <div class="list-group">
+            <div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Created child invite</div>
+            <div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Sent invite email to child</div>
+            <div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Child joined via invite</div>
+            <div class="list-group-item py-1"><i class="far fa-check-circle text-success mr-2"></i> Child account is active</div>
+        </div>
+
+        <a class="btn btn-dark font-weight-bold px-5" href="{{ $pc->childAccount()['url'] }}">View Account</a>
+    </div>
+    @endif
+</div>
+@else
+@endif

resources/views/settings/parental-controls/delete-invite.blade.php

@@ -0,0 +1,32 @@
+@extends('settings.template-vue')
+
+@section('section')
+<form class="d-flex h-100 flex-column" method="post">
+    @csrf
+    <div class="d-flex h-100 flex-column" style="gap: 1rem;">
+        <div class="d-flex justify-content-between align-items-center">
+            <div class="title d-flex align-items-center" style="gap: 1rem;">
+                <p class="mb-0"><a href="{{ $pc->manageUrl() }}?actions"><i class="far fa-chevron-left fa-lg"></i></a></p>
+                <div>
+                    <h3 class="font-weight-bold mb-0">Cancel child invite</h3>
+                    <p class="small mb-0">Last updated: {{ $pc->updated_at->diffForHumans() }}</p>
+                </div>
+            </div>
+        </div>
+        <div>
+            <hr />
+        </div>
+
+        <div class="d-flex bg-light align-items-center justify-content-center flex-grow-1 flex-column">
+            <p>
+                <i class="far fa-exclamation-triangle fa-3x"></i>
+            </p>
+            <h4>Are you sure you want to cancel this invite?</h4>
+            <p>The child you invited will not be able to join if you cancel the invite.</p>
+        </div>
+
+        <button type="submit" class="btn btn-danger btn-block font-weight-bold">Cancel invite</button>
+    </div>
+</form>
+
+@endsection

resources/views/settings/parental-controls/index.blade.php

@@ -0,0 +1,62 @@
+@extends('settings.template-vue')
+
+@section('section')
+<div class="d-flex h-100 flex-column">
+    <div class="d-flex justify-content-between align-items-center">
+        <div class="title d-flex align-items-center" style="gap: 1rem;">
+            <p class="mb-0"><a href="/settings/home"><i class="far fa-chevron-left fa-lg"></i></a></p>
+            <h3 class="font-weight-bold mb-0">Parental Controls</h3>
+        </div>
+    </div>
+
+    <hr />
+
+    @if($children->count())
+    <div class="d-flex flex-column flex-grow-1 w-100">
+        <div class="list-group w-100">
+            @foreach($children as $child)
+            <a class="list-group-item d-flex align-items-center text-decoration-none text-dark" href="{{ $child->manageUrl() }}" style="gap: 1rem;">
+                <img src="/storage/avatars/default.png" width="40" height="40" class="rounded-circle" />
+
+                <div class="flex-grow-1">
+                    @if($child->child_id && $child->email_verified_at)
+                    <p class="font-weight-bold mb-0" style="line-height: 1.5;">&commat;{{ $child->childAccount()['username'] }}</p>
+                    <p class="small text-muted mb-0" style="line-height: 1;">{{ $child->childAccount()['display_name'] }}</p>
+                    @else
+                    <p class="font-weight-light mb-0 text-danger" style="line-height: 1.5;">Invite Pending</p>
+                    <p class="mb-0 small" style="line-height: 1;">{{ $child->email }}</p>
+                    @endif
+                </div>
+
+                <div class="font-weight-bold small text-lighter" style="line-height:1;">
+                    <i class="far fa-clock mr-1"></i>
+                    {{ $child->updated_at->diffForHumans() }}
+                </div>
+            </a>
+            @endforeach
+        </div>
+
+        <div class="mt-3">
+            {{ $children->links() }}
+        </div>
+    </div>
+    @else
+    <div class="d-flex flex-grow-1 bg-light mb-3 rounded p-4">
+        <p>You are not managing any children accounts.</p>
+    </div>
+    @endif
+
+    <div class="d-flex justify-content-between align-items-center">
+        <a class="btn btn-outline-dark font-weight-bold py-2 px-4" href="{{ route('settings.pc.add') }}">
+            <i class="far fa-plus mr-2"></i> Add Child
+        </a>
+
+        <div class="font-weight-bold">
+            <span>{{ $children->total() }}/{{ config('instance.parental_controls.limits.max_children') }}</span>
+            <span>children added</span>
+        </div>
+    </div>
+
+</div>
+@endsection
+

resources/views/settings/parental-controls/invite-register-form.blade.php

@@ -0,0 +1,115 @@
+@extends('layouts.app')
+
+@section('content')
+<div class="container mt-4">
+    <div class="row justify-content-center">
+        <div class="col-lg-5">
+            <div class="card shadow-none border mb-3">
+                <a
+                    class="card-body d-flex flex-column justify-content-center align-items-center text-decoration-none"
+                    href="{{ $pc->parent->url() }}"
+                    target="_blank">
+                    <p class="text-center font-weight-bold text-muted">You've been invited by:</p>
+
+                    <div class="media align-items-center">
+                        <img
+                            src="{{ $pc->parent->avatarUrl() }}"
+                            width="30"
+                            height="30"
+                            class="rounded-circle mr-2"
+                            draggable="false"
+                            onerror="this.onerror=null;this.src='/storage/avatars/default.png?v=0';">
+
+                        <div class="media-body">
+                            <p class="lead font-weight-bold mb-0 text-dark" style="line-height: 1;">&commat;{{ $pc->parent->username }}</p>
+                        </div>
+                    </div>
+                </a>
+            </div>
+            <div class="card shadow-none border">
+                <div class="card-header bg-white p-3 text-center font-weight-bold">Create your Account</div>
+
+                <div class="card-body">
+                    <form method="POST" class="px-md-3">
+                        @csrf
+
+                        <input type="hidden" name="rt" value="{{ (new \App\Http\Controllers\Auth\RegisterController())->getRegisterToken() }}">
+                        <div class="form-group row">
+                            <div class="col-md-12">
+                                <label class="small font-weight-bold text-lighter">Name</label>
+                                <input id="name" type="text" class="form-control{{ $errors->has('name') ? ' is-invalid' : '' }}" name="name" value="{{ old('name') }}" placeholder="{{ __('Name') }}" required autofocus>
+
+                                @if ($errors->has('name'))
+                                    <span class="invalid-feedback">
+                                        <strong>{{ $errors->first('name') }}</strong>
+                                    </span>
+                                @endif
+                            </div>
+                        </div>
+
+                        <div class="form-group row">
+                            <div class="col-md-12">
+                                <label class="small font-weight-bold text-lighter">Username</label>
+                                <input id="username" type="text" class="form-control{{ $errors->has('username') ? ' is-invalid' : '' }}" name="username" value="{{ old('username') }}" placeholder="{{ __('Username') }}" required>
+
+                                @if ($errors->has('username'))
+                                    <span class="invalid-feedback">
+                                        <strong>{{ $errors->first('username') }}</strong>
+                                    </span>
+                                @endif
+                            </div>
+                        </div>
+
+                        <div class="form-group row">
+                            <div class="col-md-12">
+                                <label class="small font-weight-bold text-lighter">Password</label>
+                                <input id="password" type="password" class="form-control{{ $errors->has('password') ? ' is-invalid' : '' }}" name="password" placeholder="{{ __('Password') }}" required>
+
+                                @if ($errors->has('password'))
+                                    <span class="invalid-feedback">
+                                        <strong>{{ $errors->first('password') }}</strong>
+                                    </span>
+                                @endif
+                            </div>
+                        </div>
+
+                        <div class="form-group row">
+                            <div class="col-md-12">
+                                <label class="small font-weight-bold text-lighter">Confirm Password</label>
+                                <input id="password-confirm" type="password" class="form-control" name="password_confirmation" placeholder="{{ __('Confirm Password') }}" required>
+                            </div>
+                        </div>
+
+                        <div class="form-group row">
+                            <div class="col-md-12">
+                                <div class="form-check">
+                                  <input class="form-check-input" name="agecheck" type="checkbox" value="true" id="ageCheck" required>
+                                  <label class="form-check-label" for="ageCheck">
+                                    I am at least 16 years old
+                                  </label>
+                                </div>
+                            </div>
+                        </div>
+
+                        @if(config('captcha.enabled') || config('captcha.active.register'))
+                        <div class="d-flex justify-content-center my-3">
+                            {!! Captcha::display() !!}
+                        </div>
+                        @endif
+
+                        <p class="small">By signing up, you agree to our <a href="{{route('site.terms')}}" class="font-weight-bold text-dark">Terms of Use</a> and <a href="{{route('site.privacy')}}" class="font-weight-bold text-dark">Privacy Policy</a>, in addition, you understand that your account is managed by <span class="font-weight-bold">{{ $pc->parent->username }}</span> and they can limit your account without your permission. For more details, view the <a href="/site/kb/parental-controls" class="text-dark font-weight-bold">Parental Controls</a> help center page.</p>
+
+                        <div class="form-group row">
+                            <div class="col-md-12">
+                                <button type="submit" class="btn btn-primary btn-block py-0 font-weight-bold">
+                                    {{ __('Register') }}
+                                </button>
+                            </div>
+                        </div>
+                    </form>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
+@endsection

resources/views/settings/parental-controls/manage.blade.php

@@ -0,0 +1,119 @@
+@extends('settings.template-vue')
+
+@section('section')
+<form class="d-flex h-100 flex-column" method="post">
+    @csrf
+<div class="d-flex h-100 flex-column">
+    <div class="d-flex justify-content-between align-items-center">
+        <div class="title d-flex align-items-center" style="gap: 1rem;">
+            <p class="mb-0"><a href="/settings/parental-controls"><i class="far fa-chevron-left fa-lg"></i></a></p>
+            <div>
+                <h3 class="font-weight-bold mb-0">Manage child</h3>
+                <p class="small mb-0">Last updated: {{ $pc->updated_at->diffForHumans() }}</p>
+            </div>
+        </div>
+
+        <button class="btn btn-dark font-weight-bold">Update</button>
+    </div>
+
+    <hr />
+
+    <div class="d-flex flex-column flex-grow-1">
+        <ul class="nav nav-pills mb-0" id="pills-tab" role="tablist">
+            <li class="nav-item" role="presentation">
+                <button class="nav-link active font-weight-bold" id="pills-status-tab" data-toggle="pill" data-target="#pills-status" type="button" role="tab" aria-controls="pills-status" aria-selected="true">Status</button>
+            </li>
+            <li class="nav-item" role="presentation">
+                <button class="nav-link font-weight-bold" id="pills-permissions-tab" data-toggle="pill" data-target="#pills-permissions" type="button" role="tab" aria-controls="pills-permissions" aria-selected="false">Permissions</button>
+            </li>
+            <li class="nav-item" role="presentation">
+                <button class="nav-link font-weight-bold" id="pills-details-tab" data-toggle="pill" data-target="#pills-details" type="button" role="tab" aria-controls="pills-details" aria-selected="false">Account Details</button>
+            </li>
+            <li class="nav-item" role="presentation">
+                <button class="nav-link font-weight-bold" id="pills-actions-tab" data-toggle="pill" data-target="#pills-actions" type="button" role="tab" aria-controls="pills-actions" aria-selected="false">Actions</button>
+            </li>
+        </ul>
+        <div>
+            <hr>
+        </div>
+        <div class="tab-content" id="pills-tabContent">
+            <div class="tab-pane fade show active" id="pills-status" role="tabpanel" aria-labelledby="pills-status-tab">
+                @if(!$pc->child_id && !$pc->email_verified_at)
+                @include('settings.parental-controls.child-status', ['state' => 'sent_invite'])
+                @elseif($pc->child_id && !$pc->email_verified_at)
+                @include('settings.parental-controls.child-status', ['state' => 'awaiting_email_confirmation'])
+                @elseif($pc->child_id && $pc->email_verified_at)
+                @include('settings.parental-controls.child-status', ['state' => 'active'])
+                @else
+                @include('settings.parental-controls.child-status', ['state' => 'sent_invite'])
+                @endif
+            </div>
+            <div class="tab-pane fade" id="pills-permissions" role="tabpanel" aria-labelledby="pills-permissions-tab">
+                <div class="mb-4">
+                    <p class="font-weight-bold mb-1">Allowed Actions</p>
+
+                    @include('settings.parental-controls.checkbox', ['name' => 'post', 'title' => 'Post', 'checked' => $pc->permissions['post']])
+                    @include('settings.parental-controls.checkbox', ['name' => 'comment', 'title' => 'Comment', 'checked' => $pc->permissions['comment']])
+                    @include('settings.parental-controls.checkbox', ['name' => 'like', 'title' => 'Like', 'checked' => $pc->permissions['like']])
+                    @include('settings.parental-controls.checkbox', ['name' => 'share', 'title' => 'Share', 'checked' => $pc->permissions['share']])
+                    @include('settings.parental-controls.checkbox', ['name' => 'follow', 'title' => 'Follow', 'checked' => $pc->permissions['follow']])
+                    @include('settings.parental-controls.checkbox', ['name' => 'bookmark', 'title' => 'Bookmark', 'checked' => $pc->permissions['bookmark']])
+                    @include('settings.parental-controls.checkbox', ['name' => 'story', 'title' => 'Add to story', 'checked' => $pc->permissions['story']])
+                    @include('settings.parental-controls.checkbox', ['name' => 'collection', 'title' => 'Add to collection', 'checked' => $pc->permissions['collection']])
+                </div>
+                <div class="mb-4">
+                    <p class="font-weight-bold mb-1">Enabled features</p>
+
+                    @include('settings.parental-controls.checkbox', ['name' => 'discovery_feeds', 'title' => 'Discovery Feeds', 'checked' => $pc->permissions['discovery_feeds']])
+                    @include('settings.parental-controls.checkbox', ['name' => 'dms', 'title' => 'Direct Messages', 'checked' => $pc->permissions['dms']])
+                    @include('settings.parental-controls.checkbox', ['name' => 'federation', 'title' => 'Federation', 'checked' => $pc->permissions['federation']])
+                </div>
+                <div class="mb-4">
+                    <p class="font-weight-bold mb-1">Preferences</p>
+
+                    @include('settings.parental-controls.checkbox', ['name' => 'hide_network', 'title' => 'Hide my child\'s connections', 'checked' => $pc->permissions['hide_network']])
+                    @include('settings.parental-controls.checkbox', ['name' => 'private', 'title' => 'Make my child\'s account private', 'checked' => $pc->permissions['private']])
+                    @include('settings.parental-controls.checkbox', ['name' => 'hide_cw', 'title' => 'Hide sensitive media', 'checked' => $pc->permissions['hide_cw']])
+                </div>
+            </div>
+            <div class="tab-pane fade" id="pills-details" role="tabpanel" aria-labelledby="pills-details-tab">
+                <div>
+                    <div class="form-group">
+                        <label class="font-weight-bold mb-0">Email address</label>
+                        <input class="form-control" name="email" value="{{ $pc->email }}" disabled>
+                    </div>
+                </div>
+            </div>
+            <div class="tab-pane fade" id="pills-actions" role="tabpanel" aria-labelledby="pills-actions-tab">
+                <div class="d-flex flex-column" style="gap: 2rem;">
+                    @if(!$pc->child_id && !$pc->email_verified_at)
+                    <div>
+                        <p class="lead font-weight-bold mb-0">Cancel Invite</p>
+                        <p class="small text-muted">Cancel the child invite and prevent it from being used.</p>
+                        <a class="btn btn-outline-dark px-5" href="{{ route('settings.pc.cancel-invite', ['id' => $pc->id]) }}"><i class="fas fa-user-minus mr-1"></i> Cancel Invite</a>
+                    </div>
+                    @else
+                    <div>
+                        <p class="lead font-weight-bold mb-0">Stop Managing</p>
+                        <p class="small text-muted">Transition account to a regular account without parental controls.</p>
+                        <a class="btn btn-outline-dark px-5" href="{{ route('settings.pc.stop-managing', ['id' => $pc->id]) }}"><i class="fas fa-user-minus mr-1"></i> Stop Managing Child</a>
+                    </div>
+                    @endif
+                </div>
+            </div>
+        </div>
+    </div>
+
+</div>
+</form>
+@endsection
+
+@push('scripts')
+<script type="text/javascript">
+    @if(request()->has('permissions'))
+    $('#pills-tab button[data-target="#pills-permissions"]').tab('show')
+    @elseif(request()->has('actions'))
+    $('#pills-tab button[data-target="#pills-actions"]').tab('show')
+    @endif
+</script>
+@endpush

resources/views/settings/parental-controls/stop-managing.blade.php

@@ -0,0 +1,32 @@
+@extends('settings.template-vue')
+
+@section('section')
+<form class="d-flex h-100 flex-column" method="post">
+    @csrf
+    <div class="d-flex h-100 flex-column" style="gap: 1rem;">
+        <div class="d-flex justify-content-between align-items-center">
+            <div class="title d-flex align-items-center" style="gap: 1rem;">
+                <p class="mb-0"><a href="{{ $pc->manageUrl() }}?actions"><i class="far fa-chevron-left fa-lg"></i></a></p>
+                <div>
+                    <h3 class="font-weight-bold mb-0">Stop Managing Child</h3>
+                    <p class="small mb-0">Last updated: {{ $pc->updated_at->diffForHumans() }}</p>
+                </div>
+            </div>
+        </div>
+        <div>
+            <hr />
+        </div>
+
+        <div class="d-flex bg-light align-items-center justify-content-center flex-grow-1 flex-column">
+            <p>
+                <i class="far fa-exclamation-triangle fa-3x"></i>
+            </p>
+            <h4>Confirm Stop Managing this Account?</h4>
+            <p>This child account will be transitioned to a regular account without any limitations.</p>
+        </div>
+
+        <button type="submit" class="btn btn-danger btn-block font-weight-bold">Stop Managing</button>
+    </div>
+</form>
+
+@endsection

resources/views/site/help/parental-controls.blade.php

@@ -0,0 +1,47 @@
+@extends('site.help.partial.template', ['breadcrumb'=>'Parental Controls'])
+
+@section('section')
+  <div class="title">
+    <h3 class="font-weight-bold">Parental Controls</h3>
+  </div>
+  <hr>
+
+  <p>In the digital age, ensuring your children's online safety is paramount. Designed with both fun and safety in mind, this feature allows parents to create child accounts, tailor-made for a worry-free social media experience.</p>
+
+  <p class="font-weight-bold text-center">Key Features:</p>
+
+  <ul>
+    <li><strong>Child Account Creation</strong>: Easily set up a child account with just a few clicks. This account is linked to your own, giving you complete oversight.</li>
+    <li><strong>Post Control</strong>: Decide if your child can post content. This allows you to ensure they're only sharing what's appropriate and safe.</li>
+    <li><strong>Comment Management</strong>: Control whether your child can comment on posts. This helps in safeguarding them from unwanted interactions and maintaining a positive online environment.</li>
+    <li><strong>Like & Share Restrictions</strong>: You have the power to enable or disable the ability to like and share posts. This feature helps in controlling the extent of your child's social media engagement.</li>
+    <li><strong>Disable Federation</strong>: For added safety, you can choose to disable federation for your child's account, limiting their interaction to a more controlled environment.</li>
+  </ul>
+  <hr>
+
+  <x-collapse title="How do I create a child account?">
+    <div>
+      @if(config('instance.parental_controls.enabled'))
+      <ol>
+        <li>Click <a href="/settings/parental-controls">here</a> and tap on the <strong>Add Child</strong> button in the bottom left corner</li>
+        <li>Select the Allowed Actions, Enabled features and Preferences</li>
+        <li>Enter your childs email address</li>
+        <li>Press the <strong>Add Child</strong> buttton</li>
+        <li>Open your childs email and tap on the <strong>Accept Invite</strong> button in the email, ensure your parent username is present in the email</li>
+        <li>Fill out the child display name, username and password</li>
+        <li>Press <strong>Register</strong> and your child account will be active!</li>
+      </ol>
+      @else
+      <p>This feature has been disabled by server admins.</p>
+      @endif
+    </div>
+  </x-collapse>
+
+@if(config('instance.parental_controls.enabled'))
+  <x-collapse title="How many child accounts can I create/manage?">
+    <div>
+      You can create and manage up to <strong>{{ config('instance.parental_controls.limits.max_children') }}</strong> child accounts.
+    </div>
+  </x-collapse>
+@endif
+@endsection

routes/web.php

@@ -200,6 +200,8 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
     Route::post('auth/raw/mastodon/s/account-to-id', 'RemoteAuthController@accountToId');
     Route::post('auth/raw/mastodon/s/finish-up', 'RemoteAuthController@finishUp');
     Route::post('auth/raw/mastodon/s/login', 'RemoteAuthController@handleLogin');
+    Route::get('auth/pci/{id}/{code}', 'ParentalControlsController@inviteRegister');
+    Route::post('auth/pci/{id}/{code}', 'ParentalControlsController@inviteRegisterStore');
 
 	Route::get('discover', 'DiscoverController@home')->name('discover');
 
@@ -534,6 +536,16 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
 
 		});
 
+		Route::get('parental-controls', 'ParentalControlsController@index');
+		Route::get('parental-controls/add', 'ParentalControlsController@add')->name('settings.pc.add');
+		Route::post('parental-controls/add', 'ParentalControlsController@store');
+		Route::get('parental-controls/manage/{id}', 'ParentalControlsController@view');
+		Route::post('parental-controls/manage/{id}', 'ParentalControlsController@update');
+		Route::get('parental-controls/manage/{id}/cancel-invite', 'ParentalControlsController@cancelInvite')->name('settings.pc.cancel-invite');
+		Route::post('parental-controls/manage/{id}/cancel-invite', 'ParentalControlsController@cancelInviteHandle');
+		Route::get('parental-controls/manage/{id}/stop-managing', 'ParentalControlsController@stopManaging')->name('settings.pc.stop-managing');
+		Route::post('parental-controls/manage/{id}/stop-managing', 'ParentalControlsController@stopManagingHandle');
+
 		Route::get('applications', 'SettingsController@applications')->name('settings.applications')->middleware('dangerzone');
 		Route::get('data-export', 'SettingsController@dataExport')->name('settings.dataexport')->middleware('dangerzone');
 		Route::post('data-export/following', 'SettingsController@exportFollowing')->middleware('dangerzone');
@@ -618,6 +630,7 @@ Route::domain(config('pixelfed.domain.app'))->middleware(['validemail', 'twofact
 			Route::view('licenses', 'site.help.licenses')->name('help.licenses');
 			Route::view('instance-max-users-limit', 'site.help.instance-max-users')->name('help.instance-max-users-limit');
 			Route::view('import', 'site.help.import')->name('help.import');
+			Route::view('parental-controls', 'site.help.parental-controls');
 		});
 		Route::get('newsroom/{year}/{month}/{slug}', 'NewsroomController@show');
 		Route::get('newsroom/archive', 'NewsroomController@archive');