AccountController.php 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591
  1. <?php
  2. namespace App\Http\Controllers;
  3. use Auth;
  4. use Cache;
  5. use Mail;
  6. use Illuminate\Support\Facades\Redis;
  7. use Illuminate\Support\Str;
  8. use Carbon\Carbon;
  9. use App\Mail\ConfirmEmail;
  10. use Illuminate\Http\Request;
  11. use PragmaRX\Google2FA\Google2FA;
  12. use App\Jobs\FollowPipeline\FollowPipeline;
  13. use App\{
  14. DirectMessage,
  15. EmailVerification,
  16. Follower,
  17. FollowRequest,
  18. Notification,
  19. Profile,
  20. User,
  21. UserFilter
  22. };
  23. use League\Fractal;
  24. use League\Fractal\Serializer\ArraySerializer;
  25. use League\Fractal\Pagination\IlluminatePaginatorAdapter;
  26. use App\Transformer\Api\Mastodon\v1\AccountTransformer;
  27. use App\Services\AccountService;
  28. use App\Services\UserFilterService;
  29. class AccountController extends Controller
  30. {
  31. protected $filters = [
  32. 'user.mute',
  33. 'user.block',
  34. ];
  35. const FILTER_LIMIT = 'You cannot block or mute more than 100 accounts';
  36. public function __construct()
  37. {
  38. $this->middleware('auth');
  39. }
  40. public function notifications(Request $request)
  41. {
  42. return view('account.activity');
  43. }
  44. public function followingActivity(Request $request)
  45. {
  46. $this->validate($request, [
  47. 'page' => 'nullable|min:1|max:3',
  48. 'a' => 'nullable|alpha_dash',
  49. ]);
  50. $action = $request->input('a');
  51. $allowed = ['like', 'follow'];
  52. $timeago = Carbon::now()->subMonths(3);
  53. $profile = Auth::user()->profile;
  54. $following = $profile->following->pluck('id');
  55. $notifications = Notification::whereIn('actor_id', $following)
  56. ->whereIn('action', $allowed)
  57. ->where('actor_id', '<>', $profile->id)
  58. ->where('profile_id', '<>', $profile->id)
  59. ->whereDate('created_at', '>', $timeago)
  60. ->orderBy('notifications.created_at', 'desc')
  61. ->simplePaginate(30);
  62. return view('account.following', compact('profile', 'notifications'));
  63. }
  64. public function verifyEmail(Request $request)
  65. {
  66. $recentSent = EmailVerification::whereUserId(Auth::id())
  67. ->whereDate('created_at', '>', now()->subHours(12))->count();
  68. return view('account.verify_email', compact('recentSent'));
  69. }
  70. public function sendVerifyEmail(Request $request)
  71. {
  72. $recentAttempt = EmailVerification::whereUserId(Auth::id())
  73. ->whereDate('created_at', '>', now()->subHours(12))->count();
  74. if ($recentAttempt > 0) {
  75. return redirect()->back()->with('error', 'A verification email has already been sent recently. Please check your email, or try again later.');
  76. }
  77. EmailVerification::whereUserId(Auth::id())->delete();
  78. $user = User::whereNull('email_verified_at')->find(Auth::id());
  79. $utoken = Str::uuid() . Str::random(mt_rand(5,9));
  80. $rtoken = Str::random(mt_rand(64, 70));
  81. $verify = new EmailVerification();
  82. $verify->user_id = $user->id;
  83. $verify->email = $user->email;
  84. $verify->user_token = $utoken;
  85. $verify->random_token = $rtoken;
  86. $verify->save();
  87. Mail::to($user->email)->send(new ConfirmEmail($verify));
  88. return redirect()->back()->with('status', 'Verification email sent!');
  89. }
  90. public function confirmVerifyEmail(Request $request, $userToken, $randomToken)
  91. {
  92. $verify = EmailVerification::where('user_token', $userToken)
  93. ->where('created_at', '>', now()->subHours(24))
  94. ->where('random_token', $randomToken)
  95. ->firstOrFail();
  96. if (Auth::id() === $verify->user_id && $verify->user_token === $userToken && $verify->random_token === $randomToken) {
  97. $user = User::find(Auth::id());
  98. $user->email_verified_at = Carbon::now();
  99. $user->save();
  100. return redirect('/');
  101. } else {
  102. abort(403);
  103. }
  104. }
  105. public function direct()
  106. {
  107. return view('account.direct');
  108. }
  109. public function directMessage(Request $request, $id)
  110. {
  111. $profile = Profile::where('id', '!=', $request->user()->profile_id)
  112. // ->whereNull('domain')
  113. ->findOrFail($id);
  114. return view('account.directmessage', compact('id'));
  115. }
  116. public function mute(Request $request)
  117. {
  118. $this->validate($request, [
  119. 'type' => 'required|alpha_dash',
  120. 'item' => 'required|integer|min:1',
  121. ]);
  122. $user = Auth::user()->profile;
  123. $count = UserFilterService::muteCount($user->id);
  124. abort_if($count >= 100, 422, self::FILTER_LIMIT);
  125. if($count == 0) {
  126. $filterCount = UserFilter::whereUserId($user->id)->count();
  127. abort_if($filterCount >= 100, 422, self::FILTER_LIMIT);
  128. }
  129. $type = $request->input('type');
  130. $item = $request->input('item');
  131. $action = $type . '.mute';
  132. if (!in_array($action, $this->filters)) {
  133. return abort(406);
  134. }
  135. $filterable = [];
  136. switch ($type) {
  137. case 'user':
  138. $profile = Profile::findOrFail($item);
  139. if ($profile->id == $user->id) {
  140. return abort(403);
  141. }
  142. $class = get_class($profile);
  143. $filterable['id'] = $profile->id;
  144. $filterable['type'] = $class;
  145. break;
  146. }
  147. $filter = UserFilter::firstOrCreate([
  148. 'user_id' => $user->id,
  149. 'filterable_id' => $filterable['id'],
  150. 'filterable_type' => $filterable['type'],
  151. 'filter_type' => 'mute',
  152. ]);
  153. $pid = $user->id;
  154. Cache::forget("user:filter:list:$pid");
  155. Cache::forget("feature:discover:posts:$pid");
  156. Cache::forget("api:local:exp:rec:$pid");
  157. return redirect()->back();
  158. }
  159. public function unmute(Request $request)
  160. {
  161. $this->validate($request, [
  162. 'type' => 'required|alpha_dash',
  163. 'item' => 'required|integer|min:1',
  164. ]);
  165. $user = Auth::user()->profile;
  166. $type = $request->input('type');
  167. $item = $request->input('item');
  168. $action = $type . '.mute';
  169. if (!in_array($action, $this->filters)) {
  170. return abort(406);
  171. }
  172. $filterable = [];
  173. switch ($type) {
  174. case 'user':
  175. $profile = Profile::findOrFail($item);
  176. if ($profile->id == $user->id) {
  177. return abort(403);
  178. }
  179. $class = get_class($profile);
  180. $filterable['id'] = $profile->id;
  181. $filterable['type'] = $class;
  182. break;
  183. default:
  184. abort(400);
  185. break;
  186. }
  187. $filter = UserFilter::whereUserId($user->id)
  188. ->whereFilterableId($filterable['id'])
  189. ->whereFilterableType($filterable['type'])
  190. ->whereFilterType('mute')
  191. ->first();
  192. if($filter) {
  193. $filter->delete();
  194. }
  195. $pid = $user->id;
  196. Cache::forget("user:filter:list:$pid");
  197. Cache::forget("feature:discover:posts:$pid");
  198. Cache::forget("api:local:exp:rec:$pid");
  199. if($request->wantsJson()) {
  200. return response()->json([200]);
  201. } else {
  202. return redirect()->back();
  203. }
  204. }
  205. public function block(Request $request)
  206. {
  207. $this->validate($request, [
  208. 'type' => 'required|alpha_dash',
  209. 'item' => 'required|integer|min:1',
  210. ]);
  211. $user = Auth::user()->profile;
  212. $count = UserFilterService::blockCount($user->id);
  213. abort_if($count >= 100, 422, self::FILTER_LIMIT);
  214. if($count == 0) {
  215. $filterCount = UserFilter::whereUserId($user->id)->count();
  216. abort_if($filterCount >= 100, 422, self::FILTER_LIMIT);
  217. }
  218. $type = $request->input('type');
  219. $item = $request->input('item');
  220. $action = $type.'.block';
  221. if (!in_array($action, $this->filters)) {
  222. return abort(406);
  223. }
  224. $filterable = [];
  225. switch ($type) {
  226. case 'user':
  227. $profile = Profile::findOrFail($item);
  228. if ($profile->id == $user->id || ($profile->user && $profile->user->is_admin == true)) {
  229. return abort(403);
  230. }
  231. $class = get_class($profile);
  232. $filterable['id'] = $profile->id;
  233. $filterable['type'] = $class;
  234. Follower::whereProfileId($profile->id)->whereFollowingId($user->id)->delete();
  235. Notification::whereProfileId($user->id)->whereActorId($profile->id)->delete();
  236. break;
  237. }
  238. $filter = UserFilter::firstOrCreate([
  239. 'user_id' => $user->id,
  240. 'filterable_id' => $filterable['id'],
  241. 'filterable_type' => $filterable['type'],
  242. 'filter_type' => 'block',
  243. ]);
  244. $pid = $user->id;
  245. Cache::forget("user:filter:list:$pid");
  246. Cache::forget("api:local:exp:rec:$pid");
  247. return redirect()->back();
  248. }
  249. public function unblock(Request $request)
  250. {
  251. $this->validate($request, [
  252. 'type' => 'required|alpha_dash',
  253. 'item' => 'required|integer|min:1',
  254. ]);
  255. $user = Auth::user()->profile;
  256. $type = $request->input('type');
  257. $item = $request->input('item');
  258. $action = $type . '.block';
  259. if (!in_array($action, $this->filters)) {
  260. return abort(406);
  261. }
  262. $filterable = [];
  263. switch ($type) {
  264. case 'user':
  265. $profile = Profile::findOrFail($item);
  266. if ($profile->id == $user->id) {
  267. return abort(403);
  268. }
  269. $class = get_class($profile);
  270. $filterable['id'] = $profile->id;
  271. $filterable['type'] = $class;
  272. break;
  273. default:
  274. abort(400);
  275. break;
  276. }
  277. $filter = UserFilter::whereUserId($user->id)
  278. ->whereFilterableId($filterable['id'])
  279. ->whereFilterableType($filterable['type'])
  280. ->whereFilterType('block')
  281. ->first();
  282. if($filter) {
  283. $filter->delete();
  284. }
  285. $pid = $user->id;
  286. Cache::forget("user:filter:list:$pid");
  287. Cache::forget("feature:discover:posts:$pid");
  288. Cache::forget("api:local:exp:rec:$pid");
  289. return redirect()->back();
  290. }
  291. public function followRequests(Request $request)
  292. {
  293. $pid = Auth::user()->profile->id;
  294. $followers = FollowRequest::whereFollowingId($pid)->orderBy('id','desc')->whereIsRejected(0)->simplePaginate(10);
  295. return view('account.follow-requests', compact('followers'));
  296. }
  297. public function followRequestsJson(Request $request)
  298. {
  299. $pid = Auth::user()->profile_id;
  300. $followers = FollowRequest::whereFollowingId($pid)->orderBy('id','desc')->whereIsRejected(0)->get();
  301. $res = [
  302. 'count' => $followers->count(),
  303. 'accounts' => $followers->take(10)->map(function($a) {
  304. $actor = $a->actor;
  305. return [
  306. 'id' => $actor->id,
  307. 'username' => $actor->username,
  308. 'avatar' => $actor->avatarUrl(),
  309. 'url' => $actor->url(),
  310. 'local' => $actor->domain == null,
  311. 'following' => $actor->followedBy(Auth::user()->profile)
  312. ];
  313. })
  314. ];
  315. return response()->json($res, 200, [], JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES);
  316. }
  317. public function followRequestHandle(Request $request)
  318. {
  319. $this->validate($request, [
  320. 'action' => 'required|string|max:10',
  321. 'id' => 'required|integer|min:1'
  322. ]);
  323. $pid = Auth::user()->profile->id;
  324. $action = $request->input('action') === 'accept' ? 'accept' : 'reject';
  325. $id = $request->input('id');
  326. $followRequest = FollowRequest::whereFollowingId($pid)->findOrFail($id);
  327. $follower = $followRequest->follower;
  328. switch ($action) {
  329. case 'accept':
  330. $follow = new Follower();
  331. $follow->profile_id = $follower->id;
  332. $follow->following_id = $pid;
  333. $follow->save();
  334. FollowPipeline::dispatch($follow);
  335. $followRequest->delete();
  336. break;
  337. case 'reject':
  338. $followRequest->is_rejected = true;
  339. $followRequest->save();
  340. break;
  341. }
  342. Cache::forget('profile:follower_count:'.$pid);
  343. Cache::forget('profile:following_count:'.$pid);
  344. return response()->json(['msg' => 'success'], 200);
  345. }
  346. public function sudoMode(Request $request)
  347. {
  348. if($request->session()->has('sudoModeAttempts') && $request->session()->get('sudoModeAttempts') >= 3) {
  349. $request->session()->pull('2fa.session.active');
  350. $request->session()->pull('redirectNext');
  351. $request->session()->pull('sudoModeAttempts');
  352. Auth::logout();
  353. return redirect(route('login'));
  354. }
  355. return view('auth.sudo');
  356. }
  357. public function sudoModeVerify(Request $request)
  358. {
  359. $this->validate($request, [
  360. 'password' => 'required|string|max:500',
  361. 'trustDevice' => 'nullable'
  362. ]);
  363. $user = Auth::user();
  364. $password = $request->input('password');
  365. $trustDevice = $request->input('trustDevice') == 'on';
  366. $next = $request->session()->get('redirectNext', '/');
  367. if($request->session()->has('sudoModeAttempts')) {
  368. $count = (int) $request->session()->get('sudoModeAttempts');
  369. $request->session()->put('sudoModeAttempts', $count + 1);
  370. } else {
  371. $request->session()->put('sudoModeAttempts', 1);
  372. }
  373. if(password_verify($password, $user->password) === true) {
  374. $request->session()->put('sudoMode', time());
  375. if($trustDevice == true) {
  376. $request->session()->put('sudoTrustDevice', 1);
  377. }
  378. return redirect($next);
  379. } else {
  380. return redirect()
  381. ->back()
  382. ->withErrors(['password' => __('auth.failed')]);
  383. }
  384. }
  385. public function twoFactorCheckpoint(Request $request)
  386. {
  387. return view('auth.checkpoint');
  388. }
  389. public function twoFactorVerify(Request $request)
  390. {
  391. $this->validate($request, [
  392. 'code' => 'required|string|max:32'
  393. ]);
  394. $user = Auth::user();
  395. $code = $request->input('code');
  396. $google2fa = new Google2FA();
  397. $verify = $google2fa->verifyKey($user->{'2fa_secret'}, $code);
  398. if($verify) {
  399. $request->session()->push('2fa.session.active', true);
  400. return redirect('/');
  401. } else {
  402. if($this->twoFactorBackupCheck($request, $code, $user)) {
  403. return redirect('/');
  404. }
  405. if($request->session()->has('2fa.attempts')) {
  406. $count = (int) $request->session()->get('2fa.attempts');
  407. if($count == 3) {
  408. Auth::logout();
  409. return redirect('/');
  410. }
  411. $request->session()->put('2fa.attempts', $count + 1);
  412. } else {
  413. $request->session()->put('2fa.attempts', 1);
  414. }
  415. return redirect('/i/auth/checkpoint')->withErrors([
  416. 'code' => 'Invalid code'
  417. ]);
  418. }
  419. }
  420. protected function twoFactorBackupCheck($request, $code, User $user)
  421. {
  422. $backupCodes = $user->{'2fa_backup_codes'};
  423. if($backupCodes) {
  424. $codes = json_decode($backupCodes, true);
  425. foreach ($codes as $c) {
  426. if(hash_equals($c, $code)) {
  427. $codes = array_flatten(array_diff($codes, [$code]));
  428. $user->{'2fa_backup_codes'} = json_encode($codes);
  429. $user->save();
  430. $request->session()->push('2fa.session.active', true);
  431. return true;
  432. } else {
  433. return false;
  434. }
  435. }
  436. } else {
  437. return false;
  438. }
  439. }
  440. public function accountRestored(Request $request)
  441. {
  442. }
  443. public function accountMutes(Request $request)
  444. {
  445. abort_if(!$request->user(), 403);
  446. $this->validate($request, [
  447. 'limit' => 'nullable|integer|min:1|max:40'
  448. ]);
  449. $user = $request->user();
  450. $limit = $request->input('limit') ?? 40;
  451. $mutes = UserFilter::whereUserId($user->profile_id)
  452. ->whereFilterableType('App\Profile')
  453. ->whereFilterType('mute')
  454. ->simplePaginate($limit)
  455. ->pluck('filterable_id');
  456. $accounts = Profile::find($mutes);
  457. $fractal = new Fractal\Manager();
  458. $fractal->setSerializer(new ArraySerializer());
  459. $resource = new Fractal\Resource\Collection($accounts, new AccountTransformer());
  460. $res = $fractal->createData($resource)->toArray();
  461. $url = $request->url();
  462. $page = $request->input('page', 1);
  463. $next = $page < 40 ? $page + 1 : 40;
  464. $prev = $page > 1 ? $page - 1 : 1;
  465. $links = '<'.$url.'?page='.$next.'&limit='.$limit.'>; rel="next", <'.$url.'?page='.$prev.'&limit='.$limit.'>; rel="prev"';
  466. return response()->json($res, 200, ['Link' => $links]);
  467. }
  468. public function accountBlocks(Request $request)
  469. {
  470. abort_if(!$request->user(), 403);
  471. $this->validate($request, [
  472. 'limit' => 'nullable|integer|min:1|max:40',
  473. 'page' => 'nullable|integer|min:1|max:10'
  474. ]);
  475. $user = $request->user();
  476. $limit = $request->input('limit') ?? 40;
  477. $blocked = UserFilter::select('filterable_id','filterable_type','filter_type','user_id')
  478. ->whereUserId($user->profile_id)
  479. ->whereFilterableType('App\Profile')
  480. ->whereFilterType('block')
  481. ->simplePaginate($limit)
  482. ->pluck('filterable_id');
  483. $profiles = Profile::findOrFail($blocked);
  484. $fractal = new Fractal\Manager();
  485. $fractal->setSerializer(new ArraySerializer());
  486. $resource = new Fractal\Resource\Collection($profiles, new AccountTransformer());
  487. $res = $fractal->createData($resource)->toArray();
  488. $url = $request->url();
  489. $page = $request->input('page', 1);
  490. $next = $page < 40 ? $page + 1 : 40;
  491. $prev = $page > 1 ? $page - 1 : 1;
  492. $links = '<'.$url.'?page='.$next.'&limit='.$limit.'>; rel="next", <'.$url.'?page='.$prev.'&limit='.$limit.'>; rel="prev"';
  493. return response()->json($res, 200, ['Link' => $links]);
  494. }
  495. public function accountBlocksV2(Request $request)
  496. {
  497. return response()->json(UserFilterService::blocks($request->user()->profile_id), 200, [], JSON_UNESCAPED_SLASHES);
  498. }
  499. public function accountMutesV2(Request $request)
  500. {
  501. return response()->json(UserFilterService::mutes($request->user()->profile_id), 200, [], JSON_UNESCAPED_SLASHES);
  502. }
  503. public function accountFiltersV2(Request $request)
  504. {
  505. return response()->json(UserFilterService::filters($request->user()->profile_id), 200, [], JSON_UNESCAPED_SLASHES);
  506. }
  507. }