AccountController.php 16 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588
  1. <?php
  2. namespace App\Http\Controllers;
  3. use Auth;
  4. use Cache;
  5. use Mail;
  6. use Illuminate\Support\Facades\Redis;
  7. use Illuminate\Support\Str;
  8. use Carbon\Carbon;
  9. use App\Mail\ConfirmEmail;
  10. use Illuminate\Http\Request;
  11. use PragmaRX\Google2FA\Google2FA;
  12. use App\Jobs\FollowPipeline\FollowPipeline;
  13. use App\{
  14. DirectMessage,
  15. EmailVerification,
  16. Follower,
  17. FollowRequest,
  18. Notification,
  19. Profile,
  20. User,
  21. UserFilter
  22. };
  23. use League\Fractal;
  24. use League\Fractal\Serializer\ArraySerializer;
  25. use League\Fractal\Pagination\IlluminatePaginatorAdapter;
  26. use App\Transformer\Api\Mastodon\v1\AccountTransformer;
  27. use App\Services\AccountService;
  28. use App\Services\UserFilterService;
  29. class AccountController extends Controller
  30. {
  31. protected $filters = [
  32. 'user.mute',
  33. 'user.block',
  34. ];
  35. const FILTER_LIMIT = 'You cannot block or mute more than 100 accounts';
  36. public function __construct()
  37. {
  38. $this->middleware('auth');
  39. }
  40. public function notifications(Request $request)
  41. {
  42. return view('account.activity');
  43. }
  44. public function followingActivity(Request $request)
  45. {
  46. $this->validate($request, [
  47. 'page' => 'nullable|min:1|max:3',
  48. 'a' => 'nullable|alpha_dash',
  49. ]);
  50. $action = $request->input('a');
  51. $allowed = ['like', 'follow'];
  52. $timeago = Carbon::now()->subMonths(3);
  53. $profile = Auth::user()->profile;
  54. $following = $profile->following->pluck('id');
  55. $notifications = Notification::whereIn('actor_id', $following)
  56. ->whereIn('action', $allowed)
  57. ->where('actor_id', '<>', $profile->id)
  58. ->where('profile_id', '<>', $profile->id)
  59. ->whereDate('created_at', '>', $timeago)
  60. ->orderBy('notifications.created_at', 'desc')
  61. ->simplePaginate(30);
  62. return view('account.following', compact('profile', 'notifications'));
  63. }
  64. public function verifyEmail(Request $request)
  65. {
  66. return view('account.verify_email');
  67. }
  68. public function sendVerifyEmail(Request $request)
  69. {
  70. $recentAttempt = EmailVerification::whereUserId(Auth::id())
  71. ->whereDate('created_at', '>', now()->subHours(12))->count();
  72. if ($recentAttempt > 0) {
  73. return redirect()->back()->with('error', 'A verification email has already been sent recently. Please check your email, or try again later.');
  74. }
  75. EmailVerification::whereUserId(Auth::id())->delete();
  76. $user = User::whereNull('email_verified_at')->find(Auth::id());
  77. $utoken = Str::uuid() . Str::random(mt_rand(5,9));
  78. $rtoken = Str::random(mt_rand(64, 70));
  79. $verify = new EmailVerification();
  80. $verify->user_id = $user->id;
  81. $verify->email = $user->email;
  82. $verify->user_token = $utoken;
  83. $verify->random_token = $rtoken;
  84. $verify->save();
  85. Mail::to($user->email)->send(new ConfirmEmail($verify));
  86. return redirect()->back()->with('status', 'Verification email sent!');
  87. }
  88. public function confirmVerifyEmail(Request $request, $userToken, $randomToken)
  89. {
  90. $verify = EmailVerification::where('user_token', $userToken)
  91. ->where('created_at', '>', now()->subHours(24))
  92. ->where('random_token', $randomToken)
  93. ->firstOrFail();
  94. if (Auth::id() === $verify->user_id && $verify->user_token === $userToken && $verify->random_token === $randomToken) {
  95. $user = User::find(Auth::id());
  96. $user->email_verified_at = Carbon::now();
  97. $user->save();
  98. return redirect('/');
  99. } else {
  100. abort(403);
  101. }
  102. }
  103. public function direct()
  104. {
  105. return view('account.direct');
  106. }
  107. public function directMessage(Request $request, $id)
  108. {
  109. $profile = Profile::where('id', '!=', $request->user()->profile_id)
  110. // ->whereNull('domain')
  111. ->findOrFail($id);
  112. return view('account.directmessage', compact('id'));
  113. }
  114. public function mute(Request $request)
  115. {
  116. $this->validate($request, [
  117. 'type' => 'required|alpha_dash',
  118. 'item' => 'required|integer|min:1',
  119. ]);
  120. $user = Auth::user()->profile;
  121. $count = UserFilterService::muteCount($user->id);
  122. abort_if($count >= 100, 422, self::FILTER_LIMIT);
  123. if($count == 0) {
  124. $filterCount = UserFilter::whereUserId($user->id)->count();
  125. abort_if($filterCount >= 100, 422, self::FILTER_LIMIT);
  126. }
  127. $type = $request->input('type');
  128. $item = $request->input('item');
  129. $action = $type . '.mute';
  130. if (!in_array($action, $this->filters)) {
  131. return abort(406);
  132. }
  133. $filterable = [];
  134. switch ($type) {
  135. case 'user':
  136. $profile = Profile::findOrFail($item);
  137. if ($profile->id == $user->id) {
  138. return abort(403);
  139. }
  140. $class = get_class($profile);
  141. $filterable['id'] = $profile->id;
  142. $filterable['type'] = $class;
  143. break;
  144. }
  145. $filter = UserFilter::firstOrCreate([
  146. 'user_id' => $user->id,
  147. 'filterable_id' => $filterable['id'],
  148. 'filterable_type' => $filterable['type'],
  149. 'filter_type' => 'mute',
  150. ]);
  151. $pid = $user->id;
  152. Cache::forget("user:filter:list:$pid");
  153. Cache::forget("feature:discover:posts:$pid");
  154. Cache::forget("api:local:exp:rec:$pid");
  155. return redirect()->back();
  156. }
  157. public function unmute(Request $request)
  158. {
  159. $this->validate($request, [
  160. 'type' => 'required|alpha_dash',
  161. 'item' => 'required|integer|min:1',
  162. ]);
  163. $user = Auth::user()->profile;
  164. $type = $request->input('type');
  165. $item = $request->input('item');
  166. $action = $type . '.mute';
  167. if (!in_array($action, $this->filters)) {
  168. return abort(406);
  169. }
  170. $filterable = [];
  171. switch ($type) {
  172. case 'user':
  173. $profile = Profile::findOrFail($item);
  174. if ($profile->id == $user->id) {
  175. return abort(403);
  176. }
  177. $class = get_class($profile);
  178. $filterable['id'] = $profile->id;
  179. $filterable['type'] = $class;
  180. break;
  181. default:
  182. abort(400);
  183. break;
  184. }
  185. $filter = UserFilter::whereUserId($user->id)
  186. ->whereFilterableId($filterable['id'])
  187. ->whereFilterableType($filterable['type'])
  188. ->whereFilterType('mute')
  189. ->first();
  190. if($filter) {
  191. $filter->delete();
  192. }
  193. $pid = $user->id;
  194. Cache::forget("user:filter:list:$pid");
  195. Cache::forget("feature:discover:posts:$pid");
  196. Cache::forget("api:local:exp:rec:$pid");
  197. if($request->wantsJson()) {
  198. return response()->json([200]);
  199. } else {
  200. return redirect()->back();
  201. }
  202. }
  203. public function block(Request $request)
  204. {
  205. $this->validate($request, [
  206. 'type' => 'required|alpha_dash',
  207. 'item' => 'required|integer|min:1',
  208. ]);
  209. $user = Auth::user()->profile;
  210. $count = UserFilterService::blockCount($user->id);
  211. abort_if($count >= 100, 422, self::FILTER_LIMIT);
  212. if($count == 0) {
  213. $filterCount = UserFilter::whereUserId($user->id)->count();
  214. abort_if($filterCount >= 100, 422, self::FILTER_LIMIT);
  215. }
  216. $type = $request->input('type');
  217. $item = $request->input('item');
  218. $action = $type.'.block';
  219. if (!in_array($action, $this->filters)) {
  220. return abort(406);
  221. }
  222. $filterable = [];
  223. switch ($type) {
  224. case 'user':
  225. $profile = Profile::findOrFail($item);
  226. if ($profile->id == $user->id || ($profile->user && $profile->user->is_admin == true)) {
  227. return abort(403);
  228. }
  229. $class = get_class($profile);
  230. $filterable['id'] = $profile->id;
  231. $filterable['type'] = $class;
  232. Follower::whereProfileId($profile->id)->whereFollowingId($user->id)->delete();
  233. Notification::whereProfileId($user->id)->whereActorId($profile->id)->delete();
  234. break;
  235. }
  236. $filter = UserFilter::firstOrCreate([
  237. 'user_id' => $user->id,
  238. 'filterable_id' => $filterable['id'],
  239. 'filterable_type' => $filterable['type'],
  240. 'filter_type' => 'block',
  241. ]);
  242. $pid = $user->id;
  243. Cache::forget("user:filter:list:$pid");
  244. Cache::forget("api:local:exp:rec:$pid");
  245. return redirect()->back();
  246. }
  247. public function unblock(Request $request)
  248. {
  249. $this->validate($request, [
  250. 'type' => 'required|alpha_dash',
  251. 'item' => 'required|integer|min:1',
  252. ]);
  253. $user = Auth::user()->profile;
  254. $type = $request->input('type');
  255. $item = $request->input('item');
  256. $action = $type . '.block';
  257. if (!in_array($action, $this->filters)) {
  258. return abort(406);
  259. }
  260. $filterable = [];
  261. switch ($type) {
  262. case 'user':
  263. $profile = Profile::findOrFail($item);
  264. if ($profile->id == $user->id) {
  265. return abort(403);
  266. }
  267. $class = get_class($profile);
  268. $filterable['id'] = $profile->id;
  269. $filterable['type'] = $class;
  270. break;
  271. default:
  272. abort(400);
  273. break;
  274. }
  275. $filter = UserFilter::whereUserId($user->id)
  276. ->whereFilterableId($filterable['id'])
  277. ->whereFilterableType($filterable['type'])
  278. ->whereFilterType('block')
  279. ->first();
  280. if($filter) {
  281. $filter->delete();
  282. }
  283. $pid = $user->id;
  284. Cache::forget("user:filter:list:$pid");
  285. Cache::forget("feature:discover:posts:$pid");
  286. Cache::forget("api:local:exp:rec:$pid");
  287. return redirect()->back();
  288. }
  289. public function followRequests(Request $request)
  290. {
  291. $pid = Auth::user()->profile->id;
  292. $followers = FollowRequest::whereFollowingId($pid)->orderBy('id','desc')->whereIsRejected(0)->simplePaginate(10);
  293. return view('account.follow-requests', compact('followers'));
  294. }
  295. public function followRequestsJson(Request $request)
  296. {
  297. $pid = Auth::user()->profile_id;
  298. $followers = FollowRequest::whereFollowingId($pid)->orderBy('id','desc')->whereIsRejected(0)->get();
  299. $res = [
  300. 'count' => $followers->count(),
  301. 'accounts' => $followers->take(10)->map(function($a) {
  302. $actor = $a->actor;
  303. return [
  304. 'id' => $actor->id,
  305. 'username' => $actor->username,
  306. 'avatar' => $actor->avatarUrl(),
  307. 'url' => $actor->url(),
  308. 'local' => $actor->domain == null,
  309. 'following' => $actor->followedBy(Auth::user()->profile)
  310. ];
  311. })
  312. ];
  313. return response()->json($res, 200, [], JSON_PRETTY_PRINT|JSON_UNESCAPED_SLASHES);
  314. }
  315. public function followRequestHandle(Request $request)
  316. {
  317. $this->validate($request, [
  318. 'action' => 'required|string|max:10',
  319. 'id' => 'required|integer|min:1'
  320. ]);
  321. $pid = Auth::user()->profile->id;
  322. $action = $request->input('action') === 'accept' ? 'accept' : 'reject';
  323. $id = $request->input('id');
  324. $followRequest = FollowRequest::whereFollowingId($pid)->findOrFail($id);
  325. $follower = $followRequest->follower;
  326. switch ($action) {
  327. case 'accept':
  328. $follow = new Follower();
  329. $follow->profile_id = $follower->id;
  330. $follow->following_id = $pid;
  331. $follow->save();
  332. FollowPipeline::dispatch($follow);
  333. $followRequest->delete();
  334. break;
  335. case 'reject':
  336. $followRequest->is_rejected = true;
  337. $followRequest->save();
  338. break;
  339. }
  340. Cache::forget('profile:follower_count:'.$pid);
  341. Cache::forget('profile:following_count:'.$pid);
  342. return response()->json(['msg' => 'success'], 200);
  343. }
  344. public function sudoMode(Request $request)
  345. {
  346. if($request->session()->has('sudoModeAttempts') && $request->session()->get('sudoModeAttempts') >= 3) {
  347. $request->session()->pull('2fa.session.active');
  348. $request->session()->pull('redirectNext');
  349. $request->session()->pull('sudoModeAttempts');
  350. Auth::logout();
  351. return redirect(route('login'));
  352. }
  353. return view('auth.sudo');
  354. }
  355. public function sudoModeVerify(Request $request)
  356. {
  357. $this->validate($request, [
  358. 'password' => 'required|string|max:500',
  359. 'trustDevice' => 'nullable'
  360. ]);
  361. $user = Auth::user();
  362. $password = $request->input('password');
  363. $trustDevice = $request->input('trustDevice') == 'on';
  364. $next = $request->session()->get('redirectNext', '/');
  365. if($request->session()->has('sudoModeAttempts')) {
  366. $count = (int) $request->session()->get('sudoModeAttempts');
  367. $request->session()->put('sudoModeAttempts', $count + 1);
  368. } else {
  369. $request->session()->put('sudoModeAttempts', 1);
  370. }
  371. if(password_verify($password, $user->password) === true) {
  372. $request->session()->put('sudoMode', time());
  373. if($trustDevice == true) {
  374. $request->session()->put('sudoTrustDevice', 1);
  375. }
  376. return redirect($next);
  377. } else {
  378. return redirect()
  379. ->back()
  380. ->withErrors(['password' => __('auth.failed')]);
  381. }
  382. }
  383. public function twoFactorCheckpoint(Request $request)
  384. {
  385. return view('auth.checkpoint');
  386. }
  387. public function twoFactorVerify(Request $request)
  388. {
  389. $this->validate($request, [
  390. 'code' => 'required|string|max:32'
  391. ]);
  392. $user = Auth::user();
  393. $code = $request->input('code');
  394. $google2fa = new Google2FA();
  395. $verify = $google2fa->verifyKey($user->{'2fa_secret'}, $code);
  396. if($verify) {
  397. $request->session()->push('2fa.session.active', true);
  398. return redirect('/');
  399. } else {
  400. if($this->twoFactorBackupCheck($request, $code, $user)) {
  401. return redirect('/');
  402. }
  403. if($request->session()->has('2fa.attempts')) {
  404. $count = (int) $request->session()->get('2fa.attempts');
  405. if($count == 3) {
  406. Auth::logout();
  407. return redirect('/');
  408. }
  409. $request->session()->put('2fa.attempts', $count + 1);
  410. } else {
  411. $request->session()->put('2fa.attempts', 1);
  412. }
  413. return redirect('/i/auth/checkpoint')->withErrors([
  414. 'code' => 'Invalid code'
  415. ]);
  416. }
  417. }
  418. protected function twoFactorBackupCheck($request, $code, User $user)
  419. {
  420. $backupCodes = $user->{'2fa_backup_codes'};
  421. if($backupCodes) {
  422. $codes = json_decode($backupCodes, true);
  423. foreach ($codes as $c) {
  424. if(hash_equals($c, $code)) {
  425. $codes = array_flatten(array_diff($codes, [$code]));
  426. $user->{'2fa_backup_codes'} = json_encode($codes);
  427. $user->save();
  428. $request->session()->push('2fa.session.active', true);
  429. return true;
  430. } else {
  431. return false;
  432. }
  433. }
  434. } else {
  435. return false;
  436. }
  437. }
  438. public function accountRestored(Request $request)
  439. {
  440. }
  441. public function accountMutes(Request $request)
  442. {
  443. abort_if(!$request->user(), 403);
  444. $this->validate($request, [
  445. 'limit' => 'nullable|integer|min:1|max:40'
  446. ]);
  447. $user = $request->user();
  448. $limit = $request->input('limit') ?? 40;
  449. $mutes = UserFilter::whereUserId($user->profile_id)
  450. ->whereFilterableType('App\Profile')
  451. ->whereFilterType('mute')
  452. ->simplePaginate($limit)
  453. ->pluck('filterable_id');
  454. $accounts = Profile::find($mutes);
  455. $fractal = new Fractal\Manager();
  456. $fractal->setSerializer(new ArraySerializer());
  457. $resource = new Fractal\Resource\Collection($accounts, new AccountTransformer());
  458. $res = $fractal->createData($resource)->toArray();
  459. $url = $request->url();
  460. $page = $request->input('page', 1);
  461. $next = $page < 40 ? $page + 1 : 40;
  462. $prev = $page > 1 ? $page - 1 : 1;
  463. $links = '<'.$url.'?page='.$next.'&limit='.$limit.'>; rel="next", <'.$url.'?page='.$prev.'&limit='.$limit.'>; rel="prev"';
  464. return response()->json($res, 200, ['Link' => $links]);
  465. }
  466. public function accountBlocks(Request $request)
  467. {
  468. abort_if(!$request->user(), 403);
  469. $this->validate($request, [
  470. 'limit' => 'nullable|integer|min:1|max:40',
  471. 'page' => 'nullable|integer|min:1|max:10'
  472. ]);
  473. $user = $request->user();
  474. $limit = $request->input('limit') ?? 40;
  475. $blocked = UserFilter::select('filterable_id','filterable_type','filter_type','user_id')
  476. ->whereUserId($user->profile_id)
  477. ->whereFilterableType('App\Profile')
  478. ->whereFilterType('block')
  479. ->simplePaginate($limit)
  480. ->pluck('filterable_id');
  481. $profiles = Profile::findOrFail($blocked);
  482. $fractal = new Fractal\Manager();
  483. $fractal->setSerializer(new ArraySerializer());
  484. $resource = new Fractal\Resource\Collection($profiles, new AccountTransformer());
  485. $res = $fractal->createData($resource)->toArray();
  486. $url = $request->url();
  487. $page = $request->input('page', 1);
  488. $next = $page < 40 ? $page + 1 : 40;
  489. $prev = $page > 1 ? $page - 1 : 1;
  490. $links = '<'.$url.'?page='.$next.'&limit='.$limit.'>; rel="next", <'.$url.'?page='.$prev.'&limit='.$limit.'>; rel="prev"';
  491. return response()->json($res, 200, ['Link' => $links]);
  492. }
  493. public function accountBlocksV2(Request $request)
  494. {
  495. return response()->json(UserFilterService::blocks($request->user()->profile_id), 200, [], JSON_UNESCAPED_SLASHES);
  496. }
  497. public function accountMutesV2(Request $request)
  498. {
  499. return response()->json(UserFilterService::mutes($request->user()->profile_id), 200, [], JSON_UNESCAPED_SLASHES);
  500. }
  501. public function accountFiltersV2(Request $request)
  502. {
  503. return response()->json(UserFilterService::filters($request->user()->profile_id), 200, [], JSON_UNESCAPED_SLASHES);
  504. }
  505. }