1
0

AccountController.php 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445
  1. <?php
  2. namespace App\Http\Controllers;
  3. use Auth;
  4. use Cache;
  5. use Mail;
  6. use Redis;
  7. use Carbon\Carbon;
  8. use App\Mail\ConfirmEmail;
  9. use Illuminate\Http\Request;
  10. use PragmaRX\Google2FA\Google2FA;
  11. use App\Jobs\FollowPipeline\FollowPipeline;
  12. use App\{
  13. EmailVerification,
  14. Follower,
  15. FollowRequest,
  16. Notification,
  17. Profile,
  18. User,
  19. UserFilter
  20. };
  21. class AccountController extends Controller
  22. {
  23. protected $filters = [
  24. 'user.mute',
  25. 'user.block',
  26. ];
  27. public function __construct()
  28. {
  29. $this->middleware('auth');
  30. }
  31. public function notifications(Request $request)
  32. {
  33. return view('account.activity');
  34. }
  35. public function followingActivity(Request $request)
  36. {
  37. $this->validate($request, [
  38. 'page' => 'nullable|min:1|max:3',
  39. 'a' => 'nullable|alpha_dash',
  40. ]);
  41. $action = $request->input('a');
  42. $allowed = ['like', 'follow'];
  43. $timeago = Carbon::now()->subMonths(3);
  44. $profile = Auth::user()->profile;
  45. $following = $profile->following->pluck('id');
  46. $notifications = Notification::whereIn('actor_id', $following)
  47. ->whereIn('action', $allowed)
  48. ->where('actor_id', '<>', $profile->id)
  49. ->where('profile_id', '<>', $profile->id)
  50. ->whereDate('created_at', '>', $timeago)
  51. ->orderBy('notifications.created_at', 'desc')
  52. ->simplePaginate(30);
  53. return view('account.following', compact('profile', 'notifications'));
  54. }
  55. public function verifyEmail(Request $request)
  56. {
  57. return view('account.verify_email');
  58. }
  59. public function sendVerifyEmail(Request $request)
  60. {
  61. $recentAttempt = EmailVerification::whereUserId(Auth::id())
  62. ->whereDate('created_at', '>', now()->subHours(12))->count();
  63. if ($recentAttempt > 0) {
  64. return redirect()->back()->with('error', 'A verification email has already been sent recently. Please check your email, or try again later.');
  65. }
  66. EmailVerification::whereUserId(Auth::id())->delete();
  67. $user = User::whereNull('email_verified_at')->find(Auth::id());
  68. $utoken = str_random(64);
  69. $rtoken = str_random(128);
  70. $verify = new EmailVerification();
  71. $verify->user_id = $user->id;
  72. $verify->email = $user->email;
  73. $verify->user_token = $utoken;
  74. $verify->random_token = $rtoken;
  75. $verify->save();
  76. Mail::to($user->email)->send(new ConfirmEmail($verify));
  77. return redirect()->back()->with('status', 'Verification email sent!');
  78. }
  79. public function confirmVerifyEmail(Request $request, $userToken, $randomToken)
  80. {
  81. $verify = EmailVerification::where('user_token', $userToken)
  82. ->where('created_at', '>', now()->subWeeks(2))
  83. ->where('random_token', $randomToken)
  84. ->firstOrFail();
  85. if (Auth::id() === $verify->user_id && $verify->user_token === $userToken && $verify->random_token === $randomToken) {
  86. $user = User::find(Auth::id());
  87. $user->email_verified_at = Carbon::now();
  88. $user->save();
  89. return redirect('/');
  90. } else {
  91. abort(403);
  92. }
  93. }
  94. public function messages()
  95. {
  96. return view('account.messages');
  97. }
  98. public function direct()
  99. {
  100. return view('account.direct');
  101. }
  102. public function showMessage(Request $request, $id)
  103. {
  104. return view('account.message');
  105. }
  106. public function mute(Request $request)
  107. {
  108. $this->validate($request, [
  109. 'type' => 'required|alpha_dash',
  110. 'item' => 'required|integer|min:1',
  111. ]);
  112. $user = Auth::user()->profile;
  113. $type = $request->input('type');
  114. $item = $request->input('item');
  115. $action = $type . '.mute';
  116. if (!in_array($action, $this->filters)) {
  117. return abort(406);
  118. }
  119. $filterable = [];
  120. switch ($type) {
  121. case 'user':
  122. $profile = Profile::findOrFail($item);
  123. if ($profile->id == $user->id) {
  124. return abort(403);
  125. }
  126. $class = get_class($profile);
  127. $filterable['id'] = $profile->id;
  128. $filterable['type'] = $class;
  129. break;
  130. }
  131. $filter = UserFilter::firstOrCreate([
  132. 'user_id' => $user->id,
  133. 'filterable_id' => $filterable['id'],
  134. 'filterable_type' => $filterable['type'],
  135. 'filter_type' => 'mute',
  136. ]);
  137. $pid = $user->id;
  138. Cache::forget("user:filter:list:$pid");
  139. Cache::forget("feature:discover:posts:$pid");
  140. Cache::forget("api:local:exp:rec:$pid");
  141. return redirect()->back();
  142. }
  143. public function unmute(Request $request)
  144. {
  145. $this->validate($request, [
  146. 'type' => 'required|alpha_dash',
  147. 'item' => 'required|integer|min:1',
  148. ]);
  149. $user = Auth::user()->profile;
  150. $type = $request->input('type');
  151. $item = $request->input('item');
  152. $action = $type . '.mute';
  153. if (!in_array($action, $this->filters)) {
  154. return abort(406);
  155. }
  156. $filterable = [];
  157. switch ($type) {
  158. case 'user':
  159. $profile = Profile::findOrFail($item);
  160. if ($profile->id == $user->id) {
  161. return abort(403);
  162. }
  163. $class = get_class($profile);
  164. $filterable['id'] = $profile->id;
  165. $filterable['type'] = $class;
  166. break;
  167. default:
  168. abort(400);
  169. break;
  170. }
  171. $filter = UserFilter::whereUserId($user->id)
  172. ->whereFilterableId($filterable['id'])
  173. ->whereFilterableType($filterable['type'])
  174. ->whereFilterType('mute')
  175. ->first();
  176. if($filter) {
  177. $filter->delete();
  178. }
  179. $pid = $user->id;
  180. Cache::forget("user:filter:list:$pid");
  181. Cache::forget("feature:discover:posts:$pid");
  182. Cache::forget("api:local:exp:rec:$pid");
  183. if($request->wantsJson()) {
  184. return response()->json([200]);
  185. } else {
  186. return redirect()->back();
  187. }
  188. }
  189. public function block(Request $request)
  190. {
  191. $this->validate($request, [
  192. 'type' => 'required|alpha_dash',
  193. 'item' => 'required|integer|min:1',
  194. ]);
  195. $user = Auth::user()->profile;
  196. $type = $request->input('type');
  197. $item = $request->input('item');
  198. $action = $type.'.block';
  199. if (!in_array($action, $this->filters)) {
  200. return abort(406);
  201. }
  202. $filterable = [];
  203. switch ($type) {
  204. case 'user':
  205. $profile = Profile::findOrFail($item);
  206. if ($profile->id == $user->id) {
  207. return abort(403);
  208. }
  209. $class = get_class($profile);
  210. $filterable['id'] = $profile->id;
  211. $filterable['type'] = $class;
  212. Follower::whereProfileId($profile->id)->whereFollowingId($user->id)->delete();
  213. Notification::whereProfileId($user->id)->whereActorId($profile->id)->delete();
  214. break;
  215. }
  216. $filter = UserFilter::firstOrCreate([
  217. 'user_id' => $user->id,
  218. 'filterable_id' => $filterable['id'],
  219. 'filterable_type' => $filterable['type'],
  220. 'filter_type' => 'block',
  221. ]);
  222. $pid = $user->id;
  223. Cache::forget("user:filter:list:$pid");
  224. Cache::forget("feature:discover:posts:$pid");
  225. Cache::forget("api:local:exp:rec:$pid");
  226. return redirect()->back();
  227. }
  228. public function unblock(Request $request)
  229. {
  230. $this->validate($request, [
  231. 'type' => 'required|alpha_dash',
  232. 'item' => 'required|integer|min:1',
  233. ]);
  234. $user = Auth::user()->profile;
  235. $type = $request->input('type');
  236. $item = $request->input('item');
  237. $action = $type . '.block';
  238. if (!in_array($action, $this->filters)) {
  239. return abort(406);
  240. }
  241. $filterable = [];
  242. switch ($type) {
  243. case 'user':
  244. $profile = Profile::findOrFail($item);
  245. if ($profile->id == $user->id) {
  246. return abort(403);
  247. }
  248. $class = get_class($profile);
  249. $filterable['id'] = $profile->id;
  250. $filterable['type'] = $class;
  251. break;
  252. default:
  253. abort(400);
  254. break;
  255. }
  256. $filter = UserFilter::whereUserId($user->id)
  257. ->whereFilterableId($filterable['id'])
  258. ->whereFilterableType($filterable['type'])
  259. ->whereFilterType('block')
  260. ->first();
  261. if($filter) {
  262. $filter->delete();
  263. }
  264. $pid = $user->id;
  265. Cache::forget("user:filter:list:$pid");
  266. Cache::forget("feature:discover:posts:$pid");
  267. Cache::forget("api:local:exp:rec:$pid");
  268. return redirect()->back();
  269. }
  270. public function followRequests(Request $request)
  271. {
  272. $pid = Auth::user()->profile->id;
  273. $followers = FollowRequest::whereFollowingId($pid)->orderBy('id','desc')->whereIsRejected(0)->simplePaginate(10);
  274. return view('account.follow-requests', compact('followers'));
  275. }
  276. public function followRequestHandle(Request $request)
  277. {
  278. $this->validate($request, [
  279. 'action' => 'required|string|max:10',
  280. 'id' => 'required|integer|min:1'
  281. ]);
  282. $pid = Auth::user()->profile->id;
  283. $action = $request->input('action') === 'accept' ? 'accept' : 'reject';
  284. $id = $request->input('id');
  285. $followRequest = FollowRequest::whereFollowingId($pid)->findOrFail($id);
  286. $follower = $followRequest->follower;
  287. switch ($action) {
  288. case 'accept':
  289. $follow = new Follower();
  290. $follow->profile_id = $follower->id;
  291. $follow->following_id = $pid;
  292. $follow->save();
  293. FollowPipeline::dispatch($follow);
  294. $followRequest->delete();
  295. break;
  296. case 'reject':
  297. $followRequest->is_rejected = true;
  298. $followRequest->save();
  299. break;
  300. }
  301. return response()->json(['msg' => 'success'], 200);
  302. }
  303. public function sudoMode(Request $request)
  304. {
  305. return view('auth.sudo');
  306. }
  307. public function sudoModeVerify(Request $request)
  308. {
  309. $this->validate($request, [
  310. 'password' => 'required|string|max:500'
  311. ]);
  312. $user = Auth::user();
  313. $password = $request->input('password');
  314. $next = $request->session()->get('redirectNext', '/');
  315. if(password_verify($password, $user->password) === true) {
  316. $request->session()->put('sudoMode', time());
  317. return redirect($next);
  318. } else {
  319. return redirect()
  320. ->back()
  321. ->withErrors(['password' => __('auth.failed')]);
  322. }
  323. }
  324. public function twoFactorCheckpoint(Request $request)
  325. {
  326. return view('auth.checkpoint');
  327. }
  328. public function twoFactorVerify(Request $request)
  329. {
  330. $this->validate($request, [
  331. 'code' => 'required|string|max:32'
  332. ]);
  333. $user = Auth::user();
  334. $code = $request->input('code');
  335. $google2fa = new Google2FA();
  336. $verify = $google2fa->verifyKey($user->{'2fa_secret'}, $code);
  337. if($verify) {
  338. $request->session()->push('2fa.session.active', true);
  339. return redirect('/');
  340. } else {
  341. if($this->twoFactorBackupCheck($request, $code, $user)) {
  342. return redirect('/');
  343. }
  344. if($request->session()->has('2fa.attempts')) {
  345. $count = (int) $request->session()->has('2fa.attempts');
  346. $request->session()->push('2fa.attempts', $count + 1);
  347. } else {
  348. $request->session()->push('2fa.attempts', 1);
  349. }
  350. return redirect()->back()->withErrors([
  351. 'code' => 'Invalid code'
  352. ]);
  353. }
  354. }
  355. protected function twoFactorBackupCheck($request, $code, User $user)
  356. {
  357. $backupCodes = $user->{'2fa_backup_codes'};
  358. if($backupCodes) {
  359. $codes = json_decode($backupCodes, true);
  360. foreach ($codes as $c) {
  361. if(hash_equals($c, $code)) {
  362. $codes = array_flatten(array_diff($codes, [$code]));
  363. $user->{'2fa_backup_codes'} = json_encode($codes);
  364. $user->save();
  365. $request->session()->push('2fa.session.active', true);
  366. return true;
  367. } else {
  368. return false;
  369. }
  370. }
  371. } else {
  372. return false;
  373. }
  374. }
  375. public function accountRestored(Request $request)
  376. {
  377. }
  378. }