No OneTemporary
Actions

Size

82 KB

Subscribers

None

View Options

	diff --git a/less/pad.less b/less/pad.less
	index a132b30..d3e4350 100644
	--- a/less/pad.less
	+++ b/less/pad.less
	@@ -1,471 +1,509 @@
	.dropdown-nav {
	font-family: @sansFont;
	line-height: 2em;
	span {
	margin: 0;
	}
	.material-icons {
	vertical-align: sub;
	}
	>ul>li {
	line-height: 1.8;
	bottom: -0.35em;
	}
	ul {
	display: inline;
	list-style:none;
	position:relative;
	margin:0;
	padding:0;

	ul {
	display:none;
	position:absolute;
	top:100%;
	left:0;
	background:#fff;
	padding:0;
	max-height: 30em;
	overflow-y: auto;
	overflow-x: hidden;
	border: 1px solid @lightNavBorder;
	.rounded(.25em);
	li {
	line-height: 1.8;
	display: block;
	min-width: 9em;
	max-width: 16em;
	}
	}
	a {
	display: block;
	color:#333;
	text-decoration:none;
	padding: 0 0.5em;
	margin: 0;
	overflow: hidden;
	white-space: -moz-nowrap; /* Mozilla, since 1999 */
	white-space: -nowrap; /* Opera 4-6 */
	white-space: -o-nowrap; /* Opera 7 */
	white-space: nowrap;
	&:hover {
	text-decoration: none;
	}
	}
	li {
	display: inline-block;
	position: relative;
	margin: 0;
	padding: 0;
	&:hover {
	background: @lightNavHoverBG;
	}
	&:hover > ul {
	display: block;
	}
	&.selected {
	a, a:hover {
	color: #888;
	}
	}
	&.current-user, &.menu-heading {
	font-weight: bold;
	padding: 0 .5em;
	color: #000;
	&:hover {
	background-color: transparent !important;
	}
	}
	&.menu-heading {
	color: #666;
	font-weight: normal;
	font-size: 0.8em;
	padding: 0.2em 0.8em;
	cursor: default;
	text-align: left;
	}
	hr {
	margin: 0.5em 0.75em;
	}
	}
	}
	}
	nav#manage {
	.dropdown-nav;
	ul ul li {
	min-width: 11em;
	img.ic-18dp {
	margin-top: -2px;
	}
	}
	}

	img.ic-18dp {
	width: 18px;
	height: 18px;
	vertical-align: middle;
	}

	img.ic-24dp {
	width: 24px;
	height: 24px;
	vertical-align: middle;
	}

	body#pad, body#pad-sub {
	margin: 0;
	padding: 0;
	font-size: 100%;
	font-family: Lora, serif;

	header {
	height: 1.6em;
	}

	#tools {
	margin: 0 0 1em;
	padding: 1em 2em;
	-moz-transition-property: opacity;
	-webkit-transition-property: opacity;
	-o-transition-property: opacity;
	transition-property: opacity;
	.transition-duration(0.4s);

	&:hover {
	.opacity(1);

	.hidden {
	.opacity(1);
	}
	}

	.hidden {
	&#wc {
	position: relative;
	top: -0.15em;
	font-size: 0.9em;
	margin-left: 0.75em;
	}
	}

	h1 {
	display: inline-block;
	font-family: Lora, serif;
	margin: 0;
	font-size: 1.5em;

	a {
	color: white;
	}
	}

	nav {
	.dropdown-nav;
	}

	#clip {
	display: inline-block;
	margin-top: -0.35em;
	}

	#belt {
	float: right;

	a {
	padding: 1em 1.2em;
	vertical-align: middle;
	.opacity(.75);
	.transition-duration(0.2s);
	-moz-transition-property: opacity;
	-webkit-transition-property: opacity;
	-o-transition-property: opacity;
	transition-property: opacity;

	&:hover {
	.opacity(1);
	}

	&.disabled, &.disabled:hover {
	.opacity(.3);
	}

	img.ic-24dp {
	vertical-align: bottom;
	}

	.material-icons {
	vertical-align: middle;
	max-width: 24px;
	overflow: hidden;
	display: inline-block;
	}

	.material-icons, img.ic-24dp {
	&+ span {
	margin-left: .4em;
	height: 24px;
	vertical-align: bottom;
	}
	}
	}
	.tool:last-child a {
	padding-right: 0;
	}
	}

	.tool {
	display: inline-block;
	margin: 0;

	&#status {
	&.doing {
	font-style: italic;
	}
	}
	button {
	font-family: @sansFont;
	background-color: transparent;
	padding-top: 0.25rem;
	padding-bottom: 0.25rem;
	border: 0;
	}
	}
	}
	}

	body#pad-sub {
	.content-container {
	p {
	a:hover {
	text-decoration: underline;
	}
	&.status {
	text-align: center;
	font-size: 1.1em;
	&:first-child {
	margin-top: 1.5em;
	}
	}
	}
	}
	}

	body#pad {
	textarea,
	textarea:focus {
	border: 0;
	outline: 0;
	}
	textarea {
	position: fixed !important;
	top: 3em;
	right: 0;
	bottom: 0;
	left: 0;
	width: 100%;
	height: auto;
	height: calc(~"100% - 3em - 1px");
	padding: 1em 2em 2em;
	font-size: 1.2em;
	letter-spacing: 0.6px;
	box-sizing: border-box;
	resize: none;

	&.classy {
	font-family: Lora, serif;
	letter-spacing: 0.7px;
	}
	&.mono, &.code {
	padding-left: 1em;
	padding-right: 1em;
	white-space: -moz-pre; /* Mozilla, since 1999 */
	white-space: -pre; /* Opera 4-6 */
	white-space: -o-pre; /* Opera 7 */
	white-space: pre;
	word-wrap: normal;
	}
	&.norm, &.sans, &.wrap {
	line-height: 1.4;
	}
	}

	#tools {
	position: fixed;
	top: 0;
	left: 0;
	right: 0;
	margin: 0;
	.opacity(.2);

	.mode-wp {
	font-family: serif;
	}
	.mode-typewriter {
	font-family: "Courier New", monospace;
	font-size: 1em;
	}
	}
	}

	.modal {
	display: none;
	position: absolute;
	z-index: 11;
	top: 3em;
	left: 50%;
	width: 30em;
	margin-left: -15em;
	padding: 1.5em 2em;
	.rounded(.25em);
	background: @lightNavBG;
	border: 1px solid @lightNavBorder;

	h2 {
	margin-top: 0;
	}

	input[type=text], input[type=email], input[type=password] {
	background: transparent;
	border: 0;
	border-bottom: 1px solid #ccc;
	-moz-transition-property: opacity;
	-webkit-transition-property: opacity;
	-o-transition-property: opacity;
	transition-property: opacity;
	.transition-duration(0.2s);
	.opacity(1);

	&:disabled {
	.opacity(.4);
	}
	}

	.short {
	text-align: center;
	}

	.form-hint {
	font-size: 0.78em;
	color: #888;
	}
	}

	#overlay {
	display: none;
	position: fixed;
	top: 0;
	right: 0;
	bottom: 0;
	left: 0;
	background: rgba(0, 0, 0, 0.4);
	z-index: 10;
	}

	+body#pad .alert {
	+ position: fixed;
	+ bottom: 0.25em;
	+ left: 2em;
	+ right: 2em;
	+ font-size: 1.1em;
	+
	+ &#edited-elsewhere {
	+ &.hidden {
	+ display: none;
	+ }
	+
	+ a {
	+ font-weight: bold;
	+ }
	+ }
	+}
	+
	@media all and (max-height: 500px) {
	body#pad {
	textarea {
	top: 2.25em;
	padding-top: 0.25em;
	}
	#tools {
	padding-top: 0.5em;
	padding-bottom: 0.5em;
	}
	}
	}

	@media all and (min-width: 360px) {
	body#pad #tools .if-room.room-1, body#pad-sub #tools .tool.if-room.room-1, .if-room.room-1 {
	display: inline-block;
	}
	}

	@media all and (min-width: 425px) {
	body#pad #tools .if-room.room-2, body#pad-sub #tools .tool.if-room.room-2, .if-room.room-2 {
	display: inline-block;
	}
	}

	@media all and (min-width: 510px) {
	body#pad #tools .if-room.room-3, body#pad-sub #tools .tool.if-room.room-3, .if-room.room-3 {
	display: inline-block;
	}
	}

	@media all and (max-width: 650px) {
	body#pad #tools .tool.if-room, body#pad-sub #tools .tool.if-room, .if-room {
	display: none;
	}
	}

	@media all and (max-width: 600px) {
	.modal {
	margin-left: 0;
	width: auto;
	left: 0;
	right: 0;
	}
	#user-nav .tabs {
	display: block;
	text-align: center;
	margin: 0.5em 0 -2em;
	a:first-child {
	margin-left: 0;
	}
	}
	#target-name {
	max-width: 98px;
	display: inline-block;
	}
	}

	@media all and (min-width: 50em) {
	body#pad {
	textarea {
	padding-left: 10%;
	padding-right: 10%;
	}
	+ .alert {
	+ left: 10%;
	+ right: 10%;
	+ }
	}
	}
	@media all and (min-width: 60em) {
	body#pad {
	textarea {
	padding-left: 15%;
	padding-right: 15%;
	}
	+ .alert {
	+ left: 15%;
	+ right: 15%;
	+ }
	}
	}
	@media all and (min-width: 70em) {
	body#pad {
	textarea {
	padding-left: 20%;
	padding-right: 20%;
	}
	+ .alert {
	+ left: 20%;
	+ right: 20%;
	+ }
	}
	}
	@media all and (min-width: 85em) {
	body#pad {
	textarea {
	padding-left: 25%;
	padding-right: 25%;
	}
	+ .alert {
	+ left: 25%;
	+ right: 25%;
	+ }
	}
	}
	@media all and (min-width: 105em) {
	body#pad {
	textarea {
	padding-left: 30%;
	padding-right: 30%;
	}
	+ .alert {
	+ left: 30%;
	+ right: 30%;
	+ }
	}
	}
	@media (pointer: coarse) {
	body#pad, body#pad-sub {
	#tools {
	.opacity(.8);
	.hidden {
	.opacity(.8);
	}
	}
	}
	}
	diff --git a/posts.go b/posts.go
	index 82907ba..5c69659 100644
	--- a/posts.go
	+++ b/posts.go
	@@ -1,1574 +1,1583 @@
	/*
	* Copyright © 2018-2020 A Bunch Tell LLC.
	*
	* This file is part of WriteFreely.
	*
	* WriteFreely is free software: you can redistribute it and/or modify
	* it under the terms of the GNU Affero General Public License, included
	* in the LICENSE file in this source code package.
	*/

	package writefreely

	import (
	"database/sql"
	"encoding/json"
	"fmt"
	"html/template"
	"net/http"
	"net/url"
	"regexp"
	"strings"
	"time"

	"github.com/gorilla/mux"
	"github.com/guregu/null"
	"github.com/guregu/null/zero"
	"github.com/kylemcc/twitter-text-go/extract"
	"github.com/microcosm-cc/bluemonday"
	stripmd "github.com/writeas/go-strip-markdown"
	"github.com/writeas/impart"
	"github.com/writeas/monday"
	"github.com/writeas/slug"
	"github.com/writeas/web-core/activitystreams"
	"github.com/writeas/web-core/bots"
	"github.com/writeas/web-core/converter"
	"github.com/writeas/web-core/i18n"
	"github.com/writeas/web-core/log"
	"github.com/writeas/web-core/tags"
	"github.com/writeas/writefreely/page"
	"github.com/writeas/writefreely/parse"
	)

	const (
	// Post ID length bounds
	minIDLen = 10
	maxIDLen = 10
	userPostIDLen = 10
	postIDLen = 10

	postMetaDateFormat = "2006-01-02 15:04:05"
	)

	type (
	AnonymousPost struct {
	ID string
	Content string
	HTMLContent template.HTML
	Font string
	Language string
	Direction string
	Title string
	GenTitle string
	Description string
	Author string
	Views int64
	Images []string
	IsPlainText bool
	IsCode bool
	IsLinkable bool
	}

	AuthenticatedPost struct {
	ID string `json:"id" schema:"id"`
	Web bool `json:"web" schema:"web"`
	*SubmittedPost
	}

	// SubmittedPost represents a post supplied by a client for publishing or
	// updating. Since Title and Content can be updated to "", they are
	// pointers that can be easily tested to detect changes.
	SubmittedPost struct {
	Slug *string `json:"slug" schema:"slug"`
	Title *string `json:"title" schema:"title"`
	Content *string `json:"body" schema:"body"`
	Font string `json:"font" schema:"font"`
	IsRTL converter.NullJSONBool `json:"rtl" schema:"rtl"`
	Language converter.NullJSONString `json:"lang" schema:"lang"`
	Created *string `json:"created" schema:"created"`
	}

	// Post represents a post as found in the database.
	Post struct {
	ID string `db:"id" json:"id"`
	Slug null.String `db:"slug" json:"slug,omitempty"`
	Font string `db:"text_appearance" json:"appearance"`
	Language zero.String `db:"language" json:"language"`
	RTL zero.Bool `db:"rtl" json:"rtl"`
	Privacy int64 `db:"privacy" json:"-"`
	OwnerID null.Int `db:"owner_id" json:"-"`
	CollectionID null.Int `db:"collection_id" json:"-"`
	PinnedPosition null.Int `db:"pinned_position" json:"-"`
	Created time.Time `db:"created" json:"created"`
	Updated time.Time `db:"updated" json:"updated"`
	ViewCount int64 `db:"view_count" json:"-"`
	Title zero.String `db:"title" json:"title"`
	HTMLTitle template.HTML `db:"title" json:"-"`
	Content string `db:"content" json:"body"`
	HTMLContent template.HTML `db:"content" json:"-"`
	HTMLExcerpt template.HTML `db:"content" json:"-"`
	Tags []string `json:"tags"`
	Images []string `json:"images,omitempty"`

	OwnerName string `json:"owner,omitempty"`
	}

	// PublicPost holds properties for a publicly returned post, i.e. a post in
	// a context where the viewer may not be the owner. As such, sensitive
	// metadata for the post is hidden and properties supporting the display of
	// the post are added.
	PublicPost struct {
	*Post
	IsSubdomain bool `json:"-"`
	IsTopLevel bool `json:"-"`
	DisplayDate string `json:"-"`
	Views int64 `json:"views"`
	Owner *PublicUser `json:"-"`
	IsOwner bool `json:"-"`
	Collection *CollectionObj `json:"collection,omitempty"`
	}

	RawPost struct {
	Id, Slug string
	Title string
	Content string
	Views int64
	Font string
	Created time.Time
	+ Updated time.Time
	IsRTL sql.NullBool
	Language sql.NullString
	OwnerID int64
	CollectionID sql.NullInt64

	Found bool
	Gone bool
	}

	AnonymousAuthPost struct {
	ID string `json:"id"`
	Token string `json:"token"`
	}
	ClaimPostRequest struct {
	*AnonymousAuthPost
	CollectionAlias string `json:"collection"`
	CreateCollection bool `json:"create_collection"`

	// Generated properties
	Slug string `json:"-"`
	}
	ClaimPostResult struct {
	ID string `json:"id,omitempty"`
	Code int `json:"code,omitempty"`
	ErrorMessage string `json:"error_msg,omitempty"`
	Post *PublicPost `json:"post,omitempty"`
	}
	)

	func (p *Post) Direction() string {
	if p.RTL.Valid {
	if p.RTL.Bool {
	return "rtl"
	}
	return "ltr"
	}
	return "auto"
	}

	// DisplayTitle dynamically generates a title from the Post's contents if it
	// doesn't already have an explicit title.
	func (p *Post) DisplayTitle() string {
	if p.Title.String != "" {
	return p.Title.String
	}
	t := friendlyPostTitle(p.Content, p.ID)
	return t
	}

	// PlainDisplayTitle dynamically generates a title from the Post's contents if it
	// doesn't already have an explicit title.
	func (p *Post) PlainDisplayTitle() string {
	if t := stripmd.Strip(p.DisplayTitle()); t != "" {
	return t
	}
	return p.ID
	}

	// FormattedDisplayTitle dynamically generates a title from the Post's contents if it
	// doesn't already have an explicit title.
	func (p *Post) FormattedDisplayTitle() template.HTML {
	if p.HTMLTitle != "" {
	return p.HTMLTitle
	}
	return template.HTML(p.DisplayTitle())
	}

	// Summary gives a shortened summary of the post based on the post's title,
	// especially for display in a longer list of posts. It extracts a summary for
	// posts in the Title\n\nBody format, returning nothing if the entire was short
	// enough that the extracted title == extracted summary.
	func (p Post) Summary() string {
	if p.Content == "" {
	return ""
	}
	// Strip out HTML
	p.Content = bluemonday.StrictPolicy().Sanitize(p.Content)
	// and Markdown
	p.Content = stripmd.Strip(p.Content)

	title := p.Title.String
	var desc string
	if title == "" {
	// No title, so generate one
	title = friendlyPostTitle(p.Content, p.ID)
	desc = postDescription(p.Content, title, p.ID)
	if desc == title {
	return ""
	}
	return desc
	}

	return shortPostDescription(p.Content)
	}

	func (p Post) SummaryHTML() template.HTML {
	return template.HTML(p.Summary())
	}

	// Excerpt shows any text that comes before a (more) tag.
	// TODO: use HTMLExcerpt in templates instead of this method
	func (p *Post) Excerpt() template.HTML {
	return p.HTMLExcerpt
	}

	func (p *Post) CreatedDate() string {
	return p.Created.Format("2006-01-02")
	}

	func (p *Post) Created8601() string {
	return p.Created.Format("2006-01-02T15:04:05Z")
	}

	func (p *Post) IsScheduled() bool {
	return p.Created.After(time.Now())
	}

	func (p *Post) HasTag(tag string) bool {
	// Regexp looks for tag and has a non-capturing group at the end looking
	// for the end of the word.
	// Assisted by: https://stackoverflow.com/a/35192941/1549194
	hasTag, _ := regexp.MatchString("#"+tag+`(?:[[:punct:]]\|\s\|\z)`, p.Content)
	return hasTag
	}

	func (p *Post) HasTitleLink() bool {
	if p.Title.String == "" {
	return false
	}
	hasLink, _ := regexp.MatchString(`([^!]+\|^)\[.+\]$.+$`, p.Title.String)
	return hasLink
	}

	func handleViewPost(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	friendlyID := vars["post"]

	// NOTE: until this is done better, be sure to keep this in parity with
	// isRaw() and viewCollectionPost()
	isJSON := strings.HasSuffix(friendlyID, ".json")
	isXML := strings.HasSuffix(friendlyID, ".xml")
	isCSS := strings.HasSuffix(friendlyID, ".css")
	isMarkdown := strings.HasSuffix(friendlyID, ".md")
	isRaw := strings.HasSuffix(friendlyID, ".txt") \|\| isJSON \|\| isXML \|\| isCSS \|\| isMarkdown

	// Display reserved page if that is requested resource
	if t, ok := pages[r.URL.Path[1:]+".tmpl"]; ok {
	return handleTemplatedPage(app, w, r, t)
	} else if (strings.Contains(r.URL.Path, ".") && !isRaw && !isMarkdown) \|\| r.URL.Path == "/robots.txt" \|\| r.URL.Path == "/manifest.json" {
	// Serve static file
	app.shttp.ServeHTTP(w, r)
	return nil
	}

	// Display collection if this is a collection
	c, _ := app.db.GetCollection(friendlyID)
	if c != nil {
	return impart.HTTPError{http.StatusMovedPermanently, fmt.Sprintf("/%s/", friendlyID)}
	}

	// Normalize the URL, redirecting user to consistent post URL
	if friendlyID != strings.ToLower(friendlyID) {
	return impart.HTTPError{http.StatusMovedPermanently, fmt.Sprintf("/%s", strings.ToLower(friendlyID))}
	}

	ext := ""
	if isRaw {
	parts := strings.Split(friendlyID, ".")
	friendlyID = parts[0]
	if len(parts) > 1 {
	ext = "." + parts[1]
	}
	}

	var ownerID sql.NullInt64
	var title string
	var content string
	var font string
	var language []byte
	var rtl []byte
	var views int64
	var post *AnonymousPost
	var found bool
	var gone bool

	fixedID := slug.Make(friendlyID)
	if fixedID != friendlyID {
	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/%s%s", fixedID, ext)}
	}

	err := app.db.QueryRow(fmt.Sprintf("SELECT owner_id, title, content, text_appearance, view_count, language, rtl FROM posts WHERE id = ?"), friendlyID).Scan(&ownerID, &title, &content, &font, &views, &language, &rtl)
	switch {
	case err == sql.ErrNoRows:
	found = false

	// Output the error in the correct format
	if isJSON {
	content = "{\"error\": \"Post not found.\"}"
	} else if isRaw {
	content = "Post not found."
	} else {
	return ErrPostNotFound
	}
	case err != nil:
	found = false

	log.Error("Post loading err: %s\n", err)
	return ErrInternalGeneral
	default:
	found = true

	var d string
	if len(rtl) == 0 {
	d = "auto"
	} else if rtl[0] == 49 {
	// TODO: find a cleaner way to get this (possibly NULL) value
	d = "rtl"
	} else {
	d = "ltr"
	}
	generatedTitle := friendlyPostTitle(content, friendlyID)
	sanitizedContent := content
	if font != "code" {
	sanitizedContent = template.HTMLEscapeString(content)
	}
	var desc string
	if title == "" {
	desc = postDescription(content, title, friendlyID)
	} else {
	desc = shortPostDescription(content)
	}
	post = &AnonymousPost{
	ID: friendlyID,
	Content: sanitizedContent,
	Title: title,
	GenTitle: generatedTitle,
	Description: desc,
	Author: "",
	Font: font,
	IsPlainText: isRaw,
	IsCode: font == "code",
	IsLinkable: font != "code",
	Views: views,
	Language: string(language),
	Direction: d,
	}
	if !isRaw {
	post.HTMLContent = template.HTML(applyMarkdown([]byte(content), "", app.cfg))
	post.Images = extractImages(post.Content)
	}
	}

	var silenced bool
	if found {
	silenced, err = app.db.IsUserSilenced(ownerID.Int64)
	if err != nil {
	log.Error("view post: %v", err)
	}
	}

	// Check if post has been unpublished
	if content == "" {
	gone = true

	if isJSON {
	content = "{\"error\": \"Post was unpublished.\"}"
	} else if isCSS {
	content = ""
	} else if isRaw {
	content = "Post was unpublished."
	} else {
	return ErrPostUnpublished
	}
	}

	var u = &User{}
	if isRaw {
	contentType := "text/plain"
	if isJSON {
	contentType = "application/json"
	} else if isCSS {
	contentType = "text/css"
	} else if isXML {
	contentType = "application/xml"
	} else if isMarkdown {
	contentType = "text/markdown"
	}
	w.Header().Set("Content-Type", fmt.Sprintf("%s; charset=utf-8", contentType))
	if isMarkdown && post.Title != "" {
	fmt.Fprintf(w, "%s\n", post.Title)
	for i := 1; i <= len(post.Title); i++ {
	fmt.Fprintf(w, "=")
	}
	fmt.Fprintf(w, "\n\n")
	}
	fmt.Fprint(w, content)

	if !found {
	return ErrPostNotFound
	} else if gone {
	return ErrPostUnpublished
	}
	} else {
	var err error
	page := struct {
	*AnonymousPost
	page.StaticPage
	Username string
	IsOwner bool
	SiteURL string
	Silenced bool
	}{
	AnonymousPost: post,
	StaticPage: pageForReq(app, r),
	SiteURL: app.cfg.App.Host,
	}
	if u = getUserSession(app, r); u != nil {
	page.Username = u.Username
	page.IsOwner = ownerID.Valid && ownerID.Int64 == u.ID
	}

	if !page.IsOwner && silenced {
	return ErrPostNotFound
	}
	page.Silenced = silenced
	err = templates["post"].ExecuteTemplate(w, "post", page)
	if err != nil {
	log.Error("Post template execute error: %v", err)
	}
	}

	go func() {
	if u != nil && ownerID.Valid && ownerID.Int64 == u.ID {
	// Post is owned by someone; skip view increment since that person is viewing this post.
	return
	}
	// Update stats for non-raw post views
	if !isRaw && r.Method != "HEAD" && !bots.IsBot(r.UserAgent()) {
	_, err := app.db.Exec("UPDATE posts SET view_count = view_count + 1 WHERE id = ?", friendlyID)
	if err != nil {
	log.Error("Unable to update posts count: %v", err)
	}
	}
	}()

	return nil
	}

	// API v2 funcs
	// newPost creates a new post with or without an owning Collection.
	//
	// Endpoints:
	// /posts
	// /posts?collection={alias}
	// ? /collections/{alias}/posts
	func newPost(app App, w http.ResponseWriter, r http.Request) error {
	reqJSON := IsJSON(r)
	vars := mux.Vars(r)
	collAlias := vars["alias"]
	if collAlias == "" {
	collAlias = r.FormValue("collection")
	}
	accessToken := r.Header.Get("Authorization")
	if accessToken == "" {
	// TODO: remove this
	accessToken = r.FormValue("access_token")
	}

	// FIXME: determine web submission with Content-Type header
	var u *User
	var userID int64 = -1
	var username string
	if accessToken == "" {
	u = getUserSession(app, r)
	if u != nil {
	userID = u.ID
	username = u.Username
	}
	} else {
	userID = app.db.GetUserID(accessToken)
	}
	silenced, err := app.db.IsUserSilenced(userID)
	if err != nil {
	log.Error("new post: %v", err)
	}
	if silenced {
	return ErrUserSilenced
	}

	if userID == -1 {
	return ErrNotLoggedIn
	}

	if accessToken == "" && u == nil && collAlias != "" {
	return impart.HTTPError{http.StatusBadRequest, "Parameter `access_token` required."}
	}

	// Get post data
	var p *SubmittedPost
	if reqJSON {
	decoder := json.NewDecoder(r.Body)
	err = decoder.Decode(&p)
	if err != nil {
	log.Error("Couldn't parse new post JSON request: %v\n", err)
	return ErrBadJSON
	}
	if p.Title == nil {
	t := ""
	p.Title = &t
	}
	if strings.TrimSpace(*(p.Content)) == "" {
	return ErrNoPublishableContent
	}
	} else {
	post := r.FormValue("body")
	appearance := r.FormValue("font")
	title := r.FormValue("title")
	rtlValue := r.FormValue("rtl")
	langValue := r.FormValue("lang")
	if strings.TrimSpace(post) == "" {
	return ErrNoPublishableContent
	}

	var isRTL, rtlValid bool
	if rtlValue == "auto" && langValue != "" {
	isRTL = i18n.LangIsRTL(langValue)
	rtlValid = true
	} else {
	isRTL = rtlValue == "true"
	rtlValid = rtlValue != "" && langValue != ""
	}

	// Create a new post
	p = &SubmittedPost{
	Title: &title,
	Content: &post,
	Font: appearance,
	IsRTL: converter.NullJSONBool{sql.NullBool{Bool: isRTL, Valid: rtlValid}},
	Language: converter.NullJSONString{sql.NullString{String: langValue, Valid: langValue != ""}},
	}
	}
	if !p.isFontValid() {
	p.Font = "norm"
	}

	var newPost *PublicPost = &PublicPost{}
	var coll *Collection
	if accessToken != "" {
	newPost, err = app.db.CreateOwnedPost(p, accessToken, collAlias, app.cfg.App.Host)
	} else {
	//return ErrNotLoggedIn
	// TODO: verify user is logged in
	var collID int64
	if collAlias != "" {
	coll, err = app.db.GetCollection(collAlias)
	if err != nil {
	return err
	}
	coll.hostName = app.cfg.App.Host
	if coll.OwnerID != u.ID {
	return ErrForbiddenCollection
	}
	collID = coll.ID
	}
	// TODO: return PublicPost from createPost
	newPost.Post, err = app.db.CreatePost(userID, collID, p)
	}
	if err != nil {
	return err
	}
	if coll != nil {
	coll.ForPublic()
	newPost.Collection = &CollectionObj{Collection: *coll}
	}

	newPost.extractData()
	newPost.OwnerName = username

	// Write success now
	response := impart.WriteSuccess(w, newPost, http.StatusCreated)

	if newPost.Collection != nil && !app.cfg.App.Private && app.cfg.App.Federation && !newPost.Created.After(time.Now()) {
	go federatePost(app, newPost, newPost.Collection.ID, false)
	}

	return response
	}

	func existingPost(app App, w http.ResponseWriter, r http.Request) error {
	reqJSON := IsJSON(r)
	vars := mux.Vars(r)
	postID := vars["post"]

	p := AuthenticatedPost{ID: postID}
	var err error

	if reqJSON {
	// Decode JSON request
	decoder := json.NewDecoder(r.Body)
	err = decoder.Decode(&p)
	if err != nil {
	log.Error("Couldn't parse post update JSON request: %v\n", err)
	return ErrBadJSON
	}
	} else {
	err = r.ParseForm()
	if err != nil {
	log.Error("Couldn't parse post update form request: %v\n", err)
	return ErrBadFormData
	}

	// Can't decode to a nil SubmittedPost property, so create instance now
	p.SubmittedPost = &SubmittedPost{}
	err = app.formDecoder.Decode(&p, r.PostForm)
	if err != nil {
	log.Error("Couldn't decode post update form request: %v\n", err)
	return ErrBadFormData
	}
	}

	if p.Web {
	p.IsRTL.Valid = true
	}

	if p.SubmittedPost == nil {
	return ErrPostNoUpdatableVals
	}

	// Ensure an access token was given
	accessToken := r.Header.Get("Authorization")
	// Get user's cookie session if there's no token
	var u *User
	//var username string
	if accessToken == "" {
	u = getUserSession(app, r)
	if u != nil {
	//username = u.Username
	}
	}
	if u == nil && accessToken == "" {
	return ErrNoAccessToken
	}

	// Get user ID from current session or given access token, if one was given.
	var userID int64
	if u != nil {
	userID = u.ID
	} else if accessToken != "" {
	userID, err = AuthenticateUser(app.db, accessToken)
	if err != nil {
	return err
	}
	}

	silenced, err := app.db.IsUserSilenced(userID)
	if err != nil {
	log.Error("existing post: %v", err)
	}
	if silenced {
	return ErrUserSilenced
	}

	// Modify post struct
	p.ID = postID

	err = app.db.UpdateOwnedPost(&p, userID)
	if err != nil {
	if reqJSON {
	return err
	}

	if err, ok := err.(impart.HTTPError); ok {
	addSessionFlash(app, w, r, err.Message, nil)
	} else {
	addSessionFlash(app, w, r, err.Error(), nil)
	}
	}

	var pRes *PublicPost
	pRes, err = app.db.GetPost(p.ID, 0)
	if reqJSON {
	if err != nil {
	return err
	}
	pRes.extractData()
	}

	if pRes.CollectionID.Valid {
	coll, err := app.db.GetCollectionBy("id = ?", pRes.CollectionID.Int64)
	if err == nil && !app.cfg.App.Private && app.cfg.App.Federation {
	coll.hostName = app.cfg.App.Host
	pRes.Collection = &CollectionObj{Collection: *coll}
	go federatePost(app, pRes, pRes.Collection.ID, true)
	}
	}

	// Write success now
	if reqJSON {
	return impart.WriteSuccess(w, pRes, http.StatusOK)
	}

	addSessionFlash(app, w, r, "Changes saved.", nil)
	collectionAlias := vars["alias"]
	redirect := "/" + postID + "/meta"
	if collectionAlias != "" {
	collPre := "/" + collectionAlias
	if app.cfg.App.SingleUser {
	collPre = ""
	}
	redirect = collPre + "/" + pRes.Slug.String + "/edit/meta"
	} else {
	if app.cfg.App.SingleUser {
	redirect = "/d" + redirect
	}
	}
	w.Header().Set("Location", redirect)
	w.WriteHeader(http.StatusFound)

	return nil
	}

	func deletePost(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	friendlyID := vars["post"]
	editToken := r.FormValue("token")

	var ownerID int64
	var u *User
	accessToken := r.Header.Get("Authorization")
	if accessToken == "" && editToken == "" {
	u = getUserSession(app, r)
	if u == nil {
	return ErrNoAccessToken
	}
	}

	var res sql.Result
	var t *sql.Tx
	var err error
	var collID sql.NullInt64
	var coll *Collection
	var pp *PublicPost
	if editToken != "" {
	// TODO: SELECT owner_id, as well, and return appropriate error if NULL instead of running two queries
	var dummy int64
	err = app.db.QueryRow("SELECT 1 FROM posts WHERE id = ?", friendlyID).Scan(&dummy)
	switch {
	case err == sql.ErrNoRows:
	return impart.HTTPError{http.StatusNotFound, "Post not found."}
	}
	err = app.db.QueryRow("SELECT 1 FROM posts WHERE id = ? AND owner_id IS NULL", friendlyID).Scan(&dummy)
	switch {
	case err == sql.ErrNoRows:
	// Post already has an owner. This could provide a bad experience
	// for the user, but it's more important to ensure data isn't lost
	// unexpectedly. So prevent deletion via token.
	return impart.HTTPError{http.StatusConflict, "This post belongs to some user (hopefully yours). Please log in and delete it from that user's account."}
	}
	res, err = app.db.Exec("DELETE FROM posts WHERE id = ? AND modify_token = ? AND owner_id IS NULL", friendlyID, editToken)
	} else if accessToken != "" \|\| u != nil {
	// Caller provided some way to authenticate; assume caller expects the
	// post to be deleted based on a specific post owner, thus we should
	// return corresponding errors.
	if accessToken != "" {
	ownerID = app.db.GetUserID(accessToken)
	if ownerID == -1 {
	return ErrBadAccessToken
	}
	} else {
	ownerID = u.ID
	}

	// TODO: don't make two queries
	var realOwnerID sql.NullInt64
	err = app.db.QueryRow("SELECT collection_id, owner_id FROM posts WHERE id = ?", friendlyID).Scan(&collID, &realOwnerID)
	if err != nil {
	return err
	}
	if !collID.Valid {
	// There's no collection; simply delete the post
	res, err = app.db.Exec("DELETE FROM posts WHERE id = ? AND owner_id = ?", friendlyID, ownerID)
	} else {
	// Post belongs to a collection; do any additional clean up
	coll, err = app.db.GetCollectionBy("id = ?", collID.Int64)
	if err != nil {
	log.Error("Unable to get collection: %v", err)
	return err
	}
	if app.cfg.App.Federation {
	// First fetch full post for federation
	pp, err = app.db.GetOwnedPost(friendlyID, ownerID)
	if err != nil {
	log.Error("Unable to get owned post: %v", err)
	return err
	}
	collObj := &CollectionObj{Collection: *coll}
	pp.Collection = collObj
	}

	t, err = app.db.Begin()
	if err != nil {
	log.Error("No begin: %v", err)
	return err
	}
	res, err = t.Exec("DELETE FROM posts WHERE id = ? AND owner_id = ?", friendlyID, ownerID)
	}
	} else {
	return impart.HTTPError{http.StatusBadRequest, "No authenticated user or post token given."}
	}
	if err != nil {
	return err
	}

	affected, err := res.RowsAffected()
	if err != nil {
	if t != nil {
	t.Rollback()
	log.Error("Rows affected err! Rolling back")
	}
	return err
	} else if affected == 0 {
	if t != nil {
	t.Rollback()
	log.Error("No rows affected! Rolling back")
	}
	return impart.HTTPError{http.StatusForbidden, "Post not found, or you're not the owner."}
	}
	if t != nil {
	t.Commit()
	}
	if coll != nil && !app.cfg.App.Private && app.cfg.App.Federation {
	go deleteFederatedPost(app, pp, collID.Int64)
	}

	return impart.HTTPError{Status: http.StatusNoContent}
	}

	// addPost associates a post with the authenticated user.
	func addPost(app App, w http.ResponseWriter, r http.Request) error {
	var ownerID int64

	// Authenticate user
	at := r.Header.Get("Authorization")
	if at != "" {
	ownerID = app.db.GetUserID(at)
	if ownerID == -1 {
	return ErrBadAccessToken
	}
	} else {
	u := getUserSession(app, r)
	if u == nil {
	return ErrNotLoggedIn
	}
	ownerID = u.ID
	}

	silenced, err := app.db.IsUserSilenced(ownerID)
	if err != nil {
	log.Error("add post: %v", err)
	}
	if silenced {
	return ErrUserSilenced
	}

	// Parse claimed posts in format:
	// [{"id": "...", "token": "..."}]
	var claims *[]ClaimPostRequest
	decoder := json.NewDecoder(r.Body)
	err = decoder.Decode(&claims)
	if err != nil {
	return ErrBadJSONArray
	}

	vars := mux.Vars(r)
	collAlias := vars["alias"]

	// Update all given posts
	res, err := app.db.ClaimPosts(app.cfg, ownerID, collAlias, claims)
	if err != nil {
	return err
	}

	if !app.cfg.App.Private && app.cfg.App.Federation {
	for _, pRes := range *res {
	if pRes.Code != http.StatusOK {
	continue
	}
	if !pRes.Post.Created.After(time.Now()) {
	pRes.Post.Collection.hostName = app.cfg.App.Host
	go federatePost(app, pRes.Post, pRes.Post.Collection.ID, false)
	}
	}
	}
	return impart.WriteSuccess(w, res, http.StatusOK)
	}

	func dispersePost(app App, w http.ResponseWriter, r http.Request) error {
	var ownerID int64

	// Authenticate user
	at := r.Header.Get("Authorization")
	if at != "" {
	ownerID = app.db.GetUserID(at)
	if ownerID == -1 {
	return ErrBadAccessToken
	}
	} else {
	u := getUserSession(app, r)
	if u == nil {
	return ErrNotLoggedIn
	}
	ownerID = u.ID
	}

	// Parse posts in format:
	// ["..."]
	var postIDs []string
	decoder := json.NewDecoder(r.Body)
	err := decoder.Decode(&postIDs)
	if err != nil {
	return ErrBadJSONArray
	}

	// Update all given posts
	res, err := app.db.DispersePosts(ownerID, postIDs)
	if err != nil {
	return err
	}
	return impart.WriteSuccess(w, res, http.StatusOK)
	}

	type (
	PinPostResult struct {
	ID string `json:"id,omitempty"`
	Code int `json:"code,omitempty"`
	ErrorMessage string `json:"error_msg,omitempty"`
	}
	)

	// pinPost pins a post to a blog
	func pinPost(app App, w http.ResponseWriter, r http.Request) error {
	var userID int64

	// Authenticate user
	at := r.Header.Get("Authorization")
	if at != "" {
	userID = app.db.GetUserID(at)
	if userID == -1 {
	return ErrBadAccessToken
	}
	} else {
	u := getUserSession(app, r)
	if u == nil {
	return ErrNotLoggedIn
	}
	userID = u.ID
	}

	silenced, err := app.db.IsUserSilenced(userID)
	if err != nil {
	log.Error("pin post: %v", err)
	}
	if silenced {
	return ErrUserSilenced
	}

	// Parse request
	var posts []struct {
	ID string `json:"id"`
	Position int64 `json:"position"`
	}
	decoder := json.NewDecoder(r.Body)
	err = decoder.Decode(&posts)
	if err != nil {
	return ErrBadJSONArray
	}

	// Validate data
	vars := mux.Vars(r)
	collAlias := vars["alias"]

	coll, err := app.db.GetCollection(collAlias)
	if err != nil {
	return err
	}
	if coll.OwnerID != userID {
	return ErrForbiddenCollection
	}

	// Do (un)pinning
	isPinning := r.URL.Path[strings.LastIndex(r.URL.Path, "/"):] == "/pin"
	res := []PinPostResult{}
	for _, p := range posts {
	err = app.db.UpdatePostPinState(isPinning, p.ID, coll.ID, userID, p.Position)
	ppr := PinPostResult{ID: p.ID}
	if err != nil {
	ppr.Code = http.StatusInternalServerError
	// TODO: set error messsage
	} else {
	ppr.Code = http.StatusOK
	}
	res = append(res, ppr)
	}
	return impart.WriteSuccess(w, res, http.StatusOK)
	}

	func fetchPost(app App, w http.ResponseWriter, r http.Request) error {
	var collID int64
	var coll *Collection
	var err error
	vars := mux.Vars(r)
	if collAlias := vars["alias"]; collAlias != "" {
	// Fetch collection information, since an alias is provided
	coll, err = app.db.GetCollection(collAlias)
	if err != nil {
	return err
	}
	collID = coll.ID
	}

	p, err := app.db.GetPost(vars["post"], collID)
	if err != nil {
	return err
	}
	if coll == nil && p.CollectionID.Valid {
	// Collection post is getting fetched by post ID, not coll alias + post slug, so get coll info now.
	coll, err = app.db.GetCollectionByID(p.CollectionID.Int64)
	if err != nil {
	return err
	}
	}
	if coll != nil {
	coll.hostName = app.cfg.App.Host
	_, err = apiCheckCollectionPermissions(app, r, coll)
	if err != nil {
	return err
	}
	}

	silenced, err := app.db.IsUserSilenced(p.OwnerID.Int64)
	if err != nil {
	log.Error("fetch post: %v", err)
	}
	if silenced {
	return ErrPostNotFound
	}

	p.extractData()

	accept := r.Header.Get("Accept")
	if strings.Contains(accept, "application/activity+json") {
	if coll == nil {
	// This is a draft post; 404 for now
	// TODO: return ActivityObject
	return impart.HTTPError{http.StatusNotFound, ""}
	}

	p.Collection = &CollectionObj{Collection: *coll}
	po := p.ActivityObject(app)
	po.Context = []interface{}{activitystreams.Namespace}
	setCacheControl(w, apCacheTime)
	return impart.RenderActivityJSON(w, po, http.StatusOK)
	}

	return impart.WriteSuccess(w, p, http.StatusOK)
	}

	func fetchPostProperty(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	p, err := app.db.GetPostProperty(vars["post"], 0, vars["property"])
	if err != nil {
	return err
	}

	return impart.WriteSuccess(w, p, http.StatusOK)
	}

	func (p *Post) processPost() PublicPost {
	res := &PublicPost{Post: p, Views: 0}
	res.Views = p.ViewCount
	// TODO: move to own function
	loc := monday.FuzzyLocale(p.Language.String)
	res.DisplayDate = monday.Format(p.Created, monday.LongFormatsByLocale[loc], loc)

	return *res
	}

	func (p *PublicPost) CanonicalURL(hostName string) string {
	if p.Collection == nil \|\| p.Collection.Alias == "" {
	return hostName + "/" + p.ID
	}
	return p.Collection.CanonicalURL() + p.Slug.String
	}

	func (p PublicPost) ActivityObject(app App) *activitystreams.Object {
	cfg := app.cfg
	o := activitystreams.NewArticleObject()
	o.ID = p.Collection.FederatedAPIBase() + "api/posts/" + p.ID
	o.Published = p.Created
	o.URL = p.CanonicalURL(cfg.App.Host)
	o.AttributedTo = p.Collection.FederatedAccount()
	o.CC = []string{
	p.Collection.FederatedAccount() + "/followers",
	}
	o.Name = p.DisplayTitle()
	if p.HTMLContent == template.HTML("") {
	p.formatContent(cfg, false)
	}
	o.Content = string(p.HTMLContent)
	if p.Language.Valid {
	o.ContentMap = map[string]string{
	p.Language.String: string(p.HTMLContent),
	}
	}
	if len(p.Tags) == 0 {
	o.Tag = []activitystreams.Tag{}
	} else {
	var tagBaseURL string
	if isSingleUser {
	tagBaseURL = p.Collection.CanonicalURL() + "tag:"
	} else {
	if cfg.App.Chorus {
	tagBaseURL = fmt.Sprintf("%s/read/t/", p.Collection.hostName)
	} else {
	tagBaseURL = fmt.Sprintf("%s/%s/tag:", p.Collection.hostName, p.Collection.Alias)
	}
	}
	for _, t := range p.Tags {
	o.Tag = append(o.Tag, activitystreams.Tag{
	Type: activitystreams.TagHashtag,
	HRef: tagBaseURL + t,
	Name: "#" + t,
	})
	}
	}
	// Find mentioned users
	mentionedUsers := make(map[string]string)

	stripper := bluemonday.StrictPolicy()
	content := stripper.Sanitize(p.Content)
	mentions := mentionReg.FindAllString(content, -1)

	for _, handle := range mentions {
	actorIRI, err := app.db.GetProfilePageFromHandle(app, handle)
	if err != nil {
	log.Info("Couldn't find user '%s' locally or remotely", handle)
	continue
	}
	mentionedUsers[handle] = actorIRI
	}

	for handle, iri := range mentionedUsers {
	o.CC = append(o.CC, iri)
	o.Tag = append(o.Tag, activitystreams.Tag{Type: "Mention", HRef: iri, Name: handle})
	}
	return o
	}

	// TODO: merge this into getSlugFromPost or phase it out
	func getSlug(title, lang string) string {
	return getSlugFromPost("", title, lang)
	}

	func getSlugFromPost(title, body, lang string) string {
	if title == "" {
	title = postTitle(body, body)
	}
	title = parse.PostLede(title, false)
	// Truncate lede if needed
	title, _ = parse.TruncToWord(title, 80)
	var s string
	if lang != "" && len(lang) == 2 {
	s = slug.MakeLang(title, lang)
	} else {
	s = slug.Make(title)
	}

	// Transliteration may cause the slug to expand past the limit, so truncate again
	s, _ = parse.TruncToWord(s, 80)
	return strings.TrimFunc(s, func(r rune) bool {
	// TruncToWord doesn't respect words in a slug, since spaces are replaced
	// with hyphens. So remove any trailing hyphens.
	return r == '-'
	})
	}

	// isFontValid returns whether or not the submitted post's appearance is valid.
	func (p *SubmittedPost) isFontValid() bool {
	validFonts := map[string]bool{
	"norm": true,
	"sans": true,
	"mono": true,
	"wrap": true,
	"code": true,
	}

	_, valid := validFonts[p.Font]
	return valid
	}

	func getRawPost(app App, friendlyID string) RawPost {
	var content, font, title string
	var isRTL sql.NullBool
	var lang sql.NullString
	var ownerID sql.NullInt64
	- var created time.Time
	+ var created, updated time.Time

	- err := app.db.QueryRow("SELECT title, content, text_appearance, language, rtl, created, owner_id FROM posts WHERE id = ?", friendlyID).Scan(&title, &content, &font, &lang, &isRTL, &created, &ownerID)
	+ err := app.db.QueryRow("SELECT title, content, text_appearance, language, rtl, created, updated, owner_id FROM posts WHERE id = ?", friendlyID).Scan(&title, &content, &font, &lang, &isRTL, &created, &updated, &ownerID)
	switch {
	case err == sql.ErrNoRows:
	return &RawPost{Content: "", Found: false, Gone: false}
	case err != nil:
	return &RawPost{Content: "", Found: true, Gone: false}
	}

	- return &RawPost{Title: title, Content: content, Font: font, Created: created, IsRTL: isRTL, Language: lang, OwnerID: ownerID.Int64, Found: true, Gone: content == ""}
	+ return &RawPost{Title: title, Content: content, Font: font, Created: created, Updated: updated, IsRTL: isRTL, Language: lang, OwnerID: ownerID.Int64, Found: true, Gone: content == ""}

	}

	// TODO; return a Post!
	func getRawCollectionPost(app App, slug, collAlias string) RawPost {
	var id, title, content, font string
	var isRTL sql.NullBool
	var lang sql.NullString
	- var created time.Time
	+ var created, updated time.Time
	var ownerID null.Int
	var views int64
	var err error

	if app.cfg.App.SingleUser {
	- err = app.db.QueryRow("SELECT id, title, content, text_appearance, language, rtl, view_count, created, owner_id FROM posts WHERE slug = ? AND collection_id = 1", slug).Scan(&id, &title, &content, &font, &lang, &isRTL, &views, &created, &ownerID)
	+ err = app.db.QueryRow("SELECT id, title, content, text_appearance, language, rtl, view_count, created, updated, owner_id FROM posts WHERE slug = ? AND collection_id = 1", slug).Scan(&id, &title, &content, &font, &lang, &isRTL, &views, &created, &updated, &ownerID)
	} else {
	- err = app.db.QueryRow("SELECT id, title, content, text_appearance, language, rtl, view_count, created, owner_id FROM posts WHERE slug = ? AND collection_id = (SELECT id FROM collections WHERE alias = ?)", slug, collAlias).Scan(&id, &title, &content, &font, &lang, &isRTL, &views, &created, &ownerID)
	+ err = app.db.QueryRow("SELECT id, title, content, text_appearance, language, rtl, view_count, created, updated, owner_id FROM posts WHERE slug = ? AND collection_id = (SELECT id FROM collections WHERE alias = ?)", slug, collAlias).Scan(&id, &title, &content, &font, &lang, &isRTL, &views, &created, &updated, &ownerID)
	}
	switch {
	case err == sql.ErrNoRows:
	return &RawPost{Content: "", Found: false, Gone: false}
	case err != nil:
	return &RawPost{Content: "", Found: true, Gone: false}
	}

	return &RawPost{
	Id: id,
	Slug: slug,
	Title: title,
	Content: content,
	Font: font,
	Created: created,
	+ Updated: updated,
	IsRTL: isRTL,
	Language: lang,
	OwnerID: ownerID.Int64,
	Found: true,
	Gone: content == "",
	Views: views,
	}
	}

	func isRaw(r *http.Request) bool {
	vars := mux.Vars(r)
	slug := vars["slug"]

	// NOTE: until this is done better, be sure to keep this in parity with
	// isRaw in viewCollectionPost() and handleViewPost()
	isJSON := strings.HasSuffix(slug, ".json")
	isXML := strings.HasSuffix(slug, ".xml")
	isMarkdown := strings.HasSuffix(slug, ".md")
	return strings.HasSuffix(slug, ".txt") \|\| isJSON \|\| isXML \|\| isMarkdown
	}

	func viewCollectionPost(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	slug := vars["slug"]

	// NOTE: until this is done better, be sure to keep this in parity with
	// isRaw() and handleViewPost()
	isJSON := strings.HasSuffix(slug, ".json")
	isXML := strings.HasSuffix(slug, ".xml")
	isMarkdown := strings.HasSuffix(slug, ".md")
	isRaw := strings.HasSuffix(slug, ".txt") \|\| isJSON \|\| isXML \|\| isMarkdown

	cr := &collectionReq{}
	err := processCollectionRequest(cr, vars, w, r)
	if err != nil {
	return err
	}

	// Check for hellbanned users
	u, err := checkUserForCollection(app, cr, r, true)
	if err != nil {
	return err
	}

	// Normalize the URL, redirecting user to consistent post URL
	if slug != strings.ToLower(slug) {
	loc := fmt.Sprintf("/%s", strings.ToLower(slug))
	if !app.cfg.App.SingleUser {
	loc = "/" + cr.alias + loc
	}
	return impart.HTTPError{http.StatusMovedPermanently, loc}
	}

	// Display collection if this is a collection
	var c *Collection
	if app.cfg.App.SingleUser {
	c, err = app.db.GetCollectionByID(1)
	} else {
	c, err = app.db.GetCollection(cr.alias)
	}
	if err != nil {
	if err, ok := err.(impart.HTTPError); ok {
	if err.Status == http.StatusNotFound {
	// Redirect if necessary
	newAlias := app.db.GetCollectionRedirect(cr.alias)
	if newAlias != "" {
	return impart.HTTPError{http.StatusFound, "/" + newAlias + "/" + slug}
	}
	}
	}
	return err
	}
	c.hostName = app.cfg.App.Host

	silenced, err := app.db.IsUserSilenced(c.OwnerID)
	if err != nil {
	log.Error("view collection post: %v", err)
	}

	// Check collection permissions
	if c.IsPrivate() && (u == nil \|\| u.ID != c.OwnerID) {
	return ErrPostNotFound
	}
	if c.IsProtected() && (u == nil \|\| u.ID != c.OwnerID) {
	if silenced {
	return ErrPostNotFound
	} else if !isAuthorizedForCollection(app, c.Alias, r) {
	return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug}
	}
	}

	cr.isCollOwner = u != nil && c.OwnerID == u.ID

	if isRaw {
	slug = strings.Split(slug, ".")[0]
	}

	// Fetch extra data about the Collection
	// TODO: refactor out this logic, shared in collection.go:fetchCollection()
	coll := NewCollectionObj(c)
	owner, err := app.db.GetUserByID(coll.OwnerID)
	if err != nil {
	// Log the error and just continue
	log.Error("Error getting user for collection: %v", err)
	} else {
	coll.Owner = owner
	}

	postFound := true
	p, err := app.db.GetPost(slug, coll.ID)
	if err != nil {
	if err == ErrCollectionPageNotFound {
	postFound = false

	if slug == "feed" {
	// User tried to access blog feed without a trailing slash, and
	// there's no post with a slug "feed"
	return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/feed/"}
	}

	po := &Post{
	Slug: null.NewString(slug, true),
	Font: "norm",
	Language: zero.NewString("en", true),
	RTL: zero.NewBool(false, true),
	Content: `<p class="msg">This page is missing.</p>

	Are you sure it was ever here?`,
	}
	pp := po.processPost()
	p = &pp
	} else {
	return err
	}
	}
	p.IsOwner = owner != nil && p.OwnerID.Valid && owner.ID == p.OwnerID.Int64
	p.Collection = coll
	p.IsTopLevel = app.cfg.App.SingleUser

	if !p.IsOwner && silenced {
	return ErrPostNotFound
	}
	// Check if post has been unpublished
	if p.Content == "" && p.Title.String == "" {
	return impart.HTTPError{http.StatusGone, "Post was unpublished."}
	}

	// Serve collection post
	if isRaw {
	contentType := "text/plain"
	if isJSON {
	contentType = "application/json"
	} else if isXML {
	contentType = "application/xml"
	} else if isMarkdown {
	contentType = "text/markdown"
	}
	w.Header().Set("Content-Type", fmt.Sprintf("%s; charset=utf-8", contentType))
	if !postFound {
	w.WriteHeader(http.StatusNotFound)
	fmt.Fprintf(w, "Post not found.")
	// TODO: return error instead, so status is correctly reflected in logs
	return nil
	}
	if isMarkdown && p.Title.String != "" {
	fmt.Fprintf(w, "# %s\n\n", p.Title.String)
	}
	fmt.Fprint(w, p.Content)
	} else if strings.Contains(r.Header.Get("Accept"), "application/activity+json") {
	if !postFound {
	return ErrCollectionPageNotFound
	}
	p.extractData()
	ap := p.ActivityObject(app)
	ap.Context = []interface{}{activitystreams.Namespace}
	setCacheControl(w, apCacheTime)
	return impart.RenderActivityJSON(w, ap, http.StatusOK)
	} else {
	p.extractData()
	p.Content = strings.Replace(p.Content, "<!--more-->", "", 1)
	// TODO: move this to function
	p.formatContent(app.cfg, cr.isCollOwner)
	tp := struct {
	*PublicPost
	page.StaticPage
	IsOwner bool
	IsPinned bool
	IsCustomDomain bool
	PinnedPosts *[]PublicPost
	IsFound bool
	IsAdmin bool
	CanInvite bool
	Silenced bool
	}{
	PublicPost: p,
	StaticPage: pageForReq(app, r),
	IsOwner: cr.isCollOwner,
	IsCustomDomain: cr.isCustomDomain,
	IsFound: postFound,
	Silenced: silenced,
	}
	tp.IsAdmin = u != nil && u.IsAdmin()
	tp.CanInvite = canUserInvite(app.cfg, tp.IsAdmin)
	tp.PinnedPosts, _ = app.db.GetPinnedPosts(coll, p.IsOwner)
	tp.IsPinned = len(*tp.PinnedPosts) > 0 && PostsContains(tp.PinnedPosts, p)

	if !postFound {
	w.WriteHeader(http.StatusNotFound)
	}
	postTmpl := "collection-post"
	if app.cfg.App.Chorus {
	postTmpl = "chorus-collection-post"
	}
	if err := templates[postTmpl].ExecuteTemplate(w, "post", tp); err != nil {
	log.Error("Error in collection-post template: %v", err)
	}
	}

	go func() {
	if p.OwnerID.Valid {
	// Post is owned by someone. Don't update stats if owner is viewing the post.
	if u != nil && p.OwnerID.Int64 == u.ID {
	return
	}
	}
	// Update stats for non-raw post views
	if !isRaw && r.Method != "HEAD" && !bots.IsBot(r.UserAgent()) {
	_, err := app.db.Exec("UPDATE posts SET view_count = view_count + 1 WHERE slug = ? AND collection_id = ?", slug, coll.ID)
	if err != nil {
	log.Error("Unable to update posts count: %v", err)
	}
	}
	}()

	return nil
	}

	// TODO: move this to utils after making it more generic
	func PostsContains(sl []PublicPost, s PublicPost) bool {
	for _, e := range *sl {
	if e.ID == s.ID {
	return true
	}
	}
	return false
	}

	func (p *Post) extractData() {
	p.Tags = tags.Extract(p.Content)
	p.extractImages()
	}

	func (rp *RawPost) UserFacingCreated() string {
	return rp.Created.Format(postMetaDateFormat)
	}

	func (rp *RawPost) Created8601() string {
	return rp.Created.Format("2006-01-02T15:04:05Z")
	}

	+func (rp *RawPost) Updated8601() string {
	+ if rp.Updated.IsZero() {
	+ return ""
	+ }
	+ return rp.Updated.Format("2006-01-02T15:04:05Z")
	+}
	+
	var imageURLRegex = regexp.MustCompile(`(?i)[^ ]+\.(gif\|png\|jpg\|jpeg\|image)$`)

	func (p *Post) extractImages() {
	p.Images = extractImages(p.Content)
	}

	func extractImages(content string) []string {
	matches := extract.ExtractUrls(content)
	urls := map[string]bool{}
	for i := range matches {
	uRaw := matches[i].Text
	// Parse the extracted text so we can examine the path
	u, err := url.Parse(uRaw)
	if err != nil {
	continue
	}
	// Ensure the path looks like it leads to an image file
	if !imageURLRegex.MatchString(u.Path) {
	continue
	}
	urls[uRaw] = true
	}

	resURLs := make([]string, 0)
	for k := range urls {
	resURLs = append(resURLs, k)
	}
	return resURLs
	}
	diff --git a/static/js/h.js b/static/js/h.js
	index 49720be..6375af0 100644
	--- a/static/js/h.js
	+++ b/static/js/h.js
	@@ -1,257 +1,271 @@
	/**
	* H.js
	*
	* Lightweight, extremely bare-bones library for manipulating the DOM and
	* saving some typing.
	*/

	var Element = function(domElement) {
	this.el = domElement;
	};

	/**
	* Creates a toggle button that adds / removes the given class name from the
	* given element.
	*
	* @param {Element} $el - The element to modify.
	* @param {string} onClass - The class to add to the given element.
	* @param {function} onFunc - Additional actions when toggling on.
	* @param {function} offFunc - Additional actions when toggling off.
	*/
	Element.prototype.createToggle = function($el, onClass, onFunc, offFunc) {
	this.on('click', function(e) {
	if ($el.el.className === '') {
	$el.el.className = onClass;
	onFunc(new Element(this), e);
	} else {
	$el.el.className = '';
	offFunc(new Element(this), e);
	}
	e.preventDefault();
	}, false);
	};
	Element.prototype.on = function(event, func) {
	events = event.split(' ');
	var el = this.el;
	if (el == null) {
	console.error("Error: element for event is null");
	return;
	}
	var addEvent = function(e) {
	if (el.addEventListener) {
	el.addEventListener(e, func, false);
	} else if (el.attachEvent) {
	el.attachEvent(e, func);
	}
	};
	if (events.length === 1) {
	addEvent(event);
	} else {
	for(var i=0; i<events.length; i++) {
	addEvent(events[i]);
	}
	}
	};
	Element.prototype.setClass = function(className) {
	if (this.el == null) {
	console.error("Error: element to set class on is null");
	return;
	}
	this.el.className = className;
	};
	Element.prototype.removeClass = function(className) {
	if (this.el == null) {
	console.error("Error: element to remove class on is null");
	return;
	}
	var regex = new RegExp(' ?' + className, 'g');
	this.el.className = this.el.className.replace(regex, '');
	};
	Element.prototype.text = function(text, className) {
	if (this.el == null) {
	console.error("Error: element for setting text is null");
	return;
	}
	if (this.el.textContent !== text) {
	this.el.textContent = text;
	if (typeof className !== 'undefined') {
	this.el.className = this.el.className + ' ' + className;
	}
	}
	};
	Element.prototype.insertAfter = function(newNode) {
	if (this.el == null) {
	console.error("Error: element for insertAfter is null");
	return;
	}
	this.el.parentNode.insertBefore(newNode, this.el.nextSibling);
	};
	Element.prototype.remove = function() {
	if (this.el == null) {
	console.error("Didn't remove element");
	return;
	}
	this.el.parentNode.removeChild(this.el);
	};
	Element.prototype.hide = function() {
	if (this.el == null) {
	console.error("Didn't hide element");
	return;
	}
	this.el.className += ' effect fade-out';
	};
	Element.prototype.show = function() {
	if (this.el == null) {
	console.error("Didn't show element");
	return;
	}
	this.el.className += ' effect';
	};


	var H = {
	getEl: function(elementId) {
	return new Element(document.getElementById(elementId));
	},
	save: function($el, key) {
	localStorage.setItem(key, $el.el.value);
	},
	- load: function($el, key, onlyLoadPopulated) {
	+ load: function($el, key, onlyLoadPopulated, postUpdated) {
	var val = localStorage.getItem(key);
	if (onlyLoadPopulated && val == null) {
	// Do nothing
	- return;
	+ return true;
	}
	$el.el.value = val;
	+ if (postUpdated != null) {
	+ var lastLocalPublishStr = localStorage.getItem(key+'-published');
	+ if (lastLocalPublishStr != null && lastLocalPublishStr != '') {
	+ try {
	+ var lastLocalPublish = new Date(lastLocalPublishStr);
	+ if (postUpdated > lastLocalPublish) {
	+ return false;
	+ }
	+ } catch (e) {
	+ console.error("unable to parse draft updated time");
	+ }
	+ }
	+ }
	+ return true;
	},
	set: function(key, value) {
	localStorage.setItem(key, value);
	},
	get: function(key, defaultValue) {
	var val = localStorage.getItem(key);
	if (val == null) {
	val = defaultValue;
	}
	return val;
	},
	remove: function(key) {
	localStorage.removeItem(key);
	},
	exists: function(key) {
	return localStorage.getItem(key) !== null;
	},
	createPost: function(id, editToken, content, created) {
	var summaryLen = 200;
	var titleLen = 80;
	var getPostMeta = function(content) {
	var eol = content.indexOf("\n");
	if (content.indexOf("# ") === 0) {
	// Title is in the format:
	//
	// # Some title
	var summary = content.substring(eol).trim();
	if (summary.length > summaryLen) {
	summary = summary.substring(0, summaryLen) + "...";
	}
	return {
	title: content.substring("# ".length, eol),
	summary: summary,
	};
	}

	var blankLine = content.indexOf("\n\n");
	if (blankLine !== -1 && blankLine <= eol && blankLine <= titleLen) {
	// Title is in the format:
	//
	// Some title
	//
	// The body starts after that blank line above it.
	var summary = content.substring(blankLine).trim();
	if (summary.length > summaryLen) {
	summary = summary.substring(0, summaryLen) + "...";
	}
	return {
	title: content.substring(0, blankLine),
	summary: summary,
	};
	}

	// TODO: move this to the beginning
	var title = content.trim();
	var summary = "";
	if (title.length > titleLen) {
	// Content can't fit in the title, so figure out the summary
	summary = title;
	title = "";
	if (summary.length > summaryLen) {
	summary = summary.substring(0, summaryLen) + "...";
	}
	} else if (eol > 0) {
	summary = title.substring(eol+1);
	title = title.substring(0, eol);
	}
	return {
	title: title,
	summary: summary
	};
	};

	var post = getPostMeta(content);
	post.id = id;
	post.token = editToken;
	post.created = created ? new Date(created) : new Date();
	post.client = "Pad";

	return post;
	},
	getTitleStrict: function(content) {
	var eol = content.indexOf("\n");
	var title = "";
	var newContent = content;
	if (content.indexOf("# ") === 0) {
	// Title is in the format:
	// # Some title
	if (eol !== -1) {
	// First line should start with # and end with \n
	newContent = content.substring(eol).leftTrim();
	title = content.substring("# ".length, eol);
	}
	}
	return {
	title: title,
	content: newContent
	};
	},
	};

	var He = {
	create: function(name) {
	return document.createElement(name);
	},
	get: function(id) {
	return document.getElementById(id);
	},
	$: function(selector) {
	var els = document.querySelectorAll(selector);
	return els;
	},
	postJSON: function(url, params, callback) {
	var http = new XMLHttpRequest();

	http.open("POST", url, true);

	// Send the proper header information along with the request
	http.setRequestHeader("Content-type", "application/json");

	http.onreadystatechange = function() {
	if (http.readyState == 4) {
	callback(http.status, JSON.parse(http.responseText));
	}
	}
	http.send(JSON.stringify(params));
	},
	};

	String.prototype.leftTrim = function() {
	return this.replace(/^\s+/,"");
	};
	diff --git a/templates/bare.tmpl b/templates/bare.tmpl
	index a4194c9..d2c8bc0 100644
	--- a/templates/bare.tmpl
	+++ b/templates/bare.tmpl
	@@ -1,235 +1,264 @@
	{{define "pad"}}<!DOCTYPE HTML>
	<html>
	<head>

	<title>{{if .Editing}}Editing {{if .Post.Title}}{{.Post.Title}}{{else}}{{.Post.Id}}{{end}}{{else}}New Post{{end}} — {{.SiteName}}</title>

	<link rel="stylesheet" type="text/css" href="/css/write.css" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />

	<meta name="google" value="notranslate">
	</head>
	<body id="pad" class="light">

	<div id="overlay"></div>

	<textarea id="writer" placeholder="Write..." class="{{.Post.Font}}" autofocus>{{if .Post.Title}}# {{.Post.Title}}

	{{end}}{{.Post.Content}}</textarea>
	+
	+ <div class="alert success hidden" id="edited-elsewhere">This post has been updated elsewhere since you last published! <a href="#" id="erase-edit">Delete draft and reload</a>.</div>

	<header id="tools">
	<div id="clip">
	{{if not .SingleUser}}<h1>{{if .Chorus}}<a href="/" title="Home">{{else}}<a href="/me/c/" title="View blogs">{{end}}{{.SiteName}}</a></h1>{{end}}
	<nav id="target" {{if .SingleUser}}style="margin-left:0"{{end}}><ul>
	<li>{{if .Blogs}}<a href="{{$c := index .Blogs 0}}{{$c.CanonicalURL}}">My Posts</a>{{else}}<a>Draft</a>{{end}}</li>
	</ul></nav>
	<span id="wc" class="hidden if-room room-4">0 words</span>
	</div>
	<noscript style="margin-left: 2em;"><strong>NOTE</strong>: for now, you'll need Javascript enabled to post.</noscript>
	<div id="belt">
	{{if .Editing}}<div class="tool hidden if-room"><a href="{{if .EditCollection}}{{.EditCollection.CanonicalURL}}{{.Post.Slug}}/edit/meta{{else}}/{{if .SingleUser}}d/{{end}}{{.Post.Id}}/meta{{end}}" title="Edit post metadata" id="edit-meta"><img class="ic-24dp" src="/img/ic_info_dark@2x.png" /></a></div>{{end}}
	<div class="tool"><button title="Publish your writing" id="publish" style="font-weight: bold">Post</button></div>
	</div>
	</header>

	<script src="/js/h.js"></script>
	<script>
	var $writer = H.getEl('writer');
	var $btnPublish = H.getEl('publish');
	+ var $btnEraseEdit = H.getEl('edited-elsewhere');
	var $wc = H.getEl("wc");
	var updateWordCount = function() {
	var words = 0;
	var val = $writer.el.value.trim();
	if (val != '') {
	words = $writer.el.value.trim().replace(/\s+/gi, ' ').split(' ').length;
	}
	$wc.el.innerText = words + " word" + (words != 1 ? "s" : "");
	};
	var setButtonStates = function() {
	if (!canPublish) {
	$btnPublish.el.className = 'disabled';
	return;
	}
	if ($writer.el.value.length === 0 \|\| (draftDoc != 'lastDoc' && $writer.el.value == origDoc)) {
	$btnPublish.el.className = 'disabled';
	} else {
	$btnPublish.el.className = '';
	}
	};
	{{if .Post.Id}}var draftDoc = 'draft{{.Post.Id}}';
	var origDoc = '{{.Post.Content}}';{{else}}var draftDoc = 'lastDoc';{{end}}
	- H.load($writer, draftDoc, true);
	+ var updatedStr = '{{.Post.Updated8601}}';
	+ var updated = null;
	+ if (updatedStr != '') {
	+ updated = new Date(updatedStr);
	+ }
	+ var ok = H.load($writer, draftDoc, true, updated);
	+ if (!ok) {
	+ // Show "edited elsewhere" warning
	+ $btnEraseEdit.el.classList.remove('hidden');
	+ }
	+ var defaultTimeSet = false;
	updateWordCount();

	var typingTimer;
	var doneTypingInterval = 200;

	var posts;
	{{if and .Post.Id (not .Post.Slug)}}
	var token = null;
	var curPostIdx;
	posts = JSON.parse(H.get('posts', '[]'));
	for (var i=0; i<posts.length; i++) {
	if (posts[i].id == "{{.Post.Id}}") {
	token = posts[i].token;
	break;
	}
	}
	var canPublish = token != null;
	{{else}}var canPublish = true;{{end}}
	var publishing = false;
	var justPublished = false;

	var publish = function(content, font) {
	{{if and (and .Post.Id (not .Post.Slug)) (not .User)}}
	if (!token) {
	alert("You don't have permission to update this post.");
	return;
	}
	{{end}}
	publishing = true;
	$btnPublish.el.textContent = 'Posting...';
	$btnPublish.el.disabled = true;

	var http = new XMLHttpRequest();
	var lang = navigator.languages ? navigator.languages[0] : (navigator.language \|\| navigator.userLanguage);
	lang = lang.substring(0, 2);
	var post = H.getTitleStrict(content);

	var params = {
	body: post.content,
	title: post.title,
	font: font,
	lang: lang
	};
	{{ if .Post.Slug }}
	var url = "/api/collections/{{.EditCollection.Alias}}/posts/{{.Post.Id}}";
	{{ else if .Post.Id }}
	var url = "/api/posts/{{.Post.Id}}";
	if (typeof token === 'undefined' \|\| !token) {
	token = "";
	}
	params.token = token;
	{{ else }}
	var url = "/api/posts";
	var postTarget = '{{if .Blogs}}{{$c := index .Blogs 0}}{{$c.Alias}}{{else}}anonymous{{end}}';
	if (postTarget != 'anonymous') {
	url = "/api/collections/" + postTarget + "/posts";
	}
	{{ end }}

	http.open("POST", url, true);

	// Send the proper header information along with the request
	http.setRequestHeader("Content-type", "application/json");

	http.onreadystatechange = function() {
	if (http.readyState == 4) {
	publishing = false;
	if (http.status == 200 \|\| http.status == 201) {
	data = JSON.parse(http.responseText);
	id = data.data.id;
	nextURL = '{{if .SingleUser}}/d{{end}}/'+id;
	+ localStorage.setItem('draft'+id+'-published', new Date().toISOString());

	{{ if not .Post.Id }}
	// Post created
	if (postTarget != 'anonymous') {
	nextURL = {{if not .SingleUser}}'/'+postTarget+{{end}}'/'+data.data.slug;
	}
	editToken = data.data.token;

	{{ if not .User }}if (postTarget == 'anonymous') {
	// Save the data
	var posts = JSON.parse(H.get('posts', '[]'));

	{{if .Post.Id}}var newPost = H.createPost("{{.Post.Id}}", token, content);
	for (var i=0; i<posts.length; i++) {
	if (posts[i].id == "{{.Post.Id}}") {
	posts[i].title = newPost.title;
	posts[i].summary = newPost.summary;
	break;
	}
	}
	nextURL = "/pad/posts";{{else}}posts.push(H.createPost(id, editToken, content));{{end}}

	H.set('posts', JSON.stringify(posts));
	}
	{{ end }}
	{{ end }}

	justPublished = true;
	if (draftDoc != 'lastDoc') {
	H.remove(draftDoc);
	{{if .Editing}}H.remove('draft{{.Post.Id}}font');{{end}}
	} else {
	H.set(draftDoc, '');
	}

	{{if .EditCollection}}
	window.location = '{{.EditCollection.CanonicalURL}}{{.Post.Slug}}';
	{{else}}
	window.location = nextURL;
	{{end}}
	} else {
	$btnPublish.el.textContent = 'Post';
	alert("Failed to post. Please try again.");
	}
	}
	}
	http.send(JSON.stringify(params));
	};

	setButtonStates();
	$writer.on('keyup input', function() {
	setButtonStates();
	clearTimeout(typingTimer);
	typingTimer = setTimeout(doneTyping, doneTypingInterval);
	}, false);
	$writer.on('keydown', function(e) {
	clearTimeout(typingTimer);
	if (e.keyCode == 13 && (e.metaKey \|\| e.ctrlKey)) {
	$btnPublish.el.click();
	}
	});
	$btnPublish.on('click', function(e) {
	e.preventDefault();
	if (!publishing && $writer.el.value) {
	var content = $writer.el.value;
	publish(content, selectedFont);
	}
	});
	+ H.getEl('erase-edit').on('click', function(e) {
	+ e.preventDefault();
	+ H.remove(draftDoc);
	+ H.remove(draftDoc+'-published');
	+ justPublished = true; // Block auto-save
	+ location.reload();
	+ });

	WebFontConfig = {
	custom: { families: [ 'Lora:400,700:latin' ], urls: [ '/css/fonts.css' ] }
	};
	var selectedFont = H.get('{{if .Editing}}draft{{.Post.Id}}font{{else}}padFont{{end}}', '{{.Post.Font}}');

	var doneTyping = function() {
	if (draftDoc == 'lastDoc' \|\| $writer.el.value != origDoc) {
	H.save($writer, draftDoc);
	+ if (!defaultTimeSet) {
	+ var lastLocalPublishStr = localStorage.getItem(draftDoc+'-published');
	+ if (lastLocalPublishStr == null \|\| lastLocalPublishStr == '') {
	+ localStorage.setItem(draftDoc+'-published', updatedStr);
	+ }
	+ defaultTimeSet = true;
	+ }
	updateWordCount();
	}
	};
	window.addEventListener('beforeunload', function(e) {
	if (draftDoc != 'lastDoc' && $writer.el.value == origDoc) {
	H.remove(draftDoc);
	+ H.remove(draftDoc+'-published');
	} else if (!justPublished) {
	doneTyping();
	}
	});

	try {
	(function() {
	var wf=document.createElement('script');
	wf.src = '/js/webfont.js';
	wf.type='text/javascript';
	wf.async='true';
	var s=document.getElementsByTagName('script')[0];
	s.parentNode.insertBefore(wf, s);
	})();
	} catch (e) {
	// whatevs
	}
	</script>
	</body>
	</html>{{end}}
	diff --git a/templates/pad.tmpl b/templates/pad.tmpl
	index d55c549..4afc1a6 100644
	--- a/templates/pad.tmpl
	+++ b/templates/pad.tmpl
	@@ -1,367 +1,396 @@
	{{define "pad"}}<!DOCTYPE HTML>
	<html>
	<head>

	<title>{{if .Editing}}Editing {{if .Post.Title}}{{.Post.Title}}{{else}}{{.Post.Id}}{{end}}{{else}}New Post{{end}} — {{.SiteName}}</title>

	<link rel="stylesheet" type="text/css" href="/css/write.css" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />

	<meta name="google" value="notranslate">
	</head>
	<body id="pad" class="light">

	<div id="overlay"></div>

	<textarea id="writer" placeholder="Write..." class="{{.Post.Font}}" autofocus>{{if .Post.Title}}# {{.Post.Title}}

	{{end}}{{.Post.Content}}</textarea>
	+
	+ <div class="alert success hidden" id="edited-elsewhere">This post has been updated elsewhere since you last published! <a href="#" id="erase-edit">Delete draft and reload</a>.</div>

	<header id="tools">
	<div id="clip">
	{{if not .SingleUser}}<h1><a href="/me/c/" title="View blogs"><img class="ic-24dp" src="/img/ic_blogs_dark@2x.png" /></a></h1>{{end}}
	<nav id="target" {{if .SingleUser}}style="margin-left:0"{{end}}><ul>
	{{if .Editing}}<li>{{if .EditCollection}}<a href="{{.EditCollection.CanonicalURL}}">{{.EditCollection.Title}}</a>{{else}}<a>Draft</a>{{end}}</li>
	{{else}}<li><a id="publish-to"><span id="target-name">Draft</span> <img class="ic-18dp" src="/img/ic_down_arrow_dark@2x.png" /></a>
	<ul>
	<li class="menu-heading">Publish to...</li>
	{{if .Blogs}}{{range $idx, $el := .Blogs}}
	<li class="target{{if eq $idx 0}} selected{{end}}" id="blog-{{$el.Alias}}"><a href="#{{$el.Alias}}"><i class="material-icons md-18">public</i> {{if $el.Title}}{{$el.Title}}{{else}}{{$el.Alias}}{{end}}</a></li>
	{{end}}{{end}}
	<li class="target" id="blog-anonymous"><a href="#anonymous"><i class="material-icons md-18">description</i> <em>Draft</em></a></li>
	<li id="user-separator" class="separator"><hr /></li>
	{{ if .SingleUser }}
	<li><a href="/"><i class="material-icons md-18">launch</i> View Blog</a></li>
	<li><a href="/me/c/{{.Username}}"><i class="material-icons md-18">palette</i> Customize</a></li>
	<li><a href="/me/c/{{.Username}}/stats"><i class="material-icons md-18">trending_up</i> Stats</a></li>
	{{ else }}
	<li><a href="/me/c/"><i class="material-icons md-18">library_books</i> View Blogs</a></li>
	{{ end }}
	<li><a href="/me/posts/"><i class="material-icons md-18">view_list</i> View Drafts</a></li>
	<li><a href="/me/logout"><i class="material-icons md-18">power_settings_new</i> Log out</a></li>
	</ul>
	</li>{{end}}
	</ul></nav>
	<nav id="font-picker" class="if-room room-3 hidden" style="margin-left:-1em"><ul>
	<li><a href="#" id="" onclick="return false"><img class="ic-24dp" src="/img/ic_font_dark@2x.png" /> <img class="ic-18dp" src="/img/ic_down_arrow_dark@2x.png" /></a>
	<ul style="text-align: center">
	<li class="menu-heading">Font</li>
	<li class="selected"><a class="font norm" href="#norm">Serif</a></li>
	<li><a class="font sans" href="#sans">Sans-serif</a></li>
	<li><a class="font wrap" href="#wrap">Monospace</a></li>
	</ul>
	</li>
	</ul></nav>
	<span id="wc" class="hidden if-room room-4">0 words</span>
	</div>
	<noscript style="margin-left: 2em;"><strong>NOTE</strong>: for now, you'll need Javascript enabled to post.</noscript>
	<div id="belt">
	{{if .Editing}}<div class="tool hidden if-room"><a href="{{if .EditCollection}}{{.EditCollection.CanonicalURL}}{{.Post.Slug}}/edit/meta{{else}}/{{if .SingleUser}}d/{{end}}{{.Post.Id}}/meta{{end}}" title="Edit post metadata" id="edit-meta"><img class="ic-24dp" src="/img/ic_info_dark@2x.png" /></a></div>{{end}}
	<div class="tool hidden if-room room-2"><a href="#theme" title="Toggle theme" id="toggle-theme"><img class="ic-24dp" src="/img/ic_brightness_dark@2x.png" /></a></div>
	<div class="tool if-room room-1"><a href="{{if not .User}}/pad/posts{{else}}/me/posts/{{end}}" title="View posts" id="view-posts"><img class="ic-24dp" src="/img/ic_list_dark@2x.png" /></a></div>
	<div class="tool"><a href="#publish" title="Publish" id="publish"><img class="ic-24dp" src="/img/ic_send_dark@2x.png" /></a></div>
	</div>
	</header>

	<script src="/js/h.js"></script>
	<script>
	function toggleTheme() {
	var btns = Array.prototype.slice.call(document.getElementById('tools').querySelectorAll('a img'));
	var newTheme = '';
	if (document.body.classList.contains('light')) {
	newTheme = 'dark';
	document.body.className = document.body.className.replace(/(?:^\|\s)light(?!\S)/g, newTheme);
	for (var i=0; i<btns.length; i++) {
	btns[i].src = btns[i].src.replace('_dark@2x.png', '@2x.png');
	}
	} else {
	newTheme = 'light';
	document.body.className = document.body.className.replace(/(?:^\|\s)dark(?!\S)/g, newTheme);
	for (var i=0; i<btns.length; i++) {
	btns[i].src = btns[i].src.replace('@2x.png', '_dark@2x.png');
	}
	}
	H.set('padTheme', newTheme);
	}
	if (H.get('padTheme', 'light') != 'light') {
	toggleTheme();
	}
	var $writer = H.getEl('writer');
	var $btnPublish = H.getEl('publish');
	+ var $btnEraseEdit = H.getEl('edited-elsewhere');
	var $wc = H.getEl("wc");
	var updateWordCount = function() {
	var words = 0;
	var val = $writer.el.value.trim();
	if (val != '') {
	words = $writer.el.value.trim().replace(/\s+/gi, ' ').split(' ').length;
	}
	$wc.el.innerText = words + " word" + (words != 1 ? "s" : "");
	};
	var setButtonStates = function() {
	if (!canPublish) {
	$btnPublish.el.className = 'disabled';
	return;
	}
	if ($writer.el.value.length === 0 \|\| (draftDoc != 'lastDoc' && $writer.el.value == origDoc)) {
	$btnPublish.el.className = 'disabled';
	} else {
	$btnPublish.el.className = '';
	}
	};
	{{if .Post.Id}}var draftDoc = 'draft{{.Post.Id}}';
	var origDoc = '{{.Post.Content}}';{{else}}var draftDoc = 'lastDoc';{{end}}
	- H.load($writer, draftDoc, true);
	+ var updatedStr = '{{.Post.Updated8601}}';
	+ var updated = null;
	+ if (updatedStr != '') {
	+ updated = new Date(updatedStr);
	+ }
	+ var ok = H.load($writer, draftDoc, true, updated);
	+ if (!ok) {
	+ // Show "edited elsewhere" warning
	+ $btnEraseEdit.el.classList.remove('hidden');
	+ }
	+ var defaultTimeSet = false;
	updateWordCount();

	var typingTimer;
	var doneTypingInterval = 200;

	var posts;
	{{if and .Post.Id (not .Post.Slug)}}
	var token = null;
	var curPostIdx;
	posts = JSON.parse(H.get('posts', '[]'));
	for (var i=0; i<posts.length; i++) {
	if (posts[i].id == "{{.Post.Id}}") {
	token = posts[i].token;
	break;
	}
	}
	var canPublish = token != null;
	{{else}}var canPublish = true;{{end}}
	var publishing = false;
	var justPublished = false;
	var silenced = {{.Silenced}};
	var publish = function(content, font) {
	if (silenced === true) {
	alert("Your account is silenced, so you can't publish or update posts.");
	return;
	}
	{{if and (and .Post.Id (not .Post.Slug)) (not .User)}}
	if (!token) {
	alert("You don't have permission to update this post.");
	return;
	}
	if ($btnPublish.el.className == 'disabled') {
	return;
	}
	{{end}}
	$btnPublish.el.children[0].textContent = 'more_horiz';
	publishing = true;
	var xpostTarg = H.get('crosspostTarget', '[]');

	var http = new XMLHttpRequest();
	var lang = navigator.languages ? navigator.languages[0] : (navigator.language \|\| navigator.userLanguage);
	lang = lang.substring(0, 2);
	var post = H.getTitleStrict(content);

	var params = {
	body: post.content,
	title: post.title,
	font: font,
	lang: lang
	};
	{{ if .Post.Slug }}
	var url = "/api/collections/{{.EditCollection.Alias}}/posts/{{.Post.Id}}";
	{{ else if .Post.Id }}
	var url = "/api/posts/{{.Post.Id}}";
	if (typeof token === 'undefined' \|\| !token) {
	token = "";
	}
	params.token = token;
	{{ else }}
	var url = "/api/posts";
	var postTarget = H.get('postTarget', 'anonymous');
	if (postTarget != 'anonymous') {
	url = "/api/collections/" + postTarget + "/posts";
	}
	params.crosspost = JSON.parse(xpostTarg);
	{{ end }}

	http.open("POST", url, true);

	// Send the proper header information along with the request
	http.setRequestHeader("Content-type", "application/json");

	http.onreadystatechange = function() {
	if (http.readyState == 4) {
	publishing = false;
	if (http.status == 200 \|\| http.status == 201) {
	data = JSON.parse(http.responseText);
	id = data.data.id;
	nextURL = '{{if .SingleUser}}/d{{end}}/'+id;
	+ localStorage.setItem('draft'+id+'-published', new Date().toISOString());

	{{ if not .Post.Id }}
	// Post created
	if (postTarget != 'anonymous') {
	nextURL = {{if not .SingleUser}}'/'+postTarget+{{end}}'/'+data.data.slug;
	}
	editToken = data.data.token;

	{{ if not .User }}if (postTarget == 'anonymous') {
	// Save the data
	var posts = JSON.parse(H.get('posts', '[]'));

	{{if .Post.Id}}var newPost = H.createPost("{{.Post.Id}}", token, content);
	for (var i=0; i<posts.length; i++) {
	if (posts[i].id == "{{.Post.Id}}") {
	posts[i].title = newPost.title;
	posts[i].summary = newPost.summary;
	break;
	}
	}
	nextURL = "/pad/posts";{{else}}posts.push(H.createPost(id, editToken, content));{{end}}

	H.set('posts', JSON.stringify(posts));
	}
	{{ end }}
	{{ end }}

	justPublished = true;
	if (draftDoc != 'lastDoc') {
	H.remove(draftDoc);
	{{if .Editing}}H.remove('draft{{.Post.Id}}font');{{end}}
	} else {
	H.set(draftDoc, '');
	}

	{{if .EditCollection}}
	window.location = '{{.EditCollection.CanonicalURL}}{{.Post.Slug}}';
	{{else}}
	window.location = nextURL;
	{{end}}
	} else {
	$btnPublish.el.children[0].textContent = 'send';
	alert("Failed to post. Please try again.");
	}
	}
	}
	http.send(JSON.stringify(params));
	};

	setButtonStates();
	$writer.on('keyup input', function() {
	setButtonStates();
	clearTimeout(typingTimer);
	typingTimer = setTimeout(doneTyping, doneTypingInterval);
	}, false);
	$writer.on('keydown', function(e) {
	clearTimeout(typingTimer);
	if (e.keyCode == 13 && (e.metaKey \|\| e.ctrlKey)) {
	$btnPublish.el.click();
	}
	});
	$btnPublish.on('click', function(e) {
	e.preventDefault();
	if (!publishing && $writer.el.value) {
	var content = $writer.el.value;
	publish(content, selectedFont);
	}
	});
	+ H.getEl('erase-edit').on('click', function(e) {
	+ e.preventDefault();
	+ H.remove(draftDoc);
	+ H.remove(draftDoc+'-published');
	+ justPublished = true; // Block auto-save
	+ location.reload();
	+ });

	H.getEl('toggle-theme').on('click', function(e) {
	e.preventDefault();
	var newTheme = 'light';
	if (document.body.className == 'light') {
	newTheme = 'dark';
	}
	toggleTheme();
	});

	var targets = document.querySelectorAll('#target li.target a');
	for (var i=0; i<targets.length; i++) {
	targets[i].addEventListener('click', function(e) {
	e.preventDefault();
	var targetName = this.href.substring(this.href.indexOf('#')+1);
	H.set('postTarget', targetName);

	document.querySelector('#target li.target.selected').classList.remove('selected');
	this.parentElement.classList.add('selected');
	var newText = this.innerText.split(' ');
	newText.shift();
	document.getElementById('target-name').innerText = newText.join(' ');
	});
	}
	var postTarget = H.get('postTarget', '{{if .Blogs}}{{$blog := index .Blogs 0}}{{$blog.Alias}}{{else}}anonymous{{end}}');
	if (location.hash != '') {
	postTarget = location.hash.substring(1);
	// TODO: pushState to /pad (or whatever the URL is) so we live on a clean URL
	location.hash = '';
	}
	var pte = document.querySelector('#target li.target#blog-'+postTarget+' a');
	if (pte != null) {
	pte.click();
	} else {
	postTarget = 'anonymous';
	H.set('postTarget', postTarget);
	}

	var sansLoaded = false;
	WebFontConfig = {
	custom: { families: [ 'Lora:400,700:latin' ], urls: [ '/css/fonts.css' ] }
	};
	var loadSans = function() {
	if (sansLoaded) return;
	sansLoaded = true;
	WebFontConfig.custom.families.push('Open+Sans:400,700:latin');
	try {
	(function() {
	var wf=document.createElement('script');
	wf.src = '/js/webfont.js';
	wf.type='text/javascript';
	wf.async='true';
	var s=document.getElementsByTagName('script')[0];
	s.parentNode.insertBefore(wf, s);
	})();
	} catch (e) {}
	};
	var fonts = document.querySelectorAll('nav#font-picker a.font');
	for (var i=0; i<fonts.length; i++) {
	fonts[i].addEventListener('click', function(e) {
	e.preventDefault();
	selectedFont = this.href.substring(this.href.indexOf('#')+1);
	$writer.el.className = selectedFont;
	document.querySelector('nav#font-picker li.selected').classList.remove('selected');
	this.parentElement.classList.add('selected');
	H.set('{{if .Editing}}draft{{.Post.Id}}font{{else}}padFont{{end}}', selectedFont);
	if (selectedFont == 'sans') {
	loadSans();
	}
	});
	}
	var selectedFont = H.get('{{if .Editing}}draft{{.Post.Id}}font{{else}}padFont{{end}}', '{{.Post.Font}}');
	var sfe = document.querySelector('nav#font-picker a.font.'+selectedFont);
	if (sfe != null) {
	sfe.click();
	}

	var doneTyping = function() {
	if (draftDoc == 'lastDoc' \|\| $writer.el.value != origDoc) {
	H.save($writer, draftDoc);
	+ if (!defaultTimeSet) {
	+ var lastLocalPublishStr = localStorage.getItem(draftDoc+'-published');
	+ if (lastLocalPublishStr == null \|\| lastLocalPublishStr == '') {
	+ localStorage.setItem(draftDoc+'-published', updatedStr);
	+ }
	+ defaultTimeSet = true;
	+ }
	updateWordCount();
	}
	};
	window.addEventListener('beforeunload', function(e) {
	if (draftDoc != 'lastDoc' && $writer.el.value == origDoc) {
	H.remove(draftDoc);
	+ H.remove(draftDoc+'-published');
	} else if (!justPublished) {
	doneTyping();
	}
	});

	try {
	(function() {
	var wf=document.createElement('script');
	wf.src = '/js/webfont.js';
	wf.type='text/javascript';
	wf.async='true';
	var s=document.getElementsByTagName('script')[0];
	s.parentNode.insertBefore(wf, s);
	})();
	} catch (e) {
	// whatevs
	}
	</script>
	<link href="/css/icons.css" rel="stylesheet">
	</body>
	</html>{{end}}

File Metadata

Mime Type: text/x-diff
Expires: Sun, Nov 24, 10:38 PM (1 d, 1 h)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 3104858

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions