No OneTemporary
Actions

Size

104 KB

Subscribers

None

View Options

	diff --git a/collections.go b/collections.go
	index b85f0a4..66ad7a0 100644
	--- a/collections.go
	+++ b/collections.go
	@@ -1,1122 +1,1132 @@
	/*
	* Copyright © 2018 A Bunch Tell LLC.
	*
	* This file is part of WriteFreely.
	*
	* WriteFreely is free software: you can redistribute it and/or modify
	* it under the terms of the GNU Affero General Public License, included
	* in the LICENSE file in this source code package.
	*/

	package writefreely

	import (
	"database/sql"
	"encoding/json"
	"fmt"
	"html/template"
	"math"
	"net/http"
	"net/url"
	"regexp"
	"strconv"
	"strings"
	"unicode"

	"github.com/gorilla/mux"
	"github.com/writeas/impart"
	"github.com/writeas/web-core/activitystreams"
	"github.com/writeas/web-core/auth"
	"github.com/writeas/web-core/bots"
	"github.com/writeas/web-core/log"
	waposts "github.com/writeas/web-core/posts"
	"github.com/writeas/writefreely/author"
	"github.com/writeas/writefreely/config"
	"github.com/writeas/writefreely/page"
	)

	type (
	// TODO: add Direction to db
	// TODO: add Language to db
	Collection struct {
	ID int64 `datastore:"id" json:"-"`
	Alias string `datastore:"alias" schema:"alias" json:"alias"`
	Title string `datastore:"title" schema:"title" json:"title"`
	Description string `datastore:"description" schema:"description" json:"description"`
	Direction string `schema:"dir" json:"dir,omitempty"`
	Language string `schema:"lang" json:"lang,omitempty"`
	StyleSheet string `datastore:"style_sheet" schema:"style_sheet" json:"style_sheet"`
	Script string `datastore:"script" schema:"script" json:"script,omitempty"`
	Public bool `datastore:"public" json:"public"`
	Visibility collVisibility `datastore:"private" json:"-"`
	Format string `datastore:"format" json:"format,omitempty"`
	Views int64 `json:"views"`
	OwnerID int64 `datastore:"owner_id" json:"-"`
	PublicOwner bool `datastore:"public_owner" json:"-"`
	URL string `json:"url,omitempty"`

	db *datastore
	hostName string
	}
	CollectionObj struct {
	Collection
	TotalPosts int `json:"total_posts"`
	Owner *User `json:"owner,omitempty"`
	Posts *[]PublicPost `json:"posts,omitempty"`
	}
	DisplayCollection struct {
	*CollectionObj
	Prefix string
	IsTopLevel bool
	CurrentPage int
	TotalPages int
	Format *CollectionFormat
	Suspended bool
	}
	SubmittedCollection struct {
	// Data used for updating a given collection
	ID int64
	OwnerID uint64

	// Form helpers
	PreferURL string `schema:"prefer_url" json:"prefer_url"`
	Privacy int `schema:"privacy" json:"privacy"`
	Pass string `schema:"password" json:"password"`
	MathJax bool `schema:"mathjax" json:"mathjax"`
	Handle string `schema:"handle" json:"handle"`

	// Actual collection values updated in the DB
	Alias *string `schema:"alias" json:"alias"`
	Title *string `schema:"title" json:"title"`
	Description *string `schema:"description" json:"description"`
	StyleSheet *sql.NullString `schema:"style_sheet" json:"style_sheet"`
	Script *sql.NullString `schema:"script" json:"script"`
	Visibility *int `schema:"visibility" json:"public"`
	Format *sql.NullString `schema:"format" json:"format"`
	}
	CollectionFormat struct {
	Format string
	}

	collectionReq struct {
	// Information about the collection request itself
	prefix, alias, domain string
	isCustomDomain bool

	// User-related fields
	isCollOwner bool
	}
	)

	func (sc *SubmittedCollection) FediverseHandle() string {
	if sc.Handle == "" {
	return apCustomHandleDefault
	}
	return getSlug(sc.Handle, "")
	}

	// collVisibility represents the visibility level for the collection.
	type collVisibility int

	// Visibility levels. Values are bitmasks, stored in the database as
	// decimal numbers. If adding types, append them to this list. If removing,
	// replace the desired visibility with a new value.
	const CollUnlisted collVisibility = 0
	const (
	CollPublic collVisibility = 1 << iota
	CollPrivate
	CollProtected
	)

	var collVisibilityStrings = map[string]collVisibility{
	"unlisted": CollUnlisted,
	"public": CollPublic,
	"private": CollPrivate,
	"protected": CollProtected,
	}

	func defaultVisibility(cfg *config.Config) collVisibility {
	vis, ok := collVisibilityStrings[cfg.App.DefaultVisibility]
	if !ok {
	vis = CollUnlisted
	}
	return vis
	}

	func (cf *CollectionFormat) Ascending() bool {
	return cf.Format == "novel"
	}
	func (cf *CollectionFormat) ShowDates() bool {
	return cf.Format == "blog"
	}
	func (cf *CollectionFormat) PostsPerPage() int {
	if cf.Format == "novel" {
	return postsPerPage
	}
	return postsPerPage
	}

	// Valid returns whether or not a format value is valid.
	func (cf *CollectionFormat) Valid() bool {
	return cf.Format == "blog" \|\|
	cf.Format == "novel" \|\|
	cf.Format == "notebook"
	}

	// NewFormat creates a new CollectionFormat object from the Collection.
	func (c Collection) NewFormat() CollectionFormat {
	cf := &CollectionFormat{Format: c.Format}

	// Fill in default format
	if cf.Format == "" {
	cf.Format = "blog"
	}

	return cf
	}

	func (c *Collection) IsUnlisted() bool {
	return c.Visibility == 0
	}

	func (c *Collection) IsPrivate() bool {
	return c.Visibility&CollPrivate != 0
	}

	func (c *Collection) IsProtected() bool {
	return c.Visibility&CollProtected != 0
	}

	func (c *Collection) IsPublic() bool {
	return c.Visibility&CollPublic != 0
	}

	func (c *Collection) FriendlyVisibility() string {
	if c.IsPrivate() {
	return "Private"
	}
	if c.IsPublic() {
	return "Public"
	}
	if c.IsProtected() {
	return "Password-protected"
	}
	return "Unlisted"
	}

	func (c *Collection) ShowFooterBranding() bool {
	// TODO: implement this setting
	return true
	}

	// CanonicalURL returns a fully-qualified URL to the collection.
	func (c *Collection) CanonicalURL() string {
	return c.RedirectingCanonicalURL(false)
	}

	func (c *Collection) DisplayCanonicalURL() string {
	us := c.CanonicalURL()
	u, err := url.Parse(us)
	if err != nil {
	return us
	}
	p := u.Path
	if p == "/" {
	p = ""
	}
	return u.Hostname() + p
	}

	func (c *Collection) RedirectingCanonicalURL(isRedir bool) string {
	if c.hostName == "" {
	// If this is true, the human programmers screwed up. So ask for a bug report and fail, fail, fail
	log.Error("[PROGRAMMER ERROR] WARNING: Collection.hostName is empty! Federation and many other things will fail! If you're seeing this in the wild, please report this bug and let us know what you were doing just before this: https://github.com/writeas/writefreely/issues/new?template=bug_report.md")
	}
	if isSingleUser {
	return c.hostName + "/"
	}

	return fmt.Sprintf("%s/%s/", c.hostName, c.Alias)
	}

	// PrevPageURL provides a full URL for the previous page of collection posts,
	// returning a /page/N result for pages >1
	func (c *Collection) PrevPageURL(prefix string, n int, tl bool) string {
	u := ""
	if n == 2 {
	// Previous page is 1; no need for /page/ prefix
	if prefix == "" {
	u = "/"
	}
	// Else leave off trailing slash
	} else {
	u = fmt.Sprintf("/page/%d", n-1)
	}

	if tl {
	return u
	}
	return "/" + prefix + c.Alias + u
	}

	// NextPageURL provides a full URL for the next page of collection posts
	func (c *Collection) NextPageURL(prefix string, n int, tl bool) string {
	if tl {
	return fmt.Sprintf("/page/%d", n+1)
	}
	return fmt.Sprintf("/%s%s/page/%d", prefix, c.Alias, n+1)
	}

	func (c *Collection) DisplayTitle() string {
	if c.Title != "" {
	return c.Title
	}
	return c.Alias
	}

	func (c *Collection) StyleSheetDisplay() template.CSS {
	return template.CSS(c.StyleSheet)
	}

	// ForPublic modifies the Collection for public consumption, such as via
	// the API.
	func (c *Collection) ForPublic() {
	c.URL = c.CanonicalURL()
	}

	var isAvatarChar = regexp.MustCompile("[a-z0-9]").MatchString

	func (c Collection) PersonObject(ids ...int64) activitystreams.Person {
	accountRoot := c.FederatedAccount()
	p := activitystreams.NewPerson(accountRoot)
	p.URL = c.CanonicalURL()
	uname := c.Alias
	p.PreferredUsername = uname
	p.Name = c.DisplayTitle()
	p.Summary = c.Description
	if p.Name != "" {
	if av := c.AvatarURL(); av != "" {
	p.Icon = activitystreams.Image{
	Type: "Image",
	MediaType: "image/png",
	URL: av,
	}
	}
	}

	collID := c.ID
	if len(ids) > 0 {
	collID = ids[0]
	}
	pub, priv := c.db.GetAPActorKeys(collID)
	if pub != nil {
	p.AddPubKey(pub)
	p.SetPrivKey(priv)
	}

	return p
	}

	func (c *Collection) AvatarURL() string {
	fl := string(unicode.ToLower([]rune(c.DisplayTitle())[0]))
	if !isAvatarChar(fl) {
	return ""
	}
	return c.hostName + "/img/avatars/" + fl + ".png"
	}

	func (c *Collection) FederatedAPIBase() string {
	return c.hostName + "/"
	}

	func (c *Collection) FederatedAccount() string {
	accountUser := c.Alias
	return c.FederatedAPIBase() + "api/collections/" + accountUser
	}

	func (c *Collection) RenderMathJax() bool {
	return c.db.CollectionHasAttribute(c.ID, "render_mathjax")
	}

	func newCollection(app App, w http.ResponseWriter, r http.Request) error {
	reqJSON := IsJSON(r)
	alias := r.FormValue("alias")
	title := r.FormValue("title")

	var missingParams, accessToken string
	var u *User
	c := struct {
	Alias string `json:"alias" schema:"alias"`
	Title string `json:"title" schema:"title"`
	Web bool `json:"web" schema:"web"`
	}{}
	if reqJSON {
	// Decode JSON request
	decoder := json.NewDecoder(r.Body)
	err := decoder.Decode(&c)
	if err != nil {
	log.Error("Couldn't parse post update JSON request: %v\n", err)
	return ErrBadJSON
	}
	} else {
	// TODO: move form parsing to formDecoder
	c.Alias = alias
	c.Title = title
	}

	if c.Alias == "" {
	if c.Title != "" {
	// If only a title was given, just use it to generate the alias.
	c.Alias = getSlug(c.Title, "")
	} else {
	missingParams += "`alias` "
	}
	}
	if c.Title == "" {
	missingParams += "`title` "
	}
	if missingParams != "" {
	return impart.HTTPError{http.StatusBadRequest, fmt.Sprintf("Parameter(s) %srequired.", missingParams)}
	}

	var userID int64
	var err error
	if reqJSON && !c.Web {
	accessToken = r.Header.Get("Authorization")
	if accessToken == "" {
	return ErrNoAccessToken
	}
	userID = app.db.GetUserID(accessToken)
	if userID == -1 {
	return ErrBadAccessToken
	}
	} else {
	u = getUserSession(app, r)
	if u == nil {
	return ErrNotLoggedIn
	}
	userID = u.ID
	}
	suspended, err := app.db.IsUserSuspended(userID)
	if err != nil {
	log.Error("new collection: %v", err)
	return ErrInternalGeneral
	}
	if suspended {
	return ErrUserSuspended
	}

	if !author.IsValidUsername(app.cfg, c.Alias) {
	return impart.HTTPError{http.StatusPreconditionFailed, "Collection alias isn't valid."}
	}

	coll, err := app.db.CreateCollection(app.cfg, c.Alias, c.Title, userID)
	if err != nil {
	// TODO: handle this
	return err
	}

	res := &CollectionObj{Collection: *coll}

	if reqJSON {
	return impart.WriteSuccess(w, res, http.StatusCreated)
	}
	redirectTo := "/me/c/"
	// TODO: redirect to pad when necessary
	return impart.HTTPError{http.StatusFound, redirectTo}
	}

	func apiCheckCollectionPermissions(app App, r http.Request, c *Collection) (int64, error) {
	accessToken := r.Header.Get("Authorization")
	var userID int64 = -1
	if accessToken != "" {
	userID = app.db.GetUserID(accessToken)
	}
	isCollOwner := userID == c.OwnerID
	if c.IsPrivate() && !isCollOwner {
	// Collection is private, but user isn't authenticated
	return -1, ErrCollectionNotFound
	}
	if c.IsProtected() {
	// TODO: check access token
	return -1, ErrCollectionUnauthorizedRead
	}

	return userID, nil
	}

	// fetchCollection handles the API endpoint for retrieving collection data.
	func fetchCollection(app App, w http.ResponseWriter, r http.Request) error {
	accept := r.Header.Get("Accept")
	if strings.Contains(accept, "application/activity+json") {
	return handleFetchCollectionActivities(app, w, r)
	}

	vars := mux.Vars(r)
	alias := vars["alias"]

	// TODO: move this logic into a common getCollection function
	// Get base Collection data
	c, err := app.db.GetCollection(alias)
	if err != nil {
	return err
	}
	c.hostName = app.cfg.App.Host

	// Redirect users who aren't requesting JSON
	reqJSON := IsJSON(r)
	if !reqJSON {
	return impart.HTTPError{http.StatusFound, c.CanonicalURL()}
	}

	// Check permissions
	userID, err := apiCheckCollectionPermissions(app, r, c)
	if err != nil {
	return err
	}
	isCollOwner := userID == c.OwnerID

	// Fetch extra data about the Collection
	res := &CollectionObj{Collection: *c}
	if c.PublicOwner {
	u, err := app.db.GetUserByID(res.OwnerID)
	if err != nil {
	// Log the error and just continue
	log.Error("Error getting user for collection: %v", err)
	} else {
	res.Owner = u
	}
	}
	// TODO: check suspended
	app.db.GetPostsCount(res, isCollOwner)
	// Strip non-public information
	res.Collection.ForPublic()

	return impart.WriteSuccess(w, res, http.StatusOK)
	}

	// fetchCollectionPosts handles an API endpoint for retrieving a collection's
	// posts.
	func fetchCollectionPosts(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	alias := vars["alias"]

	c, err := app.db.GetCollection(alias)
	if err != nil {
	return err
	}
	c.hostName = app.cfg.App.Host

	// Check permissions
	userID, err := apiCheckCollectionPermissions(app, r, c)
	if err != nil {
	return err
	}
	isCollOwner := userID == c.OwnerID

	// Get page
	page := 1
	if p := r.FormValue("page"); p != "" {
	pInt, _ := strconv.Atoi(p)
	if pInt > 0 {
	page = pInt
	}
	}

	posts, err := app.db.GetPosts(app.cfg, c, page, isCollOwner, false, false)
	if err != nil {
	return err
	}
	coll := &CollectionObj{Collection: *c, Posts: posts}
	app.db.GetPostsCount(coll, isCollOwner)
	// Strip non-public information
	coll.Collection.ForPublic()

	// Transform post bodies if needed
	if r.FormValue("body") == "html" {
	for _, p := range *coll.Posts {
	p.Content = waposts.ApplyMarkdown([]byte(p.Content))
	}
	}

	return impart.WriteSuccess(w, coll, http.StatusOK)
	}

	type CollectionPage struct {
	page.StaticPage
	*DisplayCollection
	IsCustomDomain bool
	IsWelcome bool
	IsOwner bool
	CanPin bool
	Username string
	Collections *[]Collection
	PinnedPosts *[]PublicPost
	IsAdmin bool
	CanInvite bool
	}

	func (c *CollectionObj) ScriptDisplay() template.JS {
	return template.JS(c.Script)
	}

	var jsSourceCommentReg = regexp.MustCompile("(?m)^// src:(.+)$")

	func (c *CollectionObj) ExternalScripts() []template.URL {
	scripts := []template.URL{}
	if c.Script == "" {
	return scripts
	}

	matches := jsSourceCommentReg.FindAllStringSubmatch(c.Script, -1)
	for _, m := range matches {
	scripts = append(scripts, template.URL(strings.TrimSpace(m[1])))
	}
	return scripts
	}

	func (c *CollectionObj) CanShowScript() bool {
	return false
	}

	func processCollectionRequest(cr collectionReq, vars map[string]string, w http.ResponseWriter, r http.Request) error {
	cr.prefix = vars["prefix"]
	cr.alias = vars["collection"]
	// Normalize the URL, redirecting user to consistent post URL
	if cr.alias != strings.ToLower(cr.alias) {
	return impart.HTTPError{http.StatusMovedPermanently, fmt.Sprintf("/%s/", strings.ToLower(cr.alias))}
	}

	return nil
	}

	// processCollectionPermissions checks the permissions for the given
	// collectionReq, returning a Collection if access is granted; otherwise this
	// renders any necessary collection pages, for example, if requesting a custom
	// domain that doesn't yet have a collection associated, or if a collection
	// requires a password. In either case, this will return nil, nil -- thus both
	// values should ALWAYS be checked to determine whether or not to continue.
	func processCollectionPermissions(app App, cr collectionReq, u User, w http.ResponseWriter, r http.Request) (*Collection, error) {
	// Display collection if this is a collection
	var c *Collection
	var err error
	if app.cfg.App.SingleUser {
	c, err = app.db.GetCollectionByID(1)
	} else {
	c, err = app.db.GetCollection(cr.alias)
	}
	// TODO: verify we don't reveal the existence of a private collection with redirection
	if err != nil {
	if err, ok := err.(impart.HTTPError); ok {
	if err.Status == http.StatusNotFound {
	if cr.isCustomDomain {
	// User is on the site from a custom domain
	//tErr := pages["404-domain.tmpl"].ExecuteTemplate(w, "base", pageForHost(page.StaticPage{}, r))
	//if tErr != nil {
	//log.Error("Unable to render 404-domain page: %v", err)
	//}
	return nil, nil
	}
	if len(cr.alias) >= minIDLen && len(cr.alias) <= maxIDLen {
	// Alias is within post ID range, so just be sure this isn't a post
	if app.db.PostIDExists(cr.alias) {
	// TODO: use StatusFound for vanity post URLs when we implement them
	return nil, impart.HTTPError{http.StatusMovedPermanently, "/" + cr.alias}
	}
	}
	// Redirect if necessary
	newAlias := app.db.GetCollectionRedirect(cr.alias)
	if newAlias != "" {
	return nil, impart.HTTPError{http.StatusFound, "/" + newAlias + "/"}
	}
	}
	}
	return nil, err
	}
	c.hostName = app.cfg.App.Host

	// Update CollectionRequest to reflect owner status
	cr.isCollOwner = u != nil && u.ID == c.OwnerID

	// Check permissions
	if !cr.isCollOwner {
	if c.IsPrivate() {
	return nil, ErrCollectionNotFound
	} else if c.IsProtected() {
	uname := ""
	if u != nil {
	uname = u.Username
	}

	+ // TODO: move this to all permission checks?
	+ suspended, err := app.db.IsUserSuspended(c.OwnerID)
	+ if err != nil {
	+ log.Error("process protected collection permissions: %v", err)
	+ return nil, err
	+ }
	+ if suspended {
	+ return nil, ErrCollectionNotFound
	+ }
	+
	// See if we've authorized this collection
	authd := isAuthorizedForCollection(app, c.Alias, r)

	if !authd {
	p := struct {
	page.StaticPage
	*CollectionObj
	Username string
	Next string
	Flashes []template.HTML
	}{
	StaticPage: pageForReq(app, r),
	CollectionObj: &CollectionObj{Collection: *c},
	Username: uname,
	Next: r.FormValue("g"),
	Flashes: []template.HTML{},
	}
	// Get owner information
	p.CollectionObj.Owner, err = app.db.GetUserByID(c.OwnerID)
	if err != nil {
	// Log the error and just continue
	log.Error("Error getting user for collection: %v", err)
	}

	flashes, _ := getSessionFlashes(app, w, r, nil)
	for _, flash := range flashes {
	p.Flashes = append(p.Flashes, template.HTML(flash))
	}
	err = templates["password-collection"].ExecuteTemplate(w, "password-collection", p)
	if err != nil {
	log.Error("Unable to render password-collection: %v", err)
	return nil, err
	}
	return nil, nil
	}
	}
	}
	return c, nil
	}

	func checkUserForCollection(app App, cr collectionReq, r http.Request, isPostReq bool) (User, error) {
	u := getUserSession(app, r)
	return u, nil
	}

	func newDisplayCollection(c Collection, cr collectionReq, page int) *DisplayCollection {
	coll := &DisplayCollection{
	CollectionObj: &CollectionObj{Collection: *c},
	CurrentPage: page,
	Prefix: cr.prefix,
	IsTopLevel: isSingleUser,
	Format: c.NewFormat(),
	}
	c.db.GetPostsCount(coll.CollectionObj, cr.isCollOwner)
	return coll
	}

	func getCollectionPage(vars map[string]string) int {
	page := 1
	var p int
	p, _ = strconv.Atoi(vars["page"])
	if p > 0 {
	page = p
	}
	return page
	}

	// handleViewCollection displays the requested Collection
	func handleViewCollection(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	cr := &collectionReq{}

	err := processCollectionRequest(cr, vars, w, r)
	if err != nil {
	return err
	}

	u, err := checkUserForCollection(app, cr, r, false)
	if err != nil {
	return err
	}

	page := getCollectionPage(vars)

	c, err := processCollectionPermissions(app, cr, u, w, r)
	if c == nil \|\| err != nil {
	return err
	}
	c.hostName = app.cfg.App.Host

	suspended, err := app.db.IsUserSuspended(c.OwnerID)
	if err != nil {
	log.Error("view collection: %v", err)
	return ErrInternalGeneral
	}

	// Serve ActivityStreams data now, if requested
	if strings.Contains(r.Header.Get("Accept"), "application/activity+json") {
	ac := c.PersonObject()
	ac.Context = []interface{}{activitystreams.Namespace}
	return impart.RenderActivityJSON(w, ac, http.StatusOK)
	}

	// Fetch extra data about the Collection
	// TODO: refactor out this logic, shared in collection.go:fetchCollection()
	coll := newDisplayCollection(c, cr, page)

	coll.TotalPages = int(math.Ceil(float64(coll.TotalPosts) / float64(coll.Format.PostsPerPage())))
	if coll.TotalPages > 0 && page > coll.TotalPages {
	redirURL := fmt.Sprintf("/page/%d", coll.TotalPages)
	if !app.cfg.App.SingleUser {
	redirURL = fmt.Sprintf("/%s%s%s", cr.prefix, coll.Alias, redirURL)
	}
	return impart.HTTPError{http.StatusFound, redirURL}
	}

	coll.Posts, _ = app.db.GetPosts(app.cfg, c, page, cr.isCollOwner, false, false)

	// Serve collection
	displayPage := CollectionPage{
	DisplayCollection: coll,
	StaticPage: pageForReq(app, r),
	IsCustomDomain: cr.isCustomDomain,
	IsWelcome: r.FormValue("greeting") != "",
	}
	displayPage.IsAdmin = u != nil && u.IsAdmin()
	displayPage.CanInvite = canUserInvite(app.cfg, displayPage.IsAdmin)
	var owner *User
	if u != nil {
	displayPage.Username = u.Username
	displayPage.IsOwner = u.ID == coll.OwnerID
	if displayPage.IsOwner {
	// Add in needed information for users viewing their own collection
	owner = u
	displayPage.CanPin = true

	pubColls, err := app.db.GetPublishableCollections(owner, app.cfg.App.Host)
	if err != nil {
	log.Error("unable to fetch collections: %v", err)
	}
	displayPage.Collections = pubColls
	}
	}
	isOwner := owner != nil
	if !isOwner {
	// Current user doesn't own collection; retrieve owner information
	owner, err = app.db.GetUserByID(coll.OwnerID)
	if err != nil {
	// Log the error and just continue
	log.Error("Error getting user for collection: %v", err)
	}
	}
	if !isOwner && suspended {
	return ErrCollectionNotFound
	}
	displayPage.Suspended = isOwner && suspended
	displayPage.Owner = owner
	coll.Owner = displayPage.Owner

	// Add more data
	// TODO: fix this mess of collections inside collections
	displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, isOwner)

	collTmpl := "collection"
	if app.cfg.App.Chorus {
	collTmpl = "chorus-collection"
	}
	err = templates[collTmpl].ExecuteTemplate(w, "collection", displayPage)
	if err != nil {
	log.Error("Unable to render collection index: %v", err)
	}

	// Update collection view count
	go func() {
	// Don't update if owner is viewing the collection.
	if u != nil && u.ID == coll.OwnerID {
	return
	}
	// Only update for human views
	if r.Method == "HEAD" \|\| bots.IsBot(r.UserAgent()) {
	return
	}

	_, err := app.db.Exec("UPDATE collections SET view_count = view_count + 1 WHERE id = ?", coll.ID)
	if err != nil {
	log.Error("Unable to update collections count: %v", err)
	}
	}()

	return err
	}

	func handleViewCollectionTag(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	tag := vars["tag"]

	cr := &collectionReq{}
	err := processCollectionRequest(cr, vars, w, r)
	if err != nil {
	return err
	}

	u, err := checkUserForCollection(app, cr, r, false)
	if err != nil {
	return err
	}

	page := getCollectionPage(vars)

	c, err := processCollectionPermissions(app, cr, u, w, r)
	if c == nil \|\| err != nil {
	return err
	}

	coll := newDisplayCollection(c, cr, page)

	coll.Posts, _ = app.db.GetPostsTagged(app.cfg, c, tag, page, cr.isCollOwner)
	if coll.Posts != nil && len(*coll.Posts) == 0 {
	return ErrCollectionPageNotFound
	}

	// Serve collection
	displayPage := struct {
	CollectionPage
	Tag string
	}{
	CollectionPage: CollectionPage{
	DisplayCollection: coll,
	StaticPage: pageForReq(app, r),
	IsCustomDomain: cr.isCustomDomain,
	},
	Tag: tag,
	}
	var owner *User
	if u != nil {
	displayPage.Username = u.Username
	displayPage.IsOwner = u.ID == coll.OwnerID
	if displayPage.IsOwner {
	// Add in needed information for users viewing their own collection
	owner = u
	displayPage.CanPin = true

	pubColls, err := app.db.GetPublishableCollections(owner, app.cfg.App.Host)
	if err != nil {
	log.Error("unable to fetch collections: %v", err)
	}
	displayPage.Collections = pubColls
	}
	}
	isOwner := owner != nil
	if !isOwner {
	// Current user doesn't own collection; retrieve owner information
	owner, err = app.db.GetUserByID(coll.OwnerID)
	if err != nil {
	// Log the error and just continue
	log.Error("Error getting user for collection: %v", err)
	}
	if owner.IsSilenced() {
	return ErrCollectionNotFound
	}
	}
	displayPage.Suspended = owner != nil && owner.IsSilenced()
	displayPage.Owner = owner
	coll.Owner = displayPage.Owner
	// Add more data
	// TODO: fix this mess of collections inside collections
	displayPage.PinnedPosts, _ = app.db.GetPinnedPosts(coll.CollectionObj, isOwner)

	err = templates["collection-tags"].ExecuteTemplate(w, "collection-tags", displayPage)
	if err != nil {
	log.Error("Unable to render collection tag page: %v", err)
	}

	return nil
	}

	func handleCollectionPostRedirect(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	slug := vars["slug"]

	cr := &collectionReq{}
	err := processCollectionRequest(cr, vars, w, r)
	if err != nil {
	return err
	}

	// Normalize the URL, redirecting user to consistent post URL
	loc := fmt.Sprintf("/%s", slug)
	if !app.cfg.App.SingleUser {
	loc = fmt.Sprintf("/%s/%s", cr.alias, slug)
	}
	return impart.HTTPError{http.StatusFound, loc}
	}

	func existingCollection(app App, w http.ResponseWriter, r http.Request) error {
	reqJSON := IsJSON(r)
	vars := mux.Vars(r)
	collAlias := vars["alias"]
	isWeb := r.FormValue("web") == "1"

	u := &User{}
	if reqJSON && !isWeb {
	// Ensure an access token was given
	accessToken := r.Header.Get("Authorization")
	u.ID = app.db.GetUserID(accessToken)
	if u.ID == -1 {
	return ErrBadAccessToken
	}
	} else {
	u = getUserSession(app, r)
	if u == nil {
	return ErrNotLoggedIn
	}
	}

	suspended, err := app.db.IsUserSuspended(u.ID)
	if err != nil {
	log.Error("existing collection: %v", err)
	return ErrInternalGeneral
	}

	if suspended {
	return ErrUserSuspended
	}

	if r.Method == "DELETE" {
	err := app.db.DeleteCollection(collAlias, u.ID)
	if err != nil {
	// TODO: if not HTTPError, report error to admin
	log.Error("Unable to delete collection: %s", err)
	return err
	}
	addSessionFlash(app, w, r, "Deleted your blog, "+collAlias+".", nil)
	return impart.HTTPError{Status: http.StatusNoContent}
	}

	c := SubmittedCollection{OwnerID: uint64(u.ID)}

	if reqJSON {
	// Decode JSON request
	decoder := json.NewDecoder(r.Body)
	err = decoder.Decode(&c)
	if err != nil {
	log.Error("Couldn't parse collection update JSON request: %v\n", err)
	return ErrBadJSON
	}
	} else {
	err = r.ParseForm()
	if err != nil {
	log.Error("Couldn't parse collection update form request: %v\n", err)
	return ErrBadFormData
	}

	err = app.formDecoder.Decode(&c, r.PostForm)
	if err != nil {
	log.Error("Couldn't decode collection update form request: %v\n", err)
	return ErrBadFormData
	}
	}

	err = app.db.UpdateCollection(&c, collAlias)
	if err != nil {
	if err, ok := err.(impart.HTTPError); ok {
	if reqJSON {
	return err
	}
	addSessionFlash(app, w, r, err.Message, nil)
	return impart.HTTPError{http.StatusFound, "/me/c/" + collAlias}
	} else {
	log.Error("Couldn't update collection: %v\n", err)
	return err
	}
	}

	if reqJSON {
	return impart.WriteSuccess(w, struct {
	}{}, http.StatusOK)
	}

	addSessionFlash(app, w, r, "Blog updated!", nil)
	return impart.HTTPError{http.StatusFound, "/me/c/" + collAlias}
	}

	// collectionAliasFromReq takes a request and returns the collection alias
	// if it can be ascertained, as well as whether or not the collection uses a
	// custom domain.
	func collectionAliasFromReq(r *http.Request) string {
	vars := mux.Vars(r)
	alias := vars["subdomain"]
	isSubdomain := alias != ""
	if !isSubdomain {
	// Fall back to write.as/{collection} since this isn't a custom domain
	alias = vars["collection"]
	}
	return alias
	}

	func handleWebCollectionUnlock(app App, w http.ResponseWriter, r http.Request) error {
	var readReq struct {
	Alias string `schema:"alias" json:"alias"`
	Pass string `schema:"password" json:"password"`
	Next string `schema:"to" json:"to"`
	}

	// Get params
	if impart.ReqJSON(r) {
	decoder := json.NewDecoder(r.Body)
	err := decoder.Decode(&readReq)
	if err != nil {
	log.Error("Couldn't parse readReq JSON request: %v\n", err)
	return ErrBadJSON
	}
	} else {
	err := r.ParseForm()
	if err != nil {
	log.Error("Couldn't parse readReq form request: %v\n", err)
	return ErrBadFormData
	}

	err = app.formDecoder.Decode(&readReq, r.PostForm)
	if err != nil {
	log.Error("Couldn't decode readReq form request: %v\n", err)
	return ErrBadFormData
	}
	}

	if readReq.Alias == "" {
	return impart.HTTPError{http.StatusBadRequest, "Need a collection `alias` to read."}
	}
	if readReq.Pass == "" {
	return impart.HTTPError{http.StatusBadRequest, "Please supply a password."}
	}

	var collHashedPass []byte
	err := app.db.QueryRow("SELECT password FROM collectionpasswords INNER JOIN collections ON id = collection_id WHERE alias = ?", readReq.Alias).Scan(&collHashedPass)
	if err != nil {
	if err == sql.ErrNoRows {
	log.Error("No collectionpassword found when trying to read collection %s", readReq.Alias)
	return impart.HTTPError{http.StatusInternalServerError, "Something went very wrong. The humans have been alerted."}
	}
	return err
	}

	if !auth.Authenticated(collHashedPass, []byte(readReq.Pass)) {
	return impart.HTTPError{http.StatusUnauthorized, "Incorrect password."}
	}

	// Success; set cookie
	session, err := app.sessionStore.Get(r, blogPassCookieName)
	if err == nil {
	session.Values[readReq.Alias] = true
	err = session.Save(r, w)
	if err != nil {
	log.Error("Didn't save unlocked blog '%s': %v", readReq.Alias, err)
	}
	}

	next := "/" + readReq.Next
	if !app.cfg.App.SingleUser {
	next = "/" + readReq.Alias + next
	}
	return impart.HTTPError{http.StatusFound, next}
	}

	func isAuthorizedForCollection(app App, alias string, r http.Request) bool {
	authd := false
	session, err := app.sessionStore.Get(r, blogPassCookieName)
	if err == nil {
	_, authd = session.Values[alias]
	}
	return authd
	}
	diff --git a/posts.go b/posts.go
	index 9440ad8..547343b 100644
	--- a/posts.go
	+++ b/posts.go
	@@ -1,1535 +1,1539 @@
	/*
	* Copyright © 2018-2019 A Bunch Tell LLC.
	*
	* This file is part of WriteFreely.
	*
	* WriteFreely is free software: you can redistribute it and/or modify
	* it under the terms of the GNU Affero General Public License, included
	* in the LICENSE file in this source code package.
	*/

	package writefreely

	import (
	"database/sql"
	"encoding/json"
	"fmt"
	"html/template"
	"net/http"
	"regexp"
	"strings"
	"time"

	"github.com/gorilla/mux"
	"github.com/guregu/null"
	"github.com/guregu/null/zero"
	"github.com/kylemcc/twitter-text-go/extract"
	"github.com/microcosm-cc/bluemonday"
	stripmd "github.com/writeas/go-strip-markdown"
	"github.com/writeas/impart"
	"github.com/writeas/monday"
	"github.com/writeas/slug"
	"github.com/writeas/web-core/activitystreams"
	"github.com/writeas/web-core/bots"
	"github.com/writeas/web-core/converter"
	"github.com/writeas/web-core/i18n"
	"github.com/writeas/web-core/log"
	"github.com/writeas/web-core/tags"
	"github.com/writeas/writefreely/config"
	"github.com/writeas/writefreely/page"
	"github.com/writeas/writefreely/parse"
	)

	const (
	// Post ID length bounds
	minIDLen = 10
	maxIDLen = 10
	userPostIDLen = 10
	postIDLen = 10

	postMetaDateFormat = "2006-01-02 15:04:05"
	)

	type (
	AnonymousPost struct {
	ID string
	Content string
	HTMLContent template.HTML
	Font string
	Language string
	Direction string
	Title string
	GenTitle string
	Description string
	Author string
	Views int64
	IsPlainText bool
	IsCode bool
	IsLinkable bool
	}

	AuthenticatedPost struct {
	ID string `json:"id" schema:"id"`
	Web bool `json:"web" schema:"web"`
	*SubmittedPost
	}

	// SubmittedPost represents a post supplied by a client for publishing or
	// updating. Since Title and Content can be updated to "", they are
	// pointers that can be easily tested to detect changes.
	SubmittedPost struct {
	Slug *string `json:"slug" schema:"slug"`
	Title *string `json:"title" schema:"title"`
	Content *string `json:"body" schema:"body"`
	Font string `json:"font" schema:"font"`
	IsRTL converter.NullJSONBool `json:"rtl" schema:"rtl"`
	Language converter.NullJSONString `json:"lang" schema:"lang"`
	Created *string `json:"created" schema:"created"`
	}

	// Post represents a post as found in the database.
	Post struct {
	ID string `db:"id" json:"id"`
	Slug null.String `db:"slug" json:"slug,omitempty"`
	Font string `db:"text_appearance" json:"appearance"`
	Language zero.String `db:"language" json:"language"`
	RTL zero.Bool `db:"rtl" json:"rtl"`
	Privacy int64 `db:"privacy" json:"-"`
	OwnerID null.Int `db:"owner_id" json:"-"`
	CollectionID null.Int `db:"collection_id" json:"-"`
	PinnedPosition null.Int `db:"pinned_position" json:"-"`
	Created time.Time `db:"created" json:"created"`
	Updated time.Time `db:"updated" json:"updated"`
	ViewCount int64 `db:"view_count" json:"-"`
	Title zero.String `db:"title" json:"title"`
	HTMLTitle template.HTML `db:"title" json:"-"`
	Content string `db:"content" json:"body"`
	HTMLContent template.HTML `db:"content" json:"-"`
	HTMLExcerpt template.HTML `db:"content" json:"-"`
	Tags []string `json:"tags"`
	Images []string `json:"images,omitempty"`

	OwnerName string `json:"owner,omitempty"`
	}

	// PublicPost holds properties for a publicly returned post, i.e. a post in
	// a context where the viewer may not be the owner. As such, sensitive
	// metadata for the post is hidden and properties supporting the display of
	// the post are added.
	PublicPost struct {
	*Post
	IsSubdomain bool `json:"-"`
	IsTopLevel bool `json:"-"`
	DisplayDate string `json:"-"`
	Views int64 `json:"views"`
	Owner *PublicUser `json:"-"`
	IsOwner bool `json:"-"`
	Collection *CollectionObj `json:"collection,omitempty"`
	}

	RawPost struct {
	Id, Slug string
	Title string
	Content string
	Views int64
	Font string
	Created time.Time
	IsRTL sql.NullBool
	Language sql.NullString
	OwnerID int64
	CollectionID sql.NullInt64

	Found bool
	Gone bool
	}

	AnonymousAuthPost struct {
	ID string `json:"id"`
	Token string `json:"token"`
	}
	ClaimPostRequest struct {
	*AnonymousAuthPost
	CollectionAlias string `json:"collection"`
	CreateCollection bool `json:"create_collection"`

	// Generated properties
	Slug string `json:"-"`
	}
	ClaimPostResult struct {
	ID string `json:"id,omitempty"`
	Code int `json:"code,omitempty"`
	ErrorMessage string `json:"error_msg,omitempty"`
	Post *PublicPost `json:"post,omitempty"`
	}
	)

	func (p *Post) Direction() string {
	if p.RTL.Valid {
	if p.RTL.Bool {
	return "rtl"
	}
	return "ltr"
	}
	return "auto"
	}

	// DisplayTitle dynamically generates a title from the Post's contents if it
	// doesn't already have an explicit title.
	func (p *Post) DisplayTitle() string {
	if p.Title.String != "" {
	return p.Title.String
	}
	t := friendlyPostTitle(p.Content, p.ID)
	return t
	}

	// PlainDisplayTitle dynamically generates a title from the Post's contents if it
	// doesn't already have an explicit title.
	func (p *Post) PlainDisplayTitle() string {
	if t := stripmd.Strip(p.DisplayTitle()); t != "" {
	return t
	}
	return p.ID
	}

	// FormattedDisplayTitle dynamically generates a title from the Post's contents if it
	// doesn't already have an explicit title.
	func (p *Post) FormattedDisplayTitle() template.HTML {
	if p.HTMLTitle != "" {
	return p.HTMLTitle
	}
	return template.HTML(p.DisplayTitle())
	}

	// Summary gives a shortened summary of the post based on the post's title,
	// especially for display in a longer list of posts. It extracts a summary for
	// posts in the Title\n\nBody format, returning nothing if the entire was short
	// enough that the extracted title == extracted summary.
	func (p Post) Summary() string {
	if p.Content == "" {
	return ""
	}
	// Strip out HTML
	p.Content = bluemonday.StrictPolicy().Sanitize(p.Content)
	// and Markdown
	p.Content = stripmd.Strip(p.Content)

	title := p.Title.String
	var desc string
	if title == "" {
	// No title, so generate one
	title = friendlyPostTitle(p.Content, p.ID)
	desc = postDescription(p.Content, title, p.ID)
	if desc == title {
	return ""
	}
	return desc
	}

	return shortPostDescription(p.Content)
	}

	// Excerpt shows any text that comes before a (more) tag.
	// TODO: use HTMLExcerpt in templates instead of this method
	func (p *Post) Excerpt() template.HTML {
	return p.HTMLExcerpt
	}

	func (p *Post) CreatedDate() string {
	return p.Created.Format("2006-01-02")
	}

	func (p *Post) Created8601() string {
	return p.Created.Format("2006-01-02T15:04:05Z")
	}

	func (p *Post) IsScheduled() bool {
	return p.Created.After(time.Now())
	}

	func (p *Post) HasTag(tag string) bool {
	// Regexp looks for tag and has a non-capturing group at the end looking
	// for the end of the word.
	// Assisted by: https://stackoverflow.com/a/35192941/1549194
	hasTag, _ := regexp.MatchString("#"+tag+`(?:[[:punct:]]\|\s\|\z)`, p.Content)
	return hasTag
	}

	func (p *Post) HasTitleLink() bool {
	if p.Title.String == "" {
	return false
	}
	hasLink, _ := regexp.MatchString(`([^!]+\|^)\[.+\]$.+$`, p.Title.String)
	return hasLink
	}

	func handleViewPost(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	friendlyID := vars["post"]

	// NOTE: until this is done better, be sure to keep this in parity with
	// isRaw() and viewCollectionPost()
	isJSON := strings.HasSuffix(friendlyID, ".json")
	isXML := strings.HasSuffix(friendlyID, ".xml")
	isCSS := strings.HasSuffix(friendlyID, ".css")
	isMarkdown := strings.HasSuffix(friendlyID, ".md")
	isRaw := strings.HasSuffix(friendlyID, ".txt") \|\| isJSON \|\| isXML \|\| isCSS \|\| isMarkdown

	// Display reserved page if that is requested resource
	if t, ok := pages[r.URL.Path[1:]+".tmpl"]; ok {
	return handleTemplatedPage(app, w, r, t)
	} else if (strings.Contains(r.URL.Path, ".") && !isRaw && !isMarkdown) \|\| r.URL.Path == "/robots.txt" \|\| r.URL.Path == "/manifest.json" {
	// Serve static file
	app.shttp.ServeHTTP(w, r)
	return nil
	}

	// Display collection if this is a collection
	c, _ := app.db.GetCollection(friendlyID)
	if c != nil {
	return impart.HTTPError{http.StatusMovedPermanently, fmt.Sprintf("/%s/", friendlyID)}
	}

	// Normalize the URL, redirecting user to consistent post URL
	if friendlyID != strings.ToLower(friendlyID) {
	return impart.HTTPError{http.StatusMovedPermanently, fmt.Sprintf("/%s", strings.ToLower(friendlyID))}
	}

	ext := ""
	if isRaw {
	parts := strings.Split(friendlyID, ".")
	friendlyID = parts[0]
	if len(parts) > 1 {
	ext = "." + parts[1]
	}
	}

	var ownerID sql.NullInt64
	var title string
	var content string
	var font string
	var language []byte
	var rtl []byte
	var views int64
	var post *AnonymousPost
	var found bool
	var gone bool

	fixedID := slug.Make(friendlyID)
	if fixedID != friendlyID {
	return impart.HTTPError{http.StatusFound, fmt.Sprintf("/%s%s", fixedID, ext)}
	}

	err := app.db.QueryRow(fmt.Sprintf("SELECT owner_id, title, content, text_appearance, view_count, language, rtl FROM posts WHERE id = ?"), friendlyID).Scan(&ownerID, &title, &content, &font, &views, &language, &rtl)
	switch {
	case err == sql.ErrNoRows:
	found = false

	// Output the error in the correct format
	if isJSON {
	content = "{\"error\": \"Post not found.\"}"
	} else if isRaw {
	content = "Post not found."
	} else {
	return ErrPostNotFound
	}
	case err != nil:
	found = false

	log.Error("Post loading err: %s\n", err)
	return ErrInternalGeneral
	default:
	found = true

	var d string
	if len(rtl) == 0 {
	d = "auto"
	} else if rtl[0] == 49 {
	// TODO: find a cleaner way to get this (possibly NULL) value
	d = "rtl"
	} else {
	d = "ltr"
	}
	generatedTitle := friendlyPostTitle(content, friendlyID)
	sanitizedContent := content
	if font != "code" {
	sanitizedContent = template.HTMLEscapeString(content)
	}
	var desc string
	if title == "" {
	desc = postDescription(content, title, friendlyID)
	} else {
	desc = shortPostDescription(content)
	}
	post = &AnonymousPost{
	ID: friendlyID,
	Content: sanitizedContent,
	Title: title,
	GenTitle: generatedTitle,
	Description: desc,
	Author: "",
	Font: font,
	IsPlainText: isRaw,
	IsCode: font == "code",
	IsLinkable: font != "code",
	Views: views,
	Language: string(language),
	Direction: d,
	}
	if !isRaw {
	post.HTMLContent = template.HTML(applyMarkdown([]byte(content), "", app.cfg))
	}
	}

	suspended, err := app.db.IsUserSuspended(ownerID.Int64)
	if err != nil {
	log.Error("view post: %v", err)
	return ErrInternalGeneral
	}

	// Check if post has been unpublished
	if content == "" {
	gone = true

	if isJSON {
	content = "{\"error\": \"Post was unpublished.\"}"
	} else if isCSS {
	content = ""
	} else if isRaw {
	content = "Post was unpublished."
	} else {
	return ErrPostUnpublished
	}
	}

	var u = &User{}
	if isRaw {
	contentType := "text/plain"
	if isJSON {
	contentType = "application/json"
	} else if isCSS {
	contentType = "text/css"
	} else if isXML {
	contentType = "application/xml"
	} else if isMarkdown {
	contentType = "text/markdown"
	}
	w.Header().Set("Content-Type", fmt.Sprintf("%s; charset=utf-8", contentType))
	if isMarkdown && post.Title != "" {
	fmt.Fprintf(w, "%s\n", post.Title)
	for i := 1; i <= len(post.Title); i++ {
	fmt.Fprintf(w, "=")
	}
	fmt.Fprintf(w, "\n\n")
	}
	fmt.Fprint(w, content)

	if !found {
	return ErrPostNotFound
	} else if gone {
	return ErrPostUnpublished
	}
	} else {
	var err error
	page := struct {
	*AnonymousPost
	page.StaticPage
	Username string
	IsOwner bool
	SiteURL string
	Suspended bool
	}{
	AnonymousPost: post,
	StaticPage: pageForReq(app, r),
	SiteURL: app.cfg.App.Host,
	}
	if u = getUserSession(app, r); u != nil {
	page.Username = u.Username
	page.IsOwner = ownerID.Valid && ownerID.Int64 == u.ID
	}

	if !page.IsOwner && suspended {
	return ErrPostNotFound
	}
	page.Suspended = suspended
	err = templates["post"].ExecuteTemplate(w, "post", page)
	if err != nil {
	log.Error("Post template execute error: %v", err)
	}
	}

	go func() {
	if u != nil && ownerID.Valid && ownerID.Int64 == u.ID {
	// Post is owned by someone; skip view increment since that person is viewing this post.
	return
	}
	// Update stats for non-raw post views
	if !isRaw && r.Method != "HEAD" && !bots.IsBot(r.UserAgent()) {
	_, err := app.db.Exec("UPDATE posts SET view_count = view_count + 1 WHERE id = ?", friendlyID)
	if err != nil {
	log.Error("Unable to update posts count: %v", err)
	}
	}
	}()

	return nil
	}

	// API v2 funcs
	// newPost creates a new post with or without an owning Collection.
	//
	// Endpoints:
	// /posts
	// /posts?collection={alias}
	// ? /collections/{alias}/posts
	func newPost(app App, w http.ResponseWriter, r http.Request) error {
	reqJSON := IsJSON(r)
	vars := mux.Vars(r)
	collAlias := vars["alias"]
	if collAlias == "" {
	collAlias = r.FormValue("collection")
	}
	accessToken := r.Header.Get("Authorization")
	if accessToken == "" {
	// TODO: remove this
	accessToken = r.FormValue("access_token")
	}

	// FIXME: determine web submission with Content-Type header
	var u *User
	var userID int64 = -1
	var username string
	if accessToken == "" {
	u = getUserSession(app, r)
	if u != nil {
	userID = u.ID
	username = u.Username
	}
	} else {
	userID = app.db.GetUserID(accessToken)
	}
	suspended, err := app.db.IsUserSuspended(userID)
	if err != nil {
	log.Error("new post: %v", err)
	return ErrInternalGeneral
	}
	if suspended {
	return ErrUserSuspended
	}

	if userID == -1 {
	return ErrNotLoggedIn
	}

	if accessToken == "" && u == nil && collAlias != "" {
	return impart.HTTPError{http.StatusBadRequest, "Parameter `access_token` required."}
	}

	// Get post data
	var p *SubmittedPost
	if reqJSON {
	decoder := json.NewDecoder(r.Body)
	err = decoder.Decode(&p)
	if err != nil {
	log.Error("Couldn't parse new post JSON request: %v\n", err)
	return ErrBadJSON
	}
	if p.Title == nil {
	t := ""
	p.Title = &t
	}
	if strings.TrimSpace(*(p.Content)) == "" {
	return ErrNoPublishableContent
	}
	} else {
	post := r.FormValue("body")
	appearance := r.FormValue("font")
	title := r.FormValue("title")
	rtlValue := r.FormValue("rtl")
	langValue := r.FormValue("lang")
	if strings.TrimSpace(post) == "" {
	return ErrNoPublishableContent
	}

	var isRTL, rtlValid bool
	if rtlValue == "auto" && langValue != "" {
	isRTL = i18n.LangIsRTL(langValue)
	rtlValid = true
	} else {
	isRTL = rtlValue == "true"
	rtlValid = rtlValue != "" && langValue != ""
	}

	// Create a new post
	p = &SubmittedPost{
	Title: &title,
	Content: &post,
	Font: appearance,
	IsRTL: converter.NullJSONBool{sql.NullBool{Bool: isRTL, Valid: rtlValid}},
	Language: converter.NullJSONString{sql.NullString{String: langValue, Valid: langValue != ""}},
	}
	}
	if !p.isFontValid() {
	p.Font = "norm"
	}

	var newPost *PublicPost = &PublicPost{}
	var coll *Collection
	if accessToken != "" {
	newPost, err = app.db.CreateOwnedPost(p, accessToken, collAlias, app.cfg.App.Host)
	} else {
	//return ErrNotLoggedIn
	// TODO: verify user is logged in
	var collID int64
	if collAlias != "" {
	coll, err = app.db.GetCollection(collAlias)
	if err != nil {
	return err
	}
	coll.hostName = app.cfg.App.Host
	if coll.OwnerID != u.ID {
	return ErrForbiddenCollection
	}
	collID = coll.ID
	}
	// TODO: return PublicPost from createPost
	newPost.Post, err = app.db.CreatePost(userID, collID, p)
	}
	if err != nil {
	return err
	}
	if coll != nil {
	coll.ForPublic()
	newPost.Collection = &CollectionObj{Collection: *coll}
	}

	newPost.extractData()
	newPost.OwnerName = username

	// Write success now
	response := impart.WriteSuccess(w, newPost, http.StatusCreated)

	if newPost.Collection != nil && !app.cfg.App.Private && app.cfg.App.Federation && !newPost.Created.After(time.Now()) {
	go federatePost(app, newPost, newPost.Collection.ID, false)
	}

	return response
	}

	func existingPost(app App, w http.ResponseWriter, r http.Request) error {
	reqJSON := IsJSON(r)
	vars := mux.Vars(r)
	postID := vars["post"]

	p := AuthenticatedPost{ID: postID}
	var err error

	if reqJSON {
	// Decode JSON request
	decoder := json.NewDecoder(r.Body)
	err = decoder.Decode(&p)
	if err != nil {
	log.Error("Couldn't parse post update JSON request: %v\n", err)
	return ErrBadJSON
	}
	} else {
	err = r.ParseForm()
	if err != nil {
	log.Error("Couldn't parse post update form request: %v\n", err)
	return ErrBadFormData
	}

	// Can't decode to a nil SubmittedPost property, so create instance now
	p.SubmittedPost = &SubmittedPost{}
	err = app.formDecoder.Decode(&p, r.PostForm)
	if err != nil {
	log.Error("Couldn't decode post update form request: %v\n", err)
	return ErrBadFormData
	}
	}

	if p.Web {
	p.IsRTL.Valid = true
	}

	if p.SubmittedPost == nil {
	return ErrPostNoUpdatableVals
	}

	// Ensure an access token was given
	accessToken := r.Header.Get("Authorization")
	// Get user's cookie session if there's no token
	var u *User
	//var username string
	if accessToken == "" {
	u = getUserSession(app, r)
	if u != nil {
	//username = u.Username
	}
	}
	if u == nil && accessToken == "" {
	return ErrNoAccessToken
	}

	// Get user ID from current session or given access token, if one was given.
	var userID int64
	if u != nil {
	userID = u.ID
	} else if accessToken != "" {
	userID, err = AuthenticateUser(app.db, accessToken)
	if err != nil {
	return err
	}
	}

	suspended, err := app.db.IsUserSuspended(userID)
	if err != nil {
	log.Error("existing post: %v", err)
	return ErrInternalGeneral
	}
	if suspended {
	return ErrUserSuspended
	}

	// Modify post struct
	p.ID = postID

	err = app.db.UpdateOwnedPost(&p, userID)
	if err != nil {
	if reqJSON {
	return err
	}

	if err, ok := err.(impart.HTTPError); ok {
	addSessionFlash(app, w, r, err.Message, nil)
	} else {
	addSessionFlash(app, w, r, err.Error(), nil)
	}
	}

	var pRes *PublicPost
	pRes, err = app.db.GetPost(p.ID, 0)
	if reqJSON {
	if err != nil {
	return err
	}
	pRes.extractData()
	}

	if pRes.CollectionID.Valid {
	coll, err := app.db.GetCollectionBy("id = ?", pRes.CollectionID.Int64)
	if err == nil && !app.cfg.App.Private && app.cfg.App.Federation {
	coll.hostName = app.cfg.App.Host
	pRes.Collection = &CollectionObj{Collection: *coll}
	go federatePost(app, pRes, pRes.Collection.ID, true)
	}
	}

	// Write success now
	if reqJSON {
	return impart.WriteSuccess(w, pRes, http.StatusOK)
	}

	addSessionFlash(app, w, r, "Changes saved.", nil)
	collectionAlias := vars["alias"]
	redirect := "/" + postID + "/meta"
	if collectionAlias != "" {
	collPre := "/" + collectionAlias
	if app.cfg.App.SingleUser {
	collPre = ""
	}
	redirect = collPre + "/" + pRes.Slug.String + "/edit/meta"
	} else {
	if app.cfg.App.SingleUser {
	redirect = "/d" + redirect
	}
	}
	w.Header().Set("Location", redirect)
	w.WriteHeader(http.StatusFound)

	return nil
	}

	func deletePost(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	friendlyID := vars["post"]
	editToken := r.FormValue("token")

	var ownerID int64
	var u *User
	accessToken := r.Header.Get("Authorization")
	if accessToken == "" && editToken == "" {
	u = getUserSession(app, r)
	if u == nil {
	return ErrNoAccessToken
	}
	}

	var res sql.Result
	var t *sql.Tx
	var err error
	var collID sql.NullInt64
	var coll *Collection
	var pp *PublicPost
	if editToken != "" {
	// TODO: SELECT owner_id, as well, and return appropriate error if NULL instead of running two queries
	var dummy int64
	err = app.db.QueryRow("SELECT 1 FROM posts WHERE id = ?", friendlyID).Scan(&dummy)
	switch {
	case err == sql.ErrNoRows:
	return impart.HTTPError{http.StatusNotFound, "Post not found."}
	}
	err = app.db.QueryRow("SELECT 1 FROM posts WHERE id = ? AND owner_id IS NULL", friendlyID).Scan(&dummy)
	switch {
	case err == sql.ErrNoRows:
	// Post already has an owner. This could provide a bad experience
	// for the user, but it's more important to ensure data isn't lost
	// unexpectedly. So prevent deletion via token.
	return impart.HTTPError{http.StatusConflict, "This post belongs to some user (hopefully yours). Please log in and delete it from that user's account."}
	}
	res, err = app.db.Exec("DELETE FROM posts WHERE id = ? AND modify_token = ? AND owner_id IS NULL", friendlyID, editToken)
	} else if accessToken != "" \|\| u != nil {
	// Caller provided some way to authenticate; assume caller expects the
	// post to be deleted based on a specific post owner, thus we should
	// return corresponding errors.
	if accessToken != "" {
	ownerID = app.db.GetUserID(accessToken)
	if ownerID == -1 {
	return ErrBadAccessToken
	}
	} else {
	ownerID = u.ID
	}

	// TODO: don't make two queries
	var realOwnerID sql.NullInt64
	err = app.db.QueryRow("SELECT collection_id, owner_id FROM posts WHERE id = ?", friendlyID).Scan(&collID, &realOwnerID)
	if err != nil {
	return err
	}
	if !collID.Valid {
	// There's no collection; simply delete the post
	res, err = app.db.Exec("DELETE FROM posts WHERE id = ? AND owner_id = ?", friendlyID, ownerID)
	} else {
	// Post belongs to a collection; do any additional clean up
	coll, err = app.db.GetCollectionBy("id = ?", collID.Int64)
	if err != nil {
	log.Error("Unable to get collection: %v", err)
	return err
	}
	if app.cfg.App.Federation {
	// First fetch full post for federation
	pp, err = app.db.GetOwnedPost(friendlyID, ownerID)
	if err != nil {
	log.Error("Unable to get owned post: %v", err)
	return err
	}
	collObj := &CollectionObj{Collection: *coll}
	pp.Collection = collObj
	}

	t, err = app.db.Begin()
	if err != nil {
	log.Error("No begin: %v", err)
	return err
	}
	res, err = t.Exec("DELETE FROM posts WHERE id = ? AND owner_id = ?", friendlyID, ownerID)
	}
	} else {
	return impart.HTTPError{http.StatusBadRequest, "No authenticated user or post token given."}
	}
	if err != nil {
	return err
	}

	affected, err := res.RowsAffected()
	if err != nil {
	if t != nil {
	t.Rollback()
	log.Error("Rows affected err! Rolling back")
	}
	return err
	} else if affected == 0 {
	if t != nil {
	t.Rollback()
	log.Error("No rows affected! Rolling back")
	}
	return impart.HTTPError{http.StatusForbidden, "Post not found, or you're not the owner."}
	}
	if t != nil {
	t.Commit()
	}
	if coll != nil && !app.cfg.App.Private && app.cfg.App.Federation {
	go deleteFederatedPost(app, pp, collID.Int64)
	}

	return impart.HTTPError{Status: http.StatusNoContent}
	}

	// addPost associates a post with the authenticated user.
	func addPost(app App, w http.ResponseWriter, r http.Request) error {
	var ownerID int64

	// Authenticate user
	at := r.Header.Get("Authorization")
	if at != "" {
	ownerID = app.db.GetUserID(at)
	if ownerID == -1 {
	return ErrBadAccessToken
	}
	} else {
	u := getUserSession(app, r)
	if u == nil {
	return ErrNotLoggedIn
	}
	ownerID = u.ID
	}

	suspended, err := app.db.IsUserSuspended(ownerID)
	if err != nil {
	log.Error("add post: %v", err)
	return ErrInternalGeneral
	}
	if suspended {
	return ErrUserSuspended
	}

	// Parse claimed posts in format:
	// [{"id": "...", "token": "..."}]
	var claims *[]ClaimPostRequest
	decoder := json.NewDecoder(r.Body)
	err = decoder.Decode(&claims)
	if err != nil {
	return ErrBadJSONArray
	}

	vars := mux.Vars(r)
	collAlias := vars["alias"]

	// Update all given posts
	res, err := app.db.ClaimPosts(app.cfg, ownerID, collAlias, claims)
	if err != nil {
	return err
	}

	if !app.cfg.App.Private && app.cfg.App.Federation {
	for _, pRes := range *res {
	if pRes.Code != http.StatusOK {
	continue
	}
	if !pRes.Post.Created.After(time.Now()) {
	pRes.Post.Collection.hostName = app.cfg.App.Host
	go federatePost(app, pRes.Post, pRes.Post.Collection.ID, false)
	}
	}
	}
	return impart.WriteSuccess(w, res, http.StatusOK)
	}

	func dispersePost(app App, w http.ResponseWriter, r http.Request) error {
	var ownerID int64

	// Authenticate user
	at := r.Header.Get("Authorization")
	if at != "" {
	ownerID = app.db.GetUserID(at)
	if ownerID == -1 {
	return ErrBadAccessToken
	}
	} else {
	u := getUserSession(app, r)
	if u == nil {
	return ErrNotLoggedIn
	}
	ownerID = u.ID
	}

	// Parse posts in format:
	// ["..."]
	var postIDs []string
	decoder := json.NewDecoder(r.Body)
	err := decoder.Decode(&postIDs)
	if err != nil {
	return ErrBadJSONArray
	}

	// Update all given posts
	res, err := app.db.DispersePosts(ownerID, postIDs)
	if err != nil {
	return err
	}
	return impart.WriteSuccess(w, res, http.StatusOK)
	}

	type (
	PinPostResult struct {
	ID string `json:"id,omitempty"`
	Code int `json:"code,omitempty"`
	ErrorMessage string `json:"error_msg,omitempty"`
	}
	)

	// pinPost pins a post to a blog
	func pinPost(app App, w http.ResponseWriter, r http.Request) error {
	var userID int64

	// Authenticate user
	at := r.Header.Get("Authorization")
	if at != "" {
	userID = app.db.GetUserID(at)
	if userID == -1 {
	return ErrBadAccessToken
	}
	} else {
	u := getUserSession(app, r)
	if u == nil {
	return ErrNotLoggedIn
	}
	userID = u.ID
	}

	suspended, err := app.db.IsUserSuspended(userID)
	if err != nil {
	log.Error("pin post: %v", err)
	return ErrInternalGeneral
	}
	if suspended {
	return ErrUserSuspended
	}

	// Parse request
	var posts []struct {
	ID string `json:"id"`
	Position int64 `json:"position"`
	}
	decoder := json.NewDecoder(r.Body)
	err = decoder.Decode(&posts)
	if err != nil {
	return ErrBadJSONArray
	}

	// Validate data
	vars := mux.Vars(r)
	collAlias := vars["alias"]

	coll, err := app.db.GetCollection(collAlias)
	if err != nil {
	return err
	}
	if coll.OwnerID != userID {
	return ErrForbiddenCollection
	}

	// Do (un)pinning
	isPinning := r.URL.Path[strings.LastIndex(r.URL.Path, "/"):] == "/pin"
	res := []PinPostResult{}
	for _, p := range posts {
	err = app.db.UpdatePostPinState(isPinning, p.ID, coll.ID, userID, p.Position)
	ppr := PinPostResult{ID: p.ID}
	if err != nil {
	ppr.Code = http.StatusInternalServerError
	// TODO: set error messsage
	} else {
	ppr.Code = http.StatusOK
	}
	res = append(res, ppr)
	}
	return impart.WriteSuccess(w, res, http.StatusOK)
	}

	func fetchPost(app App, w http.ResponseWriter, r http.Request) error {
	var collID int64
	var coll *Collection
	var err error
	vars := mux.Vars(r)
	if collAlias := vars["alias"]; collAlias != "" {
	// Fetch collection information, since an alias is provided
	coll, err = app.db.GetCollection(collAlias)
	if err != nil {
	return err
	}
	collID = coll.ID
	}

	p, err := app.db.GetPost(vars["post"], collID)
	if err != nil {
	return err
	}
	if coll == nil && p.CollectionID.Valid {
	// Collection post is getting fetched by post ID, not coll alias + post slug, so get coll info now.
	coll, err = app.db.GetCollectionByID(p.CollectionID.Int64)
	if err != nil {
	return err
	}
	}
	if coll != nil {
	coll.hostName = app.cfg.App.Host
	_, err = apiCheckCollectionPermissions(app, r, coll)
	if err != nil {
	return err
	}
	}

	suspended, err := app.db.IsUserSuspended(p.OwnerID.Int64)
	if err != nil {
	log.Error("fetch post: %v", err)
	return ErrInternalGeneral
	}
	if suspended {
	return ErrPostNotFound
	}

	p.extractData()

	accept := r.Header.Get("Accept")
	if strings.Contains(accept, "application/activity+json") {
	if coll == nil {
	// This is a draft post; 404 for now
	// TODO: return ActivityObject
	return impart.HTTPError{http.StatusNotFound, ""}
	}

	p.Collection = &CollectionObj{Collection: *coll}
	po := p.ActivityObject(app.cfg)
	po.Context = []interface{}{activitystreams.Namespace}
	return impart.RenderActivityJSON(w, po, http.StatusOK)
	}

	return impart.WriteSuccess(w, p, http.StatusOK)
	}

	func fetchPostProperty(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	p, err := app.db.GetPostProperty(vars["post"], 0, vars["property"])
	if err != nil {
	return err
	}

	return impart.WriteSuccess(w, p, http.StatusOK)
	}

	func (p *Post) processPost() PublicPost {
	res := &PublicPost{Post: p, Views: 0}
	res.Views = p.ViewCount
	// TODO: move to own function
	loc := monday.FuzzyLocale(p.Language.String)
	res.DisplayDate = monday.Format(p.Created, monday.LongFormatsByLocale[loc], loc)

	return *res
	}

	func (p *PublicPost) CanonicalURL(hostName string) string {
	if p.Collection == nil \|\| p.Collection.Alias == "" {
	return hostName + "/" + p.ID
	}
	return p.Collection.CanonicalURL() + p.Slug.String
	}

	func (p PublicPost) ActivityObject(cfg config.Config) *activitystreams.Object {
	o := activitystreams.NewArticleObject()
	o.ID = p.Collection.FederatedAPIBase() + "api/posts/" + p.ID
	o.Published = p.Created
	o.URL = p.CanonicalURL(cfg.App.Host)
	o.AttributedTo = p.Collection.FederatedAccount()
	o.CC = []string{
	p.Collection.FederatedAccount() + "/followers",
	}
	o.Name = p.DisplayTitle()
	if p.HTMLContent == template.HTML("") {
	p.formatContent(cfg, false)
	}
	o.Content = string(p.HTMLContent)
	if p.Language.Valid {
	o.ContentMap = map[string]string{
	p.Language.String: string(p.HTMLContent),
	}
	}
	if len(p.Tags) == 0 {
	o.Tag = []activitystreams.Tag{}
	} else {
	var tagBaseURL string
	if isSingleUser {
	tagBaseURL = p.Collection.CanonicalURL() + "tag:"
	} else {
	if cfg.App.Chorus {
	tagBaseURL = fmt.Sprintf("%s/read/t/", p.Collection.hostName)
	} else {
	tagBaseURL = fmt.Sprintf("%s/%s/tag:", p.Collection.hostName, p.Collection.Alias)
	}
	}
	for _, t := range p.Tags {
	o.Tag = append(o.Tag, activitystreams.Tag{
	Type: activitystreams.TagHashtag,
	HRef: tagBaseURL + t,
	Name: "#" + t,
	})
	}
	}
	return o
	}

	// TODO: merge this into getSlugFromPost or phase it out
	func getSlug(title, lang string) string {
	return getSlugFromPost("", title, lang)
	}

	func getSlugFromPost(title, body, lang string) string {
	if title == "" {
	title = postTitle(body, body)
	}
	title = parse.PostLede(title, false)
	// Truncate lede if needed
	title, _ = parse.TruncToWord(title, 80)
	var s string
	if lang != "" && len(lang) == 2 {
	s = slug.MakeLang(title, lang)
	} else {
	s = slug.Make(title)
	}

	// Transliteration may cause the slug to expand past the limit, so truncate again
	s, _ = parse.TruncToWord(s, 80)
	return strings.TrimFunc(s, func(r rune) bool {
	// TruncToWord doesn't respect words in a slug, since spaces are replaced
	// with hyphens. So remove any trailing hyphens.
	return r == '-'
	})
	}

	// isFontValid returns whether or not the submitted post's appearance is valid.
	func (p *SubmittedPost) isFontValid() bool {
	validFonts := map[string]bool{
	"norm": true,
	"sans": true,
	"mono": true,
	"wrap": true,
	"code": true,
	}

	_, valid := validFonts[p.Font]
	return valid
	}

	func getRawPost(app App, friendlyID string) RawPost {
	var content, font, title string
	var isRTL sql.NullBool
	var lang sql.NullString
	var ownerID sql.NullInt64
	var created time.Time

	err := app.db.QueryRow("SELECT title, content, text_appearance, language, rtl, created, owner_id FROM posts WHERE id = ?", friendlyID).Scan(&title, &content, &font, &lang, &isRTL, &created, &ownerID)
	switch {
	case err == sql.ErrNoRows:
	return &RawPost{Content: "", Found: false, Gone: false}
	case err != nil:
	return &RawPost{Content: "", Found: true, Gone: false}
	}

	return &RawPost{Title: title, Content: content, Font: font, Created: created, IsRTL: isRTL, Language: lang, OwnerID: ownerID.Int64, Found: true, Gone: content == ""}

	}

	// TODO; return a Post!
	func getRawCollectionPost(app App, slug, collAlias string) RawPost {
	var id, title, content, font string
	var isRTL sql.NullBool
	var lang sql.NullString
	var created time.Time
	var ownerID null.Int
	var views int64
	var err error

	if app.cfg.App.SingleUser {
	err = app.db.QueryRow("SELECT id, title, content, text_appearance, language, rtl, view_count, created, owner_id FROM posts WHERE slug = ? AND collection_id = 1", slug).Scan(&id, &title, &content, &font, &lang, &isRTL, &views, &created, &ownerID)
	} else {
	err = app.db.QueryRow("SELECT id, title, content, text_appearance, language, rtl, view_count, created, owner_id FROM posts WHERE slug = ? AND collection_id = (SELECT id FROM collections WHERE alias = ?)", slug, collAlias).Scan(&id, &title, &content, &font, &lang, &isRTL, &views, &created, &ownerID)
	}
	switch {
	case err == sql.ErrNoRows:
	return &RawPost{Content: "", Found: false, Gone: false}
	case err != nil:
	return &RawPost{Content: "", Found: true, Gone: false}
	}

	return &RawPost{
	Id: id,
	Slug: slug,
	Title: title,
	Content: content,
	Font: font,
	Created: created,
	IsRTL: isRTL,
	Language: lang,
	OwnerID: ownerID.Int64,
	Found: true,
	Gone: content == "",
	Views: views,
	}
	}

	func isRaw(r *http.Request) bool {
	vars := mux.Vars(r)
	slug := vars["slug"]

	// NOTE: until this is done better, be sure to keep this in parity with
	// isRaw in viewCollectionPost() and handleViewPost()
	isJSON := strings.HasSuffix(slug, ".json")
	isXML := strings.HasSuffix(slug, ".xml")
	isMarkdown := strings.HasSuffix(slug, ".md")
	return strings.HasSuffix(slug, ".txt") \|\| isJSON \|\| isXML \|\| isMarkdown
	}

	func viewCollectionPost(app App, w http.ResponseWriter, r http.Request) error {
	vars := mux.Vars(r)
	slug := vars["slug"]

	// NOTE: until this is done better, be sure to keep this in parity with
	// isRaw() and handleViewPost()
	isJSON := strings.HasSuffix(slug, ".json")
	isXML := strings.HasSuffix(slug, ".xml")
	isMarkdown := strings.HasSuffix(slug, ".md")
	isRaw := strings.HasSuffix(slug, ".txt") \|\| isJSON \|\| isXML \|\| isMarkdown

	cr := &collectionReq{}
	err := processCollectionRequest(cr, vars, w, r)
	if err != nil {
	return err
	}

	// Check for hellbanned users
	u, err := checkUserForCollection(app, cr, r, true)
	if err != nil {
	return err
	}

	// Normalize the URL, redirecting user to consistent post URL
	if slug != strings.ToLower(slug) {
	loc := fmt.Sprintf("/%s", strings.ToLower(slug))
	if !app.cfg.App.SingleUser {
	loc = "/" + cr.alias + loc
	}
	return impart.HTTPError{http.StatusMovedPermanently, loc}
	}

	// Display collection if this is a collection
	var c *Collection
	if app.cfg.App.SingleUser {
	c, err = app.db.GetCollectionByID(1)
	} else {
	c, err = app.db.GetCollection(cr.alias)
	}
	if err != nil {
	if err, ok := err.(impart.HTTPError); ok {
	if err.Status == http.StatusNotFound {
	// Redirect if necessary
	newAlias := app.db.GetCollectionRedirect(cr.alias)
	if newAlias != "" {
	return impart.HTTPError{http.StatusFound, "/" + newAlias + "/" + slug}
	}
	}
	}
	return err
	}
	c.hostName = app.cfg.App.Host

	suspended, err := app.db.IsUserSuspended(c.OwnerID)
	if err != nil {
	log.Error("view collection post: %v", err)
	return ErrInternalGeneral
	}

	// Check collection permissions
	if c.IsPrivate() && (u == nil \|\| u.ID != c.OwnerID) {
	return ErrPostNotFound
	}
	- if c.IsProtected() && ((u == nil \|\| u.ID != c.OwnerID) && !isAuthorizedForCollection(app, c.Alias, r)) {
	- return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug}
	+ if c.IsProtected() && (u == nil \|\| u.ID != c.OwnerID) {
	+ if suspended {
	+ return ErrPostNotFound
	+ } else if !isAuthorizedForCollection(app, c.Alias, r) {
	+ return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/?g=" + slug}
	+ }
	}

	cr.isCollOwner = u != nil && c.OwnerID == u.ID

	if isRaw {
	slug = strings.Split(slug, ".")[0]
	}

	// Fetch extra data about the Collection
	// TODO: refactor out this logic, shared in collection.go:fetchCollection()
	coll := &CollectionObj{Collection: *c}
	owner, err := app.db.GetUserByID(coll.OwnerID)
	if err != nil {
	// Log the error and just continue
	log.Error("Error getting user for collection: %v", err)
	} else {
	coll.Owner = owner
	}

	postFound := true
	p, err := app.db.GetPost(slug, coll.ID)
	if err != nil {
	if err == ErrCollectionPageNotFound {
	postFound = false

	if slug == "feed" {
	// User tried to access blog feed without a trailing slash, and
	// there's no post with a slug "feed"
	return impart.HTTPError{http.StatusFound, c.CanonicalURL() + "/feed/"}
	}

	po := &Post{
	Slug: null.NewString(slug, true),
	Font: "norm",
	Language: zero.NewString("en", true),
	RTL: zero.NewBool(false, true),
	Content: `<p class="msg">This page is missing.</p>

	Are you sure it was ever here?`,
	}
	pp := po.processPost()
	p = &pp
	} else {
	return err
	}
	}
	p.IsOwner = owner != nil && p.OwnerID.Valid && owner.ID == p.OwnerID.Int64
	p.Collection = coll
	p.IsTopLevel = app.cfg.App.SingleUser

	if !p.IsOwner && suspended {
	return ErrPostNotFound
	}
	// Check if post has been unpublished
	if p.Content == "" && p.Title.String == "" {
	return impart.HTTPError{http.StatusGone, "Post was unpublished."}
	}

	// Serve collection post
	if isRaw {
	contentType := "text/plain"
	if isJSON {
	contentType = "application/json"
	} else if isXML {
	contentType = "application/xml"
	} else if isMarkdown {
	contentType = "text/markdown"
	}
	w.Header().Set("Content-Type", fmt.Sprintf("%s; charset=utf-8", contentType))
	if !postFound {
	w.WriteHeader(http.StatusNotFound)
	fmt.Fprintf(w, "Post not found.")
	// TODO: return error instead, so status is correctly reflected in logs
	return nil
	}
	if isMarkdown && p.Title.String != "" {
	fmt.Fprintf(w, "# %s\n\n", p.Title.String)
	}
	fmt.Fprint(w, p.Content)
	} else if strings.Contains(r.Header.Get("Accept"), "application/activity+json") {
	if !postFound {
	return ErrCollectionPageNotFound
	}
	p.extractData()
	ap := p.ActivityObject(app.cfg)
	ap.Context = []interface{}{activitystreams.Namespace}
	return impart.RenderActivityJSON(w, ap, http.StatusOK)
	} else {
	p.extractData()
	p.Content = strings.Replace(p.Content, "<!--more-->", "", 1)
	// TODO: move this to function
	p.formatContent(app.cfg, cr.isCollOwner)
	tp := struct {
	*PublicPost
	page.StaticPage
	IsOwner bool
	IsPinned bool
	IsCustomDomain bool
	PinnedPosts *[]PublicPost
	IsFound bool
	IsAdmin bool
	CanInvite bool
	Suspended bool
	}{
	PublicPost: p,
	StaticPage: pageForReq(app, r),
	IsOwner: cr.isCollOwner,
	IsCustomDomain: cr.isCustomDomain,
	IsFound: postFound,
	Suspended: suspended,
	}
	tp.IsAdmin = u != nil && u.IsAdmin()
	tp.CanInvite = canUserInvite(app.cfg, tp.IsAdmin)
	tp.PinnedPosts, _ = app.db.GetPinnedPosts(coll, p.IsOwner)
	tp.IsPinned = len(*tp.PinnedPosts) > 0 && PostsContains(tp.PinnedPosts, p)

	if !postFound {
	w.WriteHeader(http.StatusNotFound)
	}
	postTmpl := "collection-post"
	if app.cfg.App.Chorus {
	postTmpl = "chorus-collection-post"
	}
	if err := templates[postTmpl].ExecuteTemplate(w, "post", tp); err != nil {
	log.Error("Error in collection-post template: %v", err)
	}
	}

	go func() {
	if p.OwnerID.Valid {
	// Post is owned by someone. Don't update stats if owner is viewing the post.
	if u != nil && p.OwnerID.Int64 == u.ID {
	return
	}
	}
	// Update stats for non-raw post views
	if !isRaw && r.Method != "HEAD" && !bots.IsBot(r.UserAgent()) {
	_, err := app.db.Exec("UPDATE posts SET view_count = view_count + 1 WHERE slug = ? AND collection_id = ?", slug, coll.ID)
	if err != nil {
	log.Error("Unable to update posts count: %v", err)
	}
	}
	}()

	return nil
	}

	// TODO: move this to utils after making it more generic
	func PostsContains(sl []PublicPost, s PublicPost) bool {
	for _, e := range *sl {
	if e.ID == s.ID {
	return true
	}
	}
	return false
	}

	func (p *Post) extractData() {
	p.Tags = tags.Extract(p.Content)
	p.extractImages()
	}

	func (rp *RawPost) UserFacingCreated() string {
	return rp.Created.Format(postMetaDateFormat)
	}

	func (rp *RawPost) Created8601() string {
	return rp.Created.Format("2006-01-02T15:04:05Z")
	}

	var imageURLRegex = regexp.MustCompile(`(?i)^https?:\/\/[^ ]*\.(gif\|png\|jpg\|jpeg\|image)$`)

	func (p *Post) extractImages() {
	matches := extract.ExtractUrls(p.Content)
	urls := map[string]bool{}
	for i := range matches {
	u := matches[i].Text
	if !imageURLRegex.MatchString(u) {
	continue
	}
	urls[u] = true
	}

	resURLs := make([]string, 0)
	for k := range urls {
	resURLs = append(resURLs, k)
	}
	p.Images = resURLs
	}
	diff --git a/templates/edit-meta.tmpl b/templates/edit-meta.tmpl
	index 6707e68..49c7781 100644
	--- a/templates/edit-meta.tmpl
	+++ b/templates/edit-meta.tmpl
	@@ -1,374 +1,374 @@
	{{define "edit-meta"}}<!DOCTYPE HTML>
	<html>
	<head>

	<title>Edit metadata: {{if .Post.Title}}{{.Post.Title}}{{else}}{{.Post.Id}}{{end}} — {{.SiteName}}</title>

	<link rel="stylesheet" type="text/css" href="/css/write.css" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
	<style type="text/css">
	dt {
	width: 8em;
	}
	.error {
	display: none;
	}
	.mono {
	font-style: normal;
	}
	#set-now {
	font-style: italic;
	margin-left: 0.25rem;
	}
	.content-container h2 a {
	font-size: .6em;
	font-weight: normal;
	margin-left: 1em;
	}
	.content-container h2 a:link, .content-container h2 a:visited {
	color: blue;
	}
	.content-container h2 a:hover {
	text-decoration: underline;
	}
	</style>

	</head>
	<body id="pad-sub" class="light">

	<header id="tools">
	<div id="clip">
	<h1><a href="/me/c/" title="View blogs"><img class="ic-24dp" src="/img/ic_blogs_dark@2x.png" /></a></h1>
	<nav id="target" class=""><ul>
	<li>{{if .EditCollection}}<a href="{{.EditCollection.CanonicalURL}}">{{.EditCollection.Title}}</a>{{else}}<a>Draft</a>{{end}}</li>
	</ul></nav>
	</div>
	<div id="belt">
	<div class="tool if-room"><a href="{{if .EditCollection}}{{.EditCollection.CanonicalURL}}{{.Post.Slug}}/edit{{else}}/{{.Post.Id}}/edit{{end}}" title="Edit post" id="edit"><img class="ic-24dp" src="/img/ic_edit_dark@2x.png" /></a></div>
	<div class="tool if-room room-2"><a href="#theme" title="Toggle theme" id="toggle-theme"><img class="ic-24dp" src="/img/ic_brightness_dark@2x.png" /></a></div>
	<div class="tool if-room room-1"><a href="/me/posts/" title="View posts" id="view-posts"><img class="ic-24dp" src="/img/ic_list_dark@2x.png" /></a></div>
	</div>
	</header>

	<div class="content-container tight">
	<form action="/api/{{if .EditCollection}}collections/{{.EditCollection.Alias}}/{{end}}posts/{{.Post.Id}}" method="post" onsubmit="return updateMeta()">
	<h2>Edit metadata: {{if .Post.Title}}{{.Post.Title}}{{else}}{{.Post.Id}}{{end}} <a href="/{{if .EditCollection}}{{if not .SingleUser}}{{.EditCollection.Alias}}/{{end}}{{.Post.Slug}}{{else}}{{if .SingleUser}}d/{{end}}{{.Post.Id}}{{end}}">view post</a></h2>

	{{if .Flashes}}<ul class="errors">
	{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
	</ul>{{end}}

	<dl class="dl-horizontal">
	{{if .EditCollection}}
	<dt><label for="slug">Slug</label></dt>
	<dd><input type="text" id="slug" name="slug" value="{{.Post.Slug}}" /></dd>
	{{end}}
	<dt><label for="lang">Language</label></dt>
	<dd>
	<select name="lang" id="lang" dir="auto">
	<option value=""></option>
	<option value="ab"{{if eq "ab" .Post.Language.String}} selected="selected"{{end}}>аҧсуа бызшәа, аҧсшәа</option>
	<option value="aa"{{if eq "aa" .Post.Language.String}} selected="selected"{{end}}>Afaraf</option>
	<option value="af"{{if eq "af" .Post.Language.String}} selected="selected"{{end}}>Afrikaans</option>
	<option value="ak"{{if eq "ak" .Post.Language.String}} selected="selected"{{end}}>Akan</option>
	<option value="sq"{{if eq "sq" .Post.Language.String}} selected="selected"{{end}}>Shqip</option>
	<option value="am"{{if eq "am" .Post.Language.String}} selected="selected"{{end}}>አማርኛ</option>
	<option dir="rtl" value="ar"{{if eq "ar" .Post.Language.String}} selected="selected"{{end}}>العربية</option>
	<option value="an"{{if eq "an" .Post.Language.String}} selected="selected"{{end}}>aragonés</option>
	<option value="hy"{{if eq "hy" .Post.Language.String}} selected="selected"{{end}}>Հայերեն</option>
	<option value="as"{{if eq "as" .Post.Language.String}} selected="selected"{{end}}>অসমীয়া</option>
	<option value="av"{{if eq "av" .Post.Language.String}} selected="selected"{{end}}>авар мацӀ, магӀарул мацӀ</option>
	<option value="ae"{{if eq "ae" .Post.Language.String}} selected="selected"{{end}}>avesta</option>
	<option value="ay"{{if eq "ay" .Post.Language.String}} selected="selected"{{end}}>aymar aru</option>
	<option value="az"{{if eq "az" .Post.Language.String}} selected="selected"{{end}}>azərbaycan dili</option>
	<option value="bm"{{if eq "bm" .Post.Language.String}} selected="selected"{{end}}>bamanankan</option>
	<option value="ba"{{if eq "ba" .Post.Language.String}} selected="selected"{{end}}>башҡорт теле</option>
	<option value="eu"{{if eq "eu" .Post.Language.String}} selected="selected"{{end}}>euskara, euskera</option>
	<option value="be"{{if eq "be" .Post.Language.String}} selected="selected"{{end}}>беларуская мова</option>
	<option value="bn"{{if eq "bn" .Post.Language.String}} selected="selected"{{end}}>বাংলা</option>
	<option value="bh"{{if eq "bh" .Post.Language.String}} selected="selected"{{end}}>भोजपुरी</option>
	<option value="bi"{{if eq "bi" .Post.Language.String}} selected="selected"{{end}}>Bislama</option>
	<option value="bs"{{if eq "bs" .Post.Language.String}} selected="selected"{{end}}>bosanski jezik</option>
	<option value="br"{{if eq "br" .Post.Language.String}} selected="selected"{{end}}>brezhoneg</option>
	<option value="bg"{{if eq "bg" .Post.Language.String}} selected="selected"{{end}}>български език</option>
	<option value="my"{{if eq "my" .Post.Language.String}} selected="selected"{{end}}>ဗမာစာ</option>
	<option value="ca"{{if eq "ca" .Post.Language.String}} selected="selected"{{end}}>català</option>
	<option value="ch"{{if eq "ch" .Post.Language.String}} selected="selected"{{end}}>Chamoru</option>
	<option value="ce"{{if eq "ce" .Post.Language.String}} selected="selected"{{end}}>нохчийн мотт</option>
	<option value="ny"{{if eq "ny" .Post.Language.String}} selected="selected"{{end}}>chiCheŵa, chinyanja</option>
	<option value="zh"{{if eq "zh" .Post.Language.String}} selected="selected"{{end}}>中文 (Zhōngwén), 汉语, 漢語</option>
	<option value="cv"{{if eq "cv" .Post.Language.String}} selected="selected"{{end}}>чӑваш чӗлхи</option>
	<option value="kw"{{if eq "kw" .Post.Language.String}} selected="selected"{{end}}>Kernewek</option>
	<option value="co"{{if eq "co" .Post.Language.String}} selected="selected"{{end}}>corsu, lingua corsa</option>
	<option value="cr"{{if eq "cr" .Post.Language.String}} selected="selected"{{end}}>ᓀᐦᐃᔭᐍᐏᐣ</option>
	<option value="hr"{{if eq "hr" .Post.Language.String}} selected="selected"{{end}}>hrvatski jezik</option>
	<option value="cs"{{if eq "cs" .Post.Language.String}} selected="selected"{{end}}>čeština, český jazyk</option>
	<option value="da"{{if eq "da" .Post.Language.String}} selected="selected"{{end}}>dansk</option>
	<option dir="rtl" value="dv"{{if eq "dv" .Post.Language.String}} selected="selected"{{end}}>ދިވެހި</option>
	<option value="nl"{{if eq "nl" .Post.Language.String}} selected="selected"{{end}}>Nederlands, Vlaams</option>
	<option value="dz"{{if eq "dz" .Post.Language.String}} selected="selected"{{end}}>རྫོང་ཁ</option>
	<option value="en"{{if eq "en" .Post.Language.String}} selected="selected"{{end}}>English</option>
	<option value="eo"{{if eq "eo" .Post.Language.String}} selected="selected"{{end}}>Esperanto</option>
	<option value="et"{{if eq "et" .Post.Language.String}} selected="selected"{{end}}>eesti, eesti keel</option>
	<option value="ee"{{if eq "ee" .Post.Language.String}} selected="selected"{{end}}>Eʋegbe</option>
	<option value="fo"{{if eq "fo" .Post.Language.String}} selected="selected"{{end}}>føroyskt</option>
	<option value="fj"{{if eq "fj" .Post.Language.String}} selected="selected"{{end}}>vosa Vakaviti</option>
	<option value="fi"{{if eq "fi" .Post.Language.String}} selected="selected"{{end}}>suomi, suomen kieli</option>
	<option value="fr"{{if eq "fr" .Post.Language.String}} selected="selected"{{end}}>français, langue française</option>
	<option value="ff"{{if eq "ff" .Post.Language.String}} selected="selected"{{end}}>Fulfulde, Pulaar, Pular</option>
	<option value="gl"{{if eq "gl" .Post.Language.String}} selected="selected"{{end}}>Galego</option>
	<option value="ka"{{if eq "ka" .Post.Language.String}} selected="selected"{{end}}>ქართული</option>
	<option value="de"{{if eq "de" .Post.Language.String}} selected="selected"{{end}}>Deutsch</option>
	<option value="el"{{if eq "el" .Post.Language.String}} selected="selected"{{end}}>ελληνικά</option>
	<option value="gn"{{if eq "gn" .Post.Language.String}} selected="selected"{{end}}>Avañe'ẽ</option>
	<option value="gu"{{if eq "gu" .Post.Language.String}} selected="selected"{{end}}>ગુજરાતી</option>
	<option value="ht"{{if eq "ht" .Post.Language.String}} selected="selected"{{end}}>Kreyòl ayisyen</option>
	<option dir="rtl" value="ha"{{if eq "ha" .Post.Language.String}} selected="selected"{{end}}>(Hausa) هَوُسَ</option>
	<option dir="rtl" value="he"{{if eq "he" .Post.Language.String}} selected="selected"{{end}}>עברית</option>
	<option value="hz"{{if eq "hz" .Post.Language.String}} selected="selected"{{end}}>Otjiherero</option>
	<option value="hi"{{if eq "hi" .Post.Language.String}} selected="selected"{{end}}>हिन्दी, हिंदी</option>
	<option value="ho"{{if eq "ho" .Post.Language.String}} selected="selected"{{end}}>Hiri Motu</option>
	<option value="hu"{{if eq "hu" .Post.Language.String}} selected="selected"{{end}}>magyar</option>
	<option value="ia"{{if eq "ia" .Post.Language.String}} selected="selected"{{end}}>Interlingua</option>
	<option value="id"{{if eq "id" .Post.Language.String}} selected="selected"{{end}}>Bahasa Indonesia</option>
	<option value="ie"{{if eq "ie" .Post.Language.String}} selected="selected"{{end}}>Interlingue</option>
	<option value="ga"{{if eq "ga" .Post.Language.String}} selected="selected"{{end}}>Gaeilge</option>
	<option value="ig"{{if eq "ig" .Post.Language.String}} selected="selected"{{end}}>Asụsụ Igbo</option>
	<option value="ik"{{if eq "ik" .Post.Language.String}} selected="selected"{{end}}>Iñupiaq, Iñupiatun</option>
	<option value="io"{{if eq "io" .Post.Language.String}} selected="selected"{{end}}>Ido</option>
	<option value="is"{{if eq "is" .Post.Language.String}} selected="selected"{{end}}>Íslenska</option>
	<option value="it"{{if eq "it" .Post.Language.String}} selected="selected"{{end}}>Italiano</option>
	<option value="iu"{{if eq "iu" .Post.Language.String}} selected="selected"{{end}}>ᐃᓄᒃᑎᑐᑦ</option>
	<option value="ja"{{if eq "ja" .Post.Language.String}} selected="selected"{{end}}>日本語 (にほんご)</option>
	<option value="jv"{{if eq "jv" .Post.Language.String}} selected="selected"{{end}}>ꦧꦱꦗꦮ, Basa Jawa</option>
	<option value="kl"{{if eq "kl" .Post.Language.String}} selected="selected"{{end}}>kalaallisut, kalaallit oqaasii</option>
	<option value="kn"{{if eq "kn" .Post.Language.String}} selected="selected"{{end}}>ಕನ್ನಡ</option>
	<option value="kr"{{if eq "kr" .Post.Language.String}} selected="selected"{{end}}>Kanuri</option>
	<option value="ks"{{if eq "ks" .Post.Language.String}} selected="selected"{{end}}>कश्मीरी, كشميري‎</option>
	<option value="kk"{{if eq "kk" .Post.Language.String}} selected="selected"{{end}}>қазақ тілі</option>
	<option value="km"{{if eq "km" .Post.Language.String}} selected="selected"{{end}}>ខ្មែរ, ខេមរភាសា, ភាសាខ្មែរ</option>
	<option value="ki"{{if eq "ki" .Post.Language.String}} selected="selected"{{end}}>Gĩkũyũ</option>
	<option value="rw"{{if eq "rw" .Post.Language.String}} selected="selected"{{end}}>Ikinyarwanda</option>
	<option value="ky"{{if eq "ky" .Post.Language.String}} selected="selected"{{end}}>Кыргызча, Кыргыз тили</option>
	<option value="kv"{{if eq "kv" .Post.Language.String}} selected="selected"{{end}}>коми кыв</option>
	<option value="kg"{{if eq "kg" .Post.Language.String}} selected="selected"{{end}}>Kikongo</option>
	<option value="ko"{{if eq "ko" .Post.Language.String}} selected="selected"{{end}}>한국어</option>
	<option value="ku"{{if eq "ku" .Post.Language.String}} selected="selected"{{end}}>Kurdî, كوردی‎</option>
	<option value="kj"{{if eq "kj" .Post.Language.String}} selected="selected"{{end}}>Kuanyama</option>
	<option value="la"{{if eq "la" .Post.Language.String}} selected="selected"{{end}}>latine, lingua latina</option>
	<option value="lb"{{if eq "lb" .Post.Language.String}} selected="selected"{{end}}>Lëtzebuergesch</option>
	<option value="lg"{{if eq "lg" .Post.Language.String}} selected="selected"{{end}}>Luganda</option>
	<option value="li"{{if eq "li" .Post.Language.String}} selected="selected"{{end}}>Limburgs</option>
	<option value="ln"{{if eq "ln" .Post.Language.String}} selected="selected"{{end}}>Lingála</option>
	<option value="lo"{{if eq "lo" .Post.Language.String}} selected="selected"{{end}}>ພາສາລາວ</option>
	<option value="lt"{{if eq "lt" .Post.Language.String}} selected="selected"{{end}}>lietuvių kalba</option>
	<option value="lu"{{if eq "lu" .Post.Language.String}} selected="selected"{{end}}>Kiluba</option>
	<option value="lv"{{if eq "lv" .Post.Language.String}} selected="selected"{{end}}>Latviešu Valoda</option>
	<option value="gv"{{if eq "gv" .Post.Language.String}} selected="selected"{{end}}>Gaelg, Gailck</option>
	<option value="mk"{{if eq "mk" .Post.Language.String}} selected="selected"{{end}}>македонски јазик</option>
	<option value="mg"{{if eq "mg" .Post.Language.String}} selected="selected"{{end}}>fiteny malagasy</option>
	<option value="ms"{{if eq "ms" .Post.Language.String}} selected="selected"{{end}}>Bahasa Melayu, بهاس ملايو‎</option>
	<option value="ml"{{if eq "ml" .Post.Language.String}} selected="selected"{{end}}>മലയാളം</option>
	<option value="mt"{{if eq "mt" .Post.Language.String}} selected="selected"{{end}}>Malti</option>
	<option value="mi"{{if eq "mi" .Post.Language.String}} selected="selected"{{end}}>te reo Māori</option>
	<option value="mr"{{if eq "mr" .Post.Language.String}} selected="selected"{{end}}>मराठी</option>
	<option value="mh"{{if eq "mh" .Post.Language.String}} selected="selected"{{end}}>Kajin M̧ajeļ</option>
	<option value="mn"{{if eq "mn" .Post.Language.String}} selected="selected"{{end}}>Монгол хэл</option>
	<option value="na"{{if eq "na" .Post.Language.String}} selected="selected"{{end}}>Dorerin Naoero</option>
	<option value="nv"{{if eq "nv" .Post.Language.String}} selected="selected"{{end}}>Diné bizaad</option>
	<option value="nd"{{if eq "nd" .Post.Language.String}} selected="selected"{{end}}>isiNdebele</option>
	<option value="ne"{{if eq "ne" .Post.Language.String}} selected="selected"{{end}}>नेपाली</option>
	<option value="ng"{{if eq "ng" .Post.Language.String}} selected="selected"{{end}}>Owambo</option>
	<option value="nb"{{if eq "nb" .Post.Language.String}} selected="selected"{{end}}>Norsk Bokmål</option>
	<option value="nn"{{if eq "nn" .Post.Language.String}} selected="selected"{{end}}>Norsk Nynorsk</option>
	<option value="no"{{if eq "no" .Post.Language.String}} selected="selected"{{end}}>Norsk</option>
	<option value="ii"{{if eq "ii" .Post.Language.String}} selected="selected"{{end}}>ꆈꌠ꒿ Nuosuhxop</option>
	<option value="nr"{{if eq "nr" .Post.Language.String}} selected="selected"{{end}}>isiNdebele</option>
	<option value="oc"{{if eq "oc" .Post.Language.String}} selected="selected"{{end}}>occitan, lenga d'òc</option>
	<option value="oj"{{if eq "oj" .Post.Language.String}} selected="selected"{{end}}>ᐊᓂᔑᓈᐯᒧᐎᓐ</option>
	<option value="cu"{{if eq "cu" .Post.Language.String}} selected="selected"{{end}}>ѩзыкъ словѣньскъ</option>
	<option value="om"{{if eq "om" .Post.Language.String}} selected="selected"{{end}}>Afaan Oromoo</option>
	<option value="or"{{if eq "or" .Post.Language.String}} selected="selected"{{end}}>ଓଡ଼ିଆ</option>
	<option value="os"{{if eq "os" .Post.Language.String}} selected="selected"{{end}}>ирон æвзаг</option>
	<option value="pa"{{if eq "pa" .Post.Language.String}} selected="selected"{{end}}>ਪੰਜਾਬੀ</option>
	<option value="pi"{{if eq "pi" .Post.Language.String}} selected="selected"{{end}}>पाऴि</option>
	<option dir="rtl" value="fa"{{if eq "fa" .Post.Language.String}} selected="selected"{{end}}>فارسی</option>
	<option value="pl"{{if eq "pl" .Post.Language.String}} selected="selected"{{end}}>Język Polski, Polszczyzna</option>
	<option dir="rtl" value="ps"{{if eq "ps" .Post.Language.String}} selected="selected"{{end}}>پښتو</option>
	<option value="pt"{{if eq "pt" .Post.Language.String}} selected="selected"{{end}}>Português</option>
	<option value="qu"{{if eq "qu" .Post.Language.String}} selected="selected"{{end}}>Runa Simi, Kichwa</option>
	<option value="rm"{{if eq "rm" .Post.Language.String}} selected="selected"{{end}}>Rumantsch Grischun</option>
	<option value="rn"{{if eq "rn" .Post.Language.String}} selected="selected"{{end}}>Ikirundi</option>
	<option value="ro"{{if eq "ro" .Post.Language.String}} selected="selected"{{end}}>Română</option>
	<option value="ru"{{if eq "ru" .Post.Language.String}} selected="selected"{{end}}>Русский</option>
	<option value="sa"{{if eq "sa" .Post.Language.String}} selected="selected"{{end}}>संस्कृतम्</option>
	<option value="sc"{{if eq "sc" .Post.Language.String}} selected="selected"{{end}}>sardu</option>
	<option value="sd"{{if eq "sd" .Post.Language.String}} selected="selected"{{end}}>सिन्धी, سنڌي، سندھی‎</option>
	<option value="se"{{if eq "se" .Post.Language.String}} selected="selected"{{end}}>Davvisámegiella</option>
	<option value="sm"{{if eq "sm" .Post.Language.String}} selected="selected"{{end}}>gagana fa'a Samoa</option>
	<option value="sg"{{if eq "sg" .Post.Language.String}} selected="selected"{{end}}>yângâ tî sängö</option>
	<option value="sr"{{if eq "sr" .Post.Language.String}} selected="selected"{{end}}>српски језик</option>
	<option value="gd"{{if eq "gd" .Post.Language.String}} selected="selected"{{end}}>Gàidhlig</option>
	<option value="sn"{{if eq "sn" .Post.Language.String}} selected="selected"{{end}}>chiShona</option>
	<option value="si"{{if eq "si" .Post.Language.String}} selected="selected"{{end}}>සිංහල</option>
	<option value="sk"{{if eq "sk" .Post.Language.String}} selected="selected"{{end}}>Slovenčina, Slovenský Jazyk</option>
	<option value="sl"{{if eq "sl" .Post.Language.String}} selected="selected"{{end}}>Slovenski Jezik, Slovenščina</option>
	<option value="so"{{if eq "so" .Post.Language.String}} selected="selected"{{end}}>Soomaaliga, af Soomaali</option>
	<option value="st"{{if eq "st" .Post.Language.String}} selected="selected"{{end}}>Sesotho</option>
	<option value="es"{{if eq "es" .Post.Language.String}} selected="selected"{{end}}>Español</option>
	<option value="su"{{if eq "su" .Post.Language.String}} selected="selected"{{end}}>Basa Sunda</option>
	<option value="sw"{{if eq "sw" .Post.Language.String}} selected="selected"{{end}}>Kiswahili</option>
	<option value="ss"{{if eq "ss" .Post.Language.String}} selected="selected"{{end}}>SiSwati</option>
	<option value="sv"{{if eq "sv" .Post.Language.String}} selected="selected"{{end}}>Svenska</option>
	<option value="ta"{{if eq "ta" .Post.Language.String}} selected="selected"{{end}}>தமிழ்</option>
	<option value="te"{{if eq "te" .Post.Language.String}} selected="selected"{{end}}>తెలుగు</option>
	<option value="tg"{{if eq "tg" .Post.Language.String}} selected="selected"{{end}}>тоҷикӣ, toçikī, تاجیکی‎</option>
	<option value="th"{{if eq "th" .Post.Language.String}} selected="selected"{{end}}>ไทย</option>
	<option value="ti"{{if eq "ti" .Post.Language.String}} selected="selected"{{end}}>ትግርኛ</option>
	<option value="bo"{{if eq "bo" .Post.Language.String}} selected="selected"{{end}}>བོད་ཡིག</option>
	<option value="tk"{{if eq "tk" .Post.Language.String}} selected="selected"{{end}}>Türkmen, Түркмен</option>
	<option value="tl"{{if eq "tl" .Post.Language.String}} selected="selected"{{end}}>Wikang Tagalog</option>
	<option value="tn"{{if eq "tn" .Post.Language.String}} selected="selected"{{end}}>Setswana</option>
	<option value="to"{{if eq "to" .Post.Language.String}} selected="selected"{{end}}>Faka Tonga</option>
	<option value="tr"{{if eq "tr" .Post.Language.String}} selected="selected"{{end}}>Türkçe</option>
	<option value="ts"{{if eq "ts" .Post.Language.String}} selected="selected"{{end}}>Xitsonga</option>
	<option value="tt"{{if eq "tt" .Post.Language.String}} selected="selected"{{end}}>татар теле, tatar tele</option>
	<option value="tw"{{if eq "tw" .Post.Language.String}} selected="selected"{{end}}>Twi</option>
	<option value="ty"{{if eq "ty" .Post.Language.String}} selected="selected"{{end}}>Reo Tahiti</option>
	<option value="ug"{{if eq "ug" .Post.Language.String}} selected="selected"{{end}}>ئۇيغۇرچە‎, Uyghurche</option>
	<option value="uk"{{if eq "uk" .Post.Language.String}} selected="selected"{{end}}>Українська</option>
	<option dir="rtl" value="ur"{{if eq "ur" .Post.Language.String}} selected="selected"{{end}}>اردو</option>
	<option value="uz"{{if eq "uz" .Post.Language.String}} selected="selected"{{end}}>Oʻzbek, Ўзбек, أۇزبېك‎</option>
	<option value="ve"{{if eq "ve" .Post.Language.String}} selected="selected"{{end}}>Tshivenḓa</option>
	<option value="vi"{{if eq "vi" .Post.Language.String}} selected="selected"{{end}}>Tiếng Việt</option>
	<option value="vo"{{if eq "vo" .Post.Language.String}} selected="selected"{{end}}>Volapük</option>
	<option value="wa"{{if eq "wa" .Post.Language.String}} selected="selected"{{end}}>Walon</option>
	<option value="cy"{{if eq "cy" .Post.Language.String}} selected="selected"{{end}}>Cymraeg</option>
	<option value="wo"{{if eq "wo" .Post.Language.String}} selected="selected"{{end}}>Wollof</option>
	<option value="fy"{{if eq "fy" .Post.Language.String}} selected="selected"{{end}}>Frysk</option>
	<option value="xh"{{if eq "xh" .Post.Language.String}} selected="selected"{{end}}>isiXhosa</option>
	<option dir="rtl" value="yi"{{if eq "yi" .Post.Language.String}} selected="selected"{{end}}>ייִדיש</option>
	<option value="yo"{{if eq "yo" .Post.Language.String}} selected="selected"{{end}}>Yorùbá</option>
	<option value="za"{{if eq "za" .Post.Language.String}} selected="selected"{{end}}>Saɯ cueŋƅ, Saw cuengh</option>
	<option value="zu"{{if eq "zu" .Post.Language.String}} selected="selected"{{end}}>isiZulu</option>
	</select>
	</dd>
	<dt><label for="rtl">Direction</label></dt>
	<dd><input type="checkbox" id="rtl" name="rtl" {{if .Post.IsRTL.Bool}}checked="checked"{{end}} /><label for="rtl"> right-to-left</label></dd>
	<dt><label for="created">Created</label></dt>
	<dd>
	<input type="text" id="created" name="created" value="{{.Post.UserFacingCreated}}" data-time="{{.Post.Created8601}}" placeholder="YYYY-MM-DD HH:MM:SS" maxlength="19" /> <span id="tz">UTC</span> <a href="#" id="set-now">now</a>
	<p class="error" id="create-error">Date format should be: <span class="mono"><abbr title="The full year">YYYY</abbr>-<abbr title="The numeric month of the year, where January = 1, with a zero in front if less than 10">MM</abbr>-<abbr title="The day of the month, with a zero in front if less than 10">DD</abbr> <abbr title="The hour (00-23), with a zero in front if less than 10.">HH</abbr>:<abbr title="The minute of the hour (00-59), with a zero in front if less than 10.">MM</abbr>:<abbr title="The seconds (00-59), with a zero in front if less than 10.">SS</abbr></span></p>
	</dd>
	<dt> </dt><dd><input type="submit" value="Save changes" /></dd>
	</dl>
	<input type="hidden" name="web" value="true" />
	</form>
	</div>

	<script src="/js/h.js"></script>
	<script>
	function updateMeta() {
	if ({{.Suspended}}) {
	- alert('Your account is currently supsended, editing posts is disabled.');
	+ alert("Your account is silenced, so you can't edit posts.");
	return
	}
	document.getElementById('create-error').style.display = 'none';
	var $created = document.getElementById('created');
	var dateStr = $created.value.trim();
	var m = dateStr.match(/^[0-9]{4}-[0-9]{1,2}-[0-9]{1,2}( [0-9]{1,2}:[0-9]{1,2}(:[0-9]{1,2})?)?$/);
	if (!m) {
	document.getElementById('create-error').style.display = 'block';
	return false;
	}
	// Break up the date and parse. This ensures cross-browser compatibility
	var p = dateStr.split(/[^0-9]/);
	var d = new Date(p[0], p[1]-1, p[2], p[3] ? p[3] : 0, p[4] ? p[4] : 0, p[5] ? p[5] : 0);
	$created.value = d.getUTCFullYear() + '-' + ('0' + (d.getUTCMonth()+1)).slice(-2) + '-' + ('0' + d.getUTCDate()).slice(-2)+' '+('0'+d.getUTCHours()).slice(-2)+':'+('0'+d.getUTCMinutes()).slice(-2)+':'+('0'+d.getUTCSeconds()).slice(-2);
	var $tz = document.getElementById('tz');
	$tz.style.display = "inline";
	var $submit = document.querySelector('input[type=submit]');
	$submit.value = "Saving...";
	$submit.disabled = true;
	return true;
	}
	function dateToStr(d) {
	return d.getFullYear() + '-' + ('0' + (d.getMonth()+1)).slice(-2) + '-' + ('0' + d.getDate()).slice(-2)+' '+('0'+d.getHours()).slice(-2)+':'+('0'+d.getMinutes()).slice(-2)+':'+('0'+d.getSeconds()).slice(-2);
	}
	function setLocalTime() {
	var $created = document.getElementById('created');
	var d = new Date($created.getAttribute('data-time'));
	$created.value = dateToStr(d);
	var $tz = document.getElementById('tz');
	$tz.style.display = "none";
	}
	setLocalTime();
	function setToNow() {
	var $created = document.getElementById('created');
	$created.value = dateToStr(new Date());
	}
	H.getEl('set-now').on('click', function(e) {
	e.preventDefault();
	setToNow();
	});
	function toggleTheme() {
	var btns = Array.prototype.slice.call(document.getElementById('tools').querySelectorAll('a img'));
	if (document.body.className == 'light') {
	document.body.className = 'dark';
	for (var i=0; i<btns.length; i++) {
	btns[i].src = btns[i].src.replace('_dark@2x.png', '@2x.png');
	}
	} else {
	document.body.className = 'light';
	for (var i=0; i<btns.length; i++) {
	btns[i].src = btns[i].src.replace('@2x.png', '_dark@2x.png');
	}
	}
	H.set('padTheme', document.body.className);
	}
	if (H.get('padTheme', 'light') != 'light') {
	toggleTheme();
	}

	var setButtonStates = function() {
	if (!canPublish) {
	$btnPublish.el.className = 'disabled';
	return;
	}
	if ($writer.el.value.length === 0 \|\| (draftDoc != 'lastDoc' && $writer.el.value == origDoc)) {
	$btnPublish.el.className = 'disabled';
	} else {
	$btnPublish.el.className = '';
	}
	};

	H.getEl('toggle-theme').on('click', function(e) {
	e.preventDefault();
	try {
	var newTheme = 'light';
	if (document.body.className == 'light') {
	newTheme = 'dark';
	}
	} catch(e) {}
	toggleTheme();
	});

	WebFontConfig = {
	custom: { families: [ 'Lora:400,700:latin' ], urls: [ '/css/fonts.css' ] }
	};
	try {
	(function() {
	var wf=document.createElement('script');
	wf.src = '/js/webfont.js';
	wf.type='text/javascript';
	wf.async='true';
	var s=document.getElementsByTagName('script')[0];
	s.parentNode.insertBefore(wf, s);
	})();
	} catch (e) {
	// whatevs
	}
	</script>
	<link href="/css/icons.css" rel="stylesheet">
	</body>
	</html>{{end}}
	diff --git a/templates/password-collection.tmpl b/templates/password-collection.tmpl
	index 73c4465..e0b755d 100644
	--- a/templates/password-collection.tmpl
	+++ b/templates/password-collection.tmpl
	@@ -1,78 +1,75 @@
	{{define "password-collection"}}<!DOCTYPE HTML>
	<html {{if .Language}}lang="{{.Language}}"{{end}} dir="{{.Direction}}">
	<head>
	<meta charset="utf-8">

	<title>{{.DisplayTitle}}{{if not .SingleUser}} — {{.SiteName}}{{end}}</title>

	<link rel="stylesheet" type="text/css" href="/css/write.css" />
	<link rel="shortcut icon" href="/favicon.ico" />
	<link rel="canonical" href="{{.CanonicalURL}}">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />

	<meta name="description" content="{{.Description}}">
	<meta itemprop="name" content="{{.DisplayTitle}}">
	<meta itemprop="description" content="{{.Description}}">
	<meta name="twitter:card" content="summary">
	<meta name="twitter:title" content="{{.DisplayTitle}}">
	<meta name="twitter:description" content="{{.Description}}">
	<meta property="og:title" content="{{.DisplayTitle}}" />
	<meta property="og:site_name" content="{{.DisplayTitle}}" />
	<meta property="og:type" content="article" />
	<meta property="og:url" content="{{.CanonicalURL}}" />
	<meta property="og:description" content="{{.Description}}" />
	{{if .StyleSheet}}<style type="text/css">{{.StyleSheetDisplay}}</style>{{end}}

	</head>
	<body id="collection" itemscope itemtype="http://schema.org/WebPage">
	- {{if .Suspended}}
	- {{template "user-supsended"}}
	- {{end}}
	<header>
	<h1 dir="{{.Direction}}" id="blog-title"><a href="/{{.Alias}}/" class="h-card p-author u-url" rel="me author">{{.DisplayTitle}}</a></h1>
	</header>

	<div id="wrapper">

	<div class="access">
	<form method="post" action="/api/auth/read">
	{{if .Flashes}}<ul class="errors">
	{{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
	</ul>{{else}}
	<h2>This blog requires a password.</h2>
	{{end}}
	<input type="hidden" name="alias" value="{{.Alias}}" />
	<input type="hidden" name="to" value="{{.Next}}" />
	<input type="password" autocomplete="new-password" name="password" tabindex="1" autofocus />
	<p><input type="submit" value="Enter" /></p>
	</form>
	</div>
	</div>

	<footer>
	<hr />
	<nav dir="ltr">
	<a class="home pubd" href="/">{{.SiteName}}</a> · powered by <a style="margin-left:0" href="https://writefreely.org">writefreely</a>
	</nav>
	</footer>
	</body>

	{{if and .Script .CanShowScript}}<script type="text/javascript">{{.ScriptDisplay}}</script>{{end}}
	<script src="/js/h.js"></script>
	<script src="/js/postactions.js"></script>
	<script type="text/javascript">
	try {
	WebFontConfig = {
	custom: { families: [ 'Lora:400,700:latin', 'Open+Sans:400,700:latin' ], urls: [ '/css/fonts.css' ] }
	};
	(function() {
	var wf = document.createElement('script');
	wf.src = '/js/webfont.js';
	wf.type = 'text/javascript';
	wf.async = 'true';
	var s = document.getElementsByTagName('script')[0];
	s.parentNode.insertBefore(wf, s);
	})();
	} catch (e) {}
	</script>
	</html>{{end}}

File Metadata

Mime Type: text/x-diff
Expires: Mon, Jan 20, 1:36 AM (22 h, 9 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 3137463

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions