No OneTemporary
Actions

Size

74 KB

Subscribers

None

View Options

	diff --git a/account.go b/account.go
	index 1cf259b..9db9b1f 100644
	--- a/account.go
	+++ b/account.go
	@@ -1,1064 +1,1065 @@
	/*
	* Copyright © 2018-2019 A Bunch Tell LLC.
	*
	* This file is part of WriteFreely.
	*
	* WriteFreely is free software: you can redistribute it and/or modify
	* it under the terms of the GNU Affero General Public License, included
	* in the LICENSE file in this source code package.
	*/

	package writefreely

	import (
	"encoding/json"
	"fmt"
	+ "html/template"
	+ "net/http"
	+ "regexp"
	+ "strings"
	+ "sync"
	+ "time"
	+
	"github.com/gorilla/mux"
	"github.com/gorilla/sessions"
	"github.com/guregu/null/zero"
	"github.com/writeas/impart"
	"github.com/writeas/web-core/auth"
	"github.com/writeas/web-core/data"
	"github.com/writeas/web-core/log"
	"github.com/writeas/writefreely/author"
	"github.com/writeas/writefreely/page"
	- "html/template"
	- "net/http"
	- "regexp"
	- "strings"
	- "sync"
	- "time"
	)

	type (
	userSettings struct {
	Username string `schema:"username" json:"username"`
	Email string `schema:"email" json:"email"`
	NewPass string `schema:"new-pass" json:"new_pass"`
	OldPass string `schema:"current-pass" json:"current_pass"`
	IsLogOut bool `schema:"logout" json:"logout"`
	}

	UserPage struct {
	page.StaticPage

	PageTitle string
	Separator template.HTML
	IsAdmin bool
	CanInvite bool
	}
	)

	func NewUserPage(app App, r http.Request, u User, title string, flashes []string) UserPage {
	up := &UserPage{
	StaticPage: pageForReq(app, r),
	PageTitle: title,
	}
	up.Username = u.Username
	up.Flashes = flashes
	up.Path = r.URL.Path
	up.IsAdmin = u.IsAdmin()
	up.CanInvite = app.cfg.App.UserInvites != "" &&
	(up.IsAdmin \|\| app.cfg.App.UserInvites != "admin")
	return up
	}

	func (up UserPage) SetMessaging(u User) {
	//up.NeedsAuth = app.db.DoesUserNeedAuth(u.ID)
	}

	const (
	loginAttemptExpiration = 3 * time.Second
	)

	var actuallyUsernameReg = regexp.MustCompile("username is actually ([a-z0-9\\-]+)\\. Please try that, instead")

	func apiSignup(app App, w http.ResponseWriter, r http.Request) error {
	_, err := signup(app, w, r)
	return err
	}

	func signup(app App, w http.ResponseWriter, r http.Request) (*AuthUser, error) {
	reqJSON := IsJSON(r.Header.Get("Content-Type"))

	// Get params
	var ur userRegistration
	if reqJSON {
	decoder := json.NewDecoder(r.Body)
	err := decoder.Decode(&ur)
	if err != nil {
	log.Error("Couldn't parse signup JSON request: %v\n", err)
	return nil, ErrBadJSON
	}
	} else {
	// Check if user is already logged in
	u := getUserSession(app, r)
	if u != nil {
	return &AuthUser{User: u}, nil
	}

	err := r.ParseForm()
	if err != nil {
	log.Error("Couldn't parse signup form request: %v\n", err)
	return nil, ErrBadFormData
	}

	err = app.formDecoder.Decode(&ur, r.PostForm)
	if err != nil {
	log.Error("Couldn't decode signup form request: %v\n", err)
	return nil, ErrBadFormData
	}
	}

	return signupWithRegistration(app, ur, w, r)
	}

	func signupWithRegistration(app App, signup userRegistration, w http.ResponseWriter, r http.Request) (*AuthUser, error) {
	reqJSON := IsJSON(r.Header.Get("Content-Type"))

	// Validate required params (alias)
	if signup.Alias == "" {
	return nil, impart.HTTPError{http.StatusBadRequest, "A username is required."}
	}
	if signup.Pass == "" {
	return nil, impart.HTTPError{http.StatusBadRequest, "A password is required."}
	}
	var desiredUsername string
	if signup.Normalize {
	// With this option we simply conform the username to what we expect
	// without complaining. Since they might've done something funny, like
	// enter: write.as/Way Out There, we'll use their raw input for the new
	// collection name and sanitize for the slug / username.
	desiredUsername = signup.Alias
	signup.Alias = getSlug(signup.Alias, "")
	}
	if !author.IsValidUsername(app.cfg, signup.Alias) {
	// Ensure the username is syntactically correct.
	return nil, impart.HTTPError{http.StatusPreconditionFailed, "Username is reserved or isn't valid. It must be at least 3 characters long, and can only include letters, numbers, and hyphens."}
	}

	// Handle empty optional params
	// TODO: remove this var
	createdWithPass := true
	hashedPass, err := auth.HashPass([]byte(signup.Pass))
	if err != nil {
	return nil, impart.HTTPError{http.StatusInternalServerError, "Could not create password hash."}
	}

	// Create struct to insert
	u := &User{
	Username: signup.Alias,
	HashedPass: hashedPass,
	HasPass: createdWithPass,
	Email: zero.NewString("", signup.Email != ""),
	Created: time.Now().Truncate(time.Second).UTC(),
	}
	if signup.Email != "" {
	encEmail, err := data.Encrypt(app.keys.EmailKey, signup.Email)
	if err != nil {
	log.Error("Unable to encrypt email: %s\n", err)
	} else {
	u.Email.String = string(encEmail)
	}
	}

	// Create actual user
	if err := app.db.CreateUser(app.cfg, u, desiredUsername); err != nil {
	return nil, err
	}

	// Log invite if needed
	if signup.InviteCode != "" {
	cu, err := app.db.GetUserForAuth(signup.Alias)
	if err != nil {
	return nil, err
	}
	err = app.db.CreateInvitedUser(signup.InviteCode, cu.ID)
	if err != nil {
	return nil, err
	}
	}

	// Add back unencrypted data for response
	if signup.Email != "" {
	u.Email.String = signup.Email
	}

	resUser := &AuthUser{
	User: u,
	}
	if !createdWithPass {
	resUser.Password = signup.Pass
	}
	title := signup.Alias
	if signup.Normalize {
	title = desiredUsername
	}
	resUser.Collections = &[]Collection{
	{
	Alias: signup.Alias,
	Title: title,
	},
	}

	var token string
	if reqJSON && !signup.Web {
	token, err = app.db.GetAccessToken(u.ID)
	if err != nil {
	return nil, impart.HTTPError{http.StatusInternalServerError, "Could not create access token. Try re-authenticating."}
	}
	resUser.AccessToken = token
	} else {
	session, err := app.sessionStore.Get(r, cookieName)
	if err != nil {
	// The cookie should still save, even if there's an error.
	// Source: https://github.com/gorilla/sessions/issues/16#issuecomment-143642144
	log.Error("Session: %v; ignoring", err)
	}
	session.Values[cookieUserVal] = resUser.User.Cookie()
	err = session.Save(r, w)
	if err != nil {
	log.Error("Couldn't save session: %v", err)
	return nil, err
	}
	}
	if reqJSON {
	return resUser, impart.WriteSuccess(w, resUser, http.StatusCreated)
	}

	return resUser, nil
	}

	func viewLogout(app App, w http.ResponseWriter, r http.Request) error {
	session, err := app.sessionStore.Get(r, cookieName)
	if err != nil {
	return ErrInternalCookieSession
	}

	// Ensure user has an email or password set before they go, so they don't
	// lose access to their account.
	val := session.Values[cookieUserVal]
	var u = &User{}
	var ok bool
	if u, ok = val.(*User); !ok {
	log.Error("Error casting user object on logout. Vals: %+v Resetting cookie.", session.Values)

	err = session.Save(r, w)
	if err != nil {
	log.Error("Couldn't save session on logout: %v", err)
	return impart.HTTPError{http.StatusInternalServerError, "Unable to save cookie session."}
	}

	return impart.HTTPError{http.StatusFound, "/"}
	}

	u, err = app.db.GetUserByID(u.ID)
	if err != nil && err != ErrUserNotFound {
	return impart.HTTPError{http.StatusInternalServerError, "Unable to fetch user information."}
	}

	session.Options.MaxAge = -1

	err = session.Save(r, w)
	if err != nil {
	log.Error("Couldn't save session on logout: %v", err)
	return impart.HTTPError{http.StatusInternalServerError, "Unable to save cookie session."}
	}

	return impart.HTTPError{http.StatusFound, "/"}
	}

	func handleAPILogout(app App, w http.ResponseWriter, r http.Request) error {
	accessToken := r.Header.Get("Authorization")
	if accessToken == "" {
	return ErrNoAccessToken
	}
	t := auth.GetToken(accessToken)
	if len(t) == 0 {
	return ErrNoAccessToken
	}
	err := app.db.DeleteToken(t)
	if err != nil {
	return err
	}
	return impart.HTTPError{Status: http.StatusNoContent}
	}

	func viewLogin(app App, w http.ResponseWriter, r http.Request) error {
	var earlyError string
	oneTimeToken := r.FormValue("with")
	if oneTimeToken != "" {
	log.Info("Calling login with one-time token.")
	err := login(app, w, r)
	if err != nil {
	log.Info("Received error: %v", err)
	earlyError = fmt.Sprintf("%s", err)
	}
	}

	session, err := app.sessionStore.Get(r, cookieName)
	if err != nil {
	// Ignore this
	log.Error("Unable to get session; ignoring: %v", err)
	}

	p := &struct {
	page.StaticPage
	To string
	Message template.HTML
	Flashes []template.HTML
	Username string
	}{
	pageForReq(app, r),
	r.FormValue("to"),
	template.HTML(""),
	[]template.HTML{},
	getTempInfo(app, "login-user", r, w),
	}

	if earlyError != "" {
	p.Flashes = append(p.Flashes, template.HTML(earlyError))
	}

	// Display any error messages
	flashes, _ := getSessionFlashes(app, w, r, session)
	for _, flash := range flashes {
	p.Flashes = append(p.Flashes, template.HTML(flash))
	}
	err = pages["login.tmpl"].ExecuteTemplate(w, "base", p)
	if err != nil {
	log.Error("Unable to render login: %v", err)
	return err
	}
	return nil
	}

	func webLogin(app App, w http.ResponseWriter, r http.Request) error {
	err := login(app, w, r)
	if err != nil {
	username := r.FormValue("alias")
	// Login request was unsuccessful; save the error in the session and redirect them
	if err, ok := err.(impart.HTTPError); ok {
	session, _ := app.sessionStore.Get(r, cookieName)
	if session != nil {
	session.AddFlash(err.Message)
	session.Save(r, w)
	}

	if m := actuallyUsernameReg.FindStringSubmatch(err.Message); len(m) > 0 {
	// Retain fixed username recommendation for the login form
	username = m[1]
	}
	}

	// Pass along certain information
	saveTempInfo(app, "login-user", username, r, w)

	// Retain post-login URL if one was given
	redirectTo := "/login"
	postLoginRedirect := r.FormValue("to")
	if postLoginRedirect != "" {
	redirectTo += "?to=" + postLoginRedirect
	}

	log.Error("Unable to login: %v", err)
	return impart.HTTPError{http.StatusTemporaryRedirect, redirectTo}
	}

	return nil
	}

	var loginAttemptUsers = sync.Map{}

	func login(app App, w http.ResponseWriter, r http.Request) error {
	reqJSON := IsJSON(r.Header.Get("Content-Type"))
	oneTimeToken := r.FormValue("with")
	verbose := r.FormValue("all") == "true" \|\| r.FormValue("verbose") == "1" \|\| r.FormValue("verbose") == "true" \|\| (reqJSON && oneTimeToken != "")

	redirectTo := r.FormValue("to")
	if redirectTo == "" {
	if app.cfg.App.SingleUser {
	redirectTo = "/me/new"
	} else {
	redirectTo = "/"
	}
	}

	var u *User
	var err error
	var signin userCredentials

	// Log in with one-time token if one is given
	if oneTimeToken != "" {
	log.Info("Login: Logging user in via token.")
	userID := app.db.GetUserID(oneTimeToken)
	if userID == -1 {
	log.Error("Login: Got user -1 from token")
	err := ErrBadAccessToken
	err.Message = "Expired or invalid login code."
	return err
	}
	log.Info("Login: Found user %d.", userID)

	u, err = app.db.GetUserByID(userID)
	if err != nil {
	log.Error("Unable to fetch user on one-time token login: %v", err)
	return impart.HTTPError{http.StatusInternalServerError, "There was an error retrieving the user you want."}
	}
	log.Info("Login: Got user via token")
	} else {
	// Get params
	if reqJSON {
	decoder := json.NewDecoder(r.Body)
	err := decoder.Decode(&signin)
	if err != nil {
	log.Error("Couldn't parse signin JSON request: %v\n", err)
	return ErrBadJSON
	}
	} else {
	err := r.ParseForm()
	if err != nil {
	log.Error("Couldn't parse signin form request: %v\n", err)
	return ErrBadFormData
	}

	err = app.formDecoder.Decode(&signin, r.PostForm)
	if err != nil {
	log.Error("Couldn't decode signin form request: %v\n", err)
	return ErrBadFormData
	}
	}

	log.Info("Login: Attempting login for '%s'", signin.Alias)

	// Validate required params (all)
	if signin.Alias == "" {
	msg := "Parameter `alias` required."
	if signin.Web {
	msg = "A username is required."
	}
	return impart.HTTPError{http.StatusBadRequest, msg}
	}
	if !signin.EmailLogin && signin.Pass == "" {
	msg := "Parameter `pass` required."
	if signin.Web {
	msg = "A password is required."
	}
	return impart.HTTPError{http.StatusBadRequest, msg}
	}

	// Prevent excessive login attempts on the same account
	// Skip this check in dev environment
	if !app.cfg.Server.Dev {
	now := time.Now()
	attemptExp, att := loginAttemptUsers.LoadOrStore(signin.Alias, now.Add(loginAttemptExpiration))
	if att {
	if attemptExpTime, ok := attemptExp.(time.Time); ok {
	if attemptExpTime.After(now) {
	// This user attempted previously, and the period hasn't expired yet
	return impart.HTTPError{http.StatusTooManyRequests, "You're doing that too much."}
	} else {
	// This user attempted previously, but the time expired; free up space
	loginAttemptUsers.Delete(signin.Alias)
	}
	} else {
	log.Error("Unable to cast expiration to time")
	}
	}
	}

	// Retrieve password
	u, err = app.db.GetUserForAuth(signin.Alias)
	if err != nil {
	log.Info("Unable to getUserForAuth on %s: %v", signin.Alias, err)
	if strings.IndexAny(signin.Alias, "@") > 0 {
	log.Info("Suggesting: %s", ErrUserNotFoundEmail.Message)
	return ErrUserNotFoundEmail
	}
	return err
	}
	// Authenticate
	if u.Email.String == "" {
	// User has no email set, so check if they haven't added a password, either,
	// so we can return a more helpful error message.
	if hasPass, _ := app.db.IsUserPassSet(u.ID); !hasPass {
	log.Info("Tried logging in to %s, but no password or email.", signin.Alias)
	return impart.HTTPError{http.StatusPreconditionFailed, "This user never added a password or email address. Please contact us for help."}
	}
	}
	if !auth.Authenticated(u.HashedPass, []byte(signin.Pass)) {
	return impart.HTTPError{http.StatusUnauthorized, "Incorrect password."}
	}
	}

	if reqJSON && !signin.Web {
	var token string
	if r.Header.Get("User-Agent") == "" {
	// Get last created token when User-Agent is empty
	token = app.db.FetchLastAccessToken(u.ID)
	if token == "" {
	token, err = app.db.GetAccessToken(u.ID)
	}
	} else {
	token, err = app.db.GetAccessToken(u.ID)
	}
	if err != nil {
	log.Error("Login: Unable to create access token: %v", err)
	return impart.HTTPError{http.StatusInternalServerError, "Could not create access token. Try re-authenticating."}
	}
	resUser := getVerboseAuthUser(app, token, u, verbose)
	return impart.WriteSuccess(w, resUser, http.StatusOK)
	}

	session, err := app.sessionStore.Get(r, cookieName)
	if err != nil {
	// The cookie should still save, even if there's an error.
	log.Error("Login: Session: %v; ignoring", err)
	}

	// Remove unwanted data
	session.Values[cookieUserVal] = u.Cookie()
	err = session.Save(r, w)
	if err != nil {
	log.Error("Login: Couldn't save session: %v", err)
	// TODO: return error
	}

	// Send success
	if reqJSON {
	return impart.WriteSuccess(w, &AuthUser{User: u}, http.StatusOK)
	}
	log.Info("Login: Redirecting to %s", redirectTo)
	w.Header().Set("Location", redirectTo)
	w.WriteHeader(http.StatusFound)
	return nil
	}

	func getVerboseAuthUser(app App, token string, u User, verbose bool) *AuthUser {
	resUser := &AuthUser{
	AccessToken: token,
	User: u,
	}

	// Fetch verbose user data if requested
	if verbose {
	posts, err := app.db.GetUserPosts(u)
	if err != nil {
	log.Error("Login: Unable to get user posts: %v", err)
	}
	colls, err := app.db.GetCollections(u)
	if err != nil {
	log.Error("Login: Unable to get user collections: %v", err)
	}
	passIsSet, err := app.db.IsUserPassSet(u.ID)
	if err != nil {
	// TODO: correct error meesage
	log.Error("Login: Unable to get user collections: %v", err)
	}

	resUser.Posts = posts
	resUser.Collections = colls
	resUser.User.HasPass = passIsSet
	}
	return resUser
	}

	func viewExportOptions(app App, u User, w http.ResponseWriter, r *http.Request) error {
	// Fetch extra user data
	p := NewUserPage(app, r, u, "Export", nil)

	showUserPage(w, "export", p)
	return nil
	}

	func viewExportPosts(app App, w http.ResponseWriter, r http.Request) ([]byte, string, error) {
	var filename string
	var u = &User{}
	reqJSON := IsJSON(r.Header.Get("Content-Type"))
	if reqJSON {
	// Use given Authorization header
	accessToken := r.Header.Get("Authorization")
	if accessToken == "" {
	return nil, filename, ErrNoAccessToken
	}

	userID := app.db.GetUserID(accessToken)
	if userID == -1 {
	return nil, filename, ErrBadAccessToken
	}

	var err error
	u, err = app.db.GetUserByID(userID)
	if err != nil {
	return nil, filename, impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve requested user."}
	}
	} else {
	// Use user cookie
	session, err := app.sessionStore.Get(r, cookieName)
	if err != nil {
	// The cookie should still save, even if there's an error.
	log.Error("Session: %v; ignoring", err)
	}

	val := session.Values[cookieUserVal]
	var ok bool
	if u, ok = val.(*User); !ok {
	return nil, filename, ErrNotLoggedIn
	}
	}

	filename = u.Username + "-posts-" + time.Now().Truncate(time.Second).UTC().Format("200601021504")

	// Fetch data we're exporting
	var err error
	var data []byte
	posts, err := app.db.GetUserPosts(u)
	if err != nil {
	return data, filename, err
	}

	// Export as CSV
	if strings.HasSuffix(r.URL.Path, ".csv") {
	data = exportPostsCSV(u, posts)
	return data, filename, err
	}
	if strings.HasSuffix(r.URL.Path, ".zip") {
	data = exportPostsZip(u, posts)
	return data, filename, err
	}

	if r.FormValue("pretty") == "1" {
	data, err = json.MarshalIndent(posts, "", "\t")
	} else {
	data, err = json.Marshal(posts)
	}
	return data, filename, err
	}

	func viewExportFull(app App, w http.ResponseWriter, r http.Request) ([]byte, string, error) {
	var err error
	filename := ""
	u := getUserSession(app, r)
	if u == nil {
	return nil, filename, ErrNotLoggedIn
	}
	filename = u.Username + "-" + time.Now().Truncate(time.Second).UTC().Format("200601021504")

	exportUser := compileFullExport(app, u)

	var data []byte
	if r.FormValue("pretty") == "1" {
	data, err = json.MarshalIndent(exportUser, "", "\t")
	} else {
	data, err = json.Marshal(exportUser)
	}
	return data, filename, err
	}

	func viewMeAPI(app App, w http.ResponseWriter, r http.Request) error {
	reqJSON := IsJSON(r.Header.Get("Content-Type"))
	uObj := struct {
	ID int64 `json:"id,omitempty"`
	Username string `json:"username,omitempty"`
	}{}
	var err error

	if reqJSON {
	_, uObj.Username, err = app.db.GetUserDataFromToken(r.Header.Get("Authorization"))
	if err != nil {
	return err
	}
	} else {
	u := getUserSession(app, r)
	if u == nil {
	return impart.WriteSuccess(w, uObj, http.StatusOK)
	}
	uObj.Username = u.Username
	}

	return impart.WriteSuccess(w, uObj, http.StatusOK)
	}

	func viewMyPostsAPI(app App, u User, w http.ResponseWriter, r *http.Request) error {
	reqJSON := IsJSON(r.Header.Get("Content-Type"))
	if !reqJSON {
	return ErrBadRequestedType
	}

	var err error
	p := GetPostsCache(u.ID)
	if p == nil {
	userPostsCache.Lock()
	if userPostsCache.users[u.ID].ready == nil {
	userPostsCache.users[u.ID] = postsCacheItem{ready: make(chan struct{})}
	userPostsCache.Unlock()

	p, err = app.db.GetUserPosts(u)
	if err != nil {
	return err
	}

	CachePosts(u.ID, p)
	} else {
	userPostsCache.Unlock()

	<-userPostsCache.users[u.ID].ready
	p = GetPostsCache(u.ID)
	}
	}

	return impart.WriteSuccess(w, p, http.StatusOK)
	}

	func viewMyCollectionsAPI(app App, u User, w http.ResponseWriter, r *http.Request) error {
	reqJSON := IsJSON(r.Header.Get("Content-Type"))
	if !reqJSON {
	return ErrBadRequestedType
	}

	p, err := app.db.GetCollections(u)
	if err != nil {
	return err
	}

	return impart.WriteSuccess(w, p, http.StatusOK)
	}

	func viewArticles(app App, u User, w http.ResponseWriter, r *http.Request) error {
	p, err := app.db.GetAnonymousPosts(u)
	if err != nil {
	log.Error("unable to fetch anon posts: %v", err)
	}
	// nil-out AnonymousPosts slice for easy detection in the template
	if p != nil && len(*p) == 0 {
	p = nil
	}

	f, err := getSessionFlashes(app, w, r, nil)
	if err != nil {
	log.Error("unable to fetch flashes: %v", err)
	}

	c, err := app.db.GetPublishableCollections(u)
	if err != nil {
	log.Error("unable to fetch collections: %v", err)
	}

	d := struct {
	*UserPage
	AnonymousPosts *[]PublicPost
	Collections *[]Collection
	}{
	UserPage: NewUserPage(app, r, u, u.Username+"'s Posts", f),
	AnonymousPosts: p,
	Collections: c,
	}
	d.UserPage.SetMessaging(u)
	w.Header().Set("Cache-Control", "no-cache, no-store, must-revalidate")
	w.Header().Set("Expires", "Thu, 04 Oct 1990 20:00:00 GMT")
	showUserPage(w, "articles", d)

	return nil
	}

	func viewCollections(app App, u User, w http.ResponseWriter, r *http.Request) error {
	c, err := app.db.GetCollections(u)
	if err != nil {
	log.Error("unable to fetch collections: %v", err)
	return fmt.Errorf("No collections")
	}

	f, _ := getSessionFlashes(app, w, r, nil)

	uc, _ := app.db.GetUserCollectionCount(u.ID)
	// TODO: handle any errors

	d := struct {
	*UserPage
	Collections *[]Collection

	UsedCollections, TotalCollections int

	NewBlogsDisabled bool
	}{
	UserPage: NewUserPage(app, r, u, u.Username+"'s Blogs", f),
	Collections: c,
	UsedCollections: int(uc),
	NewBlogsDisabled: !app.cfg.App.CanCreateBlogs(uc),
	}
	d.UserPage.SetMessaging(u)
	showUserPage(w, "collections", d)

	return nil
	}

	func viewEditCollection(app App, u User, w http.ResponseWriter, r *http.Request) error {
	vars := mux.Vars(r)
	c, err := app.db.GetCollection(vars["collection"])
	if err != nil {
	return err
	}
	if c.OwnerID != u.ID {
	return ErrCollectionNotFound
	}

	flashes, _ := getSessionFlashes(app, w, r, nil)
	obj := struct {
	*UserPage
	*Collection
	}{
	UserPage: NewUserPage(app, r, u, "Edit "+c.DisplayTitle(), flashes),
	Collection: c,
	}

	showUserPage(w, "collection", obj)
	return nil
	}

	func updateSettings(app App, w http.ResponseWriter, r http.Request) error {
	reqJSON := IsJSON(r.Header.Get("Content-Type"))

	var s userSettings
	var u *User
	var sess *sessions.Session
	var err error
	if reqJSON {
	accessToken := r.Header.Get("Authorization")
	if accessToken == "" {
	return ErrNoAccessToken
	}

	u, err = app.db.GetAPIUser(accessToken)
	if err != nil {
	return ErrBadAccessToken
	}

	decoder := json.NewDecoder(r.Body)
	err := decoder.Decode(&s)
	if err != nil {
	log.Error("Couldn't parse settings JSON request: %v\n", err)
	return ErrBadJSON
	}

	// Prevent all username updates
	// TODO: support changing username via JSON API request
	s.Username = ""
	} else {
	u, sess = getUserAndSession(app, r)
	if u == nil {
	return ErrNotLoggedIn
	}

	err := r.ParseForm()
	if err != nil {
	log.Error("Couldn't parse settings form request: %v\n", err)
	return ErrBadFormData
	}

	err = app.formDecoder.Decode(&s, r.PostForm)
	if err != nil {
	log.Error("Couldn't decode settings form request: %v\n", err)
	return ErrBadFormData
	}
	}

	// Do update
	postUpdateReturn := r.FormValue("return")
	redirectTo := "/me/settings"
	if s.IsLogOut {
	redirectTo += "?logout=1"
	} else if postUpdateReturn != "" {
	redirectTo = postUpdateReturn
	}

	// Only do updates on values we need
	if s.Username != "" && s.Username == u.Username {
	// Username hasn't actually changed; blank it out
	s.Username = ""
	}
	err = app.db.ChangeSettings(app, u, &s)
	if err != nil {
	if reqJSON {
	return err
	}

	if err, ok := err.(impart.HTTPError); ok {
	addSessionFlash(app, w, r, err.Message, nil)
	}
	} else {
	// Successful update.
	if reqJSON {
	return impart.WriteSuccess(w, u, http.StatusOK)
	}

	if s.IsLogOut {
	redirectTo = "/me/logout"
	} else {
	sess.Values[cookieUserVal] = u.Cookie()
	addSessionFlash(app, w, r, "Account updated.", nil)
	}
	}

	w.Header().Set("Location", redirectTo)
	w.WriteHeader(http.StatusFound)
	return nil
	}

	func updatePassphrase(app App, w http.ResponseWriter, r http.Request) error {
	accessToken := r.Header.Get("Authorization")
	if accessToken == "" {
	return ErrNoAccessToken
	}

	curPass := r.FormValue("current")
	newPass := r.FormValue("new")
	// Ensure a new password is given (always required)
	if newPass == "" {
	return impart.HTTPError{http.StatusBadRequest, "Provide a new password."}
	}

	userID, sudo := app.db.GetUserIDPrivilege(accessToken)
	if userID == -1 {
	return ErrBadAccessToken
	}

	// Ensure a current password is given if the access token doesn't have sudo
	// privileges.
	if !sudo && curPass == "" {
	return impart.HTTPError{http.StatusBadRequest, "Provide current password."}
	}

	// Hash the new password
	hashedPass, err := auth.HashPass([]byte(newPass))
	if err != nil {
	return impart.HTTPError{http.StatusInternalServerError, "Could not create password hash."}
	}

	// Do update
	err = app.db.ChangePassphrase(userID, sudo, curPass, hashedPass)
	if err != nil {
	return err
	}

	return impart.WriteSuccess(w, struct{}{}, http.StatusOK)
	}

	func viewStats(app App, u User, w http.ResponseWriter, r *http.Request) error {
	var c *Collection
	var err error
	vars := mux.Vars(r)
	alias := vars["collection"]
	if alias != "" {
	c, err = app.db.GetCollection(alias)
	if err != nil {
	return err
	}
	if c.OwnerID != u.ID {
	return ErrCollectionNotFound
	}
	}

	topPosts, err := app.db.GetTopPosts(u, alias)
	if err != nil {
	log.Error("Unable to get top posts: %v", err)
	return err
	}

	flashes, _ := getSessionFlashes(app, w, r, nil)
	titleStats := ""
	if c != nil {
	titleStats = c.DisplayTitle() + " "
	}

	obj := struct {
	*UserPage
	VisitsBlog string
	Collection *Collection
	TopPosts *[]PublicPost
	APFollowers int
	}{
	UserPage: NewUserPage(app, r, u, titleStats+"Stats", flashes),
	VisitsBlog: alias,
	Collection: c,
	TopPosts: topPosts,
	}
	if app.cfg.App.Federation {
	folls, err := app.db.GetAPFollowers(c)
	if err != nil {
	return err
	}
	obj.APFollowers = len(*folls)
	}

	showUserPage(w, "stats", obj)
	return nil
	}

	func viewSettings(app App, u User, w http.ResponseWriter, r *http.Request) error {
	fullUser, err := app.db.GetUserByID(u.ID)
	if err != nil {
	log.Error("Unable to get user for settings: %s", err)
	return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}
	}

	passIsSet, err := app.db.IsUserPassSet(u.ID)
	if err != nil {
	log.Error("Unable to get isUserPassSet for settings: %s", err)
	return impart.HTTPError{http.StatusInternalServerError, "Unable to retrieve user data. The humans have been alerted."}
	}

	flashes, _ := getSessionFlashes(app, w, r, nil)

	obj := struct {
	*UserPage
	Email string
	HasPass bool
	IsLogOut bool
	}{
	UserPage: NewUserPage(app, r, u, "Account Settings", flashes),
	Email: fullUser.EmailClear(app.keys),
	HasPass: passIsSet,
	IsLogOut: r.FormValue("logout") == "1",
	}

	showUserPage(w, "settings", obj)
	return nil
	}

	func saveTempInfo(app App, key, val string, r http.Request, w http.ResponseWriter) error {
	session, err := app.sessionStore.Get(r, "t")
	if err != nil {
	return ErrInternalCookieSession
	}

	session.Values[key] = val
	err = session.Save(r, w)
	if err != nil {
	log.Error("Couldn't saveTempInfo for key-val (%s:%s): %v", key, val, err)
	}
	return err
	}

	func getTempInfo(app App, key string, r http.Request, w http.ResponseWriter) string {
	session, err := app.sessionStore.Get(r, "t")
	if err != nil {
	return ""
	}

	// Get the information
	var s = ""
	var ok bool
	if s, ok = session.Values[key].(string); !ok {
	return ""
	}

	// Delete cookie
	session.Options.MaxAge = -1
	err = session.Save(r, w)
	if err != nil {
	log.Error("Couldn't erase temp data for key %s: %v", key, err)
	}

	// Return value
	return s
	}
	diff --git a/account_import.go b/account_import.go
	new file mode 100644
	index 0000000..c8fe8a2
	--- /dev/null
	+++ b/account_import.go
	@@ -0,0 +1,134 @@
	+package writefreely
	+
	+import (
	+ "fmt"
	+ "html/template"
	+ "io"
	+ "io/ioutil"
	+ "net/http"
	+ "os"
	+ "path/filepath"
	+
	+ "github.com/hashicorp/go-multierror"
	+ "github.com/writeas/impart"
	+ wfimport "github.com/writeas/import"
	+ "github.com/writeas/web-core/log"
	+)
	+
	+func viewImport(app App, u User, w http.ResponseWriter, r *http.Request) error {
	+ // Fetch extra user data
	+ p := NewUserPage(app, r, u, "Import", nil)
	+
	+ c, err := app.db.GetCollections(u)
	+ if err != nil {
	+ return impart.HTTPError{http.StatusInternalServerError, fmt.Sprintf("unable to fetch collections: %v", err)}
	+ }
	+
	+ d := struct {
	+ *UserPage
	+ Collections *[]Collection
	+ Flashes []template.HTML
	+ }{
	+ UserPage: p,
	+ Collections: c,
	+ Flashes: []template.HTML{},
	+ }
	+
	+ flashes, _ := getSessionFlashes(app, w, r, nil)
	+ for _, flash := range flashes {
	+ d.Flashes = append(d.Flashes, template.HTML(flash))
	+ }
	+
	+ showUserPage(w, "import", d)
	+ return nil
	+}
	+
	+func handleImport(app App, u User, w http.ResponseWriter, r *http.Request) error {
	+ // limit 10MB per submission
	+ r.ParseMultipartForm(10 << 20)
	+ files := r.MultipartForm.File["files"]
	+ var fileErrs []error
	+ for _, formFile := range files {
	+ // TODO: count uploaded files that succeed and report back with message
	+ file, err := formFile.Open()
	+ if err != nil {
	+ fileErrs = append(fileErrs, fmt.Errorf("failed to open form file: %s", formFile.Filename))
	+ log.Error("import textfile: open from form: %v", err)
	+ continue
	+ }
	+ defer file.Close()
	+
	+ tempFile, err := ioutil.TempFile("", "post-upload-*.txt")
	+ if err != nil {
	+ fileErrs = append(fileErrs, fmt.Errorf("failed to create temporary file for: %s", formFile.Filename))
	+ log.Error("import textfile: create temp file: %v", err)
	+ continue
	+ }
	+ defer tempFile.Close()
	+
	+ _, err = io.Copy(tempFile, file)
	+ if err != nil {
	+ fileErrs = append(fileErrs, fmt.Errorf("failed to copy file into temporary location: %s", formFile.Filename))
	+ log.Error("import textfile: copy to temp: %v", err)
	+ continue
	+ }
	+
	+ info, err := tempFile.Stat()
	+ if err != nil {
	+ fileErrs = append(fileErrs, fmt.Errorf("failed to get file info of: %s", formFile.Filename))
	+ log.Error("import textfile: stat temp file: %v", err)
	+ continue
	+ }
	+ post, err := wfimport.FromFile(filepath.Join(os.TempDir(), info.Name()))
	+ if err == wfimport.ErrEmptyFile {
	+ // not a real error so don't log
	+ _ = addSessionFlash(app, w, r, fmt.Sprintf("%s was empty, import skipped", formFile.Filename), nil)
	+ continue
	+ } else if err != nil {
	+ fileErrs = append(fileErrs, fmt.Errorf("failed to read copy of %s", formFile.Filename))
	+ log.Error("import textfile: file to post: %v", err)
	+ continue
	+ }
	+
	+ post.Collection = r.PostFormValue("collection")
	+ coll, _ := app.db.GetCollection(post.Collection)
	+ if coll == nil {
	+ coll = &Collection{
	+ ID: 0,
	+ }
	+ }
	+
	+ submittedPost := SubmittedPost{
	+ Title: &post.Title,
	+ Content: &post.Content,
	+ Font: "norm",
	+ }
	+ if coll.ID != 0 && app.cfg.App.Federation {
	+ token, err := app.db.GetAccessToken(u.ID)
	+ if err != nil {
	+ fileErrs = append(fileErrs, fmt.Errorf("failed to authenticate uploading: %s", formFile.Filename))
	+ log.Error("import textfile: get accesstoken: %+v", err)
	+ continue
	+ }
	+ ownedPost, err := app.db.CreateOwnedPost(&submittedPost, token, coll.Alias, app.cfg.App.Host)
	+ if err != nil {
	+ fileErrs = append(fileErrs, fmt.Errorf("failed to create owned post for %s", formFile.Filename))
	+ log.Error("import textfile: create owned post: %v", err)
	+ continue
	+ }
	+ go federatePost(app, ownedPost, coll.ID, false)
	+ } else {
	+ _, err = app.db.CreatePost(u.ID, coll.ID, &submittedPost)
	+ if err != nil {
	+ fileErrs = append(fileErrs, fmt.Errorf("failed to create post from %s", formFile.Filename))
	+ log.Error("import textfile: create db post: %v", err)
	+ continue
	+ }
	+ }
	+ }
	+ if len(fileErrs) != 0 {
	+ _ = addSessionFlash(app, w, r, multierror.ListFormatFunc(fileErrs), nil)
	+ }
	+
	+ return impart.HTTPError{http.StatusFound, "/me/import"}
	+}
	diff --git a/go.mod b/go.mod
	index cc5fc57..8c62e9e 100644
	--- a/go.mod
	+++ b/go.mod
	@@ -1,80 +1,82 @@
	module github.com/writeas/writefreely

	require (
	github.com/BurntSushi/toml v0.3.1 // indirect
	github.com/Unknwon/com v0.0.0-20181010210213-41959bdd855f // indirect
	github.com/Unknwon/i18n v0.0.0-20171114194641-b64d33658966 // indirect
	github.com/alecthomas/gometalinter v3.0.0+incompatible // indirect
	github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf // indirect
	github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737 // indirect
	github.com/captncraig/cors v0.0.0-20180620154129-376d45073b49 // indirect
	github.com/clbanning/mxj v1.8.4 // indirect
	github.com/dustin/go-humanize v1.0.0
	github.com/fatih/color v1.7.0
	github.com/go-macaron/cache v0.0.0-20151013081102-561735312776 // indirect
	github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191 // indirect
	github.com/go-macaron/session v0.0.0-20190131233854-0a0a789bf193 // indirect
	github.com/go-sql-driver/mysql v1.4.1
	github.com/go-test/deep v1.0.1 // indirect
	github.com/gogits/gogs v0.11.86
	github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561 // indirect
	github.com/gogs/go-libravatar v0.0.0-20161120025154-cd1abbd55d09 // indirect
	github.com/gogs/gogs v0.11.86 // indirect
	github.com/gogs/minwinsvc v0.0.0-20170301035411-95be6356811a // indirect
	github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e // indirect
	github.com/gorilla/feeds v1.1.0
	github.com/gorilla/mux v1.7.0
	github.com/gorilla/schema v1.0.2
	github.com/gorilla/sessions v1.1.3
	github.com/guregu/null v3.4.0+incompatible
	+ github.com/hashicorp/go-multierror v1.0.0
	github.com/ikeikeikeike/go-sitemap-generator v1.0.1
	github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2
	github.com/imdario/mergo v0.3.7 // indirect
	github.com/jteeuwen/go-bindata v3.0.7+incompatible // indirect
	github.com/jtolds/gls v4.2.1+incompatible // indirect
	github.com/kylemcc/twitter-text-go v0.0.0-20180726194232-7f582f6736ec
	github.com/lunixbochs/vtclean v1.0.0 // indirect
	github.com/manifoldco/promptui v0.3.2
	github.com/mattn/go-colorable v0.1.0 // indirect
	github.com/mattn/go-sqlite3 v1.10.0
	github.com/mcuadros/go-version v0.0.0-20180611085657-6d5863ca60fa // indirect
	github.com/microcosm-cc/bluemonday v1.0.2
	github.com/mitchellh/go-wordwrap v1.0.0
	github.com/nicksnyder/go-i18n v1.10.0 // indirect
	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d
	github.com/pelletier/go-toml v1.2.0 // indirect
	github.com/pkg/errors v0.8.1 // indirect
	github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be // indirect
	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
	github.com/shurcooL/sanitized_anchor_name v1.0.0 // indirect
	github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 // indirect
	github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c // indirect
	github.com/stretchr/testify v1.3.0 // indirect
	github.com/writeas/activity v0.1.2
	github.com/writeas/go-strip-markdown v2.0.1+incompatible
	github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2
	github.com/writeas/httpsig v1.0.0
	github.com/writeas/impart v1.1.0
	+ github.com/writeas/import v0.0.0-20190815235139-628d10daaa9e
	github.com/writeas/monday v0.0.0-20181024183321-54a7dd579219
	github.com/writeas/nerds v1.0.0
	github.com/writeas/openssl-go v1.0.0 // indirect
	github.com/writeas/saturday v1.7.1
	github.com/writeas/slug v1.2.0
	github.com/writeas/web-core v1.0.0
	github.com/writefreely/go-nodeinfo v1.2.0
	- golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f // indirect
	+ golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f
	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 // indirect
	golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 // indirect
	golang.org/x/sys v0.0.0-20190209173611-3b5209105503 // indirect
	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67 // indirect
	google.golang.org/appengine v1.4.0 // indirect
	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c // indirect
	gopkg.in/bufio.v1 v1.0.0-20140618132640-567b2bfa514e // indirect
	gopkg.in/clog.v1 v1.2.0 // indirect
	gopkg.in/ini.v1 v1.41.0
	gopkg.in/macaron.v1 v1.3.2 // indirect
	gopkg.in/redis.v2 v2.3.2 // indirect
	gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0 // indirect
	gopkg.in/yaml.v2 v2.2.2 // indirect
	)
	diff --git a/go.sum b/go.sum
	index 8898bec..30e4a9d 100644
	--- a/go.sum
	+++ b/go.sum
	@@ -1,214 +1,226 @@
	+code.as/core/socks v1.0.0 h1:SPQXNp4SbEwjOAP9VzUahLHak8SDqy5n+9cm9tpjZOs=
	+code.as/core/socks v1.0.0/go.mod h1:BAXBy5O9s2gmw6UxLqNJcVbWY7C/UPs+801CcSsfWOY=
	github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
	github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
	github.com/Unknwon/com v0.0.0-20181010210213-41959bdd855f h1:m1tYqjD/N0vF/S8s/ZKz/eccUr8RAAcrOK2MhXeTegA=
	github.com/Unknwon/com v0.0.0-20181010210213-41959bdd855f/go.mod h1:KYCjqMOeHpNuTOiFQU6WEcTG7poCJrUs0YgyHNtn1no=
	github.com/Unknwon/i18n v0.0.0-20171114194641-b64d33658966 h1:Mp8GNJ/tdTZIEdLdZfykEJaL3mTyEYrSzYNcdoQKpJk=
	github.com/Unknwon/i18n v0.0.0-20171114194641-b64d33658966/go.mod h1:SFtfq0zFPsENI7DpE87QM2hcYu5QQ0fRdCgP+P1Hrqo=
	github.com/alecthomas/gometalinter v2.0.11+incompatible/go.mod h1:qfIpQGGz3d+NmgyPBqv+LSh50emm1pt72EtcX2vKYQk=
	github.com/alecthomas/gometalinter v3.0.0+incompatible h1:e9Zfvfytsw/e6Kd/PYd75wggK+/kX5Xn8IYDUKyc5fU=
	github.com/alecthomas/gometalinter v3.0.0+incompatible/go.mod h1:qfIpQGGz3d+NmgyPBqv+LSh50emm1pt72EtcX2vKYQk=
	github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf h1:qet1QNfXsQxTZqLG4oE62mJzwPIB8+Tee4RNCL9ulrY=
	github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
	github.com/beevik/etree v1.1.0 h1:T0xke/WvNtMoCqgzPhkX2r4rjY3GDZFi+FjpRZY2Jbs=
	github.com/beevik/etree v1.1.0/go.mod h1:r8Aw8JqVegEf0w2fDnATrX9VpkMcyFeM0FhwO62wh+A=
	github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737 h1:rRISKWyXfVxvoa702s91Zl5oREZTrR3yv+tXrrX7G/g=
	github.com/bradfitz/gomemcache v0.0.0-20180710155616-bc664df96737/go.mod h1:PmM6Mmwb0LSuEubjR8N7PtNe1KxZLtOUHtbeikc5h60=
	github.com/captncraig/cors v0.0.0-20180620154129-376d45073b49 h1:jWNY1NDg6a/c8RSXkai7IX6UOhir0LD39I4Dukg+4Ks=
	github.com/captncraig/cors v0.0.0-20180620154129-376d45073b49/go.mod h1:EIlIeMufZ8nqdUhnesledB15xLRl4wIJUppwDLPrdrQ=
	github.com/chzyer/logex v1.1.10 h1:Swpa1K6QvQznwJRcfTfQJmTE72DqScAa40E+fbHEXEE=
	github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e h1:fY5BOSpyZCqRo5OhCuC+XN+r/bBCmeuuJtjz+bCNIf8=
	github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
	github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1 h1:q763qf9huN11kDQavWsoZXJNW3xEE4JJyHa5Q25/sd8=
	github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
	github.com/clbanning/mxj v1.8.3/go.mod h1:BVjHeAH+rl9rs6f+QIpeRl0tfu10SXn1pUSa5PVGJng=
	github.com/clbanning/mxj v1.8.4 h1:HuhwZtbyvyOw+3Z1AowPkU87JkJUSv751ELWaiTpj8I=
	github.com/clbanning/mxj v1.8.4/go.mod h1:BVjHeAH+rl9rs6f+QIpeRl0tfu10SXn1pUSa5PVGJng=
	github.com/client9/misspell v0.3.4 h1:ta993UF76GwbvJcIo3Y68y/M3WxlpEHPWIGDkJYwzJI=
	github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
	github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
	github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
	github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
	github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo=
	github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk=
	github.com/fatih/color v1.7.0 h1:DkWD4oS2D8LGGgTQ6IvwJJXSL5Vp2ffcQg58nFV38Ys=
	github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
	github.com/fatih/structs v1.1.0 h1:Q7juDM0QtcnhCpeyLGQKyg4TOIghuNXrkL32pHAUMxo=
	github.com/fatih/structs v1.1.0/go.mod h1:9NiDSp5zOcgEDl+j00MP/WkGVPOlPRLejGD8Ga6PJ7M=
	github.com/go-fed/httpsig v0.1.0/go.mod h1:T56HUNYZUQ1AGUzhAYPugZfp36sKApVnGBgKlIY+aIE=
	github.com/go-macaron/cache v0.0.0-20151013081102-561735312776 h1:UYIHS1r0WotqB5cIa0PAiV0m6GzD9rDBcn4alp5JgCw=
	github.com/go-macaron/cache v0.0.0-20151013081102-561735312776/go.mod h1:hHAsZm/oBZVcY+S7qdQL6Vbg5VrXF6RuKGuqsszt3Ok=
	github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191 h1:NjHlg70DuOkcAMqgt0+XA+NHwtu66MkTVVgR4fFWbcI=
	github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191/go.mod h1:VFI2o2q9kYsC4o7VP1HrEVosiZZTd+MVT3YZx4gqvJw=
	github.com/go-macaron/session v0.0.0-20190131233854-0a0a789bf193 h1:z/nqwd+ql/r6Q3QGnwNd6B89UjPytM0be5pDQV9TuWw=
	github.com/go-macaron/session v0.0.0-20190131233854-0a0a789bf193/go.mod h1:ScEJm9Gk+ez5JJTml5WlBIqavAfuE5nF8e4Gvyz/X+A=
	github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
	github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
	github.com/go-test/deep v1.0.1 h1:UQhStjbkDClarlmv0am7OXXO4/GaPdCGiUiMTvi28sg=
	github.com/go-test/deep v1.0.1/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA=
	github.com/gogits/gogs v0.11.86 h1:IujCpA+F/mYDXTcqdy593rl2donWakAWoL2HYZn7spw=
	github.com/gogits/gogs v0.11.86/go.mod h1:H8FMbPPb+o/TgI6YnmQmT8nmEIHypXDau+f2CChYoCk=
	github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561 h1:aBzukfDxQlCTVS0NBUjI5YA3iVeaZ9Tb5PxNrrIP1xs=
	github.com/gogs/chardet v0.0.0-20150115103509-2404f7772561/go.mod h1:Pcatq5tYkCW2Q6yrR2VRHlbHpZ/R4/7qyL1TCF7vl14=
	github.com/gogs/go-libravatar v0.0.0-20161120025154-cd1abbd55d09 h1:UdOSIHZpkYcajRbfebBYzFDsL3SuqObH3bvKYBqgKmI=
	github.com/gogs/go-libravatar v0.0.0-20161120025154-cd1abbd55d09/go.mod h1:Zas3BtO88pk1cwUfEYlvnl/CRwh0ybDxRWSwRjG8I3w=
	github.com/gogs/gogs v0.11.86 h1:D+dXuY/6XjJ2t74W/dxo7ogx5+xW05Va8sJiQSS4WXA=
	github.com/gogs/gogs v0.11.86/go.mod h1:qlbvdn16XTC6q7eR+thjW+OLdN+mi2PBZ8KqVT39T88=
	github.com/gogs/minwinsvc v0.0.0-20170301035411-95be6356811a h1:8DZwxETOVWIinYxDK+i6L+rMb7eGATGaakD6ZucfHVk=
	github.com/gogs/minwinsvc v0.0.0-20170301035411-95be6356811a/go.mod h1:TUIZ+29jodWQ8Gk6Pvtg4E09aMsc3C/VLZiVYfUhWQU=
	github.com/golang/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
	github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1 h1:6DVPu65tee05kY0/rciBQ47ue+AnuY8KTayV6VHikIo=
	github.com/golang/lint v0.0.0-20181217174547-8f45f776aaf1/go.mod h1:tluoj9z5200jBnyusfRPU2LqT6J+DAorxEvtC7LHB+E=
	github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
	github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf h1:7+FW5aGwISbqUtkfmIpZJGRgNFg2ioYPvFaUxdqpDsg=
	github.com/google/shlex v0.0.0-20181106134648-c34317bd91bf/go.mod h1:RpwtwJQFrIEPstU94h88MWPXP2ektJZ8cZ0YntAmXiE=
	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg=
	github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
	github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc h1:cJlkeAx1QYgO5N80aF5xRGstVsRQwgLR7uA2FnP1ZjY=
	github.com/gordonklaus/ineffassign v0.0.0-20180909121442-1003c8bd00dc/go.mod h1:cuNKsD1zp2v6XfE/orVX2QE1LC+i254ceGcVeDT3pTU=
	github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
	github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
	github.com/gorilla/feeds v1.1.0 h1:pcgLJhbdYgaUESnj3AmXPcB7cS3vy63+jC/TI14AGXk=
	github.com/gorilla/feeds v1.1.0/go.mod h1:Nk0jZrvPFZX1OBe5NPiddPw7CfwF6Q9eqzaBbaightA=
	github.com/gorilla/mux v1.7.0 h1:tOSd0UKHQd6urX6ApfOn4XdBMY6Sh1MfxV3kmaazO+U=
	github.com/gorilla/mux v1.7.0/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
	github.com/gorilla/schema v1.0.2 h1:sAgNfOcNYvdDSrzGHVy9nzCQahG+qmsg+nE8dK85QRA=
	github.com/gorilla/schema v1.0.2/go.mod h1:kgLaKoK1FELgZqMAVxx/5cbj0kT+57qxUrAlIO2eleU=
	github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
	github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
	github.com/gorilla/sessions v1.1.3 h1:uXoZdcdA5XdXF3QzuSlheVRUvjl+1rKY7zBXL68L9RU=
	github.com/gorilla/sessions v1.1.3/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
	github.com/guregu/null v3.4.0+incompatible h1:a4mw37gBO7ypcBlTJeZGuMpSxxFTV9qFfFKgWxQSGaM=
	github.com/guregu/null v3.4.0+incompatible/go.mod h1:ePGpQaN9cw0tj45IR5E5ehMvsFlLlQZAkkOXZurJ3NM=
	+github.com/hashicorp/errwrap v1.0.0 h1:hLrqtEDnRye3+sgx6z4qVLNuviH3MR5aQ0ykNJa/UYA=
	+github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4=
	+github.com/hashicorp/go-multierror v1.0.0 h1:iVjPR7a6H0tWELX5NxNe7bYopibicUzc7uPribsnS6o=
	+github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
	github.com/ikeikeikeike/go-sitemap-generator v1.0.1 h1:49Fn8gro/B12vCY8pf5/+/Jpr3kwB9TvP0MSymo69SY=
	github.com/ikeikeikeike/go-sitemap-generator v1.0.1/go.mod h1:QI+zWsz6yQyxkG9LWNcnu0f7aiAE5tPdsZOsICgmd1c=
	github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2 h1:wIdDEle9HEy7vBPjC6oKz6ejs3Ut+jmsYvuOoAW2pSM=
	github.com/ikeikeikeike/go-sitemap-generator/v2 v2.0.2/go.mod h1:WtaVKD9TeruTED9ydiaOJU08qGoEPP/LyzTKiD3jEsw=
	github.com/imdario/mergo v0.3.7 h1:Y+UAYTZ7gDEuOfhxKWy+dvb5dRQ6rJjFSdX2HZY1/gI=
	github.com/imdario/mergo v0.3.7/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
	github.com/jteeuwen/go-bindata v3.0.7+incompatible h1:91Uy4d9SYVr1kyTJ15wJsog+esAZZl7JmEfTkwmhJts=
	github.com/jteeuwen/go-bindata v3.0.7+incompatible/go.mod h1:JVvhzYOiGBnFSYRyV00iY8q7/0PThjIYav1p9h5dmKs=
	github.com/jtolds/gls v4.2.1+incompatible h1:fSuqC+Gmlu6l/ZYAoZzx2pyucC8Xza35fpRVWLVmUEE=
	github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
	github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a h1:FaWFmfWdAUKbSCtOU2QjDaorUexogfaMgbipgYATUMU=
	github.com/juju/ansiterm v0.0.0-20180109212912-720a0952cc2a/go.mod h1:UJSiEoRfvx3hP73CvoARgeLjaIOjybY9vj8PUPPFGeU=
	github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
	github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
	github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
	github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
	github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
	github.com/kylemcc/twitter-text-go v0.0.0-20180726194232-7f582f6736ec h1:ZXWuspqypleMuJy4bzYEqlMhJnGAYpLrWe5p7W3CdvI=
	github.com/kylemcc/twitter-text-go v0.0.0-20180726194232-7f582f6736ec/go.mod h1:voECJzdraJmolzPBgL9Z7ANwXf4oMXaTCsIkdiPpR/g=
	github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a h1:weJVJJRzAJBFRlAiJQROKQs8oC9vOxvm4rZmBBk0ONw=
	github.com/lunixbochs/vtclean v0.0.0-20180621232353-2d01aacdc34a/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
	github.com/lunixbochs/vtclean v1.0.0 h1:xu2sLAri4lGiovBDQKxl5mrXyESr3gUr5m5SM5+LVb8=
	github.com/lunixbochs/vtclean v1.0.0/go.mod h1:pHhQNgMf3btfWnGBVipUOjRYhoOsdGqdm/+2c2E2WMI=
	github.com/manifoldco/promptui v0.3.2 h1:rir7oByTERac6jhpHUPErHuopoRDvO3jxS+FdadEns8=
	github.com/manifoldco/promptui v0.3.2/go.mod h1:8JU+igZ+eeiiRku4T5BjtKh2ms8sziGpSYl1gN8Bazw=
	github.com/mattn/go-colorable v0.0.9 h1:UVL0vNpWh04HeJXV0KLcaT7r06gOH2l4OW6ddYRUIY4=
	github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
	github.com/mattn/go-colorable v0.1.0 h1:v2XXALHHh6zHfYTJ+cSkwtyffnaOyR1MXaA91mTrb8o=
	github.com/mattn/go-colorable v0.1.0/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU=
	github.com/mattn/go-isatty v0.0.4 h1:bnP0vzxcAdeI1zdubAl5PjU6zsERjGZb7raWodagDYs=
	github.com/mattn/go-isatty v0.0.4/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4=
	github.com/mattn/go-sqlite3 v1.10.0 h1:jbhqpg7tQe4SupckyijYiy0mJJ/pRyHvXf7JdWK860o=
	github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
	github.com/mcuadros/go-version v0.0.0-20180611085657-6d5863ca60fa h1:XvNrttGMJfVrUqblGju4IkjYXwx6l5OAAyjaIsydzsk=
	github.com/mcuadros/go-version v0.0.0-20180611085657-6d5863ca60fa/go.mod h1:76rfSfYPWj01Z85hUf/ituArm797mNKcvINh1OlsZKo=
	github.com/microcosm-cc/bluemonday v1.0.2 h1:5lPfLTTAvAbtS0VqT+94yOtFnGfUWYyx0+iToC3Os3s=
	github.com/microcosm-cc/bluemonday v1.0.2/go.mod h1:iVP4YcDBq+n/5fb23BhYFvIMq/leAFZyRl6bYmGDlGc=
	github.com/mitchellh/go-wordwrap v1.0.0 h1:6GlHJ/LTGMrIJbwgdqdl2eEH8o+Exx/0m8ir9Gns0u4=
	github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo=
	github.com/nicksnyder/go-i18n v1.10.0 h1:5AzlPKvXBH4qBzmZ09Ua9Gipyruv6uApMcrNZdo96+Q=
	github.com/nicksnyder/go-i18n v1.10.0/go.mod h1:HrK7VCrbOvQoUAQ7Vpy7i87N7JZZZ7R2xBGjv0j365Q=
	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d h1:VhgPp6v9qf9Agr/56bj7Y/xa04UccTW04VP0Qed4vnQ=
	github.com/nu7hatch/gouuid v0.0.0-20131221200532-179d4d0c4d8d/go.mod h1:YUTz3bUH2ZwIWBy3CJBeOBEugqcmXREj14T+iG/4k4U=
	github.com/pelletier/go-toml v1.2.0 h1:T5zMGML61Wp+FlcbWjRDT7yAxhJNAiPPLOFECq181zc=
	github.com/pelletier/go-toml v1.2.0/go.mod h1:5z9KED0ma1S8pY6P1sdut58dfprrGBbd/94hg7ilaic=
	github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
	github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
	github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
	github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
	github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be h1:ta7tUOvsPHVHGom5hKW5VXNc2xZIkfCKP8iaqOyYtUQ=
	github.com/rainycape/unidecode v0.0.0-20150907023854-cb7f23ec59be/go.mod h1:MIDFMn7db1kT65GmV94GzpX9Qdi7N/pQlwb+AN8wh+Q=
	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca h1:NugYot0LIVPxTvN8n+Kvkn6TrbMyxQiuvKdEwFdR9vI=
	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca/go.mod h1:uugorj2VCxiV1x+LzaIdVa9b4S4qGAcH6cbhh4qVxOU=
	github.com/shurcooL/sanitized_anchor_name v1.0.0 h1:PdmoCO6wvbs+7yrJyMORt4/BmY5IYyJwS/kOiWx8mHo=
	github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
	github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 h1:Jpy1PXuP99tXNrhbq2BaPz9B+jNAvH1JPQQpG/9GCXY=
	github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
	github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c h1:Ho+uVpkel/udgjbwB5Lktg9BtvJSh2DT0Hi6LPSyI2w=
	github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s=
	github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
	github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
	github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
	github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
	github.com/tsenart/deadcode v0.0.0-20160724212837-210d2dc333e9 h1:vY5WqiEon0ZSTGM3ayVVi+twaHKHDFUVloaQ/wug9/c=
	github.com/tsenart/deadcode v0.0.0-20160724212837-210d2dc333e9/go.mod h1:q+QjxYvZ+fpjMXqs+XEriussHjSYqeXVnAdSV1tkMYk=
	github.com/writeas/activity v0.1.2 h1:Y12B5lIrabfqKE7e7HFCWiXrlfXljr9tlkFm2mp7DgY=
	github.com/writeas/activity v0.1.2/go.mod h1:mYYgiewmEM+8tlifirK/vl6tmB2EbjYaxwb+ndUw5T0=
	github.com/writeas/go-strip-markdown v2.0.1+incompatible h1:IIqxTM5Jr7RzhigcL6FkrCNfXkvbR+Nbu1ls48pXYcw=
	github.com/writeas/go-strip-markdown v2.0.1+incompatible/go.mod h1:Rsyu10ZhbEK9pXdk8V6MVnZmTzRG0alMNLMwa0J01fE=
	github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2 h1:DUsp4OhdfI+e6iUqcPQlwx8QYXuUDsToTz/x82D3Zuo=
	github.com/writeas/go-webfinger v0.0.0-20190106002315-85cf805c86d2/go.mod h1:w2VxyRO/J5vfNjJHYVubsjUGHd3RLDoVciz0DE3ApOc=
	+github.com/writeas/go-writeas v1.1.0 h1:WHGm6wriBkxYAOGbvriXH8DlMUGOi6jhSZLUZKQ+4mQ=
	+github.com/writeas/go-writeas v1.1.0/go.mod h1:oh9U1rWaiE0p3kzdKwwvOpNXgp0P0IELI7OLOwV4fkA=
	github.com/writeas/httpsig v1.0.0 h1:peIAoIA3DmlP8IG8tMNZqI4YD1uEnWBmkcC9OFPjt3A=
	github.com/writeas/httpsig v1.0.0/go.mod h1:7ClMGSrSVXJbmiLa17bZ1LrG1oibGZmUMlh3402flPY=
	github.com/writeas/impart v1.1.0 h1:nPnoO211VscNkp/gnzir5UwCDEvdHThL5uELU60NFSE=
	github.com/writeas/impart v1.1.0/go.mod h1:g0MpxdnTOHHrl+Ca/2oMXUHJ0PcRAEWtkCzYCJUXC9Y=
	+github.com/writeas/import v0.0.0-20190815214647-baae8acd8d06 h1:S6oKKP8GhSoyZUvVuhO9UiQ9f+U1aR/x5B4MP7YQHaU=
	+github.com/writeas/import v0.0.0-20190815214647-baae8acd8d06/go.mod h1:f3K8z7YnJwKnPIT4h7980n9C6cQb4DIB2QcxVCTB7lE=
	+github.com/writeas/import v0.0.0-20190815235139-628d10daaa9e h1:31PkvDTWkjzC1nGzWw9uAE92ZfcVyFX/K9L9ejQjnEs=
	+github.com/writeas/import v0.0.0-20190815235139-628d10daaa9e/go.mod h1:f3K8z7YnJwKnPIT4h7980n9C6cQb4DIB2QcxVCTB7lE=
	github.com/writeas/monday v0.0.0-20181024183321-54a7dd579219 h1:baEp0631C8sT2r/hqwypIw2snCFZa6h7U6TojoLHu/c=
	github.com/writeas/monday v0.0.0-20181024183321-54a7dd579219/go.mod h1:NyM35ayknT7lzO6O/1JpfgGyv+0W9Z9q7aE0J8bXxfQ=
	github.com/writeas/nerds v1.0.0 h1:ZzRcCN+Sr3MWID7o/x1cr1ZbLvdpej9Y1/Ho+JKlqxo=
	github.com/writeas/nerds v1.0.0/go.mod h1:Gn2bHy1EwRcpXeB7ZhVmuUwiweK0e+JllNf66gvNLdU=
	github.com/writeas/openssl-go v1.0.0 h1:YXM1tDXeYOlTyJjoMlYLQH1xOloUimSR1WMF8kjFc5o=
	github.com/writeas/openssl-go v1.0.0/go.mod h1:WsKeK5jYl0B5y8ggOmtVjbmb+3rEGqSD25TppjJnETA=
	github.com/writeas/saturday v1.7.1 h1:lYo1EH6CYyrFObQoA9RNWHVlpZA5iYL5Opxo7PYAnZE=
	github.com/writeas/saturday v1.7.1/go.mod h1:ETE1EK6ogxptJpAgUbcJD0prAtX48bSloie80+tvnzQ=
	github.com/writeas/slug v1.2.0 h1:EMQ+cwLiOcA6EtFwUgyw3Ge18x9uflUnOnR6bp/J+/g=
	github.com/writeas/slug v1.2.0/go.mod h1:RE8shOqQP3YhsfsQe0L3RnuejfQ4Mk+JjY5YJQFubfQ=
	github.com/writeas/web-core v1.0.0 h1:5VKkCakQgdKZcbfVKJXtRpc5VHrkflusCl/KRCPzpQ0=
	github.com/writeas/web-core v1.0.0/go.mod h1:Si3chV7VWgY8CsV+3gRolMXSO2Vx1ZFAQ/mkrpvmyEE=
	github.com/writefreely/go-nodeinfo v1.1.0 h1:dp/ieEu0/gTeNKFvJTYhzBBouyFn7aiWtWzkb8J1JLg=
	github.com/writefreely/go-nodeinfo v1.1.0/go.mod h1:UTvE78KpcjYOlRHupZIiSEFcXHioTXuacCbHU+CAcPg=
	github.com/writefreely/go-nodeinfo v1.2.0 h1:La+YbTCvmpTwFhBSlebWDDL81N88Qf/SCAvRLR7F8ss=
	github.com/writefreely/go-nodeinfo v1.2.0/go.mod h1:UTvE78KpcjYOlRHupZIiSEFcXHioTXuacCbHU+CAcPg=
	golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59 h1:hk3yo72LXLapY9EXVttc3Z1rLOxT9IuAPPX3GpY2+jo=
	golang.org/x/crypto v0.0.0-20180527072434-ab813273cd59/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f h1:ETU2VEl7TnT5bl7IvuKEzTDpplg5wzGYsOCAPhdoEIg=
	golang.org/x/crypto v0.0.0-20190208162236-193df9c0f06f/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
	golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1 h1:rJm0LuqUjoDhSk2zO9ISMSToQxGz7Os2jRiOL8AWu4c=
	golang.org/x/lint v0.0.0-20181217174547-8f45f776aaf1/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
	golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
	golang.org/x/net v0.0.0-20181220203305-927f97764cc3 h1:eH6Eip3UpmR+yM/qI9Ijluzb1bNv/cAU/n+6l8tRSis=
	golang.org/x/net v0.0.0-20181220203305-927f97764cc3/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
	golang.org/x/net v0.0.0-20190206173232-65e2d4e15006 h1:bfLnR+k0tq5Lqt6dflRLcZiz6UaXCMt3vhYJ1l4FQ80=
	golang.org/x/net v0.0.0-20190206173232-65e2d4e15006/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
	golang.org/x/sys v0.0.0-20180525142821-c11f84a56e43/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
	golang.org/x/sys v0.0.0-20181122145206-62eef0e2fa9b/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
	golang.org/x/sys v0.0.0-20190209173611-3b5209105503 h1:5SvYFrOM3W8Mexn9/oA44Ji7vhXAZQ9hiP+1Q/DMrWg=
	golang.org/x/sys v0.0.0-20190209173611-3b5209105503/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
	golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
	golang.org/x/tools v0.0.0-20181122213734-04b5d21e00f1/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67 h1:bPP/rGuN1LUM0eaEwo6vnP6OfIWJzJBulzGUiKLjjSY=
	golang.org/x/tools v0.0.0-20190208222737-3744606dbb67/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
	google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
	google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c h1:vTxShRUnK60yd8DZU+f95p1zSLj814+5CuEh7NjF2/Y=
	gopkg.in/alecthomas/kingpin.v3-unstable v3.0.0-20180810215634-df19058c872c/go.mod h1:3HH7i1SgMqlzxCcBmUHW657sD4Kvv9sC3HpL3YukzwA=
	gopkg.in/bufio.v1 v1.0.0-20140618132640-567b2bfa514e h1:wGA78yza6bu/mWcc4QfBuIEHEtc06xdiU0X8sY36yUU=
	gopkg.in/bufio.v1 v1.0.0-20140618132640-567b2bfa514e/go.mod h1:xsQCaysVCudhrYTfzYWe577fCe7Ceci+6qjO2Rdc0Z4=
	gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
	gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
	gopkg.in/clog.v1 v1.2.0 h1:BHfwHRNQy497iBNsRBassPixSAxRbn2z5KVkdBFbwxc=
	gopkg.in/clog.v1 v1.2.0/go.mod h1:L6fgdpdhFgKX4eGuDvt+N6X2GwZE160NRrIHzvaF8ZM=
	gopkg.in/ini.v1 v1.41.0 h1:Ka3ViY6gNYSKiVy71zXBEqKplnV35ImDLVG+8uoIklE=
	gopkg.in/ini.v1 v1.41.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
	gopkg.in/macaron.v1 v1.3.2 h1:AvWIaPmwBUA87/OWzePkoxeaw6YJWDfBt1pDFPBnLf8=
	gopkg.in/macaron.v1 v1.3.2/go.mod h1:PrsiawTWAGZs6wFbT5hlr7SQ2Ns9h7cUVtcUu4lQOVo=
	gopkg.in/redis.v2 v2.3.2 h1:GPVIIB/JnL1wvfULefy3qXmPu1nfNu2d0yA09FHgwfs=
	gopkg.in/redis.v2 v2.3.2/go.mod h1:4wl9PJ/CqzeHk3LVq1hNLHH8krm3+AXEgut4jVc++LU=
	gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0 h1:POO/ycCATvegFmVuPpQzZFJ+pGZeX22Ufu6fibxDVjU=
	gopkg.in/yaml.v1 v1.0.0-20140924161607-9f9df34309c0/go.mod h1:WDnlLJ4WF5VGsH/HVa3CI79GS0ol3YnhVnKP89i0kNg=
	gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
	gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
	diff --git a/routes.go b/routes.go
	index 724c532..022a7ea 100644
	--- a/routes.go
	+++ b/routes.go
	@@ -1,204 +1,207 @@
	/*
	* Copyright © 2018-2019 A Bunch Tell LLC.
	*
	* This file is part of WriteFreely.
	*
	* WriteFreely is free software: you can redistribute it and/or modify
	* it under the terms of the GNU Affero General Public License, included
	* in the LICENSE file in this source code package.
	*/

	package writefreely

	import (
	+ "net/http"
	+ "path/filepath"
	+ "strings"
	+
	"github.com/gorilla/mux"
	"github.com/writeas/go-webfinger"
	"github.com/writeas/web-core/log"
	"github.com/writefreely/go-nodeinfo"
	- "net/http"
	- "path/filepath"
	- "strings"
	)

	// InitStaticRoutes adds routes for serving static files.
	// TODO: this should just be a func, not method
	func (app App) InitStaticRoutes(r mux.Router) {
	// Handle static files
	fs := http.FileServer(http.Dir(filepath.Join(app.cfg.Server.StaticParentDir, staticDir)))
	app.shttp = http.NewServeMux()
	app.shttp.Handle("/", fs)
	r.PathPrefix("/").Handler(fs)
	}

	// InitRoutes adds dynamic routes for the given mux.Router.
	func InitRoutes(apper Apper, r mux.Router) mux.Router {
	// Create handler
	handler := NewWFHandler(apper)

	// Set up routes
	hostSubroute := apper.App().cfg.App.Host[strings.Index(apper.App().cfg.App.Host, "://")+3:]
	if apper.App().cfg.App.SingleUser {
	hostSubroute = "{domain}"
	} else {
	if strings.HasPrefix(hostSubroute, "localhost") {
	hostSubroute = "localhost"
	}
	}

	if apper.App().cfg.App.SingleUser {
	log.Info("Adding %s routes (single user)...", hostSubroute)
	} else {
	log.Info("Adding %s routes (multi-user)...", hostSubroute)
	}

	// Primary app routes
	write := r.PathPrefix("/").Subrouter()

	// Federation endpoint configurations
	wf := webfinger.Default(wfResolver{apper.App().db, apper.App().cfg})
	wf.NoTLSHandler = nil

	// Federation endpoints
	// host-meta
	write.HandleFunc("/.well-known/host-meta", handler.Web(handleViewHostMeta, UserLevelReader))
	// webfinger
	write.HandleFunc(webfinger.WebFingerPath, handler.LogHandlerFunc(http.HandlerFunc(wf.Webfinger)))
	// nodeinfo
	niCfg := nodeInfoConfig(apper.App().db, apper.App().cfg)
	ni := nodeinfo.NewService(*niCfg, nodeInfoResolver{apper.App().cfg, apper.App().db})
	write.HandleFunc(nodeinfo.NodeInfoPath, handler.LogHandlerFunc(http.HandlerFunc(ni.NodeInfoDiscover)))
	write.HandleFunc(niCfg.InfoURL, handler.LogHandlerFunc(http.HandlerFunc(ni.NodeInfo)))

	// Set up dyamic page handlers
	// Handle auth
	auth := write.PathPrefix("/api/auth/").Subrouter()
	if apper.App().cfg.App.OpenRegistration {
	auth.HandleFunc("/signup", handler.All(apiSignup)).Methods("POST")
	}
	auth.HandleFunc("/login", handler.All(login)).Methods("POST")
	auth.HandleFunc("/read", handler.WebErrors(handleWebCollectionUnlock, UserLevelNone)).Methods("POST")
	auth.HandleFunc("/me", handler.All(handleAPILogout)).Methods("DELETE")

	// Handle logged in user sections
	me := write.PathPrefix("/me").Subrouter()
	me.HandleFunc("/", handler.Redirect("/me", UserLevelUser))
	me.HandleFunc("/c", handler.Redirect("/me/c/", UserLevelUser)).Methods("GET")
	me.HandleFunc("/c/", handler.User(viewCollections)).Methods("GET")
	me.HandleFunc("/c/{collection}", handler.User(viewEditCollection)).Methods("GET")
	me.HandleFunc("/c/{collection}/stats", handler.User(viewStats)).Methods("GET")
	me.HandleFunc("/posts", handler.Redirect("/me/posts/", UserLevelUser)).Methods("GET")
	me.HandleFunc("/posts/", handler.User(viewArticles)).Methods("GET")
	me.HandleFunc("/posts/export.csv", handler.Download(viewExportPosts, UserLevelUser)).Methods("GET")
	me.HandleFunc("/posts/export.zip", handler.Download(viewExportPosts, UserLevelUser)).Methods("GET")
	me.HandleFunc("/posts/export.json", handler.Download(viewExportPosts, UserLevelUser)).Methods("GET")
	me.HandleFunc("/export", handler.User(viewExportOptions)).Methods("GET")
	me.HandleFunc("/export.json", handler.Download(viewExportFull, UserLevelUser)).Methods("GET")
	+ me.HandleFunc("/import", handler.User(viewImport)).Methods("GET")
	+ me.HandleFunc("/import", handler.User(handleImport)).Methods("POST")
	me.HandleFunc("/settings", handler.User(viewSettings)).Methods("GET")
	me.HandleFunc("/invites", handler.User(handleViewUserInvites)).Methods("GET")
	me.HandleFunc("/logout", handler.Web(viewLogout, UserLevelNone)).Methods("GET")

	write.HandleFunc("/api/me", handler.All(viewMeAPI)).Methods("GET")
	apiMe := write.PathPrefix("/api/me/").Subrouter()
	apiMe.HandleFunc("/", handler.All(viewMeAPI)).Methods("GET")
	apiMe.HandleFunc("/posts", handler.UserAPI(viewMyPostsAPI)).Methods("GET")
	apiMe.HandleFunc("/collections", handler.UserAPI(viewMyCollectionsAPI)).Methods("GET")
	apiMe.HandleFunc("/password", handler.All(updatePassphrase)).Methods("POST")
	apiMe.HandleFunc("/self", handler.All(updateSettings)).Methods("POST")
	apiMe.HandleFunc("/invites", handler.User(handleCreateUserInvite)).Methods("POST")

	// Sign up validation
	write.HandleFunc("/api/alias", handler.All(handleUsernameCheck)).Methods("POST")

	// Handle collections
	write.HandleFunc("/api/collections", handler.All(newCollection)).Methods("POST")
	apiColls := write.PathPrefix("/api/collections/").Subrouter()
	apiColls.HandleFunc("/{alias:[0-9a-zA-Z\\-]+}", handler.AllReader(fetchCollection)).Methods("GET")
	apiColls.HandleFunc("/{alias:[0-9a-zA-Z\\-]+}", handler.All(existingCollection)).Methods("POST", "DELETE")
	apiColls.HandleFunc("/{alias}/posts", handler.AllReader(fetchCollectionPosts)).Methods("GET")
	apiColls.HandleFunc("/{alias}/posts", handler.All(newPost)).Methods("POST")
	apiColls.HandleFunc("/{alias}/posts/{post}", handler.AllReader(fetchPost)).Methods("GET")
	apiColls.HandleFunc("/{alias}/posts/{post:[a-zA-Z0-9]{10}}", handler.All(existingPost)).Methods("POST")
	apiColls.HandleFunc("/{alias}/posts/{post}/{property}", handler.AllReader(fetchPostProperty)).Methods("GET")
	apiColls.HandleFunc("/{alias}/collect", handler.All(addPost)).Methods("POST")
	apiColls.HandleFunc("/{alias}/pin", handler.All(pinPost)).Methods("POST")
	apiColls.HandleFunc("/{alias}/unpin", handler.All(pinPost)).Methods("POST")
	apiColls.HandleFunc("/{alias}/inbox", handler.All(handleFetchCollectionInbox)).Methods("POST")
	apiColls.HandleFunc("/{alias}/outbox", handler.AllReader(handleFetchCollectionOutbox)).Methods("GET")
	apiColls.HandleFunc("/{alias}/following", handler.AllReader(handleFetchCollectionFollowing)).Methods("GET")
	apiColls.HandleFunc("/{alias}/followers", handler.AllReader(handleFetchCollectionFollowers)).Methods("GET")

	// Handle posts
	write.HandleFunc("/api/posts", handler.All(newPost)).Methods("POST")
	posts := write.PathPrefix("/api/posts/").Subrouter()
	posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}", handler.AllReader(fetchPost)).Methods("GET")
	posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}", handler.All(existingPost)).Methods("POST", "PUT")
	posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}", handler.All(deletePost)).Methods("DELETE")
	posts.HandleFunc("/{post:[a-zA-Z0-9]{10}}/{property}", handler.AllReader(fetchPostProperty)).Methods("GET")
	posts.HandleFunc("/claim", handler.All(addPost)).Methods("POST")
	posts.HandleFunc("/disperse", handler.All(dispersePost)).Methods("POST")

	write.HandleFunc("/auth/signup", handler.Web(handleWebSignup, UserLevelNoneRequired)).Methods("POST")
	write.HandleFunc("/auth/login", handler.Web(webLogin, UserLevelNoneRequired)).Methods("POST")

	write.HandleFunc("/admin", handler.Admin(handleViewAdminDash)).Methods("GET")
	write.HandleFunc("/admin/users", handler.Admin(handleViewAdminUsers)).Methods("GET")
	write.HandleFunc("/admin/user/{username}", handler.Admin(handleViewAdminUser)).Methods("GET")
	write.HandleFunc("/admin/pages", handler.Admin(handleViewAdminPages)).Methods("GET")
	write.HandleFunc("/admin/page/{slug}", handler.Admin(handleViewAdminPage)).Methods("GET")
	write.HandleFunc("/admin/update/config", handler.AdminApper(handleAdminUpdateConfig)).Methods("POST")
	write.HandleFunc("/admin/update/{page}", handler.Admin(handleAdminUpdateSite)).Methods("POST")

	// Handle special pages first
	write.HandleFunc("/login", handler.Web(viewLogin, UserLevelNoneRequired))
	write.HandleFunc("/invite/{code}", handler.Web(handleViewInvite, UserLevelNoneRequired)).Methods("GET")
	// TODO: show a reader-specific 404 page if the function is disabled
	write.HandleFunc("/read", handler.Web(viewLocalTimeline, UserLevelReader))
	RouteRead(handler, UserLevelReader, write.PathPrefix("/read").Subrouter())

	draftEditPrefix := ""
	if apper.App().cfg.App.SingleUser {
	draftEditPrefix = "/d"
	write.HandleFunc("/me/new", handler.Web(handleViewPad, UserLevelOptional)).Methods("GET")
	} else {
	write.HandleFunc("/new", handler.Web(handleViewPad, UserLevelOptional)).Methods("GET")
	}

	// All the existing stuff
	write.HandleFunc(draftEditPrefix+"/{action}/edit", handler.Web(handleViewPad, UserLevelOptional)).Methods("GET")
	write.HandleFunc(draftEditPrefix+"/{action}/meta", handler.Web(handleViewMeta, UserLevelOptional)).Methods("GET")
	// Collections
	if apper.App().cfg.App.SingleUser {
	RouteCollections(handler, write.PathPrefix("/").Subrouter())
	} else {
	write.HandleFunc("/{prefix:[@~$!\\-+]}{collection}", handler.Web(handleViewCollection, UserLevelReader))
	write.HandleFunc("/{collection}/", handler.Web(handleViewCollection, UserLevelReader))
	RouteCollections(handler, write.PathPrefix("/{prefix:[@~$!\\-+]?}{collection}").Subrouter())
	// Posts
	}
	write.HandleFunc(draftEditPrefix+"/{post}", handler.Web(handleViewPost, UserLevelOptional))
	write.HandleFunc("/", handler.Web(handleViewHome, UserLevelOptional))
	return r
	}

	func RouteCollections(handler Handler, r mux.Router) {
	r.HandleFunc("/page/{page:[0-9]+}", handler.Web(handleViewCollection, UserLevelReader))
	r.HandleFunc("/tag:{tag}", handler.Web(handleViewCollectionTag, UserLevelReader))
	r.HandleFunc("/tag:{tag}/feed/", handler.Web(ViewFeed, UserLevelReader))
	r.HandleFunc("/tags/{tag}", handler.Web(handleViewCollectionTag, UserLevelReader))
	r.HandleFunc("/sitemap.xml", handler.AllReader(handleViewSitemap))
	r.HandleFunc("/feed/", handler.AllReader(ViewFeed))
	r.HandleFunc("/{slug}", handler.CollectionPostOrStatic)
	r.HandleFunc("/{slug}/edit", handler.Web(handleViewPad, UserLevelUser))
	r.HandleFunc("/{slug}/edit/meta", handler.Web(handleViewMeta, UserLevelUser))
	r.HandleFunc("/{slug}/", handler.Web(handleCollectionPostRedirect, UserLevelReader)).Methods("GET")
	}

	func RouteRead(handler Handler, readPerm UserLevelFunc, r mux.Router) {
	r.HandleFunc("/api/posts", handler.Web(viewLocalTimelineAPI, readPerm))
	r.HandleFunc("/p/{page}", handler.Web(viewLocalTimeline, readPerm))
	r.HandleFunc("/feed/", handler.Web(viewLocalTimelineFeed, readPerm))
	r.HandleFunc("/t/{tag}", handler.Web(viewLocalTimeline, readPerm))
	r.HandleFunc("/a/{post}", handler.Web(handlePostIDRedirect, readPerm))
	r.HandleFunc("/{author}", handler.Web(viewLocalTimeline, readPerm))
	r.HandleFunc("/", handler.Web(viewLocalTimeline, readPerm))
	}
	diff --git a/templates/user/import.tmpl b/templates/user/import.tmpl
	new file mode 100644
	index 0000000..c258783
	--- /dev/null
	+++ b/templates/user/import.tmpl
	@@ -0,0 +1,33 @@
	+{{define "import"}}
	+{{template "header" .}}
	+
	+<div class="snug content-container">
	+ <h2 id="posts-header">Import</h2>
	+ <p>Upload text or markdown files to import as posts.</p>
	+ <div class="formContainer">
	+ <form id="importPosts" class="import" enctype="multipart/form-data" action="/me/import" method="POST">
	+ <label for="file" hidden>Browse files to upload</label>
	+ <input class="fileInput" name="files" type="file" multiple accept=".txt,.md"/>
	+ <br />
	+ <label for="collection">Select a blog to import the posts under.</label>
	+ <select name="collection">
	+ {{range $i, $el := .Collections}}
	+ <option value={{.Alias}}>
	+ {{if .Title}}{{.Title}}{{else}}{{.Alias}}{{end}}
	+ </option>
	+ {{end}}
	+ <option value="" selected>drafts</option>
	+ </select>
	+ <br />
	+ <input type="submit" value="Import" />
	+ </form>
	+ </div>
	+ {{if .Flashes}}
	+ <ul class="errors">
	+ {{range .Flashes}}<li class="urgent">{{.}}</li>{{end}}
	+ </ul>
	+ {{end}}
	+</div>
	+
	+{{template "footer" .}}
	+{{end}}
	\ No newline at end of file
	diff --git a/templates/user/include/header.tmpl b/templates/user/include/header.tmpl
	index 312d0b8..e8fd908 100644
	--- a/templates/user/include/header.tmpl
	+++ b/templates/user/include/header.tmpl
	@@ -1,75 +1,77 @@
	{{define "header"}}<!DOCTYPE HTML>
	<html>
	<head>
	<meta charset="utf-8">

	<title>{{.PageTitle}} {{if .Separator}}{{.Separator}}{{else}}—{{end}} {{.SiteName}}</title>

	<link rel="stylesheet" type="text/css" href="/css/write.css" />
	<link rel="shortcut icon" href="/favicon.ico" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
	<meta name="theme-color" content="#888888" />
	<meta name="apple-mobile-web-app-title" content="{{.SiteName}}">
	<link rel="apple-touch-icon" sizes="152x152" href="/img/touch-icon-152.png">
	<link rel="apple-touch-icon" sizes="167x167" href="/img/touch-icon-167.png">
	<link rel="apple-touch-icon" sizes="180x180" href="/img/touch-icon-180.png">
	</head>
	<body id="me">
	<header{{if .SingleUser}} class="singleuser"{{end}}>
	{{if .SingleUser}}
	<nav id="user-nav">
	<nav class="dropdown-nav">
	<ul><li><a href="/" title="View blog" class="title">{{.SiteName}}</a> <img class="ic-18dp" src="/img/ic_down_arrow_dark@2x.png" />
	<ul>
	<li><a href="/me/c/{{.Username}}">Customize</a></li>
	<li><a href="/me/c/{{.Username}}/stats">Stats</a></li>
	<li class="separator"><hr /></li>
	{{if .IsAdmin}}<li><a href="/admin">Admin</a></li>{{end}}
	<li><a href="/me/settings">Settings</a></li>
	<li><a href="/me/export">Export</a></li>
	+ <li><a href="/me/import">Import</a></li>
	<li class="separator"><hr /></li>
	<li><a href="/me/logout">Log out</a></li>
	</ul></li>
	</ul>
	</nav>
	<nav class="tabs">
	<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>
	<a href="/me/new">New Post</a>
	</nav>
	</nav>
	{{else}}
	<h1><a href="/" title="Return to editor">{{.SiteName}}</a></h1>
	<nav id="user-nav">
	<nav class="dropdown-nav">
	<ul><li><a>{{.Username}}</a> <img class="ic-18dp" src="/img/ic_down_arrow_dark@2x.png" /><ul>
	{{if .IsAdmin}}<li><a href="/admin">Admin dashboard</a></li>{{end}}
	<li><a href="/me/settings">Account settings</a></li>
	<li><a href="/me/export">Export</a></li>
	+ <li><a href="/me/import">Import</a></li>
	{{if .CanInvite}}<li><a href="/me/invites">Invite people</a></li>{{end}}
	<li class="separator"><hr /></li>
	<li><a href="/me/logout">Log out</a></li>
	</ul></li>
	</ul>
	</nav>
	<nav class="tabs">
	<a href="/me/c/"{{if eq .Path "/me/c/"}} class="selected"{{end}}>Blogs</a>
	<a href="/me/posts/"{{if eq .Path "/me/posts/"}} class="selected"{{end}}>Drafts</a>
	</nav>
	</nav>
	{{end}}
	</header>
	<div id="official-writing">
	{{end}}

	{{define "admin-header"}}
	<header class="admin">
	<h1>Admin</h1>
	<nav id="admin">
	<a href="/admin" {{if eq .Path "/admin"}}class="selected"{{end}}>Dashboard</a>
	{{if not .SingleUser}}
	<a href="/admin/users" {{if eq .Path "/admin/users"}}class="selected"{{end}}>Users</a>
	<a href="/admin/pages" {{if eq .Path "/admin/pages"}}class="selected"{{end}}>Pages</a>
	{{end}}
	</nav>
	</header>
	{{end}}

File Metadata

Mime Type: text/x-diff
Expires: Sat, Nov 23, 5:52 PM (20 h, 39 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 3104833

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions