Add vouching

Vouching allows new users to get added to the uploaders group by way of
other people "vouching" for then. This should alleviate privileged
Hackage users, since they were previously the only people that could add
people to the uploaders group.

Author: ysangkok

datafiles/templates/Html/vouch.html.st

@@ -0,0 +1,29 @@
+<!DOCTYPE html>
+<html>
+<head>
+$hackageCssTheme()$
+<title>Vouch for user | Hackage</title>
+</head>
+
+<body>
+$hackagePageHeader()$
+
+<div id="content">
+<h2>Vouch for user</h2>
+
+<p>$msg$</p>
+
+<form action="" method=POST>
+<input type=submit value="Vouch for this user">
+</form>
+
+<p>Vouching cannot be undone! When the user has three vouches, the user
+can upload packages. Note that users are, to a certain degree, held accountable
+for the actions of the users they vouch for. Only vouch for people you know.</p>
+
+<ul>
+  $vouches$
+</ul>
+
+</div>
+</body></html>

hackage-server.cabal

@@ -373,8 +373,9 @@ library lib-server
       Distribution.Server.Features.Search.TermBag
       Distribution.Server.Features.Sitemap.Functions
       Distribution.Server.Features.Votes
-      Distribution.Server.Features.Votes.State
       Distribution.Server.Features.Votes.Render
+      Distribution.Server.Features.Votes.State
+      Distribution.Server.Features.Vouch
       Distribution.Server.Features.RecentPackages
       Distribution.Server.Features.PreferredVersions
       Distribution.Server.Features.PreferredVersions.State

src/Distribution/Server/Features.hs

@@ -51,6 +51,7 @@ import Distribution.Server.Features.Votes               (initVotesFeature)
 import Distribution.Server.Features.Sitemap             (initSitemapFeature)
 import Distribution.Server.Features.UserNotify          (initUserNotifyFeature)
 import Distribution.Server.Features.PackageFeed         (initPackageFeedFeature)
+import Distribution.Server.Features.Vouch               (initVouchFeature)
 #endif
 import Distribution.Server.Features.ServerIntrospect (serverIntrospectFeature)
 
@@ -159,6 +160,8 @@ initHackageFeatures env@ServerEnv{serverVerbosity = verbosity} = do
                                initUserNotifyFeature env
     mkPackageFeedFeature    <- logStartup "package feed" $
                                initPackageFeedFeature env
+    mkVouchFeature          <- logStartup "vouch" $
+                               initVouchFeature env
     mkBrowseFeature         <- logStartup "browse" $
                                initBrowseFeature env
     mkPackageJSONFeature    <- logStartup "package info JSON" $
@@ -359,6 +362,10 @@ initHackageFeatures env@ServerEnv{serverVerbosity = verbosity} = do
                             usersFeature
                             tarIndexCacheFeature
 
+    vouchFeature <- mkVouchFeature
+                      usersFeature
+                      uploadFeature
+
     browseFeature <- mkBrowseFeature
                        coreFeature
                        usersFeature
@@ -415,6 +422,7 @@ initHackageFeatures env@ServerEnv{serverVerbosity = verbosity} = do
          , getFeatureInterface userNotifyFeature
          , getFeatureInterface packageFeedFeature
          , getFeatureInterface packageInfoJSONFeature
+         , getFeatureInterface vouchFeature
 #endif
          , staticFilesFeature
          , serverIntrospectFeature allFeatures

src/Distribution/Server/Features/Vouch.hs

@@ -0,0 +1,218 @@
+{-# LANGUAGE GeneralizedNewtypeDeriving #-}
+{-# LANGUAGE NamedFieldPuns #-}
+{-# LANGUAGE TemplateHaskell #-}
+{-# LANGUAGE TypeFamilies #-}
+{-# LANGUAGE DerivingStrategies #-}
+module Distribution.Server.Features.Vouch where
+
+import Control.Monad (when, join)
+import Control.Monad.Except (runExceptT, throwError)
+import Control.Monad.Reader (ask)
+import Control.Monad.State (get, put)
+import qualified Data.ByteString.Lazy.Char8 as LBS
+import qualified Data.Map.Strict as Map
+import Data.Maybe (fromMaybe)
+import Data.Time (UTCTime(..), addUTCTime, getCurrentTime, nominalDay, secondsToDiffTime)
+import Data.Time.Format.ISO8601 (formatShow, iso8601Format)
+import Text.XHtml.Strict (prettyHtmlFragment, stringToHtml, li)
+
+import Data.SafeCopy (base, deriveSafeCopy)
+import Distribution.Server.Framework ((</>), AcidState, DynamicPath, HackageFeature, IsHackageFeature, IsHackageFeature(..), MemSize)
+import Distribution.Server.Framework (MessageSpan(MText), Method(..), Query, Response, ServerEnv(..), ServerPartE, StateComponent(..), Update)
+import Distribution.Server.Framework (abstractAcidStateComponent, emptyHackageFeature, errBadRequest)
+import Distribution.Server.Framework (featureDesc, featureReloadFiles, featureResources, featureState)
+import Distribution.Server.Framework (liftIO, makeAcidic, openLocalStateFrom, query, queryState, resourceAt, resourceDesc, resourceGet)
+import Distribution.Server.Framework (resourcePost, toResponse, update, updateState)
+import Distribution.Server.Framework.BackupRestore (RestoreBackup(..))
+import Distribution.Server.Framework.Templating (($=), TemplateAttr, getTemplate, loadTemplates, reloadTemplates, templateUnescaped)
+import qualified Distribution.Server.Users.Group as Group
+import Distribution.Server.Users.Types (UserId(..), UserInfo, UserName(..), userName)
+import Distribution.Server.Features.Upload(UploadFeature(..))
+import Distribution.Server.Features.Users (UserFeature(..))
+import Distribution.Simple.Utils (toUTF8LBS)
+
+newtype VouchData = VouchData (Map.Map UserId [(UserId, UTCTime)])
+  deriving (Show, Eq)
+  deriving newtype MemSize
+
+putVouch :: UserId -> (UserId, UTCTime) -> Update VouchData ()
+putVouch vouchee (voucher, now) = do
+  VouchData tbl <- get
+  let oldMap = fromMaybe [] (Map.lookup vouchee tbl)
+      newMap = (voucher, now) : oldMap
+  put $ VouchData (Map.insert vouchee newMap tbl)
+
+getVouchesFor :: UserId -> Query VouchData [(UserId, UTCTime)]
+getVouchesFor needle = do
+  VouchData tbl <- ask
+  pure . fromMaybe [] $ Map.lookup needle tbl
+
+getVouchesData :: Query VouchData VouchData
+getVouchesData = ask
+
+replaceVouchesData :: VouchData -> Update VouchData ()
+replaceVouchesData = put
+
+$(deriveSafeCopy 0 'base ''VouchData)
+
+makeAcidic ''VouchData
+  [ 'putVouch
+  , 'getVouchesFor
+  -- Stock
+  , 'getVouchesData
+  , 'replaceVouchesData
+  ]
+
+vouchStateComponent :: FilePath -> IO (StateComponent AcidState VouchData)
+vouchStateComponent stateDir = do
+  st <- openLocalStateFrom (stateDir </> "db" </> "Vouch") (VouchData mempty)
+  let initialVouchData = VouchData mempty
+      restore =
+        RestoreBackup
+          { restoreEntry = error "Unexpected backup entry"
+          , restoreFinalize = return initialVouchData
+          }
+  pure StateComponent
+    { stateDesc = "Keeps track of vouches"
+    , stateHandle = st
+    , getState = query st GetVouchesData
+    , putState = update st . ReplaceVouchesData
+    , backupState = \_ _ -> []
+    , restoreState = restore
+    , resetState = vouchStateComponent
+    }
+
+data VouchFeature =
+  VouchFeature
+    { vouchFeatureInterface :: HackageFeature
+    }
+
+instance IsHackageFeature VouchFeature where
+  getFeatureInterface = vouchFeatureInterface
+
+requiredCountOfVouches :: Int
+requiredCountOfVouches = 3
+
+isWithinLastMonth :: UTCTime -> (UserId, UTCTime) -> Bool
+isWithinLastMonth now (_, vouchTime) =
+  addUTCTime (30 * nominalDay) vouchTime < now
+
+data Err
+  = NotAnUploader
+  | You'reTooNew
+  | VoucheeAlreadyUploader
+  | AlreadySufficientlyVouched
+  | YouAlreadyVouched
+
+data Success = AddVouchComplete | AddVouchIncomplete
+
+judge :: Group.UserIdSet -> UTCTime -> UserId -> [(UserId, UTCTime)] -> [(UserId, UTCTime)] -> UserId -> Either Err (Either Err Success)
+judge ugroup now vouchee vouchersForVoucher existingVouchers voucher = runExceptT $ do
+  when (not (voucher `Group.member` ugroup)) $
+    throwError NotAnUploader
+  -- You can only vouch for non-uploaders, so if this list has items, the user is uploader because of these vouches.
+  -- Make sure none of them are too recent.
+  when (length vouchersForVoucher >= requiredCountOfVouches && any (isWithinLastMonth now) vouchersForVoucher) $
+    throwError You'reTooNew
+  when (vouchee `Group.member` ugroup) $
+    throwError VoucheeAlreadyUploader
+  when (length existingVouchers >= 3) $
+    throwError AlreadySufficientlyVouched
+  when (voucher `elem` map fst existingVouchers) $
+    throwError YouAlreadyVouched
+  pure $
+    if length existingVouchers == requiredCountOfVouches - 1
+       then AddVouchComplete
+       else AddVouchIncomplete
+
+renderToLBS :: (UserId -> ServerPartE UserInfo) -> [(UserId, UTCTime)] -> ServerPartE TemplateAttr
+renderToLBS lookupUserInfo vouches = do
+  rendered <- traverse renderVouchers vouches
+  pure $
+    templateUnescaped "vouches" $
+      if null rendered
+         then LBS.pack "Nobody has vouched yet."
+         else LBS.intercalate mempty rendered
+  where
+  renderVouchers :: (UserId, UTCTime) -> ServerPartE LBS.ByteString
+  renderVouchers (uid, timestamp) = do
+    info <- lookupUserInfo uid
+    let UserName name = userName info
+        -- We don't need to show millisecond precision
+        -- So we truncate it off here
+        truncated = truncate $ utctDayTime timestamp
+        newUTCTime = timestamp {utctDayTime = secondsToDiffTime truncated}
+    pure . toUTF8LBS . prettyHtmlFragment . li . stringToHtml $ name <> " vouched on " <> formatShow iso8601Format newUTCTime
+
+initVouchFeature :: ServerEnv -> IO (UserFeature -> UploadFeature -> IO VouchFeature)
+initVouchFeature ServerEnv{serverStateDir, serverTemplatesDir, serverTemplatesMode} = do
+  vouchState <- vouchStateComponent serverStateDir
+  templates <- loadTemplates serverTemplatesMode [ serverTemplatesDir, serverTemplatesDir </> "Html"]
+                                                 ["vouch.html"]
+  vouchTemplate <- getTemplate templates "vouch.html"
+  return $ \UserFeature{userNameInPath, lookupUserName, lookupUserInfo, guardAuthenticated}
+            UploadFeature{uploadersGroup} -> do
+    let
+      handleGetVouches :: DynamicPath -> ServerPartE Response
+      handleGetVouches dpath = do
+        uid <- lookupUserName =<< userNameInPath dpath
+        userIds <- queryState vouchState $ GetVouchesFor uid
+        param <- renderToLBS lookupUserInfo userIds
+        pure . toResponse $ vouchTemplate
+          [ "msg" $= ""
+          , param
+          ]
+      handlePostVouch :: DynamicPath -> ServerPartE Response
+      handlePostVouch dpath = do
+        voucher <- guardAuthenticated
+        ugroup <- liftIO $ Group.queryUserGroup uploadersGroup
+        now <- liftIO getCurrentTime
+        vouchee <- lookupUserName =<< userNameInPath dpath
+        vouchersForVoucher <- queryState vouchState $ GetVouchesFor voucher
+        existingVouchers <- queryState vouchState $ GetVouchesFor vouchee
+        case join $ judge ugroup now vouchee vouchersForVoucher existingVouchers voucher of
+          Left NotAnUploader ->
+            errBadRequest "Not an uploader" [MText "You must be an uploader yourself to vouch for other users."]
+          Left You'reTooNew ->
+            errBadRequest "You're too new" [MText "The latest of the vouches for your user must be at least 30 days old."]
+          Left VoucheeAlreadyUploader ->
+            errBadRequest "Vouchee already uploader" [MText "You can't vouch for this user, since they are already an uploader."]
+          Left AlreadySufficientlyVouched ->
+            errBadRequest "Already sufficiently vouched" [MText "There are already a sufficient number of vouches for this user."]
+          Left YouAlreadyVouched ->
+            errBadRequest "Already vouched" [MText "You have already vouched for this user."]
+          Right result -> do
+            updateState vouchState $ PutVouch vouchee (voucher, now)
+            param <- renderToLBS lookupUserInfo $ existingVouchers ++ [(voucher, now)]
+            case result of
+              AddVouchComplete -> do
+                liftIO $ Group.addUserToGroup uploadersGroup vouchee
+                pure . toResponse $ vouchTemplate
+                  [ "msg" $= "Added vouch. User is now an uploader!"
+                  , param
+                  ]
+              AddVouchIncomplete -> do
+                let stillRequired = requiredCountOfVouches - length existingVouchers - 1
+                pure . toResponse $ vouchTemplate
+                  [ "msg" $=
+                         "Added vouch. User still needs "
+                      <> show stillRequired
+                      <> if stillRequired == 1 then " vouch" else " vouches"
+                      <> " to become uploader."
+                  , param
+                  ]
+    return $ VouchFeature $
+      (emptyHackageFeature "vouch")
+        { featureDesc = "Vouching for users getting upload permission."
+        , featureResources =
+          [(resourceAt "/user/:username/vouch")
+            { resourceDesc = [(GET, "list people vouching")
+                             ,(POST, "vouch for user")
+                             ]
+            , resourceGet = [("html", handleGetVouches)]
+            , resourcePost = [("html", handlePostVouch)]
+            }
+          ]
+        , featureState = [ abstractAcidStateComponent vouchState ]
+        , featureReloadFiles = reloadTemplates templates
+        }