Merge branch 'master' into PLT-340

6 files changed, 287 insertions, 39 deletions

diff --git a/api/admin.go b/api/admin.go
index 7a5616ede..8e0a03e4b 100644
--- a/api/admin.go
+++ b/api/admin.go
@@ -26,7 +26,7 @@ func InitAdmin(r *mux.Router) {
 	sr.Handle("/test_email", ApiUserRequired(testEmail)).Methods("POST")
 	sr.Handle("/client_props", ApiAppHandler(getClientConfig)).Methods("GET")
 	sr.Handle("/log_client", ApiAppHandler(logClient)).Methods("POST")
-
+	sr.Handle("/analytics/{id:[A-Za-z0-9]+}/{name:[A-Za-z0-9_]+}", ApiAppHandler(getAnalytics)).Methods("GET")
 }
 
 func getLogs(c *Context, w http.ResponseWriter, r *http.Request) {
@@ -142,3 +142,63 @@ func testEmail(c *Context, w http.ResponseWriter, r *http.Request) {
 	m["SUCCESS"] = "true"
 	w.Write([]byte(model.MapToJson(m)))
 }
+
+func getAnalytics(c *Context, w http.ResponseWriter, r *http.Request) {
+	if !c.HasSystemAdminPermissions("getAnalytics") {
+		return
+	}
+
+	params := mux.Vars(r)
+	teamId := params["id"]
+	name := params["name"]
+
+	if name == "standard" {
+		var rows model.AnalyticsRows = make([]*model.AnalyticsRow, 3)
+		rows[0] = &model.AnalyticsRow{"channel_open_count", 0}
+		rows[1] = &model.AnalyticsRow{"channel_private_count", 0}
+		rows[2] = &model.AnalyticsRow{"post_count", 0}
+		openChan := Srv.Store.Channel().AnalyticsTypeCount(teamId, model.CHANNEL_OPEN)
+		privateChan := Srv.Store.Channel().AnalyticsTypeCount(teamId, model.CHANNEL_PRIVATE)
+		postChan := Srv.Store.Post().AnalyticsPostCount(teamId)
+
+		if r := <-openChan; r.Err != nil {
+			c.Err = r.Err
+			return
+		} else {
+			rows[0].Value = float64(r.Data.(int64))
+		}
+
+		if r := <-privateChan; r.Err != nil {
+			c.Err = r.Err
+			return
+		} else {
+			rows[1].Value = float64(r.Data.(int64))
+		}
+
+		if r := <-postChan; r.Err != nil {
+			c.Err = r.Err
+			return
+		} else {
+			rows[2].Value = float64(r.Data.(int64))
+		}
+
+		w.Write([]byte(rows.ToJson()))
+	} else if name == "post_counts_day" {
+		if r := <-Srv.Store.Post().AnalyticsPostCountsByDay(teamId); r.Err != nil {
+			c.Err = r.Err
+			return
+		} else {
+			w.Write([]byte(r.Data.(model.AnalyticsRows).ToJson()))
+		}
+	} else if name == "user_counts_with_posts_day" {
+		if r := <-Srv.Store.Post().AnalyticsUserCountsWithPostsByDay(teamId); r.Err != nil {
+			c.Err = r.Err
+			return
+		} else {
+			w.Write([]byte(r.Data.(model.AnalyticsRows).ToJson()))
+		}
+	} else {
+		c.SetInvalidParam("getAnalytics", "name")
+	}
+
+}
diff --git a/api/admin_test.go b/api/admin_test.go
index 0e51644d8..0db5caa4c 100644
--- a/api/admin_test.go
+++ b/api/admin_test.go
@@ -150,3 +150,151 @@ func TestEmailTest(t *testing.T) {
 		t.Fatal(err)
 	}
 }
+
+func TestGetAnalyticsStandard(t *testing.T) {
+	Setup()
+
+	team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+	team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team)
+
+	user := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"}
+	user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User)
+	store.Must(Srv.Store.User().VerifyEmail(user.Id))
+
+	Client.LoginByEmail(team.Name, user.Email, "pwd")
+
+	channel1 := &model.Channel{DisplayName: "TestGetPosts", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
+	channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel)
+
+	post1 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a"}
+	post1 = Client.Must(Client.CreatePost(post1)).Data.(*model.Post)
+
+	if _, err := Client.GetAnalytics(team.Id, "standard"); err == nil {
+		t.Fatal("Shouldn't have permissions")
+	}
+
+	c := &Context{}
+	c.RequestId = model.NewId()
+	c.IpAddress = "cmd_line"
+	UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN)
+
+	Client.LoginByEmail(team.Name, user.Email, "pwd")
+
+	if result, err := Client.GetAnalytics(team.Id, "standard"); err != nil {
+		t.Fatal(err)
+	} else {
+		rows := result.Data.(model.AnalyticsRows)
+
+		if rows[0].Name != "channel_open_count" {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[0].Value != 2 {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[1].Name != "channel_private_count" {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[1].Value != 1 {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[2].Name != "post_count" {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+
+		if rows[2].Value != 1 {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+	}
+}
+
+func TestGetPostCount(t *testing.T) {
+	Setup()
+
+	team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+	team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team)
+
+	user := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"}
+	user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User)
+	store.Must(Srv.Store.User().VerifyEmail(user.Id))
+
+	Client.LoginByEmail(team.Name, user.Email, "pwd")
+
+	channel1 := &model.Channel{DisplayName: "TestGetPosts", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
+	channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel)
+
+	post1 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a"}
+	post1 = Client.Must(Client.CreatePost(post1)).Data.(*model.Post)
+
+	if _, err := Client.GetAnalytics(team.Id, "post_counts_day"); err == nil {
+		t.Fatal("Shouldn't have permissions")
+	}
+
+	c := &Context{}
+	c.RequestId = model.NewId()
+	c.IpAddress = "cmd_line"
+	UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN)
+
+	Client.LoginByEmail(team.Name, user.Email, "pwd")
+
+	if result, err := Client.GetAnalytics(team.Id, "post_counts_day"); err != nil {
+		t.Fatal(err)
+	} else {
+		rows := result.Data.(model.AnalyticsRows)
+
+		if rows[0].Value != 1 {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+	}
+}
+
+func TestUserCountsWithPostsByDay(t *testing.T) {
+	Setup()
+
+	team := &model.Team{DisplayName: "Name", Name: "z-z-" + model.NewId() + "a", Email: "test@nowhere.com", Type: model.TEAM_OPEN}
+	team = Client.Must(Client.CreateTeam(team)).Data.(*model.Team)
+
+	user := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"}
+	user = Client.Must(Client.CreateUser(user, "")).Data.(*model.User)
+	store.Must(Srv.Store.User().VerifyEmail(user.Id))
+
+	Client.LoginByEmail(team.Name, user.Email, "pwd")
+
+	channel1 := &model.Channel{DisplayName: "TestGetPosts", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_PRIVATE, TeamId: team.Id}
+	channel1 = Client.Must(Client.CreateChannel(channel1)).Data.(*model.Channel)
+
+	post1 := &model.Post{ChannelId: channel1.Id, Message: "a" + model.NewId() + "a"}
+	post1 = Client.Must(Client.CreatePost(post1)).Data.(*model.Post)
+
+	if _, err := Client.GetAnalytics(team.Id, "user_counts_with_posts_day"); err == nil {
+		t.Fatal("Shouldn't have permissions")
+	}
+
+	c := &Context{}
+	c.RequestId = model.NewId()
+	c.IpAddress = "cmd_line"
+	UpdateRoles(c, user, model.ROLE_SYSTEM_ADMIN)
+
+	Client.LoginByEmail(team.Name, user.Email, "pwd")
+
+	if result, err := Client.GetAnalytics(team.Id, "user_counts_with_posts_day"); err != nil {
+		t.Fatal(err)
+	} else {
+		rows := result.Data.(model.AnalyticsRows)
+
+		if rows[0].Value != 1 {
+			t.Log(rows.ToJson())
+			t.Fatal()
+		}
+	}
+}
diff --git a/api/file.go b/api/file.go
index 94eea516a..f65be145d 100644
--- a/api/file.go
+++ b/api/file.go
@@ -52,6 +52,8 @@ const (
 	RotatedCCW         = 6
 	RotatedCCWMirrored = 7
 	RotatedCW          = 8
+
+	MaxImageSize = 4096 * 2160 // 4k resolution
 )
 
 var fileInfoCache *utils.Cache = utils.NewLru(1000)
@@ -125,6 +127,21 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
 
 		uid := model.NewId()
 
+		if model.IsFileExtImage(filepath.Ext(files[i].Filename)) {
+			imageNameList = append(imageNameList, uid+"/"+filename)
+			imageDataList = append(imageDataList, buf.Bytes())
+
+			// Decode image config first to check dimensions before loading the whole thing into memory later on
+			config, _, err := image.DecodeConfig(bytes.NewReader(buf.Bytes()))
+			if err != nil {
+				c.Err = model.NewAppError("uploadFile", "Unable to upload image file.", err.Error())
+				return
+			} else if config.Width*config.Height > MaxImageSize {
+				c.Err = model.NewAppError("uploadFile", "Unable to upload image file. File is too large.", err.Error())
+				return
+			}
+		}
+
 		path := "teams/" + c.Session.TeamId + "/channels/" + channelId + "/users/" + c.Session.UserId + "/" + uid + "/" + filename
 
 		if err := writeFile(buf.Bytes(), path); err != nil {
@@ -132,11 +149,6 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		if model.IsFileExtImage(filepath.Ext(files[i].Filename)) {
-			imageNameList = append(imageNameList, uid+"/"+filename)
-			imageDataList = append(imageDataList, buf.Bytes())
-		}
-
 		encName := utils.UrlEncode(filename)
 
 		fileUrl := "/" + channelId + "/" + c.Session.UserId + "/" + uid + "/" + encName
diff --git a/api/post.go b/api/post.go
index 79f84e04d..b8588fe6a 100644
--- a/api/post.go
+++ b/api/post.go
@@ -820,45 +820,23 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	plainSearchParams, hashtagSearchParams := model.ParseSearchParams(terms)
+	paramsList := model.ParseSearchParams(terms)
+	channels := []store.StoreChannel{}
 
-	var hchan store.StoreChannel
-	if hashtagSearchParams != nil {
-		hchan = Srv.Store.Post().Search(c.Session.TeamId, c.Session.UserId, hashtagSearchParams)
+	for _, params := range paramsList {
+		channels = append(channels, Srv.Store.Post().Search(c.Session.TeamId, c.Session.UserId, params))
 	}
 
-	var pchan store.StoreChannel
-	if plainSearchParams != nil {
-		pchan = Srv.Store.Post().Search(c.Session.TeamId, c.Session.UserId, plainSearchParams)
-	}
-
-	mainList := &model.PostList{}
-	if hchan != nil {
-		if result := <-hchan; result.Err != nil {
+	posts := &model.PostList{}
+	for _, channel := range channels {
+		if result := <-channel; result.Err != nil {
 			c.Err = result.Err
 			return
 		} else {
-			mainList = result.Data.(*model.PostList)
+			data := result.Data.(*model.PostList)
+			posts.Extend(data)
 		}
 	}
 
-	plainList := &model.PostList{}
-	if pchan != nil {
-		if result := <-pchan; result.Err != nil {
-			c.Err = result.Err
-			return
-		} else {
-			plainList = result.Data.(*model.PostList)
-		}
-	}
-
-	for _, postId := range plainList.Order {
-		if _, ok := mainList.Posts[postId]; !ok {
-			mainList.AddPost(plainList.Posts[postId])
-			mainList.AddOrder(postId)
-		}
-
-	}
-
-	w.Write([]byte(mainList.ToJson()))
+	w.Write([]byte(posts.ToJson()))
 }
diff --git a/api/post_test.go b/api/post_test.go
index ac9d5668b..e54e9ef0c 100644
--- a/api/post_test.go
+++ b/api/post_test.go
@@ -427,12 +427,18 @@ func TestSearchPostsInChannel(t *testing.T) {
 	channel2 := &model.Channel{DisplayName: "TestGetPosts", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
 	channel2 = Client.Must(Client.CreateChannel(channel2)).Data.(*model.Channel)
 
+	channel3 := &model.Channel{DisplayName: "TestGetPosts", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
+	channel3 = Client.Must(Client.CreateChannel(channel3)).Data.(*model.Channel)
+
 	post2 := &model.Post{ChannelId: channel2.Id, Message: "sgtitlereview\n with return"}
 	post2 = Client.Must(Client.CreatePost(post2)).Data.(*model.Post)
 
 	post3 := &model.Post{ChannelId: channel2.Id, Message: "other message with no return"}
 	post3 = Client.Must(Client.CreatePost(post3)).Data.(*model.Post)
 
+	post4 := &model.Post{ChannelId: channel3.Id, Message: "other message with no return"}
+	post4 = Client.Must(Client.CreatePost(post4)).Data.(*model.Post)
+
 	if result := Client.Must(Client.SearchPosts("channel:")).Data.(*model.PostList); len(result.Order) != 0 {
 		t.Fatalf("wrong number of posts returned %v", len(result.Order))
 	}
@@ -476,6 +482,10 @@ func TestSearchPostsInChannel(t *testing.T) {
 	if result := Client.Must(Client.SearchPosts("sgtitlereview channel: " + channel2.Name)).Data.(*model.PostList); len(result.Order) != 1 {
 		t.Fatalf("wrong number of posts returned %v", len(result.Order))
 	}
+
+	if result := Client.Must(Client.SearchPosts("channel: " + channel2.Name + " channel: " + channel3.Name)).Data.(*model.PostList); len(result.Order) != 3 {
+		t.Fatalf("wrong number of posts returned :) %v :) %v", result.Posts, result.Order)
+	}
 }
 
 func TestSearchPostsFromUser(t *testing.T) {
@@ -510,11 +520,12 @@ func TestSearchPostsFromUser(t *testing.T) {
 	post2 := &model.Post{ChannelId: channel2.Id, Message: "sgtitlereview\n with return"}
 	post2 = Client.Must(Client.CreatePost(post2)).Data.(*model.Post)
 
+	// includes "X has joined the channel" messages for both user2 and user3
+
 	if result := Client.Must(Client.SearchPosts("from: " + user1.Username)).Data.(*model.PostList); len(result.Order) != 1 {
 		t.Fatalf("wrong number of posts returned %v", len(result.Order))
 	}
 
-	// note that this includes the "User2 has joined the channel" system messages
 	if result := Client.Must(Client.SearchPosts("from: " + user2.Username)).Data.(*model.PostList); len(result.Order) != 3 {
 		t.Fatalf("wrong number of posts returned %v", len(result.Order))
 	}
@@ -526,6 +537,33 @@ func TestSearchPostsFromUser(t *testing.T) {
 	if result := Client.Must(Client.SearchPosts("from: " + user2.Username + " in:" + channel1.Name)).Data.(*model.PostList); len(result.Order) != 1 {
 		t.Fatalf("wrong number of posts returned %v", len(result.Order))
 	}
+
+	user3 := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"}
+	user3 = Client.Must(Client.CreateUser(user3, "")).Data.(*model.User)
+	store.Must(Srv.Store.User().VerifyEmail(user3.Id))
+
+	Client.LoginByEmail(team.Name, user3.Email, "pwd")
+	Client.Must(Client.JoinChannel(channel1.Id))
+	Client.Must(Client.JoinChannel(channel2.Id))
+
+	// wait for the join/leave messages to be created for user3 since they're done asynchronously
+	time.Sleep(100 * time.Millisecond)
+
+	if result := Client.Must(Client.SearchPosts("from: " + user2.Username)).Data.(*model.PostList); len(result.Order) != 3 {
+		t.Fatalf("wrong number of posts returned %v", len(result.Order))
+	}
+
+	if result := Client.Must(Client.SearchPosts("from: " + user2.Username + " from: " + user3.Username)).Data.(*model.PostList); len(result.Order) != 5 {
+		t.Fatalf("wrong number of posts returned %v", len(result.Order))
+	}
+
+	if result := Client.Must(Client.SearchPosts("from: " + user2.Username + " from: " + user3.Username + " in:" + channel2.Name)).Data.(*model.PostList); len(result.Order) != 3 {
+		t.Fatalf("wrong number of posts returned %v", len(result.Order))
+	}
+
+	if result := Client.Must(Client.SearchPosts("from: " + user2.Username + " from: " + user3.Username + " in:" + channel2.Name + " joined")).Data.(*model.PostList); len(result.Order) != 2 {
+		t.Fatalf("wrong number of posts returned %v", len(result.Order))
+	}
 }
 
 func TestGetPostsCache(t *testing.T) {
diff --git a/api/user.go b/api/user.go
index 06e5336f1..3796a50ee 100644
--- a/api/user.go
+++ b/api/user.go
@@ -855,6 +855,18 @@ func uploadProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// Decode image config first to check dimensions before loading the whole thing into memory later on
+	config, _, err := image.DecodeConfig(file)
+	if err != nil {
+		c.Err = model.NewAppError("uploadProfileFile", "Could not decode profile image config.", err.Error())
+		return
+	} else if config.Width*config.Height > MaxImageSize {
+		c.Err = model.NewAppError("uploadProfileFile", "Unable to upload profile image. File is too large.", err.Error())
+		return
+	}
+
+	file.Seek(0, 0)
+
 	// Decode image into Image object
 	img, _, err := image.Decode(file)
 	if err != nil {