tenseleyflow/shithub / 681f412

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package profile

+

+import (

+	"context"

+	"errors"

+	"net/http"

+	"net/url"

+	"strconv"

+	"strings"

+

+	"github.com/go-chi/chi/v5"

+	"github.com/jackc/pgx/v5"

+	"github.com/jackc/pgx/v5/pgtype"

+

+	authpkg "github.com/tenseleyFlow/shithub/internal/auth"

+	"github.com/tenseleyFlow/shithub/internal/orgs"

+	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/social"

+	socialdb "github.com/tenseleyFlow/shithub/internal/social/sqlc"

+	usersdb "github.com/tenseleyFlow/shithub/internal/users/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+)

+

+const followsPageSize = 50

+

+type followState struct {

+	FollowersCount int64

+	FollowingCount int64

+	IsFollowing    bool

+}

+

+type followListItem struct {

+	Kind        string

+	Username    string

+	DisplayName string

+	AvatarURL   string

+	URL         string

+	FollowedAt  string

+}

+

+func (h *Handlers) socialDeps() social.Deps {

+	return social.Deps{

+		Pool:    h.d.Pool,

+		Limiter: h.d.Limiter,

+		Logger:  h.d.Logger,

+		Audit:   h.d.Audit,

+	}

+}

+

+func (h *Handlers) profileFollow(w http.ResponseWriter, r *http.Request) {

+	h.followAction(w, r, true)

+}

+

+func (h *Handlers) profileUnfollow(w http.ResponseWriter, r *http.Request) {

+	h.followAction(w, r, false)

+}

+

+func (h *Handlers) followAction(w http.ResponseWriter, r *http.Request, follow bool) {

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if viewer.IsAnonymous() {

+		http.Redirect(w, r, "/login?next="+url.QueryEscape(r.URL.RequestURI()), http.StatusSeeOther)

+		return

+	}

+	rawName := chi.URLParam(r, "username")

+	lower := strings.ToLower(rawName)

+	if authpkg.IsReserved(lower) {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, r.URL.Path)

+		return

+	}

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")

+		return

+	}

+

+	if p, err := orgs.Resolve(r.Context(), h.d.Pool, lower); err == nil {

+		switch p.Kind {

+		case orgs.PrincipalOrg:

+			h.followOrgAction(w, r, viewer, p.ID, follow)

+			return

+		case orgs.PrincipalUser:

+			h.followUserAction(w, r, viewer, rawName, follow)

+			return

+		}

+	}

+	h.followUserAction(w, r, viewer, rawName, follow)

+}

+

+func (h *Handlers) followUserAction(w http.ResponseWriter, r *http.Request, viewer middleware.CurrentUser, rawName string, follow bool) {

+	target, err := h.q.GetUserByUsername(r.Context(), h.d.Pool, rawName)

+	if err != nil {

+		if errors.Is(err, pgx.ErrNoRows) {

+			h.d.Render.HTTPError(w, r, http.StatusNotFound, r.URL.Path)

+			return

+		}

+		h.d.Logger.ErrorContext(r.Context(), "profile follow: lookup user", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	if target.SuspendedAt.Valid || target.DeletedAt.Valid {

+		h.renderUnavailable(w, r, target.Username)

+		return

+	}

+	var actionErr error

+	if follow {

+		actionErr = social.FollowUser(r.Context(), h.socialDeps(), viewer.ID, target.ID)

+	} else {

+		actionErr = social.UnfollowUser(r.Context(), h.socialDeps(), viewer.ID, target.ID)

+	}

+	if actionErr != nil {

+		h.handleFollowError(w, r, actionErr)

+		return

+	}

+	redirectAfterProfileAction(w, r, "/"+target.Username)

+}

+

+func (h *Handlers) followOrgAction(w http.ResponseWriter, r *http.Request, viewer middleware.CurrentUser, orgID int64, follow bool) {

+	org, err := orgsdb.New().GetOrgByID(r.Context(), h.d.Pool, orgID)

+	if err != nil || org.DeletedAt.Valid {

+		h.d.Render.HTTPError(w, r, http.StatusNotFound, r.URL.Path)

+		return

+	}

+	if org.SuspendedAt.Valid {

+		h.d.Render.HTTPError(w, r, http.StatusGone, string(org.Slug))

+		return

+	}

+	var actionErr error

+	if follow {

+		actionErr = social.FollowOrg(r.Context(), h.socialDeps(), viewer.ID, org.ID)

+	} else {

+		actionErr = social.UnfollowOrg(r.Context(), h.socialDeps(), viewer.ID, org.ID)

+	}

+	if actionErr != nil {

+		h.handleFollowError(w, r, actionErr)

+		return

+	}

+	redirectAfterProfileAction(w, r, "/"+org.Slug)

+}

+

+func (h *Handlers) handleFollowError(w http.ResponseWriter, r *http.Request, err error) {

+	switch {

+	case errors.Is(err, social.ErrNotLoggedIn):

+		http.Redirect(w, r, "/login?next="+url.QueryEscape(r.URL.RequestURI()), http.StatusSeeOther)

+	case errors.Is(err, social.ErrCannotFollowSelf):

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "cannot follow yourself")

+	case errors.Is(err, social.ErrFollowRateLimit):

+		h.d.Render.HTTPError(w, r, http.StatusTooManyRequests, "rate limit")

+	default:

+		h.d.Logger.ErrorContext(r.Context(), "profile follow", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+	}

+}

+

+func redirectAfterProfileAction(w http.ResponseWriter, r *http.Request, fallback string) {

+	dest := fallback

+	if returnTo := strings.TrimSpace(r.PostFormValue("return_to")); safeProfileReturnTo(returnTo) {

+		dest = returnTo

+	}

+	http.Redirect(w, r, dest, http.StatusSeeOther)

+}

+

+func safeProfileReturnTo(path string) bool {

+	if path == "" || !strings.HasPrefix(path, "/") || strings.HasPrefix(path, "//") {

+		return false

+	}

+	u, err := url.Parse(path)

+	return err == nil && !u.IsAbs() && u.Host == "" && strings.HasPrefix(u.Path, "/")

+}

+

+func (h *Handlers) userFollowState(ctx context.Context, userID int64, viewer middleware.CurrentUser) followState {

+	q := socialdb.New()

+	var out followState

+	out.FollowersCount, _ = q.CountFollowersForUser(ctx, h.d.Pool, pgtype.Int8{Int64: userID, Valid: true})

+	out.FollowingCount, _ = q.CountFollowingForUser(ctx, h.d.Pool, userID)

+	if !viewer.IsAnonymous() && viewer.ID != userID {

+		out.IsFollowing, _ = social.IsFollowingUser(ctx, h.socialDeps(), viewer.ID, userID)

+	}

+	return out

+}

+

+func (h *Handlers) orgFollowState(ctx context.Context, orgID int64, viewer middleware.CurrentUser) followState {

+	q := socialdb.New()

+	var out followState

+	out.FollowersCount, _ = q.CountFollowersForOrg(ctx, h.d.Pool, pgtype.Int8{Int64: orgID, Valid: true})

+	if !viewer.IsAnonymous() {

+		out.IsFollowing, _ = social.IsFollowingOrg(ctx, h.socialDeps(), viewer.ID, orgID)

+	}

+	return out

+}

+

+func (h *Handlers) serveFollowersTab(w http.ResponseWriter, r *http.Request, user usersdb.User, viewer middleware.CurrentUser, isSelf bool) {

+	page := pageFromRequest(r)

+	rows, err := socialdb.New().ListFollowersForUser(r.Context(), h.d.Pool, socialdb.ListFollowersForUserParams{

+		FolloweeUserID: pgtype.Int8{Int64: user.ID, Valid: true},

+		Limit:          followsPageSize,

+		Offset:         int32((page - 1) * followsPageSize),

+	})

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "profile followers: list", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	state := h.userFollowState(r.Context(), user.ID, viewer)

+	items := make([]followListItem, 0, len(rows))

+	for _, row := range rows {

+		items = append(items, userFollowListItem(row.Username, row.DisplayName, row.FollowedAt))

+	}

+	h.renderFollowsTab(w, r, user, isSelf, "followers", state, items, page)

+}

+

+func (h *Handlers) serveFollowingTab(w http.ResponseWriter, r *http.Request, user usersdb.User, viewer middleware.CurrentUser, isSelf bool) {

+	userRows, err := socialdb.New().ListFollowingUsersForUser(r.Context(), h.d.Pool, socialdb.ListFollowingUsersForUserParams{

+		FollowerUserID: user.ID,

+		Limit:          followsPageSize,

+		Offset:         0,

+	})

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "profile following users: list", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	orgRows, err := socialdb.New().ListFollowingOrgsForUser(r.Context(), h.d.Pool, socialdb.ListFollowingOrgsForUserParams{

+		FollowerUserID: user.ID,

+		Limit:          followsPageSize,

+		Offset:         0,

+	})

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "profile following orgs: list", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	state := h.userFollowState(r.Context(), user.ID, viewer)

+	items := make([]followListItem, 0, len(userRows)+len(orgRows))

+	for _, row := range userRows {

+		items = append(items, userFollowListItem(row.Username, row.DisplayName, row.FollowedAt))

+	}

+	for _, row := range orgRows {

+		items = append(items, orgFollowListItem(row.Slug, row.DisplayName, row.FollowedAt))

+	}

+	h.renderFollowsTab(w, r, user, isSelf, "following", state, items, 1)

+}

+

+func (h *Handlers) renderFollowsTab(w http.ResponseWriter, r *http.Request, user usersdb.User, isSelf bool, active string, state followState, items []followListItem, page int) {

+	displayName := user.DisplayName

+	if displayName == "" {

+		displayName = user.Username

+	}

+	data := map[string]any{

+		"Title":          followTabTitle(active) + " · " + user.Username,

+		"User":           user,

+		"DisplayName":    displayName,

+		"IsSelf":         isSelf,

+		"AvatarURL":      "/avatars/" + url.PathEscape(user.Username),

+		"Tabs":           h.tabCounts(r.Context(), user.ID, middleware.CurrentUserFromContext(r.Context())),

+		"ActiveTab":      active,

+		"FollowersCount": state.FollowersCount,

+		"FollowingCount": state.FollowingCount,

+		"Items":          items,

+		"Page":           page,

+		"HasPrev":        page > 1,

+		"HasNext":        len(items) == followsPageSize,

+	}

+	if err := h.d.Render.RenderPage(w, r, "profile/follows_tab", data); err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "profile follows: render", "error", err)

+	}

+}

+

+func followTabTitle(active string) string {

+	switch active {

+	case "followers":

+		return "Followers"

+	case "following":

+		return "Following"

+	default:

+		return "People"

+	}

+}

+

+func pageFromRequest(r *http.Request) int {

+	v, _ := strconv.Atoi(r.URL.Query().Get("page"))

+	if v < 1 {

+		return 1

+	}

+	return v

+}

+

+func userFollowListItem(username, displayName string, followedAt pgtype.Timestamptz) followListItem {

+	return followListItem{

+		Kind: "user", Username: username, DisplayName: displayName,

+		AvatarURL: "/avatars/" + url.PathEscape(username), URL: "/" + username,

+		FollowedAt: followedAt.Time.Format("Jan 2, 2006"),

+	}

+}

+

+func orgFollowListItem(slug, displayName string, followedAt pgtype.Timestamptz) followListItem {

+	return followListItem{

+		Kind: "org", Username: slug, DisplayName: displayName,

+		AvatarURL: "/avatars/" + url.PathEscape(slug), URL: "/" + slug,

+		FollowedAt: followedAt.Time.Format("Jan 2, 2006"),

+	}

+}

+	followState := h.orgFollowState(ctx, org.ID, viewer)

+		"FollowerCount":      followState.FollowersCount,

+		"IsFollowing":        followState.IsFollowing,

+		"FollowAction":       "/" + url.PathEscape(org.Slug) + "/follow",

+		"UnfollowAction":     "/" + url.PathEscape(org.Slug) + "/unfollow",

+		"ReturnTo":           r.URL.RequestURI(),

+	"github.com/tenseleyFlow/shithub/internal/auth/audit"

+	"github.com/tenseleyFlow/shithub/internal/auth/throttle"

+	Limiter     *throttle.Limiter

+	Audit       *audit.Recorder

+		r.Post("/{username}/follow", h.profileFollow)

+		r.Post("/{username}/unfollow", h.profileUnfollow)

+	case "followers":

+		h.serveFollowersTab(w, r, user, viewer, isSelf)

+		return

+	case "following":

+		h.serveFollowingTab(w, r, user, viewer, isSelf)

+		return

+	followState := h.userFollowState(r.Context(), user.ID, viewer)

+		"FollowersCount":   followState.FollowersCount,

+		"FollowingCount":   followState.FollowingCount,

+		"IsFollowing":      followState.IsFollowing,

+		"FollowAction":     "/" + url.PathEscape(user.Username) + "/follow",

+		"UnfollowAction":   "/" + url.PathEscape(user.Username) + "/unfollow",

+		"ReturnTo":         r.URL.RequestURI(),

+		"profile/view.html":        {Data: []byte(`{{ define "page" }}USER={{.User.Username}} DISPLAY={{.User.DisplayName}}{{ if .IsSelf }} SELF=1{{ end }}{{ if .IsFollowing }} FOLLOWING=1{{ end }} FOLLOWERS={{.FollowersCount}} FOLLOWINGCOUNT={{.FollowingCount}} BIO={{.User.Bio}} VISIBLE={{.VisibleRepoCount}} ORGS={{len .Orgs}} README={{.HasProfileReadme}} CONTRIB={{.Contributions.Total}} PERIOD={{.Contributions.Period}} WEEKS={{len .Contributions.Weeks}} YEARS={{len .Contributions.Years}} YEARLINKS={{range .Contributions.Years}}{{.Year}}:{{.Active}}:{{.Href}};{{end}} PINS={{len .PinnedRepos}} PINNAMES={{range .PinnedRepos}}{{.Name}};{{end}} CANDIDATES={{len .PinCandidates}} SELECTED={{range .PinCandidates}}{{if .IsPinned}}{{.Name}};{{end}}{{end}}{{ if .CanCustomizePins }} CUSTOMIZE=1{{ end }}{{ end }}`)},

+		"profile/follows_tab.html": {Data: []byte(`{{ define "page" }}FOLLOWTAB={{.ActiveTab}} USER={{.User.Username}} TOTAL={{len .Items}} ITEMS={{range .Items}}{{.Kind}}:{{.Username}};{{end}}{{ end }}`)},

+		"orgs/profile.html":        {Data: []byte(`{{ define "page" }}ORG={{.Org.Slug}}{{ if .IsFollowing }} FOLLOWING=1{{ end }} FOLLOWERS={{.FollowerCount}} REPOS={{len .Repos}} PINS={{len .PinnedRepos}} PINNAMES={{range .PinnedRepos}}{{.Name}};{{end}} CANDIDATES={{len .PinCandidates}} SELECTED={{range .PinCandidates}}{{if .IsPinned}}{{.Name}};{{end}}{{end}} MEMBERS={{.MemberCount}} PEOPLE={{len .People}} NAMES={{range .Repos}}{{.Name}};{{end}} LANGS={{range .TopLanguages}}{{.Name}}={{.Count}};{{end}} TOPICS={{range .TopTopics}}{{.Name}}={{.Count}};{{end}} VIEWAS={{.ViewAs}}{{ if .CanCustomizePins }} CUSTOMIZE=1{{ end }}{{ end }}`)},

+func (e *profileEnv) postFormAs(t *testing.T, path string, user usersdb.User, form url.Values) *http.Response {

+	t.Helper()

+	if form == nil {

+		form = url.Values{}

+	}

+	req, err := http.NewRequest(http.MethodPost, e.srv.URL+path, strings.NewReader(form.Encode()))

+	if err != nil {

+		t.Fatalf("request: %v", err)

+	}

+	req.Header.Set("Content-Type", "application/x-www-form-urlencoded")

+	if user.ID != 0 {

+		req.Header.Set("X-Test-User-ID", strconv.FormatInt(user.ID, 10))

+		req.Header.Set("X-Test-Username", user.Username)

+	}

+	resp, err := newNonRedirClient(t).Do(req)

+	if err != nil {

+		t.Fatalf("POST: %v", err)

+	}

+	t.Cleanup(func() { _ = resp.Body.Close() })

+	return resp

+}

+

+func TestProfile_FollowUserRoutesUpdateCountsAndState(t *testing.T) {

+	env := setupProfileEnv(t)

+	alice := env.insertUser(t, "alice", "Alice", "")

+	bob := env.insertUser(t, "bob", "Bob", "")

+

+	resp := env.postFormAs(t, "/alice/follow", bob, url.Values{"return_to": []string{"/alice?tab=followers"}})

+	if resp.StatusCode != http.StatusSeeOther {

+		t.Fatalf("follow status %d, want 303", resp.StatusCode)

+	}

+	if loc := resp.Header.Get("Location"); loc != "/alice?tab=followers" {

+		t.Fatalf("follow redirect = %q", loc)

+	}

+	var count int

+	if err := env.pool.QueryRow(context.Background(),

+		`SELECT count(*) FROM follows WHERE follower_user_id = $1 AND followee_user_id = $2`,

+		bob.ID, alice.ID,

+	).Scan(&count); err != nil {

+		t.Fatalf("count follow: %v", err)

+	}

+	if count != 1 {

+		t.Fatalf("follow count = %d, want 1", count)

+	}

+	body := env.getAs(t, "/alice", bob)

+	for _, want := range []string{"FOLLOWING=1", "FOLLOWERS=1", "FOLLOWINGCOUNT=0"} {

+		if !strings.Contains(body, want) {

+			t.Fatalf("missing %q in body: %s", want, body)

+		}

+	}

+	followers := env.getAs(t, "/alice?tab=followers", alice)

+	if !strings.Contains(followers, "ITEMS=user:bob;") {

+		t.Fatalf("followers tab missing bob: %s", followers)

+	}

+

+	resp = env.postFormAs(t, "/alice/unfollow", bob, nil)

+	if resp.StatusCode != http.StatusSeeOther {

+		t.Fatalf("unfollow status %d, want 303", resp.StatusCode)

+	}

+	if err := env.pool.QueryRow(context.Background(),

+		`SELECT count(*) FROM follows WHERE follower_user_id = $1 AND followee_user_id = $2`,

+		bob.ID, alice.ID,

+	).Scan(&count); err != nil {

+		t.Fatalf("count unfollow: %v", err)

+	}

+	if count != 0 {

+		t.Fatalf("follow count after unfollow = %d, want 0", count)

+	}

+}

+

+func TestProfile_FollowSelfRejected(t *testing.T) {

+	env := setupProfileEnv(t)

+	alice := env.insertUser(t, "alice", "Alice", "")

+

+	resp := env.postFormAs(t, "/alice/follow", alice, nil)

+	if resp.StatusCode != http.StatusBadRequest {

+		t.Fatalf("follow self status %d, want 400", resp.StatusCode)

+	}

+}

+

+func TestProfile_FollowOrgRoutesUpdateCountsAndState(t *testing.T) {

+	env := setupProfileEnv(t)

+	owner := env.insertUser(t, "owner", "Owner", "")

+	bob := env.insertUser(t, "bob", "Bob", "")

+	env.insertOrg(t, "acme", "Acme", "", owner)

+

+	resp := env.postFormAs(t, "/acme/follow", bob, nil)

+	if resp.StatusCode != http.StatusSeeOther {

+		t.Fatalf("follow org status %d, want 303", resp.StatusCode)

+	}

+	var count int

+	if err := env.pool.QueryRow(context.Background(),

+		`SELECT count(*) FROM follows f JOIN orgs o ON o.id = f.followee_org_id

+		 WHERE f.follower_user_id = $1 AND o.slug = 'acme'`,

+		bob.ID,

+	).Scan(&count); err != nil {

+		t.Fatalf("count org follow: %v", err)

+	}

+	if count != 1 {

+		t.Fatalf("org follow count = %d, want 1", count)

+	}

+	body := env.getAs(t, "/acme", bob)

+	for _, want := range []string{"ORG=acme", "FOLLOWING=1", "FOLLOWERS=1"} {

+		if !strings.Contains(body, want) {

+			t.Fatalf("missing %q in org body: %s", want, body)

+		}

+	}

+}

+

+	"github.com/tenseleyFlow/shithub/internal/auth/audit"

+	"github.com/tenseleyFlow/shithub/internal/auth/throttle"

+		Limiter:     throttle.NewLimiter(),

+		Audit:       audit.NewRecorder(),

+.shithub-profile-follow-counts a {

+  color: var(--fg-muted);

+  text-decoration: none;

+}

+.shithub-profile-follow-counts a:hover {

+  color: var(--accent-fg, #4493f8);

+  text-decoration: none;

+}

+.shithub-follow-form {

+  margin: 0;

+}

+  .shithub-profile-tab-container {

+    grid-template-columns: 1fr;

+    padding: 1.25rem 1rem 2rem;

+    gap: 1.25rem;

+  }

+.shithub-profile-tab-container {

+  max-width: 1280px;

+  margin: 0 auto;

+  padding: 2rem;

+  display: grid;

+  grid-template-columns: 260px minmax(0, 1fr);

+  gap: 2rem;

+}

+.shithub-profile-tab-sidebar {

+  color: var(--fg-muted);

+}

+.shithub-profile-tab-avatar {

+  width: 96px;

+  height: 96px;

+  border-radius: 50%;

+  border: 1px solid var(--border-default);

+  background: var(--canvas-subtle);

+}

+.shithub-profile-tab-sidebar h1 {

+  margin: 0.75rem 0 0.15rem;

+  font-size: 1.25rem;

+  color: var(--fg-default);

+}

+.shithub-profile-tab-sidebar p {

+  margin: 0;

+}

+.shithub-follow-list-head {

+  border-bottom: 1px solid var(--border-default);

+  padding-bottom: 0.75rem;

+}

+.shithub-follow-list-head h2 {

+  margin: 0;

+  font-size: 1.25rem;

+}

+.shithub-follow-list {

+  list-style: none;

+  margin: 0;

+  padding: 0;

+}

+.shithub-follow-list-row {

+  display: flex;

+  gap: 0.9rem;

+  padding: 1rem 0;

+  border-bottom: 1px solid var(--border-default);

+}

+.shithub-follow-avatar img {

+  width: 48px;

+  height: 48px;

+  border-radius: 50%;

+  display: block;

+  border: 1px solid var(--border-default);

+}

+.shithub-follow-list-body {

+  min-width: 0;

+  display: grid;

+  gap: 0.15rem;

+}

+.shithub-follow-list-name {

+  font-weight: 600;

+  color: var(--fg-default);

+}

+.shithub-follow-list-handle {

+  color: var(--fg-muted);

+}

+.shithub-follow-empty {

+  margin-top: 1rem;

+}

+.shithub-follow-empty h3 {

+  margin: 0;

+  font-size: 1rem;

+}

+

+        {{ if .IsOwner }}

+          <a href="/organizations/{{ .Org.Slug }}/settings/profile" class="shithub-button">Settings</a>

+        {{ else if .Viewer.ID }}

+          <form method="post" action="{{ if .IsFollowing }}{{ .UnfollowAction }}{{ else }}{{ .FollowAction }}{{ end }}" class="shithub-follow-form">

+            <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+            <input type="hidden" name="return_to" value="{{ .ReturnTo }}">

+            <button type="submit" class="shithub-button">{{ if .IsFollowing }}Unfollow{{ else }}Follow{{ end }}</button>

+          </form>

+        {{ else }}

+          <a href="/login?next={{ urlquery .ReturnTo }}" class="shithub-button">Follow</a>

+        {{ end }}

+        <p><strong>{{ .FollowerCount }}</strong> follower{{ if ne .FollowerCount 1 }}s{{ end }}</p>

+{{ define "page" -}}

+<section class="shithub-profile-tab-page">

+  <div class="shithub-profile-tabs-shell">

+    {{ template "profile-tabs" . }}

+  </div>

+

+  <div class="shithub-profile-tab-container">

+    <aside class="shithub-profile-tab-sidebar" aria-label="{{ .User.Username }} profile summary">

+      <img class="shithub-profile-tab-avatar" src="{{ .AvatarURL }}" alt="@{{ .User.Username }}" width="96" height="96">

+      <h1>{{ .DisplayName }}</h1>

+      <p>@{{ .User.Username }}</p>

+      <p class="shithub-profile-follow-counts">

+        {{ octicon "people" }}

+        <a href="/{{ .User.Username }}?tab=followers"{{ if eq .ActiveTab "followers" }} aria-current="page"{{ end }}><strong>{{ .FollowersCount }}</strong> followers</a>

+        <span class="shithub-profile-dot" aria-hidden="true">·</span>

+        <a href="/{{ .User.Username }}?tab=following"{{ if eq .ActiveTab "following" }} aria-current="page"{{ end }}><strong>{{ .FollowingCount }}</strong> following</a>

+      </p>

+    </aside>

+

+    <main class="shithub-profile-tab-main">

+      <header class="shithub-follow-list-head">

+        <h2>{{ if eq .ActiveTab "followers" }}Followers{{ else }}Following{{ end }}</h2>

+      </header>

+      {{ if .Items }}

+      <ol class="shithub-follow-list">

+        {{ range .Items }}

+        <li class="shithub-follow-list-row">

+          <a href="{{ .URL }}" class="shithub-follow-avatar"><img src="{{ .AvatarURL }}" alt="" width="48" height="48"></a>

+          <div class="shithub-follow-list-body">

+            <a href="{{ .URL }}" class="shithub-follow-list-name">{{ if .DisplayName }}{{ .DisplayName }}{{ else }}{{ .Username }}{{ end }}</a>

+            <span class="shithub-follow-list-handle">{{ if eq .Kind "org" }}@{{ .Username }} · organization{{ else }}@{{ .Username }}{{ end }}</span>

+            <span class="shithub-muted">Followed {{ .FollowedAt }}</span>

+          </div>

+        </li>

+        {{ end }}

+      </ol>

+      {{ else }}

+      <div class="shithub-empty shithub-follow-empty">

+        <h3>{{ if eq .ActiveTab "followers" }}No followers yet{{ else }}Not following anyone yet{{ end }}</h3>

+      </div>

+      {{ end }}

+      {{ if or .HasPrev .HasNext }}

+      <nav class="shithub-pagination" aria-label="Follows pagination">

+        {{ if .HasPrev }}<a href="/{{ .User.Username }}?tab={{ .ActiveTab }}&amp;page={{ sub .Page 1 }}">Previous</a>{{ else }}<span>Previous</span>{{ end }}

+        {{ if .HasNext }}<a href="/{{ .User.Username }}?tab={{ .ActiveTab }}&amp;page={{ add .Page 1 }}">Next</a>{{ else }}<span>Next</span>{{ end }}

+      </nav>

+      {{ end }}

+    </main>

+  </div>

+</section>

+{{- end }}

+      {{ else if .Viewer.ID }}

+        <form method="post" action="{{ if .IsFollowing }}{{ .UnfollowAction }}{{ else }}{{ .FollowAction }}{{ end }}" class="shithub-follow-form">

+          <input type="hidden" name="csrf_token" value="{{ .CSRFToken }}">

+          <input type="hidden" name="return_to" value="{{ .ReturnTo }}">

+          <button type="submit" class="shithub-button shithub-button-block">{{ if .IsFollowing }}Unfollow{{ else }}Follow{{ end }}</button>

+        </form>

+        <a href="/login?next={{ urlquery .ReturnTo }}" class="shithub-button shithub-button-block">Follow</a>

+        <a href="/{{ .User.Username }}?tab=followers"><strong>{{ .FollowersCount }}</strong> followers</a>

+        <a href="/{{ .User.Username }}?tab=following"><strong>{{ .FollowingCount }}</strong> following</a>