add: user stacks

2025-05-08 22:18:04 -04:00 · 2025-05-08 22:18:04 -04:00 · 75d72460ae
commit 75d72460ae
parent 8c3024cb40
28 changed files with 1028 additions and 9 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
@ -3606,7 +3606,7 @@ dependencies = [

 [[package]]
 name = "tetratto"
-version = "2.2.0"
+version = "2.3.0"
 dependencies = [
 "ammonia",
 "async-stripe",
@ -3636,7 +3636,7 @@ dependencies = [

 [[package]]
 name = "tetratto-core"
-version = "2.2.0"
+version = "2.3.0"
 dependencies = [
 "async-recursion",
 "base16ct",
@ -3660,7 +3660,7 @@ dependencies = [

 [[package]]
 name = "tetratto-l10n"
-version = "2.2.0"
+version = "2.3.0"
 dependencies = [
 "pathbufd",
 "serde",
@ -3669,7 +3669,7 @@ dependencies = [

 [[package]]
 name = "tetratto-shared"
-version = "2.2.0"
+version = "2.3.0"
 dependencies = [
 "ammonia",
 "chrono",
--- a/crates/app/Cargo.toml
+++ b/crates/app/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "tetratto"
-version = "2.2.0"
+version = "2.3.0"
 edition = "2024"

 [features]
--- a/crates/app/src/assets.rs
+++ b/crates/app/src/assets.rs
@ -99,6 +99,10 @@ pub const CHATS_STREAM: &str = include_str!("./public/html/chats/stream.html");
 pub const CHATS_MESSAGE: &str = include_str!("./public/html/chats/message.html");
 pub const CHATS_CHANNELS: &str = include_str!("./public/html/chats/channels.html");

+pub const STACKS_LIST: &str = include_str!("./public/html/stacks/list.html");
+pub const STACKS_POSTS: &str = include_str!("./public/html/stacks/posts.html");
+pub const STACKS_MANAGE: &str = include_str!("./public/html/stacks/manage.html");
+
 // langs
 pub const LANG_EN_US: &str = include_str!("./langs/en-US.toml");

@ -289,6 +293,10 @@ pub(crate) async fn write_assets(config: &Config) -> PathBufD {
    write_template!(html_path->"chats/message.html"(crate::assets::CHATS_MESSAGE) --config=config);
    write_template!(html_path->"chats/channels.html"(crate::assets::CHATS_CHANNELS) --config=config);

+    write_template!(html_path->"stacks/list.html"(crate::assets::STACKS_LIST) -d "stacks" --config=config);
+    write_template!(html_path->"stacks/posts.html"(crate::assets::STACKS_POSTS) --config=config);
+    write_template!(html_path->"stacks/manage.html"(crate::assets::STACKS_MANAGE) --config=config);
+
    html_path
 }

--- a/crates/app/src/langs/en-US.toml
+++ b/crates/app/src/langs/en-US.toml
@ -164,3 +164,12 @@ version = "1.0.0"
 "chats:action.add_someone" = "Add someone"
 "chats:action.kick_member" = "Kick member"
 "chats:action.mention_user" = "Mention user"
+
+"stacks:link.stacks" = "Stacks"
+"stacks:label.my_stacks" = "My stacks"
+"stacks:label.create_new" = "Create new stack"
+"stacks:label.change_name" = "Change name"
+"stacks:tab.general" = "General"
+"stacks:tab.users" = "Users"
+"stacks:label.add_user" = "Add user"
+"stacks:label.remove" = "Remove"
--- a/crates/app/src/public/html/macros.html
+++ b/crates/app/src/public/html/macros.html
@ -124,6 +124,11 @@
        {{ icon "newspaper" }}
        <span>{{ text "general:link.home" }}</span>
    </a>
+
+    <a href="/stacks" class="{% if selected == 'stacks' %}active{% endif %}">
+        {{ icon "layers" }}
+        <span>{{ text "stacks:link.stacks" }}</span>
+    </a>
    {% else %}
    <a href="/" class="{% if selected == 'all' %}active{% endif %}">
        {{ icon "earth" }}
--- a/crates/app/src/public/html/profile/posts.html
+++ b/crates/app/src/public/html/profile/posts.html
@ -48,7 +48,7 @@ profile.settings.allow_anonymous_questions) %}
            {% endif %}
        {% endfor %}

-        {{ components::pagination(page=page, items=posts|length) }}
+        {{ components::pagination(page=page, items=posts|length, key="%tag=", value=tag) }}
    </div>
 </div>
 {% endblock %}
--- a/crates/app/src/public/html/profile/settings.html
+++ b/crates/app/src/public/html/profile/settings.html
@ -59,6 +59,7 @@
                        <li>Use custom CSS on your profile</li>
                        <li>Ability to use community emojis outside of their community <b>(soon)</b></li>
                        <li>Ability to upload and use gif emojis <b>(soon)</b></li>
+                        <li><b>Create infinite stack timelines</b></li>
                    </ul>

                    <a href="{{ config.stripe.payment_link }}?client_reference_id={{ user.id }}" class="button" target="_blank">Become a supporter</a>
--- a/crates/app/src/public/html/stacks/list.html
+++ b/crates/app/src/public/html/stacks/list.html
@ -0,0 +1,93 @@
+{% extends "root.html" %} {% block head %}
+<title>My stacks - {{ config.name }}</title>
+{% endblock %} {% block body %} {{ macros::nav() }}
+<main class="flex flex-col gap-2">
+    {{ macros::timelines_nav(selected="stacks") }} {% if user %}
+    <div class="card-nest">
+        <div class="card small">
+            <b>{{ text "stacks:label.create_new" }}</b>
+        </div>
+
+        <form
+            class="card flex flex-col gap-2"
+            onsubmit="create_stack_from_form(event)"
+        >
+            <div class="flex flex-col gap-1">
+                <label for="name">{{ text "communities:label.name" }}</label>
+                <input
+                    type="text"
+                    name="name"
+                    id="name"
+                    placeholder="name"
+                    required
+                    minlength="2"
+                    maxlength="32"
+                />
+            </div>
+
+            <button class="primary">
+                {{ text "communities:action.create" }}
+            </button>
+        </form>
+    </div>
+    {% endif %}
+
+    <div class="card-nest w-full">
+        <div class="card small flex items-center justify-between gap-2">
+            <div class="flex items-center gap-2">
+                {{ icon "award" }}
+                <span>{{ text "stacks:label.my_stacks" }}</span>
+            </div>
+        </div>
+
+        <div class="card flex flex-col gap-2">
+            {% for item in list %}
+            <a
+                href="/stacks/{{ item.id }}"
+                class="card secondary flex flex-col gap-2"
+            >
+                <div class="flex items-center gap-2">
+                    {{ icon "list" }}
+                    <b>{{ item.name }}</b>
+                </div>
+
+                <span
+                    >Created <span class="date">{{ item.created }}</span>; {{
+                    item.privacy }}; {{ item.users|length }} users</span
+                >
+            </a>
+            {% endfor %}
+        </div>
+    </div>
+</main>
+
+<script>
+    async function create_stack_from_form(e) {
+        e.preventDefault();
+        await trigger("atto::debounce", ["stacks::create"]);
+
+        fetch("/api/v1/stacks", {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+                name: e.target.name.value,
+            }),
+        })
+            .then((res) => res.json())
+            .then((res) => {
+                trigger("atto::toast", [
+                    res.ok ? "success" : "error",
+                    res.message,
+                ]);
+
+                if (res.ok) {
+                    setTimeout(() => {
+                        window.location.href = `/stacks/${res.payload}`;
+                    }, 100);
+                }
+            });
+    }
+</script>
+{% endblock %}
--- a/crates/app/src/public/html/stacks/manage.html
+++ b/crates/app/src/public/html/stacks/manage.html
@ -0,0 +1,237 @@
+{% extends "root.html" %} {% block head %}
+<title>Community settings - {{ config.name }}</title>
+{% endblock %} {% block body %} {{ macros::nav() }}
+<main class="flex flex-col gap-2">
+    <div class="pillmenu">
+        <a href="#/general" data-tab-button="general" class="active">
+            {{ icon "settings" }}
+            <span>{{ text "stacks:tab.general" }}</span>
+        </a>
+
+        <a href="#/users" data-tab-button="users">
+            {{ icon "users" }}
+            <span>{{ text "stacks:tab.users" }}</span>
+        </a>
+    </div>
+
+    <div class="w-full flex flex-col gap-2" data-tab="general">
+        <div id="manage_fields" class="card tertiary flex flex-col gap-2">
+            <div class="card-nest" ui_ident="privacu">
+                <div class="card small">
+                    <b>Privacy</b>
+                </div>
+
+                <div class="card">
+                    <select onchange="save_privacy(event, 'read')">
+                        <option
+                            value="Private"
+                            selected="{% if stack.privacy == 'Private' %}true{% else %}false{% endif %}"
+                        >
+                            Private
+                        </option>
+                        <option
+                            value="Public"
+                            selected="{% if stack.privacy == 'Public' %}true{% else %}false{% endif %}"
+                        >
+                            Public
+                        </option>
+                    </select>
+                </div>
+            </div>
+
+            <div class="card-nest" ui_ident="change_name">
+                <div class="card small">
+                    <b>{{ text "stacks:label.change_name" }}</b>
+                </div>
+
+                <form
+                    class="card flex flex-col gap-2"
+                    onsubmit="change_name(event)"
+                >
+                    <div class="flex flex-col gap-1">
+                        <label for="new_title"
+                            >{{ text "communities:label.name" }}</label
+                        >
+                        <input
+                            type="text"
+                            name="name"
+                            id="name"
+                            placeholder="name"
+                            required
+                            minlength="2"
+                        />
+                    </div>
+
+                    <button class="primary">
+                        {{ icon "check" }}
+                        <span>{{ text "general:action.save" }}</span>
+                    </button>
+                </form>
+            </div>
+        </div>
+
+        <div class="card-nest" ui_ident="danger_zone">
+            <div class="card small flex gap-1 items-center red">
+                {{ icon "skull" }}
+                <b> {{ text "communities:label.danger_zone" }} </b>
+            </div>
+
+            <div class="card flex flex-wrap gap-2">
+                <button class="red quaternary" onclick="delete_stack()">
+                    {{ icon "trash" }}
+                    <span>{{ text "general:action.delete" }}</span>
+                </button>
+            </div>
+        </div>
+    </div>
+
+    <div class="card w-full flex flex-col gap-2 hidden" data-tab="users">
+        <button onclick="add_user()">
+            {{ icon "plus" }}
+            <span>{{ text "stacks:label.add_user" }}</span>
+        </button>
+
+        {% for user in users %}
+        <div class="card secondary flex gap-2 items-center justify-between">
+            <div class="flex gap-2">
+                {{ components::avatar(username=user.username) }} {{
+                components::full_username(user=user) }}
+            </div>
+
+            <button
+                class="quaternary small red"
+                onclick="remove_user('{{ user.username }}')"
+            >
+                {{ icon "x" }}
+                <span>{{ text "stacks:label.remove" }}</span>
+            </button>
+        </div>
+        {% endfor %}
+    </div>
+
+    <div class="flex gap-2 flex-wrap">
+        <a href="/stacks/{{ stack.id }}" class="button secondary">
+            {{ icon "arrow-left" }}
+            <span>{{ text "general:action.back" }}</span>
+        </a>
+    </div>
+</main>
+
+<script>
+    globalThis.add_user = async () => {
+        await trigger("atto::debounce", ["stacks::add_user"]);
+        const username = await trigger("atto::prompt", ["Username:"]);
+
+        if (!username) {
+            return;
+        }
+
+        fetch(`/api/v1/stacks/{{ stack.id }}/users`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+                username,
+            }),
+        })
+            .then((res) => res.json())
+            .then((res) => {
+                trigger("atto::toast", [
+                    res.ok ? "success" : "error",
+                    res.message,
+                ]);
+            });
+    };
+
+    globalThis.remove_user = async (username) => {
+        await trigger("atto::debounce", ["stacks::remove_user"]);
+        fetch(`/api/v1/stacks/{{ stack.id }}/users`, {
+            method: "DELETE",
+            headers: {
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+                username,
+            }),
+        })
+            .then((res) => res.json())
+            .then((res) => {
+                trigger("atto::toast", [
+                    res.ok ? "success" : "error",
+                    res.message,
+                ]);
+            });
+    };
+
+    globalThis.save_privacy = (event, mode) => {
+        const selected = event.target.selectedOptions[0];
+        fetch(`/api/v1/stacks/{{ stack.id }}/privacy`, {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+                privacy: selected.value,
+            }),
+        })
+            .then((res) => res.json())
+            .then((res) => {
+                trigger("atto::toast", [
+                    res.ok ? "success" : "error",
+                    res.message,
+                ]);
+            });
+    };
+
+    globalThis.change_name = async (e) => {
+        e.preventDefault();
+
+        if (
+            !(await trigger("atto::confirm", [
+                "Are you sure you would like to do this?",
+            ]))
+        ) {
+            return;
+        }
+
+        fetch("/api/v1/stacks/{{ stack.id }}/name", {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+                name: e.target.name.value,
+            }),
+        })
+            .then((res) => res.json())
+            .then((res) => {
+                trigger("atto::toast", [
+                    res.ok ? "success" : "error",
+                    res.message,
+                ]);
+            });
+    };
+
+    globalThis.delete_stack = async () => {
+        if (
+            !(await trigger("atto::confirm", [
+                "Are you sure you would like to do this? This action is permanent.",
+            ]))
+        ) {
+            return;
+        }
+
+        fetch(`/api/v1/stacks/{{ stack.id }}`, {
+            method: "DELETE",
+        })
+            .then((res) => res.json())
+            .then((res) => {
+                trigger("atto::toast", [
+                    res.ok ? "success" : "error",
+                    res.message,
+                ]);
+            });
+    };
+</script>
+{% endblock %}
--- a/crates/app/src/public/html/stacks/posts.html
+++ b/crates/app/src/public/html/stacks/posts.html
@ -0,0 +1,74 @@
+{% extends "root.html" %} {% block head %}
+<title>{{ stack.name }} - {{ config.name }}</title>
+{% endblock %} {% block body %} {{ macros::nav() }}
+<main class="flex flex-col gap-2">
+    {{ macros::timelines_nav(selected="stacks") }}
+    <div class="card-nest w-full">
+        <div class="card small flex items-center justify-between gap-2">
+            <div class="flex items-center gap-2">
+                {{ icon "list" }}
+                <span>{{ stack.name }}</span>
+            </div>
+
+            {% if user and user.id == stack.owner %}
+            <a
+                href="/stacks/{{ stack.id }}/manage"
+                class="button quaternary small"
+            >
+                {{ icon "pencil" }}
+                <span>{{ text "general:action.manage" }}</span>
+            </a>
+            {% endif %}
+        </div>
+
+        <!-- prettier-ignore -->
+        <div class="card w-full flex flex-col gap-2">
+            {% if list|length == 0 %}
+            <p>No posts yet! Maybe <a href="/stacks/{{ stack.id }}/manage#/users">add a user to this stack</a>!</p>
+            {% endif %}
+
+            {% for post in list %}
+                {% if post[2].read_access == "Everybody" %}
+                    {% if post[0].context.repost and post[0].context.repost.reposting %}
+                        {{ components::repost(repost=post[3], post=post[0], owner=post[1], secondary=true, community=post[2], show_community=true) }}
+                    {% else %}
+                        {{ components::post(post=post[0], owner=post[1], question=post[4], secondary=true, community=post[2]) }}
+                    {% endif %}
+                {% endif %}
+            {% endfor %}
+
+            {{ components::pagination(page=page, items=list|length) }}
+        </div>
+    </div>
+</main>
+
+<script>
+    async function create_stack_from_form(e) {
+        e.preventDefault();
+        await trigger("atto::debounce", ["stacks::create"]);
+
+        fetch("/api/v1/stacks", {
+            method: "POST",
+            headers: {
+                "Content-Type": "application/json",
+            },
+            body: JSON.stringify({
+                name: e.target.name.value,
+            }),
+        })
+            .then((res) => res.json())
+            .then((res) => {
+                trigger("atto::toast", [
+                    res.ok ? "success" : "error",
+                    res.message,
+                ]);
+
+                if (res.ok) {
+                    setTimeout(() => {
+                        window.location.href = `/stacks/${res.payload}`;
+                    }, 100);
+                }
+            });
+    }
+</script>
+{% endblock %}
--- a/crates/app/src/routes/api/v1/mod.rs
+++ b/crates/app/src/routes/api/v1/mod.rs
@ -4,6 +4,7 @@ pub mod notifications;
 pub mod reactions;
 pub mod reports;
 pub mod requests;
+pub mod stacks;
 pub mod util;

 #[cfg(feature = "redis")]
@ -22,6 +23,7 @@ use tetratto_core::model::{
    communities_permissions::CommunityPermission,
    permissions::FinePermission,
    reactions::AssetType,
+    stacks::StackPrivacy,
 };

 pub fn routes() -> Router {
@ -320,6 +322,13 @@ pub fn routes() -> Router {
            "/lookup_emoji",
            post(communities::emojis::get_emoji_shortcode),
        )
+        // stacks
+        .route("/stacks", post(stacks::create_request))
+        .route("/stacks/{id}/name", post(stacks::update_name_request))
+        .route("/stacks/{id}/privacy", post(stacks::update_privacy_request))
+        .route("/stacks/{id}/users", post(stacks::add_user_request))
+        .route("/stacks/{id}/users", delete(stacks::remove_user_request))
+        .route("/stacks/{id}", delete(stacks::delete_request))
 }

 #[derive(Deserialize)]
@ -506,3 +515,23 @@ pub struct CreateMessage {
 pub struct KickMember {
    pub member: String,
 }
+
+#[derive(Deserialize)]
+pub struct CreateStack {
+    pub name: String,
+}
+
+#[derive(Deserialize)]
+pub struct UpdateStackName {
+    pub name: String,
+}
+
+#[derive(Deserialize)]
+pub struct UpdateStackPrivacy {
+    pub privacy: StackPrivacy,
+}
+
+#[derive(Deserialize)]
+pub struct AddOrRemoveStackUser {
+    pub username: String,
+}
--- a/crates/app/src/routes/api/v1/stacks.rs
+++ b/crates/app/src/routes/api/v1/stacks.rs
@ -0,0 +1,176 @@
+use crate::{State, get_user_from_token};
+use axum::{Extension, Json, extract::Path, response::IntoResponse};
+use axum_extra::extract::CookieJar;
+use tetratto_core::model::{stacks::UserStack, ApiReturn, Error};
+use super::{AddOrRemoveStackUser, CreateStack, UpdateStackName, UpdateStackPrivacy};
+
+pub async fn create_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Json(req): Json<CreateStack>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    match data
+        .create_stack(UserStack::new(req.name, user.id, Vec::new()))
+        .await
+    {
+        Ok(s) => Json(ApiReturn {
+            ok: true,
+            message: "Stack created".to_string(),
+            payload: s.id,
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
+pub async fn update_name_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Path(id): Path<usize>,
+    Json(req): Json<UpdateStackName>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    match data.update_stack_name(id, user, &req.name).await {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "Stack updated".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
+pub async fn update_privacy_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Path(id): Path<usize>,
+    Json(req): Json<UpdateStackPrivacy>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    match data.update_stack_privacy(id, user, req.privacy).await {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "Stack updated".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
+pub async fn add_user_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Path(id): Path<usize>,
+    Json(req): Json<AddOrRemoveStackUser>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    let other_user = match data.get_user_by_username(&req.username).await {
+        Ok(c) => c,
+        Err(e) => return Json(Error::MiscError(e.to_string()).into()),
+    };
+
+    // check block status
+    if data
+        .get_userblock_by_initiator_receiver(other_user.id, user.id)
+        .await
+        .is_ok()
+    {
+        return Json(Error::NotAllowed.into());
+    }
+
+    // add user
+    let mut stack = match data.get_stack_by_id(id).await {
+        Ok(s) => s,
+        Err(e) => return Json(e.into()),
+    };
+
+    stack.users.push(other_user.id);
+    match data.update_stack_users(id, user, stack.users).await {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "User added".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
+pub async fn remove_user_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Path(id): Path<usize>,
+    Json(req): Json<AddOrRemoveStackUser>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    let mut stack = match data.get_stack_by_id(id).await {
+        Ok(s) => s,
+        Err(e) => return Json(e.into()),
+    };
+
+    let other_user = match data.get_user_by_username(&req.username).await {
+        Ok(c) => c,
+        Err(e) => return Json(Error::MiscError(e.to_string()).into()),
+    };
+
+    stack
+        .users
+        .remove(match stack.users.iter().position(|x| x == &other_user.id) {
+            Some(idx) => idx,
+            None => return Json(Error::GeneralNotFound("user".to_string()).into()),
+        });
+
+    match data.update_stack_users(id, user, stack.users).await {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "User removed".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
+
+pub async fn delete_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Path(id): Path<usize>,
+) -> impl IntoResponse {
+    let data = &(data.read().await).0;
+    let user = match get_user_from_token!(jar, data) {
+        Some(ua) => ua,
+        None => return Json(Error::NotAllowed.into()),
+    };
+
+    match data.delete_stack(id, &user).await {
+        Ok(_) => Json(ApiReturn {
+            ok: true,
+            message: "Stack deleted".to_string(),
+            payload: (),
+        }),
+        Err(e) => Json(e.into()),
+    }
+}
--- a/crates/app/src/routes/pages/mod.rs
+++ b/crates/app/src/routes/pages/mod.rs
@ -3,6 +3,7 @@ pub mod communities;
 pub mod misc;
 pub mod mod_panel;
 pub mod profile;
+pub mod stacks;

 #[cfg(feature = "redis")]
 pub mod chats;
@ -104,6 +105,10 @@ pub fn routes() -> Router {
            "/chats/{community}/{channel}/_channels",
            get(chats::channels_request),
        )
+        // stacks
+        .route("/stacks", get(stacks::list_request))
+        .route("/stacks/{id}", get(stacks::posts_request))
+        .route("/stacks/{id}/manage", get(stacks::manage_request))
 }

 pub async fn render_error(
--- a/crates/app/src/routes/pages/stacks.rs
+++ b/crates/app/src/routes/pages/stacks.rs
@ -0,0 +1,136 @@
+use axum::{
+    extract::{Path, Query},
+    response::{Html, IntoResponse},
+    Extension,
+};
+use axum_extra::extract::CookieJar;
+use tetratto_core::model::{permissions::FinePermission, stacks::StackPrivacy, Error, auth::User};
+use crate::{assets::initial_context, get_lang, get_user_from_token, State};
+use super::{render_error, PaginatedQuery};
+
+/// `/stacks`
+pub async fn list_request(jar: CookieJar, Extension(data): Extension<State>) -> impl IntoResponse {
+    let data = data.read().await;
+    let user = match get_user_from_token!(jar, data.0) {
+        Some(ua) => ua,
+        None => {
+            return Err(Html(
+                render_error(Error::NotAllowed, &jar, &data, &None).await,
+            ));
+        }
+    };
+
+    let list = match data.0.get_stacks_by_owner(user.id).await {
+        Ok(p) => p,
+        Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
+    };
+
+    let lang = get_lang!(jar, data.0);
+    let mut context = initial_context(&data.0.0, lang, &Some(user)).await;
+
+    context.insert("list", &list);
+
+    // return
+    Ok(Html(data.1.render("stacks/list.html", &context).unwrap()))
+}
+
+/// `/stacks/{id}`
+pub async fn posts_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Path(id): Path<usize>,
+    Query(req): Query<PaginatedQuery>,
+) -> impl IntoResponse {
+    let data = data.read().await;
+    let user = match get_user_from_token!(jar, data.0) {
+        Some(ua) => ua,
+        None => {
+            return Err(Html(
+                render_error(Error::NotAllowed, &jar, &data, &None).await,
+            ));
+        }
+    };
+
+    let stack = match data.0.get_stack_by_id(id).await {
+        Ok(s) => s,
+        Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
+    };
+
+    if stack.privacy == StackPrivacy::Private
+        && user.id != stack.owner
+        && !user.permissions.check(FinePermission::MANAGE_STACKS)
+    {
+        return Err(Html(
+            render_error(Error::NotAllowed, &jar, &data, &None).await,
+        ));
+    }
+
+    let ignore_users = data.0.get_userblocks_receivers(user.id).await;
+    let list = match data.0.get_posts_from_stack(stack.id, 12, req.page).await {
+        Ok(l) => match data
+            .0
+            .fill_posts_with_community(l, user.id, &ignore_users)
+            .await
+        {
+            Ok(l) => l,
+            Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
+        },
+        Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
+    };
+
+    let lang = get_lang!(jar, data.0);
+    let mut context = initial_context(&data.0.0, lang, &Some(user)).await;
+
+    context.insert("page", &req.page);
+    context.insert("stack", &stack);
+    context.insert("list", &list);
+
+    // return
+    Ok(Html(data.1.render("stacks/posts.html", &context).unwrap()))
+}
+
+/// `/stacks/{id}/manage`
+pub async fn manage_request(
+    jar: CookieJar,
+    Extension(data): Extension<State>,
+    Path(id): Path<usize>,
+) -> impl IntoResponse {
+    let data = data.read().await;
+    let user = match get_user_from_token!(jar, data.0) {
+        Some(ua) => ua,
+        None => {
+            return Err(Html(
+                render_error(Error::NotAllowed, &jar, &data, &None).await,
+            ));
+        }
+    };
+
+    let stack = match data.0.get_stack_by_id(id).await {
+        Ok(s) => s,
+        Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
+    };
+
+    if user.id != stack.owner && !user.permissions.check(FinePermission::MANAGE_STACKS) {
+        return Err(Html(
+            render_error(Error::NotAllowed, &jar, &data, &None).await,
+        ));
+    }
+
+    let mut users: Vec<User> = Vec::new();
+
+    for uid in &stack.users {
+        users.push(match data.0.get_user_by_id(uid.to_owned()).await {
+            Ok(ua) => ua,
+            Err(e) => return Err(Html(render_error(e, &jar, &data, &Some(user)).await)),
+        });
+    }
+
+    let lang = get_lang!(jar, data.0);
+    let mut context = initial_context(&data.0.0, lang, &Some(user)).await;
+
+    context.insert("stack", &stack);
+    context.insert("users", &users);
+
+    // return
+    Ok(Html(data.1.render("stacks/manage.html", &context).unwrap()))
+}
--- a/crates/core/Cargo.toml
+++ b/crates/core/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "tetratto-core"
-version = "2.2.0"
+version = "2.3.0"
 edition = "2024"

 [features]
--- a/crates/core/src/config.rs
+++ b/crates/core/src/config.rs
@ -312,6 +312,7 @@ fn default_banned_usernames() -> Vec<String> {
        "post".to_string(),
        "void".to_string(),
        "anonymous".to_string(),
+        "stack".to_string(),
    ]
 }

--- a/crates/core/src/database/auth.rs
+++ b/crates/core/src/database/auth.rs
@ -127,6 +127,16 @@ impl DataManager {
            return Err(Error::MiscError("This username cannot be used".to_string()));
        }

+        if data.username.contains(" ") {
+            return Err(Error::MiscError("Name cannot contain spaces".to_string()));
+        } else if data.username.contains("%") {
+            return Err(Error::MiscError("Name cannot contain \"%\"".to_string()));
+        } else if data.username.contains("?") {
+            return Err(Error::MiscError("Name cannot contain \"?\"".to_string()));
+        } else if data.username.contains("&") {
+            return Err(Error::MiscError("Name cannot contain \"&\"".to_string()));
+        }
+
        // make sure username isn't taken
        if self.get_user_by_username(&data.username).await.is_ok() {
            return Err(Error::UsernameInUse);
--- a/crates/core/src/database/common.rs
+++ b/crates/core/src/database/common.rs
@ -32,6 +32,7 @@ impl DataManager {
        execute!(&conn, common::CREATE_TABLE_MESSAGES).unwrap();
        execute!(&conn, common::CREATE_TABLE_UPLOADS).unwrap();
        execute!(&conn, common::CREATE_TABLE_EMOJIS).unwrap();
+        execute!(&conn, common::CREATE_TABLE_STACKS).unwrap();

        self.2
            .set("atto.active_connections:users".to_string(), "0".to_string())
--- a/crates/core/src/database/drivers/common.rs
+++ b/crates/core/src/database/drivers/common.rs
@ -17,3 +17,4 @@ pub const CREATE_TABLE_CHANNELS: &str = include_str!("./sql/create_channels.sql"
 pub const CREATE_TABLE_MESSAGES: &str = include_str!("./sql/create_messages.sql");
 pub const CREATE_TABLE_UPLOADS: &str = include_str!("./sql/create_uploads.sql");
 pub const CREATE_TABLE_EMOJIS: &str = include_str!("./sql/create_emojis.sql");
+pub const CREATE_TABLE_STACKS: &str = include_str!("./sql/create_stacks.sql");
--- a/crates/core/src/database/drivers/sql/create_stacks.sql
+++ b/crates/core/src/database/drivers/sql/create_stacks.sql
@ -0,0 +1,8 @@
+CREATE TABLE IF NOT EXISTS stacks (
+    id BIGINT NOT NULL PRIMARY KEY,
+    created BIGINT NOT NULL,
+    owner BIGINT NOT NULL,
+    name TEXT NOT NULL,
+    users TEXT NOT NULL,
+    privacy TEXT NOT NULL
+)
--- a/crates/core/src/database/mod.rs
+++ b/crates/core/src/database/mod.rs
@ -14,6 +14,7 @@ mod questions;
 mod reactions;
 mod reports;
 mod requests;
+mod stacks;
 mod uploads;
 mod user_warnings;
 mod userblocks;
--- a/crates/core/src/database/posts.rs
+++ b/crates/core/src/database/posts.rs
@ -732,6 +732,55 @@ impl DataManager {
        Ok(res.unwrap())
    }

+    /// Get posts from all users in the given stack.
+    ///
+    /// # Arguments
+    /// * `id` - the ID of the stack
+    /// * `batch` - the limit of posts in each page
+    /// * `page` - the page number
+    pub async fn get_posts_from_stack(
+        &self,
+        id: usize,
+        batch: usize,
+        page: usize,
+    ) -> Result<Vec<Post>> {
+        let users = self.get_stack_by_id(id).await?.users;
+        let mut users = users.iter();
+
+        let first = match users.next() {
+            Some(f) => f,
+            None => return Ok(Vec::new()),
+        };
+
+        let mut query_string: String = String::new();
+
+        for user in users {
+            query_string.push_str(&format!(" OR owner = {}", user));
+        }
+
+        // ...
+        let conn = match self.connect().await {
+            Ok(c) => c,
+            Err(e) => return Err(Error::DatabaseConnection(e.to_string())),
+        };
+
+        let res = query_rows!(
+            &conn,
+            &format!(
+                "SELECT * FROM posts WHERE (owner = {} {query_string}) AND replying_to = 0 ORDER BY created DESC LIMIT $1 OFFSET $2",
+                first
+            ),
+            &[&(batch as i64), &((page * batch) as i64)],
+            |x| { Self::get_post_from_row(x) }
+        );
+
+        if res.is_err() {
+            return Err(Error::GeneralNotFound("post".to_string()));
+        }
+
+        Ok(res.unwrap())
+    }
+
    /// Check if the given `uid` can post in the given `community`.
    pub async fn check_can_post(&self, community: &Community, uid: usize) -> bool {
        match community.write_access {
--- a/crates/core/src/database/stacks.rs
+++ b/crates/core/src/database/stacks.rs
@ -0,0 +1,133 @@
+use super::*;
+use crate::cache::Cache;
+use crate::model::{
+    Error, Result,
+    auth::User,
+    permissions::FinePermission,
+    stacks::{StackPrivacy, UserStack},
+};
+use crate::{auto_method, execute, get, query_row, query_rows, params};
+
+#[cfg(feature = "sqlite")]
+use rusqlite::Row;
+
+#[cfg(feature = "postgres")]
+use tokio_postgres::Row;
+
+impl DataManager {
+    /// Get a [`UserStack`] from an SQL row.
+    pub(crate) fn get_stack_from_row(
+        #[cfg(feature = "sqlite")] x: &Row<'_>,
+        #[cfg(feature = "postgres")] x: &Row,
+    ) -> UserStack {
+        UserStack {
+            id: get!(x->0(i64)) as usize,
+            created: get!(x->1(i64)) as usize,
+            owner: get!(x->2(i64)) as usize,
+            name: get!(x->3(String)),
+            users: serde_json::from_str(&get!(x->4(String))).unwrap(),
+            privacy: serde_json::from_str(&get!(x->5(String))).unwrap(),
+        }
+    }
+
+    auto_method!(get_stack_by_id(usize as i64)@get_stack_from_row -> "SELECT * FROM stacks WHERE id = $1" --name="stack" --returns=UserStack --cache-key-tmpl="atto.stack:{}");
+
+    /// Get all stacks by user.
+    ///
+    /// # Arguments
+    /// * `id` - the ID of the user to fetch stacks for
+    pub async fn get_stacks_by_owner(&self, id: usize) -> Result<Vec<UserStack>> {
+        let conn = match self.connect().await {
+            Ok(c) => c,
+            Err(e) => return Err(Error::DatabaseConnection(e.to_string())),
+        };
+
+        let res = query_rows!(
+            &conn,
+            "SELECT * FROM stacks WHERE owner = $1 ORDER BY name ASC",
+            &[&(id as i64)],
+            |x| { Self::get_stack_from_row(x) }
+        );
+
+        if res.is_err() {
+            return Err(Error::GeneralNotFound("stack".to_string()));
+        }
+
+        Ok(res.unwrap())
+    }
+
+    /// Create a new stack in the database.
+    ///
+    /// # Arguments
+    /// * `data` - a mock [`UserStack`] object to insert
+    pub async fn create_stack(&self, data: UserStack) -> Result<UserStack> {
+        // check number of stacks
+        let owner = self.get_user_by_id(data.owner).await?;
+
+        if !owner.permissions.check(FinePermission::SUPPORTER) {
+            let stacks = self.get_stacks_by_owner(data.owner).await?;
+            let maximum_count = 5;
+
+            if stacks.len() >= maximum_count {
+                return Err(Error::MiscError(
+                    "You already have the maximum number of stacks you can have".to_string(),
+                ));
+            }
+        }
+
+        // ...
+        let conn = match self.connect().await {
+            Ok(c) => c,
+            Err(e) => return Err(Error::DatabaseConnection(e.to_string())),
+        };
+
+        let res = execute!(
+            &conn,
+            "INSERT INTO stacks VALUES ($1, $2, $3, $4, $5, $6)",
+            params![
+                &(data.id as i64),
+                &(data.created as i64),
+                &(data.owner as i64),
+                &data.name,
+                &serde_json::to_string(&data.users).unwrap(),
+                &serde_json::to_string(&data.privacy).unwrap(),
+            ]
+        );
+
+        if let Err(e) = res {
+            return Err(Error::DatabaseError(e.to_string()));
+        }
+
+        Ok(data)
+    }
+
+    pub async fn delete_stack(&self, id: usize, user: &User) -> Result<()> {
+        let stack = self.get_stack_by_id(id).await?;
+
+        // check user permission
+        if user.id != stack.owner {
+            if !user.permissions.check(FinePermission::MANAGE_STACKS) {
+                return Err(Error::NotAllowed);
+            }
+        }
+
+        // ...
+        let conn = match self.connect().await {
+            Ok(c) => c,
+            Err(e) => return Err(Error::DatabaseConnection(e.to_string())),
+        };
+
+        let res = execute!(&conn, "DELETE FROM stacks WHERE id = $1", &[&(id as i64)]);
+
+        if let Err(e) = res {
+            return Err(Error::DatabaseError(e.to_string()));
+        }
+
+        self.2.remove(format!("atto.stack:{}", id)).await;
+        Ok(())
+    }
+
+    auto_method!(update_stack_name(&str)@get_stack_by_id:MANAGE_STACKS -> "UPDATE stacks SET name = $1 WHERE id = $2" --cache-key-tmpl="atto.stack:{}");
+    auto_method!(update_stack_privacy(StackPrivacy)@get_stack_by_id:MANAGE_STACKS -> "UPDATE stacks SET privacy = $1 WHERE id = $2" --serde --cache-key-tmpl="atto.stack:{}");
+    auto_method!(update_stack_users(Vec<usize>)@get_stack_by_id:MANAGE_STACKS -> "UPDATE stacks SET users = $1 WHERE id = $2" --serde --cache-key-tmpl="atto.stack:{}");
+}
--- a/crates/core/src/model/mod.rs
+++ b/crates/core/src/model/mod.rs
@ -6,6 +6,7 @@ pub mod oauth;
 pub mod permissions;
 pub mod reactions;
 pub mod requests;
+pub mod stacks;
 pub mod uploads;

 #[cfg(feature = "redis")]
--- a/crates/core/src/model/permissions.rs
+++ b/crates/core/src/model/permissions.rs
@ -34,6 +34,7 @@ bitflags! {
        const MANAGE_MESSAGES = 1 << 23;
        const MANAGE_UPLOADS = 1 << 24;
        const MANAGE_EMOJIS = 1 << 25;
+        const MANAGE_STACKS = 1 << 26;

        const _ = !0;
    }
--- a/crates/core/src/model/stacks.rs
+++ b/crates/core/src/model/stacks.rs
@ -0,0 +1,40 @@
+use serde::{Serialize, Deserialize};
+use tetratto_shared::{snow::Snowflake, unix_epoch_timestamp};
+
+#[derive(Debug, Serialize, Deserialize, PartialEq, Eq)]
+pub enum StackPrivacy {
+    /// Can be viewed by anyone.
+    Public,
+    /// Can only be viewed by the stack's owner (and users with `MANAGE_STACKS`).
+    Private,
+}
+
+impl Default for StackPrivacy {
+    fn default() -> Self {
+        Self::Private
+    }
+}
+
+#[derive(Serialize, Deserialize)]
+pub struct UserStack {
+    pub id: usize,
+    pub created: usize,
+    pub owner: usize,
+    pub name: String,
+    pub users: Vec<usize>,
+    pub privacy: StackPrivacy,
+}
+
+impl UserStack {
+    /// Create a new [`UserStack`].
+    pub fn new(name: String, owner: usize, users: Vec<usize>) -> Self {
+        Self {
+            id: Snowflake::new().to_string().parse::<usize>().unwrap(),
+            created: unix_epoch_timestamp() as usize,
+            owner,
+            name,
+            users,
+            privacy: StackPrivacy::default(),
+        }
+    }
+}
--- a/crates/l10n/Cargo.toml
+++ b/crates/l10n/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "tetratto-l10n"
-version = "2.2.0"
+version = "2.3.0"
 edition = "2024"
 authors.workspace = true
 repository.workspace = true
--- a/crates/shared/Cargo.toml
+++ b/crates/shared/Cargo.toml
@ -1,6 +1,6 @@
 [package]
 name = "tetratto-shared"
-version = "2.2.0"
+version = "2.3.0"
 edition = "2024"
 authors.workspace = true
 repository.workspace = true