diff options
Diffstat (limited to 'server/src/api/post.rs')
-rw-r--r-- | server/src/api/post.rs | 75 |
1 files changed, 48 insertions, 27 deletions
diff --git a/server/src/api/post.rs b/server/src/api/post.rs index 840f1530..6710a2cd 100644 --- a/server/src/api/post.rs +++ b/server/src/api/post.rs @@ -1,27 +1,8 @@ use crate::{ - api::{APIError, Oper, Perform}, + api::{claims::Claims, APIError, Oper, Perform}, apub::{ApubLikeableType, ApubObjectType}, blocking, - db::{ - comment_view::*, - community_view::*, - moderator::*, - post::*, - post_view::*, - site::*, - site_view::*, - user::*, - user_view::*, - Crud, - Likeable, - ListingType, - Saveable, - SortType, - }, fetch_iframely_and_pictrs_data, - naive_now, - slur_check, - slurs_vec_to_str, websocket::{ server::{JoinCommunityRoom, JoinPostRoom, SendPost}, UserOperation, @@ -30,6 +11,30 @@ use crate::{ DbPool, LemmyError, }; +use lemmy_db::{ + comment_view::*, + community_view::*, + moderator::*, + naive_now, + post::*, + post_view::*, + site::*, + site_view::*, + user::*, + user_view::*, + Crud, + Likeable, + ListingType, + Saveable, + SortType, +}; +use lemmy_utils::{ + is_valid_post_title, + make_apub_endpoint, + slur_check, + slurs_vec_to_str, + EndpointType, +}; use serde::{Deserialize, Serialize}; use std::str::FromStr; @@ -71,6 +76,7 @@ pub struct GetPosts { page: Option<i64>, limit: Option<i64>, pub community_id: Option<i32>, + pub community_name: Option<String>, auth: Option<String>, } @@ -136,6 +142,10 @@ impl Perform for Oper<CreatePost> { } } + if !is_valid_post_title(&data.name) { + return Err(APIError::err("invalid_post_title").into()); + } + let user_id = claims.id; // Check for a community ban @@ -157,7 +167,7 @@ impl Perform for Oper<CreatePost> { fetch_iframely_and_pictrs_data(&self.client, data.url.to_owned()).await; let post_form = PostForm { - name: data.name.to_owned(), + name: data.name.trim().to_owned(), url: data.url.to_owned(), body: data.body.to_owned(), community_id: data.community_id, @@ -191,11 +201,16 @@ impl Perform for Oper<CreatePost> { }; let inserted_post_id = inserted_post.id; - let updated_post = - match blocking(pool, move |conn| Post::update_ap_id(conn, inserted_post_id)).await? { - Ok(post) => post, - Err(_e) => return Err(APIError::err("couldnt_create_post").into()), - }; + let updated_post = match blocking(pool, move |conn| { + let apub_id = + make_apub_endpoint(EndpointType::Post, &inserted_post_id.to_string()).to_string(); + Post::update_ap_id(conn, inserted_post_id, apub_id) + }) + .await? + { + Ok(post) => post, + Err(_e) => return Err(APIError::err("couldnt_create_post").into()), + }; updated_post.send_create(&user, &self.client, pool).await?; @@ -361,12 +376,14 @@ impl Perform for Oper<GetPosts> { let page = data.page; let limit = data.limit; let community_id = data.community_id; + let community_name = data.community_name.to_owned(); let posts = match blocking(pool, move |conn| { PostQueryBuilder::create(conn) .listing_type(type_) .sort(&sort) .show_nsfw(show_nsfw) .for_community_id(community_id) + .for_community_name(community_name) .my_user_id(user_id) .page(page) .limit(limit) @@ -512,6 +529,10 @@ impl Perform for Oper<EditPost> { } } + if !is_valid_post_title(&data.name) { + return Err(APIError::err("invalid_post_title").into()); + } + let claims = match Claims::decode(&data.auth) { Ok(claims) => claims.claims, Err(_e) => return Err(APIError::err("not_logged_in").into()), @@ -561,7 +582,7 @@ impl Perform for Oper<EditPost> { let read_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let post_form = PostForm { - name: data.name.to_owned(), + name: data.name.trim().to_owned(), url: data.url.to_owned(), body: data.body.to_owned(), creator_id: data.creator_id.to_owned(), |