diff options
Diffstat (limited to 'server/src/api')
| -rw-r--r-- | server/src/api/claims.rs | 73 | ||||
| -rw-r--r-- | server/src/api/comment.rs | 52 | ||||
| -rw-r--r-- | server/src/api/community.rs | 26 | ||||
| -rw-r--r-- | server/src/api/mod.rs | 9 | ||||
| -rw-r--r-- | server/src/api/post.rs | 75 | ||||
| -rw-r--r-- | server/src/api/site.rs | 37 | ||||
| -rw-r--r-- | server/src/api/user.rs | 102 |
7 files changed, 239 insertions, 135 deletions
diff --git a/server/src/api/claims.rs b/server/src/api/claims.rs new file mode 100644 index 00000000..eec9d1a7 --- /dev/null +++ b/server/src/api/claims.rs @@ -0,0 +1,73 @@ +use diesel::{result::Error, PgConnection}; +use jsonwebtoken::{decode, encode, DecodingKey, EncodingKey, Header, TokenData, Validation}; +use lemmy_db::{user::User_, Crud}; +use lemmy_utils::{is_email_regex, settings::Settings}; +use serde::{Deserialize, Serialize}; + +type Jwt = String; + +#[derive(Debug, Serialize, Deserialize)] +pub struct Claims { + pub id: i32, + pub username: String, + pub iss: String, + pub show_nsfw: bool, + pub theme: String, + pub default_sort_type: i16, + pub default_listing_type: i16, + pub lang: String, + pub avatar: Option<String>, + pub show_avatars: bool, +} + +impl Claims { + pub fn decode(jwt: &str) -> Result<TokenData<Claims>, jsonwebtoken::errors::Error> { + let v = Validation { + validate_exp: false, + ..Validation::default() + }; + decode::<Claims>( + &jwt, + &DecodingKey::from_secret(Settings::get().jwt_secret.as_ref()), + &v, + ) + } + + pub fn jwt(user: User_, hostname: String) -> Jwt { + let my_claims = Claims { + id: user.id, + username: user.name.to_owned(), + iss: hostname, + show_nsfw: user.show_nsfw, + theme: user.theme.to_owned(), + default_sort_type: user.default_sort_type, + default_listing_type: user.default_listing_type, + lang: user.lang.to_owned(), + avatar: user.avatar.to_owned(), + show_avatars: user.show_avatars.to_owned(), + }; + encode( + &Header::default(), + &my_claims, + &EncodingKey::from_secret(Settings::get().jwt_secret.as_ref()), + ) + .unwrap() + } + + // TODO: move these into user? + pub fn find_by_email_or_username( + conn: &PgConnection, + username_or_email: &str, + ) -> Result<User_, Error> { + if is_email_regex(username_or_email) { + User_::find_by_email(conn, username_or_email) + } else { + User_::find_by_username(conn, username_or_email) + } + } + + pub fn find_by_jwt(conn: &PgConnection, jwt: &str) -> Result<User_, Error> { + let claims: Claims = Claims::decode(&jwt).expect("Invalid token").claims; + User_::read(&conn, claims.id) + } +} diff --git a/server/src/api/comment.rs b/server/src/api/comment.rs index c7406b37..2007542f 100644 --- a/server/src/api/comment.rs +++ b/server/src/api/comment.rs @@ -1,28 +1,7 @@ use crate::{ - api::{APIError, Oper, Perform}, + api::{claims::Claims, APIError, Oper, Perform}, apub::{ApubLikeableType, ApubObjectType}, blocking, - db::{ - comment::*, - comment_view::*, - community_view::*, - moderator::*, - post::*, - site_view::*, - user::*, - user_mention::*, - user_view::*, - Crud, - Likeable, - ListingType, - Saveable, - SortType, - }, - naive_now, - remove_slurs, - scrape_text_for_mentions, - send_email, - settings::Settings, websocket::{ server::{JoinCommunityRoom, SendComment}, UserOperation, @@ -30,6 +9,31 @@ use crate::{ }, DbPool, LemmyError, +}; +use lemmy_db::{ + comment::*, + comment_view::*, + community_view::*, + moderator::*, + naive_now, + post::*, + site_view::*, + user::*, + user_mention::*, + user_view::*, + Crud, + Likeable, + ListingType, + Saveable, + SortType, +}; +use lemmy_utils::{ + make_apub_endpoint, + remove_slurs, + scrape_text_for_mentions, + send_email, + settings::Settings, + EndpointType, MentionData, }; use log::error; @@ -155,7 +159,9 @@ impl Perform for Oper<CreateComment> { let inserted_comment_id = inserted_comment.id; let updated_comment: Comment = match blocking(pool, move |conn| { - Comment::update_ap_id(&conn, inserted_comment_id) + let apub_id = + make_apub_endpoint(EndpointType::Comment, &inserted_comment_id.to_string()).to_string(); + Comment::update_ap_id(&conn, inserted_comment_id, apub_id) }) .await? { diff --git a/server/src/api/community.rs b/server/src/api/community.rs index 02071c57..e703dcf4 100644 --- a/server/src/api/community.rs +++ b/server/src/api/community.rs @@ -1,26 +1,24 @@ use super::*; use crate::{ - api::{APIError, Oper, Perform}, - apub::{ - extensions::signatures::generate_actor_keypair, - make_apub_endpoint, - ActorType, - EndpointType, - }, + api::{claims::Claims, APIError, Oper, Perform}, + apub::ActorType, blocking, - db::{Bannable, Crud, Followable, Joinable, SortType}, - is_valid_community_name, - naive_from_unix, - naive_now, - slur_check, - slurs_vec_to_str, websocket::{ server::{JoinCommunityRoom, SendCommunityRoomMessage}, UserOperation, WebsocketInfo, }, DbPool, - LemmyError, +}; +use lemmy_db::{naive_now, Bannable, Crud, Followable, Joinable, SortType}; +use lemmy_utils::{ + generate_actor_keypair, + is_valid_community_name, + make_apub_endpoint, + naive_from_unix, + slur_check, + slurs_vec_to_str, + EndpointType, }; use serde::{Deserialize, Serialize}; use std::str::FromStr; diff --git a/server/src/api/mod.rs b/server/src/api/mod.rs index 6df9909c..bb65815a 100644 --- a/server/src/api/mod.rs +++ b/server/src/api/mod.rs @@ -1,11 +1,8 @@ -use crate::{ - db::{community::*, community_view::*, moderator::*, site::*, user::*, user_view::*}, - websocket::WebsocketInfo, - DbPool, - LemmyError, -}; +use crate::{websocket::WebsocketInfo, DbPool, LemmyError}; use actix_web::client::Client; +use lemmy_db::{community::*, community_view::*, moderator::*, site::*, user::*, user_view::*}; +pub mod claims; pub mod comment; pub mod community; pub mod post; diff --git a/server/src/api/post.rs b/server/src/api/post.rs index 840f1530..6710a2cd 100644 --- a/server/src/api/post.rs +++ b/server/src/api/post.rs @@ -1,27 +1,8 @@ use crate::{ - api::{APIError, Oper, Perform}, + api::{claims::Claims, APIError, Oper, Perform}, apub::{ApubLikeableType, ApubObjectType}, blocking, - db::{ - comment_view::*, - community_view::*, - moderator::*, - post::*, - post_view::*, - site::*, - site_view::*, - user::*, - user_view::*, - Crud, - Likeable, - ListingType, - Saveable, - SortType, - }, fetch_iframely_and_pictrs_data, - naive_now, - slur_check, - slurs_vec_to_str, websocket::{ server::{JoinCommunityRoom, JoinPostRoom, SendPost}, UserOperation, @@ -30,6 +11,30 @@ use crate::{ DbPool, LemmyError, }; +use lemmy_db::{ + comment_view::*, + community_view::*, + moderator::*, + naive_now, + post::*, + post_view::*, + site::*, + site_view::*, + user::*, + user_view::*, + Crud, + Likeable, + ListingType, + Saveable, + SortType, +}; +use lemmy_utils::{ + is_valid_post_title, + make_apub_endpoint, + slur_check, + slurs_vec_to_str, + EndpointType, +}; use serde::{Deserialize, Serialize}; use std::str::FromStr; @@ -71,6 +76,7 @@ pub struct GetPosts { page: Option<i64>, limit: Option<i64>, pub community_id: Option<i32>, + pub community_name: Option<String>, auth: Option<String>, } @@ -136,6 +142,10 @@ impl Perform for Oper<CreatePost> { } } + if !is_valid_post_title(&data.name) { + return Err(APIError::err("invalid_post_title").into()); + } + let user_id = claims.id; // Check for a community ban @@ -157,7 +167,7 @@ impl Perform for Oper<CreatePost> { fetch_iframely_and_pictrs_data(&self.client, data.url.to_owned()).await; let post_form = PostForm { - name: data.name.to_owned(), + name: data.name.trim().to_owned(), url: data.url.to_owned(), body: data.body.to_owned(), community_id: data.community_id, @@ -191,11 +201,16 @@ impl Perform for Oper<CreatePost> { }; let inserted_post_id = inserted_post.id; - let updated_post = - match blocking(pool, move |conn| Post::update_ap_id(conn, inserted_post_id)).await? { - Ok(post) => post, - Err(_e) => return Err(APIError::err("couldnt_create_post").into()), - }; + let updated_post = match blocking(pool, move |conn| { + let apub_id = + make_apub_endpoint(EndpointType::Post, &inserted_post_id.to_string()).to_string(); + Post::update_ap_id(conn, inserted_post_id, apub_id) + }) + .await? + { + Ok(post) => post, + Err(_e) => return Err(APIError::err("couldnt_create_post").into()), + }; updated_post.send_create(&user, &self.client, pool).await?; @@ -361,12 +376,14 @@ impl Perform for Oper<GetPosts> { let page = data.page; let limit = data.limit; let community_id = data.community_id; + let community_name = data.community_name.to_owned(); let posts = match blocking(pool, move |conn| { PostQueryBuilder::create(conn) .listing_type(type_) .sort(&sort) .show_nsfw(show_nsfw) .for_community_id(community_id) + .for_community_name(community_name) .my_user_id(user_id) .page(page) .limit(limit) @@ -512,6 +529,10 @@ impl Perform for Oper<EditPost> { } } + if !is_valid_post_title(&data.name) { + return Err(APIError::err("invalid_post_title").into()); + } + let claims = match Claims::decode(&data.auth) { Ok(claims) => claims.claims, Err(_e) => return Err(APIError::err("not_logged_in").into()), @@ -561,7 +582,7 @@ impl Perform for Oper<EditPost> { let read_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let post_form = PostForm { - name: data.name.to_owned(), + name: data.name.trim().to_owned(), url: data.url.to_owned(), body: data.body.to_owned(), creator_id: data.creator_id.to_owned(), diff --git a/server/src/api/site.rs b/server/src/api/site.rs index f45561a8..241a80e3 100644 --- a/server/src/api/site.rs +++ b/server/src/api/site.rs @@ -1,31 +1,28 @@ use super::user::Register; use crate::{ - api::{APIError, Oper, Perform}, + api::{claims::Claims, APIError, Oper, Perform}, apub::fetcher::search_by_apub_id, blocking, - db::{ - category::*, - comment_view::*, - community_view::*, - moderator::*, - moderator_views::*, - post_view::*, - site::*, - site_view::*, - user::*, - user_view::*, - Crud, - SearchType, - SortType, - }, - naive_now, - settings::Settings, - slur_check, - slurs_vec_to_str, websocket::{server::SendAllMessage, UserOperation, WebsocketInfo}, DbPool, LemmyError, }; +use lemmy_db::{ + category::*, + comment_view::*, + community_view::*, + moderator::*, + moderator_views::*, + naive_now, + post_view::*, + site::*, + site_view::*, + user_view::*, + Crud, + SearchType, + SortType, +}; +use lemmy_utils::{settings::Settings, slur_check, slurs_vec_to_str}; use log::{debug, info}; use serde::{Deserialize, Serialize}; use std::str::FromStr; diff --git a/server/src/api/user.rs b/server/src/api/user.rs index 9b72a919..9f33843f 100644 --- a/server/src/api/user.rs +++ b/server/src/api/user.rs @@ -1,53 +1,53 @@ use crate::{ - api::{APIError, Oper, Perform}, - apub::{ - extensions::signatures::generate_actor_keypair, - make_apub_endpoint, - ApubObjectType, - EndpointType, - }, + api::{claims::Claims, APIError, Oper, Perform}, + apub::ApubObjectType, blocking, - db::{ - comment::*, - comment_view::*, - community::*, - community_view::*, - moderator::*, - password_reset_request::*, - post::*, - post_view::*, - private_message::*, - private_message_view::*, - site::*, - site_view::*, - user::*, - user_mention::*, - user_mention_view::*, - user_view::*, - Crud, - Followable, - Joinable, - ListingType, - SortType, + websocket::{ + server::{JoinUserRoom, SendAllMessage, SendUserRoomMessage}, + UserOperation, + WebsocketInfo, }, + DbPool, + LemmyError, +}; +use bcrypt::verify; +use lemmy_db::{ + comment::*, + comment_view::*, + community::*, + community_view::*, + moderator::*, + naive_now, + password_reset_request::*, + post::*, + post_view::*, + private_message::*, + private_message_view::*, + site::*, + site_view::*, + user::*, + user_mention::*, + user_mention_view::*, + user_view::*, + Crud, + Followable, + Joinable, + ListingType, + SortType, +}; +use lemmy_utils::{ + generate_actor_keypair, generate_random_string, is_valid_username, + make_apub_endpoint, naive_from_unix, - naive_now, remove_slurs, send_email, settings::Settings, slur_check, slurs_vec_to_str, - websocket::{ - server::{JoinUserRoom, SendAllMessage, SendUserRoomMessage}, - UserOperation, - WebsocketInfo, - }, - DbPool, - LemmyError, + EndpointType, }; -use bcrypt::verify; use log::error; use serde::{Deserialize, Serialize}; use std::str::FromStr; @@ -264,7 +264,7 @@ impl Perform for Oper<Login> { // Fetch that username / email let username_or_email = data.username_or_email.clone(); let user = match blocking(pool, move |conn| { - User_::find_by_email_or_username(conn, &username_or_email) + Claims::find_by_email_or_username(conn, &username_or_email) }) .await? { @@ -279,7 +279,9 @@ impl Perform for Oper<Login> { } // Return the jwt - Ok(LoginResponse { jwt: user.jwt() }) + Ok(LoginResponse { + jwt: Claims::jwt(user, Settings::get().hostname), + }) } } @@ -421,7 +423,7 @@ impl Perform for Oper<Register> { // Return the jwt Ok(LoginResponse { - jwt: inserted_user.jwt(), + jwt: Claims::jwt(inserted_user, Settings::get().hostname), }) } } @@ -451,6 +453,11 @@ impl Perform for Oper<SaveUserSettings> { None => read_user.email, }; + let avatar = match &data.avatar { + Some(avatar) => Some(avatar.to_owned()), + None => read_user.avatar, + }; + let password_encrypted = match &data.new_password { Some(new_password) => { match &data.new_password_verify { @@ -488,7 +495,7 @@ impl Perform for Oper<SaveUserSettings> { name: read_user.name, email, matrix_user_id: data.matrix_user_id.to_owned(), - avatar: data.avatar.to_owned(), + avatar, password_encrypted, preferred_username: read_user.preferred_username, updated: Some(naive_now()), @@ -527,7 +534,7 @@ impl Perform for Oper<SaveUserSettings> { // Return the jwt Ok(LoginResponse { - jwt: updated_user.jwt(), + jwt: Claims::jwt(updated_user, Settings::get().hostname), }) } } @@ -1150,7 +1157,7 @@ impl Perform for Oper<PasswordChange> { // Return the jwt Ok(LoginResponse { - jwt: updated_user.jwt(), + jwt: Claims::jwt(updated_user, Settings::get().hostname), }) } } @@ -1208,7 +1215,12 @@ impl Perform for Oper<CreatePrivateMessage> { let inserted_private_message_id = inserted_private_message.id; let updated_private_message = match blocking(pool, move |conn| { - PrivateMessage::update_ap_id(&conn, inserted_private_message_id) + let apub_id = make_apub_endpoint( + EndpointType::PrivateMessage, + &inserted_private_message_id.to_string(), + ) + .to_string(); + PrivateMessage::update_ap_id(&conn, inserted_private_message_id, apub_id) }) .await? { |