Add more checks in inbox, plus some refactoring #76
Loading…
Reference in New Issue
No description provided.
Delete Branch "more-inbox-permissions"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This is just a bit of high-level stuff. In the next step, I will have to call
check_is_apub_id_valid()
on every apub id that is coming in through an activity.Note that some federation tests are currently failing.
Edit: Fixed all federation tests.
WIP: Add more checks in inbox, plus some refactoringto Add more checks in inbox, plus some refactoringReady for review. Note the commit message for the Claims::decode commit. Not sure if there is anything else thats worth extracting in the API.
@ -258,3 +245,1 @@
};
let user_id = claims.id;
let user = get_user_from_jwt(&data.auth, pool).await?;
Def a lot easier.
@ -78,0 +89,4 @@
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
// Check for a site ban
if user.banned {
return Err(APIError::err("site_ban").into());
Ah I see. Checking for a site ban here.
Yeah I forget which actions I allowed for those who were banned before, but they probably weren't important. And its probably best to block all actions bc it could potentially be spam anyway.
Looks good, and all the tests passed.