diff --git a/server/src/api/comment.rs b/server/src/api/comment.rs index 7dfce473f..a18ba7627 100644 --- a/server/src/api/comment.rs +++ b/server/src/api/comment.rs @@ -1,5 +1,5 @@ use crate::{ - api::{claims::Claims, is_mod_or_admin, APIError, Oper, Perform}, + api::{get_user_from_jwt, get_user_from_jwt_opt, is_mod_or_admin, APIError, Oper, Perform}, apub::{ApubLikeableType, ApubObjectType}, blocking, websocket::{ @@ -123,13 +123,7 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &CreateComment = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let content_slurs_removed = remove_slurs(&data.content.to_owned()); @@ -137,7 +131,7 @@ impl Perform for Oper { content: content_slurs_removed, parent_id: data.parent_id.to_owned(), post_id: data.post_id, - creator_id: user_id, + creator_id: user.id, removed: None, deleted: None, read: None, @@ -152,18 +146,13 @@ impl Perform for Oper { let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; let community_id = post.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { return Err(APIError::err("community_ban").into()); } - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(&conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - // Check if post is locked, no new comments if post.locked { return Err(APIError::err("locked").into()); @@ -251,26 +240,15 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &EditComment = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let edit_id = data.edit_id; let orig_comment = blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - // Check for a community ban let community_id = orig_comment.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { @@ -278,7 +256,7 @@ impl Perform for Oper { } // Verify that only the creator can edit - if user_id != orig_comment.creator_id { + if user.id != orig_comment.creator_id { return Err(APIError::err("no_comment_edit_allowed").into()); } @@ -346,26 +324,15 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &DeleteComment = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let edit_id = data.edit_id; let orig_comment = blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - // Check for a community ban let community_id = orig_comment.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { @@ -445,26 +412,15 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &RemoveComment = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let edit_id = data.edit_id; let orig_comment = blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - // Check for a community ban let community_id = orig_comment.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { @@ -551,26 +507,15 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &MarkCommentAsRead = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let edit_id = data.edit_id; let orig_comment = blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - // Check for a community ban let community_id = orig_comment.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { @@ -591,7 +536,7 @@ impl Perform for Oper { None => { let parent_post_id = orig_comment.post_id; let parent_post = blocking(pool, move |conn| Post::read(conn, parent_post_id)).await??; - if user_id != parent_post.creator_id { + if user.id != parent_post.creator_id { return Err(APIError::err("no_comment_edit_allowed").into()); } } @@ -631,17 +576,11 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &SaveComment = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let comment_saved_form = CommentSavedForm { comment_id: data.comment_id, - user_id, + user_id: user.id, }; if data.save { @@ -657,6 +596,7 @@ impl Perform for Oper { } let comment_id = data.comment_id; + let user_id = user.id; let comment_view = blocking(pool, move |conn| { CommentView::read(conn, comment_id, Some(user_id)) }) @@ -680,13 +620,7 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &CreateCommentLike = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let mut recipient_ids = Vec::new(); @@ -706,18 +640,13 @@ impl Perform for Oper { let post_id = orig_comment.post_id; let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; let community_id = post.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { return Err(APIError::err("community_ban").into()); } - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - let comment_id = data.comment_id; let comment = blocking(pool, move |conn| Comment::read(conn, comment_id)).await??; @@ -806,19 +735,8 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &GetComments = &self.data; - - let user_claims: Option = match &data.auth { - Some(auth) => match Claims::decode(&auth) { - Ok(claims) => Some(claims.claims), - Err(_e) => None, - }, - None => None, - }; - - let user_id = match &user_claims { - Some(claims) => Some(claims.id), - None => None, - }; + let user = get_user_from_jwt_opt(&data.auth, pool).await?; + let user_id = user.map(|u| u.id); let type_ = ListingType::from_str(&data.type_)?; let sort = SortType::from_str(&data.sort)?; diff --git a/server/src/api/community.rs b/server/src/api/community.rs index e4a8b6e8e..beb51f1b5 100644 --- a/server/src/api/community.rs +++ b/server/src/api/community.rs @@ -1,6 +1,6 @@ use super::*; use crate::{ - api::{claims::Claims, is_admin, is_mod_or_admin, APIError, Oper, Perform}, + api::{is_admin, is_mod_or_admin, APIError, Oper, Perform}, apub::ActorType, blocking, websocket::{ @@ -154,17 +154,8 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &GetCommunity = &self.data; - - let user_id: Option = match &data.auth { - Some(auth) => match Claims::decode(&auth) { - Ok(claims) => { - let user_id = claims.claims.id; - Some(user_id) - } - Err(_e) => None, - }, - None => None, - }; + let user = get_user_from_jwt_opt(&data.auth, pool).await?; + let user_id = user.map(|u| u.id); let name = data.name.to_owned().unwrap_or_else(|| "main".to_string()); let community = match data.id { @@ -234,11 +225,7 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &CreateCommunity = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; + let user = get_user_from_jwt(&data.auth, pool).await?; if let Err(slurs) = slur_check(&data.name) { return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); @@ -258,14 +245,6 @@ impl Perform for Oper { return Err(APIError::err("invalid_community_name").into()); } - let user_id = claims.id; - - // Check for a site ban - let user_view = blocking(pool, move |conn| UserView::read(conn, user_id)).await??; - if user_view.banned { - return Err(APIError::err("site_ban").into()); - } - // Double check for duplicate community actor_ids let actor_id = make_apub_endpoint(EndpointType::Community, &data.name).to_string(); let actor_id_cloned = actor_id.to_owned(); @@ -285,7 +264,7 @@ impl Perform for Oper { title: data.title.to_owned(), description: data.description.to_owned(), category_id: data.category_id, - creator_id: user_id, + creator_id: user.id, removed: None, deleted: None, nsfw: data.nsfw, @@ -306,7 +285,7 @@ impl Perform for Oper { let community_moderator_form = CommunityModeratorForm { community_id: inserted_community.id, - user_id, + user_id: user.id, }; let join = move |conn: &'_ _| CommunityModerator::join(conn, &community_moderator_form); @@ -316,7 +295,7 @@ impl Perform for Oper { let community_follower_form = CommunityFollowerForm { community_id: inserted_community.id, - user_id, + user_id: user.id, }; let follow = move |conn: &'_ _| CommunityFollower::follow(conn, &community_follower_form); @@ -324,6 +303,7 @@ impl Perform for Oper { return Err(APIError::err("community_follower_already_exists").into()); } + let user_id = user.id; let community_view = blocking(pool, move |conn| { CommunityView::read(conn, inserted_community.id, Some(user_id)) }) @@ -345,6 +325,7 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &EditCommunity = &self.data; + let user = get_user_from_jwt(&data.auth, pool).await?; if let Err(slurs) = slur_check(&data.title) { return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); @@ -356,19 +337,6 @@ impl Perform for Oper { } } - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - // Verify its a mod (only mods can edit it) let edit_id = data.edit_id; let mods: Vec = blocking(pool, move |conn| { @@ -376,7 +344,7 @@ impl Perform for Oper { .map(|v| v.into_iter().map(|m| m.user_id).collect()) }) .await??; - if !mods.contains(&user_id) { + if !mods.contains(&user.id) { return Err(APIError::err("not_a_moderator").into()); } @@ -415,6 +383,7 @@ impl Perform for Oper { // process for communities and users let edit_id = data.edit_id; + let user_id = user.id; let community_view = blocking(pool, move |conn| { CommunityView::read(conn, edit_id, Some(user_id)) }) @@ -440,24 +409,12 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &DeleteCommunity = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } + let user = get_user_from_jwt(&data.auth, pool).await?; // Verify its the creator (only a creator can delete the community) let edit_id = data.edit_id; let read_community = blocking(pool, move |conn| Community::read(conn, edit_id)).await??; - if read_community.creator_id != user_id { + if read_community.creator_id != user.id { return Err(APIError::err("no_community_edit_allowed").into()); } @@ -485,6 +442,7 @@ impl Perform for Oper { } let edit_id = data.edit_id; + let user_id = user.id; let community_view = blocking(pool, move |conn| { CommunityView::read(conn, edit_id, Some(user_id)) }) @@ -510,22 +468,10 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &RemoveCommunity = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } + let user = get_user_from_jwt(&data.auth, pool).await?; // Verify its an admin (only an admin can remove a community) - is_admin(pool, user_id).await?; + is_admin(pool, user.id).await?; // Do the remove let edit_id = data.edit_id; @@ -545,7 +491,7 @@ impl Perform for Oper { None => None, }; let form = ModRemoveCommunityForm { - mod_user_id: user_id, + mod_user_id: user.id, community_id: data.edit_id, removed: Some(removed), reason: data.reason.to_owned(), @@ -565,6 +511,7 @@ impl Perform for Oper { } let edit_id = data.edit_id; + let user_id = user.id; let community_view = blocking(pool, move |conn| { CommunityView::read(conn, edit_id, Some(user_id)) }) @@ -590,19 +537,7 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &ListCommunities = &self.data; - - // For logged in users, you need to get back subscribed, and settings - let user: Option = match &data.auth { - Some(auth) => match Claims::decode(&auth) { - Ok(claims) => { - let user_id = claims.claims.id; - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - Some(user) - } - Err(_e) => None, - }, - None => None, - }; + let user = get_user_from_jwt_opt(&data.auth, pool).await?; let user_id = match &user { Some(user) => Some(user.id), @@ -644,19 +579,13 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &FollowCommunity = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let community_id = data.community_id; let community = blocking(pool, move |conn| Community::read(conn, community_id)).await??; let community_follower_form = CommunityFollowerForm { community_id: data.community_id, - user_id, + user_id: user.id, }; if community.local { @@ -672,29 +601,25 @@ impl Perform for Oper { return Err(APIError::err("community_follower_already_exists").into()); } } + } else if data.follow { + // Dont actually add to the community followers here, because you need + // to wait for the accept + user + .send_follow(&community.actor_id, &self.client, pool) + .await?; } else { - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - - if data.follow { - // Dont actually add to the community followers here, because you need - // to wait for the accept - user - .send_follow(&community.actor_id, &self.client, pool) - .await?; - } else { - user - .send_unfollow(&community.actor_id, &self.client, pool) - .await?; - let unfollow = - move |conn: &'_ _| CommunityFollower::unfollow(conn, &community_follower_form); - if blocking(pool, unfollow).await?.is_err() { - return Err(APIError::err("community_follower_already_exists").into()); - } + user + .send_unfollow(&community.actor_id, &self.client, pool) + .await?; + let unfollow = move |conn: &'_ _| CommunityFollower::unfollow(conn, &community_follower_form); + if blocking(pool, unfollow).await?.is_err() { + return Err(APIError::err("community_follower_already_exists").into()); } - // TODO: this needs to return a "pending" state, until Accept is received from the remote server } + // TODO: this needs to return a "pending" state, until Accept is received from the remote server let community_id = data.community_id; + let user_id = user.id; let community_view = blocking(pool, move |conn| { CommunityView::read(conn, community_id, Some(user_id)) }) @@ -716,14 +641,9 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &GetFollowedCommunities = &self.data; + let user = get_user_from_jwt(&data.auth, pool).await?; - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - + let user_id = user.id; let communities = match blocking(pool, move |conn| { CommunityFollowerView::for_user(conn, user_id) }) @@ -748,18 +668,12 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &BanFromCommunity = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let community_id = data.community_id; // Verify that only mods or admins can ban - is_mod_or_admin(pool, user_id, community_id).await?; + is_mod_or_admin(pool, user.id, community_id).await?; let community_user_ban_form = CommunityUserBanForm { community_id: data.community_id, @@ -786,7 +700,7 @@ impl Perform for Oper { }; let form = ModBanFromCommunityForm { - mod_user_id: user_id, + mod_user_id: user.id, other_user_id: data.user_id, community_id: data.community_id, reason: data.reason.to_owned(), @@ -826,13 +740,7 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &AddModToCommunity = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let community_moderator_form = CommunityModeratorForm { community_id: data.community_id, @@ -842,7 +750,7 @@ impl Perform for Oper { let community_id = data.community_id; // Verify that only mods or admins can add mod - is_mod_or_admin(pool, user_id, community_id).await?; + is_mod_or_admin(pool, user.id, community_id).await?; if data.added { let join = move |conn: &'_ _| CommunityModerator::join(conn, &community_moderator_form); @@ -858,7 +766,7 @@ impl Perform for Oper { // Mod tables let form = ModAddCommunityForm { - mod_user_id: user_id, + mod_user_id: user.id, other_user_id: data.user_id, community_id: data.community_id, removed: Some(!data.added), @@ -896,13 +804,7 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &TransferCommunity = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let community_id = data.community_id; let read_community = blocking(pool, move |conn| Community::read(conn, community_id)).await??; @@ -917,7 +819,7 @@ impl Perform for Oper { admins.insert(0, creator_user); // Make sure user is the creator, or an admin - if user_id != read_community.creator_id && !admins.iter().map(|a| a.id).any(|x| x == user_id) { + if user.id != read_community.creator_id && !admins.iter().map(|a| a.id).any(|x| x == user.id) { return Err(APIError::err("not_an_admin").into()); } @@ -962,7 +864,7 @@ impl Perform for Oper { // Mod tables let form = ModAddCommunityForm { - mod_user_id: user_id, + mod_user_id: user.id, other_user_id: data.user_id, community_id: data.community_id, removed: Some(false), @@ -970,6 +872,7 @@ impl Perform for Oper { blocking(pool, move |conn| ModAddCommunity::create(conn, &form)).await??; let community_id = data.community_id; + let user_id = user.id; let community_view = match blocking(pool, move |conn| { CommunityView::read(conn, community_id, Some(user_id)) }) diff --git a/server/src/api/mod.rs b/server/src/api/mod.rs index 11f958f08..f97a50c25 100644 --- a/server/src/api/mod.rs +++ b/server/src/api/mod.rs @@ -1,4 +1,4 @@ -use crate::{blocking, websocket::WebsocketInfo, DbPool, LemmyError}; +use crate::{api::claims::Claims, blocking, websocket::WebsocketInfo, DbPool, LemmyError}; use actix_web::client::Client; use lemmy_db::{ community::*, @@ -75,3 +75,30 @@ pub async fn is_admin(pool: &DbPool, user_id: i32) -> Result<(), LemmyError> { } Ok(()) } + +pub(in crate::api) async fn get_user_from_jwt( + jwt: &str, + pool: &DbPool, +) -> Result { + let claims = match Claims::decode(&jwt) { + Ok(claims) => claims.claims, + Err(_e) => return Err(APIError::err("not_logged_in").into()), + }; + let user_id = claims.id; + let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; + // Check for a site ban + if user.banned { + return Err(APIError::err("site_ban").into()); + } + Ok(user) +} + +pub(in crate::api) async fn get_user_from_jwt_opt( + jwt: &Option, + pool: &DbPool, +) -> Result, LemmyError> { + match jwt { + Some(jwt) => Ok(Some(get_user_from_jwt(jwt, pool).await?)), + None => Ok(None), + } +} diff --git a/server/src/api/post.rs b/server/src/api/post.rs index e346a6c89..a9229fce9 100644 --- a/server/src/api/post.rs +++ b/server/src/api/post.rs @@ -1,5 +1,5 @@ use crate::{ - api::{claims::Claims, is_mod_or_admin, APIError, Oper, Perform}, + api::{get_user_from_jwt, get_user_from_jwt_opt, is_mod_or_admin, APIError, Oper, Perform}, apub::{ApubLikeableType, ApubObjectType}, blocking, fetch_iframely_and_pictrs_data, @@ -19,7 +19,6 @@ use lemmy_db::{ post::*, post_view::*, site_view::*, - user::*, Crud, Likeable, ListingType, @@ -146,11 +145,7 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &CreatePost = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; + let user = get_user_from_jwt(&data.auth, pool).await?; if let Err(slurs) = slur_check(&data.name) { return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); @@ -166,22 +161,15 @@ impl Perform for Oper { return Err(APIError::err("invalid_post_title").into()); } - let user_id = claims.id; - // Check for a community ban let community_id = data.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { return Err(APIError::err("community_ban").into()); } - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - if let Some(url) = data.url.as_ref() { match Url::parse(url) { Ok(_t) => (), @@ -198,7 +186,7 @@ impl Perform for Oper { url: data.url.to_owned(), body: data.body.to_owned(), community_id: data.community_id, - creator_id: user_id, + creator_id: user.id, removed: None, deleted: None, nsfw: data.nsfw, @@ -244,7 +232,7 @@ impl Perform for Oper { // They like their own post by default let like_form = PostLikeForm { post_id: inserted_post.id, - user_id, + user_id: user.id, score: 1, }; @@ -258,7 +246,7 @@ impl Perform for Oper { // Refetch the view let inserted_post_id = inserted_post.id; let post_view = match blocking(pool, move |conn| { - PostView::read(conn, inserted_post_id, Some(user_id)) + PostView::read(conn, inserted_post_id, Some(user.id)) }) .await? { @@ -290,17 +278,8 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &GetPost = &self.data; - - let user_id: Option = match &data.auth { - Some(auth) => match Claims::decode(&auth) { - Ok(claims) => { - let user_id = claims.claims.id; - Some(user_id) - } - Err(_e) => None, - }, - None => None, - }; + let user = get_user_from_jwt_opt(&data.auth, pool).await?; + let user_id = user.map(|u| u.id); let id = data.id; let post_view = match blocking(pool, move |conn| PostView::read(conn, id, user_id)).await? { @@ -369,19 +348,7 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &GetPosts = &self.data; - - // For logged in users, you need to get back subscribed, and settings - let user: Option = match &data.auth { - Some(auth) => match Claims::decode(&auth) { - Ok(claims) => { - let user_id = claims.claims.id; - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - Some(user) - } - Err(_e) => None, - }, - None => None, - }; + let user = get_user_from_jwt_opt(&data.auth, pool).await?; let user_id = match &user { Some(user) => Some(user.id), @@ -446,13 +413,7 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &CreatePostLike = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; // Don't do a downvote if site has downvotes disabled if data.score == -1 { @@ -467,18 +428,13 @@ impl Perform for Oper { let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; let community_id = post.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { return Err(APIError::err("community_ban").into()); } - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - let like_form = PostLikeForm { post_id: data.post_id, user_id, @@ -541,6 +497,7 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &EditPost = &self.data; + let user = get_user_from_jwt(&data.auth, pool).await?; if let Err(slurs) = slur_check(&data.name) { return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); @@ -556,32 +513,20 @@ impl Perform for Oper { return Err(APIError::err("invalid_post_title").into()); } - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - let edit_id = data.edit_id; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; // Check for a community ban let community_id = orig_post.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { return Err(APIError::err("community_ban").into()); } - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - // Verify that only the creator can edit - if !Post::is_post_creator(user_id, orig_post.creator_id) { + if !Post::is_post_creator(user.id, orig_post.creator_id) { return Err(APIError::err("no_post_edit_allowed").into()); } @@ -658,25 +603,14 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &DeletePost = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let edit_id = data.edit_id; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - // Check for a community ban let community_id = orig_post.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { @@ -736,25 +670,14 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &RemovePost = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let edit_id = data.edit_id; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - // Check for a community ban let community_id = orig_post.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { @@ -762,7 +685,7 @@ impl Perform for Oper { } // Verify that only the mods can remove - is_mod_or_admin(pool, user_id, community_id).await?; + is_mod_or_admin(pool, user.id, community_id).await?; // Update the post let edit_id = data.edit_id; @@ -774,7 +697,7 @@ impl Perform for Oper { // Mod tables let form = ModRemovePostForm { - mod_user_id: user_id, + mod_user_id: user.id, post_id: data.edit_id, removed: Some(removed), reason: data.reason.to_owned(), @@ -821,25 +744,14 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &LockPost = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let edit_id = data.edit_id; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - // Check for a community ban let community_id = orig_post.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { @@ -897,25 +809,14 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &StickyPost = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let edit_id = data.edit_id; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - // Check for a community ban let community_id = orig_post.community_id; + let user_id = user.id; let is_banned = move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); if blocking(pool, is_banned).await? { @@ -976,17 +877,11 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &SavePost = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let post_saved_form = PostSavedForm { post_id: data.post_id, - user_id, + user_id: user.id, }; if data.save { @@ -1002,6 +897,7 @@ impl Perform for Oper { } let post_id = data.post_id; + let user_id = user.id; let post_view = blocking(pool, move |conn| { PostView::read(conn, post_id, Some(user_id)) }) diff --git a/server/src/api/site.rs b/server/src/api/site.rs index adade080e..7dfdb9ddf 100644 --- a/server/src/api/site.rs +++ b/server/src/api/site.rs @@ -1,6 +1,6 @@ use super::user::Register; use crate::{ - api::{claims::Claims, is_admin, APIError, Oper, Perform}, + api::{get_user_from_jwt, get_user_from_jwt_opt, is_admin, APIError, Oper, Perform}, apub::fetcher::search_by_apub_id, blocking, version, @@ -243,10 +243,7 @@ impl Perform for Oper { ) -> Result { let data: &CreateSite = &self.data; - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; + let user = get_user_from_jwt(&data.auth, pool).await?; if let Err(slurs) = slur_check(&data.name) { return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); @@ -258,15 +255,13 @@ impl Perform for Oper { } } - let user_id = claims.id; - // Make sure user is an admin - is_admin(pool, user_id).await?; + is_admin(pool, user.id).await?; let site_form = SiteForm { name: data.name.to_owned(), description: data.description.to_owned(), - creator_id: user_id, + creator_id: user.id, enable_downvotes: data.enable_downvotes, open_registration: data.open_registration, enable_nsfw: data.enable_nsfw, @@ -293,11 +288,7 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &EditSite = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; + let user = get_user_from_jwt(&data.auth, pool).await?; if let Err(slurs) = slur_check(&data.name) { return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); @@ -309,10 +300,8 @@ impl Perform for Oper { } } - let user_id = claims.id; - // Make sure user is an admin - is_admin(pool, user_id).await?; + is_admin(pool, user.id).await?; let found_site = blocking(pool, move |conn| Site::read(conn, 1)).await??; @@ -421,21 +410,12 @@ impl Perform for Oper { 0 }; - // Giving back your user, if you're logged in - let my_user: Option = match &data.auth { - Some(auth) => match Claims::decode(&auth) { - Ok(claims) => { - let user_id = claims.claims.id; - let mut user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - user.password_encrypted = "".to_string(); - user.private_key = None; - user.public_key = None; - Some(user) - } - Err(_e) => None, - }, - None => None, - }; + let my_user = get_user_from_jwt_opt(&data.auth, pool).await?.map(|mut u| { + u.password_encrypted = "".to_string(); + u.private_key = None; + u.public_key = None; + u + }); Ok(GetSiteResponse { site: site_view, @@ -466,16 +446,8 @@ impl Perform for Oper { Err(e) => debug!("Failed to resolve search query as activitypub ID: {}", e), } - let user_id: Option = match &data.auth { - Some(auth) => match Claims::decode(&auth) { - Ok(claims) => { - let user_id = claims.claims.id; - Some(user_id) - } - Err(_e) => None, - }, - None => None, - }; + let user = get_user_from_jwt_opt(&data.auth, pool).await?; + let user_id = user.map(|u| u.id); let type_ = SearchType::from_str(&data.type_)?; @@ -630,14 +602,8 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &TransferSite = &self.data; + let mut user = get_user_from_jwt(&data.auth, pool).await?; - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - let mut user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; // TODO add a User_::read_safe() for this. user.password_encrypted = "".to_string(); user.private_key = None; @@ -646,7 +612,7 @@ impl Perform for Oper { let read_site = blocking(pool, move |conn| Site::read(conn, 1)).await??; // Make sure user is the creator - if read_site.creator_id != user_id { + if read_site.creator_id != user.id { return Err(APIError::err("not_an_admin").into()); } @@ -667,7 +633,7 @@ impl Perform for Oper { // Mod tables let form = ModAddForm { - mod_user_id: user_id, + mod_user_id: user.id, other_user_id: data.user_id, removed: Some(false), }; @@ -707,16 +673,10 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &GetSiteConfig = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; // Only let admins read this - is_admin(pool, user_id).await?; + is_admin(pool, user.id).await?; let config_hjson = Settings::read_config_file()?; @@ -734,19 +694,13 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &SaveSiteConfig = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; // Only let admins read this let admins = blocking(pool, move |conn| UserView::admins(conn)).await??; let admin_ids: Vec = admins.into_iter().map(|m| m.id).collect(); - if !admin_ids.contains(&user_id) { + if !admin_ids.contains(&user.id) { return Err(APIError::err("not_an_admin").into()); } diff --git a/server/src/api/user.rs b/server/src/api/user.rs index f9a92cd39..e6cc6a37b 100644 --- a/server/src/api/user.rs +++ b/server/src/api/user.rs @@ -1,5 +1,13 @@ use crate::{ - api::{claims::Claims, is_admin, APIError, Oper, Perform}, + api::{ + claims::Claims, + get_user_from_jwt, + get_user_from_jwt_opt, + is_admin, + APIError, + Oper, + Perform, + }, apub::ApubObjectType, blocking, captcha_espeak_wav_base64, @@ -543,14 +551,9 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &SaveUserSettings = &self.data; + let user = get_user_from_jwt(&data.auth, pool).await?; - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - + let user_id = user.id; let read_user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; let email = match &data.email { @@ -665,24 +668,7 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &GetUserDetails = &self.data; - - // For logged in users, you need to get back subscribed, and settings - let user: Option = match &data.auth { - Some(auth) => match Claims::decode(&auth) { - Ok(claims) => { - let user_id = claims.claims.id; - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - Some(user) - } - Err(_e) => None, - }, - None => None, - }; - - let user_id = match &user { - Some(user) => Some(user.id), - None => None, - }; + let user = get_user_from_jwt_opt(&data.auth, pool).await?; let show_nsfw = match &user { Some(user) => user.show_nsfw, @@ -712,6 +698,7 @@ impl Perform for Oper { let limit = data.limit; let saved_only = data.saved_only; let community_id = data.community_id; + let user_id = user.map(|u| u.id); let (posts, comments) = blocking(pool, move |conn| { let mut posts_query = PostQueryBuilder::create(conn) .sort(&sort) @@ -780,16 +767,10 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &AddAdmin = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; // Make sure user is an admin - is_admin(pool, user_id).await?; + is_admin(pool, user.id).await?; let added = data.added; let added_user_id = data.user_id; @@ -800,7 +781,7 @@ impl Perform for Oper { // Mod tables let form = ModAddForm { - mod_user_id: user_id, + mod_user_id: user.id, other_user_id: data.user_id, removed: Some(!data.added), }; @@ -839,16 +820,10 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &BanUser = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; // Make sure user is an admin - is_admin(pool, user_id).await?; + is_admin(pool, user.id).await?; let ban = data.ban; let banned_user_id = data.user_id; @@ -864,7 +839,7 @@ impl Perform for Oper { }; let form = ModBanForm { - mod_user_id: user_id, + mod_user_id: user.id, other_user_id: data.user_id, reason: data.reason.to_owned(), banned: Some(data.ban), @@ -903,19 +878,14 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &GetReplies = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let sort = SortType::from_str(&data.sort)?; let page = data.page; let limit = data.limit; let unread_only = data.unread_only; + let user_id = user.id; let replies = blocking(pool, move |conn| { ReplyQueryBuilder::create(conn, user_id) .sort(&sort) @@ -940,19 +910,14 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &GetUserMentions = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let sort = SortType::from_str(&data.sort)?; let page = data.page; let limit = data.limit; let unread_only = data.unread_only; + let user_id = user.id; let mentions = blocking(pool, move |conn| { UserMentionQueryBuilder::create(conn, user_id) .sort(&sort) @@ -977,19 +942,13 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &MarkUserMentionAsRead = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let user_mention_id = data.user_mention_id; let read_user_mention = blocking(pool, move |conn| UserMention::read(conn, user_mention_id)).await??; - if user_id != read_user_mention.recipient_id { + if user.id != read_user_mention.recipient_id { return Err(APIError::err("couldnt_update_comment").into()); } @@ -1001,6 +960,7 @@ impl Perform for Oper { }; let user_mention_id = read_user_mention.id; + let user_id = user.id; let user_mention_view = blocking(pool, move |conn| { UserMentionView::read(conn, user_mention_id, user_id) }) @@ -1022,14 +982,9 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &MarkAllAsRead = &self.data; + let user = get_user_from_jwt(&data.auth, pool).await?; - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - + let user_id = user.id; let replies = blocking(pool, move |conn| { ReplyQueryBuilder::create(conn, user_id) .unread_only(true) @@ -1076,15 +1031,7 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &DeleteAccount = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; + let user = get_user_from_jwt(&data.auth, pool).await?; // Verify the password let valid: bool = verify(&data.password, &user.password_encrypted).unwrap_or(false); @@ -1093,6 +1040,7 @@ impl Perform for Oper { } // Comments + let user_id = user.id; let comments = blocking(pool, move |conn| { CommentQueryBuilder::create(conn) .for_creator_id(user_id) @@ -1230,27 +1178,15 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &CreatePrivateMessage = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; let hostname = &format!("https://{}", Settings::get().hostname); - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } - let content_slurs_removed = remove_slurs(&data.content.to_owned()); let private_message_form = PrivateMessageForm { content: content_slurs_removed.to_owned(), - creator_id: user_id, + creator_id: user.id, recipient_id: data.recipient_id, deleted: None, read: None, @@ -1341,25 +1277,13 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &EditPrivateMessage = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } + let user = get_user_from_jwt(&data.auth, pool).await?; // Checking permissions let edit_id = data.edit_id; let orig_private_message = blocking(pool, move |conn| PrivateMessage::read(conn, edit_id)).await??; - if user_id != orig_private_message.creator_id { + if user.id != orig_private_message.creator_id { return Err(APIError::err("no_private_message_edit_allowed").into()); } @@ -1409,25 +1333,13 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &DeletePrivateMessage = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } + let user = get_user_from_jwt(&data.auth, pool).await?; // Checking permissions let edit_id = data.edit_id; let orig_private_message = blocking(pool, move |conn| PrivateMessage::read(conn, edit_id)).await??; - if user_id != orig_private_message.creator_id { + if user.id != orig_private_message.creator_id { return Err(APIError::err("no_private_message_edit_allowed").into()); } @@ -1483,25 +1395,13 @@ impl Perform for Oper { websocket_info: Option, ) -> Result { let data: &MarkPrivateMessageAsRead = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; - - // Check for a site ban - let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; - if user.banned { - return Err(APIError::err("site_ban").into()); - } + let user = get_user_from_jwt(&data.auth, pool).await?; // Checking permissions let edit_id = data.edit_id; let orig_private_message = blocking(pool, move |conn| PrivateMessage::read(conn, edit_id)).await??; - if user_id != orig_private_message.recipient_id { + if user.id != orig_private_message.recipient_id { return Err(APIError::err("couldnt_update_private_message").into()); } @@ -1548,13 +1448,8 @@ impl Perform for Oper { _websocket_info: Option, ) -> Result { let data: &GetPrivateMessages = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; + let user_id = user.id; let page = data.page; let limit = data.limit; @@ -1578,24 +1473,21 @@ impl Perform for Oper { async fn perform( &self, - _pool: &DbPool, + pool: &DbPool, websocket_info: Option, ) -> Result { let data: &UserJoin = &self.data; - - let claims = match Claims::decode(&data.auth) { - Ok(claims) => claims.claims, - Err(_e) => return Err(APIError::err("not_logged_in").into()), - }; - - let user_id = claims.id; + let user = get_user_from_jwt(&data.auth, pool).await?; if let Some(ws) = websocket_info { if let Some(id) = ws.id { - ws.chatserver.do_send(JoinUserRoom { user_id, id }); + ws.chatserver.do_send(JoinUserRoom { + user_id: user.id, + id, + }); } } - Ok(UserJoinResponse { user_id }) + Ok(UserJoinResponse { user_id: user.id }) } }