grishka/lemmy
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Move Claims::decode and site ban check into helper function

Browse source 
Note: this changes behaviour in that site ban is checked in more
places now. we could easily add a boolean parameter
check_for_site_ban to get the previous behaviour back
This commit is contained in:
Felix Ableitner 2020-08-03 14:51:02 +02:00
parent d0fc8f38e4
commit c75ee7bbfd
6 changed files with 191 additions and 601 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

124
server/src/api/comment.rs
View file

@ -1,5 +1,5 @@
use crate::{ use crate::{
api::{claims::Claims, is_mod_or_admin, APIError, Oper, Perform}, api::{get_user_from_jwt, get_user_from_jwt_opt, is_mod_or_admin, APIError, Oper, Perform},
apub::{ApubLikeableType, ApubObjectType}, apub::{ApubLikeableType, ApubObjectType},
blocking, blocking,
websocket::{ websocket::{
@ -123,13 +123,7 @@ impl Perform for Oper<CreateComment> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<CommentResponse, LemmyError> { ) -> Result<CommentResponse, LemmyError> {
let data: &CreateComment = &self.data; let data: &CreateComment = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let content_slurs_removed = remove_slurs(&data.content.to_owned()); let content_slurs_removed = remove_slurs(&data.content.to_owned());
@ -137,7 +131,7 @@ impl Perform for Oper<CreateComment> {
content: content_slurs_removed, content: content_slurs_removed,
parent_id: data.parent_id.to_owned(), parent_id: data.parent_id.to_owned(),
post_id: data.post_id, post_id: data.post_id,
creator_id: user_id, creator_id: user.id,
removed: None, removed: None,
deleted: None, deleted: None,
read: None, read: None,
@ -152,18 +146,13 @@ impl Perform for Oper<CreateComment> {
let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??;
let community_id = post.community_id; let community_id = post.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into()); return Err(APIError::err("community_ban").into());
} }
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(&conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Check if post is locked, no new comments // Check if post is locked, no new comments
if post.locked { if post.locked {
return Err(APIError::err("locked").into()); return Err(APIError::err("locked").into());
@ -251,26 +240,15 @@ impl Perform for Oper<EditComment> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<CommentResponse, LemmyError> { ) -> Result<CommentResponse, LemmyError> {
let data: &EditComment = &self.data; let data: &EditComment = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_comment = let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Check for a community ban // Check for a community ban
let community_id = orig_comment.community_id; let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
@ -278,7 +256,7 @@ impl Perform for Oper<EditComment> {
} }
// Verify that only the creator can edit // Verify that only the creator can edit
if user_id != orig_comment.creator_id { if user.id != orig_comment.creator_id {
return Err(APIError::err("no_comment_edit_allowed").into()); return Err(APIError::err("no_comment_edit_allowed").into());
} }
@ -346,26 +324,15 @@ impl Perform for Oper<DeleteComment> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<CommentResponse, LemmyError> { ) -> Result<CommentResponse, LemmyError> {
let data: &DeleteComment = &self.data; let data: &DeleteComment = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_comment = let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Check for a community ban // Check for a community ban
let community_id = orig_comment.community_id; let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
@ -445,26 +412,15 @@ impl Perform for Oper<RemoveComment> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<CommentResponse, LemmyError> { ) -> Result<CommentResponse, LemmyError> {
let data: &RemoveComment = &self.data; let data: &RemoveComment = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_comment = let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Check for a community ban // Check for a community ban
let community_id = orig_comment.community_id; let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
@ -551,26 +507,15 @@ impl Perform for Oper<MarkCommentAsRead> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<CommentResponse, LemmyError> { ) -> Result<CommentResponse, LemmyError> {
let data: &MarkCommentAsRead = &self.data; let data: &MarkCommentAsRead = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_comment = let orig_comment =
blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??; blocking(pool, move |conn| CommentView::read(&conn, edit_id, None)).await??;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Check for a community ban // Check for a community ban
let community_id = orig_comment.community_id; let community_id = orig_comment.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
@ -591,7 +536,7 @@ impl Perform for Oper<MarkCommentAsRead> {
None => { None => {
let parent_post_id = orig_comment.post_id; let parent_post_id = orig_comment.post_id;
let parent_post = blocking(pool, move |conn| Post::read(conn, parent_post_id)).await??; let parent_post = blocking(pool, move |conn| Post::read(conn, parent_post_id)).await??;
if user_id != parent_post.creator_id { if user.id != parent_post.creator_id {
return Err(APIError::err("no_comment_edit_allowed").into()); return Err(APIError::err("no_comment_edit_allowed").into());
} }
} }
@ -631,17 +576,11 @@ impl Perform for Oper<SaveComment> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<CommentResponse, LemmyError> { ) -> Result<CommentResponse, LemmyError> {
let data: &SaveComment = &self.data; let data: &SaveComment = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let comment_saved_form = CommentSavedForm { let comment_saved_form = CommentSavedForm {
comment_id: data.comment_id, comment_id: data.comment_id,
user_id, user_id: user.id,
}; };
if data.save { if data.save {
@ -657,6 +596,7 @@ impl Perform for Oper<SaveComment> {
} }
let comment_id = data.comment_id; let comment_id = data.comment_id;
let user_id = user.id;
let comment_view = blocking(pool, move |conn| { let comment_view = blocking(pool, move |conn| {
CommentView::read(conn, comment_id, Some(user_id)) CommentView::read(conn, comment_id, Some(user_id))
}) })
@ -680,13 +620,7 @@ impl Perform for Oper<CreateCommentLike> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<CommentResponse, LemmyError> { ) -> Result<CommentResponse, LemmyError> {
let data: &CreateCommentLike = &self.data; let data: &CreateCommentLike = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let mut recipient_ids = Vec::new(); let mut recipient_ids = Vec::new();
@ -706,18 +640,13 @@ impl Perform for Oper<CreateCommentLike> {
let post_id = orig_comment.post_id; let post_id = orig_comment.post_id;
let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??;
let community_id = post.community_id; let community_id = post.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into()); return Err(APIError::err("community_ban").into());
} }
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
let comment_id = data.comment_id; let comment_id = data.comment_id;
let comment = blocking(pool, move |conn| Comment::read(conn, comment_id)).await??; let comment = blocking(pool, move |conn| Comment::read(conn, comment_id)).await??;
@ -806,19 +735,8 @@ impl Perform for Oper<GetComments> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<GetCommentsResponse, LemmyError> { ) -> Result<GetCommentsResponse, LemmyError> {
let data: &GetComments = &self.data; let data: &GetComments = &self.data;
let user = get_user_from_jwt_opt(&data.auth, pool).await?;
let user_claims: Option<Claims> = match &data.auth { let user_id = user.map(|u| u.id);
Some(auth) => match Claims::decode(&auth) {
Ok(claims) => Some(claims.claims),
Err(_e) => None,
},
None => None,
};
let user_id = match &user_claims {
Some(claims) => Some(claims.id),
None => None,
};
let type_ = ListingType::from_str(&data.type_)?; let type_ = ListingType::from_str(&data.type_)?;
let sort = SortType::from_str(&data.sort)?; let sort = SortType::from_str(&data.sort)?;

191
server/src/api/community.rs
View file

@ -1,6 +1,6 @@
use super::*; use super::*;
use crate::{ use crate::{
api::{claims::Claims, is_admin, is_mod_or_admin, APIError, Oper, Perform}, api::{is_admin, is_mod_or_admin, APIError, Oper, Perform},
apub::ActorType, apub::ActorType,
blocking, blocking,
websocket::{ websocket::{
@ -154,17 +154,8 @@ impl Perform for Oper<GetCommunity> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<GetCommunityResponse, LemmyError> { ) -> Result<GetCommunityResponse, LemmyError> {
let data: &GetCommunity = &self.data; let data: &GetCommunity = &self.data;
let user = get_user_from_jwt_opt(&data.auth, pool).await?;
let user_id: Option<i32> = match &data.auth { let user_id = user.map(|u| u.id);
Some(auth) => match Claims::decode(&auth) {
Ok(claims) => {
let user_id = claims.claims.id;
Some(user_id)
}
Err(_e) => None,
},
None => None,
};
let name = data.name.to_owned().unwrap_or_else(|| "main".to_string()); let name = data.name.to_owned().unwrap_or_else(|| "main".to_string());
let community = match data.id { let community = match data.id {
@ -234,11 +225,7 @@ impl Perform for Oper<CreateCommunity> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<CommunityResponse, LemmyError> { ) -> Result<CommunityResponse, LemmyError> {
let data: &CreateCommunity = &self.data; let data: &CreateCommunity = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
if let Err(slurs) = slur_check(&data.name) { if let Err(slurs) = slur_check(&data.name) {
return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); return Err(APIError::err(&slurs_vec_to_str(slurs)).into());
@ -258,14 +245,6 @@ impl Perform for Oper<CreateCommunity> {
return Err(APIError::err("invalid_community_name").into()); return Err(APIError::err("invalid_community_name").into());
} }
let user_id = claims.id;
// Check for a site ban
let user_view = blocking(pool, move |conn| UserView::read(conn, user_id)).await??;
if user_view.banned {
return Err(APIError::err("site_ban").into());
}
// Double check for duplicate community actor_ids // Double check for duplicate community actor_ids
let actor_id = make_apub_endpoint(EndpointType::Community, &data.name).to_string(); let actor_id = make_apub_endpoint(EndpointType::Community, &data.name).to_string();
let actor_id_cloned = actor_id.to_owned(); let actor_id_cloned = actor_id.to_owned();
@ -285,7 +264,7 @@ impl Perform for Oper<CreateCommunity> {
title: data.title.to_owned(), title: data.title.to_owned(),
description: data.description.to_owned(), description: data.description.to_owned(),
category_id: data.category_id, category_id: data.category_id,
creator_id: user_id, creator_id: user.id,
removed: None, removed: None,
deleted: None, deleted: None,
nsfw: data.nsfw, nsfw: data.nsfw,
@ -306,7 +285,7 @@ impl Perform for Oper<CreateCommunity> {
let community_moderator_form = CommunityModeratorForm { let community_moderator_form = CommunityModeratorForm {
community_id: inserted_community.id, community_id: inserted_community.id,
user_id, user_id: user.id,
}; };
let join = move |conn: &'_ _| CommunityModerator::join(conn, &community_moderator_form); let join = move |conn: &'_ _| CommunityModerator::join(conn, &community_moderator_form);
@ -316,7 +295,7 @@ impl Perform for Oper<CreateCommunity> {
let community_follower_form = CommunityFollowerForm { let community_follower_form = CommunityFollowerForm {
community_id: inserted_community.id, community_id: inserted_community.id,
user_id, user_id: user.id,
}; };
let follow = move |conn: &'_ _| CommunityFollower::follow(conn, &community_follower_form); let follow = move |conn: &'_ _| CommunityFollower::follow(conn, &community_follower_form);
@ -324,6 +303,7 @@ impl Perform for Oper<CreateCommunity> {
return Err(APIError::err("community_follower_already_exists").into()); return Err(APIError::err("community_follower_already_exists").into());
} }
let user_id = user.id;
let community_view = blocking(pool, move |conn| { let community_view = blocking(pool, move |conn| {
CommunityView::read(conn, inserted_community.id, Some(user_id)) CommunityView::read(conn, inserted_community.id, Some(user_id))
}) })
@ -345,6 +325,7 @@ impl Perform for Oper<EditCommunity> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<CommunityResponse, LemmyError> { ) -> Result<CommunityResponse, LemmyError> {
let data: &EditCommunity = &self.data; let data: &EditCommunity = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
if let Err(slurs) = slur_check(&data.title) { if let Err(slurs) = slur_check(&data.title) {
return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); return Err(APIError::err(&slurs_vec_to_str(slurs)).into());
@ -356,19 +337,6 @@ impl Perform for Oper<EditCommunity> {
} }
} }
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Verify its a mod (only mods can edit it) // Verify its a mod (only mods can edit it)
let edit_id = data.edit_id; let edit_id = data.edit_id;
let mods: Vec<i32> = blocking(pool, move |conn| { let mods: Vec<i32> = blocking(pool, move |conn| {
@ -376,7 +344,7 @@ impl Perform for Oper<EditCommunity> {
.map(|v| v.into_iter().map(|m| m.user_id).collect()) .map(|v| v.into_iter().map(|m| m.user_id).collect())
}) })
.await??; .await??;
if !mods.contains(&user_id) { if !mods.contains(&user.id) {
return Err(APIError::err("not_a_moderator").into()); return Err(APIError::err("not_a_moderator").into());
} }
@ -415,6 +383,7 @@ impl Perform for Oper<EditCommunity> {
// process for communities and users // process for communities and users
let edit_id = data.edit_id; let edit_id = data.edit_id;
let user_id = user.id;
let community_view = blocking(pool, move |conn| { let community_view = blocking(pool, move |conn| {
CommunityView::read(conn, edit_id, Some(user_id)) CommunityView::read(conn, edit_id, Some(user_id))
}) })
@ -440,24 +409,12 @@ impl Perform for Oper<DeleteCommunity> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<CommunityResponse, LemmyError> { ) -> Result<CommunityResponse, LemmyError> {
let data: &DeleteCommunity = &self.data; let data: &DeleteCommunity = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Verify its the creator (only a creator can delete the community) // Verify its the creator (only a creator can delete the community)
let edit_id = data.edit_id; let edit_id = data.edit_id;
let read_community = blocking(pool, move |conn| Community::read(conn, edit_id)).await??; let read_community = blocking(pool, move |conn| Community::read(conn, edit_id)).await??;
if read_community.creator_id != user_id { if read_community.creator_id != user.id {
return Err(APIError::err("no_community_edit_allowed").into()); return Err(APIError::err("no_community_edit_allowed").into());
} }
@ -485,6 +442,7 @@ impl Perform for Oper<DeleteCommunity> {
} }
let edit_id = data.edit_id; let edit_id = data.edit_id;
let user_id = user.id;
let community_view = blocking(pool, move |conn| { let community_view = blocking(pool, move |conn| {
CommunityView::read(conn, edit_id, Some(user_id)) CommunityView::read(conn, edit_id, Some(user_id))
}) })
@ -510,22 +468,10 @@ impl Perform for Oper<RemoveCommunity> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<CommunityResponse, LemmyError> { ) -> Result<CommunityResponse, LemmyError> {
let data: &RemoveCommunity = &self.data; let data: &RemoveCommunity = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Verify its an admin (only an admin can remove a community) // Verify its an admin (only an admin can remove a community)
is_admin(pool, user_id).await?; is_admin(pool, user.id).await?;
// Do the remove // Do the remove
let edit_id = data.edit_id; let edit_id = data.edit_id;
@ -545,7 +491,7 @@ impl Perform for Oper<RemoveCommunity> {
None => None, None => None,
}; };
let form = ModRemoveCommunityForm { let form = ModRemoveCommunityForm {
mod_user_id: user_id, mod_user_id: user.id,
community_id: data.edit_id, community_id: data.edit_id,
removed: Some(removed), removed: Some(removed),
reason: data.reason.to_owned(), reason: data.reason.to_owned(),
@ -565,6 +511,7 @@ impl Perform for Oper<RemoveCommunity> {
} }
let edit_id = data.edit_id; let edit_id = data.edit_id;
let user_id = user.id;
let community_view = blocking(pool, move |conn| { let community_view = blocking(pool, move |conn| {
CommunityView::read(conn, edit_id, Some(user_id)) CommunityView::read(conn, edit_id, Some(user_id))
}) })
@ -590,19 +537,7 @@ impl Perform for Oper<ListCommunities> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<ListCommunitiesResponse, LemmyError> { ) -> Result<ListCommunitiesResponse, LemmyError> {
let data: &ListCommunities = &self.data; let data: &ListCommunities = &self.data;
let user = get_user_from_jwt_opt(&data.auth, pool).await?;
// For logged in users, you need to get back subscribed, and settings
let user: Option<User_> = match &data.auth {
Some(auth) => match Claims::decode(&auth) {
Ok(claims) => {
let user_id = claims.claims.id;
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
Some(user)
}
Err(_e) => None,
},
None => None,
};
let user_id = match &user { let user_id = match &user {
Some(user) => Some(user.id), Some(user) => Some(user.id),
@ -644,19 +579,13 @@ impl Perform for Oper<FollowCommunity> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<CommunityResponse, LemmyError> { ) -> Result<CommunityResponse, LemmyError> {
let data: &FollowCommunity = &self.data; let data: &FollowCommunity = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let community_id = data.community_id; let community_id = data.community_id;
let community = blocking(pool, move |conn| Community::read(conn, community_id)).await??; let community = blocking(pool, move |conn| Community::read(conn, community_id)).await??;
let community_follower_form = CommunityFollowerForm { let community_follower_form = CommunityFollowerForm {
community_id: data.community_id, community_id: data.community_id,
user_id, user_id: user.id,
}; };
if community.local { if community.local {
@ -672,29 +601,25 @@ impl Perform for Oper<FollowCommunity> {
return Err(APIError::err("community_follower_already_exists").into()); return Err(APIError::err("community_follower_already_exists").into());
} }
} }
} else if data.follow {
// Dont actually add to the community followers here, because you need
// to wait for the accept
user
.send_follow(&community.actor_id, &self.client, pool)
.await?;
} else { } else {
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; user
.send_unfollow(&community.actor_id, &self.client, pool)
if data.follow { .await?;
// Dont actually add to the community followers here, because you need let unfollow = move |conn: &'_ _| CommunityFollower::unfollow(conn, &community_follower_form);
// to wait for the accept if blocking(pool, unfollow).await?.is_err() {
user return Err(APIError::err("community_follower_already_exists").into());
.send_follow(&community.actor_id, &self.client, pool)
.await?;
} else {
user
.send_unfollow(&community.actor_id, &self.client, pool)
.await?;
let unfollow =
move |conn: &'_ _| CommunityFollower::unfollow(conn, &community_follower_form);
if blocking(pool, unfollow).await?.is_err() {
return Err(APIError::err("community_follower_already_exists").into());
}
} }
// TODO: this needs to return a "pending" state, until Accept is received from the remote server
} }
// TODO: this needs to return a "pending" state, until Accept is received from the remote server
let community_id = data.community_id; let community_id = data.community_id;
let user_id = user.id;
let community_view = blocking(pool, move |conn| { let community_view = blocking(pool, move |conn| {
CommunityView::read(conn, community_id, Some(user_id)) CommunityView::read(conn, community_id, Some(user_id))
}) })
@ -716,14 +641,9 @@ impl Perform for Oper<GetFollowedCommunities> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<GetFollowedCommunitiesResponse, LemmyError> { ) -> Result<GetFollowedCommunitiesResponse, LemmyError> {
let data: &GetFollowedCommunities = &self.data; let data: &GetFollowedCommunities = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) { let user_id = user.id;
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let communities = match blocking(pool, move |conn| { let communities = match blocking(pool, move |conn| {
CommunityFollowerView::for_user(conn, user_id) CommunityFollowerView::for_user(conn, user_id)
}) })
@ -748,18 +668,12 @@ impl Perform for Oper<BanFromCommunity> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<BanFromCommunityResponse, LemmyError> { ) -> Result<BanFromCommunityResponse, LemmyError> {
let data: &BanFromCommunity = &self.data; let data: &BanFromCommunity = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let community_id = data.community_id; let community_id = data.community_id;
// Verify that only mods or admins can ban // Verify that only mods or admins can ban
is_mod_or_admin(pool, user_id, community_id).await?; is_mod_or_admin(pool, user.id, community_id).await?;
let community_user_ban_form = CommunityUserBanForm { let community_user_ban_form = CommunityUserBanForm {
community_id: data.community_id, community_id: data.community_id,
@ -786,7 +700,7 @@ impl Perform for Oper<BanFromCommunity> {
}; };
let form = ModBanFromCommunityForm { let form = ModBanFromCommunityForm {
mod_user_id: user_id, mod_user_id: user.id,
other_user_id: data.user_id, other_user_id: data.user_id,
community_id: data.community_id, community_id: data.community_id,
reason: data.reason.to_owned(), reason: data.reason.to_owned(),
@ -826,13 +740,7 @@ impl Perform for Oper<AddModToCommunity> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<AddModToCommunityResponse, LemmyError> { ) -> Result<AddModToCommunityResponse, LemmyError> {
let data: &AddModToCommunity = &self.data; let data: &AddModToCommunity = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let community_moderator_form = CommunityModeratorForm { let community_moderator_form = CommunityModeratorForm {
community_id: data.community_id, community_id: data.community_id,
@ -842,7 +750,7 @@ impl Perform for Oper<AddModToCommunity> {
let community_id = data.community_id; let community_id = data.community_id;
// Verify that only mods or admins can add mod // Verify that only mods or admins can add mod
is_mod_or_admin(pool, user_id, community_id).await?; is_mod_or_admin(pool, user.id, community_id).await?;
if data.added { if data.added {
let join = move |conn: &'_ _| CommunityModerator::join(conn, &community_moderator_form); let join = move |conn: &'_ _| CommunityModerator::join(conn, &community_moderator_form);
@ -858,7 +766,7 @@ impl Perform for Oper<AddModToCommunity> {
// Mod tables // Mod tables
let form = ModAddCommunityForm { let form = ModAddCommunityForm {
mod_user_id: user_id, mod_user_id: user.id,
other_user_id: data.user_id, other_user_id: data.user_id,
community_id: data.community_id, community_id: data.community_id,
removed: Some(!data.added), removed: Some(!data.added),
@ -896,13 +804,7 @@ impl Perform for Oper<TransferCommunity> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<GetCommunityResponse, LemmyError> { ) -> Result<GetCommunityResponse, LemmyError> {
let data: &TransferCommunity = &self.data; let data: &TransferCommunity = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let community_id = data.community_id; let community_id = data.community_id;
let read_community = blocking(pool, move |conn| Community::read(conn, community_id)).await??; let read_community = blocking(pool, move |conn| Community::read(conn, community_id)).await??;
@ -917,7 +819,7 @@ impl Perform for Oper<TransferCommunity> {
admins.insert(0, creator_user); admins.insert(0, creator_user);
// Make sure user is the creator, or an admin // Make sure user is the creator, or an admin
if user_id != read_community.creator_id && !admins.iter().map(|a| a.id).any(|x| x == user_id) { if user.id != read_community.creator_id && !admins.iter().map(|a| a.id).any(|x| x == user.id) {
return Err(APIError::err("not_an_admin").into()); return Err(APIError::err("not_an_admin").into());
} }
@ -962,7 +864,7 @@ impl Perform for Oper<TransferCommunity> {
// Mod tables // Mod tables
let form = ModAddCommunityForm { let form = ModAddCommunityForm {
mod_user_id: user_id, mod_user_id: user.id,
other_user_id: data.user_id, other_user_id: data.user_id,
community_id: data.community_id, community_id: data.community_id,
removed: Some(false), removed: Some(false),
@ -970,6 +872,7 @@ impl Perform for Oper<TransferCommunity> {
blocking(pool, move |conn| ModAddCommunity::create(conn, &form)).await??; blocking(pool, move |conn| ModAddCommunity::create(conn, &form)).await??;
let community_id = data.community_id; let community_id = data.community_id;
let user_id = user.id;
let community_view = match blocking(pool, move |conn| { let community_view = match blocking(pool, move |conn| {
CommunityView::read(conn, community_id, Some(user_id)) CommunityView::read(conn, community_id, Some(user_id))
}) })

29
server/src/api/mod.rs
View file

@ -1,4 +1,4 @@
use crate::{blocking, websocket::WebsocketInfo, DbPool, LemmyError}; use crate::{api::claims::Claims, blocking, websocket::WebsocketInfo, DbPool, LemmyError};
use actix_web::client::Client; use actix_web::client::Client;
use lemmy_db::{ use lemmy_db::{
community::*, community::*,
@ -75,3 +75,30 @@ pub async fn is_admin(pool: &DbPool, user_id: i32) -> Result<(), LemmyError> {
} }
Ok(()) Ok(())
} }
pub(in crate::api) async fn get_user_from_jwt(
jwt: &str,
pool: &DbPool,
) -> Result<User_, LemmyError> {
let claims = match Claims::decode(&jwt) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
// Check for a site ban
if user.banned {
return Err(APIError::err("site_ban").into());
}
Ok(user)
}
pub(in crate::api) async fn get_user_from_jwt_opt(
jwt: &Option<String>,
pool: &DbPool,
) -> Result<Option<User_>, LemmyError> {
match jwt {
Some(jwt) => Ok(Some(get_user_from_jwt(jwt, pool).await?)),
None => Ok(None),
}
}

158
server/src/api/post.rs
View file

@ -1,5 +1,5 @@
use crate::{ use crate::{
api::{claims::Claims, is_mod_or_admin, APIError, Oper, Perform}, api::{get_user_from_jwt, get_user_from_jwt_opt, is_mod_or_admin, APIError, Oper, Perform},
apub::{ApubLikeableType, ApubObjectType}, apub::{ApubLikeableType, ApubObjectType},
blocking, blocking,
fetch_iframely_and_pictrs_data, fetch_iframely_and_pictrs_data,
@ -19,7 +19,6 @@ use lemmy_db::{
post::*, post::*,
post_view::*, post_view::*,
site_view::*, site_view::*,
user::*,
Crud, Crud,
Likeable, Likeable,
ListingType, ListingType,
@ -146,11 +145,7 @@ impl Perform for Oper<CreatePost> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<PostResponse, LemmyError> { ) -> Result<PostResponse, LemmyError> {
let data: &CreatePost = &self.data; let data: &CreatePost = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
if let Err(slurs) = slur_check(&data.name) { if let Err(slurs) = slur_check(&data.name) {
return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); return Err(APIError::err(&slurs_vec_to_str(slurs)).into());
@ -166,22 +161,15 @@ impl Perform for Oper<CreatePost> {
return Err(APIError::err("invalid_post_title").into()); return Err(APIError::err("invalid_post_title").into());
} }
let user_id = claims.id;
// Check for a community ban // Check for a community ban
let community_id = data.community_id; let community_id = data.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into()); return Err(APIError::err("community_ban").into());
} }
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
if let Some(url) = data.url.as_ref() { if let Some(url) = data.url.as_ref() {
match Url::parse(url) { match Url::parse(url) {
Ok(_t) => (), Ok(_t) => (),
@ -198,7 +186,7 @@ impl Perform for Oper<CreatePost> {
url: data.url.to_owned(), url: data.url.to_owned(),
body: data.body.to_owned(), body: data.body.to_owned(),
community_id: data.community_id, community_id: data.community_id,
creator_id: user_id, creator_id: user.id,
removed: None, removed: None,
deleted: None, deleted: None,
nsfw: data.nsfw, nsfw: data.nsfw,
@ -244,7 +232,7 @@ impl Perform for Oper<CreatePost> {
// They like their own post by default // They like their own post by default
let like_form = PostLikeForm { let like_form = PostLikeForm {
post_id: inserted_post.id, post_id: inserted_post.id,
user_id, user_id: user.id,
score: 1, score: 1,
}; };
@ -258,7 +246,7 @@ impl Perform for Oper<CreatePost> {
// Refetch the view // Refetch the view
let inserted_post_id = inserted_post.id; let inserted_post_id = inserted_post.id;
let post_view = match blocking(pool, move |conn| { let post_view = match blocking(pool, move |conn| {
PostView::read(conn, inserted_post_id, Some(user_id)) PostView::read(conn, inserted_post_id, Some(user.id))
}) })
.await? .await?
{ {
@ -290,17 +278,8 @@ impl Perform for Oper<GetPost> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<GetPostResponse, LemmyError> { ) -> Result<GetPostResponse, LemmyError> {
let data: &GetPost = &self.data; let data: &GetPost = &self.data;
let user = get_user_from_jwt_opt(&data.auth, pool).await?;
let user_id: Option<i32> = match &data.auth { let user_id = user.map(|u| u.id);
Some(auth) => match Claims::decode(&auth) {
Ok(claims) => {
let user_id = claims.claims.id;
Some(user_id)
}
Err(_e) => None,
},
None => None,
};
let id = data.id; let id = data.id;
let post_view = match blocking(pool, move |conn| PostView::read(conn, id, user_id)).await? { let post_view = match blocking(pool, move |conn| PostView::read(conn, id, user_id)).await? {
@ -369,19 +348,7 @@ impl Perform for Oper<GetPosts> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<GetPostsResponse, LemmyError> { ) -> Result<GetPostsResponse, LemmyError> {
let data: &GetPosts = &self.data; let data: &GetPosts = &self.data;
let user = get_user_from_jwt_opt(&data.auth, pool).await?;
// For logged in users, you need to get back subscribed, and settings
let user: Option<User_> = match &data.auth {
Some(auth) => match Claims::decode(&auth) {
Ok(claims) => {
let user_id = claims.claims.id;
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
Some(user)
}
Err(_e) => None,
},
None => None,
};
let user_id = match &user { let user_id = match &user {
Some(user) => Some(user.id), Some(user) => Some(user.id),
@ -446,13 +413,7 @@ impl Perform for Oper<CreatePostLike> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<PostResponse, LemmyError> { ) -> Result<PostResponse, LemmyError> {
let data: &CreatePostLike = &self.data; let data: &CreatePostLike = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Don't do a downvote if site has downvotes disabled // Don't do a downvote if site has downvotes disabled
if data.score == -1 { if data.score == -1 {
@ -467,18 +428,13 @@ impl Perform for Oper<CreatePostLike> {
let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??; let post = blocking(pool, move |conn| Post::read(conn, post_id)).await??;
let community_id = post.community_id; let community_id = post.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into()); return Err(APIError::err("community_ban").into());
} }
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
let like_form = PostLikeForm { let like_form = PostLikeForm {
post_id: data.post_id, post_id: data.post_id,
user_id, user_id,
@ -541,6 +497,7 @@ impl Perform for Oper<EditPost> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<PostResponse, LemmyError> { ) -> Result<PostResponse, LemmyError> {
let data: &EditPost = &self.data; let data: &EditPost = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
if let Err(slurs) = slur_check(&data.name) { if let Err(slurs) = slur_check(&data.name) {
return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); return Err(APIError::err(&slurs_vec_to_str(slurs)).into());
@ -556,32 +513,20 @@ impl Perform for Oper<EditPost> {
return Err(APIError::err("invalid_post_title").into()); return Err(APIError::err("invalid_post_title").into());
} }
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a community ban // Check for a community ban
let community_id = orig_post.community_id; let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
return Err(APIError::err("community_ban").into()); return Err(APIError::err("community_ban").into());
} }
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Verify that only the creator can edit // Verify that only the creator can edit
if !Post::is_post_creator(user_id, orig_post.creator_id) { if !Post::is_post_creator(user.id, orig_post.creator_id) {
return Err(APIError::err("no_post_edit_allowed").into()); return Err(APIError::err("no_post_edit_allowed").into());
} }
@ -658,25 +603,14 @@ impl Perform for Oper<DeletePost> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<PostResponse, LemmyError> { ) -> Result<PostResponse, LemmyError> {
let data: &DeletePost = &self.data; let data: &DeletePost = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Check for a community ban // Check for a community ban
let community_id = orig_post.community_id; let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
@ -736,25 +670,14 @@ impl Perform for Oper<RemovePost> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<PostResponse, LemmyError> { ) -> Result<PostResponse, LemmyError> {
let data: &RemovePost = &self.data; let data: &RemovePost = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Check for a community ban // Check for a community ban
let community_id = orig_post.community_id; let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
@ -762,7 +685,7 @@ impl Perform for Oper<RemovePost> {
} }
// Verify that only the mods can remove // Verify that only the mods can remove
is_mod_or_admin(pool, user_id, community_id).await?; is_mod_or_admin(pool, user.id, community_id).await?;
// Update the post // Update the post
let edit_id = data.edit_id; let edit_id = data.edit_id;
@ -774,7 +697,7 @@ impl Perform for Oper<RemovePost> {
// Mod tables // Mod tables
let form = ModRemovePostForm { let form = ModRemovePostForm {
mod_user_id: user_id, mod_user_id: user.id,
post_id: data.edit_id, post_id: data.edit_id,
removed: Some(removed), removed: Some(removed),
reason: data.reason.to_owned(), reason: data.reason.to_owned(),
@ -821,25 +744,14 @@ impl Perform for Oper<LockPost> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<PostResponse, LemmyError> { ) -> Result<PostResponse, LemmyError> {
let data: &LockPost = &self.data; let data: &LockPost = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Check for a community ban // Check for a community ban
let community_id = orig_post.community_id; let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
@ -897,25 +809,14 @@ impl Perform for Oper<StickyPost> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<PostResponse, LemmyError> { ) -> Result<PostResponse, LemmyError> {
let data: &StickyPost = &self.data; let data: &StickyPost = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??; let orig_post = blocking(pool, move |conn| Post::read(conn, edit_id)).await??;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Check for a community ban // Check for a community ban
let community_id = orig_post.community_id; let community_id = orig_post.community_id;
let user_id = user.id;
let is_banned = let is_banned =
move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok(); move |conn: &'_ _| CommunityUserBanView::get(conn, user_id, community_id).is_ok();
if blocking(pool, is_banned).await? { if blocking(pool, is_banned).await? {
@ -976,17 +877,11 @@ impl Perform for Oper<SavePost> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<PostResponse, LemmyError> { ) -> Result<PostResponse, LemmyError> {
let data: &SavePost = &self.data; let data: &SavePost = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let post_saved_form = PostSavedForm { let post_saved_form = PostSavedForm {
post_id: data.post_id, post_id: data.post_id,
user_id, user_id: user.id,
}; };
if data.save { if data.save {
@ -1002,6 +897,7 @@ impl Perform for Oper<SavePost> {
} }
let post_id = data.post_id; let post_id = data.post_id;
let user_id = user.id;
let post_view = blocking(pool, move |conn| { let post_view = blocking(pool, move |conn| {
PostView::read(conn, post_id, Some(user_id)) PostView::read(conn, post_id, Some(user_id))
}) })

88
server/src/api/site.rs
View file

@ -1,6 +1,6 @@
use super::user::Register; use super::user::Register;
use crate::{ use crate::{
api::{claims::Claims, is_admin, APIError, Oper, Perform}, api::{get_user_from_jwt, get_user_from_jwt_opt, is_admin, APIError, Oper, Perform},
apub::fetcher::search_by_apub_id, apub::fetcher::search_by_apub_id,
blocking, blocking,
version, version,
@ -243,10 +243,7 @@ impl Perform for Oper<CreateSite> {
) -> Result<SiteResponse, LemmyError> { ) -> Result<SiteResponse, LemmyError> {
let data: &CreateSite = &self.data; let data: &CreateSite = &self.data;
let claims = match Claims::decode(&data.auth) { let user = get_user_from_jwt(&data.auth, pool).await?;
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
if let Err(slurs) = slur_check(&data.name) { if let Err(slurs) = slur_check(&data.name) {
return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); return Err(APIError::err(&slurs_vec_to_str(slurs)).into());
@ -258,15 +255,13 @@ impl Perform for Oper<CreateSite> {
} }
} }
let user_id = claims.id;
// Make sure user is an admin // Make sure user is an admin
is_admin(pool, user_id).await?; is_admin(pool, user.id).await?;
let site_form = SiteForm { let site_form = SiteForm {
name: data.name.to_owned(), name: data.name.to_owned(),
description: data.description.to_owned(), description: data.description.to_owned(),
creator_id: user_id, creator_id: user.id,
enable_downvotes: data.enable_downvotes, enable_downvotes: data.enable_downvotes,
open_registration: data.open_registration, open_registration: data.open_registration,
enable_nsfw: data.enable_nsfw, enable_nsfw: data.enable_nsfw,
@ -293,11 +288,7 @@ impl Perform for Oper<EditSite> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<SiteResponse, LemmyError> { ) -> Result<SiteResponse, LemmyError> {
let data: &EditSite = &self.data; let data: &EditSite = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
if let Err(slurs) = slur_check(&data.name) { if let Err(slurs) = slur_check(&data.name) {
return Err(APIError::err(&slurs_vec_to_str(slurs)).into()); return Err(APIError::err(&slurs_vec_to_str(slurs)).into());
@ -309,10 +300,8 @@ impl Perform for Oper<EditSite> {
} }
} }
let user_id = claims.id;
// Make sure user is an admin // Make sure user is an admin
is_admin(pool, user_id).await?; is_admin(pool, user.id).await?;
let found_site = blocking(pool, move |conn| Site::read(conn, 1)).await??; let found_site = blocking(pool, move |conn| Site::read(conn, 1)).await??;
@ -421,21 +410,12 @@ impl Perform for Oper<GetSite> {
0 0
}; };
// Giving back your user, if you're logged in let my_user = get_user_from_jwt_opt(&data.auth, pool).await?.map(|mut u| {
let my_user: Option<User_> = match &data.auth { u.password_encrypted = "".to_string();
Some(auth) => match Claims::decode(&auth) { u.private_key = None;
Ok(claims) => { u.public_key = None;
let user_id = claims.claims.id; u
let mut user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; });
user.password_encrypted = "".to_string();
user.private_key = None;
user.public_key = None;
Some(user)
}
Err(_e) => None,
},
None => None,
};
Ok(GetSiteResponse { Ok(GetSiteResponse {
site: site_view, site: site_view,
@ -466,16 +446,8 @@ impl Perform for Oper<Search> {
Err(e) => debug!("Failed to resolve search query as activitypub ID: {}", e), Err(e) => debug!("Failed to resolve search query as activitypub ID: {}", e),
} }
let user_id: Option<i32> = match &data.auth { let user = get_user_from_jwt_opt(&data.auth, pool).await?;
Some(auth) => match Claims::decode(&auth) { let user_id = user.map(|u| u.id);
Ok(claims) => {
let user_id = claims.claims.id;
Some(user_id)
}
Err(_e) => None,
},
None => None,
};
let type_ = SearchType::from_str(&data.type_)?; let type_ = SearchType::from_str(&data.type_)?;
@ -630,14 +602,8 @@ impl Perform for Oper<TransferSite> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<GetSiteResponse, LemmyError> { ) -> Result<GetSiteResponse, LemmyError> {
let data: &TransferSite = &self.data; let data: &TransferSite = &self.data;
let mut user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let mut user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
// TODO add a User_::read_safe() for this. // TODO add a User_::read_safe() for this.
user.password_encrypted = "".to_string(); user.password_encrypted = "".to_string();
user.private_key = None; user.private_key = None;
@ -646,7 +612,7 @@ impl Perform for Oper<TransferSite> {
let read_site = blocking(pool, move |conn| Site::read(conn, 1)).await??; let read_site = blocking(pool, move |conn| Site::read(conn, 1)).await??;
// Make sure user is the creator // Make sure user is the creator
if read_site.creator_id != user_id { if read_site.creator_id != user.id {
return Err(APIError::err("not_an_admin").into()); return Err(APIError::err("not_an_admin").into());
} }
@ -667,7 +633,7 @@ impl Perform for Oper<TransferSite> {
// Mod tables // Mod tables
let form = ModAddForm { let form = ModAddForm {
mod_user_id: user_id, mod_user_id: user.id,
other_user_id: data.user_id, other_user_id: data.user_id,
removed: Some(false), removed: Some(false),
}; };
@ -707,16 +673,10 @@ impl Perform for Oper<GetSiteConfig> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<GetSiteConfigResponse, LemmyError> { ) -> Result<GetSiteConfigResponse, LemmyError> {
let data: &GetSiteConfig = &self.data; let data: &GetSiteConfig = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Only let admins read this // Only let admins read this
is_admin(pool, user_id).await?; is_admin(pool, user.id).await?;
let config_hjson = Settings::read_config_file()?; let config_hjson = Settings::read_config_file()?;
@ -734,19 +694,13 @@ impl Perform for Oper<SaveSiteConfig> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<GetSiteConfigResponse, LemmyError> { ) -> Result<GetSiteConfigResponse, LemmyError> {
let data: &SaveSiteConfig = &self.data; let data: &SaveSiteConfig = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Only let admins read this // Only let admins read this
let admins = blocking(pool, move |conn| UserView::admins(conn)).await??; let admins = blocking(pool, move |conn| UserView::admins(conn)).await??;
let admin_ids: Vec<i32> = admins.into_iter().map(|m| m.id).collect(); let admin_ids: Vec<i32> = admins.into_iter().map(|m| m.id).collect();
if !admin_ids.contains(&user_id) { if !admin_ids.contains(&user.id) {
return Err(APIError::err("not_an_admin").into()); return Err(APIError::err("not_an_admin").into());
} }

202
server/src/api/user.rs
View file

@ -1,5 +1,13 @@
use crate::{ use crate::{
api::{claims::Claims, is_admin, APIError, Oper, Perform}, api::{
claims::Claims,
get_user_from_jwt,
get_user_from_jwt_opt,
is_admin,
APIError,
Oper,
Perform,
},
apub::ApubObjectType, apub::ApubObjectType,
blocking, blocking,
captcha_espeak_wav_base64, captcha_espeak_wav_base64,
@ -543,14 +551,9 @@ impl Perform for Oper<SaveUserSettings> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<LoginResponse, LemmyError> { ) -> Result<LoginResponse, LemmyError> {
let data: &SaveUserSettings = &self.data; let data: &SaveUserSettings = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) { let user_id = user.id;
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let read_user = blocking(pool, move |conn| User_::read(conn, user_id)).await??; let read_user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
let email = match &data.email { let email = match &data.email {
@ -665,24 +668,7 @@ impl Perform for Oper<GetUserDetails> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<GetUserDetailsResponse, LemmyError> { ) -> Result<GetUserDetailsResponse, LemmyError> {
let data: &GetUserDetails = &self.data; let data: &GetUserDetails = &self.data;
let user = get_user_from_jwt_opt(&data.auth, pool).await?;
// For logged in users, you need to get back subscribed, and settings
let user: Option<User_> = match &data.auth {
Some(auth) => match Claims::decode(&auth) {
Ok(claims) => {
let user_id = claims.claims.id;
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
Some(user)
}
Err(_e) => None,
},
None => None,
};
let user_id = match &user {
Some(user) => Some(user.id),
None => None,
};
let show_nsfw = match &user { let show_nsfw = match &user {
Some(user) => user.show_nsfw, Some(user) => user.show_nsfw,
@ -712,6 +698,7 @@ impl Perform for Oper<GetUserDetails> {
let limit = data.limit; let limit = data.limit;
let saved_only = data.saved_only; let saved_only = data.saved_only;
let community_id = data.community_id; let community_id = data.community_id;
let user_id = user.map(|u| u.id);
let (posts, comments) = blocking(pool, move |conn| { let (posts, comments) = blocking(pool, move |conn| {
let mut posts_query = PostQueryBuilder::create(conn) let mut posts_query = PostQueryBuilder::create(conn)
.sort(&sort) .sort(&sort)
@ -780,16 +767,10 @@ impl Perform for Oper<AddAdmin> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<AddAdminResponse, LemmyError> { ) -> Result<AddAdminResponse, LemmyError> {
let data: &AddAdmin = &self.data; let data: &AddAdmin = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Make sure user is an admin // Make sure user is an admin
is_admin(pool, user_id).await?; is_admin(pool, user.id).await?;
let added = data.added; let added = data.added;
let added_user_id = data.user_id; let added_user_id = data.user_id;
@ -800,7 +781,7 @@ impl Perform for Oper<AddAdmin> {
// Mod tables // Mod tables
let form = ModAddForm { let form = ModAddForm {
mod_user_id: user_id, mod_user_id: user.id,
other_user_id: data.user_id, other_user_id: data.user_id,
removed: Some(!data.added), removed: Some(!data.added),
}; };
@ -839,16 +820,10 @@ impl Perform for Oper<BanUser> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<BanUserResponse, LemmyError> { ) -> Result<BanUserResponse, LemmyError> {
let data: &BanUser = &self.data; let data: &BanUser = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Make sure user is an admin // Make sure user is an admin
is_admin(pool, user_id).await?; is_admin(pool, user.id).await?;
let ban = data.ban; let ban = data.ban;
let banned_user_id = data.user_id; let banned_user_id = data.user_id;
@ -864,7 +839,7 @@ impl Perform for Oper<BanUser> {
}; };
let form = ModBanForm { let form = ModBanForm {
mod_user_id: user_id, mod_user_id: user.id,
other_user_id: data.user_id, other_user_id: data.user_id,
reason: data.reason.to_owned(), reason: data.reason.to_owned(),
banned: Some(data.ban), banned: Some(data.ban),
@ -903,19 +878,14 @@ impl Perform for Oper<GetReplies> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<GetRepliesResponse, LemmyError> { ) -> Result<GetRepliesResponse, LemmyError> {
let data: &GetReplies = &self.data; let data: &GetReplies = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let sort = SortType::from_str(&data.sort)?; let sort = SortType::from_str(&data.sort)?;
let page = data.page; let page = data.page;
let limit = data.limit; let limit = data.limit;
let unread_only = data.unread_only; let unread_only = data.unread_only;
let user_id = user.id;
let replies = blocking(pool, move |conn| { let replies = blocking(pool, move |conn| {
ReplyQueryBuilder::create(conn, user_id) ReplyQueryBuilder::create(conn, user_id)
.sort(&sort) .sort(&sort)
@ -940,19 +910,14 @@ impl Perform for Oper<GetUserMentions> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<GetUserMentionsResponse, LemmyError> { ) -> Result<GetUserMentionsResponse, LemmyError> {
let data: &GetUserMentions = &self.data; let data: &GetUserMentions = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let sort = SortType::from_str(&data.sort)?; let sort = SortType::from_str(&data.sort)?;
let page = data.page; let page = data.page;
let limit = data.limit; let limit = data.limit;
let unread_only = data.unread_only; let unread_only = data.unread_only;
let user_id = user.id;
let mentions = blocking(pool, move |conn| { let mentions = blocking(pool, move |conn| {
UserMentionQueryBuilder::create(conn, user_id) UserMentionQueryBuilder::create(conn, user_id)
.sort(&sort) .sort(&sort)
@ -977,19 +942,13 @@ impl Perform for Oper<MarkUserMentionAsRead> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<UserMentionResponse, LemmyError> { ) -> Result<UserMentionResponse, LemmyError> {
let data: &MarkUserMentionAsRead = &self.data; let data: &MarkUserMentionAsRead = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let user_mention_id = data.user_mention_id; let user_mention_id = data.user_mention_id;
let read_user_mention = let read_user_mention =
blocking(pool, move |conn| UserMention::read(conn, user_mention_id)).await??; blocking(pool, move |conn| UserMention::read(conn, user_mention_id)).await??;
if user_id != read_user_mention.recipient_id { if user.id != read_user_mention.recipient_id {
return Err(APIError::err("couldnt_update_comment").into()); return Err(APIError::err("couldnt_update_comment").into());
} }
@ -1001,6 +960,7 @@ impl Perform for Oper<MarkUserMentionAsRead> {
}; };
let user_mention_id = read_user_mention.id; let user_mention_id = read_user_mention.id;
let user_id = user.id;
let user_mention_view = blocking(pool, move |conn| { let user_mention_view = blocking(pool, move |conn| {
UserMentionView::read(conn, user_mention_id, user_id) UserMentionView::read(conn, user_mention_id, user_id)
}) })
@ -1022,14 +982,9 @@ impl Perform for Oper<MarkAllAsRead> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<GetRepliesResponse, LemmyError> { ) -> Result<GetRepliesResponse, LemmyError> {
let data: &MarkAllAsRead = &self.data; let data: &MarkAllAsRead = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) { let user_id = user.id;
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let replies = blocking(pool, move |conn| { let replies = blocking(pool, move |conn| {
ReplyQueryBuilder::create(conn, user_id) ReplyQueryBuilder::create(conn, user_id)
.unread_only(true) .unread_only(true)
@ -1076,15 +1031,7 @@ impl Perform for Oper<DeleteAccount> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<LoginResponse, LemmyError> { ) -> Result<LoginResponse, LemmyError> {
let data: &DeleteAccount = &self.data; let data: &DeleteAccount = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
// Verify the password // Verify the password
let valid: bool = verify(&data.password, &user.password_encrypted).unwrap_or(false); let valid: bool = verify(&data.password, &user.password_encrypted).unwrap_or(false);
@ -1093,6 +1040,7 @@ impl Perform for Oper<DeleteAccount> {
} }
// Comments // Comments
let user_id = user.id;
let comments = blocking(pool, move |conn| { let comments = blocking(pool, move |conn| {
CommentQueryBuilder::create(conn) CommentQueryBuilder::create(conn)
.for_creator_id(user_id) .for_creator_id(user_id)
@ -1230,27 +1178,15 @@ impl Perform for Oper<CreatePrivateMessage> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<PrivateMessageResponse, LemmyError> { ) -> Result<PrivateMessageResponse, LemmyError> {
let data: &CreatePrivateMessage = &self.data; let data: &CreatePrivateMessage = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let hostname = &format!("https://{}", Settings::get().hostname); let hostname = &format!("https://{}", Settings::get().hostname);
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
let content_slurs_removed = remove_slurs(&data.content.to_owned()); let content_slurs_removed = remove_slurs(&data.content.to_owned());
let private_message_form = PrivateMessageForm { let private_message_form = PrivateMessageForm {
content: content_slurs_removed.to_owned(), content: content_slurs_removed.to_owned(),
creator_id: user_id, creator_id: user.id,
recipient_id: data.recipient_id, recipient_id: data.recipient_id,
deleted: None, deleted: None,
read: None, read: None,
@ -1341,25 +1277,13 @@ impl Perform for Oper<EditPrivateMessage> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<PrivateMessageResponse, LemmyError> { ) -> Result<PrivateMessageResponse, LemmyError> {
let data: &EditPrivateMessage = &self.data; let data: &EditPrivateMessage = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Checking permissions // Checking permissions
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_private_message = let orig_private_message =
blocking(pool, move |conn| PrivateMessage::read(conn, edit_id)).await??; blocking(pool, move |conn| PrivateMessage::read(conn, edit_id)).await??;
if user_id != orig_private_message.creator_id { if user.id != orig_private_message.creator_id {
return Err(APIError::err("no_private_message_edit_allowed").into()); return Err(APIError::err("no_private_message_edit_allowed").into());
} }
@ -1409,25 +1333,13 @@ impl Perform for Oper<DeletePrivateMessage> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<PrivateMessageResponse, LemmyError> { ) -> Result<PrivateMessageResponse, LemmyError> {
let data: &DeletePrivateMessage = &self.data; let data: &DeletePrivateMessage = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Checking permissions // Checking permissions
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_private_message = let orig_private_message =
blocking(pool, move |conn| PrivateMessage::read(conn, edit_id)).await??; blocking(pool, move |conn| PrivateMessage::read(conn, edit_id)).await??;
if user_id != orig_private_message.creator_id { if user.id != orig_private_message.creator_id {
return Err(APIError::err("no_private_message_edit_allowed").into()); return Err(APIError::err("no_private_message_edit_allowed").into());
} }
@ -1483,25 +1395,13 @@ impl Perform for Oper<MarkPrivateMessageAsRead> {
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<PrivateMessageResponse, LemmyError> { ) -> Result<PrivateMessageResponse, LemmyError> {
let data: &MarkPrivateMessageAsRead = &self.data; let data: &MarkPrivateMessageAsRead = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
// Check for a site ban
let user = blocking(pool, move |conn| User_::read(conn, user_id)).await??;
if user.banned {
return Err(APIError::err("site_ban").into());
}
// Checking permissions // Checking permissions
let edit_id = data.edit_id; let edit_id = data.edit_id;
let orig_private_message = let orig_private_message =
blocking(pool, move |conn| PrivateMessage::read(conn, edit_id)).await??; blocking(pool, move |conn| PrivateMessage::read(conn, edit_id)).await??;
if user_id != orig_private_message.recipient_id { if user.id != orig_private_message.recipient_id {
return Err(APIError::err("couldnt_update_private_message").into()); return Err(APIError::err("couldnt_update_private_message").into());
} }
@ -1548,13 +1448,8 @@ impl Perform for Oper<GetPrivateMessages> {
_websocket_info: Option<WebsocketInfo>, _websocket_info: Option<WebsocketInfo>,
) -> Result<PrivateMessagesResponse, LemmyError> { ) -> Result<PrivateMessagesResponse, LemmyError> {
let data: &GetPrivateMessages = &self.data; let data: &GetPrivateMessages = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) { let user_id = user.id;
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
let page = data.page; let page = data.page;
let limit = data.limit; let limit = data.limit;
@ -1578,24 +1473,21 @@ impl Perform for Oper<UserJoin> {
async fn perform( async fn perform(
&self, &self,
_pool: &DbPool, pool: &DbPool,
websocket_info: Option<WebsocketInfo>, websocket_info: Option<WebsocketInfo>,
) -> Result<UserJoinResponse, LemmyError> { ) -> Result<UserJoinResponse, LemmyError> {
let data: &UserJoin = &self.data; let data: &UserJoin = &self.data;
let user = get_user_from_jwt(&data.auth, pool).await?;
let claims = match Claims::decode(&data.auth) {
Ok(claims) => claims.claims,
Err(_e) => return Err(APIError::err("not_logged_in").into()),
};
let user_id = claims.id;
if let Some(ws) = websocket_info { if let Some(ws) = websocket_info {
if let Some(id) = ws.id { if let Some(id) = ws.id {
ws.chatserver.do_send(JoinUserRoom { user_id, id }); ws.chatserver.do_send(JoinUserRoom {
user_id: user.id,
id,
});
} }
} }
Ok(UserJoinResponse { user_id }) Ok(UserJoinResponse { user_id: user.id })
} }
} }