crates/api_common/src/utils.rs

   1 use crate::{
   2   context::LemmyContext,
   3   request::purge_image_from_pictrs,
   4   sensitive::Sensitive,
   5   site::FederatedInstances,
   6 };
   7 use anyhow::Context;
   8 use chrono::NaiveDateTime;
   9 use lemmy_db_schema::{
  10   impls::person::is_banned,
  11   newtypes::{CommunityId, DbUrl, LocalUserId, PersonId, PostId},
  12   source::{
  13     comment::{Comment, CommentUpdateForm},
  14     community::{Community, CommunityModerator, CommunityUpdateForm},
  15     email_verification::{EmailVerification, EmailVerificationForm},
  16     instance::Instance,
  17     local_site::LocalSite,
  18     local_site_rate_limit::LocalSiteRateLimit,
  19     password_reset_request::PasswordResetRequest,
  20     person::{Person, PersonUpdateForm},
  21     person_block::PersonBlock,
  22     post::{Post, PostRead, PostReadForm},
  23     registration_application::RegistrationApplication,
  24   },
  25   traits::{Crud, Readable},
  26   utils::DbPool,
  27   RegistrationMode,
  28 };
  29 use lemmy_db_views::{comment_view::CommentQuery, structs::LocalUserView};
  30 use lemmy_db_views_actor::structs::{
  31   CommunityModeratorView,
  32   CommunityPersonBanView,
  33   CommunityView,
  34 };
  35 use lemmy_utils::{
  36   claims::Claims,
  37   email::{send_email, translations::Lang},
  38   error::{LemmyError, LemmyErrorExt, LemmyErrorExt2, LemmyErrorType},
  39   location_info,
  40   rate_limit::RateLimitConfig,
  41   settings::structs::Settings,
  42   utils::slurs::build_slur_regex,
  43 };
  44 use regex::Regex;
  45 use reqwest_middleware::ClientWithMiddleware;
  46 use rosetta_i18n::{Language, LanguageId};
  47 use tracing::warn;
  48 use url::{ParseError, Url};
  49
  50 #[tracing::instrument(skip_all)]
  51 pub async fn is_mod_or_admin(
  52   pool: &mut DbPool<'_>,
  53   person_id: PersonId,
  54   community_id: CommunityId,
  55 ) -> Result<(), LemmyError> {
  56   let is_mod_or_admin = CommunityView::is_mod_or_admin(pool, person_id, community_id).await?;
  57   if !is_mod_or_admin {
  58     return Err(LemmyErrorType::NotAModOrAdmin)?;
  59   }
  60   Ok(())
  61 }
  62
  63 #[tracing::instrument(skip_all)]
  64 pub async fn is_mod_or_admin_opt(
  65   pool: &mut DbPool<'_>,
  66   local_user_view: Option<&LocalUserView>,
  67   community_id: Option<CommunityId>,
  68 ) -> Result<(), LemmyError> {
  69   if let Some(local_user_view) = local_user_view {
  70     if let Some(community_id) = community_id {
  71       is_mod_or_admin(pool, local_user_view.person.id, community_id).await
  72     } else {
  73       is_admin(local_user_view)
  74     }
  75   } else {
  76     Err(LemmyErrorType::NotAModOrAdmin)?
  77   }
  78 }
  79
  80 pub fn is_admin(local_user_view: &LocalUserView) -> Result<(), LemmyError> {
  81   if !local_user_view.person.admin {
  82     Err(LemmyErrorType::NotAnAdmin)?;
  83   }
  84   Ok(())
  85 }
  86
  87 pub fn is_top_mod(
  88   local_user_view: &LocalUserView,
  89   community_mods: &[CommunityModeratorView],
  90 ) -> Result<(), LemmyError> {
  91   if local_user_view.person.id
  92     != community_mods
  93       .first()
  94       .map(|cm| cm.moderator.id)
  95       .unwrap_or(PersonId(0))
  96   {
  97     Err(LemmyErrorType::NotTopMod)?;
  98   }
  99   Ok(())
 100 }
 101
 102 #[tracing::instrument(skip_all)]
 103 pub async fn get_post(post_id: PostId, pool: &mut DbPool<'_>) -> Result<Post, LemmyError> {
 104   Post::read(pool, post_id)
 105     .await
 106     .with_lemmy_type(LemmyErrorType::CouldntFindPost)
 107 }
 108
 109 #[tracing::instrument(skip_all)]
 110 pub async fn mark_post_as_read(
 111   person_id: PersonId,
 112   post_id: PostId,
 113   pool: &mut DbPool<'_>,
 114 ) -> Result<PostRead, LemmyError> {
 115   let post_read_form = PostReadForm { post_id, person_id };
 116
 117   PostRead::mark_as_read(pool, &post_read_form)
 118     .await
 119     .with_lemmy_type(LemmyErrorType::CouldntMarkPostAsRead)
 120 }
 121
 122 #[tracing::instrument(skip_all)]
 123 pub async fn mark_post_as_unread(
 124   person_id: PersonId,
 125   post_id: PostId,
 126   pool: &mut DbPool<'_>,
 127 ) -> Result<usize, LemmyError> {
 128   let post_read_form = PostReadForm { post_id, person_id };
 129
 130   PostRead::mark_as_unread(pool, &post_read_form)
 131     .await
 132     .with_lemmy_type(LemmyErrorType::CouldntMarkPostAsRead)
 133 }
 134
 135 #[tracing::instrument(skip_all)]
 136 pub async fn local_user_view_from_jwt(
 137   jwt: &str,
 138   context: &LemmyContext,
 139 ) -> Result<LocalUserView, LemmyError> {
 140   let claims = Claims::decode(jwt, &context.secret().jwt_secret)
 141     .with_lemmy_type(LemmyErrorType::NotLoggedIn)?
 142     .claims;
 143   let local_user_id = LocalUserId(claims.sub);
 144   let local_user_view = LocalUserView::read(&mut context.pool(), local_user_id).await?;
 145   check_user_valid(
 146     local_user_view.person.banned,
 147     local_user_view.person.ban_expires,
 148     local_user_view.person.deleted,
 149   )?;
 150
 151   check_validator_time(&local_user_view.local_user.validator_time, &claims)?;
 152
 153   Ok(local_user_view)
 154 }
 155
 156 #[tracing::instrument(skip_all)]
 157 pub async fn local_user_view_from_jwt_opt(
 158   jwt: Option<&Sensitive<String>>,
 159   context: &LemmyContext,
 160 ) -> Option<LocalUserView> {
 161   local_user_view_from_jwt(jwt?, context).await.ok()
 162 }
 163
 164 /// Checks if user's token was issued before user's password reset.
 165 pub fn check_validator_time(
 166   validator_time: &NaiveDateTime,
 167   claims: &Claims,
 168 ) -> Result<(), LemmyError> {
 169   let user_validation_time = validator_time.timestamp();
 170   if user_validation_time > claims.iat {
 171     Err(LemmyErrorType::NotLoggedIn)?
 172   } else {
 173     Ok(())
 174   }
 175 }
 176
 177 pub fn check_user_valid(
 178   banned: bool,
 179   ban_expires: Option<NaiveDateTime>,
 180   deleted: bool,
 181 ) -> Result<(), LemmyError> {
 182   // Check for a site ban
 183   if is_banned(banned, ban_expires) {
 184     Err(LemmyErrorType::SiteBan)?;
 185   }
 186
 187   // check for account deletion
 188   if deleted {
 189     Err(LemmyErrorType::Deleted)?;
 190   }
 191
 192   Ok(())
 193 }
 194
 195 #[tracing::instrument(skip_all)]
 196 pub async fn check_community_ban(
 197   person_id: PersonId,
 198   community_id: CommunityId,
 199   pool: &mut DbPool<'_>,
 200 ) -> Result<(), LemmyError> {
 201   let is_banned = CommunityPersonBanView::get(pool, person_id, community_id)
 202     .await
 203     .is_ok();
 204   if is_banned {
 205     Err(LemmyErrorType::BannedFromCommunity)?
 206   } else {
 207     Ok(())
 208   }
 209 }
 210
 211 #[tracing::instrument(skip_all)]
 212 pub async fn check_community_deleted_or_removed(
 213   community_id: CommunityId,
 214   pool: &mut DbPool<'_>,
 215 ) -> Result<(), LemmyError> {
 216   let community = Community::read(pool, community_id)
 217     .await
 218     .with_lemmy_type(LemmyErrorType::CouldntFindCommunity)?;
 219   if community.deleted || community.removed {
 220     Err(LemmyErrorType::Deleted)?
 221   } else {
 222     Ok(())
 223   }
 224 }
 225
 226 pub fn check_post_deleted_or_removed(post: &Post) -> Result<(), LemmyError> {
 227   if post.deleted || post.removed {
 228     Err(LemmyErrorType::Deleted)?
 229   } else {
 230     Ok(())
 231   }
 232 }
 233
 234 #[tracing::instrument(skip_all)]
 235 pub async fn check_person_block(
 236   my_id: PersonId,
 237   potential_blocker_id: PersonId,
 238   pool: &mut DbPool<'_>,
 239 ) -> Result<(), LemmyError> {
 240   let is_blocked = PersonBlock::read(pool, potential_blocker_id, my_id)
 241     .await
 242     .is_ok();
 243   if is_blocked {
 244     Err(LemmyErrorType::PersonIsBlocked)?
 245   } else {
 246     Ok(())
 247   }
 248 }
 249
 250 #[tracing::instrument(skip_all)]
 251 pub fn check_downvotes_enabled(score: i16, local_site: &LocalSite) -> Result<(), LemmyError> {
 252   if score == -1 && !local_site.enable_downvotes {
 253     Err(LemmyErrorType::DownvotesAreDisabled)?;
 254   }
 255   Ok(())
 256 }
 257
 258 #[tracing::instrument(skip_all)]
 259 pub fn check_private_instance(
 260   local_user_view: &Option<LocalUserView>,
 261   local_site: &LocalSite,
 262 ) -> Result<(), LemmyError> {
 263   if local_user_view.is_none() && local_site.private_instance {
 264     Err(LemmyErrorType::InstanceIsPrivate)?;
 265   }
 266   Ok(())
 267 }
 268
 269 #[tracing::instrument(skip_all)]
 270 pub async fn build_federated_instances(
 271   local_site: &LocalSite,
 272   pool: &mut DbPool<'_>,
 273 ) -> Result<Option<FederatedInstances>, LemmyError> {
 274   if local_site.federation_enabled {
 275     // TODO I hate that this requires 3 queries
 276     let (linked, allowed, blocked) = lemmy_db_schema::try_join_with_pool!(pool => (
 277       Instance::linked,
 278       Instance::allowlist,
 279       Instance::blocklist
 280     ))?;
 281
 282     Ok(Some(FederatedInstances {
 283       linked,
 284       allowed,
 285       blocked,
 286     }))
 287   } else {
 288     Ok(None)
 289   }
 290 }
 291
 292 /// Checks the password length
 293 pub fn password_length_check(pass: &str) -> Result<(), LemmyError> {
 294   if !(10..=60).contains(&pass.chars().count()) {
 295     Err(LemmyErrorType::InvalidPassword)?
 296   } else {
 297     Ok(())
 298   }
 299 }
 300
 301 /// Checks for a honeypot. If this field is filled, fail the rest of the function
 302 pub fn honeypot_check(honeypot: &Option<String>) -> Result<(), LemmyError> {
 303   if honeypot.is_some() && honeypot != &Some(String::new()) {
 304     Err(LemmyErrorType::HoneypotFailed)?
 305   } else {
 306     Ok(())
 307   }
 308 }
 309
 310 pub async fn send_email_to_user(
 311   local_user_view: &LocalUserView,
 312   subject: &str,
 313   body: &str,
 314   settings: &Settings,
 315 ) {
 316   if local_user_view.person.banned || !local_user_view.local_user.send_notifications_to_email {
 317     return;
 318   }
 319
 320   if let Some(user_email) = &local_user_view.local_user.email {
 321     match send_email(
 322       subject,
 323       user_email,
 324       &local_user_view.person.name,
 325       body,
 326       settings,
 327     )
 328     .await
 329     {
 330       Ok(_o) => _o,
 331       Err(e) => warn!("{}", e),
 332     };
 333   }
 334 }
 335
 336 pub async fn send_password_reset_email(
 337   user: &LocalUserView,
 338   pool: &mut DbPool<'_>,
 339   settings: &Settings,
 340 ) -> Result<(), LemmyError> {
 341   // Generate a random token
 342   let token = uuid::Uuid::new_v4().to_string();
 343
 344   // Insert the row
 345   let local_user_id = user.local_user.id;
 346   PasswordResetRequest::create_token(pool, local_user_id, token.clone()).await?;
 347
 348   let email = &user.local_user.email.clone().expect("email");
 349   let lang = get_interface_language(user);
 350   let subject = &lang.password_reset_subject(&user.person.name);
 351   let protocol_and_hostname = settings.get_protocol_and_hostname();
 352   let reset_link = format!("{}/password_change/{}", protocol_and_hostname, &token);
 353   let body = &lang.password_reset_body(reset_link, &user.person.name);
 354   send_email(subject, email, &user.person.name, body, settings).await
 355 }
 356
 357 /// Send a verification email
 358 pub async fn send_verification_email(
 359   user: &LocalUserView,
 360   new_email: &str,
 361   pool: &mut DbPool<'_>,
 362   settings: &Settings,
 363 ) -> Result<(), LemmyError> {
 364   let form = EmailVerificationForm {
 365     local_user_id: user.local_user.id,
 366     email: new_email.to_string(),
 367     verification_token: uuid::Uuid::new_v4().to_string(),
 368   };
 369   let verify_link = format!(
 370     "{}/verify_email/{}",
 371     settings.get_protocol_and_hostname(),
 372     &form.verification_token
 373   );
 374   EmailVerification::create(pool, &form).await?;
 375
 376   let lang = get_interface_language(user);
 377   let subject = lang.verify_email_subject(&settings.hostname);
 378   let body = lang.verify_email_body(&settings.hostname, &user.person.name, verify_link);
 379   send_email(&subject, new_email, &user.person.name, &body, settings).await?;
 380
 381   Ok(())
 382 }
 383
 384 pub fn get_interface_language(user: &LocalUserView) -> Lang {
 385   lang_str_to_lang(&user.local_user.interface_language)
 386 }
 387
 388 pub fn get_interface_language_from_settings(user: &LocalUserView) -> Lang {
 389   lang_str_to_lang(&user.local_user.interface_language)
 390 }
 391
 392 fn lang_str_to_lang(lang: &str) -> Lang {
 393   let lang_id = LanguageId::new(lang);
 394   Lang::from_language_id(&lang_id).unwrap_or_else(|| {
 395     let en = LanguageId::new("en");
 396     Lang::from_language_id(&en).expect("default language")
 397   })
 398 }
 399
 400 pub fn local_site_rate_limit_to_rate_limit_config(
 401   local_site_rate_limit: &LocalSiteRateLimit,
 402 ) -> RateLimitConfig {
 403   let l = local_site_rate_limit;
 404   RateLimitConfig {
 405     message: l.message,
 406     message_per_second: l.message_per_second,
 407     post: l.post,
 408     post_per_second: l.post_per_second,
 409     register: l.register,
 410     register_per_second: l.register_per_second,
 411     image: l.image,
 412     image_per_second: l.image_per_second,
 413     comment: l.comment,
 414     comment_per_second: l.comment_per_second,
 415     search: l.search,
 416     search_per_second: l.search_per_second,
 417   }
 418 }
 419
 420 pub fn local_site_to_slur_regex(local_site: &LocalSite) -> Option<Regex> {
 421   build_slur_regex(local_site.slur_filter_regex.as_deref())
 422 }
 423
 424 pub fn local_site_opt_to_slur_regex(local_site: &Option<LocalSite>) -> Option<Regex> {
 425   local_site
 426     .as_ref()
 427     .map(local_site_to_slur_regex)
 428     .unwrap_or(None)
 429 }
 430
 431 pub fn local_site_opt_to_sensitive(local_site: &Option<LocalSite>) -> bool {
 432   local_site
 433     .as_ref()
 434     .map(|site| site.enable_nsfw)
 435     .unwrap_or(false)
 436 }
 437
 438 pub async fn send_application_approved_email(
 439   user: &LocalUserView,
 440   settings: &Settings,
 441 ) -> Result<(), LemmyError> {
 442   let email = &user.local_user.email.clone().expect("email");
 443   let lang = get_interface_language(user);
 444   let subject = lang.registration_approved_subject(&user.person.actor_id);
 445   let body = lang.registration_approved_body(&settings.hostname);
 446   send_email(&subject, email, &user.person.name, &body, settings).await
 447 }
 448
 449 /// Send a new applicant email notification to all admins
 450 pub async fn send_new_applicant_email_to_admins(
 451   applicant_username: &str,
 452   pool: &mut DbPool<'_>,
 453   settings: &Settings,
 454 ) -> Result<(), LemmyError> {
 455   // Collect the admins with emails
 456   let admins = LocalUserView::list_admins_with_emails(pool).await?;
 457
 458   let applications_link = &format!(
 459     "{}/registration_applications",
 460     settings.get_protocol_and_hostname(),
 461   );
 462
 463   for admin in &admins {
 464     let email = &admin.local_user.email.clone().expect("email");
 465     let lang = get_interface_language_from_settings(admin);
 466     let subject = lang.new_application_subject(&settings.hostname, applicant_username);
 467     let body = lang.new_application_body(applications_link);
 468     send_email(&subject, email, &admin.person.name, &body, settings).await?;
 469   }
 470   Ok(())
 471 }
 472
 473 /// Send a report to all admins
 474 pub async fn send_new_report_email_to_admins(
 475   reporter_username: &str,
 476   reported_username: &str,
 477   pool: &mut DbPool<'_>,
 478   settings: &Settings,
 479 ) -> Result<(), LemmyError> {
 480   // Collect the admins with emails
 481   let admins = LocalUserView::list_admins_with_emails(pool).await?;
 482
 483   let reports_link = &format!("{}/reports", settings.get_protocol_and_hostname(),);
 484
 485   for admin in &admins {
 486     let email = &admin.local_user.email.clone().expect("email");
 487     let lang = get_interface_language_from_settings(admin);
 488     let subject = lang.new_report_subject(&settings.hostname, reported_username, reporter_username);
 489     let body = lang.new_report_body(reports_link);
 490     send_email(&subject, email, &admin.person.name, &body, settings).await?;
 491   }
 492   Ok(())
 493 }
 494
 495 pub async fn check_registration_application(
 496   local_user_view: &LocalUserView,
 497   local_site: &LocalSite,
 498   pool: &mut DbPool<'_>,
 499 ) -> Result<(), LemmyError> {
 500   if (local_site.registration_mode == RegistrationMode::RequireApplication
 501     || local_site.registration_mode == RegistrationMode::Closed)
 502     && !local_user_view.local_user.accepted_application
 503     && !local_user_view.person.admin
 504   {
 505     // Fetch the registration, see if its denied
 506     let local_user_id = local_user_view.local_user.id;
 507     let registration = RegistrationApplication::find_by_local_user_id(pool, local_user_id).await?;
 508     if let Some(deny_reason) = registration.deny_reason {
 509       let lang = get_interface_language(local_user_view);
 510       let registration_denied_message = format!("{}: {}", lang.registration_denied(), deny_reason);
 511       return Err(LemmyErrorType::RegistrationDenied(
 512         registration_denied_message,
 513       ))?;
 514     } else {
 515       return Err(LemmyErrorType::RegistrationApplicationIsPending)?;
 516     }
 517   }
 518   Ok(())
 519 }
 520
 521 pub fn check_private_instance_and_federation_enabled(
 522   local_site: &LocalSite,
 523 ) -> Result<(), LemmyError> {
 524   if local_site.private_instance && local_site.federation_enabled {
 525     Err(LemmyErrorType::CantEnablePrivateInstanceAndFederationTogether)?;
 526   }
 527   Ok(())
 528 }
 529
 530 pub async fn purge_image_posts_for_person(
 531   banned_person_id: PersonId,
 532   pool: &mut DbPool<'_>,
 533   settings: &Settings,
 534   client: &ClientWithMiddleware,
 535 ) -> Result<(), LemmyError> {
 536   let posts = Post::fetch_pictrs_posts_for_creator(pool, banned_person_id).await?;
 537   for post in posts {
 538     if let Some(url) = post.url {
 539       purge_image_from_pictrs(client, settings, &url).await.ok();
 540     }
 541     if let Some(thumbnail_url) = post.thumbnail_url {
 542       purge_image_from_pictrs(client, settings, &thumbnail_url)
 543         .await
 544         .ok();
 545     }
 546   }
 547
 548   Post::remove_pictrs_post_images_and_thumbnails_for_creator(pool, banned_person_id).await?;
 549
 550   Ok(())
 551 }
 552
 553 pub async fn purge_image_posts_for_community(
 554   banned_community_id: CommunityId,
 555   pool: &mut DbPool<'_>,
 556   settings: &Settings,
 557   client: &ClientWithMiddleware,
 558 ) -> Result<(), LemmyError> {
 559   let posts = Post::fetch_pictrs_posts_for_community(pool, banned_community_id).await?;
 560   for post in posts {
 561     if let Some(url) = post.url {
 562       purge_image_from_pictrs(client, settings, &url).await.ok();
 563     }
 564     if let Some(thumbnail_url) = post.thumbnail_url {
 565       purge_image_from_pictrs(client, settings, &thumbnail_url)
 566         .await
 567         .ok();
 568     }
 569   }
 570
 571   Post::remove_pictrs_post_images_and_thumbnails_for_community(pool, banned_community_id).await?;
 572
 573   Ok(())
 574 }
 575
 576 pub async fn remove_user_data(
 577   banned_person_id: PersonId,
 578   pool: &mut DbPool<'_>,
 579   settings: &Settings,
 580   client: &ClientWithMiddleware,
 581 ) -> Result<(), LemmyError> {
 582   // Purge user images
 583   let person = Person::read(pool, banned_person_id).await?;
 584   if let Some(avatar) = person.avatar {
 585     purge_image_from_pictrs(client, settings, &avatar)
 586       .await
 587       .ok();
 588   }
 589   if let Some(banner) = person.banner {
 590     purge_image_from_pictrs(client, settings, &banner)
 591       .await
 592       .ok();
 593   }
 594
 595   // Update the fields to None
 596   Person::update(
 597     pool,
 598     banned_person_id,
 599     &PersonUpdateForm::builder()
 600       .avatar(Some(None))
 601       .banner(Some(None))
 602       .build(),
 603   )
 604   .await?;
 605
 606   // Posts
 607   Post::update_removed_for_creator(pool, banned_person_id, None, true).await?;
 608
 609   // Purge image posts
 610   purge_image_posts_for_person(banned_person_id, pool, settings, client).await?;
 611
 612   // Communities
 613   // Remove all communities where they're the top mod
 614   // for now, remove the communities manually
 615   let first_mod_communities = CommunityModeratorView::get_community_first_mods(pool).await?;
 616
 617   // Filter to only this banned users top communities
 618   let banned_user_first_communities: Vec<CommunityModeratorView> = first_mod_communities
 619     .into_iter()
 620     .filter(|fmc| fmc.moderator.id == banned_person_id)
 621     .collect();
 622
 623   for first_mod_community in banned_user_first_communities {
 624     let community_id = first_mod_community.community.id;
 625     Community::update(
 626       pool,
 627       community_id,
 628       &CommunityUpdateForm::builder().removed(Some(true)).build(),
 629     )
 630     .await?;
 631
 632     // Delete the community images
 633     if let Some(icon) = first_mod_community.community.icon {
 634       purge_image_from_pictrs(client, settings, &icon).await.ok();
 635     }
 636     if let Some(banner) = first_mod_community.community.banner {
 637       purge_image_from_pictrs(client, settings, &banner)
 638         .await
 639         .ok();
 640     }
 641     // Update the fields to None
 642     Community::update(
 643       pool,
 644       community_id,
 645       &CommunityUpdateForm::builder()
 646         .icon(Some(None))
 647         .banner(Some(None))
 648         .build(),
 649     )
 650     .await?;
 651   }
 652
 653   // Comments
 654   Comment::update_removed_for_creator(pool, banned_person_id, true).await?;
 655
 656   Ok(())
 657 }
 658
 659 pub async fn remove_user_data_in_community(
 660   community_id: CommunityId,
 661   banned_person_id: PersonId,
 662   pool: &mut DbPool<'_>,
 663 ) -> Result<(), LemmyError> {
 664   // Posts
 665   Post::update_removed_for_creator(pool, banned_person_id, Some(community_id), true).await?;
 666
 667   // Comments
 668   // TODO Diesel doesn't allow updates with joins, so this has to be a loop
 669   let comments = CommentQuery {
 670     creator_id: Some(banned_person_id),
 671     community_id: Some(community_id),
 672     ..Default::default()
 673   }
 674   .list(pool)
 675   .await?;
 676
 677   for comment_view in &comments {
 678     let comment_id = comment_view.comment.id;
 679     Comment::update(
 680       pool,
 681       comment_id,
 682       &CommentUpdateForm::builder().removed(Some(true)).build(),
 683     )
 684     .await?;
 685   }
 686
 687   Ok(())
 688 }
 689
 690 pub async fn delete_user_account(
 691   person_id: PersonId,
 692   pool: &mut DbPool<'_>,
 693   settings: &Settings,
 694   client: &ClientWithMiddleware,
 695 ) -> Result<(), LemmyError> {
 696   // Delete their images
 697   let person = Person::read(pool, person_id).await?;
 698   if let Some(avatar) = person.avatar {
 699     purge_image_from_pictrs(client, settings, &avatar)
 700       .await
 701       .ok();
 702   }
 703   if let Some(banner) = person.banner {
 704     purge_image_from_pictrs(client, settings, &banner)
 705       .await
 706       .ok();
 707   }
 708   // No need to update avatar and banner, those are handled in Person::delete_account
 709
 710   // Comments
 711   Comment::permadelete_for_creator(pool, person_id)
 712     .await
 713     .with_lemmy_type(LemmyErrorType::CouldntUpdateComment)?;
 714
 715   // Posts
 716   Post::permadelete_for_creator(pool, person_id)
 717     .await
 718     .with_lemmy_type(LemmyErrorType::CouldntUpdatePost)?;
 719
 720   // Purge image posts
 721   purge_image_posts_for_person(person_id, pool, settings, client).await?;
 722
 723   // Leave communities they mod
 724   CommunityModerator::leave_all_communities(pool, person_id).await?;
 725
 726   Person::delete_account(pool, person_id).await?;
 727
 728   Ok(())
 729 }
 730
 731 pub enum EndpointType {
 732   Community,
 733   Person,
 734   Post,
 735   Comment,
 736   PrivateMessage,
 737 }
 738
 739 /// Generates an apub endpoint for a given domain, IE xyz.tld
 740 pub fn generate_local_apub_endpoint(
 741   endpoint_type: EndpointType,
 742   name: &str,
 743   domain: &str,
 744 ) -> Result<DbUrl, ParseError> {
 745   let point = match endpoint_type {
 746     EndpointType::Community => "c",
 747     EndpointType::Person => "u",
 748     EndpointType::Post => "post",
 749     EndpointType::Comment => "comment",
 750     EndpointType::PrivateMessage => "private_message",
 751   };
 752
 753   Ok(Url::parse(&format!("{domain}/{point}/{name}"))?.into())
 754 }
 755
 756 pub fn generate_followers_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
 757   Ok(Url::parse(&format!("{actor_id}/followers"))?.into())
 758 }
 759
 760 pub fn generate_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
 761   Ok(Url::parse(&format!("{actor_id}/inbox"))?.into())
 762 }
 763
 764 pub fn generate_site_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
 765   let mut actor_id: Url = actor_id.clone().into();
 766   actor_id.set_path("site_inbox");
 767   Ok(actor_id.into())
 768 }
 769
 770 pub fn generate_shared_inbox_url(actor_id: &DbUrl) -> Result<DbUrl, LemmyError> {
 771   let actor_id: Url = actor_id.clone().into();
 772   let url = format!(
 773     "{}://{}{}/inbox",
 774     &actor_id.scheme(),
 775     &actor_id.host_str().context(location_info!())?,
 776     if let Some(port) = actor_id.port() {
 777       format!(":{port}")
 778     } else {
 779       String::new()
 780     },
 781   );
 782   Ok(Url::parse(&url)?.into())
 783 }
 784
 785 pub fn generate_outbox_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
 786   Ok(Url::parse(&format!("{actor_id}/outbox"))?.into())
 787 }
 788
 789 pub fn generate_featured_url(actor_id: &DbUrl) -> Result<DbUrl, ParseError> {
 790   Ok(Url::parse(&format!("{actor_id}/featured"))?.into())
 791 }
 792
 793 pub fn generate_moderators_url(community_id: &DbUrl) -> Result<DbUrl, LemmyError> {
 794   Ok(Url::parse(&format!("{community_id}/moderators"))?.into())
 795 }
 796
 797 /// Sanitize HTML with default options. Additionally, dont allow bypassing markdown
 798 /// links and images
 799 pub fn sanitize_html(data: &str) -> String {
 800   let sanitized = ammonia::Builder::default()
 801     .rm_tags(&["a", "img"])
 802     .clean(data)
 803     .to_string();
 804   // restore markdown quotes
 805   sanitized.replace("&gt;", ">")
 806 }
 807
 808 pub fn sanitize_html_opt(data: &Option<String>) -> Option<String> {
 809   data.as_ref().map(|d| sanitize_html(d))
 810 }
 811
 812 #[cfg(test)]
 813 mod tests {
 814   #![allow(clippy::unwrap_used)]
 815   #![allow(clippy::indexing_slicing)]
 816
 817   use crate::utils::{honeypot_check, password_length_check, sanitize_html};
 818
 819   #[test]
 820   #[rustfmt::skip]
 821   fn password_length() {
 822     assert!(password_length_check("Õ¼¾°3yË,o¸ãtÌÈú|ÇÁÙAøüÒI©·¤(T]/ð>æºWæ[C¤bªWöaÃÎñ·{=û³&§½K/c").is_ok());
 823     assert!(password_length_check("1234567890").is_ok());
 824     assert!(password_length_check("short").is_err());
 825     assert!(password_length_check("looooooooooooooooooooooooooooooooooooooooooooooooooooooooooong").is_err());
 826   }
 827
 828   #[test]
 829   fn honeypot() {
 830     assert!(honeypot_check(&None).is_ok());
 831     assert!(honeypot_check(&Some(String::new())).is_ok());
 832     assert!(honeypot_check(&Some("1".to_string())).is_err());
 833     assert!(honeypot_check(&Some("message".to_string())).is_err());
 834   }
 835
 836   #[test]
 837   fn test_sanitize_html() {
 838     let sanitized = sanitize_html("<script>alert(1);</script> hello");
 839     assert_eq!(sanitized, " hello");
 840     let sanitized = sanitize_html("<img src='http://example.com'> test");
 841     assert_eq!(sanitized, " test");
 842   }
 843 }