use crate::PerformCrud;
use actix_web::web::Data;
use lemmy_api_common::{
+ build_response::{build_comment_response, send_local_notifs},
comment::{CommentResponse, CreateComment},
context::LemmyContext,
utils::{
check_community_deleted_or_removed,
check_post_deleted_or_removed,
generate_local_apub_endpoint,
- get_local_user_view_from_jwt,
get_post,
local_site_to_slur_regex,
+ local_user_view_from_jwt,
+ sanitize_html,
EndpointType,
},
- websocket::UserOperationCrud,
};
use lemmy_db_schema::{
+ impls::actor_language::default_post_language,
source::{
actor_language::CommunityLanguage,
comment::{Comment, CommentInsertForm, CommentLike, CommentLikeForm, CommentUpdateForm},
traits::{Crud, Likeable},
};
use lemmy_utils::{
- error::LemmyError,
+ error::{LemmyError, LemmyErrorExt, LemmyErrorType},
utils::{
mention::scrape_text_for_mentions,
slurs::remove_slurs,
validation::is_valid_body_field,
},
- ConnectionId,
};
+const MAX_COMMENT_DEPTH_LIMIT: usize = 100;
+
#[async_trait::async_trait(?Send)]
impl PerformCrud for CreateComment {
type Response = CommentResponse;
- #[tracing::instrument(skip(context, websocket_id))]
- async fn perform(
- &self,
- context: &Data<LemmyContext>,
- websocket_id: Option<ConnectionId>,
- ) -> Result<CommentResponse, LemmyError> {
+ #[tracing::instrument(skip(context))]
+ async fn perform(&self, context: &Data<LemmyContext>) -> Result<CommentResponse, LemmyError> {
let data: &CreateComment = self;
- let local_user_view =
- get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
- let local_site = LocalSite::read(context.pool()).await?;
+ let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
+ let local_site = LocalSite::read(&mut context.pool()).await?;
- let content_slurs_removed = remove_slurs(
+ let content = remove_slurs(
&data.content.clone(),
&local_site_to_slur_regex(&local_site),
);
- is_valid_body_field(&Some(content_slurs_removed.clone()))?;
+ is_valid_body_field(&Some(content.clone()), false)?;
+ let content = sanitize_html(&content);
// Check for a community ban
let post_id = data.post_id;
- let post = get_post(post_id, context.pool()).await?;
+ let post = get_post(post_id, &mut context.pool()).await?;
let community_id = post.community_id;
- check_community_ban(local_user_view.person.id, community_id, context.pool()).await?;
- check_community_deleted_or_removed(community_id, context.pool()).await?;
+ check_community_ban(local_user_view.person.id, community_id, &mut context.pool()).await?;
+ check_community_deleted_or_removed(community_id, &mut context.pool()).await?;
check_post_deleted_or_removed(&post)?;
// Check if post is locked, no new comments
if post.locked {
- return Err(LemmyError::from_message("locked"));
+ return Err(LemmyErrorType::Locked)?;
}
// Fetch the parent, if it exists
let parent_opt = if let Some(parent_id) = data.parent_id {
- Comment::read(context.pool(), parent_id).await.ok()
+ Comment::read(&mut context.pool(), parent_id).await.ok()
} else {
None
};
// Strange issue where sometimes the post ID of the parent comment is incorrect
if let Some(parent) = parent_opt.as_ref() {
if parent.post_id != post_id {
- return Err(LemmyError::from_message("couldnt_create_comment"));
+ return Err(LemmyErrorType::CouldntCreateComment)?;
}
+ check_comment_depth(parent)?;
}
- // if no language is set, copy language from parent post/comment
- let parent_language = parent_opt
- .as_ref()
- .map(|p| p.language_id)
- .unwrap_or(post.language_id);
- let language_id = data.language_id.unwrap_or(parent_language);
-
CommunityLanguage::is_allowed_community_language(
- context.pool(),
- Some(language_id),
+ &mut context.pool(),
+ data.language_id,
community_id,
)
.await?;
+ // attempt to set default language if none was provided
+ let language_id = match data.language_id {
+ Some(lid) => Some(lid),
+ None => {
+ default_post_language(
+ &mut context.pool(),
+ community_id,
+ local_user_view.local_user.id,
+ )
+ .await?
+ }
+ };
+
let comment_form = CommentInsertForm::builder()
- .content(content_slurs_removed.clone())
+ .content(content.clone())
.post_id(data.post_id)
.creator_id(local_user_view.person.id)
- .language_id(Some(language_id))
+ .language_id(language_id)
.build();
// Create the comment
- let comment_form2 = comment_form.clone();
let parent_path = parent_opt.clone().map(|t| t.path);
- let inserted_comment = Comment::create(context.pool(), &comment_form2, parent_path.as_ref())
- .await
- .map_err(|e| LemmyError::from_error_message(e, "couldnt_create_comment"))?;
+ let inserted_comment =
+ Comment::create(&mut context.pool(), &comment_form, parent_path.as_ref())
+ .await
+ .with_lemmy_type(LemmyErrorType::CouldntCreateComment)?;
// Necessary to update the ap_id
let inserted_comment_id = inserted_comment.id;
&protocol_and_hostname,
)?;
let updated_comment = Comment::update(
- context.pool(),
+ &mut context.pool(),
inserted_comment_id,
&CommentUpdateForm::builder().ap_id(Some(apub_id)).build(),
)
.await
- .map_err(|e| LemmyError::from_error_message(e, "couldnt_create_comment"))?;
+ .with_lemmy_type(LemmyErrorType::CouldntCreateComment)?;
// Scan the comment for user mentions, add those rows
- let post_id = post.id;
- let mentions = scrape_text_for_mentions(&content_slurs_removed);
- let recipient_ids = context
- .send_local_notifs(
- mentions,
- &updated_comment,
- &local_user_view.person,
- &post,
- true,
- )
- .await?;
+ let mentions = scrape_text_for_mentions(&content);
+ let recipient_ids = send_local_notifs(
+ mentions,
+ &updated_comment,
+ &local_user_view.person,
+ &post,
+ true,
+ context,
+ )
+ .await?;
// You like your own comment by default
let like_form = CommentLikeForm {
comment_id: inserted_comment.id,
- post_id,
+ post_id: post.id,
person_id: local_user_view.person.id,
score: 1,
};
- CommentLike::like(context.pool(), &like_form)
+ CommentLike::like(&mut context.pool(), &like_form)
.await
- .map_err(|e| LemmyError::from_error_message(e, "couldnt_like_comment"))?;
+ .with_lemmy_type(LemmyErrorType::CouldntLikeComment)?;
// If its a reply, mark the parent as read
if let Some(parent) = parent_opt {
let parent_id = parent.id;
- let comment_reply = CommentReply::read_by_comment(context.pool(), parent_id).await;
+ let comment_reply = CommentReply::read_by_comment(&mut context.pool(), parent_id).await;
if let Ok(reply) = comment_reply {
CommentReply::update(
- context.pool(),
+ &mut context.pool(),
reply.id,
&CommentReplyUpdateForm { read: Some(true) },
)
.await
- .map_err(|e| LemmyError::from_error_message(e, "couldnt_update_replies"))?;
+ .with_lemmy_type(LemmyErrorType::CouldntUpdateReplies)?;
}
// If the parent has PersonMentions mark them as read too
let person_id = local_user_view.person.id;
let person_mention =
- PersonMention::read_by_comment_and_person(context.pool(), parent_id, person_id).await;
+ PersonMention::read_by_comment_and_person(&mut context.pool(), parent_id, person_id).await;
if let Ok(mention) = person_mention {
PersonMention::update(
- context.pool(),
+ &mut context.pool(),
mention.id,
&PersonMentionUpdateForm { read: Some(true) },
)
.await
- .map_err(|e| LemmyError::from_error_message(e, "couldnt_update_person_mentions"))?;
+ .with_lemmy_type(LemmyErrorType::CouldntUpdatePersonMentions)?;
}
}
- context
- .send_comment_ws_message(
- &UserOperationCrud::CreateComment,
- inserted_comment.id,
- websocket_id,
- data.form_id.clone(),
- Some(local_user_view.person.id),
- recipient_ids,
- )
- .await
+ build_comment_response(
+ context,
+ inserted_comment.id,
+ Some(local_user_view),
+ self.form_id.clone(),
+ recipient_ids,
+ )
+ .await
+ }
+}
+
+pub fn check_comment_depth(comment: &Comment) -> Result<(), LemmyError> {
+ let path = &comment.path.0;
+ let length = path.split('.').count();
+ if length > MAX_COMMENT_DEPTH_LIMIT {
+ Err(LemmyErrorType::MaxCommentDepthReached)?
+ } else {
+ Ok(())
}
}
projects / lemmy.git / blobdiff