]> Untitled Git - lemmy.git/blobdiff - crates/api_crud/src/community/create.rs
projects / lemmy.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Sanitize html (#3708)
[lemmy.git] / crates / api_crud / src / community / create.rs
diff --git a/crates/api_crud/src/community/create.rs b/crates/api_crud/src/community/create.rs
index 8aaeb8f6aa568898da12ebe2ef80fa9674e0c747..7c84a21502bfa68067cc3a637c280fb0b6f25af6 100644 (file)
--- a/crates/api_crud/src/community/create.rs
+++ b/crates/api_crud/src/community/create.rs
@@ -2,6 +2,7 @@ use crate::PerformCrud;
 use activitypub_federation::http_signatures::generate_actor_keypair;
 use actix_web::web::Data;
 use lemmy_api_common::{
+  build_response::build_community_response,
   community::{CommunityResponse, CreateCommunity},
   context::LemmyContext,
   utils::{
@@ -9,9 +10,11 @@ use lemmy_api_common::{
     generate_inbox_url,
     generate_local_apub_endpoint,
     generate_shared_inbox_url,
-    get_local_user_view_from_jwt,
     is_admin,
     local_site_to_slur_regex,
+    local_user_view_from_jwt,
+    sanitize_html,
+    sanitize_html_opt,
     EndpointType,
   },
 };
@@ -31,50 +34,44 @@ use lemmy_db_schema::{
   utils::diesel_option_overwrite_to_url_create,
 };
 use lemmy_db_views::structs::SiteView;
-use lemmy_db_views_actor::structs::CommunityView;
 use lemmy_utils::{
-  error::LemmyError,
+  error::{LemmyError, LemmyErrorExt, LemmyErrorType},
   utils::{
     slurs::{check_slurs, check_slurs_opt},
-    validation::is_valid_actor_name,
+    validation::{is_valid_actor_name, is_valid_body_field},
   },
-  ConnectionId,
 };
 
 #[async_trait::async_trait(?Send)]
 impl PerformCrud for CreateCommunity {
   type Response = CommunityResponse;
 
-  #[tracing::instrument(skip(context, _websocket_id))]
-  async fn perform(
-    &self,
-    context: &Data<LemmyContext>,
-    _websocket_id: Option<ConnectionId>,
-  ) -> Result<CommunityResponse, LemmyError> {
+  #[tracing::instrument(skip(context))]
+  async fn perform(&self, context: &Data<LemmyContext>) -> Result<CommunityResponse, LemmyError> {
     let data: &CreateCommunity = self;
-    let local_user_view =
-      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
-    let site_view = SiteView::read_local(context.pool()).await?;
+    let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
+    let site_view = SiteView::read_local(&mut context.pool()).await?;
     let local_site = site_view.local_site;
 
     if local_site.community_creation_admin_only && is_admin(&local_user_view).is_err() {
-      return Err(LemmyError::from_message(
-        "only_admins_can_create_communities",
-      ));
+      return Err(LemmyErrorType::OnlyAdminsCanCreateCommunities)?;
     }
 
     // Check to make sure the icon and banners are urls
     let icon = diesel_option_overwrite_to_url_create(&data.icon)?;
     let banner = diesel_option_overwrite_to_url_create(&data.banner)?;
 
+    let name = sanitize_html(&data.name);
+    let title = sanitize_html(&data.title);
+    let description = sanitize_html_opt(&data.description);
+
     let slur_regex = local_site_to_slur_regex(&local_site);
-    check_slurs(&data.name, &slur_regex)?;
-    check_slurs(&data.title, &slur_regex)?;
-    check_slurs_opt(&data.description, &slur_regex)?;
+    check_slurs(&name, &slur_regex)?;
+    check_slurs(&title, &slur_regex)?;
+    check_slurs_opt(&description, &slur_regex)?;
 
-    if !is_valid_actor_name(&data.name, local_site.actor_name_max_length as usize) {
-      return Err(LemmyError::from_message("invalid_community_name"));
-    }
+    is_valid_actor_name(&data.name, local_site.actor_name_max_length as usize)?;
+    is_valid_body_field(&data.description, false)?;
 
     // Double check for duplicate community actor_ids
     let community_actor_id = generate_local_apub_endpoint(
@@ -82,18 +79,19 @@ impl PerformCrud for CreateCommunity {
       &data.name,
       &context.settings().get_protocol_and_hostname(),
     )?;
-    let community_dupe = Community::read_from_apub_id(context.pool(), &community_actor_id).await?;
+    let community_dupe =
+      Community::read_from_apub_id(&mut context.pool(), &community_actor_id).await?;
     if community_dupe.is_some() {
-      return Err(LemmyError::from_message("community_already_exists"));
+      return Err(LemmyErrorType::CommunityAlreadyExists)?;
     }
 
     // When you create a community, make sure the user becomes a moderator and a follower
     let keypair = generate_actor_keypair()?;
 
     let community_form = CommunityInsertForm::builder()
-      .name(data.name.clone())
-      .title(data.title.clone())
-      .description(data.description.clone())
+      .name(name)
+      .title(title)
+      .description(description)
       .icon(icon)
       .banner(banner)
       .nsfw(data.nsfw)
@@ -107,9 +105,9 @@ impl PerformCrud for CreateCommunity {
       .instance_id(site_view.site.instance_id)
       .build();
 
-    let inserted_community = Community::create(context.pool(), &community_form)
+    let inserted_community = Community::create(&mut context.pool(), &community_form)
       .await
-      .map_err(|e| LemmyError::from_error_message(e, "community_already_exists"))?;
+      .with_lemmy_type(LemmyErrorType::CommunityAlreadyExists)?;
 
     // The community creator becomes a moderator
     let community_moderator_form = CommunityModeratorForm {
@@ -117,9 +115,9 @@ impl PerformCrud for CreateCommunity {
       person_id: local_user_view.person.id,
     };
 
-    CommunityModerator::join(context.pool(), &community_moderator_form)
+    CommunityModerator::join(&mut context.pool(), &community_moderator_form)
       .await
-      .map_err(|e| LemmyError::from_error_message(e, "community_moderator_already_exists"))?;
+      .with_lemmy_type(LemmyErrorType::CommunityModeratorAlreadyExists)?;
 
     // Follow your own community
     let community_follower_form = CommunityFollowerForm {
@@ -128,32 +126,23 @@ impl PerformCrud for CreateCommunity {
       pending: false,
     };
 
-    CommunityFollower::follow(context.pool(), &community_follower_form)
+    CommunityFollower::follow(&mut context.pool(), &community_follower_form)
       .await
-      .map_err(|e| LemmyError::from_error_message(e, "community_follower_already_exists"))?;
+      .with_lemmy_type(LemmyErrorType::CommunityFollowerAlreadyExists)?;
 
     // Update the discussion_languages if that's provided
     let community_id = inserted_community.id;
     if let Some(languages) = data.discussion_languages.clone() {
-      let site_languages = SiteLanguage::read_local(context.pool()).await?;
+      let site_languages = SiteLanguage::read_local_raw(&mut context.pool()).await?;
       // check that community languages are a subset of site languages
       // https://stackoverflow.com/a/64227550
       let is_subset = languages.iter().all(|item| site_languages.contains(item));
       if !is_subset {
-        return Err(LemmyError::from_message("language_not_allowed"));
+        return Err(LemmyErrorType::LanguageNotAllowed)?;
       }
-      CommunityLanguage::update(context.pool(), languages, community_id).await?;
+      CommunityLanguage::update(&mut context.pool(), languages, community_id).await?;
     }
 
-    let person_id = local_user_view.person.id;
-    let community_view =
-      CommunityView::read(context.pool(), inserted_community.id, Some(person_id), None).await?;
-    let discussion_languages =
-      CommunityLanguage::read(context.pool(), inserted_community.id).await?;
-
-    Ok(CommunityResponse {
-      community_view,
-      discussion_languages,
-    })
+    build_community_response(context, local_user_view, community_id).await
   }
 }
Unnamed repository; edit this file 'description' to name the repository.