X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi_common%2Fsrc%2Futils.rs;h=8ccb7d3fed5dc482d00b73af1a8283dad9ad47dd;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=793cc70c3fb9dc1d901ab2b8782c26cfb809b924;hpb=93225e5ddfd48e613afe51984243112a1bedfcc2;p=lemmy.git diff --git a/crates/api_common/src/utils.rs b/crates/api_common/src/utils.rs index 793cc70c..8ccb7d3f 100644 --- a/crates/api_common/src/utils.rs +++ b/crates/api_common/src/utils.rs @@ -6,7 +6,6 @@ use crate::{ }; use anyhow::Context; use chrono::NaiveDateTime; -use futures::try_join; use lemmy_db_schema::{ impls::person::is_banned, newtypes::{CommunityId, DbUrl, LocalUserId, PersonId, PostId}, @@ -50,7 +49,7 @@ use url::{ParseError, Url}; #[tracing::instrument(skip_all)] pub async fn is_mod_or_admin( - pool: &DbPool, + pool: &mut DbPool<'_>, person_id: PersonId, community_id: CommunityId, ) -> Result<(), LemmyError> { @@ -63,7 +62,7 @@ pub async fn is_mod_or_admin( #[tracing::instrument(skip_all)] pub async fn is_mod_or_admin_opt( - pool: &DbPool, + pool: &mut DbPool<'_>, local_user_view: Option<&LocalUserView>, community_id: Option, ) -> Result<(), LemmyError> { @@ -101,7 +100,7 @@ pub fn is_top_mod( } #[tracing::instrument(skip_all)] -pub async fn get_post(post_id: PostId, pool: &DbPool) -> Result { +pub async fn get_post(post_id: PostId, pool: &mut DbPool<'_>) -> Result { Post::read(pool, post_id) .await .with_lemmy_type(LemmyErrorType::CouldntFindPost) @@ -111,7 +110,7 @@ pub async fn get_post(post_id: PostId, pool: &DbPool) -> Result, ) -> Result { let post_read_form = PostReadForm { post_id, person_id }; @@ -124,7 +123,7 @@ pub async fn mark_post_as_read( pub async fn mark_post_as_unread( person_id: PersonId, post_id: PostId, - pool: &DbPool, + pool: &mut DbPool<'_>, ) -> Result { let post_read_form = PostReadForm { post_id, person_id }; @@ -142,7 +141,7 @@ pub async fn local_user_view_from_jwt( .with_lemmy_type(LemmyErrorType::NotLoggedIn)? .claims; let local_user_id = LocalUserId(claims.sub); - let local_user_view = LocalUserView::read(context.pool(), local_user_id).await?; + let local_user_view = LocalUserView::read(&mut context.pool(), local_user_id).await?; check_user_valid( local_user_view.person.banned, local_user_view.person.ban_expires, @@ -197,7 +196,7 @@ pub fn check_user_valid( pub async fn check_community_ban( person_id: PersonId, community_id: CommunityId, - pool: &DbPool, + pool: &mut DbPool<'_>, ) -> Result<(), LemmyError> { let is_banned = CommunityPersonBanView::get(pool, person_id, community_id) .await @@ -212,7 +211,7 @@ pub async fn check_community_ban( #[tracing::instrument(skip_all)] pub async fn check_community_deleted_or_removed( community_id: CommunityId, - pool: &DbPool, + pool: &mut DbPool<'_>, ) -> Result<(), LemmyError> { let community = Community::read(pool, community_id) .await @@ -236,7 +235,7 @@ pub fn check_post_deleted_or_removed(post: &Post) -> Result<(), LemmyError> { pub async fn check_person_block( my_id: PersonId, potential_blocker_id: PersonId, - pool: &DbPool, + pool: &mut DbPool<'_>, ) -> Result<(), LemmyError> { let is_blocked = PersonBlock::read(pool, potential_blocker_id, my_id) .await @@ -270,15 +269,15 @@ pub fn check_private_instance( #[tracing::instrument(skip_all)] pub async fn build_federated_instances( local_site: &LocalSite, - pool: &DbPool, + pool: &mut DbPool<'_>, ) -> Result, LemmyError> { if local_site.federation_enabled { // TODO I hate that this requires 3 queries - let (linked, allowed, blocked) = try_join!( - Instance::linked(pool), - Instance::allowlist(pool), - Instance::blocklist(pool) - )?; + let (linked, allowed, blocked) = lemmy_db_schema::try_join_with_pool!(pool => ( + Instance::linked, + Instance::allowlist, + Instance::blocklist + ))?; Ok(Some(FederatedInstances { linked, @@ -336,7 +335,7 @@ pub async fn send_email_to_user( pub async fn send_password_reset_email( user: &LocalUserView, - pool: &DbPool, + pool: &mut DbPool<'_>, settings: &Settings, ) -> Result<(), LemmyError> { // Generate a random token @@ -360,7 +359,7 @@ pub async fn send_password_reset_email( pub async fn send_verification_email( user: &LocalUserView, new_email: &str, - pool: &DbPool, + pool: &mut DbPool<'_>, settings: &Settings, ) -> Result<(), LemmyError> { let form = EmailVerificationForm { @@ -451,7 +450,7 @@ pub async fn send_application_approved_email( /// Send a new applicant email notification to all admins pub async fn send_new_applicant_email_to_admins( applicant_username: &str, - pool: &DbPool, + pool: &mut DbPool<'_>, settings: &Settings, ) -> Result<(), LemmyError> { // Collect the admins with emails @@ -476,7 +475,7 @@ pub async fn send_new_applicant_email_to_admins( pub async fn send_new_report_email_to_admins( reporter_username: &str, reported_username: &str, - pool: &DbPool, + pool: &mut DbPool<'_>, settings: &Settings, ) -> Result<(), LemmyError> { // Collect the admins with emails @@ -497,7 +496,7 @@ pub async fn send_new_report_email_to_admins( pub async fn check_registration_application( local_user_view: &LocalUserView, local_site: &LocalSite, - pool: &DbPool, + pool: &mut DbPool<'_>, ) -> Result<(), LemmyError> { if (local_site.registration_mode == RegistrationMode::RequireApplication || local_site.registration_mode == RegistrationMode::Closed) @@ -531,7 +530,7 @@ pub fn check_private_instance_and_federation_enabled( pub async fn purge_image_posts_for_person( banned_person_id: PersonId, - pool: &DbPool, + pool: &mut DbPool<'_>, settings: &Settings, client: &ClientWithMiddleware, ) -> Result<(), LemmyError> { @@ -554,7 +553,7 @@ pub async fn purge_image_posts_for_person( pub async fn purge_image_posts_for_community( banned_community_id: CommunityId, - pool: &DbPool, + pool: &mut DbPool<'_>, settings: &Settings, client: &ClientWithMiddleware, ) -> Result<(), LemmyError> { @@ -577,7 +576,7 @@ pub async fn purge_image_posts_for_community( pub async fn remove_user_data( banned_person_id: PersonId, - pool: &DbPool, + pool: &mut DbPool<'_>, settings: &Settings, client: &ClientWithMiddleware, ) -> Result<(), LemmyError> { @@ -661,20 +660,20 @@ pub async fn remove_user_data( pub async fn remove_user_data_in_community( community_id: CommunityId, banned_person_id: PersonId, - pool: &DbPool, + pool: &mut DbPool<'_>, ) -> Result<(), LemmyError> { // Posts Post::update_removed_for_creator(pool, banned_person_id, Some(community_id), true).await?; // Comments // TODO Diesel doesn't allow updates with joins, so this has to be a loop - let comments = CommentQuery::builder() - .pool(pool) - .creator_id(Some(banned_person_id)) - .community_id(Some(community_id)) - .build() - .list() - .await?; + let comments = CommentQuery { + creator_id: Some(banned_person_id), + community_id: Some(community_id), + ..Default::default() + } + .list(pool) + .await?; for comment_view in &comments { let comment_id = comment_view.comment.id; @@ -691,7 +690,7 @@ pub async fn remove_user_data_in_community( pub async fn delete_user_account( person_id: PersonId, - pool: &DbPool, + pool: &mut DbPool<'_>, settings: &Settings, client: &ClientWithMiddleware, ) -> Result<(), LemmyError> { @@ -730,28 +729,6 @@ pub async fn delete_user_account( Ok(()) } -#[cfg(test)] -mod tests { - use crate::utils::{honeypot_check, password_length_check}; - - #[test] - #[rustfmt::skip] - fn password_length() { - assert!(password_length_check("Õ¼¾°3yË,o¸ãtÌÈú|ÇÁÙAøüÒI©·¤(T]/ð>æºWæ[C¤bªWöaÃÎñ·{=û³&§½K/c").is_ok()); - assert!(password_length_check("1234567890").is_ok()); - assert!(password_length_check("short").is_err()); - assert!(password_length_check("looooooooooooooooooooooooooooooooooooooooooooooooooooooooooong").is_err()); - } - - #[test] - fn honeypot() { - assert!(honeypot_check(&None).is_ok()); - assert!(honeypot_check(&Some(String::new())).is_ok()); - assert!(honeypot_check(&Some("1".to_string())).is_err()); - assert!(honeypot_check(&Some("message".to_string())).is_err()); - } -} - pub enum EndpointType { Community, Person, @@ -817,3 +794,49 @@ pub fn generate_featured_url(actor_id: &DbUrl) -> Result { pub fn generate_moderators_url(community_id: &DbUrl) -> Result { Ok(Url::parse(&format!("{community_id}/moderators"))?.into()) } + +/// Sanitize HTML with default options. Additionally, dont allow bypassing markdown +/// links and images +pub fn sanitize_html(data: &str) -> String { + ammonia::Builder::default() + .rm_tags(&["a", "img"]) + .clean(data) + .to_string() +} + +pub fn sanitize_html_opt(data: &Option) -> Option { + data.as_ref().map(|d| sanitize_html(d)) +} + +#[cfg(test)] +mod tests { + #![allow(clippy::unwrap_used)] + #![allow(clippy::indexing_slicing)] + + use crate::utils::{honeypot_check, password_length_check, sanitize_html}; + + #[test] + #[rustfmt::skip] + fn password_length() { + assert!(password_length_check("Õ¼¾°3yË,o¸ãtÌÈú|ÇÁÙAøüÒI©·¤(T]/ð>æºWæ[C¤bªWöaÃÎñ·{=û³&§½K/c").is_ok()); + assert!(password_length_check("1234567890").is_ok()); + assert!(password_length_check("short").is_err()); + assert!(password_length_check("looooooooooooooooooooooooooooooooooooooooooooooooooooooooooong").is_err()); + } + + #[test] + fn honeypot() { + assert!(honeypot_check(&None).is_ok()); + assert!(honeypot_check(&Some(String::new())).is_ok()); + assert!(honeypot_check(&Some("1".to_string())).is_err()); + assert!(honeypot_check(&Some("message".to_string())).is_err()); + } + + #[test] + fn test_sanitize_html() { + let sanitized = sanitize_html(" hello"); + assert_eq!(sanitized, " hello"); + let sanitized = sanitize_html(" test"); + assert_eq!(sanitized, " test"); + } +}