X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi_crud%2Fsrc%2Fcomment%2Fcreate.rs;h=4a7513a4b50f0dc2bbfe2859836652bb2c6444a5;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=103c71ce64b3e3c8b08d8f3a366a199063788966;hpb=4a7050200700073f9c328f4aa7394c1968b9d120;p=lemmy.git

diff --git a/crates/api_crud/src/comment/create.rs b/crates/api_crud/src/comment/create.rs
index 103c71ce..4a7513a4 100644
--- a/crates/api_crud/src/comment/create.rs
+++ b/crates/api_crud/src/comment/create.rs
@@ -1,6 +1,7 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
 use lemmy_api_common::{
+  build_response::{build_comment_response, send_local_notifs},
   comment::{CommentResponse, CreateComment},
   context::LemmyContext,
   utils::{
@@ -8,14 +9,15 @@ use lemmy_api_common::{
     check_community_deleted_or_removed,
     check_post_deleted_or_removed,
     generate_local_apub_endpoint,
-    get_local_user_view_from_jwt,
     get_post,
     local_site_to_slur_regex,
+    local_user_view_from_jwt,
+    sanitize_html,
     EndpointType,
   },
-  websocket::UserOperationCrud,
 };
 use lemmy_db_schema::{
+  impls::actor_language::default_post_language,
   source::{
     actor_language::CommunityLanguage,
     comment::{Comment, CommentInsertForm, CommentLike, CommentLikeForm, CommentUpdateForm},
@@ -26,53 +28,50 @@ use lemmy_db_schema::{
   traits::{Crud, Likeable},
 };
 use lemmy_utils::{
-  error::LemmyError,
+  error::{LemmyError, LemmyErrorExt, LemmyErrorType},
   utils::{
     mention::scrape_text_for_mentions,
     slurs::remove_slurs,
     validation::is_valid_body_field,
   },
-  ConnectionId,
 };
 
+const MAX_COMMENT_DEPTH_LIMIT: usize = 100;
+
 #[async_trait::async_trait(?Send)]
 impl PerformCrud for CreateComment {
   type Response = CommentResponse;
 
-  #[tracing::instrument(skip(context, websocket_id))]
-  async fn perform(
-    &self,
-    context: &Data<LemmyContext>,
-    websocket_id: Option<ConnectionId>,
-  ) -> Result<CommentResponse, LemmyError> {
+  #[tracing::instrument(skip(context))]
+  async fn perform(&self, context: &Data<LemmyContext>) -> Result<CommentResponse, LemmyError> {
     let data: &CreateComment = self;
-    let local_user_view =
-      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
-    let local_site = LocalSite::read(context.pool()).await?;
+    let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
+    let local_site = LocalSite::read(&mut context.pool()).await?;
 
-    let content_slurs_removed = remove_slurs(
+    let content = remove_slurs(
       &data.content.clone(),
       &local_site_to_slur_regex(&local_site),
     );
-    is_valid_body_field(&Some(content_slurs_removed.clone()))?;
+    is_valid_body_field(&Some(content.clone()), false)?;
+    let content = sanitize_html(&content);
 
     // Check for a community ban
     let post_id = data.post_id;
-    let post = get_post(post_id, context.pool()).await?;
+    let post = get_post(post_id, &mut context.pool()).await?;
     let community_id = post.community_id;
 
-    check_community_ban(local_user_view.person.id, community_id, context.pool()).await?;
-    check_community_deleted_or_removed(community_id, context.pool()).await?;
+    check_community_ban(local_user_view.person.id, community_id, &mut context.pool()).await?;
+    check_community_deleted_or_removed(community_id, &mut context.pool()).await?;
     check_post_deleted_or_removed(&post)?;
 
     // Check if post is locked, no new comments
     if post.locked {
-      return Err(LemmyError::from_message("locked"));
+      return Err(LemmyErrorType::Locked)?;
     }
 
     // Fetch the parent, if it exists
     let parent_opt = if let Some(parent_id) = data.parent_id {
-      Comment::read(context.pool(), parent_id).await.ok()
+      Comment::read(&mut context.pool(), parent_id).await.ok()
     } else {
       None
     };
@@ -81,36 +80,44 @@ impl PerformCrud for CreateComment {
     // Strange issue where sometimes the post ID of the parent comment is incorrect
     if let Some(parent) = parent_opt.as_ref() {
       if parent.post_id != post_id {
-        return Err(LemmyError::from_message("couldnt_create_comment"));
+        return Err(LemmyErrorType::CouldntCreateComment)?;
       }
+      check_comment_depth(parent)?;
     }
 
-    // if no language is set, copy language from parent post/comment
-    let parent_language = parent_opt
-      .as_ref()
-      .map(|p| p.language_id)
-      .unwrap_or(post.language_id);
-    let language_id = data.language_id.unwrap_or(parent_language);
-
     CommunityLanguage::is_allowed_community_language(
-      context.pool(),
-      Some(language_id),
+      &mut context.pool(),
+      data.language_id,
       community_id,
     )
     .await?;
 
+    // attempt to set default language if none was provided
+    let language_id = match data.language_id {
+      Some(lid) => Some(lid),
+      None => {
+        default_post_language(
+          &mut context.pool(),
+          community_id,
+          local_user_view.local_user.id,
+        )
+        .await?
+      }
+    };
+
     let comment_form = CommentInsertForm::builder()
-      .content(content_slurs_removed.clone())
+      .content(content.clone())
       .post_id(data.post_id)
       .creator_id(local_user_view.person.id)
-      .language_id(Some(language_id))
+      .language_id(language_id)
       .build();
 
     // Create the comment
     let parent_path = parent_opt.clone().map(|t| t.path);
-    let inserted_comment = Comment::create(context.pool(), &comment_form, parent_path.as_ref())
-      .await
-      .map_err(|e| LemmyError::from_error_message(e, "couldnt_create_comment"))?;
+    let inserted_comment =
+      Comment::create(&mut context.pool(), &comment_form, parent_path.as_ref())
+        .await
+        .with_lemmy_type(LemmyErrorType::CouldntCreateComment)?;
 
     // Necessary to update the ap_id
     let inserted_comment_id = inserted_comment.id;
@@ -122,76 +129,83 @@ impl PerformCrud for CreateComment {
       &protocol_and_hostname,
     )?;
     let updated_comment = Comment::update(
-      context.pool(),
+      &mut context.pool(),
       inserted_comment_id,
       &CommentUpdateForm::builder().ap_id(Some(apub_id)).build(),
     )
     .await
-    .map_err(|e| LemmyError::from_error_message(e, "couldnt_create_comment"))?;
+    .with_lemmy_type(LemmyErrorType::CouldntCreateComment)?;
 
     // Scan the comment for user mentions, add those rows
-    let post_id = post.id;
-    let mentions = scrape_text_for_mentions(&content_slurs_removed);
-    let recipient_ids = context
-      .send_local_notifs(
-        mentions,
-        &updated_comment,
-        &local_user_view.person,
-        &post,
-        true,
-      )
-      .await?;
+    let mentions = scrape_text_for_mentions(&content);
+    let recipient_ids = send_local_notifs(
+      mentions,
+      &updated_comment,
+      &local_user_view.person,
+      &post,
+      true,
+      context,
+    )
+    .await?;
 
     // You like your own comment by default
     let like_form = CommentLikeForm {
       comment_id: inserted_comment.id,
-      post_id,
+      post_id: post.id,
       person_id: local_user_view.person.id,
       score: 1,
     };
 
-    CommentLike::like(context.pool(), &like_form)
+    CommentLike::like(&mut context.pool(), &like_form)
       .await
-      .map_err(|e| LemmyError::from_error_message(e, "couldnt_like_comment"))?;
+      .with_lemmy_type(LemmyErrorType::CouldntLikeComment)?;
 
     // If its a reply, mark the parent as read
     if let Some(parent) = parent_opt {
       let parent_id = parent.id;
-      let comment_reply = CommentReply::read_by_comment(context.pool(), parent_id).await;
+      let comment_reply = CommentReply::read_by_comment(&mut context.pool(), parent_id).await;
       if let Ok(reply) = comment_reply {
         CommentReply::update(
-          context.pool(),
+          &mut context.pool(),
           reply.id,
           &CommentReplyUpdateForm { read: Some(true) },
         )
         .await
-        .map_err(|e| LemmyError::from_error_message(e, "couldnt_update_replies"))?;
+        .with_lemmy_type(LemmyErrorType::CouldntUpdateReplies)?;
       }
 
       // If the parent has PersonMentions mark them as read too
       let person_id = local_user_view.person.id;
       let person_mention =
-        PersonMention::read_by_comment_and_person(context.pool(), parent_id, person_id).await;
+        PersonMention::read_by_comment_and_person(&mut context.pool(), parent_id, person_id).await;
       if let Ok(mention) = person_mention {
         PersonMention::update(
-          context.pool(),
+          &mut context.pool(),
           mention.id,
           &PersonMentionUpdateForm { read: Some(true) },
         )
         .await
-        .map_err(|e| LemmyError::from_error_message(e, "couldnt_update_person_mentions"))?;
+        .with_lemmy_type(LemmyErrorType::CouldntUpdatePersonMentions)?;
       }
     }
 
-    context
-      .send_comment_ws_message(
-        &UserOperationCrud::CreateComment,
-        inserted_comment.id,
-        websocket_id,
-        data.form_id.clone(),
-        Some(local_user_view.person.id),
-        recipient_ids,
-      )
-      .await
+    build_comment_response(
+      context,
+      inserted_comment.id,
+      Some(local_user_view),
+      self.form_id.clone(),
+      recipient_ids,
+    )
+    .await
+  }
+}
+
+pub fn check_comment_depth(comment: &Comment) -> Result<(), LemmyError> {
+  let path = &comment.path.0;
+  let length = path.split('.').count();
+  if length > MAX_COMMENT_DEPTH_LIMIT {
+    Err(LemmyErrorType::MaxCommentDepthReached)?
+  } else {
+    Ok(())
   }
 }