X-Git-Url: http://these/git/?a=blobdiff_plain;f=crates%2Fapi_crud%2Fsrc%2Fpost%2Fupdate.rs;h=f3be5f6af903a830a756d0e85a3c09e6d34cfb6d;hb=3471f3533cb724b2cf6953d563aadfcc9f66c1d2;hp=8f5c442fcf853a80eb515e31a75003592c971f50;hpb=38d4429ae7cef27089263cc39dc0fa9647263d6d;p=lemmy.git

diff --git a/crates/api_crud/src/post/update.rs b/crates/api_crud/src/post/update.rs
index 8f5c442f..f3be5f6a 100644
--- a/crates/api_crud/src/post/update.rs
+++ b/crates/api_crud/src/post/update.rs
@@ -1,11 +1,16 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
 use lemmy_api_common::{
+  build_response::build_post_response,
   context::LemmyContext,
   post::{EditPost, PostResponse},
   request::fetch_site_data,
-  utils::{check_community_ban, get_local_user_view_from_jwt, local_site_to_slur_regex},
-  websocket::UserOperationCrud,
+  utils::{
+    check_community_ban,
+    local_site_to_slur_regex,
+    local_user_view_from_jwt,
+    sanitize_html_opt,
+  },
 };
 use lemmy_db_schema::{
   source::{
@@ -17,35 +22,28 @@ use lemmy_db_schema::{
   utils::{diesel_option_overwrite, naive_now},
 };
 use lemmy_utils::{
-  error::LemmyError,
+  error::{LemmyError, LemmyErrorExt, LemmyErrorType},
   utils::{
     slurs::check_slurs_opt,
-    validation::{clean_url_params, is_valid_body_field, is_valid_post_title},
+    validation::{check_url_scheme, clean_url_params, is_valid_body_field, is_valid_post_title},
   },
-  ConnectionId,
 };
 
 #[async_trait::async_trait(?Send)]
 impl PerformCrud for EditPost {
   type Response = PostResponse;
 
-  #[tracing::instrument(skip(context, websocket_id))]
-  async fn perform(
-    &self,
-    context: &Data<LemmyContext>,
-    websocket_id: Option<ConnectionId>,
-  ) -> Result<PostResponse, LemmyError> {
+  #[tracing::instrument(skip(context))]
+  async fn perform(&self, context: &Data<LemmyContext>) -> Result<PostResponse, LemmyError> {
     let data: &EditPost = self;
-    let local_user_view =
-      get_local_user_view_from_jwt(&data.auth, context.pool(), context.secret()).await?;
-    let local_site = LocalSite::read(context.pool()).await?;
+    let local_user_view = local_user_view_from_jwt(&data.auth, context).await?;
+    let local_site = LocalSite::read(&mut context.pool()).await?;
 
     let data_url = data.url.as_ref();
 
     // TODO No good way to handle a clear.
     // Issue link: https://github.com/LemmyNet/lemmy/issues/2287
     let url = Some(data_url.map(clean_url_params).map(Into::into));
-    let body = diesel_option_overwrite(&data.body);
 
     let slur_regex = local_site_to_slur_regex(&local_site);
     check_slurs_opt(&data.name, &slur_regex)?;
@@ -55,41 +53,48 @@ impl PerformCrud for EditPost {
       is_valid_post_title(name)?;
     }
 
-    is_valid_body_field(&data.body)?;
+    is_valid_body_field(&data.body, true)?;
+    check_url_scheme(&data.url)?;
 
     let post_id = data.post_id;
-    let orig_post = Post::read(context.pool(), post_id).await?;
+    let orig_post = Post::read(&mut context.pool(), post_id).await?;
 
     check_community_ban(
       local_user_view.person.id,
       orig_post.community_id,
-      context.pool(),
+      &mut context.pool(),
     )
     .await?;
 
     // Verify that only the creator can edit
     if !Post::is_post_creator(local_user_view.person.id, orig_post.creator_id) {
-      return Err(LemmyError::from_message("no_post_edit_allowed"));
+      return Err(LemmyErrorType::NoPostEditAllowed)?;
     }
 
     // Fetch post links and Pictrs cached image
     let data_url = data.url.as_ref();
     let (metadata_res, thumbnail_url) =
-      fetch_site_data(context.client(), context.settings(), data_url).await;
+      fetch_site_data(context.client(), context.settings(), data_url, true).await;
     let (embed_title, embed_description, embed_video_url) = metadata_res
       .map(|u| (Some(u.title), Some(u.description), Some(u.embed_video_url)))
       .unwrap_or_default();
 
+    let name = sanitize_html_opt(&data.name);
+    let body = sanitize_html_opt(&data.body);
+    let body = diesel_option_overwrite(body);
+    let embed_title = embed_title.map(|e| sanitize_html_opt(&e));
+    let embed_description = embed_description.map(|e| sanitize_html_opt(&e));
+
     let language_id = self.language_id;
     CommunityLanguage::is_allowed_community_language(
-      context.pool(),
+      &mut context.pool(),
       language_id,
       orig_post.community_id,
     )
     .await?;
 
     let post_form = PostUpdateForm::builder()
-      .name(data.name.clone())
+      .name(name)
       .url(url)
       .body(body)
       .nsfw(data.nsfw)
@@ -102,24 +107,16 @@ impl PerformCrud for EditPost {
       .build();
 
     let post_id = data.post_id;
-    let res = Post::update(context.pool(), post_id, &post_form).await;
-    if let Err(e) = res {
-      let err_type = if e.to_string() == "value too long for type character varying(200)" {
-        "post_title_too_long"
-      } else {
-        "couldnt_update_post"
-      };
-
-      return Err(LemmyError::from_error_message(e, err_type));
-    }
-
-    context
-      .send_post_ws_message(
-        &UserOperationCrud::EditPost,
-        data.post_id,
-        websocket_id,
-        Some(local_user_view.person.id),
-      )
+    Post::update(&mut context.pool(), post_id, &post_form)
       .await
+      .with_lemmy_type(LemmyErrorType::CouldntUpdatePost)?;
+
+    build_post_response(
+      context,
+      orig_post.community_id,
+      local_user_view.person.id,
+      post_id,
+    )
+    .await
   }
 }