Add emoji count check to profile data validator
This commit is contained in:
silverpill
parent
ad3ea0e7ca
commit
8533a892bf
GPG key ID:
3C86DBCE8E93C947
8 changed files with 34 additions and 22 deletions
|
|
@ -6,6 +6,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
|
|
||||||
## [Unreleased]
|
## [Unreleased]
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
|
||||||
|
- Added emoji count check to profile data validator.
|
||||||
|
|
||||||
## [1.20.0] - 2023-03-07
|
## [1.20.0] - 2023-03-07
|
||||||
|
|
||||||
### Added
|
### Added
|
||||||
|
|
|
||||||
|
|
@ -24,7 +24,7 @@ use crate::activitypub::{
|
||||||
};
|
};
|
||||||
use crate::media::MediaStorage;
|
use crate::media::MediaStorage;
|
||||||
use crate::validators::{
|
use crate::validators::{
|
||||||
posts::EMOJIS_MAX_NUM,
|
posts::EMOJI_LIMIT,
|
||||||
profiles::{clean_profile_create_data, clean_profile_update_data},
|
profiles::{clean_profile_create_data, clean_profile_update_data},
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -123,7 +123,7 @@ async fn parse_tags(
|
||||||
for tag_value in actor.tag.clone() {
|
for tag_value in actor.tag.clone() {
|
||||||
let tag_type = tag_value["type"].as_str().unwrap_or(HASHTAG);
|
let tag_type = tag_value["type"].as_str().unwrap_or(HASHTAG);
|
||||||
if tag_type == EMOJI {
|
if tag_type == EMOJI {
|
||||||
if emojis.len() >= EMOJIS_MAX_NUM {
|
if emojis.len() >= EMOJI_LIMIT {
|
||||||
log::warn!("too many emojis");
|
log::warn!("too many emojis");
|
||||||
continue;
|
continue;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -50,11 +50,11 @@ use crate::validators::{
|
||||||
},
|
},
|
||||||
posts::{
|
posts::{
|
||||||
content_allowed_classes,
|
content_allowed_classes,
|
||||||
ATTACHMENTS_MAX_NUM,
|
ATTACHMENT_LIMIT,
|
||||||
CONTENT_MAX_SIZE,
|
CONTENT_MAX_SIZE,
|
||||||
EMOJIS_MAX_NUM,
|
EMOJI_LIMIT,
|
||||||
LINKS_MAX_NUM,
|
LINK_LIMIT,
|
||||||
MENTIONS_MAX_NUM,
|
MENTION_LIMIT,
|
||||||
OBJECT_ID_SIZE_MAX,
|
OBJECT_ID_SIZE_MAX,
|
||||||
},
|
},
|
||||||
tags::validate_hashtag,
|
tags::validate_hashtag,
|
||||||
|
|
@ -183,7 +183,7 @@ pub async fn get_object_attachments(
|
||||||
log::info!("downloaded attachment {}", attachment_url);
|
log::info!("downloaded attachment {}", attachment_url);
|
||||||
downloaded.push((file_name, file_size, maybe_media_type));
|
downloaded.push((file_name, file_size, maybe_media_type));
|
||||||
// Stop downloading if limit is reached
|
// Stop downloading if limit is reached
|
||||||
if downloaded.len() >= ATTACHMENTS_MAX_NUM {
|
if downloaded.len() >= ATTACHMENT_LIMIT {
|
||||||
log::warn!("too many attachments");
|
log::warn!("too many attachments");
|
||||||
break;
|
break;
|
||||||
};
|
};
|
||||||
|
|
@ -363,7 +363,7 @@ pub async fn get_object_tags(
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
} else if tag_type == MENTION {
|
} else if tag_type == MENTION {
|
||||||
if mentions.len() >= MENTIONS_MAX_NUM {
|
if mentions.len() >= MENTION_LIMIT {
|
||||||
log::warn!("too many mentions");
|
log::warn!("too many mentions");
|
||||||
continue;
|
continue;
|
||||||
};
|
};
|
||||||
|
|
@ -444,7 +444,7 @@ pub async fn get_object_tags(
|
||||||
log::warn!("failed to parse mention {}", tag_name);
|
log::warn!("failed to parse mention {}", tag_name);
|
||||||
};
|
};
|
||||||
} else if tag_type == LINK {
|
} else if tag_type == LINK {
|
||||||
if links.len() >= LINKS_MAX_NUM {
|
if links.len() >= LINK_LIMIT {
|
||||||
log::warn!("too many links");
|
log::warn!("too many links");
|
||||||
continue;
|
continue;
|
||||||
};
|
};
|
||||||
|
|
@ -471,7 +471,7 @@ pub async fn get_object_tags(
|
||||||
links.push(linked.id);
|
links.push(linked.id);
|
||||||
};
|
};
|
||||||
} else if tag_type == EMOJI {
|
} else if tag_type == EMOJI {
|
||||||
if emojis.len() >= EMOJIS_MAX_NUM {
|
if emojis.len() >= EMOJI_LIMIT {
|
||||||
log::warn!("too many emojis");
|
log::warn!("too many emojis");
|
||||||
continue;
|
continue;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,7 @@ use mitra_utils::markdown::markdown_to_html;
|
||||||
|
|
||||||
use crate::mastodon_api::MASTODON_API_VERSION;
|
use crate::mastodon_api::MASTODON_API_VERSION;
|
||||||
use crate::media::SUPPORTED_MEDIA_TYPES;
|
use crate::media::SUPPORTED_MEDIA_TYPES;
|
||||||
use crate::validators::posts::ATTACHMENTS_MAX_NUM;
|
use crate::validators::posts::ATTACHMENT_LIMIT;
|
||||||
|
|
||||||
#[derive(Serialize)]
|
#[derive(Serialize)]
|
||||||
struct InstanceStats {
|
struct InstanceStats {
|
||||||
|
|
@ -93,7 +93,7 @@ impl InstanceInfo {
|
||||||
configuration: InstanceConfiguration {
|
configuration: InstanceConfiguration {
|
||||||
statuses: InstanceStatusLimits {
|
statuses: InstanceStatusLimits {
|
||||||
max_characters: config.limits.posts.character_limit,
|
max_characters: config.limits.posts.character_limit,
|
||||||
max_media_attachments: ATTACHMENTS_MAX_NUM,
|
max_media_attachments: ATTACHMENT_LIMIT,
|
||||||
},
|
},
|
||||||
media_attachments: InstanceMediaLimits {
|
media_attachments: InstanceMediaLimits {
|
||||||
supported_mime_types: SUPPORTED_MEDIA_TYPES.iter()
|
supported_mime_types: SUPPORTED_MEDIA_TYPES.iter()
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,7 @@ use mitra_models::{
|
||||||
};
|
};
|
||||||
|
|
||||||
use crate::activitypub::fetcher::helpers::get_post_by_object_id;
|
use crate::activitypub::fetcher::helpers::get_post_by_object_id;
|
||||||
use crate::validators::posts::LINKS_MAX_NUM;
|
use crate::validators::posts::LINK_LIMIT;
|
||||||
|
|
||||||
// MediaWiki-like syntax: [[url|text]]
|
// MediaWiki-like syntax: [[url|text]]
|
||||||
const OBJECT_LINK_SEARCH_RE: &str = r"(?m)\[\[(?P<url>[^\s\|]+)(\|(?P<text>.+?))?\]\]";
|
const OBJECT_LINK_SEARCH_RE: &str = r"(?m)\[\[(?P<url>[^\s\|]+)(\|(?P<text>.+?))?\]\]";
|
||||||
|
|
@ -49,7 +49,7 @@ pub async fn find_linked_posts(
|
||||||
let mut link_map: HashMap<String, Post> = HashMap::new();
|
let mut link_map: HashMap<String, Post> = HashMap::new();
|
||||||
let mut counter = 0;
|
let mut counter = 0;
|
||||||
for url in links {
|
for url in links {
|
||||||
if counter > LINKS_MAX_NUM {
|
if counter > LINK_LIMIT {
|
||||||
// Limit the number of queries
|
// Limit the number of queries
|
||||||
break;
|
break;
|
||||||
// TODO: single database query
|
// TODO: single database query
|
||||||
|
|
|
||||||
|
|
@ -57,8 +57,8 @@ use crate::mastodon_api::{
|
||||||
use crate::media::remove_media;
|
use crate::media::remove_media;
|
||||||
use crate::validators::posts::{
|
use crate::validators::posts::{
|
||||||
clean_content,
|
clean_content,
|
||||||
ATTACHMENTS_MAX_NUM,
|
ATTACHMENT_LIMIT,
|
||||||
EMOJIS_MAX_NUM,
|
EMOJI_LIMIT,
|
||||||
};
|
};
|
||||||
use super::helpers::{
|
use super::helpers::{
|
||||||
build_status,
|
build_status,
|
||||||
|
|
@ -137,7 +137,7 @@ async fn create_status(
|
||||||
|
|
||||||
// Emoji validation
|
// Emoji validation
|
||||||
let emojis: Vec<_> = emojis.iter().map(|emoji| emoji.id).collect();
|
let emojis: Vec<_> = emojis.iter().map(|emoji| emoji.id).collect();
|
||||||
if emojis.len() > EMOJIS_MAX_NUM {
|
if emojis.len() > EMOJI_LIMIT {
|
||||||
return Err(ValidationError("too many emojis").into());
|
return Err(ValidationError("too many emojis").into());
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -171,7 +171,7 @@ async fn create_status(
|
||||||
};
|
};
|
||||||
// Validate attachments
|
// Validate attachments
|
||||||
let attachments = status_data.media_ids.unwrap_or(vec![]);
|
let attachments = status_data.media_ids.unwrap_or(vec![]);
|
||||||
if attachments.len() > ATTACHMENTS_MAX_NUM {
|
if attachments.len() > ATTACHMENT_LIMIT {
|
||||||
return Err(ValidationError("too many attachments").into());
|
return Err(ValidationError("too many attachments").into());
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,10 +2,10 @@ use mitra_utils::html::clean_html_strict;
|
||||||
|
|
||||||
use crate::errors::ValidationError;
|
use crate::errors::ValidationError;
|
||||||
|
|
||||||
pub const ATTACHMENTS_MAX_NUM: usize = 15;
|
pub const ATTACHMENT_LIMIT: usize = 15;
|
||||||
pub const MENTIONS_MAX_NUM: usize = 50;
|
pub const MENTION_LIMIT: usize = 50;
|
||||||
pub const LINKS_MAX_NUM: usize = 10;
|
pub const LINK_LIMIT: usize = 10;
|
||||||
pub const EMOJIS_MAX_NUM: usize = 50;
|
pub const EMOJI_LIMIT: usize = 50;
|
||||||
|
|
||||||
pub const OBJECT_ID_SIZE_MAX: usize = 2000;
|
pub const OBJECT_ID_SIZE_MAX: usize = 2000;
|
||||||
pub const CONTENT_MAX_SIZE: usize = 100000;
|
pub const CONTENT_MAX_SIZE: usize = 100000;
|
||||||
|
|
|
||||||
|
|
@ -9,6 +9,8 @@ use mitra_utils::html::{clean_html, clean_html_strict};
|
||||||
|
|
||||||
use crate::errors::ValidationError;
|
use crate::errors::ValidationError;
|
||||||
|
|
||||||
|
use super::posts::EMOJI_LIMIT;
|
||||||
|
|
||||||
const USERNAME_RE: &str = r"^[a-zA-Z0-9_\.-]+$";
|
const USERNAME_RE: &str = r"^[a-zA-Z0-9_\.-]+$";
|
||||||
const DISPLAY_NAME_MAX_LENGTH: usize = 200;
|
const DISPLAY_NAME_MAX_LENGTH: usize = 200;
|
||||||
const BIO_MAX_LENGTH: usize = 10000;
|
const BIO_MAX_LENGTH: usize = 10000;
|
||||||
|
|
@ -106,6 +108,9 @@ pub fn clean_profile_create_data(
|
||||||
&profile_data.extra_fields,
|
&profile_data.extra_fields,
|
||||||
is_remote,
|
is_remote,
|
||||||
)?;
|
)?;
|
||||||
|
if profile_data.emojis.len() > EMOJI_LIMIT {
|
||||||
|
return Err(ValidationError("too many emojis"));
|
||||||
|
};
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -124,6 +129,9 @@ pub fn clean_profile_update_data(
|
||||||
&profile_data.extra_fields,
|
&profile_data.extra_fields,
|
||||||
is_remote,
|
is_remote,
|
||||||
)?;
|
)?;
|
||||||
|
if profile_data.emojis.len() > EMOJI_LIMIT {
|
||||||
|
return Err(ValidationError("too many emojis"));
|
||||||
|
};
|
||||||
Ok(())
|
Ok(())
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue