From 857e1f1d6a4024d6ba82b676a61d3fef5b91cbfa Mon Sep 17 00:00:00 2001 From: Bat Date: Tue, 19 Jun 2018 20:16:18 +0100 Subject: [PATCH] Disallow naming an article 'new', or any already used slug Fix #64 Also fixes a lot of potential bug with articles having the same slugs, but not in the same blog --- src/models/posts.rs | 2 +- src/routes/blogs.rs | 2 +- src/routes/comments.rs | 26 ++++++++------ src/routes/likes.rs | 4 ++- src/routes/posts.rs | 79 ++++++++++++++++++++++-------------------- src/routes/reshares.rs | 4 ++- 6 files changed, 65 insertions(+), 52 deletions(-) diff --git a/src/models/posts.rs b/src/models/posts.rs index 8d12bc8f..b084dd4b 100644 --- a/src/models/posts.rs +++ b/src/models/posts.rs @@ -52,7 +52,7 @@ pub struct NewPost { impl Post { insert!(posts, NewPost); get!(posts); - find_by!(posts, find_by_slug, slug as String); + find_by!(posts, find_by_slug, slug as String, blog_id as i32); find_by!(posts, find_by_ap_url, ap_url as String); pub fn count_local(conn: &PgConnection) -> usize { diff --git a/src/routes/blogs.rs b/src/routes/blogs.rs index 28a49472..118dac80 100644 --- a/src/routes/blogs.rs +++ b/src/routes/blogs.rs @@ -75,7 +75,7 @@ fn create(conn: DbConn, data: Form, user: User) -> Redirect { author_id: user.id, is_owner: true }); - + Redirect::to(format!("/~/{}/", slug)) } } diff --git a/src/routes/comments.rs b/src/routes/comments.rs index 289dee28..923795a4 100644 --- a/src/routes/comments.rs +++ b/src/routes/comments.rs @@ -7,6 +7,7 @@ use rocket_contrib::Template; use activity_pub::{broadcast, IntoId, inbox::Notify}; use db_conn::DbConn; use models::{ + blogs::Blog, comments::*, posts::Post, users::User @@ -15,13 +16,15 @@ use models::{ use utils; use safe_string::SafeString; -#[get("/~/<_blog>//comment")] -fn new(_blog: String, slug: String, user: User, conn: DbConn) -> Template { - may_fail!(Post::find_by_slug(&*conn, slug), "Couldn't find this post", |post| { - Template::render("comments/new", json!({ - "post": post, - "account": user - })) +#[get("/~///comment")] +fn new(blog: String, slug: String, user: User, conn: DbConn) -> Template { + may_fail!(Blog::find_by_fqn(&*conn, blog), "Couldn't find this blog", |blog| { + may_fail!(Post::find_by_slug(&*conn, slug, blog.id), "Couldn't find this post", |post| { + Template::render("comments/new", json!({ + "post": post, + "account": user + })) + }) }) } @@ -40,9 +43,10 @@ struct NewCommentForm { pub content: String } -#[post("/~///comment?", data = "")] -fn create(blog: String, slug: String, query: CommentQuery, data: Form, user: User, conn: DbConn) -> Redirect { - let post = Post::find_by_slug(&*conn, slug.clone()).unwrap(); +#[post("/~///comment?", data = "")] +fn create(blog_name: String, slug: String, query: CommentQuery, data: Form, user: User, conn: DbConn) -> Redirect { + let blog = Blog::find_by_fqn(&*conn, blog_name.clone()).unwrap(); + let post = Post::find_by_slug(&*conn, slug.clone(), blog.id).unwrap(); let form = data.get(); let comment = Comment::insert(&*conn, NewComment { content: SafeString::new(&form.content.clone()), @@ -57,5 +61,5 @@ fn create(blog: String, slug: String, query: CommentQuery, data: Form//like")] fn create(blog: String, slug: String, user: User, conn: DbConn) -> Redirect { - let post = Post::find_by_slug(&*conn, slug.clone()).unwrap(); + let b = Blog::find_by_fqn(&*conn, blog.clone()).unwrap(); + let post = Post::find_by_slug(&*conn, slug.clone(), b.id).unwrap(); if !user.has_liked(&*conn, &post) { let like = likes::Like::insert(&*conn, likes::NewLike { diff --git a/src/routes/posts.rs b/src/routes/posts.rs index 4fd02666..be59f407 100644 --- a/src/routes/posts.rs +++ b/src/routes/posts.rs @@ -20,7 +20,7 @@ use safe_string::SafeString; #[get("/~//", rank = 4)] fn details(blog: String, slug: String, conn: DbConn, user: Option) -> Template { may_fail!(Blog::find_by_fqn(&*conn, blog), "Couldn't find this blog", |blog| { - may_fail!(Post::find_by_slug(&*conn, slug), "Couldn't find this post", |post| { + may_fail!(Post::find_by_slug(&*conn, slug, blog.id), "Couldn't find this post", |post| { let comments = Comment::find_by_post(&*conn, post.id); Template::render("posts/details", json!({ @@ -39,10 +39,10 @@ fn details(blog: String, slug: String, conn: DbConn, user: Option) -> Temp }) } -#[get("/~/<_blog>/", rank = 3, format = "application/activity+json")] -fn activity_details(_blog: String, slug: String, conn: DbConn) -> ActivityPub { - // FIXME: posts in different blogs may have the same slug - let post = Post::find_by_slug(&*conn, slug).unwrap(); +#[get("/~//", rank = 3, format = "application/activity+json")] +fn activity_details(blog: String, slug: String, conn: DbConn) -> ActivityPub { + let blog = Blog::find_by_fqn(&*conn, blog).unwrap(); + let post = Post::find_by_slug(&*conn, slug, blog.id).unwrap(); let mut act = post.serialize(&*conn); act["@context"] = context(); @@ -54,8 +54,9 @@ fn new_auth(blog: String) -> Flash { utils::requires_login("You need to be logged in order to write a new post", &format!("/~/{}/new",blog)) } -#[get("/~/<_blog>/new", rank = 1)] -fn new(_blog: String, user: User) -> Template { +#[get("/~//new", rank = 1)] +#[allow(unused_variables)] +fn new(blog: String, user: User) -> Template { Template::render("posts/new", json!({ "account": user })) @@ -74,37 +75,41 @@ fn create(blog_name: String, data: Form, user: User, conn: DbConn) let form = data.get(); let slug = form.title.to_string().to_kebab_case(); - let content = markdown_to_html(form.content.to_string().as_ref(), &ComrakOptions{ - smart: true, - safe: true, - ext_strikethrough: true, - ext_tagfilter: true, - ext_table: true, - ext_autolink: true, - ext_tasklist: true, - ext_superscript: true, - ext_header_ids: Some("title".to_string()), - ext_footnotes: true, - ..ComrakOptions::default() - }); + if slug == "new" || Post::find_by_slug(&*conn, slug.clone(), blog.id).is_some() { + Redirect::to(uri!(new: blog = blog_name)) + } else { + let content = markdown_to_html(form.content.to_string().as_ref(), &ComrakOptions{ + smart: true, + safe: true, + ext_strikethrough: true, + ext_tagfilter: true, + ext_table: true, + ext_autolink: true, + ext_tasklist: true, + ext_superscript: true, + ext_header_ids: Some("title".to_string()), + ext_footnotes: true, + ..ComrakOptions::default() + }); - let post = Post::insert(&*conn, NewPost { - blog_id: blog.id, - slug: slug.to_string(), - title: form.title.to_string(), - content: SafeString::new(&content), - published: true, - license: form.license.to_string(), - ap_url: "".to_string() - }); - post.update_ap_url(&*conn); - PostAuthor::insert(&*conn, NewPostAuthor { - post_id: post.id, - author_id: user.id - }); + let post = Post::insert(&*conn, NewPost { + blog_id: blog.id, + slug: slug.to_string(), + title: form.title.to_string(), + content: SafeString::new(&content), + published: true, + license: form.license.to_string(), + ap_url: "".to_string() + }); + post.update_ap_url(&*conn); + PostAuthor::insert(&*conn, NewPostAuthor { + post_id: post.id, + author_id: user.id + }); - let act = post.create_activity(&*conn); - broadcast(&*conn, &user, act, user.get_followers(&*conn)); + let act = post.create_activity(&*conn); + broadcast(&*conn, &user, act, user.get_followers(&*conn)); - Redirect::to(format!("/~/{}/{}/", blog_name, slug)) + Redirect::to(format!("/~/{}/{}/", blog_name, slug)) + } } diff --git a/src/routes/reshares.rs b/src/routes/reshares.rs index 5365af48..c243d851 100644 --- a/src/routes/reshares.rs +++ b/src/routes/reshares.rs @@ -3,6 +3,7 @@ use rocket::response::{Redirect, Flash}; use activity_pub::{broadcast, IntoId, inbox::Notify}; use db_conn::DbConn; use models::{ + blogs::Blog, posts::Post, reshares::*, users::User @@ -12,7 +13,8 @@ use utils; #[get("/~///reshare")] fn create(blog: String, slug: String, user: User, conn: DbConn) -> Redirect { - let post = Post::find_by_slug(&*conn, slug.clone()).unwrap(); + let b = Blog::find_by_fqn(&*conn, blog.clone()).unwrap(); + let post = Post::find_by_slug(&*conn, slug.clone(), b.id).unwrap(); if !user.has_reshared(&*conn, &post) { let reshare = Reshare::insert(&*conn, NewReshare {