mirror of
https://git.joinplu.me/Plume/Plume.git
synced 2024-11-26 05:21:00 +00:00
Verify remote user name and media url
This commit is contained in:
parent
449641d158
commit
ed71d24fe9
2 changed files with 33 additions and 22 deletions
|
@ -131,19 +131,23 @@ impl Media {
|
|||
.expect("Media::delete: database entry deletion error");
|
||||
}
|
||||
|
||||
pub fn save_remote(conn: &Connection, url: String, user: &User) -> Media {
|
||||
Media::insert(
|
||||
conn,
|
||||
NewMedia {
|
||||
file_path: String::new(),
|
||||
alt_text: String::new(),
|
||||
is_remote: true,
|
||||
remote_url: Some(url),
|
||||
sensitive: false,
|
||||
content_warning: None,
|
||||
owner_id: user.id,
|
||||
},
|
||||
)
|
||||
pub fn save_remote(conn: &Connection, url: String, user: &User) -> Result<Media, ()> {
|
||||
if url.contains(&['<', '>', '"'][..]) {
|
||||
Err(())
|
||||
} else {
|
||||
Ok(Media::insert(
|
||||
conn,
|
||||
NewMedia {
|
||||
file_path: String::new(),
|
||||
alt_text: String::new(),
|
||||
is_remote: true,
|
||||
remote_url: Some(url),
|
||||
sensitive: false,
|
||||
content_warning: None,
|
||||
owner_id: user.id,
|
||||
},
|
||||
))
|
||||
}
|
||||
}
|
||||
|
||||
pub fn set_owner(&self, conn: &Connection, user: &User) {
|
||||
|
@ -177,7 +181,7 @@ impl Media {
|
|||
NewMedia {
|
||||
file_path: path.to_str()?.to_string(),
|
||||
alt_text: image.object_props.content_string().ok()?,
|
||||
is_remote: true,
|
||||
is_remote: false,
|
||||
remote_url: None,
|
||||
sensitive: image.object_props.summary_string().is_ok(),
|
||||
content_warning: image.object_props.summary_string().ok(),
|
||||
|
|
|
@ -267,7 +267,7 @@ impl User {
|
|||
}
|
||||
|
||||
pub fn fetch_from_url(conn: &Connection, url: &str) -> Option<User> {
|
||||
User::fetch(url).map(|json| {
|
||||
User::fetch(url).and_then(|json| {
|
||||
(User::from_activity(
|
||||
conn,
|
||||
&json,
|
||||
|
@ -275,11 +275,11 @@ impl User {
|
|||
.expect("User::fetch_from_url: url error")
|
||||
.host_str()
|
||||
.expect("User::fetch_from_url: host error"),
|
||||
))
|
||||
).ok())
|
||||
})
|
||||
}
|
||||
|
||||
fn from_activity(conn: &Connection, acct: &CustomPerson, inst: &str) -> User {
|
||||
fn from_activity(conn: &Connection, acct: &CustomPerson, inst: &str) -> Result<User, ()> {
|
||||
let instance = match Instance::find_by_domain(conn, inst) {
|
||||
Some(instance) => instance,
|
||||
None => {
|
||||
|
@ -301,6 +301,11 @@ impl User {
|
|||
}
|
||||
};
|
||||
|
||||
if acct.object.ap_actor_props.preferred_username_string()
|
||||
.expect("User::from_activity: preferredUsername error")
|
||||
.contains(&['<', '>', '&', '@', '\'', '"'][..]) {
|
||||
return Err(());
|
||||
}
|
||||
let user = User::insert(
|
||||
conn,
|
||||
NewUser {
|
||||
|
@ -308,7 +313,7 @@ impl User {
|
|||
.object
|
||||
.ap_actor_props
|
||||
.preferred_username_string()
|
||||
.expect("User::from_activity: preferredUsername error"),
|
||||
.unwrap(),
|
||||
display_name: acct
|
||||
.object
|
||||
.object_props
|
||||
|
@ -374,9 +379,11 @@ impl User {
|
|||
&user,
|
||||
);
|
||||
|
||||
user.set_avatar(conn, avatar.id);
|
||||
if let Ok(avatar) = avatar {
|
||||
user.set_avatar(conn, avatar.id);
|
||||
}
|
||||
|
||||
user
|
||||
Ok(user)
|
||||
}
|
||||
|
||||
pub fn refetch(&self, conn: &Connection) {
|
||||
|
@ -391,7 +398,7 @@ impl User {
|
|||
.url_string()
|
||||
.expect("User::refetch: icon.url error"),
|
||||
&self,
|
||||
);
|
||||
).ok();
|
||||
|
||||
diesel::update(self)
|
||||
.set((
|
||||
|
@ -427,7 +434,7 @@ impl User {
|
|||
.ap_actor_props
|
||||
.followers_string()
|
||||
.expect("User::refetch: followers error")),
|
||||
users::avatar_id.eq(Some(avatar.id)),
|
||||
users::avatar_id.eq(avatar.map(|a| a.id)),
|
||||
users::last_fetched_date.eq(Utc::now().naive_utc()),
|
||||
))
|
||||
.execute(conn)
|
||||
|
|
Loading…
Reference in a new issue