mirror of
https://git.joinplu.me/Plume/Plume.git
synced 2024-11-29 15:01:10 +00:00
Verify remote user name and media url
This commit is contained in:
parent
449641d158
commit
ed71d24fe9
2 changed files with 33 additions and 22 deletions
|
@ -131,19 +131,23 @@ impl Media {
|
||||||
.expect("Media::delete: database entry deletion error");
|
.expect("Media::delete: database entry deletion error");
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn save_remote(conn: &Connection, url: String, user: &User) -> Media {
|
pub fn save_remote(conn: &Connection, url: String, user: &User) -> Result<Media, ()> {
|
||||||
Media::insert(
|
if url.contains(&['<', '>', '"'][..]) {
|
||||||
conn,
|
Err(())
|
||||||
NewMedia {
|
} else {
|
||||||
file_path: String::new(),
|
Ok(Media::insert(
|
||||||
alt_text: String::new(),
|
conn,
|
||||||
is_remote: true,
|
NewMedia {
|
||||||
remote_url: Some(url),
|
file_path: String::new(),
|
||||||
sensitive: false,
|
alt_text: String::new(),
|
||||||
content_warning: None,
|
is_remote: true,
|
||||||
owner_id: user.id,
|
remote_url: Some(url),
|
||||||
},
|
sensitive: false,
|
||||||
)
|
content_warning: None,
|
||||||
|
owner_id: user.id,
|
||||||
|
},
|
||||||
|
))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn set_owner(&self, conn: &Connection, user: &User) {
|
pub fn set_owner(&self, conn: &Connection, user: &User) {
|
||||||
|
@ -177,7 +181,7 @@ impl Media {
|
||||||
NewMedia {
|
NewMedia {
|
||||||
file_path: path.to_str()?.to_string(),
|
file_path: path.to_str()?.to_string(),
|
||||||
alt_text: image.object_props.content_string().ok()?,
|
alt_text: image.object_props.content_string().ok()?,
|
||||||
is_remote: true,
|
is_remote: false,
|
||||||
remote_url: None,
|
remote_url: None,
|
||||||
sensitive: image.object_props.summary_string().is_ok(),
|
sensitive: image.object_props.summary_string().is_ok(),
|
||||||
content_warning: image.object_props.summary_string().ok(),
|
content_warning: image.object_props.summary_string().ok(),
|
||||||
|
|
|
@ -267,7 +267,7 @@ impl User {
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn fetch_from_url(conn: &Connection, url: &str) -> Option<User> {
|
pub fn fetch_from_url(conn: &Connection, url: &str) -> Option<User> {
|
||||||
User::fetch(url).map(|json| {
|
User::fetch(url).and_then(|json| {
|
||||||
(User::from_activity(
|
(User::from_activity(
|
||||||
conn,
|
conn,
|
||||||
&json,
|
&json,
|
||||||
|
@ -275,11 +275,11 @@ impl User {
|
||||||
.expect("User::fetch_from_url: url error")
|
.expect("User::fetch_from_url: url error")
|
||||||
.host_str()
|
.host_str()
|
||||||
.expect("User::fetch_from_url: host error"),
|
.expect("User::fetch_from_url: host error"),
|
||||||
))
|
).ok())
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
fn from_activity(conn: &Connection, acct: &CustomPerson, inst: &str) -> User {
|
fn from_activity(conn: &Connection, acct: &CustomPerson, inst: &str) -> Result<User, ()> {
|
||||||
let instance = match Instance::find_by_domain(conn, inst) {
|
let instance = match Instance::find_by_domain(conn, inst) {
|
||||||
Some(instance) => instance,
|
Some(instance) => instance,
|
||||||
None => {
|
None => {
|
||||||
|
@ -301,6 +301,11 @@ impl User {
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if acct.object.ap_actor_props.preferred_username_string()
|
||||||
|
.expect("User::from_activity: preferredUsername error")
|
||||||
|
.contains(&['<', '>', '&', '@', '\'', '"'][..]) {
|
||||||
|
return Err(());
|
||||||
|
}
|
||||||
let user = User::insert(
|
let user = User::insert(
|
||||||
conn,
|
conn,
|
||||||
NewUser {
|
NewUser {
|
||||||
|
@ -308,7 +313,7 @@ impl User {
|
||||||
.object
|
.object
|
||||||
.ap_actor_props
|
.ap_actor_props
|
||||||
.preferred_username_string()
|
.preferred_username_string()
|
||||||
.expect("User::from_activity: preferredUsername error"),
|
.unwrap(),
|
||||||
display_name: acct
|
display_name: acct
|
||||||
.object
|
.object
|
||||||
.object_props
|
.object_props
|
||||||
|
@ -374,9 +379,11 @@ impl User {
|
||||||
&user,
|
&user,
|
||||||
);
|
);
|
||||||
|
|
||||||
user.set_avatar(conn, avatar.id);
|
if let Ok(avatar) = avatar {
|
||||||
|
user.set_avatar(conn, avatar.id);
|
||||||
|
}
|
||||||
|
|
||||||
user
|
Ok(user)
|
||||||
}
|
}
|
||||||
|
|
||||||
pub fn refetch(&self, conn: &Connection) {
|
pub fn refetch(&self, conn: &Connection) {
|
||||||
|
@ -391,7 +398,7 @@ impl User {
|
||||||
.url_string()
|
.url_string()
|
||||||
.expect("User::refetch: icon.url error"),
|
.expect("User::refetch: icon.url error"),
|
||||||
&self,
|
&self,
|
||||||
);
|
).ok();
|
||||||
|
|
||||||
diesel::update(self)
|
diesel::update(self)
|
||||||
.set((
|
.set((
|
||||||
|
@ -427,7 +434,7 @@ impl User {
|
||||||
.ap_actor_props
|
.ap_actor_props
|
||||||
.followers_string()
|
.followers_string()
|
||||||
.expect("User::refetch: followers error")),
|
.expect("User::refetch: followers error")),
|
||||||
users::avatar_id.eq(Some(avatar.id)),
|
users::avatar_id.eq(avatar.map(|a| a.id)),
|
||||||
users::last_fetched_date.eq(Utc::now().naive_utc()),
|
users::last_fetched_date.eq(Utc::now().naive_utc()),
|
||||||
))
|
))
|
||||||
.execute(conn)
|
.execute(conn)
|
||||||
|
|
Loading…
Reference in a new issue