Verify remote user name and media url

This commit is contained in:
Trinity Pointard 2018-12-02 19:07:36 +01:00
parent 449641d158
commit ed71d24fe9
2 changed files with 33 additions and 22 deletions

View file

@ -131,19 +131,23 @@ impl Media {
.expect("Media::delete: database entry deletion error");
}
pub fn save_remote(conn: &Connection, url: String, user: &User) -> Media {
Media::insert(
conn,
NewMedia {
file_path: String::new(),
alt_text: String::new(),
is_remote: true,
remote_url: Some(url),
sensitive: false,
content_warning: None,
owner_id: user.id,
},
)
pub fn save_remote(conn: &Connection, url: String, user: &User) -> Result<Media, ()> {
if url.contains(&['<', '>', '"'][..]) {
Err(())
} else {
Ok(Media::insert(
conn,
NewMedia {
file_path: String::new(),
alt_text: String::new(),
is_remote: true,
remote_url: Some(url),
sensitive: false,
content_warning: None,
owner_id: user.id,
},
))
}
}
pub fn set_owner(&self, conn: &Connection, user: &User) {
@ -177,7 +181,7 @@ impl Media {
NewMedia {
file_path: path.to_str()?.to_string(),
alt_text: image.object_props.content_string().ok()?,
is_remote: true,
is_remote: false,
remote_url: None,
sensitive: image.object_props.summary_string().is_ok(),
content_warning: image.object_props.summary_string().ok(),

View file

@ -267,7 +267,7 @@ impl User {
}
pub fn fetch_from_url(conn: &Connection, url: &str) -> Option<User> {
User::fetch(url).map(|json| {
User::fetch(url).and_then(|json| {
(User::from_activity(
conn,
&json,
@ -275,11 +275,11 @@ impl User {
.expect("User::fetch_from_url: url error")
.host_str()
.expect("User::fetch_from_url: host error"),
))
).ok())
})
}
fn from_activity(conn: &Connection, acct: &CustomPerson, inst: &str) -> User {
fn from_activity(conn: &Connection, acct: &CustomPerson, inst: &str) -> Result<User, ()> {
let instance = match Instance::find_by_domain(conn, inst) {
Some(instance) => instance,
None => {
@ -301,6 +301,11 @@ impl User {
}
};
if acct.object.ap_actor_props.preferred_username_string()
.expect("User::from_activity: preferredUsername error")
.contains(&['<', '>', '&', '@', '\'', '"'][..]) {
return Err(());
}
let user = User::insert(
conn,
NewUser {
@ -308,7 +313,7 @@ impl User {
.object
.ap_actor_props
.preferred_username_string()
.expect("User::from_activity: preferredUsername error"),
.unwrap(),
display_name: acct
.object
.object_props
@ -374,9 +379,11 @@ impl User {
&user,
);
user.set_avatar(conn, avatar.id);
if let Ok(avatar) = avatar {
user.set_avatar(conn, avatar.id);
}
user
Ok(user)
}
pub fn refetch(&self, conn: &Connection) {
@ -391,7 +398,7 @@ impl User {
.url_string()
.expect("User::refetch: icon.url error"),
&self,
);
).ok();
diesel::update(self)
.set((
@ -427,7 +434,7 @@ impl User {
.ap_actor_props
.followers_string()
.expect("User::refetch: followers error")),
users::avatar_id.eq(Some(avatar.id)),
users::avatar_id.eq(avatar.map(|a| a.id)),
users::last_fetched_date.eq(Utc::now().naive_utc()),
))
.execute(conn)