From b5cd732372fa8de089586dd2e8ad4d3c516323d4 Mon Sep 17 00:00:00 2001 From: Nutomic Date: Thu, 3 Nov 2022 13:39:30 +0000 Subject: [PATCH 1/6] Mark objects as not deleted when received via apub (fixes #2507) (#2528) --- crates/apub/src/objects/comment.rs | 2 +- crates/apub/src/objects/person.rs | 2 +- crates/apub/src/objects/post.rs | 2 +- crates/apub/src/objects/private_message.rs | 2 +- crates/apub/src/protocol/objects/group.rs | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/crates/apub/src/objects/comment.rs b/crates/apub/src/objects/comment.rs index 154bd41c9..cca092dbb 100644 --- a/crates/apub/src/objects/comment.rs +++ b/crates/apub/src/objects/comment.rs @@ -202,7 +202,7 @@ impl ApubObject for ApubComment { removed: None, published: note.published.map(|u| u.naive_local()), updated: note.updated.map(|u| u.naive_local()), - deleted: None, + deleted: Some(false), ap_id: Some(note.id.into()), distinguished: note.distinguished, local: Some(false), diff --git a/crates/apub/src/objects/person.rs b/crates/apub/src/objects/person.rs index e496da075..41d6b777f 100644 --- a/crates/apub/src/objects/person.rs +++ b/crates/apub/src/objects/person.rs @@ -160,7 +160,7 @@ impl ApubObject for ApubPerson { display_name: person.name, banned: None, ban_expires: None, - deleted: None, + deleted: Some(false), avatar: person.icon.map(|i| i.url.into()), banner: person.image.map(|i| i.url.into()), published: person.published.map(|u| u.naive_local()), diff --git a/crates/apub/src/objects/post.rs b/crates/apub/src/objects/post.rs index 2f6f628c2..ac9b82ebb 100644 --- a/crates/apub/src/objects/post.rs +++ b/crates/apub/src/objects/post.rs @@ -217,7 +217,7 @@ impl ApubObject for ApubPost { locked: page.comments_enabled.map(|e| !e), published: page.published.map(|u| u.naive_local()), updated: page.updated.map(|u| u.naive_local()), - deleted: None, + deleted: Some(false), nsfw: page.sensitive, stickied: page.stickied, embed_title, diff --git a/crates/apub/src/objects/private_message.rs b/crates/apub/src/objects/private_message.rs index bdab7dd00..87f88de81 100644 --- a/crates/apub/src/objects/private_message.rs +++ b/crates/apub/src/objects/private_message.rs @@ -149,7 +149,7 @@ impl ApubObject for ApubPrivateMessage { content: read_from_string_or_source(¬e.content, &None, ¬e.source), published: note.published.map(|u| u.naive_local()), updated: note.updated.map(|u| u.naive_local()), - deleted: None, + deleted: Some(false), read: None, ap_id: Some(note.id.into()), local: Some(false), diff --git a/crates/apub/src/protocol/objects/group.rs b/crates/apub/src/protocol/objects/group.rs index 5abfa2b28..7d207da49 100644 --- a/crates/apub/src/protocol/objects/group.rs +++ b/crates/apub/src/protocol/objects/group.rs @@ -102,7 +102,7 @@ impl Group { removed: None, published: self.published.map(|u| u.naive_local()), updated: self.updated.map(|u| u.naive_local()), - deleted: None, + deleted: Some(false), nsfw: Some(self.sensitive.unwrap_or(false)), actor_id: Some(self.id.into()), local: Some(false), From 5e871ca7baf2f12f9136aa54814ccb9e92da8203 Mon Sep 17 00:00:00 2001 From: Nutomic Date: Thu, 3 Nov 2022 17:41:44 +0000 Subject: [PATCH 2/6] Mark own private messages as read in api (fixes #2484) (#2531) --- crates/api_crud/src/private_message/read.rs | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/crates/api_crud/src/private_message/read.rs b/crates/api_crud/src/private_message/read.rs index fbf7621c7..cc03c3182 100644 --- a/crates/api_crud/src/private_message/read.rs +++ b/crates/api_crud/src/private_message/read.rs @@ -39,6 +39,14 @@ impl PerformCrud for GetPrivateMessages { }) .await??; + // Messages sent by ourselves should be marked as read. The `read` column in database is only + // for the recipient, and shouldnt be exposed to sender. + messages.iter_mut().for_each(|pmv| { + if pmv.creator.id == person_id { + pmv.private_message.read = true + } + }); + // Blank out deleted or removed info for pmv in messages .iter_mut() From 93931958277714fd738a8dd8ab965c39b5016f63 Mon Sep 17 00:00:00 2001 From: Nutomic Date: Thu, 3 Nov 2022 18:13:40 +0000 Subject: [PATCH 3/6] Send error message when rate limit is reached (#2527) * Send error message when rate limit is reached * l18n key --- crates/utils/src/rate_limit/mod.rs | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/crates/utils/src/rate_limit/mod.rs b/crates/utils/src/rate_limit/mod.rs index 48911b5cf..ed019255f 100644 --- a/crates/utils/src/rate_limit/mod.rs +++ b/crates/utils/src/rate_limit/mod.rs @@ -1,8 +1,5 @@ -use crate::{utils::get_ip, IpAddr}; -use actix_web::{ - dev::{Service, ServiceRequest, ServiceResponse, Transform}, - HttpResponse, -}; +use crate::{error::LemmyError, utils::get_ip, IpAddr}; +use actix_web::dev::{Service, ServiceRequest, ServiceResponse, Transform}; use futures::future::{ok, Ready}; use rate_limiter::{RateLimitType, RateLimiter}; use serde::{Deserialize, Serialize}; @@ -177,10 +174,9 @@ where service.call(req).await } else { let (http_req, _) = req.into_parts(); - // if rate limit was hit, respond with http 400 - Ok(ServiceResponse::new( + Ok(ServiceResponse::from_err( + LemmyError::from_message("rate_limit_error"), http_req, - HttpResponse::BadRequest().finish(), )) } }) From 2207fed0f577fd68f0b70c53aef3aaa3ba656c89 Mon Sep 17 00:00:00 2001 From: Nutomic Date: Sat, 5 Nov 2022 00:53:46 +0000 Subject: [PATCH 4/6] Remove explicit panic from db connection code (fixes #2533) (#2535) --- src/main.rs | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/main.rs b/src/main.rs index 9ef2f541d..4667df44a 100644 --- a/src/main.rs +++ b/src/main.rs @@ -78,8 +78,7 @@ async fn main() -> Result<(), LemmyError> { let pool = Pool::builder() .max_size(settings.database.pool_size) .min_idle(Some(1)) - .build(manager) - .unwrap_or_else(|_| panic!("Error connecting to {}", db_url)); + .build(manager)?; // Run the migrations from code let settings_cloned = settings.to_owned(); From 50a2233b526426357c8e31509010f7fcb5ffbf3f Mon Sep 17 00:00:00 2001 From: Nutomic Date: Sat, 5 Nov 2022 00:56:38 +0000 Subject: [PATCH 5/6] Fix password length check (#2536) --- crates/api_common/src/utils.rs | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/crates/api_common/src/utils.rs b/crates/api_common/src/utils.rs index 6b0b011a9..8c341c44b 100644 --- a/crates/api_common/src/utils.rs +++ b/crates/api_common/src/utils.rs @@ -314,7 +314,7 @@ pub async fn build_federated_instances( /// Checks the password length pub fn password_length_check(pass: &str) -> Result<(), LemmyError> { - if !(10..=60).contains(&pass.len()) { + if !(10..=60).contains(&pass.chars().count()) { Err(LemmyError::from_message("invalid_password")) } else { Ok(()) @@ -791,3 +791,17 @@ pub fn listing_type_with_site_default( &local_site.default_post_listing_type, )?)) } + +#[cfg(test)] +mod tests { + use crate::utils::password_length_check; + + #[test] + #[rustfmt::skip] + fn password_length() { + assert!(password_length_check("Õ¼¾°3yË,o¸ãtÌÈú|ÇÁÙAøüÒI©·¤(T]/ð>æºWæ[C¤bªWöaÃÎñ·{=û³&§½K/c").is_ok()); + assert!(password_length_check("1234567890").is_ok()); + assert!(password_length_check("short").is_err()); + assert!(password_length_check("looooooooooooooooooooooooooooooooooooooooooooooooooooooooooong").is_err()); + } +} From a0a84d91cec9d734d0b9c14e748177c00cba0990 Mon Sep 17 00:00:00 2001 From: Nutomic Date: Sat, 5 Nov 2022 00:57:28 +0000 Subject: [PATCH 6/6] Dont serve apub json for removed objects (ref #2522) (#2538) --- crates/apub/src/http/comment.rs | 2 +- crates/apub/src/http/community.rs | 10 +++++++++- crates/apub/src/http/post.rs | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/crates/apub/src/http/comment.rs b/crates/apub/src/http/comment.rs index 59cbee8e8..4a498a16a 100644 --- a/crates/apub/src/http/comment.rs +++ b/crates/apub/src/http/comment.rs @@ -30,7 +30,7 @@ pub(crate) async fn get_apub_comment( return Err(NotFound.into()); } - if !comment.deleted { + if !comment.deleted && !comment.removed { Ok(create_apub_response(&comment.into_apub(&**context).await?)) } else { Ok(create_apub_tombstone_response(comment.ap_id.clone())) diff --git a/crates/apub/src/http/community.rs b/crates/apub/src/http/community.rs index 6f68e8fc4..d4528236e 100644 --- a/crates/apub/src/http/community.rs +++ b/crates/apub/src/http/community.rs @@ -40,7 +40,7 @@ pub(crate) async fn get_apub_community_http( .await?? .into(); - if !community.deleted { + if !community.deleted && !community.removed { let apub = community.into_apub(&**context).await?; Ok(create_apub_response(&apub)) @@ -83,6 +83,10 @@ pub(crate) async fn get_apub_community_outbox( Community::read_from_name(conn, &info.community_name, false) }) .await??; + if community.deleted || community.removed { + return Err(LemmyError::from_message("deleted")); + } + let id = ObjectId::new(generate_outbox_url(&community.actor_id)?); let outbox_data = CommunityContext(community.into(), context.get_ref().clone()); let outbox: ApubCommunityOutbox = id @@ -101,6 +105,10 @@ pub(crate) async fn get_apub_community_moderators( }) .await?? .into(); + if community.deleted || community.removed { + return Err(LemmyError::from_message("deleted")); + } + let id = ObjectId::new(generate_outbox_url(&community.actor_id)?); let outbox_data = CommunityContext(community, context.get_ref().clone()); let moderators: ApubCommunityModerators = id diff --git a/crates/apub/src/http/post.rs b/crates/apub/src/http/post.rs index 0e321d176..5960db447 100644 --- a/crates/apub/src/http/post.rs +++ b/crates/apub/src/http/post.rs @@ -30,7 +30,7 @@ pub(crate) async fn get_apub_post( return Err(NotFound.into()); } - if !post.deleted { + if !post.deleted && !post.removed { Ok(create_apub_response(&post.into_apub(&context).await?)) } else { Ok(create_apub_tombstone_response(post.ap_id.clone()))