Add private instance site column, and back end checks.

3 years ago · 52b8e73390
parent e28977c987
commit 52b8e73390
14 changed files with 72 additions and 4 deletions
--- a/crates/api/src/site.rs
+++ b/crates/api/src/site.rs
@ -5,6 +5,7 @@ use diesel::NotFound;
 use lemmy_api_common::{
  blocking,
  build_federated_instances,
+  check_private_instance,
  get_local_user_view_from_jwt,
  get_local_user_view_from_jwt_opt,
  is_admin,
@ -163,6 +164,8 @@ impl Perform for Search {
    let local_user_view =
      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;

+    check_private_instance(&local_user_view, context.pool()).await?;
+
    let show_nsfw = local_user_view.as_ref().map(|t| t.local_user.show_nsfw);
    let show_bot_accounts = local_user_view
      .as_ref()
@ -400,6 +403,8 @@ impl Perform for ResolveObject {
  ) -> Result<ResolveObjectResponse, LemmyError> {
    let local_user_view =
      get_local_user_view_from_jwt_opt(&self.auth, context.pool(), context.secret()).await?;
+    check_private_instance(&local_user_view, context.pool()).await?;
+
    let res = search_by_apub_id(&self.q, context)
      .await
      .map_err(|e| ApiError::err("couldnt_find_object", e))?;
--- a/crates/api_common/src/lib.rs
+++ b/crates/api_common/src/lib.rs
@ -243,6 +243,19 @@ pub async fn check_downvotes_enabled(score: i16, pool: &DbPool) -> Result<(), Le
  Ok(())
 }

+pub async fn check_private_instance(
+  local_user_view: &Option<LocalUserView>,
+  pool: &DbPool,
+) -> Result<(), LemmyError> {
+  if local_user_view.is_none() {
+    let site = blocking(pool, Site::read_simple).await??;
+    if site.private_instance {
+      return Err(ApiError::err_plain("instance_is_private").into());
+    }
+  }
+  Ok(())
+}
+
 pub async fn build_federated_instances(
  pool: &DbPool,
  federation_config: &FederationConfig,
--- a/crates/api_common/src/site.rs
+++ b/crates/api_common/src/site.rs
@ -118,6 +118,7 @@ pub struct EditSite {
  pub require_email_verification: Option<bool>,
  pub require_application: Option<bool>,
  pub application_question: Option<String>,
+  pub private_instance: Option<bool>,
  pub auth: String,
 }

--- a/crates/api_crud/src/comment/read.rs
+++ b/crates/api_crud/src/comment/read.rs
@ -1,6 +1,11 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
-use lemmy_api_common::{blocking, comment::*, get_local_user_view_from_jwt_opt};
+use lemmy_api_common::{
+  blocking,
+  check_private_instance,
+  comment::*,
+  get_local_user_view_from_jwt_opt,
+};
 use lemmy_apub::{
  fetcher::webfinger::webfinger_resolve,
  objects::community::ApubCommunity,
@ -29,6 +34,8 @@ impl PerformCrud for GetComment {
    let local_user_view =
      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;

+    check_private_instance(&local_user_view, context.pool()).await?;
+
    let person_id = local_user_view.map(|u| u.person.id);
    let id = data.id;
    let comment_view = blocking(context.pool(), move |conn| {
@ -58,6 +65,8 @@ impl PerformCrud for GetComments {
    let local_user_view =
      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;

+    check_private_instance(&local_user_view, context.pool()).await?;
+
    let show_bot_accounts = local_user_view
      .as_ref()
      .map(|t| t.local_user.show_bot_accounts);
--- a/crates/api_crud/src/community/read.rs
+++ b/crates/api_crud/src/community/read.rs
@ -1,6 +1,11 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
-use lemmy_api_common::{blocking, community::*, get_local_user_view_from_jwt_opt};
+use lemmy_api_common::{
+  blocking,
+  check_private_instance,
+  community::*,
+  get_local_user_view_from_jwt_opt,
+};
 use lemmy_apub::{
  fetcher::webfinger::webfinger_resolve,
  objects::community::ApubCommunity,
@ -32,6 +37,9 @@ impl PerformCrud for GetCommunity {
    let data: &GetCommunity = self;
    let local_user_view =
      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;
+
+    check_private_instance(&local_user_view, context.pool()).await?;
+
    let person_id = local_user_view.map(|u| u.person.id);

    let community_id = match data.id {
@ -98,6 +106,8 @@ impl PerformCrud for ListCommunities {
    let local_user_view =
      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;

+    check_private_instance(&local_user_view, context.pool()).await?;
+
    let person_id = local_user_view.to_owned().map(|l| l.person.id);

    // Don't show NSFW by default
--- a/crates/api_crud/src/post/read.rs
+++ b/crates/api_crud/src/post/read.rs
@ -1,6 +1,12 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
-use lemmy_api_common::{blocking, get_local_user_view_from_jwt_opt, mark_post_as_read, post::*};
+use lemmy_api_common::{
+  blocking,
+  check_private_instance,
+  get_local_user_view_from_jwt_opt,
+  mark_post_as_read,
+  post::*,
+};
 use lemmy_apub::{
  fetcher::webfinger::webfinger_resolve,
  objects::community::ApubCommunity,
@ -36,6 +42,8 @@ impl PerformCrud for GetPost {
    let local_user_view =
      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;

+    check_private_instance(&local_user_view, context.pool()).await?;
+
    let show_bot_accounts = local_user_view
      .as_ref()
      .map(|t| t.local_user.show_bot_accounts);
@ -124,6 +132,8 @@ impl PerformCrud for GetPosts {
    let local_user_view =
      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;

+    check_private_instance(&local_user_view, context.pool()).await?;
+
    let person_id = local_user_view.to_owned().map(|l| l.person.id);

    let show_nsfw = local_user_view.as_ref().map(|t| t.local_user.show_nsfw);
--- a/crates/api_crud/src/site/read.rs
+++ b/crates/api_crud/src/site/read.rs
@ -138,6 +138,12 @@ impl PerformCrud for GetSite {
        person_blocks,
      })
    } else {
+      // If the site is setup, private, and there is no auth, return an error
+      if let Some(site_view) = site_view.to_owned() {
+        if site_view.site.private_instance {
+          return Err(ApiError::err_plain("instance_is_private").into());
+        }
+      }
      None
    };

--- a/crates/api_crud/src/site/update.rs
+++ b/crates/api_crud/src/site/update.rs
@ -63,6 +63,7 @@ impl PerformCrud for EditSite {
      require_email_verification: data.require_email_verification,
      require_application: data.require_application,
      application_question,
+      private_instance: data.private_instance,
    };

    let update_site = move |conn: &'_ _| Site::update(conn, 1, &site_form);
--- a/crates/api_crud/src/user/read.rs
+++ b/crates/api_crud/src/user/read.rs
@ -1,6 +1,11 @@
 use crate::PerformCrud;
 use actix_web::web::Data;
-use lemmy_api_common::{blocking, get_local_user_view_from_jwt_opt, person::*};
+use lemmy_api_common::{
+  blocking,
+  check_private_instance,
+  get_local_user_view_from_jwt_opt,
+  person::*,
+};
 use lemmy_apub::{
  fetcher::webfinger::webfinger_resolve,
  objects::person::ApubPerson,
@ -29,6 +34,8 @@ impl PerformCrud for GetPersonDetails {
    let local_user_view =
      get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?;

+    check_private_instance(&local_user_view, context.pool()).await?;
+
    let show_nsfw = local_user_view.as_ref().map(|t| t.local_user.show_nsfw);
    let show_bot_accounts = local_user_view
      .as_ref()
--- a/crates/db_schema/src/aggregates/site_aggregates.rs
+++ b/crates/db_schema/src/aggregates/site_aggregates.rs
@ -68,6 +68,7 @@ mod tests {
      require_email_verification: None,
      require_application: None,
      application_question: None,
+      private_instance: None,
    };

    Site::create(&conn, &site_form).unwrap();
--- a/crates/db_schema/src/schema.rs
+++ b/crates/db_schema/src/schema.rs
@ -452,6 +452,7 @@ table! {
        require_email_verification -> Bool,
        require_application -> Bool,
        application_question -> Nullable<Text>,
+        private_instance -> Bool,
    }
 }

--- a/crates/db_schema/src/source/site.rs
+++ b/crates/db_schema/src/source/site.rs
@ -23,6 +23,7 @@ pub struct Site {
  pub require_email_verification: bool,
  pub require_application: bool,
  pub application_question: Option<String>,
+  pub private_instance: bool,
 }

 #[derive(Insertable, AsChangeset, Default)]
@ -43,4 +44,5 @@ pub struct SiteForm {
  pub require_email_verification: Option<bool>,
  pub require_application: Option<bool>,
  pub application_question: Option<Option<String>>,
+  pub private_instance: Option<bool>,
 }
--- a/migrations/2021-11-23-153753_add_invite_only_columns/down.sql
+++ b/migrations/2021-11-23-153753_add_invite_only_columns/down.sql
@ -1,6 +1,7 @@
 -- Add columns to site table
 alter table site drop column require_application;
 alter table site drop column application_question;
+alter table site drop column private_instance;

 -- Add pending to local_user
 alter table local_user drop column accepted_application;
--- a/migrations/2021-11-23-153753_add_invite_only_columns/up.sql
+++ b/migrations/2021-11-23-153753_add_invite_only_columns/up.sql
@ -1,6 +1,7 @@
 -- Add columns to site table
 alter table site add column require_application boolean not null default false;
 alter table site add column application_question text;
+alter table site add column private_instance boolean not null default false;

 -- Add pending to local_user
 alter table local_user add column accepted_application boolean not null default false;