From 52b8e73390f643b69b0aca13c6938ba5566208a3 Mon Sep 17 00:00:00 2001 From: Dessalines Date: Sat, 4 Dec 2021 14:40:33 -0500 Subject: [PATCH] Add private instance site column, and back end checks. --- crates/api/src/site.rs | 5 +++++ crates/api_common/src/lib.rs | 13 +++++++++++++ crates/api_common/src/site.rs | 1 + crates/api_crud/src/comment/read.rs | 11 ++++++++++- crates/api_crud/src/community/read.rs | 12 +++++++++++- crates/api_crud/src/post/read.rs | 12 +++++++++++- crates/api_crud/src/site/read.rs | 6 ++++++ crates/api_crud/src/site/update.rs | 1 + crates/api_crud/src/user/read.rs | 9 ++++++++- crates/db_schema/src/aggregates/site_aggregates.rs | 1 + crates/db_schema/src/schema.rs | 1 + crates/db_schema/src/source/site.rs | 2 ++ .../down.sql | 1 + .../up.sql | 1 + 14 files changed, 72 insertions(+), 4 deletions(-) diff --git a/crates/api/src/site.rs b/crates/api/src/site.rs index 70d9310f4..0bbf7a936 100644 --- a/crates/api/src/site.rs +++ b/crates/api/src/site.rs @@ -5,6 +5,7 @@ use diesel::NotFound; use lemmy_api_common::{ blocking, build_federated_instances, + check_private_instance, get_local_user_view_from_jwt, get_local_user_view_from_jwt_opt, is_admin, @@ -163,6 +164,8 @@ impl Perform for Search { let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?; + check_private_instance(&local_user_view, context.pool()).await?; + let show_nsfw = local_user_view.as_ref().map(|t| t.local_user.show_nsfw); let show_bot_accounts = local_user_view .as_ref() @@ -400,6 +403,8 @@ impl Perform for ResolveObject { ) -> Result { let local_user_view = get_local_user_view_from_jwt_opt(&self.auth, context.pool(), context.secret()).await?; + check_private_instance(&local_user_view, context.pool()).await?; + let res = search_by_apub_id(&self.q, context) .await .map_err(|e| ApiError::err("couldnt_find_object", e))?; diff --git a/crates/api_common/src/lib.rs b/crates/api_common/src/lib.rs index f5b6ebad2..ffab0d7bf 100644 --- a/crates/api_common/src/lib.rs +++ b/crates/api_common/src/lib.rs @@ -243,6 +243,19 @@ pub async fn check_downvotes_enabled(score: i16, pool: &DbPool) -> Result<(), Le Ok(()) } +pub async fn check_private_instance( + local_user_view: &Option, + pool: &DbPool, +) -> Result<(), LemmyError> { + if local_user_view.is_none() { + let site = blocking(pool, Site::read_simple).await??; + if site.private_instance { + return Err(ApiError::err_plain("instance_is_private").into()); + } + } + Ok(()) +} + pub async fn build_federated_instances( pool: &DbPool, federation_config: &FederationConfig, diff --git a/crates/api_common/src/site.rs b/crates/api_common/src/site.rs index 4473db790..a2ad7ae16 100644 --- a/crates/api_common/src/site.rs +++ b/crates/api_common/src/site.rs @@ -118,6 +118,7 @@ pub struct EditSite { pub require_email_verification: Option, pub require_application: Option, pub application_question: Option, + pub private_instance: Option, pub auth: String, } diff --git a/crates/api_crud/src/comment/read.rs b/crates/api_crud/src/comment/read.rs index 4789b84fe..bad2eb7d3 100644 --- a/crates/api_crud/src/comment/read.rs +++ b/crates/api_crud/src/comment/read.rs @@ -1,6 +1,11 @@ use crate::PerformCrud; use actix_web::web::Data; -use lemmy_api_common::{blocking, comment::*, get_local_user_view_from_jwt_opt}; +use lemmy_api_common::{ + blocking, + check_private_instance, + comment::*, + get_local_user_view_from_jwt_opt, +}; use lemmy_apub::{ fetcher::webfinger::webfinger_resolve, objects::community::ApubCommunity, @@ -29,6 +34,8 @@ impl PerformCrud for GetComment { let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?; + check_private_instance(&local_user_view, context.pool()).await?; + let person_id = local_user_view.map(|u| u.person.id); let id = data.id; let comment_view = blocking(context.pool(), move |conn| { @@ -58,6 +65,8 @@ impl PerformCrud for GetComments { let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?; + check_private_instance(&local_user_view, context.pool()).await?; + let show_bot_accounts = local_user_view .as_ref() .map(|t| t.local_user.show_bot_accounts); diff --git a/crates/api_crud/src/community/read.rs b/crates/api_crud/src/community/read.rs index 54f278510..d0e12cac5 100644 --- a/crates/api_crud/src/community/read.rs +++ b/crates/api_crud/src/community/read.rs @@ -1,6 +1,11 @@ use crate::PerformCrud; use actix_web::web::Data; -use lemmy_api_common::{blocking, community::*, get_local_user_view_from_jwt_opt}; +use lemmy_api_common::{ + blocking, + check_private_instance, + community::*, + get_local_user_view_from_jwt_opt, +}; use lemmy_apub::{ fetcher::webfinger::webfinger_resolve, objects::community::ApubCommunity, @@ -32,6 +37,9 @@ impl PerformCrud for GetCommunity { let data: &GetCommunity = self; let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?; + + check_private_instance(&local_user_view, context.pool()).await?; + let person_id = local_user_view.map(|u| u.person.id); let community_id = match data.id { @@ -98,6 +106,8 @@ impl PerformCrud for ListCommunities { let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?; + check_private_instance(&local_user_view, context.pool()).await?; + let person_id = local_user_view.to_owned().map(|l| l.person.id); // Don't show NSFW by default diff --git a/crates/api_crud/src/post/read.rs b/crates/api_crud/src/post/read.rs index 720a18a4d..915f904f4 100644 --- a/crates/api_crud/src/post/read.rs +++ b/crates/api_crud/src/post/read.rs @@ -1,6 +1,12 @@ use crate::PerformCrud; use actix_web::web::Data; -use lemmy_api_common::{blocking, get_local_user_view_from_jwt_opt, mark_post_as_read, post::*}; +use lemmy_api_common::{ + blocking, + check_private_instance, + get_local_user_view_from_jwt_opt, + mark_post_as_read, + post::*, +}; use lemmy_apub::{ fetcher::webfinger::webfinger_resolve, objects::community::ApubCommunity, @@ -36,6 +42,8 @@ impl PerformCrud for GetPost { let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?; + check_private_instance(&local_user_view, context.pool()).await?; + let show_bot_accounts = local_user_view .as_ref() .map(|t| t.local_user.show_bot_accounts); @@ -124,6 +132,8 @@ impl PerformCrud for GetPosts { let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?; + check_private_instance(&local_user_view, context.pool()).await?; + let person_id = local_user_view.to_owned().map(|l| l.person.id); let show_nsfw = local_user_view.as_ref().map(|t| t.local_user.show_nsfw); diff --git a/crates/api_crud/src/site/read.rs b/crates/api_crud/src/site/read.rs index 5b79a5d87..a69f68182 100644 --- a/crates/api_crud/src/site/read.rs +++ b/crates/api_crud/src/site/read.rs @@ -138,6 +138,12 @@ impl PerformCrud for GetSite { person_blocks, }) } else { + // If the site is setup, private, and there is no auth, return an error + if let Some(site_view) = site_view.to_owned() { + if site_view.site.private_instance { + return Err(ApiError::err_plain("instance_is_private").into()); + } + } None }; diff --git a/crates/api_crud/src/site/update.rs b/crates/api_crud/src/site/update.rs index 962664391..bfba6b81b 100644 --- a/crates/api_crud/src/site/update.rs +++ b/crates/api_crud/src/site/update.rs @@ -63,6 +63,7 @@ impl PerformCrud for EditSite { require_email_verification: data.require_email_verification, require_application: data.require_application, application_question, + private_instance: data.private_instance, }; let update_site = move |conn: &'_ _| Site::update(conn, 1, &site_form); diff --git a/crates/api_crud/src/user/read.rs b/crates/api_crud/src/user/read.rs index e20848605..9019200ff 100644 --- a/crates/api_crud/src/user/read.rs +++ b/crates/api_crud/src/user/read.rs @@ -1,6 +1,11 @@ use crate::PerformCrud; use actix_web::web::Data; -use lemmy_api_common::{blocking, get_local_user_view_from_jwt_opt, person::*}; +use lemmy_api_common::{ + blocking, + check_private_instance, + get_local_user_view_from_jwt_opt, + person::*, +}; use lemmy_apub::{ fetcher::webfinger::webfinger_resolve, objects::person::ApubPerson, @@ -29,6 +34,8 @@ impl PerformCrud for GetPersonDetails { let local_user_view = get_local_user_view_from_jwt_opt(&data.auth, context.pool(), context.secret()).await?; + check_private_instance(&local_user_view, context.pool()).await?; + let show_nsfw = local_user_view.as_ref().map(|t| t.local_user.show_nsfw); let show_bot_accounts = local_user_view .as_ref() diff --git a/crates/db_schema/src/aggregates/site_aggregates.rs b/crates/db_schema/src/aggregates/site_aggregates.rs index fb4e1f3cc..08d4dd01e 100644 --- a/crates/db_schema/src/aggregates/site_aggregates.rs +++ b/crates/db_schema/src/aggregates/site_aggregates.rs @@ -68,6 +68,7 @@ mod tests { require_email_verification: None, require_application: None, application_question: None, + private_instance: None, }; Site::create(&conn, &site_form).unwrap(); diff --git a/crates/db_schema/src/schema.rs b/crates/db_schema/src/schema.rs index e81dbd1c7..5e42eb952 100644 --- a/crates/db_schema/src/schema.rs +++ b/crates/db_schema/src/schema.rs @@ -452,6 +452,7 @@ table! { require_email_verification -> Bool, require_application -> Bool, application_question -> Nullable, + private_instance -> Bool, } } diff --git a/crates/db_schema/src/source/site.rs b/crates/db_schema/src/source/site.rs index 2c8e16a89..f99ffd887 100644 --- a/crates/db_schema/src/source/site.rs +++ b/crates/db_schema/src/source/site.rs @@ -23,6 +23,7 @@ pub struct Site { pub require_email_verification: bool, pub require_application: bool, pub application_question: Option, + pub private_instance: bool, } #[derive(Insertable, AsChangeset, Default)] @@ -43,4 +44,5 @@ pub struct SiteForm { pub require_email_verification: Option, pub require_application: Option, pub application_question: Option>, + pub private_instance: Option, } diff --git a/migrations/2021-11-23-153753_add_invite_only_columns/down.sql b/migrations/2021-11-23-153753_add_invite_only_columns/down.sql index 8d04f921f..52a1a2808 100644 --- a/migrations/2021-11-23-153753_add_invite_only_columns/down.sql +++ b/migrations/2021-11-23-153753_add_invite_only_columns/down.sql @@ -1,6 +1,7 @@ -- Add columns to site table alter table site drop column require_application; alter table site drop column application_question; +alter table site drop column private_instance; -- Add pending to local_user alter table local_user drop column accepted_application; diff --git a/migrations/2021-11-23-153753_add_invite_only_columns/up.sql b/migrations/2021-11-23-153753_add_invite_only_columns/up.sql index a7143929f..b3f8a18dc 100644 --- a/migrations/2021-11-23-153753_add_invite_only_columns/up.sql +++ b/migrations/2021-11-23-153753_add_invite_only_columns/up.sql @@ -1,6 +1,7 @@ -- Add columns to site table alter table site add column require_application boolean not null default false; alter table site add column application_question text; +alter table site add column private_instance boolean not null default false; -- Add pending to local_user alter table local_user add column accepted_application boolean not null default false;