Archives
/
lemmy
mirror of https://github.com/LemmyNet/lemmy
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove explicit auth params (#3946)

Browse Source 
* Remove explicit auth params (ref #3725)

Only take auth via header or cookie. This requires a new version
of lemmy-js-client for api tests to pass.

* rework api_crud

* remove remaining auth params, move logic to session middleware

* fmt, fix test

* update js client

* remove auth param from api tests

* Pass auth as header

* add !

* url vars, setHeader

* cleanup

* fmt

* update

* Updating for new lemmy-js-client.

---------

Co-authored-by: Dessalines <tyhou13@gmx.com>
Co-authored-by: Dessalines <dessalines@users.noreply.github.com>
pull/3923/head
Nutomic 8 months ago committed by GitHub
parent 22608ae983
commit f858d8cbce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
100 changed files with 567 additions and 918 deletions
Show Stats Download Patch File Download Diff File

1
Cargo.lock generated
Unescape Escape View File

@ -2894,6 +2894,7 @@ dependencies = [
"rustls 0.21.3", "rustls 0.21.3",
"serde", "serde",
"serde_json", "serde_json",
"serial_test",
"tokio", "tokio",
"tokio-postgres", "tokio-postgres",
"tokio-postgres-rustls", "tokio-postgres-rustls",

1
Cargo.toml
Unescape Escape View File

@ -166,5 +166,6 @@ tokio-postgres-rustls = { workspace = true }
chrono = { workspace = true } chrono = { workspace = true }
prometheus = { version = "0.13.3", features = ["process"], optional = true } prometheus = { version = "0.13.3", features = ["process"], optional = true }
actix-web-prom = { version = "0.6.0", optional = true } actix-web-prom = { version = "0.6.0", optional = true }
serial_test = { workspace = true }
clap = { version = "4.3.19", features = ["derive"] } clap = { version = "4.3.19", features = ["derive"] }
lemmy_federate = { version = "0.18.1", path = "crates/federate" } lemmy_federate = { version = "0.18.1", path = "crates/federate" }

2
api_tests/package.json
Unescape Escape View File

@ -19,7 +19,7 @@
"eslint": "^8.40.0", "eslint": "^8.40.0",
"eslint-plugin-prettier": "^4.0.0", "eslint-plugin-prettier": "^4.0.0",
"jest": "^29.5.0", "jest": "^29.5.0",
"lemmy-js-client": "0.19.0-rc.5", "lemmy-js-client": "0.19.0-rc.12",
"prettier": "^3.0.0", "prettier": "^3.0.0",
"ts-jest": "^29.1.0", "ts-jest": "^29.1.0",
"typescript": "^5.0.4" "typescript": "^5.0.4"

10
api_tests/src/comment.spec.ts
Unescape Escape View File

@ -24,7 +24,6 @@ import {
reportComment, reportComment,
listCommentReports, listCommentReports,
randomString, randomString,
API,
unfollows, unfollows,
getComments, getComments,
getCommentParentId, getCommentParentId,
@ -34,8 +33,10 @@ import {
getUnreadCount, getUnreadCount,
waitUntil, waitUntil,
delay, delay,
alphaUrl,
} from "./shared"; } from "./shared";
import { CommentView } from "lemmy-js-client/dist/types/CommentView"; import { CommentView } from "lemmy-js-client/dist/types/CommentView";
import { LemmyHttp } from "lemmy-js-client";
let postOnAlphaRes: PostResponse; let postOnAlphaRes: PostResponse;
@ -227,10 +228,9 @@ test.skip("Remove a comment from admin and community on the same instance", asyn
test("Remove a comment from admin and community on different instance", async () => { test("Remove a comment from admin and community on different instance", async () => {
let alpha_user = await registerUser(alpha); let alpha_user = await registerUser(alpha);
let newAlphaApi: API = { let newAlphaApi = new LemmyHttp(alphaUrl, {
client: alpha.client, headers: { auth: alpha_user.jwt ?? "" },
auth: alpha_user.jwt ?? "", });
};
// New alpha user creates a community, post, and comment. // New alpha user creates a community, post, and comment.
let newCommunity = await createCommunity(newAlphaApi); let newCommunity = await createCommunity(newAlphaApi);

12
api_tests/src/community.spec.ts
Unescape Escape View File

@ -19,7 +19,6 @@ import {
getPost, getPost,
resolvePost, resolvePost,
registerUser, registerUser,
API,
getPosts, getPosts,
getComments, getComments,
createComment, createComment,
@ -27,7 +26,9 @@ import {
blockInstance, blockInstance,
waitUntil, waitUntil,
delay, delay,
alphaUrl,
} from "./shared"; } from "./shared";
import { LemmyHttp } from "lemmy-js-client";
beforeAll(async () => { beforeAll(async () => {
await setupLogins(); await setupLogins();
@ -258,11 +259,10 @@ test("Admin actions in remote community are not federated to origin", async () =
test("moderator view", async () => { test("moderator view", async () => {
// register a new user with their own community on alpha and post to it // register a new user with their own community on alpha and post to it
let otherUser: API = { let registerUserRes = await registerUser(alpha);
auth: (await registerUser(alpha)).jwt ?? "", let otherUser = new LemmyHttp(alphaUrl, {
client: alpha.client, headers: { auth: registerUserRes.jwt ?? "" },
}; });
expect(otherUser.auth).not.toBe("");
let otherCommunity = (await createCommunity(otherUser)).community_view; let otherCommunity = (await createCommunity(otherUser)).community_view;
expect(otherCommunity.community.name).toBeDefined(); expect(otherCommunity.community.name).toBeDefined();

21
api_tests/src/post.spec.ts
Unescape Escape View File

@ -30,15 +30,16 @@ import {
listPostReports, listPostReports,
randomString, randomString,
registerUser, registerUser,
API,
getSite, getSite,
unfollows, unfollows,
resolveCommunity, resolveCommunity,
waitUntil, waitUntil,
delay, delay,
alphaUrl,
} from "./shared"; } from "./shared";
import { PostView } from "lemmy-js-client/dist/types/PostView"; import { PostView } from "lemmy-js-client/dist/types/PostView";
import { CreatePost } from "lemmy-js-client/dist/types/CreatePost"; import { CreatePost } from "lemmy-js-client/dist/types/CreatePost";
import { LemmyHttp } from "lemmy-js-client";
let betaCommunity: CommunityView | undefined; let betaCommunity: CommunityView | undefined;
@ -395,17 +396,16 @@ test("Enforce site ban for federated user", async () => {
// create a test user // create a test user
let alphaUserJwt = await registerUser(alpha); let alphaUserJwt = await registerUser(alpha);
expect(alphaUserJwt).toBeDefined(); expect(alphaUserJwt).toBeDefined();
let alpha_user: API = { let alpha_user = new LemmyHttp(alphaUrl, {
client: alpha.client, headers: { auth: alphaUserJwt.jwt ?? "" },
auth: alphaUserJwt.jwt ?? "", });
}; let alphaUserActorId = (await getSite(alpha_user)).my_user?.local_user_view
const alphaUserActorId = (await getSite(alpha_user)).my_user?.local_user_view
.person.actor_id; .person.actor_id;
if (!alphaUserActorId) { if (!alphaUserActorId) {
throw "Missing alpha user actor id"; throw "Missing alpha user actor id";
} }
expect(alphaUserActorId).toBeDefined(); expect(alphaUserActorId).toBeDefined();
let alphaPerson = (await resolvePerson(alpha_user, alphaUserActorId)).person; let alphaPerson = (await resolvePerson(alpha_user, alphaUserActorId!)).person;
if (!alphaPerson) { if (!alphaPerson) {
throw "Missing alpha person"; throw "Missing alpha person";
} }
@ -430,7 +430,7 @@ test("Enforce site ban for federated user", async () => {
// alpha ban should be federated to beta // alpha ban should be federated to beta
let alphaUserOnBeta1 = await waitUntil( let alphaUserOnBeta1 = await waitUntil(
() => resolvePerson(beta, alphaUserActorId), () => resolvePerson(beta, alphaUserActorId!),
res => res.person?.person.banned ?? false, res => res.person?.person.banned ?? false,
); );
expect(alphaUserOnBeta1.person?.person.banned).toBe(true); expect(alphaUserOnBeta1.person?.person.banned).toBe(true);
@ -456,7 +456,7 @@ test("Enforce site ban for federated user", async () => {
); );
expect(searchBeta3.posts[0]).toBeDefined(); expect(searchBeta3.posts[0]).toBeDefined();
let alphaUserOnBeta2 = await resolvePerson(beta, alphaUserActorId); let alphaUserOnBeta2 = await resolvePerson(beta, alphaUserActorId!);
expect(alphaUserOnBeta2.person?.person.banned).toBe(false); expect(alphaUserOnBeta2.person?.person.banned).toBe(false);
}); });
@ -569,10 +569,9 @@ test("Sanitize HTML", async () => {
let form: CreatePost = { let form: CreatePost = {
name, name,
body, body,
auth: beta.auth,
community_id: betaCommunity.community.id, community_id: betaCommunity.community.id,
}; };
let post = await beta.client.createPost(form); let post = await beta.createPost(form);
// first escaping for the api // first escaping for the api
expect(post.post_view.post.body).toBe( expect(post.post_view.post.body).toBe(
"&lt;script>alert(&#x27;xss&#x27;);&lt;/script> hello &amp;&quot;&#x27;", "&lt;script>alert(&#x27;xss&#x27;);&lt;/script> hello &amp;&quot;&#x27;",

336
api_tests/src/shared.ts
Unescape Escape View File

@ -3,7 +3,6 @@ import {
BlockInstanceResponse, BlockInstanceResponse,
GetReplies, GetReplies,
GetRepliesResponse, GetRepliesResponse,
GetUnreadCount,
GetUnreadCountResponse, GetUnreadCountResponse,
InstanceId, InstanceId,
LemmyHttp, LemmyHttp,
@ -56,7 +55,6 @@ import { SaveUserSettings } from "lemmy-js-client/dist/types/SaveUserSettings";
import { DeleteAccount } from "lemmy-js-client/dist/types/DeleteAccount"; import { DeleteAccount } from "lemmy-js-client/dist/types/DeleteAccount";
import { GetSiteResponse } from "lemmy-js-client/dist/types/GetSiteResponse"; import { GetSiteResponse } from "lemmy-js-client/dist/types/GetSiteResponse";
import { DeleteAccountResponse } from "lemmy-js-client/dist/types/DeleteAccountResponse"; import { DeleteAccountResponse } from "lemmy-js-client/dist/types/DeleteAccountResponse";
import { GetSite } from "lemmy-js-client/dist/types/GetSite";
import { PrivateMessagesResponse } from "lemmy-js-client/dist/types/PrivateMessagesResponse"; import { PrivateMessagesResponse } from "lemmy-js-client/dist/types/PrivateMessagesResponse";
import { GetPrivateMessages } from "lemmy-js-client/dist/types/GetPrivateMessages"; import { GetPrivateMessages } from "lemmy-js-client/dist/types/GetPrivateMessages";
import { PostReportResponse } from "lemmy-js-client/dist/types/PostReportResponse"; import { PostReportResponse } from "lemmy-js-client/dist/types/PostReportResponse";
@ -73,35 +71,17 @@ import { GetPersonDetailsResponse } from "lemmy-js-client/dist/types/GetPersonDe
import { GetPersonDetails } from "lemmy-js-client/dist/types/GetPersonDetails"; import { GetPersonDetails } from "lemmy-js-client/dist/types/GetPersonDetails";
import { ListingType } from "lemmy-js-client/dist/types/ListingType"; import { ListingType } from "lemmy-js-client/dist/types/ListingType";
export interface API { export let alphaUrl = "http://127.0.0.1:8541";
client: LemmyHttp; export let betaUrl = "http://127.0.0.1:8551";
auth: string; export let gammaUrl = "http://127.0.0.1:8561";
} export let deltaUrl = "http://127.0.0.1:8571";
export let epsilonUrl = "http://127.0.0.1:8581";
export let alpha: API = {
client: new LemmyHttp("http://127.0.0.1:8541"),
auth: "",
};
export let beta: API = {
client: new LemmyHttp("http://127.0.0.1:8551"),
auth: "",
};
export let gamma: API = {
client: new LemmyHttp("http://127.0.0.1:8561"),
auth: "",
};
export let delta: API = { export let alpha = new LemmyHttp(alphaUrl);
client: new LemmyHttp("http://127.0.0.1:8571"), export let beta = new LemmyHttp(betaUrl);
auth: "", export let gamma = new LemmyHttp(gammaUrl);
}; export let delta = new LemmyHttp(deltaUrl);
export let epsilon = new LemmyHttp(epsilonUrl);
export let epsilon: API = {
client: new LemmyHttp("http://127.0.0.1:8581"),
auth: "",
};
const password = "lemmylemmy"; const password = "lemmylemmy";
@ -110,31 +90,31 @@ export async function setupLogins() {
username_or_email: "lemmy_alpha", username_or_email: "lemmy_alpha",
password, password,
}; };
let resAlpha = alpha.client.login(formAlpha); let resAlpha = alpha.login(formAlpha);
let formBeta: Login = { let formBeta: Login = {
username_or_email: "lemmy_beta", username_or_email: "lemmy_beta",
password, password,
}; };
let resBeta = beta.client.login(formBeta); let resBeta = beta.login(formBeta);
let formGamma: Login = { let formGamma: Login = {
username_or_email: "lemmy_gamma", username_or_email: "lemmy_gamma",
password, password,
}; };
let resGamma = gamma.client.login(formGamma); let resGamma = gamma.login(formGamma);
let formDelta: Login = { let formDelta: Login = {
username_or_email: "lemmy_delta", username_or_email: "lemmy_delta",
password, password,
}; };
let resDelta = delta.client.login(formDelta); let resDelta = delta.login(formDelta);
let formEpsilon: Login = { let formEpsilon: Login = {
username_or_email: "lemmy_epsilon", username_or_email: "lemmy_epsilon",
password, password,
}; };
let resEpsilon = epsilon.client.login(formEpsilon); let resEpsilon = epsilon.login(formEpsilon);
let res = await Promise.all([ let res = await Promise.all([
resAlpha, resAlpha,
@ -143,12 +123,11 @@ export async function setupLogins() {
resDelta, resDelta,
resEpsilon, resEpsilon,
]); ]);
alpha.setHeaders({ auth: res[0].jwt ?? "" });
alpha.auth = res[0].jwt ?? ""; beta.setHeaders({ auth: res[1].jwt ?? "" });
beta.auth = res[1].jwt ?? ""; gamma.setHeaders({ auth: res[2].jwt ?? "" });
gamma.auth = res[2].jwt ?? ""; delta.setHeaders({ auth: res[3].jwt ?? "" });
delta.auth = res[3].jwt ?? ""; epsilon.setHeaders({ auth: res[4].jwt ?? "" });
epsilon.auth = res[4].jwt ?? "";
// Registration applications are now enabled by default, need to disable them // Registration applications are now enabled by default, need to disable them
let editSiteForm: EditSite = { let editSiteForm: EditSite = {
@ -159,45 +138,39 @@ export async function setupLogins() {
rate_limit_image: 999, rate_limit_image: 999,
rate_limit_comment: 999, rate_limit_comment: 999,
rate_limit_search: 999, rate_limit_search: 999,
auth: "",
}; };
// Set the blocks and auths for each // Set the blocks and auths for each
editSiteForm.auth = alpha.auth;
editSiteForm.allowed_instances = [ editSiteForm.allowed_instances = [
"lemmy-beta", "lemmy-beta",
"lemmy-gamma", "lemmy-gamma",
"lemmy-delta", "lemmy-delta",
"lemmy-epsilon", "lemmy-epsilon",
]; ];
await alpha.client.editSite(editSiteForm); await alpha.editSite(editSiteForm);
editSiteForm.auth = beta.auth;
editSiteForm.allowed_instances = [ editSiteForm.allowed_instances = [
"lemmy-alpha", "lemmy-alpha",
"lemmy-gamma", "lemmy-gamma",
"lemmy-delta", "lemmy-delta",
"lemmy-epsilon", "lemmy-epsilon",
]; ];
await beta.client.editSite(editSiteForm); await beta.editSite(editSiteForm);
editSiteForm.auth = gamma.auth;
editSiteForm.allowed_instances = [ editSiteForm.allowed_instances = [
"lemmy-alpha", "lemmy-alpha",
"lemmy-beta", "lemmy-beta",
"lemmy-delta", "lemmy-delta",
"lemmy-epsilon", "lemmy-epsilon",
]; ];
await gamma.client.editSite(editSiteForm); await gamma.editSite(editSiteForm);
editSiteForm.allowed_instances = ["lemmy-beta"]; editSiteForm.allowed_instances = ["lemmy-beta"];
editSiteForm.auth = delta.auth; await delta.editSite(editSiteForm);
await delta.client.editSite(editSiteForm);
editSiteForm.auth = epsilon.auth;
editSiteForm.allowed_instances = []; editSiteForm.allowed_instances = [];
editSiteForm.blocked_instances = ["lemmy-alpha"]; editSiteForm.blocked_instances = ["lemmy-alpha"];
await epsilon.client.editSite(editSiteForm); await epsilon.editSite(editSiteForm);
// Create the main alpha/beta communities // Create the main alpha/beta communities
// Ignore thrown errors of duplicates // Ignore thrown errors of duplicates
@ -215,7 +188,7 @@ export async function setupLogins() {
} }
export async function createPost( export async function createPost(
api: API, api: LemmyHttp,
community_id: number, community_id: number,
): Promise<PostResponse> { ): Promise<PostResponse> {
let name = randomString(5); let name = randomString(5);
@ -227,50 +200,49 @@ export async function createPost(
name, name,
url, url,
body, body,
auth: api.auth,
community_id, community_id,
}; };
return api.client.createPost(form); return api.createPost(form);
} }
export async function editPost(api: API, post: Post): Promise<PostResponse> { export async function editPost(
api: LemmyHttp,
post: Post,
): Promise<PostResponse> {
let name = "A jest test federated post, updated"; let name = "A jest test federated post, updated";
let form: EditPost = { let form: EditPost = {
name, name,
post_id: post.id, post_id: post.id,
auth: api.auth,
}; };
return api.client.editPost(form); return api.editPost(form);
} }
export async function deletePost( export async function deletePost(
api: API, api: LemmyHttp,
deleted: boolean, deleted: boolean,
post: Post, post: Post,
): Promise<PostResponse> { ): Promise<PostResponse> {
let form: DeletePost = { let form: DeletePost = {
post_id: post.id, post_id: post.id,
deleted: deleted, deleted: deleted,
auth: api.auth,
}; };
return api.client.deletePost(form); return api.deletePost(form);
} }
export async function removePost( export async function removePost(
api: API, api: LemmyHttp,
removed: boolean, removed: boolean,
post: Post, post: Post,
): Promise<PostResponse> { ): Promise<PostResponse> {
let form: RemovePost = { let form: RemovePost = {
post_id: post.id, post_id: post.id,
removed, removed,
auth: api.auth,
}; };
return api.client.removePost(form); return api.removePost(form);
} }
export async function featurePost( export async function featurePost(
api: API, api: LemmyHttp,
featured: boolean, featured: boolean,
post: Post, post: Post,
): Promise<PostResponse> { ): Promise<PostResponse> {
@ -278,61 +250,56 @@ export async function featurePost(
post_id: post.id, post_id: post.id,
featured, featured,
feature_type: "Community", feature_type: "Community",
auth: api.auth,
}; };
return api.client.featurePost(form); return api.featurePost(form);
} }
export async function lockPost( export async function lockPost(
api: API, api: LemmyHttp,
locked: boolean, locked: boolean,
post: Post, post: Post,
): Promise<PostResponse> { ): Promise<PostResponse> {
let form: LockPost = { let form: LockPost = {
post_id: post.id, post_id: post.id,
locked, locked,
auth: api.auth,
}; };
return api.client.lockPost(form); return api.lockPost(form);
} }
export async function resolvePost( export async function resolvePost(
api: API, api: LemmyHttp,
post: Post, post: Post,
): Promise<ResolveObjectResponse> { ): Promise<ResolveObjectResponse> {
let form: ResolveObject = { let form: ResolveObject = {
q: post.ap_id, q: post.ap_id,
auth: api.auth,
}; };
return api.client.resolveObject(form); return api.resolveObject(form);
} }
export async function searchPostLocal( export async function searchPostLocal(
api: API, api: LemmyHttp,
post: Post, post: Post,
): Promise<SearchResponse> { ): Promise<SearchResponse> {
let form: Search = { let form: Search = {
q: post.name, q: post.name,
type_: "Posts", type_: "Posts",
sort: "TopAll", sort: "TopAll",
auth: api.auth,
}; };
return api.client.search(form); return api.search(form);
} }
export async function getPost( export async function getPost(
api: API, api: LemmyHttp,
post_id: number, post_id: number,
): Promise<GetPostResponse> { ): Promise<GetPostResponse> {
let form: GetPost = { let form: GetPost = {
id: post_id, id: post_id,
auth: api.auth,
}; };
return api.client.getPost(form); return api.getPost(form);
} }
export async function getComments( export async function getComments(
api: API, api: LemmyHttp,
post_id?: number, post_id?: number,
listingType: ListingType = "All", listingType: ListingType = "All",
): Promise<GetCommentsResponse> { ): Promise<GetCommentsResponse> {
@ -340,75 +307,66 @@ export async function getComments(
post_id: post_id, post_id: post_id,
type_: listingType, type_: listingType,
sort: "New", sort: "New",
auth: api.auth,
}; };
return api.client.getComments(form); return api.getComments(form);
} }
export async function getUnreadCount( export async function getUnreadCount(
api: API, api: LemmyHttp,
): Promise<GetUnreadCountResponse> { ): Promise<GetUnreadCountResponse> {
let form: GetUnreadCount = { return api.getUnreadCount();
auth: api.auth,
};
return api.client.getUnreadCount(form);
} }
export async function getReplies(api: API): Promise<GetRepliesResponse> { export async function getReplies(api: LemmyHttp): Promise<GetRepliesResponse> {
let form: GetReplies = { let form: GetReplies = {
sort: "New", sort: "New",
unread_only: false, unread_only: false,
auth: api.auth,
}; };
return api.client.getReplies(form); return api.getReplies(form);
} }
export async function resolveComment( export async function resolveComment(
api: API, api: LemmyHttp,
comment: Comment, comment: Comment,
): Promise<ResolveObjectResponse> { ): Promise<ResolveObjectResponse> {
let form: ResolveObject = { let form: ResolveObject = {
q: comment.ap_id, q: comment.ap_id,
auth: api.auth,
}; };
return api.client.resolveObject(form); return api.resolveObject(form);
} }
export async function resolveBetaCommunity( export async function resolveBetaCommunity(
api: API, api: LemmyHttp,
): Promise<ResolveObjectResponse> { ): Promise<ResolveObjectResponse> {
// Use short-hand search url // Use short-hand search url
let form: ResolveObject = { let form: ResolveObject = {
q: "!main@lemmy-beta:8551", q: "!main@lemmy-beta:8551",
auth: api.auth,
}; };
return api.client.resolveObject(form); return api.resolveObject(form);
} }
export async function resolveCommunity( export async function resolveCommunity(
api: API, api: LemmyHttp,
q: string, q: string,
): Promise<ResolveObjectResponse> { ): Promise<ResolveObjectResponse> {
let form: ResolveObject = { let form: ResolveObject = {
q, q,
auth: api.auth,
}; };
return api.client.resolveObject(form); return api.resolveObject(form);
} }
export async function resolvePerson( export async function resolvePerson(
api: API, api: LemmyHttp,
apShortname: string, apShortname: string,
): Promise<ResolveObjectResponse> { ): Promise<ResolveObjectResponse> {
let form: ResolveObject = { let form: ResolveObject = {
q: apShortname, q: apShortname,
auth: api.auth,
}; };
return api.client.resolveObject(form); return api.resolveObject(form);
} }
export async function banPersonFromSite( export async function banPersonFromSite(
api: API, api: LemmyHttp,
person_id: number, person_id: number,
ban: boolean, ban: boolean,
remove_data: boolean, remove_data: boolean,
@ -418,13 +376,12 @@ export async function banPersonFromSite(
person_id, person_id,
ban, ban,
remove_data: remove_data, remove_data: remove_data,
auth: api.auth,
}; };
return api.client.banPerson(form); return api.banPerson(form);
} }
export async function banPersonFromCommunity( export async function banPersonFromCommunity(
api: API, api: LemmyHttp,
person_id: number, person_id: number,
community_id: number, community_id: number,
remove_data: boolean, remove_data: boolean,
@ -435,40 +392,37 @@ export async function banPersonFromCommunity(
community_id, community_id,
remove_data: remove_data, remove_data: remove_data,
ban, ban,
auth: api.auth,
}; };
return api.client.banFromCommunity(form); return api.banFromCommunity(form);
} }
export async function followCommunity( export async function followCommunity(
api: API, api: LemmyHttp,
follow: boolean, follow: boolean,
community_id: number, community_id: number,
): Promise<CommunityResponse> { ): Promise<CommunityResponse> {
let form: FollowCommunity = { let form: FollowCommunity = {
community_id, community_id,
follow, follow,
auth: api.auth,
}; };
return api.client.followCommunity(form); return api.followCommunity(form);
} }
export async function likePost( export async function likePost(
api: API, api: LemmyHttp,
score: number, score: number,
post: Post, post: Post,
): Promise<PostResponse> { ): Promise<PostResponse> {
let form: CreatePostLike = { let form: CreatePostLike = {
post_id: post.id, post_id: post.id,
score: score, score: score,
auth: api.auth,
}; };
return api.client.likePost(form); return api.likePost(form);
} }
export async function createComment( export async function createComment(
api: API, api: LemmyHttp,
post_id: number, post_id: number,
parent_id?: number, parent_id?: number,
content = "a jest test comment", content = "a jest test comment",
@ -477,76 +431,70 @@ export async function createComment(
content, content,
post_id, post_id,
parent_id, parent_id,
auth: api.auth,
}; };
return api.client.createComment(form); return api.createComment(form);
} }
export async function editComment( export async function editComment(
api: API, api: LemmyHttp,
comment_id: number, comment_id: number,
content = "A jest test federated comment update", content = "A jest test federated comment update",
): Promise<CommentResponse> { ): Promise<CommentResponse> {
let form: EditComment = { let form: EditComment = {
content, content,
comment_id, comment_id,
auth: api.auth,
}; };
return api.client.editComment(form); return api.editComment(form);
} }
export async function deleteComment( export async function deleteComment(
api: API, api: LemmyHttp,
deleted: boolean, deleted: boolean,
comment_id: number, comment_id: number,
): Promise<CommentResponse> { ): Promise<CommentResponse> {
let form: DeleteComment = { let form: DeleteComment = {
comment_id, comment_id,
deleted, deleted,
auth: api.auth,
}; };
return api.client.deleteComment(form); return api.deleteComment(form);
} }
export async function removeComment( export async function removeComment(
api: API, api: LemmyHttp,
removed: boolean, removed: boolean,
comment_id: number, comment_id: number,
): Promise<CommentResponse> { ): Promise<CommentResponse> {
let form: RemoveComment = { let form: RemoveComment = {
comment_id, comment_id,
removed, removed,
auth: api.auth,
}; };
return api.client.removeComment(form); return api.removeComment(form);
} }
export async function getMentions( export async function getMentions(
api: API, api: LemmyHttp,
): Promise<GetPersonMentionsResponse> { ): Promise<GetPersonMentionsResponse> {
let form: GetPersonMentions = { let form: GetPersonMentions = {
sort: "New", sort: "New",
unread_only: false, unread_only: false,
auth: api.auth,
}; };
return api.client.getPersonMentions(form); return api.getPersonMentions(form);
} }
export async function likeComment( export async function likeComment(
api: API, api: LemmyHttp,
score: number, score: number,
comment: Comment, comment: Comment,
): Promise<CommentResponse> { ): Promise<CommentResponse> {
let form: CreateCommentLike = { let form: CreateCommentLike = {
comment_id: comment.id, comment_id: comment.id,
score, score,
auth: api.auth,
}; };
return api.client.likeComment(form); return api.likeComment(form);
} }
export async function createCommunity( export async function createCommunity(
api: API, api: LemmyHttp,
name_: string = randomString(5), name_: string = randomString(5),
): Promise<CommunityResponse> { ): Promise<CommunityResponse> {
let description = "a sample description"; let description = "a sample description";
@ -554,100 +502,92 @@ export async function createCommunity(
name: name_, name: name_,
title: name_, title: name_,
description, description,
auth: api.auth,
}; };
return api.client.createCommunity(form); return api.createCommunity(form);
} }
export async function getCommunity( export async function getCommunity(
api: API, api: LemmyHttp,
id: number, id: number,
): Promise<CommunityResponse> { ): Promise<CommunityResponse> {
let form: GetCommunity = { let form: GetCommunity = {
id, id,
auth: api.auth,
}; };
return api.client.getCommunity(form); return api.getCommunity(form);
} }
export async function getCommunityByName( export async function getCommunityByName(
api: API, api: LemmyHttp,
name: string, name: string,
): Promise<CommunityResponse> { ): Promise<CommunityResponse> {
let form: GetCommunity = { let form: GetCommunity = {
name, name,
auth: api.auth,
}; };
return api.client.getCommunity(form); return api.getCommunity(form);
} }
export async function deleteCommunity( export async function deleteCommunity(
api: API, api: LemmyHttp,
deleted: boolean, deleted: boolean,
community_id: number, community_id: number,
): Promise<CommunityResponse> { ): Promise<CommunityResponse> {
let form: DeleteCommunity = { let form: DeleteCommunity = {
community_id, community_id,
deleted, deleted,
auth: api.auth,
}; };
return api.client.deleteCommunity(form); return api.deleteCommunity(form);
} }
export async function removeCommunity( export async function removeCommunity(
api: API, api: LemmyHttp,
removed: boolean, removed: boolean,
community_id: number, community_id: number,
): Promise<CommunityResponse> { ): Promise<CommunityResponse> {
let form: RemoveCommunity = { let form: RemoveCommunity = {
community_id, community_id,
removed, removed,
auth: api.auth,
}; };
return api.client.removeCommunity(form); return api.removeCommunity(form);
} }
export async function createPrivateMessage( export async function createPrivateMessage(
api: API, api: LemmyHttp,
recipient_id: number, recipient_id: number,
): Promise<PrivateMessageResponse> { ): Promise<PrivateMessageResponse> {
let content = "A jest test federated private message"; let content = "A jest test federated private message";
let form: CreatePrivateMessage = { let form: CreatePrivateMessage = {
content, content,
recipient_id, recipient_id,
auth: api.auth,
}; };
return api.client.createPrivateMessage(form); return api.createPrivateMessage(form);
} }
export async function editPrivateMessage( export async function editPrivateMessage(
api: API, api: LemmyHttp,
private_message_id: number, private_message_id: number,
): Promise<PrivateMessageResponse> { ): Promise<PrivateMessageResponse> {
let updatedContent = "A jest test federated private message edited"; let updatedContent = "A jest test federated private message edited";
let form: EditPrivateMessage = { let form: EditPrivateMessage = {
content: updatedContent, content: updatedContent,
private_message_id, private_message_id,
auth: api.auth,
}; };
return api.client.editPrivateMessage(form); return api.editPrivateMessage(form);
} }
export async function deletePrivateMessage( export async function deletePrivateMessage(
api: API, api: LemmyHttp,
deleted: boolean, deleted: boolean,
private_message_id: number, private_message_id: number,
): Promise<PrivateMessageResponse> { ): Promise<PrivateMessageResponse> {
let form: DeletePrivateMessage = { let form: DeletePrivateMessage = {
deleted, deleted,
private_message_id, private_message_id,
auth: api.auth,
}; };
return api.client.deletePrivateMessage(form); return api.deletePrivateMessage(form);
} }
export async function registerUser( export async function registerUser(
api: API, api: LemmyHttp,
username: string = randomString(5), username: string = randomString(5),
): Promise<LoginResponse> { ): Promise<LoginResponse> {
let form: Register = { let form: Register = {
@ -656,10 +596,12 @@ export async function registerUser(
password_verify: password, password_verify: password,
show_nsfw: true, show_nsfw: true,
}; };
return api.client.register(form); return api.register(form);
} }
export async function saveUserSettingsBio(api: API): Promise<LoginResponse> { export async function saveUserSettingsBio(
api: LemmyHttp,
): Promise<LoginResponse> {
let form: SaveUserSettings = { let form: SaveUserSettings = {
show_nsfw: true, show_nsfw: true,
blur_nsfw: false, blur_nsfw: false,
@ -671,13 +613,12 @@ export async function saveUserSettingsBio(api: API): Promise<LoginResponse> {
show_avatars: true, show_avatars: true,
send_notifications_to_email: false, send_notifications_to_email: false,
bio: "a changed bio", bio: "a changed bio",
auth: api.auth,
}; };
return saveUserSettings(api, form); return saveUserSettings(api, form);
} }
export async function saveUserSettingsFederated( export async function saveUserSettingsFederated(
api: API, api: LemmyHttp,
): Promise<LoginResponse> { ): Promise<LoginResponse> {
let avatar = "https://image.flaticon.com/icons/png/512/35/35896.png"; let avatar = "https://image.flaticon.com/icons/png/512/35/35896.png";
let banner = "https://image.flaticon.com/icons/png/512/36/35896.png"; let banner = "https://image.flaticon.com/icons/png/512/36/35896.png";
@ -695,55 +636,52 @@ export async function saveUserSettingsFederated(
show_avatars: false, show_avatars: false,
send_notifications_to_email: false, send_notifications_to_email: false,
bio, bio,
auth: api.auth,
}; };
return await saveUserSettings(alpha, form); return await saveUserSettings(api, form);
} }
export async function saveUserSettings( export async function saveUserSettings(
api: API, api: LemmyHttp,
form: SaveUserSettings, form: SaveUserSettings,
): Promise<LoginResponse> { ): Promise<LoginResponse> {
return api.client.saveUserSettings(form); return api.saveUserSettings(form);
} }
export async function getPersonDetails( export async function getPersonDetails(
api: API, api: LemmyHttp,
person_id: number, person_id: number,
): Promise<GetPersonDetailsResponse> { ): Promise<GetPersonDetailsResponse> {
let form: GetPersonDetails = { let form: GetPersonDetails = {
auth: api.auth,
person_id: person_id, person_id: person_id,
}; };
return api.client.getPersonDetails(form); return api.getPersonDetails(form);
} }
export async function deleteUser(api: API): Promise<DeleteAccountResponse> { export async function deleteUser(
api: LemmyHttp,
): Promise<DeleteAccountResponse> {
let form: DeleteAccount = { let form: DeleteAccount = {
auth: api.auth,
delete_content: true, delete_content: true,
password, password,
}; };
return api.client.deleteAccount(form); return api.deleteAccount(form);
} }
export async function getSite(api: API): Promise<GetSiteResponse> { export async function getSite(api: LemmyHttp): Promise<GetSiteResponse> {
let form: GetSite = { return api.getSite();
auth: api.auth,
};
return api.client.getSite(form);
} }
export async function listPrivateMessages( export async function listPrivateMessages(
api: API, api: LemmyHttp,
): Promise<PrivateMessagesResponse> { ): Promise<PrivateMessagesResponse> {
let form: GetPrivateMessages = { let form: GetPrivateMessages = {
auth: api.auth,
unread_only: false, unread_only: false,
}; };
return api.client.getPrivateMessages(form); return api.getPrivateMessages(form);
} }
export async function unfollowRemotes(api: API): Promise<GetSiteResponse> { export async function unfollowRemotes(
api: LemmyHttp,
): Promise<GetSiteResponse> {
// Unfollow all remote communities // Unfollow all remote communities
let site = await getSite(api); let site = await getSite(api);
let remoteFollowed = let remoteFollowed =
@ -755,7 +693,7 @@ export async function unfollowRemotes(api: API): Promise<GetSiteResponse> {
return siteRes; return siteRes;
} }
export async function followBeta(api: API): Promise<CommunityResponse> { export async function followBeta(api: LemmyHttp): Promise<CommunityResponse> {
let betaCommunity = (await resolveBetaCommunity(api)).community; let betaCommunity = (await resolveBetaCommunity(api)).community;
if (betaCommunity) { if (betaCommunity) {
let follow = await followCommunity(api, true, betaCommunity.community.id); let follow = await followCommunity(api, true, betaCommunity.community.id);
@ -766,71 +704,63 @@ export async function followBeta(api: API): Promise<CommunityResponse> {
} }
export async function reportPost( export async function reportPost(
api: API, api: LemmyHttp,
post_id: number, post_id: number,
reason: string, reason: string,
): Promise<PostReportResponse> { ): Promise<PostReportResponse> {
let form: CreatePostReport = { let form: CreatePostReport = {
post_id, post_id,
reason, reason,
auth: api.auth,
}; };
return api.client.createPostReport(form); return api.createPostReport(form);
} }
export async function listPostReports( export async function listPostReports(
api: API, api: LemmyHttp,
): Promise<ListPostReportsResponse> { ): Promise<ListPostReportsResponse> {
let form: ListPostReports = { let form: ListPostReports = {};
auth: api.auth, return api.listPostReports(form);
};
return api.client.listPostReports(form);
} }
export async function reportComment( export async function reportComment(
api: API, api: LemmyHttp,
comment_id: number, comment_id: number,
reason: string, reason: string,
): Promise<CommentReportResponse> { ): Promise<CommentReportResponse> {
let form: CreateCommentReport = { let form: CreateCommentReport = {
comment_id, comment_id,
reason, reason,
auth: api.auth,
}; };
return api.client.createCommentReport(form); return api.createCommentReport(form);
} }
export async function listCommentReports( export async function listCommentReports(
api: API, api: LemmyHttp,
): Promise<ListCommentReportsResponse> { ): Promise<ListCommentReportsResponse> {
let form: ListCommentReports = { let form: ListCommentReports = {};
auth: api.auth, return api.listCommentReports(form);
};
return api.client.listCommentReports(form);
} }
export function getPosts( export function getPosts(
api: API, api: LemmyHttp,
listingType?: ListingType, listingType?: ListingType,
): Promise<GetPostsResponse> { ): Promise<GetPostsResponse> {
let form: GetPosts = { let form: GetPosts = {
auth: api.auth,
type_: listingType, type_: listingType,
}; };
return api.client.getPosts(form); return api.getPosts(form);
} }
export function blockInstance( export function blockInstance(
api: API, api: LemmyHttp,
instance_id: InstanceId, instance_id: InstanceId,
block: boolean, block: boolean,
): Promise<BlockInstanceResponse> { ): Promise<BlockInstanceResponse> {
let form: BlockInstance = { let form: BlockInstance = {
instance_id, instance_id,
block, block,
auth: api.auth,
}; };
return api.client.blockInstance(form); return api.blockInstance(form);
} }
export function delay(millis = 500) { export function delay(millis = 500) {

28
api_tests/src/user.spec.ts
Unescape Escape View File

@ -13,10 +13,10 @@ import {
resolveBetaCommunity, resolveBetaCommunity,
deleteUser, deleteUser,
resolvePost, resolvePost,
API,
resolveComment, resolveComment,
saveUserSettingsFederated, saveUserSettingsFederated,
setupLogins, setupLogins,
alphaUrl,
} from "./shared"; } from "./shared";
import { LemmyHttp } from "lemmy-js-client"; import { LemmyHttp } from "lemmy-js-client";
import { GetPosts } from "lemmy-js-client/dist/types/GetPosts"; import { GetPosts } from "lemmy-js-client/dist/types/GetPosts";
@ -40,9 +40,11 @@ function assertUserFederation(userOne?: PersonView, userTwo?: PersonView) {
test("Create user", async () => { test("Create user", async () => {
let userRes = await registerUser(alpha); let userRes = await registerUser(alpha);
expect(userRes.jwt).toBeDefined(); expect(userRes.jwt).toBeDefined();
alpha.auth = userRes.jwt ?? ""; let user = new LemmyHttp(alphaUrl, {
headers: { auth: userRes.jwt ?? "" },
});
let site = await getSite(alpha); let site = await getSite(user);
expect(site.my_user).toBeDefined(); expect(site.my_user).toBeDefined();
if (!site.my_user) { if (!site.my_user) {
throw "Missing site user"; throw "Missing site user";
@ -60,10 +62,9 @@ test("Set some user settings, check that they are federated", async () => {
test("Delete user", async () => { test("Delete user", async () => {
let userRes = await registerUser(alpha); let userRes = await registerUser(alpha);
expect(userRes.jwt).toBeDefined(); expect(userRes.jwt).toBeDefined();
let user: API = { let user = new LemmyHttp(alphaUrl, {
client: alpha.client, headers: { auth: userRes.jwt ?? "" },
auth: userRes.jwt ?? "", });
};
// make a local post and comment // make a local post and comment
let alphaCommunity = (await resolveCommunity(user, "!main@lemmy-alpha:8541")) let alphaCommunity = (await resolveCommunity(user, "!main@lemmy-alpha:8541"))
@ -107,17 +108,14 @@ test("Delete user", async () => {
}); });
test("Requests with invalid auth should be treated as unauthenticated", async () => { test("Requests with invalid auth should be treated as unauthenticated", async () => {
let invalid_auth: API = { let invalid_auth = new LemmyHttp(alphaUrl, {
client: new LemmyHttp("http://127.0.0.1:8541"), headers: { auth: "" },
auth: "invalid", });
};
let site = await getSite(invalid_auth); let site = await getSite(invalid_auth);
expect(site.my_user).toBeUndefined(); expect(site.my_user).toBeUndefined();
expect(site.site_view).toBeDefined(); expect(site.site_view).toBeDefined();
let form: GetPosts = { let form: GetPosts = {};
auth: "invalid", let posts = invalid_auth.getPosts(form);
};
let posts = invalid_auth.client.getPosts(form);
expect((await posts).posts).toBeDefined(); expect((await posts).posts).toBeDefined();
}); });

8
api_tests/yarn.lock
Unescape Escape View File

@ -2174,10 +2174,10 @@ kleur@^3.0.3:
resolved "https://registry.yarnpkg.com/kleur/-/kleur-3.0.3.tgz#a79c9ecc86ee1ce3fa6206d1216c501f147fc07e" resolved "https://registry.yarnpkg.com/kleur/-/kleur-3.0.3.tgz#a79c9ecc86ee1ce3fa6206d1216c501f147fc07e"
integrity sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w== integrity sha512-eTIzlVOSUR+JxdDFepEYcBMtZ9Qqdef+rnzWdRZuMbOywu5tO2w2N7rqjoANZ5k9vywhL6Br1VRjUIgTQx4E8w==
lemmy-js-client@0.19.0-rc.5: lemmy-js-client@0.19.0-rc.12:
version "0.19.0-rc.5" version "0.19.0-rc.12"
resolved "https://registry.yarnpkg.com/lemmy-js-client/-/lemmy-js-client-0.19.0-rc.5.tgz#a0d3e0ac829b1e46124edcf3a0343ae04317d51a" resolved "https://registry.yarnpkg.com/lemmy-js-client/-/lemmy-js-client-0.19.0-rc.12.tgz#e3bd4e21b1966d583ab790ef70ece8394b012b48"
integrity sha512-Z1T95Ht1VZNvWlLH9XpVnO2oC7LhMT81jTiU5BhYPIkEtGhOwN91jk5uI1oyI6/d4v9lwbrsyzFYPsiuMmXTFQ== integrity sha512-1iu2fW9vlb3TrI+QR/ODP3+5pWZB0rUqL1wH09IzomDXohCqoQvfmXpwArmgF4Eq8GZgjkcfeMDC2gMrfw/i7Q==
dependencies: dependencies:
cross-fetch "^3.1.5" cross-fetch "^3.1.5"
form-data "^4.0.0" form-data "^4.0.0"

7
crates/api/src/comment/distinguish.rs
Unescape Escape View File

@ -2,22 +2,21 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
comment::{CommentResponse, DistinguishComment}, comment::{CommentResponse, DistinguishComment},
context::LemmyContext, context::LemmyContext,
utils::{check_community_ban, is_mod_or_admin, local_user_view_from_jwt}, utils::{check_community_ban, is_mod_or_admin},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::comment::{Comment, CommentUpdateForm}, source::comment::{Comment, CommentUpdateForm},
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::CommentView; use lemmy_db_views::structs::{CommentView, LocalUserView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn distinguish_comment( pub async fn distinguish_comment(
data: Json<DistinguishComment>, data: Json<DistinguishComment>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommentResponse>, LemmyError> { ) -> Result<Json<CommentResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let orig_comment = CommentView::read(&mut context.pool(), data.comment_id, None).await?; let orig_comment = CommentView::read(&mut context.pool(), data.comment_id, None).await?;
check_community_ban( check_community_ban(

4
crates/api/src/comment/like.rs
Unescape Escape View File

@ -5,7 +5,7 @@ use lemmy_api_common::{
comment::{CommentResponse, CreateCommentLike}, comment::{CommentResponse, CreateCommentLike},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{check_community_ban, check_downvotes_enabled, local_user_view_from_jwt}, utils::{check_community_ban, check_downvotes_enabled},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
newtypes::LocalUserId, newtypes::LocalUserId,
@ -24,9 +24,9 @@ use std::ops::Deref;
pub async fn like_comment( pub async fn like_comment(
data: Json<CreateCommentLike>, data: Json<CreateCommentLike>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommentResponse>, LemmyError> { ) -> Result<Json<CommentResponse>, LemmyError> {
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let mut recipient_ids = Vec::<LocalUserId>::new(); let mut recipient_ids = Vec::<LocalUserId>::new();

6
crates/api/src/comment/save.rs
Unescape Escape View File

@ -2,22 +2,20 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
comment::{CommentResponse, SaveComment}, comment::{CommentResponse, SaveComment},
context::LemmyContext, context::LemmyContext,
utils::local_user_view_from_jwt,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::comment::{CommentSaved, CommentSavedForm}, source::comment::{CommentSaved, CommentSavedForm},
traits::Saveable, traits::Saveable,
}; };
use lemmy_db_views::structs::CommentView; use lemmy_db_views::structs::{CommentView, LocalUserView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn save_comment( pub async fn save_comment(
data: Json<SaveComment>, data: Json<SaveComment>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommentResponse>, LemmyError> { ) -> Result<Json<CommentResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let comment_saved_form = CommentSavedForm { let comment_saved_form = CommentSavedForm {
comment_id: data.comment_id, comment_id: data.comment_id,
person_id: local_user_view.person.id, person_id: local_user_view.person.id,

11
crates/api/src/comment_report/create.rs
Unescape Escape View File

@ -5,12 +5,7 @@ use lemmy_api_common::{
comment::{CommentReportResponse, CreateCommentReport}, comment::{CommentReportResponse, CreateCommentReport},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{ utils::{check_community_ban, sanitize_html_api, send_new_report_email_to_admins},
check_community_ban,
local_user_view_from_jwt,
sanitize_html_api,
send_new_report_email_to_admins,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -19,7 +14,7 @@ use lemmy_db_schema::{
}, },
traits::Reportable, traits::Reportable,
}; };
use lemmy_db_views::structs::{CommentReportView, CommentView}; use lemmy_db_views::structs::{CommentReportView, CommentView, LocalUserView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
/// Creates a comment report and notifies the moderators of the community /// Creates a comment report and notifies the moderators of the community
@ -27,8 +22,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn create_comment_report( pub async fn create_comment_report(
data: Json<CreateCommentReport>, data: Json<CreateCommentReport>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommentReportResponse>, LemmyError> { ) -> Result<Json<CommentReportResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let reason = sanitize_html_api(data.reason.trim()); let reason = sanitize_html_api(data.reason.trim());

6
crates/api/src/comment_report/list.rs
Unescape Escape View File

@ -2,9 +2,8 @@ use actix_web::web::{Data, Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
comment::{ListCommentReports, ListCommentReportsResponse}, comment::{ListCommentReports, ListCommentReportsResponse},
context::LemmyContext, context::LemmyContext,
utils::local_user_view_from_jwt,
}; };
use lemmy_db_views::comment_report_view::CommentReportQuery; use lemmy_db_views::{comment_report_view::CommentReportQuery, structs::LocalUserView};
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
/// Lists comment reports for a community if an id is supplied /// Lists comment reports for a community if an id is supplied
@ -13,9 +12,8 @@ use lemmy_utils::error::LemmyError;
pub async fn list_comment_reports( pub async fn list_comment_reports(
data: Query<ListCommentReports>, data: Query<ListCommentReports>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<ListCommentReportsResponse>, LemmyError> { ) -> Result<Json<ListCommentReportsResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let community_id = data.community_id; let community_id = data.community_id;
let unresolved_only = data.unresolved_only.unwrap_or_default(); let unresolved_only = data.unresolved_only.unwrap_or_default();

7
crates/api/src/comment_report/resolve.rs
Unescape Escape View File

@ -2,10 +2,10 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
comment::{CommentReportResponse, ResolveCommentReport}, comment::{CommentReportResponse, ResolveCommentReport},
context::LemmyContext, context::LemmyContext,
utils::{is_mod_or_admin, local_user_view_from_jwt}, utils::is_mod_or_admin,
}; };
use lemmy_db_schema::{source::comment_report::CommentReport, traits::Reportable}; use lemmy_db_schema::{source::comment_report::CommentReport, traits::Reportable};
use lemmy_db_views::structs::CommentReportView; use lemmy_db_views::structs::{CommentReportView, LocalUserView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
/// Resolves or unresolves a comment report and notifies the moderators of the community /// Resolves or unresolves a comment report and notifies the moderators of the community
@ -13,9 +13,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn resolve_comment_report( pub async fn resolve_comment_report(
data: Json<ResolveCommentReport>, data: Json<ResolveCommentReport>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommentReportResponse>, LemmyError> { ) -> Result<Json<CommentReportResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let report_id = data.report_id; let report_id = data.report_id;
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;
let report = CommentReportView::read(&mut context.pool(), report_id, person_id).await?; let report = CommentReportView::read(&mut context.pool(), report_id, person_id).await?;

6
crates/api/src/community/add_mod.rs
Unescape Escape View File

@ -4,7 +4,7 @@ use lemmy_api_common::{
community::{AddModToCommunity, AddModToCommunityResponse}, community::{AddModToCommunity, AddModToCommunityResponse},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{is_mod_or_admin, local_user_view_from_jwt}, utils::is_mod_or_admin,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -13,6 +13,7 @@ use lemmy_db_schema::{
}, },
traits::{Crud, Joinable}, traits::{Crud, Joinable},
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::structs::CommunityModeratorView; use lemmy_db_views_actor::structs::CommunityModeratorView;
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
@ -20,9 +21,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn add_mod_to_community( pub async fn add_mod_to_community(
data: Json<AddModToCommunity>, data: Json<AddModToCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<AddModToCommunityResponse>, LemmyError> { ) -> Result<Json<AddModToCommunityResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let community_id = data.community_id; let community_id = data.community_id;
// Verify that only mods or admins can add mod // Verify that only mods or admins can add mod

11
crates/api/src/community/ban.rs
Unescape Escape View File

@ -4,12 +4,7 @@ use lemmy_api_common::{
community::{BanFromCommunity, BanFromCommunityResponse}, community::{BanFromCommunity, BanFromCommunityResponse},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{ utils::{is_mod_or_admin, remove_user_data_in_community, sanitize_html_api_opt},
is_mod_or_admin,
local_user_view_from_jwt,
remove_user_data_in_community,
sanitize_html_api_opt,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -23,6 +18,7 @@ use lemmy_db_schema::{
}, },
traits::{Bannable, Crud, Followable}, traits::{Bannable, Crud, Followable},
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::structs::PersonView; use lemmy_db_views_actor::structs::PersonView;
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
@ -33,9 +29,8 @@ use lemmy_utils::{
pub async fn ban_from_community( pub async fn ban_from_community(
data: Json<BanFromCommunity>, data: Json<BanFromCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<BanFromCommunityResponse>, LemmyError> { ) -> Result<Json<BanFromCommunityResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let banned_person_id = data.person_id; let banned_person_id = data.person_id;
let remove_data = data.remove_data.unwrap_or(false); let remove_data = data.remove_data.unwrap_or(false);
let expires = data.expires.map(naive_from_unix); let expires = data.expires.map(naive_from_unix);

5
crates/api/src/community/block.rs
Unescape Escape View File

@ -4,7 +4,6 @@ use lemmy_api_common::{
community::{BlockCommunity, BlockCommunityResponse}, community::{BlockCommunity, BlockCommunityResponse},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -13,6 +12,7 @@ use lemmy_db_schema::{
}, },
traits::{Blockable, Followable}, traits::{Blockable, Followable},
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::structs::CommunityView; use lemmy_db_views_actor::structs::CommunityView;
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
@ -20,9 +20,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn block_community( pub async fn block_community(
data: Json<BlockCommunity>, data: Json<BlockCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<BlockCommunityResponse>, LemmyError> { ) -> Result<Json<BlockCommunityResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let community_id = data.community_id; let community_id = data.community_id;
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;
let community_block_form = CommunityBlockForm { let community_block_form = CommunityBlockForm {

6
crates/api/src/community/follow.rs
Unescape Escape View File

@ -4,7 +4,7 @@ use lemmy_api_common::{
community::{CommunityResponse, FollowCommunity}, community::{CommunityResponse, FollowCommunity},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{check_community_ban, check_community_deleted_or_removed, local_user_view_from_jwt}, utils::{check_community_ban, check_community_deleted_or_removed},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -13,6 +13,7 @@ use lemmy_db_schema::{
}, },
traits::{Crud, Followable}, traits::{Crud, Followable},
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::structs::CommunityView; use lemmy_db_views_actor::structs::CommunityView;
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
@ -20,9 +21,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn follow_community( pub async fn follow_community(
data: Json<FollowCommunity>, data: Json<FollowCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommunityResponse>, LemmyError> { ) -> Result<Json<CommunityResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let community = Community::read(&mut context.pool(), data.community_id).await?; let community = Community::read(&mut context.pool(), data.community_id).await?;
let mut community_follower_form = CommunityFollowerForm { let mut community_follower_form = CommunityFollowerForm {
community_id: community.id, community_id: community.id,

5
crates/api/src/community/hide.rs
Unescape Escape View File

@ -5,7 +5,7 @@ use lemmy_api_common::{
community::{CommunityResponse, HideCommunity}, community::{CommunityResponse, HideCommunity},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api_opt}, utils::{is_admin, sanitize_html_api_opt},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -14,15 +14,16 @@ use lemmy_db_schema::{
}, },
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn hide_community( pub async fn hide_community(
data: Json<HideCommunity>, data: Json<HideCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommunityResponse>, LemmyError> { ) -> Result<Json<CommunityResponse>, LemmyError> {
// Verify its a admin (only admin can hide or unhide it) // Verify its a admin (only admin can hide or unhide it)
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
is_admin(&local_user_view)?; is_admin(&local_user_view)?;
let community_form = CommunityUpdateForm { let community_form = CommunityUpdateForm {

6
crates/api/src/community/transfer.rs
Unescape Escape View File

@ -3,7 +3,7 @@ use anyhow::Context;
use lemmy_api_common::{ use lemmy_api_common::{
community::{GetCommunityResponse, TransferCommunity}, community::{GetCommunityResponse, TransferCommunity},
context::LemmyContext, context::LemmyContext,
utils::{is_admin, is_top_mod, local_user_view_from_jwt}, utils::{is_admin, is_top_mod},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -12,6 +12,7 @@ use lemmy_db_schema::{
}, },
traits::{Crud, Joinable}, traits::{Crud, Joinable},
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::structs::{CommunityModeratorView, CommunityView}; use lemmy_db_views_actor::structs::{CommunityModeratorView, CommunityView};
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
@ -24,9 +25,8 @@ use lemmy_utils::{
pub async fn transfer_community( pub async fn transfer_community(
data: Json<TransferCommunity>, data: Json<TransferCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<GetCommunityResponse>, LemmyError> { ) -> Result<Json<GetCommunityResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Fetch the community mods // Fetch the community mods
let community_id = data.community_id; let community_id = data.community_id;
let mut community_mods = let mut community_mods =

62
crates/api/src/lib.rs
Unescape Escape View File

@ -126,68 +126,6 @@ mod tests {
#![allow(clippy::indexing_slicing)] #![allow(clippy::indexing_slicing)]
use super::*; use super::*;
use lemmy_api_common::utils::check_validator_time;
use lemmy_db_schema::{
source::{
instance::Instance,
local_user::{LocalUser, LocalUserInsertForm},
person::{Person, PersonInsertForm},
secret::Secret,
},
traits::Crud,
utils::build_db_pool_for_tests,
};
use lemmy_utils::{claims::Claims, settings::SETTINGS};
use serial_test::serial;
#[tokio::test]
#[serial]
async fn test_should_not_validate_user_token_after_password_change() {
let pool = &build_db_pool_for_tests().await;
let pool = &mut pool.into();
let secret = Secret::init(pool).await.unwrap();
let settings = &SETTINGS.to_owned();
let inserted_instance = Instance::read_or_create(pool, "my_domain.tld".to_string())
.await
.unwrap();
let new_person = PersonInsertForm::builder()
.name("Gerry9812".into())
.public_key("pubkey".to_string())
.instance_id(inserted_instance.id)
.build();
let inserted_person = Person::create(pool, &new_person).await.unwrap();
let local_user_form = LocalUserInsertForm::builder()
.person_id(inserted_person.id)
.password_encrypted("123456".to_string())
.build();
let inserted_local_user = LocalUser::create(pool, &local_user_form).await.unwrap();
let jwt = Claims::jwt(
inserted_local_user.id.0,
&secret.jwt_secret,
&settings.hostname,
)
.unwrap();
let claims = Claims::decode(&jwt, &secret.jwt_secret).unwrap().claims;
let check = check_validator_time(&inserted_local_user.validator_time, &claims);
assert!(check.is_ok());
// The check should fail, since the validator time is now newer than the jwt issue time
let updated_local_user =
LocalUser::update_password(pool, inserted_local_user.id, "password111")
.await
.unwrap();
let check_after = check_validator_time(&updated_local_user.validator_time, &claims);
assert!(check_after.is_err());
let num_deleted = Person::delete(pool, inserted_person.id).await.unwrap();
assert_eq!(1, num_deleted);
}
#[test] #[test]
fn test_build_totp() { fn test_build_totp() {

5
crates/api/src/local_user/add_admin.rs
Unescape Escape View File

@ -2,7 +2,7 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{AddAdmin, AddAdminResponse}, person::{AddAdmin, AddAdminResponse},
utils::{is_admin, local_user_view_from_jwt}, utils::is_admin,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -19,9 +19,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn add_admin( pub async fn add_admin(
data: Json<AddAdmin>, data: Json<AddAdmin>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<AddAdminResponse>, LemmyError> { ) -> Result<Json<AddAdminResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Make sure user is an admin // Make sure user is an admin
is_admin(&local_user_view)?; is_admin(&local_user_view)?;

6
crates/api/src/local_user/ban_person.rs
Unescape Escape View File

@ -4,7 +4,7 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{BanPerson, BanPersonResponse}, person::{BanPerson, BanPersonResponse},
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{is_admin, local_user_view_from_jwt, remove_user_data, sanitize_html_api_opt}, utils::{is_admin, remove_user_data, sanitize_html_api_opt},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -13,6 +13,7 @@ use lemmy_db_schema::{
}, },
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::structs::PersonView; use lemmy_db_views_actor::structs::PersonView;
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
@ -22,9 +23,8 @@ use lemmy_utils::{
pub async fn ban_from_site( pub async fn ban_from_site(
data: Json<BanPerson>, data: Json<BanPerson>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<BanPersonResponse>, LemmyError> { ) -> Result<Json<BanPersonResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Make sure user is an admin // Make sure user is an admin
is_admin(&local_user_view)?; is_admin(&local_user_view)?;

4
crates/api/src/local_user/block.rs
Unescape Escape View File

@ -2,7 +2,6 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{BlockPerson, BlockPersonResponse}, person::{BlockPerson, BlockPersonResponse},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::person_block::{PersonBlock, PersonBlockForm}, source::person_block::{PersonBlock, PersonBlockForm},
@ -16,9 +15,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn block_person( pub async fn block_person(
data: Json<BlockPerson>, data: Json<BlockPerson>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<BlockPersonResponse>, LemmyError> { ) -> Result<Json<BlockPersonResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let target_id = data.person_id; let target_id = data.person_id;
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;

6
crates/api/src/local_user/change_password.rs
Unescape Escape View File

@ -3,9 +3,10 @@ use bcrypt::verify;
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{ChangePassword, LoginResponse}, person::{ChangePassword, LoginResponse},
utils::{local_user_view_from_jwt, password_length_check}, utils::password_length_check,
}; };
use lemmy_db_schema::source::local_user::LocalUser; use lemmy_db_schema::source::local_user::LocalUser;
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::{ use lemmy_utils::{
claims::Claims, claims::Claims,
error::{LemmyError, LemmyErrorType}, error::{LemmyError, LemmyErrorType},
@ -15,9 +16,8 @@ use lemmy_utils::{
pub async fn change_password( pub async fn change_password(
data: Json<ChangePassword>, data: Json<ChangePassword>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<LoginResponse>, LemmyError> { ) -> Result<Json<LoginResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(data.auth.as_ref(), &context).await?;
password_length_check(&data.new_password)?; password_length_check(&data.new_password)?;
// Make sure passwords match // Make sure passwords match

13
crates/api/src/local_user/list_banned.rs
Unescape Escape View File

@ -1,18 +1,13 @@
use actix_web::web::{Data, Json, Query}; use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{context::LemmyContext, person::BannedPersonsResponse, utils::is_admin};
context::LemmyContext, use lemmy_db_views::structs::LocalUserView;
person::{BannedPersonsResponse, GetBannedPersons},
utils::{is_admin, local_user_view_from_jwt},
};
use lemmy_db_views_actor::structs::PersonView; use lemmy_db_views_actor::structs::PersonView;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
pub async fn list_banned_users( pub async fn list_banned_users(
data: Query<GetBannedPersons>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<BannedPersonsResponse>, LemmyError> { ) -> Result<Json<BannedPersonsResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Make sure user is an admin // Make sure user is an admin
is_admin(&local_user_view)?; is_admin(&local_user_view)?;

34
crates/api/src/local_user/login.rs
Unescape Escape View File

@ -4,7 +4,13 @@ use bcrypt::verify;
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{Login, LoginResponse}, person::{Login, LoginResponse},
utils::{check_registration_application, check_user_valid}, utils,
utils::check_user_valid,
};
use lemmy_db_schema::{
source::{local_site::LocalSite, registration_application::RegistrationApplication},
utils::DbPool,
RegistrationMode,
}; };
use lemmy_db_views::structs::{LocalUserView, SiteView}; use lemmy_db_views::structs::{LocalUserView, SiteView};
use lemmy_utils::{ use lemmy_utils::{
@ -72,3 +78,29 @@ pub async fn login(
registration_created: false, registration_created: false,
})) }))
} }
async fn check_registration_application(
local_user_view: &LocalUserView,
local_site: &LocalSite,
pool: &mut DbPool<'_>,
) -> Result<(), LemmyError> {
if (local_site.registration_mode == RegistrationMode::RequireApplication
|| local_site.registration_mode == RegistrationMode::Closed)
&& !local_user_view.local_user.accepted_application
&& !local_user_view.local_user.admin
{
// Fetch the registration, see if its denied
let local_user_id = local_user_view.local_user.id;
let registration = RegistrationApplication::find_by_local_user_id(pool, local_user_id).await?;
if let Some(deny_reason) = registration.deny_reason {
let lang = utils::get_interface_language(local_user_view);
let registration_denied_message = format!("{}: {}", lang.registration_denied(), deny_reason);
Err(LemmyErrorType::RegistrationDenied(
registration_denied_message,
))?
} else {
Err(LemmyErrorType::RegistrationApplicationIsPending)?
}
}
Ok(())
}

5
crates/api/src/local_user/notifications/list_mentions.rs
Unescape Escape View File

@ -2,8 +2,8 @@ use actix_web::web::{Data, Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{GetPersonMentions, GetPersonMentionsResponse}, person::{GetPersonMentions, GetPersonMentionsResponse},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::person_mention_view::PersonMentionQuery; use lemmy_db_views_actor::person_mention_view::PersonMentionQuery;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
@ -11,9 +11,8 @@ use lemmy_utils::error::LemmyError;
pub async fn list_mentions( pub async fn list_mentions(
data: Query<GetPersonMentions>, data: Query<GetPersonMentions>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<GetPersonMentionsResponse>, LemmyError> { ) -> Result<Json<GetPersonMentionsResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let sort = data.sort; let sort = data.sort;
let page = data.page; let page = data.page;
let limit = data.limit; let limit = data.limit;

5
crates/api/src/local_user/notifications/list_replies.rs
Unescape Escape View File

@ -2,8 +2,8 @@ use actix_web::web::{Data, Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{GetReplies, GetRepliesResponse}, person::{GetReplies, GetRepliesResponse},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::comment_reply_view::CommentReplyQuery; use lemmy_db_views_actor::comment_reply_view::CommentReplyQuery;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
@ -11,9 +11,8 @@ use lemmy_utils::error::LemmyError;
pub async fn list_replies( pub async fn list_replies(
data: Query<GetReplies>, data: Query<GetReplies>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<GetRepliesResponse>, LemmyError> { ) -> Result<Json<GetRepliesResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let sort = data.sort; let sort = data.sort;
let page = data.page; let page = data.page;
let limit = data.limit; let limit = data.limit;

10
crates/api/src/local_user/notifications/mark_all_read.rs
Unescape Escape View File

@ -1,22 +1,18 @@
use actix_web::web::{Data, Json}; use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{context::LemmyContext, person::GetRepliesResponse};
context::LemmyContext,
person::{GetRepliesResponse, MarkAllAsRead},
utils::local_user_view_from_jwt,
};
use lemmy_db_schema::source::{ use lemmy_db_schema::source::{
comment_reply::CommentReply, comment_reply::CommentReply,
person_mention::PersonMention, person_mention::PersonMention,
private_message::PrivateMessage, private_message::PrivateMessage,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn mark_all_notifications_read( pub async fn mark_all_notifications_read(
data: Json<MarkAllAsRead>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<GetRepliesResponse>, LemmyError> { ) -> Result<Json<GetRepliesResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;
// Mark all comment_replies as read // Mark all comment_replies as read

5
crates/api/src/local_user/notifications/mark_mention_read.rs
Unescape Escape View File

@ -2,12 +2,12 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{MarkPersonMentionAsRead, PersonMentionResponse}, person::{MarkPersonMentionAsRead, PersonMentionResponse},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::person_mention::{PersonMention, PersonMentionUpdateForm}, source::person_mention::{PersonMention, PersonMentionUpdateForm},
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::structs::PersonMentionView; use lemmy_db_views_actor::structs::PersonMentionView;
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
@ -15,9 +15,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn mark_person_mention_as_read( pub async fn mark_person_mention_as_read(
data: Json<MarkPersonMentionAsRead>, data: Json<MarkPersonMentionAsRead>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PersonMentionResponse>, LemmyError> { ) -> Result<Json<PersonMentionResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let person_mention_id = data.person_mention_id; let person_mention_id = data.person_mention_id;
let read_person_mention = PersonMention::read(&mut context.pool(), person_mention_id).await?; let read_person_mention = PersonMention::read(&mut context.pool(), person_mention_id).await?;

5
crates/api/src/local_user/notifications/mark_reply_read.rs
Unescape Escape View File

@ -2,12 +2,12 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{CommentReplyResponse, MarkCommentReplyAsRead}, person::{CommentReplyResponse, MarkCommentReplyAsRead},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::comment_reply::{CommentReply, CommentReplyUpdateForm}, source::comment_reply::{CommentReply, CommentReplyUpdateForm},
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::structs::CommentReplyView; use lemmy_db_views_actor::structs::CommentReplyView;
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
@ -15,9 +15,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn mark_reply_as_read( pub async fn mark_reply_as_read(
data: Json<MarkCommentReplyAsRead>, data: Json<MarkCommentReplyAsRead>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommentReplyResponse>, LemmyError> { ) -> Result<Json<CommentReplyResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let comment_reply_id = data.comment_reply_id; let comment_reply_id = data.comment_reply_id;
let read_comment_reply = CommentReply::read(&mut context.pool(), comment_reply_id).await?; let read_comment_reply = CommentReply::read(&mut context.pool(), comment_reply_id).await?;

14
crates/api/src/local_user/notifications/unread_count.rs
Unescape Escape View File

@ -1,20 +1,14 @@
use actix_web::web::{Data, Json, Query}; use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{context::LemmyContext, person::GetUnreadCountResponse};
context::LemmyContext, use lemmy_db_views::structs::{LocalUserView, PrivateMessageView};
person::{GetUnreadCount, GetUnreadCountResponse},
utils::local_user_view_from_jwt,
};
use lemmy_db_views::structs::PrivateMessageView;
use lemmy_db_views_actor::structs::{CommentReplyView, PersonMentionView}; use lemmy_db_views_actor::structs::{CommentReplyView, PersonMentionView};
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn unread_count( pub async fn unread_count(
data: Query<GetUnreadCount>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<GetUnreadCountResponse>, LemmyError> { ) -> Result<Json<GetUnreadCountResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;
let replies = CommentReplyView::get_unread_replies(&mut context.pool(), person_id).await?; let replies = CommentReplyView::get_unread_replies(&mut context.pool(), person_id).await?;

11
crates/api/src/local_user/report_count.rs
Unescape Escape View File

@ -2,18 +2,21 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{GetReportCount, GetReportCountResponse}, person::{GetReportCount, GetReportCountResponse},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_views::structs::{CommentReportView, PostReportView, PrivateMessageReportView}; use lemmy_db_views::structs::{
CommentReportView,
LocalUserView,
PostReportView,
PrivateMessageReportView,
};
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn report_count( pub async fn report_count(
data: Json<GetReportCount>, data: Json<GetReportCount>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<GetReportCountResponse>, LemmyError> { ) -> Result<Json<GetReportCountResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;
let admin = local_user_view.local_user.admin; let admin = local_user_view.local_user.admin;
let community_id = data.community_id; let community_id = data.community_id;

6
crates/api/src/local_user/save_settings.rs
Unescape Escape View File

@ -2,7 +2,7 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{LoginResponse, SaveUserSettings}, person::{LoginResponse, SaveUserSettings},
utils::{local_user_view_from_jwt, sanitize_html_api_opt, send_verification_email}, utils::{sanitize_html_api_opt, send_verification_email},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -13,7 +13,7 @@ use lemmy_db_schema::{
traits::Crud, traits::Crud,
utils::{diesel_option_overwrite, diesel_option_overwrite_to_url}, utils::{diesel_option_overwrite, diesel_option_overwrite_to_url},
}; };
use lemmy_db_views::structs::SiteView; use lemmy_db_views::structs::{LocalUserView, SiteView};
use lemmy_utils::{ use lemmy_utils::{
claims::Claims, claims::Claims,
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
@ -24,8 +24,8 @@ use lemmy_utils::{
pub async fn save_user_settings( pub async fn save_user_settings(
data: Json<SaveUserSettings>, data: Json<SaveUserSettings>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<LoginResponse>, LemmyError> { ) -> Result<Json<LoginResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let site_view = SiteView::read_local(&mut context.pool()).await?; let site_view = SiteView::read_local(&mut context.pool()).await?;
let bio = sanitize_html_api_opt(&data.bio); let bio = sanitize_html_api_opt(&data.bio);

12
crates/api/src/post/feature.rs
Unescape Escape View File

@ -5,13 +5,7 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
post::{FeaturePost, PostResponse}, post::{FeaturePost, PostResponse},
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{ utils::{check_community_ban, check_community_deleted_or_removed, is_admin, is_mod_or_admin},
check_community_ban,
check_community_deleted_or_removed,
is_admin,
is_mod_or_admin,
local_user_view_from_jwt,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -21,15 +15,15 @@ use lemmy_db_schema::{
traits::Crud, traits::Crud,
PostFeatureType, PostFeatureType,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn feature_post( pub async fn feature_post(
data: Json<FeaturePost>, data: Json<FeaturePost>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PostResponse>, LemmyError> { ) -> Result<Json<PostResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let post_id = data.post_id; let post_id = data.post_id;
let orig_post = Post::read(&mut context.pool(), post_id).await?; let orig_post = Post::read(&mut context.pool(), post_id).await?;

4
crates/api/src/post/like.rs
Unescape Escape View File

@ -9,7 +9,6 @@ use lemmy_api_common::{
check_community_ban, check_community_ban,
check_community_deleted_or_removed, check_community_deleted_or_removed,
check_downvotes_enabled, check_downvotes_enabled,
local_user_view_from_jwt,
mark_post_as_read, mark_post_as_read,
}, },
}; };
@ -21,6 +20,7 @@ use lemmy_db_schema::{
}, },
traits::{Crud, Likeable}, traits::{Crud, Likeable},
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
use std::ops::Deref; use std::ops::Deref;
@ -28,8 +28,8 @@ use std::ops::Deref;
pub async fn like_post( pub async fn like_post(
data: Json<CreatePostLike>, data: Json<CreatePostLike>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PostResponse>, LemmyError> { ) -> Result<Json<PostResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
// Don't do a downvote if site has downvotes disabled // Don't do a downvote if site has downvotes disabled

11
crates/api/src/post/lock.rs
Unescape Escape View File

@ -5,12 +5,7 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
post::{LockPost, PostResponse}, post::{LockPost, PostResponse},
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{ utils::{check_community_ban, check_community_deleted_or_removed, is_mod_or_admin},
check_community_ban,
check_community_deleted_or_removed,
is_mod_or_admin,
local_user_view_from_jwt,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -19,15 +14,15 @@ use lemmy_db_schema::{
}, },
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn lock_post( pub async fn lock_post(
data: Json<LockPost>, data: Json<LockPost>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PostResponse>, LemmyError> { ) -> Result<Json<PostResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let post_id = data.post_id; let post_id = data.post_id;
let orig_post = Post::read(&mut context.pool(), post_id).await?; let orig_post = Post::read(&mut context.pool(), post_id).await?;

6
crates/api/src/post/mark_read.rs
Unescape Escape View File

@ -3,18 +3,16 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
post::{MarkPostAsRead, PostResponse}, post::{MarkPostAsRead, PostResponse},
utils, utils,
utils::local_user_view_from_jwt,
}; };
use lemmy_db_views::structs::PostView; use lemmy_db_views::structs::{LocalUserView, PostView};
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn mark_post_as_read( pub async fn mark_post_as_read(
data: Json<MarkPostAsRead>, data: Json<MarkPostAsRead>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PostResponse>, LemmyError> { ) -> Result<Json<PostResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let post_id = data.post_id; let post_id = data.post_id;
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;

7
crates/api/src/post/save.rs
Unescape Escape View File

@ -2,22 +2,21 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
post::{PostResponse, SavePost}, post::{PostResponse, SavePost},
utils::{local_user_view_from_jwt, mark_post_as_read}, utils::mark_post_as_read,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::post::{PostSaved, PostSavedForm}, source::post::{PostSaved, PostSavedForm},
traits::Saveable, traits::Saveable,
}; };
use lemmy_db_views::structs::PostView; use lemmy_db_views::structs::{LocalUserView, PostView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn save_post( pub async fn save_post(
data: Json<SavePost>, data: Json<SavePost>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PostResponse>, LemmyError> { ) -> Result<Json<PostResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let post_saved_form = PostSavedForm { let post_saved_form = PostSavedForm {
post_id: data.post_id, post_id: data.post_id,
person_id: local_user_view.person.id, person_id: local_user_view.person.id,

11
crates/api/src/post_report/create.rs
Unescape Escape View File

@ -5,12 +5,7 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
post::{CreatePostReport, PostReportResponse}, post::{CreatePostReport, PostReportResponse},
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{ utils::{check_community_ban, sanitize_html_api, send_new_report_email_to_admins},
check_community_ban,
local_user_view_from_jwt,
sanitize_html_api,
send_new_report_email_to_admins,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -19,7 +14,7 @@ use lemmy_db_schema::{
}, },
traits::Reportable, traits::Reportable,
}; };
use lemmy_db_views::structs::{PostReportView, PostView}; use lemmy_db_views::structs::{LocalUserView, PostReportView, PostView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
/// Creates a post report and notifies the moderators of the community /// Creates a post report and notifies the moderators of the community
@ -27,8 +22,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn create_post_report( pub async fn create_post_report(
data: Json<CreatePostReport>, data: Json<CreatePostReport>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PostReportResponse>, LemmyError> { ) -> Result<Json<PostReportResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let reason = sanitize_html_api(data.reason.trim()); let reason = sanitize_html_api(data.reason.trim());

6
crates/api/src/post_report/list.rs
Unescape Escape View File

@ -2,9 +2,8 @@ use actix_web::web::{Data, Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
post::{ListPostReports, ListPostReportsResponse}, post::{ListPostReports, ListPostReportsResponse},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_views::post_report_view::PostReportQuery; use lemmy_db_views::{post_report_view::PostReportQuery, structs::LocalUserView};
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
/// Lists post reports for a community if an id is supplied /// Lists post reports for a community if an id is supplied
@ -13,9 +12,8 @@ use lemmy_utils::error::LemmyError;
pub async fn list_post_reports( pub async fn list_post_reports(
data: Query<ListPostReports>, data: Query<ListPostReports>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<ListPostReportsResponse>, LemmyError> { ) -> Result<Json<ListPostReportsResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let community_id = data.community_id; let community_id = data.community_id;
let unresolved_only = data.unresolved_only.unwrap_or_default(); let unresolved_only = data.unresolved_only.unwrap_or_default();

7
crates/api/src/post_report/resolve.rs
Unescape Escape View File

@ -2,10 +2,10 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
post::{PostReportResponse, ResolvePostReport}, post::{PostReportResponse, ResolvePostReport},
utils::{is_mod_or_admin, local_user_view_from_jwt}, utils::is_mod_or_admin,
}; };
use lemmy_db_schema::{source::post_report::PostReport, traits::Reportable}; use lemmy_db_schema::{source::post_report::PostReport, traits::Reportable};
use lemmy_db_views::structs::PostReportView; use lemmy_db_views::structs::{LocalUserView, PostReportView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
/// Resolves or unresolves a post report and notifies the moderators of the community /// Resolves or unresolves a post report and notifies the moderators of the community
@ -13,9 +13,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn resolve_post_report( pub async fn resolve_post_report(
data: Json<ResolvePostReport>, data: Json<ResolvePostReport>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PostReportResponse>, LemmyError> { ) -> Result<Json<PostReportResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let report_id = data.report_id; let report_id = data.report_id;
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;
let report = PostReportView::read(&mut context.pool(), report_id, person_id).await?; let report = PostReportView::read(&mut context.pool(), report_id, person_id).await?;

6
crates/api/src/private_message/mark_read.rs
Unescape Escape View File

@ -2,22 +2,20 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
private_message::{MarkPrivateMessageAsRead, PrivateMessageResponse}, private_message::{MarkPrivateMessageAsRead, PrivateMessageResponse},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::private_message::{PrivateMessage, PrivateMessageUpdateForm}, source::private_message::{PrivateMessage, PrivateMessageUpdateForm},
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::PrivateMessageView; use lemmy_db_views::structs::{LocalUserView, PrivateMessageView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn mark_pm_as_read( pub async fn mark_pm_as_read(
data: Json<MarkPrivateMessageAsRead>, data: Json<MarkPrivateMessageAsRead>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PrivateMessageResponse>, LemmyError> { ) -> Result<Json<PrivateMessageResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Checking permissions // Checking permissions
let private_message_id = data.private_message_id; let private_message_id = data.private_message_id;
let orig_private_message = PrivateMessage::read(&mut context.pool(), private_message_id).await?; let orig_private_message = PrivateMessage::read(&mut context.pool(), private_message_id).await?;

6
crates/api/src/private_message_report/create.rs
Unescape Escape View File

@ -3,7 +3,7 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
private_message::{CreatePrivateMessageReport, PrivateMessageReportResponse}, private_message::{CreatePrivateMessageReport, PrivateMessageReportResponse},
utils::{local_user_view_from_jwt, sanitize_html_api, send_new_report_email_to_admins}, utils::{sanitize_html_api, send_new_report_email_to_admins},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -13,15 +13,15 @@ use lemmy_db_schema::{
}, },
traits::{Crud, Reportable}, traits::{Crud, Reportable},
}; };
use lemmy_db_views::structs::PrivateMessageReportView; use lemmy_db_views::structs::{LocalUserView, PrivateMessageReportView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn create_pm_report( pub async fn create_pm_report(
data: Json<CreatePrivateMessageReport>, data: Json<CreatePrivateMessageReport>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PrivateMessageReportResponse>, LemmyError> { ) -> Result<Json<PrivateMessageReportResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let reason = sanitize_html_api(data.reason.trim()); let reason = sanitize_html_api(data.reason.trim());

10
crates/api/src/private_message_report/list.rs
Unescape Escape View File

@ -2,18 +2,20 @@ use actix_web::web::{Data, Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
private_message::{ListPrivateMessageReports, ListPrivateMessageReportsResponse}, private_message::{ListPrivateMessageReports, ListPrivateMessageReportsResponse},
utils::{is_admin, local_user_view_from_jwt}, utils::is_admin,
};
use lemmy_db_views::{
private_message_report_view::PrivateMessageReportQuery,
structs::LocalUserView,
}; };
use lemmy_db_views::private_message_report_view::PrivateMessageReportQuery;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn list_pm_reports( pub async fn list_pm_reports(
data: Query<ListPrivateMessageReports>, data: Query<ListPrivateMessageReports>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<ListPrivateMessageReportsResponse>, LemmyError> { ) -> Result<Json<ListPrivateMessageReportsResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
is_admin(&local_user_view)?; is_admin(&local_user_view)?;
let unresolved_only = data.unresolved_only.unwrap_or_default(); let unresolved_only = data.unresolved_only.unwrap_or_default();

7
crates/api/src/private_message_report/resolve.rs
Unescape Escape View File

@ -2,19 +2,18 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
private_message::{PrivateMessageReportResponse, ResolvePrivateMessageReport}, private_message::{PrivateMessageReportResponse, ResolvePrivateMessageReport},
utils::{is_admin, local_user_view_from_jwt}, utils::is_admin,
}; };
use lemmy_db_schema::{source::private_message_report::PrivateMessageReport, traits::Reportable}; use lemmy_db_schema::{source::private_message_report::PrivateMessageReport, traits::Reportable};
use lemmy_db_views::structs::PrivateMessageReportView; use lemmy_db_views::structs::{LocalUserView, PrivateMessageReportView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn resolve_pm_report( pub async fn resolve_pm_report(
data: Json<ResolvePrivateMessageReport>, data: Json<ResolvePrivateMessageReport>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PrivateMessageReportResponse>, LemmyError> { ) -> Result<Json<PrivateMessageReportResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
is_admin(&local_user_view)?; is_admin(&local_user_view)?;
let report_id = data.report_id; let report_id = data.report_id;

5
crates/api/src/site/block.rs
Unescape Escape View File

@ -3,21 +3,20 @@ use actix_web::web::Json;
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
site::{BlockInstance, BlockInstanceResponse}, site::{BlockInstance, BlockInstanceResponse},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::instance_block::{InstanceBlock, InstanceBlockForm}, source::instance_block::{InstanceBlock, InstanceBlockForm},
traits::Blockable, traits::Blockable,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn block_instance( pub async fn block_instance(
data: Json<BlockInstance>, data: Json<BlockInstance>,
local_user_view: LocalUserView,
context: Data<LemmyContext>, context: Data<LemmyContext>,
) -> Result<Json<BlockInstanceResponse>, LemmyError> { ) -> Result<Json<BlockInstanceResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let instance_id = data.instance_id; let instance_id = data.instance_id;
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;
let instance_block_form = InstanceBlockForm { let instance_block_form = InstanceBlockForm {

12
crates/api/src/site/leave_admin.rs
Unescape Escape View File

@ -1,9 +1,5 @@
use actix_web::web::{Data, Json}; use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{context::LemmyContext, site::GetSiteResponse, utils::is_admin};
context::LemmyContext,
site::{GetSiteResponse, LeaveAdmin},
utils::{is_admin, local_user_view_from_jwt},
};
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
actor_language::SiteLanguage, actor_language::SiteLanguage,
@ -14,7 +10,7 @@ use lemmy_db_schema::{
}, },
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::{CustomEmojiView, SiteView}; use lemmy_db_views::structs::{CustomEmojiView, LocalUserView, SiteView};
use lemmy_db_views_actor::structs::PersonView; use lemmy_db_views_actor::structs::PersonView;
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorType}, error::{LemmyError, LemmyErrorType},
@ -23,11 +19,9 @@ use lemmy_utils::{
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn leave_admin( pub async fn leave_admin(
data: Json<LeaveAdmin>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<GetSiteResponse>, LemmyError> { ) -> Result<Json<GetSiteResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
is_admin(&local_user_view)?; is_admin(&local_user_view)?;
// Make sure there isn't just one admin (so if one leaves, there will still be one left) // Make sure there isn't just one admin (so if one leaves, there will still be one left)

5
crates/api/src/site/mod_log.rs
Unescape Escape View File

@ -2,13 +2,14 @@ use actix_web::web::{Data, Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
site::{GetModlog, GetModlogResponse}, site::{GetModlog, GetModlogResponse},
utils::{check_private_instance, is_admin, is_mod_or_admin, local_user_view_from_jwt_opt}, utils::{check_private_instance, is_admin, is_mod_or_admin},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
newtypes::{CommunityId, PersonId}, newtypes::{CommunityId, PersonId},
source::local_site::LocalSite, source::local_site::LocalSite,
ModlogActionType, ModlogActionType,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_moderator::structs::{ use lemmy_db_views_moderator::structs::{
AdminPurgeCommentView, AdminPurgeCommentView,
AdminPurgeCommunityView, AdminPurgeCommunityView,
@ -34,8 +35,8 @@ use ModlogActionType::*;
pub async fn get_mod_log( pub async fn get_mod_log(
data: Query<GetModlog>, data: Query<GetModlog>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: Option<LocalUserView>,
) -> Result<Json<GetModlogResponse>, LemmyError> { ) -> Result<Json<GetModlogResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt_opt(data.auth.as_ref(), &context).await;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
check_private_instance(&local_user_view, &local_site)?; check_private_instance(&local_user_view, &local_site)?;

6
crates/api/src/site/purge/comment.rs
Unescape Escape View File

@ -2,7 +2,7 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
site::{PurgeComment, PurgeItemResponse}, site::{PurgeComment, PurgeItemResponse},
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api_opt}, utils::{is_admin, sanitize_html_api_opt},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -11,15 +11,15 @@ use lemmy_db_schema::{
}, },
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn purge_comment( pub async fn purge_comment(
data: Json<PurgeComment>, data: Json<PurgeComment>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PurgeItemResponse>, LemmyError> { ) -> Result<Json<PurgeItemResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Only let admin purge an item // Only let admin purge an item
is_admin(&local_user_view)?; is_admin(&local_user_view)?;

11
crates/api/src/site/purge/community.rs
Unescape Escape View File

@ -3,12 +3,7 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
request::purge_image_from_pictrs, request::purge_image_from_pictrs,
site::{PurgeCommunity, PurgeItemResponse}, site::{PurgeCommunity, PurgeItemResponse},
utils::{ utils::{is_admin, purge_image_posts_for_community, sanitize_html_api_opt},
is_admin,
local_user_view_from_jwt,
purge_image_posts_for_community,
sanitize_html_api_opt,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -17,15 +12,15 @@ use lemmy_db_schema::{
}, },
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn purge_community( pub async fn purge_community(
data: Json<PurgeCommunity>, data: Json<PurgeCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PurgeItemResponse>, LemmyError> { ) -> Result<Json<PurgeItemResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Only let admin purge an item // Only let admin purge an item
is_admin(&local_user_view)?; is_admin(&local_user_view)?;

5
crates/api/src/site/purge/person.rs
Unescape Escape View File

@ -3,7 +3,7 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
request::delete_image_from_pictrs, request::delete_image_from_pictrs,
site::{PurgeItemResponse, PurgePerson}, site::{PurgeItemResponse, PurgePerson},
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api_opt}, utils::{is_admin, sanitize_html_api_opt},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -20,9 +20,8 @@ use lemmy_utils::error::LemmyError;
pub async fn purge_person( pub async fn purge_person(
data: Json<PurgePerson>, data: Json<PurgePerson>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PurgeItemResponse>, LemmyError> { ) -> Result<Json<PurgeItemResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Only let admin purge an item // Only let admin purge an item
is_admin(&local_user_view)?; is_admin(&local_user_view)?;

6
crates/api/src/site/purge/post.rs
Unescape Escape View File

@ -3,7 +3,7 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
request::purge_image_from_pictrs, request::purge_image_from_pictrs,
site::{PurgeItemResponse, PurgePost}, site::{PurgeItemResponse, PurgePost},
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api_opt}, utils::{is_admin, sanitize_html_api_opt},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -12,15 +12,15 @@ use lemmy_db_schema::{
}, },
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn purge_post( pub async fn purge_post(
data: Json<PurgePost>, data: Json<PurgePost>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PurgeItemResponse>, LemmyError> { ) -> Result<Json<PurgeItemResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Only let admin purge an item // Only let admin purge an item
is_admin(&local_user_view)?; is_admin(&local_user_view)?;

5
crates/api/src/site/registration_applications/approve.rs
Unescape Escape View File

@ -2,7 +2,7 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
site::{ApproveRegistrationApplication, RegistrationApplicationResponse}, site::{ApproveRegistrationApplication, RegistrationApplicationResponse},
utils::{is_admin, local_user_view_from_jwt, send_application_approved_email}, utils::{is_admin, send_application_approved_email},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -18,9 +18,8 @@ use lemmy_utils::error::LemmyError;
pub async fn approve_registration_application( pub async fn approve_registration_application(
data: Json<ApproveRegistrationApplication>, data: Json<ApproveRegistrationApplication>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<RegistrationApplicationResponse>, LemmyError> { ) -> Result<Json<RegistrationApplicationResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let app_id = data.id; let app_id = data.id;
// Only let admins do this // Only let admins do this

9
crates/api/src/site/registration_applications/list.rs
Unescape Escape View File

@ -2,18 +2,21 @@ use actix_web::web::{Data, Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
site::{ListRegistrationApplications, ListRegistrationApplicationsResponse}, site::{ListRegistrationApplications, ListRegistrationApplicationsResponse},
utils::{is_admin, local_user_view_from_jwt}, utils::is_admin,
}; };
use lemmy_db_schema::source::local_site::LocalSite; use lemmy_db_schema::source::local_site::LocalSite;
use lemmy_db_views::registration_application_view::RegistrationApplicationQuery; use lemmy_db_views::{
registration_application_view::RegistrationApplicationQuery,
structs::LocalUserView,
};
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
/// Lists registration applications, filterable by undenied only. /// Lists registration applications, filterable by undenied only.
pub async fn list_registration_applications( pub async fn list_registration_applications(
data: Query<ListRegistrationApplications>, data: Query<ListRegistrationApplications>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<ListRegistrationApplicationsResponse>, LemmyError> { ) -> Result<Json<ListRegistrationApplicationsResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
// Make sure user is an admin // Make sure user is an admin

11
crates/api/src/site/registration_applications/unread_count.rs
Unescape Escape View File

@ -1,18 +1,17 @@
use actix_web::web::{Data, Json, Query}; use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
site::{GetUnreadRegistrationApplicationCount, GetUnreadRegistrationApplicationCountResponse}, site::GetUnreadRegistrationApplicationCountResponse,
utils::{is_admin, local_user_view_from_jwt}, utils::is_admin,
}; };
use lemmy_db_schema::source::local_site::LocalSite; use lemmy_db_schema::source::local_site::LocalSite;
use lemmy_db_views::structs::RegistrationApplicationView; use lemmy_db_views::structs::{LocalUserView, RegistrationApplicationView};
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
pub async fn get_unread_registration_application_count( pub async fn get_unread_registration_application_count(
data: Query<GetUnreadRegistrationApplicationCount>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<GetUnreadRegistrationApplicationCountResponse>, LemmyError> { ) -> Result<Json<GetUnreadRegistrationApplicationCountResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
// Only let admins do this // Only let admins do this

13
crates/api_common/src/comment.rs
Unescape Escape View File

@ -1,4 +1,3 @@
use crate::sensitive::Sensitive;
use lemmy_db_schema::{ use lemmy_db_schema::{
newtypes::{CommentId, CommentReportId, CommunityId, LanguageId, LocalUserId, PostId}, newtypes::{CommentId, CommentReportId, CommunityId, LanguageId, LocalUserId, PostId},
CommentSortType, CommentSortType,
@ -20,7 +19,6 @@ pub struct CreateComment {
pub post_id: PostId, pub post_id: PostId,
pub parent_id: Option<CommentId>, pub parent_id: Option<CommentId>,
pub language_id: Option<LanguageId>, pub language_id: Option<LanguageId>,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -30,7 +28,6 @@ pub struct CreateComment {
/// Fetch an individual comment. /// Fetch an individual comment.
pub struct GetComment { pub struct GetComment {
pub id: CommentId, pub id: CommentId,
pub auth: Option<Sensitive<String>>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -42,7 +39,6 @@ pub struct EditComment {
pub comment_id: CommentId, pub comment_id: CommentId,
pub content: Option<String>, pub content: Option<String>,
pub language_id: Option<LanguageId>, pub language_id: Option<LanguageId>,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -53,7 +49,6 @@ pub struct EditComment {
pub struct DistinguishComment { pub struct DistinguishComment {
pub comment_id: CommentId, pub comment_id: CommentId,
pub distinguished: bool, pub distinguished: bool,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -64,7 +59,6 @@ pub struct DistinguishComment {
pub struct DeleteComment { pub struct DeleteComment {
pub comment_id: CommentId, pub comment_id: CommentId,
pub deleted: bool, pub deleted: bool,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -76,7 +70,6 @@ pub struct RemoveComment {
pub comment_id: CommentId, pub comment_id: CommentId,
pub removed: bool, pub removed: bool,
pub reason: Option<String>, pub reason: Option<String>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -86,7 +79,6 @@ pub struct RemoveComment {
pub struct SaveComment { pub struct SaveComment {
pub comment_id: CommentId, pub comment_id: CommentId,
pub save: bool, pub save: bool,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -107,7 +99,6 @@ pub struct CreateCommentLike {
pub comment_id: CommentId, pub comment_id: CommentId,
/// Must be -1, 0, or 1 . /// Must be -1, 0, or 1 .
pub score: i16, pub score: i16,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -128,7 +119,6 @@ pub struct GetComments {
pub saved_only: Option<bool>, pub saved_only: Option<bool>,
pub liked_only: Option<bool>, pub liked_only: Option<bool>,
pub disliked_only: Option<bool>, pub disliked_only: Option<bool>,
pub auth: Option<Sensitive<String>>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -146,7 +136,6 @@ pub struct GetCommentsResponse {
pub struct CreateCommentReport { pub struct CreateCommentReport {
pub comment_id: CommentId, pub comment_id: CommentId,
pub reason: String, pub reason: String,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -164,7 +153,6 @@ pub struct CommentReportResponse {
pub struct ResolveCommentReport { pub struct ResolveCommentReport {
pub report_id: CommentReportId, pub report_id: CommentReportId,
pub resolved: bool, pub resolved: bool,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -179,7 +167,6 @@ pub struct ListCommentReports {
pub unresolved_only: Option<bool>, pub unresolved_only: Option<bool>,
/// if no community is given, it returns reports for all communities moderated by the auth user /// if no community is given, it returns reports for all communities moderated by the auth user
pub community_id: Option<CommunityId>, pub community_id: Option<CommunityId>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]

13
crates/api_common/src/community.rs
Unescape Escape View File

@ -1,4 +1,3 @@
use crate::sensitive::Sensitive;
use lemmy_db_schema::{ use lemmy_db_schema::{
newtypes::{CommunityId, LanguageId, PersonId}, newtypes::{CommunityId, LanguageId, PersonId},
source::site::Site, source::site::Site,
@ -20,7 +19,6 @@ pub struct GetCommunity {
pub id: Option<CommunityId>, pub id: Option<CommunityId>,
/// Example: star_trek , or star_trek@xyz.tld /// Example: star_trek , or star_trek@xyz.tld
pub name: Option<String>, pub name: Option<String>,
pub auth: Option<Sensitive<String>>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -56,7 +54,6 @@ pub struct CreateCommunity {
/// Whether to restrict posting only to moderators. /// Whether to restrict posting only to moderators.
pub posting_restricted_to_mods: Option<bool>, pub posting_restricted_to_mods: Option<bool>,
pub discussion_languages: Option<Vec<LanguageId>>, pub discussion_languages: Option<Vec<LanguageId>>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -79,7 +76,6 @@ pub struct ListCommunities {
pub show_nsfw: Option<bool>, pub show_nsfw: Option<bool>,
pub page: Option<i64>, pub page: Option<i64>,
pub limit: Option<i64>, pub limit: Option<i64>,
pub auth: Option<Sensitive<String>>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -102,7 +98,6 @@ pub struct BanFromCommunity {
pub remove_data: Option<bool>, pub remove_data: Option<bool>,
pub reason: Option<String>, pub reason: Option<String>,
pub expires: Option<i64>, pub expires: Option<i64>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -122,7 +117,6 @@ pub struct AddModToCommunity {
pub community_id: CommunityId, pub community_id: CommunityId,
pub person_id: PersonId, pub person_id: PersonId,
pub added: bool, pub added: bool,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -153,7 +147,6 @@ pub struct EditCommunity {
/// Whether to restrict posting only to moderators. /// Whether to restrict posting only to moderators.
pub posting_restricted_to_mods: Option<bool>, pub posting_restricted_to_mods: Option<bool>,
pub discussion_languages: Option<Vec<LanguageId>>, pub discussion_languages: Option<Vec<LanguageId>>,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -166,7 +159,6 @@ pub struct HideCommunity {
pub community_id: CommunityId, pub community_id: CommunityId,
pub hidden: bool, pub hidden: bool,
pub reason: Option<String>, pub reason: Option<String>,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -177,7 +169,6 @@ pub struct HideCommunity {
pub struct DeleteCommunity { pub struct DeleteCommunity {
pub community_id: CommunityId, pub community_id: CommunityId,
pub deleted: bool, pub deleted: bool,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -190,7 +181,6 @@ pub struct RemoveCommunity {
pub removed: bool, pub removed: bool,
pub reason: Option<String>, pub reason: Option<String>,
pub expires: Option<i64>, pub expires: Option<i64>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -200,7 +190,6 @@ pub struct RemoveCommunity {
pub struct FollowCommunity { pub struct FollowCommunity {
pub community_id: CommunityId, pub community_id: CommunityId,
pub follow: bool, pub follow: bool,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -210,7 +199,6 @@ pub struct FollowCommunity {
pub struct BlockCommunity { pub struct BlockCommunity {
pub community_id: CommunityId, pub community_id: CommunityId,
pub block: bool, pub block: bool,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -230,5 +218,4 @@ pub struct BlockCommunityResponse {
pub struct TransferCommunity { pub struct TransferCommunity {
pub community_id: CommunityId, pub community_id: CommunityId,
pub person_id: PersonId, pub person_id: PersonId,
pub auth: Sensitive<String>,
} }

4
crates/api_common/src/custom_emoji.rs
Unescape Escape View File

@ -1,4 +1,3 @@
use crate::sensitive::Sensitive;
use lemmy_db_schema::newtypes::CustomEmojiId; use lemmy_db_schema::newtypes::CustomEmojiId;
use lemmy_db_views::structs::CustomEmojiView; use lemmy_db_views::structs::CustomEmojiView;
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -17,7 +16,6 @@ pub struct CreateCustomEmoji {
pub image_url: Url, pub image_url: Url,
pub alt_text: String, pub alt_text: String,
pub keywords: Vec<String>, pub keywords: Vec<String>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -31,7 +29,6 @@ pub struct EditCustomEmoji {
pub image_url: Url, pub image_url: Url,
pub alt_text: String, pub alt_text: String,
pub keywords: Vec<String>, pub keywords: Vec<String>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -40,7 +37,6 @@ pub struct EditCustomEmoji {
/// Delete a custom emoji. /// Delete a custom emoji.
pub struct DeleteCustomEmoji { pub struct DeleteCustomEmoji {
pub id: CustomEmojiId, pub id: CustomEmojiId,
pub auth: Sensitive<String>,
} }
#[derive(Serialize, Deserialize, Clone)] #[derive(Serialize, Deserialize, Clone)]

36
crates/api_common/src/person.rs
Unescape Escape View File

@ -119,7 +119,6 @@ pub struct SaveUserSettings {
pub show_new_post_notifs: Option<bool>, pub show_new_post_notifs: Option<bool>,
/// A list of languages you are able to see discussion in. /// A list of languages you are able to see discussion in.
pub discussion_languages: Option<Vec<LanguageId>>, pub discussion_languages: Option<Vec<LanguageId>>,
pub auth: Sensitive<String>,
/// Open links in a new tab /// Open links in a new tab
pub open_links_in_new_tab: Option<bool>, pub open_links_in_new_tab: Option<bool>,
/// Enable infinite scroll /// Enable infinite scroll
@ -134,7 +133,6 @@ pub struct ChangePassword {
pub new_password: Sensitive<String>, pub new_password: Sensitive<String>,
pub new_password_verify: Sensitive<String>, pub new_password_verify: Sensitive<String>,
pub old_password: Sensitive<String>, pub old_password: Sensitive<String>,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -167,7 +165,6 @@ pub struct GetPersonDetails {
pub limit: Option<i64>, pub limit: Option<i64>,
pub community_id: Option<CommunityId>, pub community_id: Option<CommunityId>,
pub saved_only: Option<bool>, pub saved_only: Option<bool>,
pub auth: Option<Sensitive<String>>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -181,14 +178,6 @@ pub struct GetPersonDetailsResponse {
pub moderates: Vec<CommunityModeratorView>, pub moderates: Vec<CommunityModeratorView>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)]
#[cfg_attr(feature = "full", derive(TS))]
#[cfg_attr(feature = "full", ts(export))]
/// Marks all notifications as read.
pub struct MarkAllAsRead {
pub auth: Sensitive<String>,
}
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
#[cfg_attr(feature = "full", derive(TS))] #[cfg_attr(feature = "full", derive(TS))]
#[cfg_attr(feature = "full", ts(export))] #[cfg_attr(feature = "full", ts(export))]
@ -196,7 +185,6 @@ pub struct MarkAllAsRead {
pub struct AddAdmin { pub struct AddAdmin {
pub person_id: PersonId, pub person_id: PersonId,
pub added: bool, pub added: bool,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -219,18 +207,9 @@ pub struct BanPerson {
pub remove_data: Option<bool>, pub remove_data: Option<bool>,
pub reason: Option<String>, pub reason: Option<String>,
pub expires: Option<i64>, pub expires: Option<i64>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)]
#[cfg_attr(feature = "full", derive(TS))]
#[cfg_attr(feature = "full", ts(export))]
/// Get a list of banned persons.
// TODO, this should be paged, since the list can be quite long. // TODO, this should be paged, since the list can be quite long.
pub struct GetBannedPersons {
pub auth: Sensitive<String>,
}
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
#[cfg_attr(feature = "full", derive(TS))] #[cfg_attr(feature = "full", derive(TS))]
#[cfg_attr(feature = "full", ts(export))] #[cfg_attr(feature = "full", ts(export))]
@ -255,7 +234,6 @@ pub struct BanPersonResponse {
pub struct BlockPerson { pub struct BlockPerson {
pub person_id: PersonId, pub person_id: PersonId,
pub block: bool, pub block: bool,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -277,7 +255,6 @@ pub struct GetReplies {
pub page: Option<i64>, pub page: Option<i64>,
pub limit: Option<i64>, pub limit: Option<i64>,
pub unread_only: Option<bool>, pub unread_only: Option<bool>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -299,7 +276,6 @@ pub struct GetPersonMentions {
pub page: Option<i64>, pub page: Option<i64>,
pub limit: Option<i64>, pub limit: Option<i64>,
pub unread_only: Option<bool>, pub unread_only: Option<bool>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -317,7 +293,6 @@ pub struct GetPersonMentionsResponse {
pub struct MarkPersonMentionAsRead { pub struct MarkPersonMentionAsRead {
pub person_mention_id: PersonMentionId, pub person_mention_id: PersonMentionId,
pub read: bool, pub read: bool,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -335,7 +310,6 @@ pub struct PersonMentionResponse {
pub struct MarkCommentReplyAsRead { pub struct MarkCommentReplyAsRead {
pub comment_reply_id: CommentReplyId, pub comment_reply_id: CommentReplyId,
pub read: bool, pub read: bool,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -353,7 +327,6 @@ pub struct CommentReplyResponse {
pub struct DeleteAccount { pub struct DeleteAccount {
pub password: Sensitive<String>, pub password: Sensitive<String>,
pub delete_content: bool, pub delete_content: bool,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -393,7 +366,6 @@ pub struct PasswordChangeAfterReset {
/// Get a count of the number of reports. /// Get a count of the number of reports.
pub struct GetReportCount { pub struct GetReportCount {
pub community_id: Option<CommunityId>, pub community_id: Option<CommunityId>,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -408,14 +380,6 @@ pub struct GetReportCountResponse {
pub private_message_reports: Option<i64>, pub private_message_reports: Option<i64>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)]
#[cfg_attr(feature = "full", derive(TS))]
#[cfg_attr(feature = "full", ts(export))]
/// Get a count of unread notifications.
pub struct GetUnreadCount {
pub auth: Sensitive<String>,
}
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
#[cfg_attr(feature = "full", derive(TS))] #[cfg_attr(feature = "full", derive(TS))]
#[cfg_attr(feature = "full", ts(export))] #[cfg_attr(feature = "full", ts(export))]

15
crates/api_common/src/post.rs
Unescape Escape View File

@ -1,4 +1,3 @@
use crate::sensitive::Sensitive;
use lemmy_db_schema::{ use lemmy_db_schema::{
newtypes::{CommentId, CommunityId, DbUrl, LanguageId, PostId, PostReportId}, newtypes::{CommentId, CommunityId, DbUrl, LanguageId, PostId, PostReportId},
ListingType, ListingType,
@ -29,7 +28,6 @@ pub struct CreatePost {
pub honeypot: Option<String>, pub honeypot: Option<String>,
pub nsfw: Option<bool>, pub nsfw: Option<bool>,
pub language_id: Option<LanguageId>, pub language_id: Option<LanguageId>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -47,7 +45,6 @@ pub struct PostResponse {
pub struct GetPost { pub struct GetPost {
pub id: Option<PostId>, pub id: Option<PostId>,
pub comment_id: Option<CommentId>, pub comment_id: Option<CommentId>,
pub auth: Option<Sensitive<String>>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -78,7 +75,6 @@ pub struct GetPosts {
pub saved_only: Option<bool>, pub saved_only: Option<bool>,
pub liked_only: Option<bool>, pub liked_only: Option<bool>,
pub disliked_only: Option<bool>, pub disliked_only: Option<bool>,
pub auth: Option<Sensitive<String>>,
pub page_cursor: Option<PaginationCursor>, pub page_cursor: Option<PaginationCursor>,
} }
@ -101,7 +97,6 @@ pub struct CreatePostLike {
pub post_id: PostId, pub post_id: PostId,
/// Score must be -1, 0, or 1. /// Score must be -1, 0, or 1.
pub score: i16, pub score: i16,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -118,7 +113,6 @@ pub struct EditPost {
pub body: Option<String>, pub body: Option<String>,
pub nsfw: Option<bool>, pub nsfw: Option<bool>,
pub language_id: Option<LanguageId>, pub language_id: Option<LanguageId>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -128,7 +122,6 @@ pub struct EditPost {
pub struct DeletePost { pub struct DeletePost {
pub post_id: PostId, pub post_id: PostId,
pub deleted: bool, pub deleted: bool,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -140,7 +133,6 @@ pub struct RemovePost {
pub post_id: PostId, pub post_id: PostId,
pub removed: bool, pub removed: bool,
pub reason: Option<String>, pub reason: Option<String>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -150,7 +142,6 @@ pub struct RemovePost {
pub struct MarkPostAsRead { pub struct MarkPostAsRead {
pub post_id: PostId, pub post_id: PostId,
pub read: bool, pub read: bool,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -160,7 +151,6 @@ pub struct MarkPostAsRead {
pub struct LockPost { pub struct LockPost {
pub post_id: PostId, pub post_id: PostId,
pub locked: bool, pub locked: bool,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -171,7 +161,6 @@ pub struct FeaturePost {
pub post_id: PostId, pub post_id: PostId,
pub featured: bool, pub featured: bool,
pub feature_type: PostFeatureType, pub feature_type: PostFeatureType,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -181,7 +170,6 @@ pub struct FeaturePost {
pub struct SavePost { pub struct SavePost {
pub post_id: PostId, pub post_id: PostId,
pub save: bool, pub save: bool,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -191,7 +179,6 @@ pub struct SavePost {
pub struct CreatePostReport { pub struct CreatePostReport {
pub post_id: PostId, pub post_id: PostId,
pub reason: String, pub reason: String,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -209,7 +196,6 @@ pub struct PostReportResponse {
pub struct ResolvePostReport { pub struct ResolvePostReport {
pub report_id: PostReportId, pub report_id: PostReportId,
pub resolved: bool, pub resolved: bool,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -224,7 +210,6 @@ pub struct ListPostReports {
pub unresolved_only: Option<bool>, pub unresolved_only: Option<bool>,
/// if no community is given, it returns reports for all communities moderated by the auth user /// if no community is given, it returns reports for all communities moderated by the auth user
pub community_id: Option<CommunityId>, pub community_id: Option<CommunityId>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]

9
crates/api_common/src/private_message.rs
Unescape Escape View File

@ -1,4 +1,3 @@
use crate::sensitive::Sensitive;
use lemmy_db_schema::newtypes::{PersonId, PrivateMessageId, PrivateMessageReportId}; use lemmy_db_schema::newtypes::{PersonId, PrivateMessageId, PrivateMessageReportId};
use lemmy_db_views::structs::{PrivateMessageReportView, PrivateMessageView}; use lemmy_db_views::structs::{PrivateMessageReportView, PrivateMessageView};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -13,7 +12,6 @@ use ts_rs::TS;
pub struct CreatePrivateMessage { pub struct CreatePrivateMessage {
pub content: String, pub content: String,
pub recipient_id: PersonId, pub recipient_id: PersonId,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -23,7 +21,6 @@ pub struct CreatePrivateMessage {
pub struct EditPrivateMessage { pub struct EditPrivateMessage {
pub private_message_id: PrivateMessageId, pub private_message_id: PrivateMessageId,
pub content: String, pub content: String,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -33,7 +30,6 @@ pub struct EditPrivateMessage {
pub struct DeletePrivateMessage { pub struct DeletePrivateMessage {
pub private_message_id: PrivateMessageId, pub private_message_id: PrivateMessageId,
pub deleted: bool, pub deleted: bool,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone, Default)] #[derive(Debug, Serialize, Deserialize, Clone, Default)]
@ -43,7 +39,6 @@ pub struct DeletePrivateMessage {
pub struct MarkPrivateMessageAsRead { pub struct MarkPrivateMessageAsRead {
pub private_message_id: PrivateMessageId, pub private_message_id: PrivateMessageId,
pub read: bool, pub read: bool,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -56,7 +51,6 @@ pub struct GetPrivateMessages {
pub page: Option<i64>, pub page: Option<i64>,
pub limit: Option<i64>, pub limit: Option<i64>,
pub creator_id: Option<PersonId>, pub creator_id: Option<PersonId>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -82,7 +76,6 @@ pub struct PrivateMessageResponse {
pub struct CreatePrivateMessageReport { pub struct CreatePrivateMessageReport {
pub private_message_id: PrivateMessageId, pub private_message_id: PrivateMessageId,
pub reason: String, pub reason: String,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -100,7 +93,6 @@ pub struct PrivateMessageReportResponse {
pub struct ResolvePrivateMessageReport { pub struct ResolvePrivateMessageReport {
pub report_id: PrivateMessageReportId, pub report_id: PrivateMessageReportId,
pub resolved: bool, pub resolved: bool,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -114,7 +106,6 @@ pub struct ListPrivateMessageReports {
pub limit: Option<i64>, pub limit: Option<i64>,
/// Only shows the unresolved reports /// Only shows the unresolved reports
pub unresolved_only: Option<bool>, pub unresolved_only: Option<bool>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]

38
crates/api_common/src/site.rs
Unescape Escape View File

@ -1,4 +1,3 @@
use crate::sensitive::Sensitive;
use lemmy_db_schema::{ use lemmy_db_schema::{
newtypes::{CommentId, CommunityId, InstanceId, LanguageId, PersonId, PostId}, newtypes::{CommentId, CommunityId, InstanceId, LanguageId, PersonId, PostId},
source::{instance::Instance, language::Language, tagline::Tagline}, source::{instance::Instance, language::Language, tagline::Tagline},
@ -62,7 +61,6 @@ pub struct Search {
pub listing_type: Option<ListingType>, pub listing_type: Option<ListingType>,
pub page: Option<i64>, pub page: Option<i64>,
pub limit: Option<i64>, pub limit: Option<i64>,
pub auth: Option<Sensitive<String>>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -85,7 +83,6 @@ pub struct SearchResponse {
pub struct ResolveObject { pub struct ResolveObject {
/// Can be the full url, or a shortened version like: !fediverse@lemmy.ml /// Can be the full url, or a shortened version like: !fediverse@lemmy.ml
pub q: String, pub q: String,
pub auth: Option<Sensitive<String>>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -113,7 +110,6 @@ pub struct GetModlog {
pub limit: Option<i64>, pub limit: Option<i64>,
pub type_: Option<ModlogActionType>, pub type_: Option<ModlogActionType>,
pub other_person_id: Option<PersonId>, pub other_person_id: Option<PersonId>,
pub auth: Option<Sensitive<String>>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -184,7 +180,6 @@ pub struct CreateSite {
pub blocked_instances: Option<Vec<String>>, pub blocked_instances: Option<Vec<String>>,
pub taglines: Option<Vec<String>>, pub taglines: Option<Vec<String>>,
pub registration_mode: Option<RegistrationMode>, pub registration_mode: Option<RegistrationMode>,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -263,16 +258,6 @@ pub struct EditSite {
pub registration_mode: Option<RegistrationMode>, pub registration_mode: Option<RegistrationMode>,
/// Whether to email admins for new reports. /// Whether to email admins for new reports.
pub reports_email_admins: Option<bool>, pub reports_email_admins: Option<bool>,
pub auth: Sensitive<String>,
}
#[skip_serializing_none]
#[derive(Debug, Serialize, Deserialize, Clone, Default)]
#[cfg_attr(feature = "full", derive(TS))]
#[cfg_attr(feature = "full", ts(export))]
/// Fetches the site.
pub struct GetSite {
pub auth: Option<Sensitive<String>>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -326,14 +311,6 @@ pub struct MyUserInfo {
pub discussion_languages: Vec<LanguageId>, pub discussion_languages: Vec<LanguageId>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)]
#[cfg_attr(feature = "full", derive(TS))]
#[cfg_attr(feature = "full", ts(export))]
/// Leaves the admin team.
pub struct LeaveAdmin {
pub auth: Sensitive<String>,
}
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
#[cfg_attr(feature = "full", derive(TS))] #[cfg_attr(feature = "full", derive(TS))]
#[cfg_attr(feature = "full", ts(export))] #[cfg_attr(feature = "full", ts(export))]
@ -352,7 +329,6 @@ pub struct FederatedInstances {
pub struct PurgePerson { pub struct PurgePerson {
pub person_id: PersonId, pub person_id: PersonId,
pub reason: Option<String>, pub reason: Option<String>,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -363,7 +339,6 @@ pub struct PurgePerson {
pub struct PurgeCommunity { pub struct PurgeCommunity {
pub community_id: CommunityId, pub community_id: CommunityId,
pub reason: Option<String>, pub reason: Option<String>,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -374,7 +349,6 @@ pub struct PurgeCommunity {
pub struct PurgePost { pub struct PurgePost {
pub post_id: PostId, pub post_id: PostId,
pub reason: Option<String>, pub reason: Option<String>,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]
@ -385,7 +359,6 @@ pub struct PurgePost {
pub struct PurgeComment { pub struct PurgeComment {
pub comment_id: CommentId, pub comment_id: CommentId,
pub reason: Option<String>, pub reason: Option<String>,
pub auth: Sensitive<String>,
} }
#[derive(Serialize, Deserialize, Clone)] #[derive(Serialize, Deserialize, Clone)]
@ -406,7 +379,6 @@ pub struct ListRegistrationApplications {
pub unread_only: Option<bool>, pub unread_only: Option<bool>,
pub page: Option<i64>, pub page: Option<i64>,
pub limit: Option<i64>, pub limit: Option<i64>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -426,7 +398,6 @@ pub struct ApproveRegistrationApplication {
pub id: i32, pub id: i32,
pub approve: bool, pub approve: bool,
pub deny_reason: Option<String>, pub deny_reason: Option<String>,
pub auth: Sensitive<String>,
} }
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
@ -437,14 +408,6 @@ pub struct RegistrationApplicationResponse {
pub registration_application: RegistrationApplicationView, pub registration_application: RegistrationApplicationView,
} }
#[derive(Debug, Serialize, Deserialize, Clone)]
#[cfg_attr(feature = "full", derive(TS))]
#[cfg_attr(feature = "full", ts(export))]
/// Gets a count of unread registration applications.
pub struct GetUnreadRegistrationApplicationCount {
pub auth: Sensitive<String>,
}
#[derive(Debug, Serialize, Deserialize, Clone)] #[derive(Debug, Serialize, Deserialize, Clone)]
#[cfg_attr(feature = "full", derive(TS))] #[cfg_attr(feature = "full", derive(TS))]
#[cfg_attr(feature = "full", ts(export))] #[cfg_attr(feature = "full", ts(export))]
@ -460,7 +423,6 @@ pub struct GetUnreadRegistrationApplicationCountResponse {
pub struct BlockInstance { pub struct BlockInstance {
pub instance_id: InstanceId, pub instance_id: InstanceId,
pub block: bool, pub block: bool,
pub auth: Sensitive<String>,
} }
#[skip_serializing_none] #[skip_serializing_none]

92
crates/api_common/src/utils.rs
Unescape Escape View File

@ -1,14 +1,9 @@
use crate::{ use crate::{context::LemmyContext, request::purge_image_from_pictrs, site::FederatedInstances};
context::LemmyContext,
request::purge_image_from_pictrs,
sensitive::Sensitive,
site::FederatedInstances,
};
use anyhow::Context; use anyhow::Context;
use chrono::{DateTime, Utc}; use chrono::{DateTime, Utc};
use lemmy_db_schema::{ use lemmy_db_schema::{
impls::person::is_banned, impls::person::is_banned,
newtypes::{CommunityId, DbUrl, LocalUserId, PersonId, PostId}, newtypes::{CommunityId, DbUrl, PersonId, PostId},
source::{ source::{
comment::{Comment, CommentUpdateForm}, comment::{Comment, CommentUpdateForm},
community::{Community, CommunityModerator, CommunityUpdateForm}, community::{Community, CommunityModerator, CommunityUpdateForm},
@ -20,11 +15,9 @@ use lemmy_db_schema::{
person::{Person, PersonUpdateForm}, person::{Person, PersonUpdateForm},
person_block::PersonBlock, person_block::PersonBlock,
post::{Post, PostRead, PostReadForm}, post::{Post, PostRead, PostReadForm},
registration_application::RegistrationApplication,
}, },
traits::{Crud, Readable}, traits::{Crud, Readable},
utils::DbPool, utils::DbPool,
RegistrationMode,
}; };
use lemmy_db_views::{comment_view::CommentQuery, structs::LocalUserView}; use lemmy_db_views::{comment_view::CommentQuery, structs::LocalUserView};
use lemmy_db_views_actor::structs::{ use lemmy_db_views_actor::structs::{
@ -33,9 +26,8 @@ use lemmy_db_views_actor::structs::{
CommunityView, CommunityView,
}; };
use lemmy_utils::{ use lemmy_utils::{
claims::Claims,
email::{send_email, translations::Lang}, email::{send_email, translations::Lang},
error::{LemmyError, LemmyErrorExt, LemmyErrorExt2, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
location_info, location_info,
rate_limit::RateLimitConfig, rate_limit::RateLimitConfig,
settings::structs::Settings, settings::structs::Settings,
@ -134,58 +126,6 @@ pub async fn mark_post_as_unread(
.with_lemmy_type(LemmyErrorType::CouldntMarkPostAsRead) .with_lemmy_type(LemmyErrorType::CouldntMarkPostAsRead)
} }
#[tracing::instrument(skip_all)]
pub async fn local_user_view_from_jwt(
jwt: &str,
context: &LemmyContext,
) -> Result<LocalUserView, LemmyError> {
let claims = Claims::decode(jwt, &context.secret().jwt_secret)
.with_lemmy_type(LemmyErrorType::NotLoggedIn)?
.claims;
let local_user_id = LocalUserId(claims.sub);
let local_user_view = LocalUserView::read(&mut context.pool(), local_user_id).await?;
check_user_valid(
local_user_view.person.banned,
local_user_view.person.ban_expires,
local_user_view.person.deleted,
)?;
check_validator_time(&local_user_view.local_user.validator_time, &claims)?;
Ok(local_user_view)
}
#[tracing::instrument(skip_all)]
pub async fn local_user_view_from_jwt_opt(
jwt: Option<&Sensitive<String>>,
context: &LemmyContext,
) -> Option<LocalUserView> {
local_user_view_from_jwt(jwt?, context).await.ok()
}
#[tracing::instrument(skip_all)]
pub async fn local_user_view_from_jwt_opt_new(
local_user_view: &mut Option<LocalUserView>,
jwt: Option<&Sensitive<String>>,
context: &LemmyContext,
) {
if local_user_view.is_none() {
*local_user_view = local_user_view_from_jwt_opt(jwt, context).await;
}
}
/// Checks if user's token was issued before user's password reset.
pub fn check_validator_time(
validator_time: &DateTime<Utc>,
claims: &Claims,
) -> Result<(), LemmyError> {
let user_validation_time = validator_time.timestamp();
if user_validation_time > claims.iat {
Err(LemmyErrorType::NotLoggedIn)?
} else {
Ok(())
}
}
pub fn check_user_valid( pub fn check_user_valid(
banned: bool, banned: bool,
ban_expires: Option<DateTime<Utc>>, ban_expires: Option<DateTime<Utc>>,
@ -505,32 +445,6 @@ pub async fn send_new_report_email_to_admins(
Ok(()) Ok(())
} }
pub async fn check_registration_application(
local_user_view: &LocalUserView,
local_site: &LocalSite,
pool: &mut DbPool<'_>,
) -> Result<(), LemmyError> {
if (local_site.registration_mode == RegistrationMode::RequireApplication
|| local_site.registration_mode == RegistrationMode::Closed)
&& !local_user_view.local_user.accepted_application
&& !local_user_view.local_user.admin
{
// Fetch the registration, see if its denied
let local_user_id = local_user_view.local_user.id;
let registration = RegistrationApplication::find_by_local_user_id(pool, local_user_id).await?;
if let Some(deny_reason) = registration.deny_reason {
let lang = get_interface_language(local_user_view);
let registration_denied_message = format!("{}: {}", lang.registration_denied(), deny_reason);
Err(LemmyErrorType::RegistrationDenied(
registration_denied_message,
))?
} else {
Err(LemmyErrorType::RegistrationApplicationIsPending)?
}
}
Ok(())
}
pub fn check_private_instance_and_federation_enabled( pub fn check_private_instance_and_federation_enabled(
local_site: &LocalSite, local_site: &LocalSite,
) -> Result<(), LemmyError> { ) -> Result<(), LemmyError> {

4
crates/api_crud/src/comment/create.rs
Unescape Escape View File

@ -12,7 +12,6 @@ use lemmy_api_common::{
generate_local_apub_endpoint, generate_local_apub_endpoint,
get_post, get_post,
local_site_to_slur_regex, local_site_to_slur_regex,
local_user_view_from_jwt,
sanitize_html_api, sanitize_html_api,
EndpointType, EndpointType,
}, },
@ -28,6 +27,7 @@ use lemmy_db_schema::{
}, },
traits::{Crud, Likeable}, traits::{Crud, Likeable},
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
utils::{ utils::{
@ -43,8 +43,8 @@ const MAX_COMMENT_DEPTH_LIMIT: usize = 100;
pub async fn create_comment( pub async fn create_comment(
data: Json<CreateComment>, data: Json<CreateComment>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommentResponse>, LemmyError> { ) -> Result<Json<CommentResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let content = remove_slurs( let content = remove_slurs(

7
crates/api_crud/src/comment/delete.rs
Unescape Escape View File

@ -5,7 +5,7 @@ use lemmy_api_common::{
comment::{CommentResponse, DeleteComment}, comment::{CommentResponse, DeleteComment},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{check_community_ban, local_user_view_from_jwt}, utils::check_community_ban,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -14,16 +14,15 @@ use lemmy_db_schema::{
}, },
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::CommentView; use lemmy_db_views::structs::{CommentView, LocalUserView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn delete_comment( pub async fn delete_comment(
data: Json<DeleteComment>, data: Json<DeleteComment>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommentResponse>, LemmyError> { ) -> Result<Json<CommentResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let comment_id = data.comment_id; let comment_id = data.comment_id;
let orig_comment = CommentView::read(&mut context.pool(), comment_id, None).await?; let orig_comment = CommentView::read(&mut context.pool(), comment_id, None).await?;

5
crates/api_crud/src/comment/read.rs
Unescape Escape View File

@ -3,17 +3,18 @@ use lemmy_api_common::{
build_response::build_comment_response, build_response::build_comment_response,
comment::{CommentResponse, GetComment}, comment::{CommentResponse, GetComment},
context::LemmyContext, context::LemmyContext,
utils::{check_private_instance, local_user_view_from_jwt_opt}, utils::check_private_instance,
}; };
use lemmy_db_schema::source::local_site::LocalSite; use lemmy_db_schema::source::local_site::LocalSite;
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn get_comment( pub async fn get_comment(
data: Query<GetComment>, data: Query<GetComment>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: Option<LocalUserView>,
) -> Result<Json<CommentResponse>, LemmyError> { ) -> Result<Json<CommentResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt_opt(data.auth.as_ref(), &context).await;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
check_private_instance(&local_user_view, &local_site)?; check_private_instance(&local_user_view, &local_site)?;

7
crates/api_crud/src/comment/remove.rs
Unescape Escape View File

@ -5,7 +5,7 @@ use lemmy_api_common::{
comment::{CommentResponse, RemoveComment}, comment::{CommentResponse, RemoveComment},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{check_community_ban, is_mod_or_admin, local_user_view_from_jwt}, utils::{check_community_ban, is_mod_or_admin},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -15,16 +15,15 @@ use lemmy_db_schema::{
}, },
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::CommentView; use lemmy_db_views::structs::{CommentView, LocalUserView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn remove_comment( pub async fn remove_comment(
data: Json<RemoveComment>, data: Json<RemoveComment>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommentResponse>, LemmyError> { ) -> Result<Json<CommentResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let comment_id = data.comment_id; let comment_id = data.comment_id;
let orig_comment = CommentView::read(&mut context.pool(), comment_id, None).await?; let orig_comment = CommentView::read(&mut context.pool(), comment_id, None).await?;

11
crates/api_crud/src/comment/update.rs
Unescape Escape View File

@ -5,12 +5,7 @@ use lemmy_api_common::{
comment::{CommentResponse, EditComment}, comment::{CommentResponse, EditComment},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{ utils::{check_community_ban, local_site_to_slur_regex, sanitize_html_api_opt},
check_community_ban,
local_site_to_slur_regex,
local_user_view_from_jwt,
sanitize_html_api_opt,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -21,7 +16,7 @@ use lemmy_db_schema::{
traits::Crud, traits::Crud,
utils::naive_now, utils::naive_now,
}; };
use lemmy_db_views::structs::CommentView; use lemmy_db_views::structs::{CommentView, LocalUserView};
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
utils::{ utils::{
@ -35,8 +30,8 @@ use lemmy_utils::{
pub async fn update_comment( pub async fn update_comment(
data: Json<EditComment>, data: Json<EditComment>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommentResponse>, LemmyError> { ) -> Result<Json<CommentResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let comment_id = data.comment_id; let comment_id = data.comment_id;

5
crates/api_crud/src/community/create.rs
Unescape Escape View File

@ -11,7 +11,6 @@ use lemmy_api_common::{
generate_shared_inbox_url, generate_shared_inbox_url,
is_admin, is_admin,
local_site_to_slur_regex, local_site_to_slur_regex,
local_user_view_from_jwt,
sanitize_html_api, sanitize_html_api,
sanitize_html_api_opt, sanitize_html_api_opt,
EndpointType, EndpointType,
@ -32,7 +31,7 @@ use lemmy_db_schema::{
traits::{ApubActor, Crud, Followable, Joinable}, traits::{ApubActor, Crud, Followable, Joinable},
utils::diesel_option_overwrite_to_url_create, utils::diesel_option_overwrite_to_url_create,
}; };
use lemmy_db_views::structs::SiteView; use lemmy_db_views::structs::{LocalUserView, SiteView};
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
utils::{ utils::{
@ -45,8 +44,8 @@ use lemmy_utils::{
pub async fn create_community( pub async fn create_community(
data: Json<CreateCommunity>, data: Json<CreateCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommunityResponse>, LemmyError> { ) -> Result<Json<CommunityResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let site_view = SiteView::read_local(&mut context.pool()).await?; let site_view = SiteView::read_local(&mut context.pool()).await?;
let local_site = site_view.local_site; let local_site = site_view.local_site;

6
crates/api_crud/src/community/delete.rs
Unescape Escape View File

@ -5,12 +5,13 @@ use lemmy_api_common::{
community::{CommunityResponse, DeleteCommunity}, community::{CommunityResponse, DeleteCommunity},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{is_top_mod, local_user_view_from_jwt}, utils::is_top_mod,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::community::{Community, CommunityUpdateForm}, source::community::{Community, CommunityUpdateForm},
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::structs::CommunityModeratorView; use lemmy_db_views_actor::structs::CommunityModeratorView;
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
@ -18,9 +19,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn delete_community( pub async fn delete_community(
data: Json<DeleteCommunity>, data: Json<DeleteCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommunityResponse>, LemmyError> { ) -> Result<Json<CommunityResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Fetch the community mods // Fetch the community mods
let community_id = data.community_id; let community_id = data.community_id;
let community_mods = let community_mods =

5
crates/api_crud/src/community/list.rs
Unescape Escape View File

@ -2,9 +2,10 @@ use actix_web::web::{Data, Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
community::{ListCommunities, ListCommunitiesResponse}, community::{ListCommunities, ListCommunitiesResponse},
context::LemmyContext, context::LemmyContext,
utils::{check_private_instance, is_admin, local_user_view_from_jwt_opt}, utils::{check_private_instance, is_admin},
}; };
use lemmy_db_schema::source::local_site::LocalSite; use lemmy_db_schema::source::local_site::LocalSite;
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::community_view::CommunityQuery; use lemmy_db_views_actor::community_view::CommunityQuery;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
@ -12,8 +13,8 @@ use lemmy_utils::error::LemmyError;
pub async fn list_communities( pub async fn list_communities(
data: Query<ListCommunities>, data: Query<ListCommunities>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: Option<LocalUserView>,
) -> Result<Json<ListCommunitiesResponse>, LemmyError> { ) -> Result<Json<ListCommunitiesResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt_opt(data.auth.as_ref(), &context).await;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let is_admin = local_user_view let is_admin = local_user_view
.as_ref() .as_ref()

6
crates/api_crud/src/community/remove.rs
Unescape Escape View File

@ -5,7 +5,7 @@ use lemmy_api_common::{
community::{CommunityResponse, RemoveCommunity}, community::{CommunityResponse, RemoveCommunity},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{is_admin, local_user_view_from_jwt}, utils::is_admin,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -14,6 +14,7 @@ use lemmy_db_schema::{
}, },
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
utils::time::naive_from_unix, utils::time::naive_from_unix,
@ -23,9 +24,8 @@ use lemmy_utils::{
pub async fn remove_community( pub async fn remove_community(
data: Json<RemoveCommunity>, data: Json<RemoveCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommunityResponse>, LemmyError> { ) -> Result<Json<CommunityResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Verify its an admin (only an admin can remove a community) // Verify its an admin (only an admin can remove a community)
is_admin(&local_user_view)?; is_admin(&local_user_view)?;

5
crates/api_crud/src/community/update.rs
Unescape Escape View File

@ -5,7 +5,7 @@ use lemmy_api_common::{
community::{CommunityResponse, EditCommunity}, community::{CommunityResponse, EditCommunity},
context::LemmyContext, context::LemmyContext,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{local_site_to_slur_regex, local_user_view_from_jwt, sanitize_html_api_opt}, utils::{local_site_to_slur_regex, sanitize_html_api_opt},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
newtypes::PersonId, newtypes::PersonId,
@ -17,6 +17,7 @@ use lemmy_db_schema::{
traits::Crud, traits::Crud,
utils::{diesel_option_overwrite, diesel_option_overwrite_to_url, naive_now}, utils::{diesel_option_overwrite, diesel_option_overwrite_to_url, naive_now},
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::structs::CommunityModeratorView; use lemmy_db_views_actor::structs::CommunityModeratorView;
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
@ -27,8 +28,8 @@ use lemmy_utils::{
pub async fn update_community( pub async fn update_community(
data: Json<EditCommunity>, data: Json<EditCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CommunityResponse>, LemmyError> { ) -> Result<Json<CommunityResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let slur_regex = local_site_to_slur_regex(&local_site); let slur_regex = local_site_to_slur_regex(&local_site);

7
crates/api_crud/src/custom_emoji/create.rs
Unescape Escape View File

@ -3,23 +3,22 @@ use actix_web::web::Json;
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
custom_emoji::{CreateCustomEmoji, CustomEmojiResponse}, custom_emoji::{CreateCustomEmoji, CustomEmojiResponse},
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api}, utils::{is_admin, sanitize_html_api},
}; };
use lemmy_db_schema::source::{ use lemmy_db_schema::source::{
custom_emoji::{CustomEmoji, CustomEmojiInsertForm}, custom_emoji::{CustomEmoji, CustomEmojiInsertForm},
custom_emoji_keyword::{CustomEmojiKeyword, CustomEmojiKeywordInsertForm}, custom_emoji_keyword::{CustomEmojiKeyword, CustomEmojiKeywordInsertForm},
local_site::LocalSite, local_site::LocalSite,
}; };
use lemmy_db_views::structs::CustomEmojiView; use lemmy_db_views::structs::{CustomEmojiView, LocalUserView};
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn create_custom_emoji( pub async fn create_custom_emoji(
data: Json<CreateCustomEmoji>, data: Json<CreateCustomEmoji>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CustomEmojiResponse>, LemmyError> { ) -> Result<Json<CustomEmojiResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
// Make sure user is an admin // Make sure user is an admin
is_admin(&local_user_view)?; is_admin(&local_user_view)?;

6
crates/api_crud/src/custom_emoji/delete.rs
Unescape Escape View File

@ -3,18 +3,18 @@ use actix_web::web::Json;
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
custom_emoji::{DeleteCustomEmoji, DeleteCustomEmojiResponse}, custom_emoji::{DeleteCustomEmoji, DeleteCustomEmojiResponse},
utils::{is_admin, local_user_view_from_jwt}, utils::is_admin,
}; };
use lemmy_db_schema::source::custom_emoji::CustomEmoji; use lemmy_db_schema::source::custom_emoji::CustomEmoji;
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn delete_custom_emoji( pub async fn delete_custom_emoji(
data: Json<DeleteCustomEmoji>, data: Json<DeleteCustomEmoji>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<DeleteCustomEmojiResponse>, LemmyError> { ) -> Result<Json<DeleteCustomEmojiResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Make sure user is an admin // Make sure user is an admin
is_admin(&local_user_view)?; is_admin(&local_user_view)?;
CustomEmoji::delete(&mut context.pool(), data.id).await?; CustomEmoji::delete(&mut context.pool(), data.id).await?;

7
crates/api_crud/src/custom_emoji/update.rs
Unescape Escape View File

@ -3,23 +3,22 @@ use actix_web::web::Json;
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
custom_emoji::{CustomEmojiResponse, EditCustomEmoji}, custom_emoji::{CustomEmojiResponse, EditCustomEmoji},
utils::{is_admin, local_user_view_from_jwt, sanitize_html_api}, utils::{is_admin, sanitize_html_api},
}; };
use lemmy_db_schema::source::{ use lemmy_db_schema::source::{
custom_emoji::{CustomEmoji, CustomEmojiUpdateForm}, custom_emoji::{CustomEmoji, CustomEmojiUpdateForm},
custom_emoji_keyword::{CustomEmojiKeyword, CustomEmojiKeywordInsertForm}, custom_emoji_keyword::{CustomEmojiKeyword, CustomEmojiKeywordInsertForm},
local_site::LocalSite, local_site::LocalSite,
}; };
use lemmy_db_views::structs::CustomEmojiView; use lemmy_db_views::structs::{CustomEmojiView, LocalUserView};
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn update_custom_emoji( pub async fn update_custom_emoji(
data: Json<EditCustomEmoji>, data: Json<EditCustomEmoji>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<CustomEmojiResponse>, LemmyError> { ) -> Result<Json<CustomEmojiResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
// Make sure user is an admin // Make sure user is an admin
is_admin(&local_user_view)?; is_admin(&local_user_view)?;

4
crates/api_crud/src/post/create.rs
Unescape Escape View File

@ -12,7 +12,6 @@ use lemmy_api_common::{
generate_local_apub_endpoint, generate_local_apub_endpoint,
honeypot_check, honeypot_check,
local_site_to_slur_regex, local_site_to_slur_regex,
local_user_view_from_jwt,
mark_post_as_read, mark_post_as_read,
sanitize_html_api, sanitize_html_api,
sanitize_html_api_opt, sanitize_html_api_opt,
@ -29,6 +28,7 @@ use lemmy_db_schema::{
}, },
traits::{Crud, Likeable}, traits::{Crud, Likeable},
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_db_views_actor::structs::CommunityView; use lemmy_db_views_actor::structs::CommunityView;
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
@ -46,8 +46,8 @@ use webmention::{Webmention, WebmentionError};
pub async fn create_post( pub async fn create_post(
data: Json<CreatePost>, data: Json<CreatePost>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PostResponse>, LemmyError> { ) -> Result<Json<PostResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let slur_regex = local_site_to_slur_regex(&local_site); let slur_regex = local_site_to_slur_regex(&local_site);

6
crates/api_crud/src/post/delete.rs
Unescape Escape View File

@ -5,21 +5,21 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
post::{DeletePost, PostResponse}, post::{DeletePost, PostResponse},
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{check_community_ban, check_community_deleted_or_removed, local_user_view_from_jwt}, utils::{check_community_ban, check_community_deleted_or_removed},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::post::{Post, PostUpdateForm}, source::post::{Post, PostUpdateForm},
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::{LemmyError, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn delete_post( pub async fn delete_post(
data: Json<DeletePost>, data: Json<DeletePost>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PostResponse>, LemmyError> { ) -> Result<Json<PostResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let post_id = data.post_id; let post_id = data.post_id;
let orig_post = Post::read(&mut context.pool(), post_id).await?; let orig_post = Post::read(&mut context.pool(), post_id).await?;

14
crates/api_crud/src/post/read.rs
Unescape Escape View File

@ -2,19 +2,17 @@ use actix_web::web::{Data, Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
post::{GetPost, GetPostResponse}, post::{GetPost, GetPostResponse},
utils::{ utils::{check_private_instance, is_mod_or_admin_opt, mark_post_as_read},
check_private_instance,
is_mod_or_admin_opt,
local_user_view_from_jwt_opt,
mark_post_as_read,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
aggregates::structs::{PersonPostAggregates, PersonPostAggregatesForm}, aggregates::structs::{PersonPostAggregates, PersonPostAggregatesForm},
source::{comment::Comment, local_site::LocalSite, post::Post}, source::{comment::Comment, local_site::LocalSite, post::Post},
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::{post_view::PostQuery, structs::PostView}; use lemmy_db_views::{
post_view::PostQuery,
structs::{LocalUserView, PostView},
};
use lemmy_db_views_actor::structs::{CommunityModeratorView, CommunityView}; use lemmy_db_views_actor::structs::{CommunityModeratorView, CommunityView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
@ -22,8 +20,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn get_post( pub async fn get_post(
data: Query<GetPost>, data: Query<GetPost>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: Option<LocalUserView>,
) -> Result<Json<GetPostResponse>, LemmyError> { ) -> Result<Json<GetPostResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt_opt(data.auth.as_ref(), &context).await;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
check_private_instance(&local_user_view, &local_site)?; check_private_instance(&local_user_view, &local_site)?;

6
crates/api_crud/src/post/remove.rs
Unescape Escape View File

@ -5,7 +5,7 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
post::{PostResponse, RemovePost}, post::{PostResponse, RemovePost},
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{check_community_ban, is_mod_or_admin, local_user_view_from_jwt}, utils::{check_community_ban, is_mod_or_admin},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -14,15 +14,15 @@ use lemmy_db_schema::{
}, },
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn remove_post( pub async fn remove_post(
data: Json<RemovePost>, data: Json<RemovePost>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PostResponse>, LemmyError> { ) -> Result<Json<PostResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let post_id = data.post_id; let post_id = data.post_id;
let orig_post = Post::read(&mut context.pool(), post_id).await?; let orig_post = Post::read(&mut context.pool(), post_id).await?;

10
crates/api_crud/src/post/update.rs
Unescape Escape View File

@ -6,12 +6,7 @@ use lemmy_api_common::{
post::{EditPost, PostResponse}, post::{EditPost, PostResponse},
request::fetch_site_data, request::fetch_site_data,
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{ utils::{check_community_ban, local_site_to_slur_regex, sanitize_html_api_opt},
check_community_ban,
local_site_to_slur_regex,
local_user_view_from_jwt,
sanitize_html_api_opt,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -22,6 +17,7 @@ use lemmy_db_schema::{
traits::Crud, traits::Crud,
utils::{diesel_option_overwrite, naive_now}, utils::{diesel_option_overwrite, naive_now},
}; };
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
utils::{ utils::{
@ -35,8 +31,8 @@ use std::ops::Deref;
pub async fn update_post( pub async fn update_post(
data: Json<EditPost>, data: Json<EditPost>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PostResponse>, LemmyError> { ) -> Result<Json<PostResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let data_url = data.url.as_ref(); let data_url = data.url.as_ref();

3
crates/api_crud/src/private_message/create.rs
Unescape Escape View File

@ -9,7 +9,6 @@ use lemmy_api_common::{
generate_local_apub_endpoint, generate_local_apub_endpoint,
get_interface_language, get_interface_language,
local_site_to_slur_regex, local_site_to_slur_regex,
local_user_view_from_jwt,
sanitize_html_api, sanitize_html_api,
send_email_to_user, send_email_to_user,
EndpointType, EndpointType,
@ -32,8 +31,8 @@ use lemmy_utils::{
pub async fn create_private_message( pub async fn create_private_message(
data: Json<CreatePrivateMessage>, data: Json<CreatePrivateMessage>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PrivateMessageResponse>, LemmyError> { ) -> Result<Json<PrivateMessageResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
let content = sanitize_html_api(&data.content); let content = sanitize_html_api(&data.content);

6
crates/api_crud/src/private_message/delete.rs
Unescape Escape View File

@ -4,22 +4,20 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
private_message::{DeletePrivateMessage, PrivateMessageResponse}, private_message::{DeletePrivateMessage, PrivateMessageResponse},
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::private_message::{PrivateMessage, PrivateMessageUpdateForm}, source::private_message::{PrivateMessage, PrivateMessageUpdateForm},
traits::Crud, traits::Crud,
}; };
use lemmy_db_views::structs::PrivateMessageView; use lemmy_db_views::structs::{LocalUserView, PrivateMessageView};
use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn delete_private_message( pub async fn delete_private_message(
data: Json<DeletePrivateMessage>, data: Json<DeletePrivateMessage>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PrivateMessageResponse>, LemmyError> { ) -> Result<Json<PrivateMessageResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
// Checking permissions // Checking permissions
let private_message_id = data.private_message_id; let private_message_id = data.private_message_id;
let orig_private_message = PrivateMessage::read(&mut context.pool(), private_message_id).await?; let orig_private_message = PrivateMessage::read(&mut context.pool(), private_message_id).await?;

5
crates/api_crud/src/private_message/read.rs
Unescape Escape View File

@ -2,17 +2,16 @@ use actix_web::web::{Data, Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
private_message::{GetPrivateMessages, PrivateMessagesResponse}, private_message::{GetPrivateMessages, PrivateMessagesResponse},
utils::local_user_view_from_jwt,
}; };
use lemmy_db_views::private_message_view::PrivateMessageQuery; use lemmy_db_views::{private_message_view::PrivateMessageQuery, structs::LocalUserView};
use lemmy_utils::error::LemmyError; use lemmy_utils::error::LemmyError;
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn get_private_message( pub async fn get_private_message(
data: Query<GetPrivateMessages>, data: Query<GetPrivateMessages>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PrivateMessagesResponse>, LemmyError> { ) -> Result<Json<PrivateMessagesResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(data.auth.as_ref(), &context).await?;
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;
let page = data.page; let page = data.page;

6
crates/api_crud/src/private_message/update.rs
Unescape Escape View File

@ -4,7 +4,7 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
private_message::{EditPrivateMessage, PrivateMessageResponse}, private_message::{EditPrivateMessage, PrivateMessageResponse},
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{local_site_to_slur_regex, local_user_view_from_jwt, sanitize_html_api}, utils::{local_site_to_slur_regex, sanitize_html_api},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -14,7 +14,7 @@ use lemmy_db_schema::{
traits::Crud, traits::Crud,
utils::naive_now, utils::naive_now,
}; };
use lemmy_db_views::structs::PrivateMessageView; use lemmy_db_views::structs::{LocalUserView, PrivateMessageView};
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
utils::{slurs::remove_slurs, validation::is_valid_body_field}, utils::{slurs::remove_slurs, validation::is_valid_body_field},
@ -24,8 +24,8 @@ use lemmy_utils::{
pub async fn update_private_message( pub async fn update_private_message(
data: Json<EditPrivateMessage>, data: Json<EditPrivateMessage>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<PrivateMessageResponse>, LemmyError> { ) -> Result<Json<PrivateMessageResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
// Checking permissions // Checking permissions

6
crates/api_crud/src/site/create.rs
Unescape Escape View File

@ -8,7 +8,6 @@ use lemmy_api_common::{
generate_site_inbox_url, generate_site_inbox_url,
is_admin, is_admin,
local_site_rate_limit_to_rate_limit_config, local_site_rate_limit_to_rate_limit_config,
local_user_view_from_jwt,
sanitize_html_api, sanitize_html_api,
sanitize_html_api_opt, sanitize_html_api_opt,
}, },
@ -24,7 +23,7 @@ use lemmy_db_schema::{
traits::Crud, traits::Crud,
utils::{diesel_option_overwrite, diesel_option_overwrite_to_url, naive_now}, utils::{diesel_option_overwrite, diesel_option_overwrite_to_url, naive_now},
}; };
use lemmy_db_views::structs::SiteView; use lemmy_db_views::structs::{LocalUserView, SiteView};
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorType, LemmyResult}, error::{LemmyError, LemmyErrorType, LemmyResult},
utils::{ utils::{
@ -44,8 +43,8 @@ use url::Url;
pub async fn create_site( pub async fn create_site(
data: Json<CreateSite>, data: Json<CreateSite>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<SiteResponse>, LemmyError> { ) -> Result<Json<SiteResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
// Make sure user is an admin; other types of users should not create site data... // Make sure user is an admin; other types of users should not create site data...
@ -589,7 +588,6 @@ mod tests {
blocked_instances: None, blocked_instances: None,
taglines: None, taglines: None,
registration_mode: site_registration_mode, registration_mode: site_registration_mode,
auth: Default::default(),
} }
} }
} }

53
crates/api_crud/src/site/read.rs
Unescape Escape View File

@ -1,17 +1,12 @@
use actix_web::web::{Data, Json, Query}; use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
sensitive::Sensitive, site::{GetSiteResponse, MyUserInfo},
site::{GetSite, GetSiteResponse, MyUserInfo},
utils::{check_user_valid, check_validator_time},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::source::{
newtypes::LocalUserId, actor_language::{LocalUserLanguage, SiteLanguage},
source::{ language::Language,
actor_language::{LocalUserLanguage, SiteLanguage}, tagline::Tagline,
language::Language,
tagline::Tagline,
},
}; };
use lemmy_db_views::structs::{CustomEmojiView, LocalUserView, SiteView}; use lemmy_db_views::structs::{CustomEmojiView, LocalUserView, SiteView};
use lemmy_db_views_actor::structs::{ use lemmy_db_views_actor::structs::{
@ -23,24 +18,21 @@ use lemmy_db_views_actor::structs::{
PersonView, PersonView,
}; };
use lemmy_utils::{ use lemmy_utils::{
claims::Claims,
error::{LemmyError, LemmyErrorExt, LemmyErrorType}, error::{LemmyError, LemmyErrorExt, LemmyErrorType},
version, version,
}; };
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn get_site( pub async fn get_site(
data: Query<GetSite>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: Option<LocalUserView>,
) -> Result<Json<GetSiteResponse>, LemmyError> { ) -> Result<Json<GetSiteResponse>, LemmyError> {
let site_view = SiteView::read_local(&mut context.pool()).await?; let site_view = SiteView::read_local(&mut context.pool()).await?;
let admins = PersonView::admins(&mut context.pool()).await?; let admins = PersonView::admins(&mut context.pool()).await?;
// Build the local user // Build the local user
let my_user = if let Some(local_user_view) = let my_user = if let Some(local_user_view) = local_user_view {
local_user_settings_view_from_jwt_opt(data.auth.as_ref(), &context).await
{
let person_id = local_user_view.person.id; let person_id = local_user_view.person.id;
let local_user_id = local_user_view.local_user.id; let local_user_id = local_user_view.local_user.id;
@ -100,32 +92,3 @@ pub async fn get_site(
custom_emojis, custom_emojis,
})) }))
} }
#[tracing::instrument(skip_all)]
async fn local_user_settings_view_from_jwt_opt(
jwt: Option<&Sensitive<String>>,
context: &LemmyContext,
) -> Option<LocalUserView> {
match jwt {
Some(jwt) => {
let claims = Claims::decode(jwt.as_ref(), &context.secret().jwt_secret)
.ok()?
.claims;
let local_user_id = LocalUserId(claims.sub);
let local_user_view = LocalUserView::read(&mut context.pool(), local_user_id)
.await
.ok()?;
check_user_valid(
local_user_view.person.banned,
local_user_view.person.ban_expires,
local_user_view.person.deleted,
)
.ok()?;
check_validator_time(&local_user_view.local_user.validator_time, &claims).ok()?;
Some(local_user_view)
}
None => None,
}
}

12
crates/api_crud/src/site/update.rs
Unescape Escape View File

@ -3,12 +3,7 @@ use actix_web::web::{Data, Json};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
site::{EditSite, SiteResponse}, site::{EditSite, SiteResponse},
utils::{ utils::{is_admin, local_site_rate_limit_to_rate_limit_config, sanitize_html_api_opt},
is_admin,
local_site_rate_limit_to_rate_limit_config,
local_user_view_from_jwt,
sanitize_html_api_opt,
},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{ source::{
@ -25,7 +20,7 @@ use lemmy_db_schema::{
utils::{diesel_option_overwrite, diesel_option_overwrite_to_url, naive_now}, utils::{diesel_option_overwrite, diesel_option_overwrite_to_url, naive_now},
RegistrationMode, RegistrationMode,
}; };
use lemmy_db_views::structs::SiteView; use lemmy_db_views::structs::{LocalUserView, SiteView};
use lemmy_utils::{ use lemmy_utils::{
error::{LemmyError, LemmyErrorExt, LemmyErrorType, LemmyResult}, error::{LemmyError, LemmyErrorExt, LemmyErrorType, LemmyResult},
utils::{ utils::{
@ -44,8 +39,8 @@ use lemmy_utils::{
pub async fn update_site( pub async fn update_site(
data: Json<EditSite>, data: Json<EditSite>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<SiteResponse>, LemmyError> { ) -> Result<Json<SiteResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(&data.auth, &context).await?;
let site_view = SiteView::read_local(&mut context.pool()).await?; let site_view = SiteView::read_local(&mut context.pool()).await?;
let local_site = site_view.local_site; let local_site = site_view.local_site;
let site = site_view.site; let site = site_view.site;
@ -588,7 +583,6 @@ mod tests {
taglines: None, taglines: None,
registration_mode: site_registration_mode, registration_mode: site_registration_mode,
reports_email_admins: None, reports_email_admins: None,
auth: Default::default(),
} }
} }
} }

6
crates/api_crud/src/user/delete.rs
Unescape Escape View File

@ -5,18 +5,18 @@ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{DeleteAccount, DeleteAccountResponse}, person::{DeleteAccount, DeleteAccountResponse},
send_activity::{ActivityChannel, SendActivityData}, send_activity::{ActivityChannel, SendActivityData},
utils::{local_user_view_from_jwt, purge_user_account}, utils::purge_user_account,
}; };
use lemmy_db_schema::source::person::Person; use lemmy_db_schema::source::person::Person;
use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::error::{LemmyError, LemmyErrorType}; use lemmy_utils::error::{LemmyError, LemmyErrorType};
#[tracing::instrument(skip(context))] #[tracing::instrument(skip(context))]
pub async fn delete_account( pub async fn delete_account(
data: Json<DeleteAccount>, data: Json<DeleteAccount>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
local_user_view: LocalUserView,
) -> Result<Json<DeleteAccountResponse>, LemmyError> { ) -> Result<Json<DeleteAccountResponse>, LemmyError> {
let local_user_view = local_user_view_from_jwt(data.auth.as_ref(), &context).await?;
// Verify the password // Verify the password
let valid: bool = verify( let valid: bool = verify(
&data.password, &data.password,

5
crates/apub/src/api/list_comments.rs
Unescape Escape View File

@ -8,7 +8,7 @@ use actix_web::web::{Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
comment::{GetComments, GetCommentsResponse}, comment::{GetComments, GetCommentsResponse},
context::LemmyContext, context::LemmyContext,
utils::{check_private_instance, local_user_view_from_jwt_opt_new}, utils::check_private_instance,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{comment::Comment, community::Community, local_site::LocalSite}, source::{comment::Comment, community::Community, local_site::LocalSite},
@ -21,9 +21,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn list_comments( pub async fn list_comments(
data: Query<GetComments>, data: Query<GetComments>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
mut local_user_view: Option<LocalUserView>, local_user_view: Option<LocalUserView>,
) -> Result<Json<GetCommentsResponse>, LemmyError> { ) -> Result<Json<GetCommentsResponse>, LemmyError> {
local_user_view_from_jwt_opt_new(&mut local_user_view, data.auth.as_ref(), &context).await;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
check_private_instance(&local_user_view, &local_site)?; check_private_instance(&local_user_view, &local_site)?;

5
crates/apub/src/api/list_posts.rs
Unescape Escape View File

@ -8,7 +8,7 @@ use actix_web::web::{Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
post::{GetPosts, GetPostsResponse}, post::{GetPosts, GetPostsResponse},
utils::{check_private_instance, local_user_view_from_jwt_opt_new}, utils::check_private_instance,
}; };
use lemmy_db_schema::source::{community::Community, local_site::LocalSite}; use lemmy_db_schema::source::{community::Community, local_site::LocalSite};
use lemmy_db_views::{ use lemmy_db_views::{
@ -21,9 +21,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorType};
pub async fn list_posts( pub async fn list_posts(
data: Query<GetPosts>, data: Query<GetPosts>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
mut local_user_view: Option<LocalUserView>, local_user_view: Option<LocalUserView>,
) -> Result<Json<GetPostsResponse>, LemmyError> { ) -> Result<Json<GetPostsResponse>, LemmyError> {
local_user_view_from_jwt_opt_new(&mut local_user_view, data.auth.as_ref(), &context).await;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
check_private_instance(&local_user_view, &local_site)?; check_private_instance(&local_user_view, &local_site)?;

5
crates/apub/src/api/read_community.rs
Unescape Escape View File

@ -4,7 +4,7 @@ use actix_web::web::{Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
community::{GetCommunity, GetCommunityResponse}, community::{GetCommunity, GetCommunityResponse},
context::LemmyContext, context::LemmyContext,
utils::{check_private_instance, is_mod_or_admin_opt, local_user_view_from_jwt_opt_new}, utils::{check_private_instance, is_mod_or_admin_opt},
}; };
use lemmy_db_schema::source::{ use lemmy_db_schema::source::{
actor_language::CommunityLanguage, actor_language::CommunityLanguage,
@ -20,9 +20,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt, LemmyErrorExt2, LemmyErrorTy
pub async fn get_community( pub async fn get_community(
data: Query<GetCommunity>, data: Query<GetCommunity>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
mut local_user_view: Option<LocalUserView>, local_user_view: Option<LocalUserView>,
) -> Result<Json<GetCommunityResponse>, LemmyError> { ) -> Result<Json<GetCommunityResponse>, LemmyError> {
local_user_view_from_jwt_opt_new(&mut local_user_view, data.auth.as_ref(), &context).await;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
if data.name.is_none() && data.id.is_none() { if data.name.is_none() && data.id.is_none() {

5
crates/apub/src/api/read_person.rs
Unescape Escape View File

@ -4,7 +4,7 @@ use actix_web::web::{Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
person::{GetPersonDetails, GetPersonDetailsResponse}, person::{GetPersonDetails, GetPersonDetailsResponse},
utils::{check_private_instance, local_user_view_from_jwt_opt_new}, utils::check_private_instance,
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{local_site::LocalSite, person::Person}, source::{local_site::LocalSite, person::Person},
@ -18,14 +18,13 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt2, LemmyErrorType};
pub async fn read_person( pub async fn read_person(
data: Query<GetPersonDetails>, data: Query<GetPersonDetails>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
mut local_user_view: Option<LocalUserView>, local_user_view: Option<LocalUserView>,
) -> Result<Json<GetPersonDetailsResponse>, LemmyError> { ) -> Result<Json<GetPersonDetailsResponse>, LemmyError> {
// Check to make sure a person name or an id is given // Check to make sure a person name or an id is given
if data.username.is_none() && data.person_id.is_none() { if data.username.is_none() && data.person_id.is_none() {
Err(LemmyErrorType::NoIdGiven)? Err(LemmyErrorType::NoIdGiven)?
} }
local_user_view_from_jwt_opt_new(&mut local_user_view, data.auth.as_ref(), &context).await;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
check_private_instance(&local_user_view, &local_site)?; check_private_instance(&local_user_view, &local_site)?;

5
crates/apub/src/api/resolve_object.rs
Unescape Escape View File

@ -9,7 +9,7 @@ use diesel::NotFound;
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
site::{ResolveObject, ResolveObjectResponse}, site::{ResolveObject, ResolveObjectResponse},
utils::{check_private_instance, local_user_view_from_jwt_opt_new}, utils::check_private_instance,
}; };
use lemmy_db_schema::{newtypes::PersonId, source::local_site::LocalSite, utils::DbPool}; use lemmy_db_schema::{newtypes::PersonId, source::local_site::LocalSite, utils::DbPool};
use lemmy_db_views::structs::{CommentView, LocalUserView, PostView}; use lemmy_db_views::structs::{CommentView, LocalUserView, PostView};
@ -20,9 +20,8 @@ use lemmy_utils::error::{LemmyError, LemmyErrorExt2, LemmyErrorType};
pub async fn resolve_object( pub async fn resolve_object(
data: Query<ResolveObject>, data: Query<ResolveObject>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
mut local_user_view: Option<LocalUserView>, local_user_view: Option<LocalUserView>,
) -> Result<Json<ResolveObjectResponse>, LemmyError> { ) -> Result<Json<ResolveObjectResponse>, LemmyError> {
local_user_view_from_jwt_opt_new(&mut local_user_view, data.auth.as_ref(), &context).await;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
check_private_instance(&local_user_view, &local_site)?; check_private_instance(&local_user_view, &local_site)?;
let person_id = local_user_view.map(|v| v.person.id); let person_id = local_user_view.map(|v| v.person.id);

5
crates/apub/src/api/search.rs
Unescape Escape View File

@ -4,7 +4,7 @@ use actix_web::web::{Json, Query};
use lemmy_api_common::{ use lemmy_api_common::{
context::LemmyContext, context::LemmyContext,
site::{Search, SearchResponse}, site::{Search, SearchResponse},
utils::{check_private_instance, is_admin, local_user_view_from_jwt_opt_new}, utils::{check_private_instance, is_admin},
}; };
use lemmy_db_schema::{ use lemmy_db_schema::{
source::{community::Community, local_site::LocalSite}, source::{community::Community, local_site::LocalSite},
@ -19,9 +19,8 @@ use lemmy_utils::error::LemmyError;
pub async fn search( pub async fn search(
data: Query<Search>, data: Query<Search>,
context: Data<LemmyContext>, context: Data<LemmyContext>,
mut local_user_view: Option<LocalUserView>, local_user_view: Option<LocalUserView>,
) -> Result<Json<SearchResponse>, LemmyError> { ) -> Result<Json<SearchResponse>, LemmyError> {
local_user_view_from_jwt_opt_new(&mut local_user_view, data.auth.as_ref(), &context).await;
let local_site = LocalSite::read(&mut context.pool()).await?; let local_site = LocalSite::read(&mut context.pool()).await?;
check_private_instance(&local_user_view, &local_site)?; check_private_instance(&local_user_view, &local_site)?;

41
crates/routes/src/images.rs
Unescape Escape View File

@ -11,15 +11,13 @@ use actix_web::{
HttpResponse, HttpResponse,
}; };
use futures::stream::{Stream, StreamExt}; use futures::stream::{Stream, StreamExt};
use lemmy_api_common::{context::LemmyContext, utils::local_user_view_from_jwt}; use lemmy_api_common::context::LemmyContext;
use lemmy_db_schema::{ use lemmy_db_schema::source::{
newtypes::LocalUserId, image_upload::{ImageUpload, ImageUploadForm},
source::{ local_site::LocalSite,
image_upload::{ImageUpload, ImageUploadForm},
local_site::LocalSite,
},
}; };
use lemmy_utils::{claims::Claims, rate_limit::RateLimitCell, REQWEST_TIMEOUT}; use lemmy_db_views::structs::LocalUserView;
use lemmy_utils::{rate_limit::RateLimitCell, REQWEST_TIMEOUT};
use reqwest::Body; use reqwest::Body;
use reqwest_middleware::{ClientWithMiddleware, RequestBuilder}; use reqwest_middleware::{ClientWithMiddleware, RequestBuilder};
use serde::{Deserialize, Serialize}; use serde::{Deserialize, Serialize};
@ -96,15 +94,10 @@ async fn upload(
body: web::Payload, body: web::Payload,
client: web::Data<ClientWithMiddleware>, client: web::Data<ClientWithMiddleware>,
context: web::Data<LemmyContext>, context: web::Data<LemmyContext>,
// require login
local_user_view: LocalUserView,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
// TODO: check rate limit here // TODO: check rate limit here
let jwt = req.cookie("jwt").ok_or(error::ErrorUnauthorized(
"No auth header for picture upload",
))?;
let claims = Claims::decode(jwt.value(), &context.secret().jwt_secret);
if claims.is_err() {
return Ok(HttpResponse::Unauthorized().finish());
};
let pictrs_config = context.settings().pictrs_config()?; let pictrs_config = context.settings().pictrs_config()?;
let image_url = format!("{}image", pictrs_config.url); let image_url = format!("{}image", pictrs_config.url);
@ -123,10 +116,9 @@ async fn upload(
let status = res.status(); let status = res.status();
let images = res.json::<Images>().await.map_err(error::ErrorBadRequest)?; let images = res.json::<Images>().await.map_err(error::ErrorBadRequest)?;
if let Some(images) = &images.files { if let Some(images) = &images.files {
let local_user_id = LocalUserId(claims?.claims.sub);
for uploaded_image in images { for uploaded_image in images {
let form = ImageUploadForm { let form = ImageUploadForm {
local_user_id, local_user_id: local_user_view.local_user.id,
pictrs_alias: uploaded_image.file.to_string(), pictrs_alias: uploaded_image.file.to_string(),
pictrs_delete_token: uploaded_image.delete_token.to_string(), pictrs_delete_token: uploaded_image.delete_token.to_string(),
}; };
@ -145,21 +137,14 @@ async fn full_res(
req: HttpRequest, req: HttpRequest,
client: web::Data<ClientWithMiddleware>, client: web::Data<ClientWithMiddleware>,
context: web::Data<LemmyContext>, context: web::Data<LemmyContext>,
local_user_view: Option<LocalUserView>,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
// block access to images if instance is private and unauthorized, public // block access to images if instance is private and unauthorized, public
let local_site = LocalSite::read(&mut context.pool()) let local_site = LocalSite::read(&mut context.pool())
.await .await
.map_err(error::ErrorBadRequest)?; .map_err(error::ErrorBadRequest)?;
if local_site.private_instance { if local_site.private_instance && local_user_view.is_none() {
let jwt = req.cookie("jwt").ok_or(error::ErrorUnauthorized( return Ok(HttpResponse::Unauthorized().finish());
"No auth header for picture access",
))?;
if local_user_view_from_jwt(jwt.value(), &context)
.await
.is_err()
{
return Ok(HttpResponse::Unauthorized().finish());
};
} }
let name = &filename.into_inner(); let name = &filename.into_inner();
@ -219,6 +204,8 @@ async fn delete(
req: HttpRequest, req: HttpRequest,
client: web::Data<ClientWithMiddleware>, client: web::Data<ClientWithMiddleware>,
context: web::Data<LemmyContext>, context: web::Data<LemmyContext>,
// require login
_local_user_view: LocalUserView,
) -> Result<HttpResponse, Error> { ) -> Result<HttpResponse, Error> {
let (token, file) = components.into_inner(); let (token, file) = components.into_inner();

118
src/session_middleware.rs
Unescape Escape View File

@ -6,10 +6,19 @@ use actix_web::{
Error, Error,
HttpMessage, HttpMessage,
}; };
use chrono::{DateTime, Utc};
use core::future::Ready; use core::future::Ready;
use futures_util::future::LocalBoxFuture; use futures_util::future::LocalBoxFuture;
use lemmy_api_common::{context::LemmyContext, utils::local_user_view_from_jwt}; use lemmy_api_common::{
use lemmy_utils::error::{LemmyError, LemmyErrorType}; context::LemmyContext,
lemmy_db_views::structs::LocalUserView,
utils::check_user_valid,
};
use lemmy_db_schema::newtypes::LocalUserId;
use lemmy_utils::{
claims::Claims,
error::{LemmyError, LemmyErrorExt2, LemmyErrorType},
};
use reqwest::header::HeaderValue; use reqwest::header::HeaderValue;
use std::{future::ready, rc::Rc}; use std::{future::ready, rc::Rc};
@ -118,3 +127,108 @@ where
}) })
} }
} }
#[tracing::instrument(skip_all)]
async fn local_user_view_from_jwt(
jwt: &str,
context: &LemmyContext,
) -> Result<LocalUserView, LemmyError> {
let claims = Claims::decode(jwt, &context.secret().jwt_secret)
.with_lemmy_type(LemmyErrorType::NotLoggedIn)?
.claims;
let local_user_id = LocalUserId(claims.sub);
let local_user_view = LocalUserView::read(&mut context.pool(), local_user_id).await?;
check_user_valid(
local_user_view.person.banned,
local_user_view.person.ban_expires,
local_user_view.person.deleted,
)?;
check_validator_time(&local_user_view.local_user.validator_time, &claims)?;
Ok(local_user_view)
}
/// Checks if user's token was issued before user's password reset.
fn check_validator_time(validator_time: &DateTime<Utc>, claims: &Claims) -> Result<(), LemmyError> {
let user_validation_time = validator_time.timestamp();
if user_validation_time > claims.iat {
Err(LemmyErrorType::NotLoggedIn)?
} else {
Ok(())
}
}
#[cfg(test)]
mod tests {
#![allow(clippy::unwrap_used)]
#![allow(clippy::indexing_slicing)]
use super::*;
use lemmy_db_schema::{
source::{
instance::Instance,
local_user::{LocalUser, LocalUserInsertForm},
person::{Person, PersonInsertForm},
secret::Secret,
},
traits::Crud,
utils::build_db_pool_for_tests,
};
use lemmy_utils::{claims::Claims, settings::SETTINGS};
use serial_test::serial;
use std::env;
#[tokio::test]
#[serial]
async fn test_session_auth() {
let pool = &build_db_pool_for_tests().await;
let pool = &mut pool.into();
let secret = Secret::init(pool).await.unwrap();
// test.sh sets `LEMMY_CONFIG_LOCATION=../../config/config.hjson` for code under crates folder.
// this results in a config not found error, so we need to unset this var and use default.
env::remove_var("LEMMY_CONFIG_LOCATION");
let settings = &SETTINGS.to_owned();
let inserted_instance = Instance::read_or_create(pool, "my_domain.tld".to_string())
.await
.unwrap();
let new_person = PersonInsertForm::builder()
.name("Gerry9812".into())
.public_key("pubkey".to_string())
.instance_id(inserted_instance.id)
.build();
let inserted_person = Person::create(pool, &new_person).await.unwrap();
let local_user_form = LocalUserInsertForm::builder()
.person_id(inserted_person.id)
.password_encrypted("123456".to_string())
.build();
let inserted_local_user = LocalUser::create(pool, &local_user_form).await.unwrap();
let jwt = Claims::jwt(
inserted_local_user.id.0,
&secret.jwt_secret,
&settings.hostname,
)
.unwrap();
let claims = Claims::decode(&jwt, &secret.jwt_secret).unwrap().claims;
let check = check_validator_time(&inserted_local_user.validator_time, &claims);
assert!(check.is_ok());
// The check should fail, since the validator time is now newer than the jwt issue time
let updated_local_user =
LocalUser::update_password(pool, inserted_local_user.id, "password111")
.await
.unwrap();
let check_after = check_validator_time(&updated_local_user.validator_time, &claims);
assert!(check_after.is_err());
let num_deleted = Person::delete(pool, inserted_person.id).await.unwrap();
assert_eq!(1, num_deleted);
}
}

Write Preview
Loading…
Cancel
Save