createStatusController: prevent non-public posts

This commit is contained in:
Alex Gleason 2023-07-02 01:13:17 -05:00
parent 22ea907e86
commit 6a20df2704
No known key found for this signature in database
GPG Key ID: 7211D1F99744FBB7
2 changed files with 18 additions and 6 deletions

View File

@ -1,12 +1,20 @@
import { type AppContext, AppController } from '@/app.ts'; import { type AppController } from '@/app.ts';
import { getAncestors, getDescendants, getEvent, publish } from '@/client.ts'; import { getAncestors, getDescendants, getEvent, publish } from '@/client.ts';
import { Kind, validator, z } from '@/deps.ts'; import { Kind, z } from '@/deps.ts';
import { type Event } from '@/event.ts'; import { type Event } from '@/event.ts';
import { signEvent } from '@/sign.ts'; import { signEvent } from '@/sign.ts';
import { toStatus } from '@/transmute.ts'; import { toStatus } from '@/transmute.ts';
import { parseBody } from '@/utils.ts';
const createStatusSchema = z.object({ const createStatusSchema = z.object({
in_reply_to_id: z.string().optional().catch(undefined),
language: z.string().optional().catch(undefined),
media_ids: z.array(z.string()).optional().catch(undefined),
scheduled_at: z.string().datetime().optional().catch(undefined),
sensitive: z.boolean().catch(false),
spoiler_text: z.string().optional().catch(undefined),
status: z.string(), status: z.string(),
visibility: z.enum(['public', 'unlisted', 'private', 'direct']).optional().catch(undefined),
}); });
const statusController: AppController = async (c) => { const statusController: AppController = async (c) => {
@ -20,12 +28,17 @@ const statusController: AppController = async (c) => {
return c.json({ error: 'Event not found.' }, 404); return c.json({ error: 'Event not found.' }, 404);
}; };
const createStatusController = validator('json', async (value, c: AppContext) => { const createStatusController: AppController = async (c) => {
const result = createStatusSchema.safeParse(value); const body = await parseBody(c.req.raw);
const result = createStatusSchema.safeParse(body);
if (result.success) { if (result.success) {
const { data } = result; const { data } = result;
if (data.visibility !== 'public') {
return c.json({ error: 'Only posting publicly is supported.' }, 422);
}
const event = await signEvent({ const event = await signEvent({
kind: Kind.Text, kind: Kind.Text,
content: data.status, content: data.status,
@ -39,7 +52,7 @@ const createStatusController = validator('json', async (value, c: AppContext) =>
} else { } else {
return c.json({ error: 'Bad request' }, 400); return c.json({ error: 'Bad request' }, 400);
} }
}); };
const contextController: AppController = async (c) => { const contextController: AppController = async (c) => {
const id = c.req.param('id'); const id = c.req.param('id');

View File

@ -4,7 +4,6 @@ export {
type Handler, type Handler,
Hono, Hono,
type MiddlewareHandler, type MiddlewareHandler,
validator,
} from 'https://deno.land/x/hono@v3.0.2/mod.ts'; } from 'https://deno.land/x/hono@v3.0.2/mod.ts';
export { HTTPException } from 'https://deno.land/x/hono@v3.0.2/http-exception.ts'; export { HTTPException } from 'https://deno.land/x/hono@v3.0.2/http-exception.ts';
export { cors, logger } from 'https://deno.land/x/hono@v3.0.2/middleware.ts'; export { cors, logger } from 'https://deno.land/x/hono@v3.0.2/middleware.ts';