mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2025-01-22 16:46:38 +01:00
[bugfix] Return 501 (not implemented) if user tries to schedule post (#3395)
This commit is contained in:
parent
f0376635ad
commit
18e2f69e85
4 changed files with 113 additions and 47 deletions
|
@ -8947,7 +8947,7 @@ paths:
|
||||||
Providing this parameter will cause ScheduledStatus to be returned instead of Status.
|
Providing this parameter will cause ScheduledStatus to be returned instead of Status.
|
||||||
Must be at least 5 minutes in the future.
|
Must be at least 5 minutes in the future.
|
||||||
|
|
||||||
This feature isn't implemented yet.
|
This feature isn't implemented yet; attemping to set it will return 501 Not Implemented.
|
||||||
in: formData
|
in: formData
|
||||||
name: scheduled_at
|
name: scheduled_at
|
||||||
type: string
|
type: string
|
||||||
|
@ -9008,6 +9008,8 @@ paths:
|
||||||
description: not acceptable
|
description: not acceptable
|
||||||
"500":
|
"500":
|
||||||
description: internal server error
|
description: internal server error
|
||||||
|
"501":
|
||||||
|
description: scheduled_at was set, but this feature is not yet implemented
|
||||||
security:
|
security:
|
||||||
- OAuth2 Bearer:
|
- OAuth2 Bearer:
|
||||||
- write:statuses
|
- write:statuses
|
||||||
|
|
|
@ -181,7 +181,7 @@
|
||||||
// Providing this parameter will cause ScheduledStatus to be returned instead of Status.
|
// Providing this parameter will cause ScheduledStatus to be returned instead of Status.
|
||||||
// Must be at least 5 minutes in the future.
|
// Must be at least 5 minutes in the future.
|
||||||
//
|
//
|
||||||
// This feature isn't implemented yet.
|
// This feature isn't implemented yet; attemping to set it will return 501 Not Implemented.
|
||||||
// type: string
|
// type: string
|
||||||
// in: formData
|
// in: formData
|
||||||
// -
|
// -
|
||||||
|
@ -254,6 +254,8 @@
|
||||||
// description: not acceptable
|
// description: not acceptable
|
||||||
// '500':
|
// '500':
|
||||||
// description: internal server error
|
// description: internal server error
|
||||||
|
// '501':
|
||||||
|
// description: scheduled_at was set, but this feature is not yet implemented
|
||||||
func (m *Module) StatusCreatePOSTHandler(c *gin.Context) {
|
func (m *Module) StatusCreatePOSTHandler(c *gin.Context) {
|
||||||
authed, err := oauth.Authed(c, true, true, true, true)
|
authed, err := oauth.Authed(c, true, true, true, true)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
@ -286,8 +288,8 @@ func (m *Module) StatusCreatePOSTHandler(c *gin.Context) {
|
||||||
// }
|
// }
|
||||||
// form.Status += "\n\nsent from " + user + "'s iphone\n"
|
// form.Status += "\n\nsent from " + user + "'s iphone\n"
|
||||||
|
|
||||||
if err := validateNormalizeCreateStatus(form); err != nil {
|
if errWithCode := validateStatusCreateForm(form); errWithCode != nil {
|
||||||
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1)
|
apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -374,46 +376,61 @@ func parseStatusCreateForm(c *gin.Context) (*apimodel.StatusCreateRequest, error
|
||||||
return form, nil
|
return form, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// validateNormalizeCreateStatus checks the form
|
// validateStatusCreateForm checks the form for disallowed
|
||||||
// for disallowed combinations of attachments and
|
// combinations of attachments, overlength inputs, etc.
|
||||||
// overlength inputs.
|
|
||||||
//
|
//
|
||||||
// Side effect: normalizes the post's language tag.
|
// Side effect: normalizes the post's language tag.
|
||||||
func validateNormalizeCreateStatus(form *apimodel.StatusCreateRequest) error {
|
func validateStatusCreateForm(form *apimodel.StatusCreateRequest) gtserror.WithCode {
|
||||||
hasStatus := form.Status != ""
|
var (
|
||||||
hasMedia := len(form.MediaIDs) != 0
|
chars = len([]rune(form.Status)) + len([]rune(form.SpoilerText))
|
||||||
hasPoll := form.Poll != nil
|
maxChars = config.GetStatusesMaxChars()
|
||||||
|
mediaFiles = len(form.MediaIDs)
|
||||||
|
maxMediaFiles = config.GetStatusesMediaMaxFiles()
|
||||||
|
hasMedia = mediaFiles != 0
|
||||||
|
hasPoll = form.Poll != nil
|
||||||
|
)
|
||||||
|
|
||||||
if !hasStatus && !hasMedia && !hasPoll {
|
if chars == 0 && !hasMedia && !hasPoll {
|
||||||
return errors.New("no status, media, or poll provided")
|
// Status must contain *some* kind of content.
|
||||||
|
const text = "no status content, content warning, media, or poll provided"
|
||||||
|
return gtserror.NewErrorBadRequest(errors.New(text), text)
|
||||||
}
|
}
|
||||||
|
|
||||||
if hasMedia && hasPoll {
|
if chars > maxChars {
|
||||||
return errors.New("can't post media + poll in same status")
|
text := fmt.Sprintf(
|
||||||
|
"status too long, %d characters provided (including content warning) but limit is %d",
|
||||||
|
chars, maxChars,
|
||||||
|
)
|
||||||
|
return gtserror.NewErrorBadRequest(errors.New(text), text)
|
||||||
}
|
}
|
||||||
|
|
||||||
maxChars := config.GetStatusesMaxChars()
|
if mediaFiles > maxMediaFiles {
|
||||||
if length := len([]rune(form.Status)) + len([]rune(form.SpoilerText)); length > maxChars {
|
text := fmt.Sprintf(
|
||||||
return fmt.Errorf("status too long, %d characters provided (including spoiler/content warning) but limit is %d", length, maxChars)
|
"too many media files attached to status, %d attached but limit is %d",
|
||||||
}
|
mediaFiles, maxMediaFiles,
|
||||||
|
)
|
||||||
maxMediaFiles := config.GetStatusesMediaMaxFiles()
|
return gtserror.NewErrorBadRequest(errors.New(text), text)
|
||||||
if len(form.MediaIDs) > maxMediaFiles {
|
|
||||||
return fmt.Errorf("too many media files attached to status, %d attached but limit is %d", len(form.MediaIDs), maxMediaFiles)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if form.Poll != nil {
|
if form.Poll != nil {
|
||||||
if err := validateNormalizeCreatePoll(form); err != nil {
|
if errWithCode := validateStatusPoll(form); errWithCode != nil {
|
||||||
return err
|
return errWithCode
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if form.Language != "" {
|
if form.ScheduledAt != "" {
|
||||||
language, err := validate.Language(form.Language)
|
const text = "scheduled_at is not yet implemented"
|
||||||
if err != nil {
|
return gtserror.NewErrorNotImplemented(errors.New(text), text)
|
||||||
return err
|
|
||||||
}
|
}
|
||||||
form.Language = language
|
|
||||||
|
// Validate + normalize
|
||||||
|
// language tag if provided.
|
||||||
|
if form.Language != "" {
|
||||||
|
lang, err := validate.Language(form.Language)
|
||||||
|
if err != nil {
|
||||||
|
return gtserror.NewErrorBadRequest(err, err.Error())
|
||||||
|
}
|
||||||
|
form.Language = lang
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if the deprecated "federated" field was
|
// Check if the deprecated "federated" field was
|
||||||
|
@ -425,9 +442,36 @@ func validateNormalizeCreateStatus(form *apimodel.StatusCreateRequest) error {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func validateNormalizeCreatePoll(form *apimodel.StatusCreateRequest) error {
|
func validateStatusPoll(form *apimodel.StatusCreateRequest) gtserror.WithCode {
|
||||||
maxPollOptions := config.GetStatusesPollMaxOptions()
|
var (
|
||||||
maxPollChars := config.GetStatusesPollOptionMaxChars()
|
maxPollOptions = config.GetStatusesPollMaxOptions()
|
||||||
|
pollOptions = len(form.Poll.Options)
|
||||||
|
maxPollOptionChars = config.GetStatusesPollOptionMaxChars()
|
||||||
|
)
|
||||||
|
|
||||||
|
if pollOptions == 0 {
|
||||||
|
const text = "poll with no options"
|
||||||
|
return gtserror.NewErrorBadRequest(errors.New(text), text)
|
||||||
|
}
|
||||||
|
|
||||||
|
if pollOptions > maxPollOptions {
|
||||||
|
text := fmt.Sprintf(
|
||||||
|
"too many poll options provided, %d provided but limit is %d",
|
||||||
|
pollOptions, maxPollOptions,
|
||||||
|
)
|
||||||
|
return gtserror.NewErrorBadRequest(errors.New(text), text)
|
||||||
|
}
|
||||||
|
|
||||||
|
for _, option := range form.Poll.Options {
|
||||||
|
optionChars := len([]rune(option))
|
||||||
|
if optionChars > maxPollOptionChars {
|
||||||
|
text := fmt.Sprintf(
|
||||||
|
"poll option too long, %d characters provided but limit is %d",
|
||||||
|
optionChars, maxPollOptionChars,
|
||||||
|
)
|
||||||
|
return gtserror.NewErrorBadRequest(errors.New(text), text)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Normalize poll expiry if necessary.
|
// Normalize poll expiry if necessary.
|
||||||
// If we parsed this as JSON, expires_in
|
// If we parsed this as JSON, expires_in
|
||||||
|
@ -440,27 +484,15 @@ func validateNormalizeCreatePoll(form *apimodel.StatusCreateRequest) error {
|
||||||
case string:
|
case string:
|
||||||
expiresIn, err := strconv.Atoi(e)
|
expiresIn, err := strconv.Atoi(e)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("could not parse expires_in value %s as integer: %w", e, err)
|
text := fmt.Sprintf("could not parse expires_in value %s as integer: %v", e, err)
|
||||||
|
return gtserror.NewErrorBadRequest(errors.New(text), text)
|
||||||
}
|
}
|
||||||
|
|
||||||
form.Poll.ExpiresIn = expiresIn
|
form.Poll.ExpiresIn = expiresIn
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return fmt.Errorf("could not parse expires_in type %T as integer", ei)
|
text := fmt.Sprintf("could not parse expires_in type %T as integer", ei)
|
||||||
}
|
return gtserror.NewErrorBadRequest(errors.New(text), text)
|
||||||
}
|
|
||||||
|
|
||||||
if len(form.Poll.Options) == 0 {
|
|
||||||
return errors.New("poll with no options")
|
|
||||||
}
|
|
||||||
|
|
||||||
if len(form.Poll.Options) > maxPollOptions {
|
|
||||||
return fmt.Errorf("too many poll options provided, %d provided but limit is %d", len(form.Poll.Options), maxPollOptions)
|
|
||||||
}
|
|
||||||
|
|
||||||
for _, p := range form.Poll.Options {
|
|
||||||
if length := len([]rune(p)); length > maxPollChars {
|
|
||||||
return fmt.Errorf("poll option too long, %d characters provided but limit is %d", length, maxPollChars)
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -365,6 +365,25 @@ func (suite *StatusCreateTestSuite) TestPostNewStatusMessedUpIntPolicy() {
|
||||||
}`, out)
|
}`, out)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (suite *StatusCreateTestSuite) TestPostNewScheduledStatus() {
|
||||||
|
out, recorder := suite.postStatus(map[string][]string{
|
||||||
|
"status": {"this is a brand new status! #helloworld"},
|
||||||
|
"spoiler_text": {"hello hello"},
|
||||||
|
"sensitive": {"true"},
|
||||||
|
"visibility": {string(apimodel.VisibilityMutualsOnly)},
|
||||||
|
"scheduled_at": {"2080-10-04T15:32:02.018Z"},
|
||||||
|
}, "")
|
||||||
|
|
||||||
|
// We should have 501 from
|
||||||
|
// our call to the function.
|
||||||
|
suite.Equal(http.StatusNotImplemented, recorder.Code)
|
||||||
|
|
||||||
|
// We should have a helpful error message.
|
||||||
|
suite.Equal(`{
|
||||||
|
"error": "Not Implemented: scheduled_at is not yet implemented"
|
||||||
|
}`, out)
|
||||||
|
}
|
||||||
|
|
||||||
func (suite *StatusCreateTestSuite) TestPostNewStatusMarkdown() {
|
func (suite *StatusCreateTestSuite) TestPostNewStatusMarkdown() {
|
||||||
out, recorder := suite.postStatus(map[string][]string{
|
out, recorder := suite.postStatus(map[string][]string{
|
||||||
"status": {statusMarkdown},
|
"status": {statusMarkdown},
|
||||||
|
|
|
@ -191,6 +191,19 @@ func NewErrorGone(original error, helpText ...string) WithCode {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// NewErrorNotImplemented returns an ErrorWithCode 501 with the given original error and optional help text.
|
||||||
|
func NewErrorNotImplemented(original error, helpText ...string) WithCode {
|
||||||
|
safe := http.StatusText(http.StatusNotImplemented)
|
||||||
|
if helpText != nil {
|
||||||
|
safe = safe + ": " + strings.Join(helpText, ": ")
|
||||||
|
}
|
||||||
|
return withCode{
|
||||||
|
original: original,
|
||||||
|
safe: errors.New(safe),
|
||||||
|
code: http.StatusNotImplemented,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// NewErrorClientClosedRequest returns an ErrorWithCode 499 with the given original error.
|
// NewErrorClientClosedRequest returns an ErrorWithCode 499 with the given original error.
|
||||||
// This error type should only be used when an http caller has already hung up their request.
|
// This error type should only be used when an http caller has already hung up their request.
|
||||||
// See: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#nginx
|
// See: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#nginx
|
||||||
|
|
Loading…
Reference in a new issue