feat: edit comment

2022-12-07 19:06:08 +01:00 · 2022-12-07 19:06:08 +01:00 · c13e172938
commit c13e172938
parent 800036ce49
8 changed files with 276 additions and 61 deletions
--- a/src/server.rs
+++ b/src/server.rs
@ -39,6 +39,43 @@ pub async fn run_server(
 		}
 	});
 	app.at(&format!("{}t/:topic", config.root_url)).post({
+		let dbs = dbs.clone();
+		let notify_send = notify_send.clone();
+		move |req: tide::Request<()>| {
+			handle_post_comments(
+				req,
+				config,
+				templates,
+				dbs.clone(),
+				locales,
+				notify_send.clone(),
+			)
+		}
+	});
+	app.at(&format!(
+		"{}t/:topic/edit/:comment_id/:mutation_token",
+		config.root_url
+	))
+	.get({
+		let dbs = dbs.clone();
+		move |req: tide::Request<()>| {
+			let client_langs = get_client_langs(&req);
+			serve_edit_comment(
+				req,
+				config,
+				templates,
+				dbs.clone(),
+				client_langs,
+				Context::new(),
+				200,
+			)
+		}
+	});
+	app.at(&format!(
+		"{}t/:topic/edit/:comment_id/:mutation_token",
+		config.root_url
+	))
+	.post({
 		let dbs = dbs.clone();
 		move |req: tide::Request<()>| {
 			handle_post_comments(
@ -63,6 +100,53 @@ pub async fn run_server(
 	app.listen(config.listen).await.unwrap();
 }

+async fn serve_edit_comment<'a>(
+	req: tide::Request<()>,
+	config: &Config,
+	templates: &Templates,
+	dbs: Dbs,
+	client_langs: Vec<LanguageIdentifier>,
+	mut context: Context,
+	status_code: u16,
+) -> tide::Result<tide::Response> {
+	let (Ok(comment_id_str), Ok(mutation_token_str)) = (req.param("comment_id"), req.param("mutation_token")) else {
+		context.insert("log", &["no comment id or no token"]);
+		return serve_comments(req, config, templates, dbs, client_langs, context, 400).await;
+	};
+
+	let (Ok(comment_id), Ok(mutation_token)) = (CommentId::from_base64(comment_id_str), MutationToken::from_base64(mutation_token_str)) else {
+		context.insert("log", &["badly encoded comment id or token"]);
+		return serve_comments(req, config, templates, dbs, client_langs, context, 400).await;
+	};
+
+	let Some(comment) = dbs.comment.get(&comment_id).unwrap() else {
+		context.insert("log", &["not found comment"]);
+		return serve_comments(req, config, templates, dbs, client_langs, context, 404).await;
+	};
+
+	if let Err(e) = helpers::check_can_edit_comment(config, &comment, &mutation_token) {
+		context.insert("log", &[e]);
+		return serve_comments(req, config, templates, dbs, client_langs, context, 403).await;
+	}
+
+	context.insert("edit_comment", &comment_id.to_base64());
+	context.insert("edit_comment_mutation_token", &mutation_token.to_base64());
+	context.insert("edit_comment_author", &comment.author);
+	context.insert("edit_comment_email", &comment.email);
+	context.insert("edit_comment_text", &comment.text);
+
+	serve_comments(
+		req,
+		config,
+		templates,
+		dbs,
+		client_langs,
+		context,
+		status_code,
+	)
+	.await
+}
+
 async fn serve_comments<'a>(
 	req: tide::Request<()>,
 	config: &Config,
@ -337,17 +421,43 @@ async fn handle_post_comments(
 						Some(query.comment.email)
 					},
 					last_edit_time: None,
+					mutation_token: MutationToken::new(),
 					post_time: time,
 					text: query.comment.text,
 				};
-				helpers::new_pending_comment(&comment, client_addr, &dbs)
-					.map_err(|e| error!("Adding pending comment: {:?}", e))
-					.ok();
-				notify_send
-					.send(Notification {
-						topic: topic.to_string(),
-					})
-					.ok();
+				match helpers::new_pending_comment(&comment, client_addr, &dbs) {
+					Ok(comment_id) => {
+						notify_send
+							.send(Notification {
+								topic: topic.to_string(),
+							})
+							.ok();
+						context.insert(
+							"log",
+							&[locales
+								.tr(
+									&client_langs,
+									if config.comment_approve {
+										"new_comment-success_pending"
+									} else {
+										"new_comment-success"
+									},
+									Some(&FluentArgs::from_iter([(
+										"edit_link",
+										format!(
+											"{}t/{}/edit/{}/{}",
+											&config.root_url,
+											topic,
+											comment_id.to_base64(),
+											comment.mutation_token.to_base64(),
+										),
+									)])),
+								)
+								.unwrap()],
+						);
+					}
+					Err(e) => error!("Adding pending comment: {:?}", e),
+				}
 			} else {
 				context.insert("new_comment_author", &query.comment.author);
 				context.insert("new_comment_email", &query.comment.email);
@ -356,51 +466,69 @@ async fn handle_post_comments(
 			context.insert("new_comment_errors", &errors);
 		}
 		CommentQuery::EditComment(query) => {
-			if !admin {
-				return Err(tide::Error::from_str(403, "Forbidden"));
-			}
-
 			helpers::check_comment(config, locales, &client_langs, &query.comment, &mut errors);

-			let comment_id = if let Ok(comment_id) = CommentId::from_base64(&query.id) {
-				comment_id
-			} else {
+			let Ok(comment_id) = CommentId::from_base64(&query.id) else {
 				return Err(tide::Error::from_str(400, "Invalid comment id"));
 			};

-			let mut comment = if let Some(comment) = dbs.comment.get(&comment_id).unwrap() {
-				comment
-			} else {
+			let Some(mut comment) = dbs.comment.get(&comment_id).unwrap() else {
 				return Err(tide::Error::from_str(404, "Not found"));
 			};

-			// We're admin
-			/*if let Some(client_addr) = &client_addr {
-				if let Some(antispam_timeout) =
-					helpers::antispam_check_client_mutation(client_addr, &dbs, config).unwrap()
-				{
-					let client_langs = get_client_langs(&req);
-					errors.push(
-						locales
-							.tr(
-								&client_langs,
-								"error-antispam",
-								Some(&FluentArgs::from_iter([(
-									"antispam_timeout",
-									antispam_timeout,
-								)])),
-							)
-							.unwrap()
-							.into_owned(),
-					);
+			let mutation_token = if admin {
+				None
+			} else {
+				'mutation_token: {
+					let Ok(mutation_token_str) = req.param("mutation_token") else {
+						errors.push("no mutation token".into());
+						break 'mutation_token None;
+					};
+
+					let Ok(mutation_token) = MutationToken::from_base64(mutation_token_str) else {
+						errors.push("badly encoded token".into());
+						break 'mutation_token None;
+					};
+
+					if let Err(e) =
+						helpers::check_can_edit_comment(config, &comment, &mutation_token)
+					{
+						errors.push(e.to_string());
+					}
+
+					Some(mutation_token)
 				}
-			}*/
+			};
+
+			if !admin {
+				if let Some(client_addr) = &client_addr {
+					if let Some(antispam_timeout) =
+						helpers::antispam_check_client_mutation(client_addr, &dbs, config).unwrap()
+					{
+						let client_langs = get_client_langs(&req);
+						errors.push(
+							locales
+								.tr(
+									&client_langs,
+									"error-antispam",
+									Some(&FluentArgs::from_iter([(
+										"antispam_timeout",
+										antispam_timeout,
+									)])),
+								)
+								.unwrap()
+								.into_owned(),
+						);
+					}
+				}
+			}

 			if errors.is_empty() {
-				// We're admin
-				/*if let Some(client_addr) = &client_addr {
-					helpers::antispam_update_client_mutation(client_addr, &dbs).unwrap();
-				}*/
+				if !admin {
+					if let Some(client_addr) = &client_addr {
+						helpers::antispam_update_client_mutation(client_addr, &dbs).unwrap();
+					}
+				}

 				let time = std::time::SystemTime::now()
 					.duration_since(std::time::UNIX_EPOCH)
@ -423,9 +551,16 @@ async fn handle_post_comments(
 				dbs.comment.insert(&comment_id, &comment).unwrap();
 			} else {
 				context.insert("edit_comment", &comment_id.to_base64());
+				if let Some(mutation_token) = &mutation_token {
+					context.insert("edit_comment_mutation_token", &mutation_token.to_base64());
+				}
 				context.insert("edit_comment_author", &query.comment.author);
 				context.insert("edit_comment_email", &query.comment.email);
 				context.insert("edit_comment_text", &query.comment.text);
+				context.insert("edit_comment_errors", &errors);
+
+				return serve_edit_comment(req, config, templates, dbs, client_langs, context, 400)
+					.await;
 			}
 			context.insert("edit_comment_errors", &errors);
 		}