Admin edit comment

2022-10-22 17:56:24 +02:00 · 2022-10-22 17:56:24 +02:00 · dd6b8c76ba
commit dd6b8c76ba
parent 34ae3d3ec4
6 changed files with 204 additions and 76 deletions
--- a/src/server.rs
+++ b/src/server.rs
@ -23,8 +23,8 @@ pub async fn run_server(config: Arc<Config>, dbs: Dbs, templates: Arc<Templates>
 				config.clone(),
 				templates.clone(),
 				dbs.clone(),
-				&[],
 				Context::new(),
+				200,
 			)
 		}
 	});
@ -63,8 +63,8 @@ async fn serve_comments<'a>(
 	config: Arc<Config>,
 	templates: Arc<Templates>,
 	dbs: Dbs,
-	errors: &[String],
 	mut context: Context,
+	status_code: u16,
 ) -> tide::Result<tide::Response> {
 	let Ok(topic) = req.param("topic") else {
 		return Err(tide::Error::from_str(404, "No topic"))
@ -76,10 +76,8 @@ async fn serve_comments<'a>(

 	let topic_hash = TopicHash::from_topic(topic);

-	//let mut context = Context::new();
 	context.insert("config", &config);
 	context.insert("admin", &admin);
-	context.insert("new_comment_errors", errors);

 	if admin {
 		if let Ok(query) = req.query::<ApproveQuery>() {
@ -91,17 +89,28 @@ async fn serve_comments<'a>(
 		}
 		if let Ok(query) = req.query::<RemoveQuery>() {
 			if let Ok(comment_id) = CommentId::from_base64(&query.remove) {
-				helpers::remove_pending_comment(comment_id, &dbs)
+				helpers::remove_comment(comment_id, &dbs)
 					.map_err(|e| error!("Removing comment: {:?}", e))
 					.ok();
 			}
 		}
+		if let Ok(query) = req.query::<EditQuery>() {
+			if let Ok(comment_id) = CommentId::from_base64(&query.edit) {
+				if let Some(comment) = dbs.comment.get(&comment_id).unwrap() {
+					context.insert("edit_comment", &comment_id.to_base64());
+					context.insert("edit_comment_author", &comment.author);
+					context.insert("edit_comment_email", &comment.email);
+					context.insert("edit_comment_text", &comment.text);
+				}
+			}
+		}

 		context.insert(
 			"comments_pending",
 			&helpers::iter_pending_comments_by_topic(topic_hash.clone(), &dbs)
 				.map(|(comment_id, comment)| CommentWithId {
 					author: comment.author,
+					editable: admin,
 					id: comment_id.to_base64(),
 					needs_approval: true,
 					post_time: comment.post_time,
@ -116,6 +125,7 @@ async fn serve_comments<'a>(
 		&helpers::iter_approved_comments_by_topic(topic_hash, &dbs)
 			.map(|(comment_id, comment)| CommentWithId {
 				author: comment.author,
+				editable: admin,
 				id: comment_id.to_base64(),
 				needs_approval: false,
 				post_time: comment.post_time,
@ -124,12 +134,10 @@ async fn serve_comments<'a>(
 			.collect::<Vec<CommentWithId>>(),
 	);

-	Ok(
-		tide::Response::builder(if errors.is_empty() { 200 } else { 400 })
-			.content_type(tide::http::mime::HTML)
-			.body(templates.tera.render("comments.html", &context)?)
-			.build(),
-	)
+	Ok(tide::Response::builder(status_code)
+		.content_type(tide::http::mime::HTML)
+		.body(templates.tera.render("comments.html", &context)?)
+		.build())
 }

 async fn serve_admin<'a>(
@ -161,6 +169,7 @@ async fn serve_admin<'a>(
 					})?;
 				Some(CommentWithId {
 					author: comment.author,
+					editable: true,
 					id: comment_id.to_base64(),
 					needs_approval: true,
 					post_time: comment.post_time,
@ -197,7 +206,11 @@ async fn handle_post_comments(
 	dbs: Dbs,
 	notify_send: Sender<()>,
 ) -> tide::Result<tide::Response> {
-	let client_addr = if config.antispam_enable {
+	let admin = req.cookie("admin").map_or(false, |psw| {
+		check_admin_password_hash(&config, &String::from(psw.value()))
+	});
+
+	let client_addr = if !admin && config.antispam_enable {
 		match helpers::get_client_addr(&config, &req) {
 			Some(Ok(addr)) => {
 				if config.antispam_whitelist.contains(&addr) {
@ -228,27 +241,8 @@ async fn handle_post_comments(
 				return Err(tide::Error::from_str(404, "No topic"))
 			};

-			if query.author.len() > config.comment_author_max_len {
-				errors.push(format!(
-					"Author name length is {} but maximum is {}.",
-					query.author.len(),
-					config.comment_author_max_len
-				));
-			}
-			if query.email.len() > config.comment_email_max_len {
-				errors.push(format!(
-					"E-mail length is {} but maximum is {}.",
-					query.email.len(),
-					config.comment_email_max_len
-				));
-			}
-			if query.text.len() > config.comment_text_max_len {
-				errors.push(format!(
-					"Comment length is {} but maximum is {}.",
-					query.text.len(),
-					config.comment_text_max_len
-				));
-			}
+			helpers::check_comment(&config, &query.comment, &mut errors);
+
 			if let Some(client_addr) = &client_addr {
 				if let Some(antispam_timeout) =
 					helpers::antispam_check_client_mutation(client_addr, &dbs, &config).unwrap()
@ -274,29 +268,95 @@ async fn handle_post_comments(

 				let comment = Comment {
 					topic_hash,
-					author: query.author,
-					email: if query.email.is_empty() {
+					author: query.comment.author,
+					email: if query.comment.email.is_empty() {
 						None
 					} else {
-						Some(query.email)
+						Some(query.comment.email)
 					},
 					last_edit_time: None,
 					post_time: time,
-					text: query.text,
+					text: query.comment.text,
 				};
 				helpers::new_pending_comment(&comment, &dbs)
 					.map_err(|e| error!("Adding pending comment: {:?}", e))
 					.ok();
 				notify_send.send(()).ok();
 			} else {
-				context.insert("new_comment_author", &query.author);
-				context.insert("new_comment_email", &query.email);
-				context.insert("new_comment_text", &query.text);
+				context.insert("new_comment_author", &query.comment.author);
+				context.insert("new_comment_email", &query.comment.email);
+				context.insert("new_comment_text", &query.comment.text);
 			}
+			context.insert("new_comment_errors", &errors);
+		}
+		CommentQuery::EditComment(query) => {
+			if !admin {
+				return Err(tide::Error::from_str(403, "Forbidden"));
+			}
+
+			helpers::check_comment(&config, &query.comment, &mut errors);
+
+			let comment_id = if let Ok(comment_id) = CommentId::from_base64(&query.id) {
+				comment_id
+			} else {
+				return Err(tide::Error::from_str(400, "Invalid comment id"));
+			};
+
+			let mut comment = if let Some(comment) = dbs.comment.get(&comment_id).unwrap() {
+				comment
+			} else {
+				return Err(tide::Error::from_str(404, "Not found"));
+			};
+
+			if let Some(client_addr) = &client_addr {
+				if let Some(antispam_timeout) =
+					helpers::antispam_check_client_mutation(client_addr, &dbs, &config).unwrap()
+				{
+					errors.push(format!(
+						"The edition quota from your IP is reached. You will be unblocked in {}s.",
+						antispam_timeout
+					));
+				}
+			}
+
+			if errors.is_empty() {
+				if let Some(client_addr) = &client_addr {
+					helpers::antispam_update_client_mutation(client_addr, &dbs).unwrap();
+				}
+
+				let time = std::time::SystemTime::now()
+					.duration_since(std::time::UNIX_EPOCH)
+					.unwrap()
+					.as_secs();
+
+				comment.author = query.comment.author;
+				comment.email = if query.comment.email.is_empty() {
+					None
+				} else {
+					Some(query.comment.email)
+				};
+				comment.text = query.comment.text;
+				comment.last_edit_time = Some(time);
+
+				dbs.comment.insert(&comment_id, &comment).unwrap();
+			} else {
+				context.insert("edit_comment", &comment_id.to_base64());
+				context.insert("edit_comment_author", &query.comment.author);
+				context.insert("edit_comment_email", &query.comment.email);
+				context.insert("edit_comment_text", &query.comment.text);
+			}
+			context.insert("edit_comment_errors", &errors);
 		}
-		_ => {}
 	}
-	serve_comments(req, config, templates, dbs, &errors, context).await
+	serve_comments(
+		req,
+		config,
+		templates,
+		dbs,
+		context,
+		if errors.is_empty() { 200 } else { 400 },
+	)
+	.await
 }

 async fn handle_post_admin(
@ -307,6 +367,7 @@ async fn handle_post_admin(
 ) -> tide::Result<tide::Response> {
 	if let Some(psw) = req.cookie("admin") {
 		if check_admin_password(&config, &String::from(psw.value())).is_some() {
+			#[allow(clippy::match_single_binding)]
 			match req.body_form::<AdminQuery>().await? {
 				_ => serve_admin(req, config, templates, dbs).await,
 			}