diff options
author | Vika <vika@fireburn.ru> | 2022-07-10 14:54:47 +0300 |
---|---|---|
committer | Vika <vika@fireburn.ru> | 2022-07-10 14:54:47 +0300 |
commit | 3caf10aa266db7d71dd52614915ae46a5f133fef (patch) | |
tree | fb9ce9a2b3f578cfe6935b0da672edbd6a66c43a /kittybox-rs/src/micropub/mod.rs | |
parent | 3a7af37527c7752b42d518ec719a479254d6ba96 (diff) | |
download | kittybox-3caf10aa266db7d71dd52614915ae46a5f133fef.tar.zst |
micropub: handle invalid/empty query properly
On query parsing error, this will return a MicropubError.
Diffstat (limited to 'kittybox-rs/src/micropub/mod.rs')
-rw-r--r-- | kittybox-rs/src/micropub/mod.rs | 22 |
1 files changed, 16 insertions, 6 deletions
diff --git a/kittybox-rs/src/micropub/mod.rs b/kittybox-rs/src/micropub/mod.rs index 1d81505..3328597 100644 --- a/kittybox-rs/src/micropub/mod.rs +++ b/kittybox-rs/src/micropub/mod.rs @@ -225,8 +225,7 @@ pub(crate) async fn _post<D: 'static + Storage>( http: reqwest::Client, ) -> Result<Response, MicropubError> { // Here, we have the following guarantees: - // - The user is the same user for this host (guaranteed by ensure_same_user) - // - The MF2-JSON document is normalized (guaranteed by normalize_mf2)\ + // - The MF2-JSON document is normalized (guaranteed by normalize_mf2) // - The MF2-JSON document contains a UID // - The MF2-JSON document's URL list contains its UID // - The MF2-JSON document's "content" field contains an HTML blob, if present @@ -300,7 +299,7 @@ pub(crate) async fn _post<D: 'static + Storage>( } let reply = - IntoResponse::into_response((StatusCode::ACCEPTED, [("Location", uid.as_str())], ())); + IntoResponse::into_response((StatusCode::ACCEPTED, [("Location", uid.as_str())])); tokio::task::spawn(background_processing(db, mf2, http)); @@ -492,11 +491,22 @@ pub async fn post<D: Storage + 'static>( } } +#[tracing::instrument(skip(db))] pub async fn query<D: Storage>( Extension(db): Extension<D>, - Query(query): Query<MicropubQuery>, + query: Option<Query<MicropubQuery>>, user: User, ) -> axum::response::Response { + // We handle the invalid query case manually to return a + // MicropubError instead of HTTP 422 + if query.is_none() { + return MicropubError::new( + ErrorType::InvalidRequest, + "Invalid query provided. Try ?q=config to see what you can do." + ).into_response(); + } + let query: MicropubQuery = query.unwrap().0; + let host = axum::http::Uri::try_from(user.me.as_str()) .unwrap() .authority() @@ -739,9 +749,9 @@ mod tests { async fn test_query_foreign_url() { let mut res = super::query( axum::Extension(crate::database::MemoryStorage::new()), - axum::extract::Query(super::MicropubQuery::source( + Some(axum::extract::Query(super::MicropubQuery::source( "https://aaronparecki.com/feeds/main", - )), + ))), User::new( "https://fireburn.ru/", "https://quill.p3k.io/", |