about summary refs log tree commit diff
path: root/src/database
diff options
context:
space:
mode:
authorVika Shleina <vika@fireburn.ru>2021-07-19 10:32:42 +0300
committerVika Shleina <vika@fireburn.ru>2021-07-19 10:55:32 +0300
commit47c3b54d1d0b276fb87d1b4b71a584e0e0c7b43d (patch)
tree9b9b9d2512a91da502187d17cb9c1e5dce398009 /src/database
parent8399371adc5c48e1847061deee1936c0d64f2a85 (diff)
Relaxed anti-takeover URL check to simply not place redirects at foreign URLs
Diffstat (limited to 'src/database')
-rw-r--r--src/database/mod.rs6


-rw-r--r--src/database/redis/mod.rs4


2 files changed, 5 insertions, 5 deletions
diff --git a/src/database/mod.rs b/src/database/mod.rs
index 8579125..e0e4e7b 100644
--- a/src/database/mod.rs
+++ b/src/database/mod.rs
@@ -123,7 +123,7 @@ pub trait Storage: Clone + Send + Sync {
     /// Save a post to the database as an MF2-JSON structure.
     ///
     /// Note that the `post` object MUST have `post["properties"]["uid"][0]` defined.
-    async fn put_post<'a>(&self, post: &'a serde_json::Value) -> Result<()>;
+    async fn put_post<'a>(&self, post: &'a serde_json::Value, user: &'a str) -> Result<()>;
 
     /*/// Save a post and add it to the relevant feeds listed in `post["properties"]["channel"]`.
     ///
@@ -198,7 +198,7 @@ mod tests {
         let alt_url = post["properties"]["url"][1].as_str().unwrap().to_string();
 
         // Reading and writing
-        backend.put_post(&post).await.unwrap();
+        backend.put_post(&post, "https://fireburn.ru/").await.unwrap();
         if let Ok(Some(returned_post)) = backend.get_post(&key).await {
             assert!(returned_post.is_object());
             assert_eq!(
@@ -254,7 +254,7 @@ mod tests {
             },
             "children": []
         });
-        backend.put_post(&feed).await.unwrap();
+        backend.put_post(&feed, "https://fireburn.ru/").await.unwrap();
         let chans = backend
             .get_channels(&crate::indieauth::User::new(
                 "https://fireburn.ru/",
diff --git a/src/database/redis/mod.rs b/src/database/redis/mod.rs
index e64120f..c331e47 100644
--- a/src/database/redis/mod.rs
+++ b/src/database/redis/mod.rs
@@ -180,7 +180,7 @@ impl Storage for RedisStorage {
         .collect::<Vec<_>>())
     }
 
-    async fn put_post<'a>(&self, post: &'a serde_json::Value) -> Result<()> {
+    async fn put_post<'a>(&self, post: &'a serde_json::Value, user: &'a str) -> Result<()> {
         let mut conn = self.redis.get().await?;
         let key: &str;
         match post["properties"]["uid"][0].as_str() {
@@ -201,7 +201,7 @@ impl Storage for RedisStorage {
                 .iter()
                 .map(|i| i.as_str().unwrap().to_string())
             {
-                if url != key {
+                if url != key && url.starts_with(user) {
                     conn.hset::<&str, &str, String, ()>(
                         &"posts",
                         &url,

 

generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-09-20 10:31:24 +0000