From 47c3b54d1d0b276fb87d1b4b71a584e0e0c7b43d Mon Sep 17 00:00:00 2001 From: Vika Shleina Date: Mon, 19 Jul 2021 10:32:42 +0300 Subject: Relaxed anti-takeover URL check to simply not place redirects at foreign URLs --- src/database/mod.rs | 6 +++--- src/database/redis/mod.rs | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) (limited to 'src/database') diff --git a/src/database/mod.rs b/src/database/mod.rs index 8579125..e0e4e7b 100644 --- a/src/database/mod.rs +++ b/src/database/mod.rs @@ -123,7 +123,7 @@ pub trait Storage: Clone + Send + Sync { /// Save a post to the database as an MF2-JSON structure. /// /// Note that the `post` object MUST have `post["properties"]["uid"][0]` defined. - async fn put_post<'a>(&self, post: &'a serde_json::Value) -> Result<()>; + async fn put_post<'a>(&self, post: &'a serde_json::Value, user: &'a str) -> Result<()>; /*/// Save a post and add it to the relevant feeds listed in `post["properties"]["channel"]`. /// @@ -198,7 +198,7 @@ mod tests { let alt_url = post["properties"]["url"][1].as_str().unwrap().to_string(); // Reading and writing - backend.put_post(&post).await.unwrap(); + backend.put_post(&post, "https://fireburn.ru/").await.unwrap(); if let Ok(Some(returned_post)) = backend.get_post(&key).await { assert!(returned_post.is_object()); assert_eq!( @@ -254,7 +254,7 @@ mod tests { }, "children": [] }); - backend.put_post(&feed).await.unwrap(); + backend.put_post(&feed, "https://fireburn.ru/").await.unwrap(); let chans = backend .get_channels(&crate::indieauth::User::new( "https://fireburn.ru/", diff --git a/src/database/redis/mod.rs b/src/database/redis/mod.rs index e64120f..c331e47 100644 --- a/src/database/redis/mod.rs +++ b/src/database/redis/mod.rs @@ -180,7 +180,7 @@ impl Storage for RedisStorage { .collect::>()) } - async fn put_post<'a>(&self, post: &'a serde_json::Value) -> Result<()> { + async fn put_post<'a>(&self, post: &'a serde_json::Value, user: &'a str) -> Result<()> { let mut conn = self.redis.get().await?; let key: &str; match post["properties"]["uid"][0].as_str() { @@ -201,7 +201,7 @@ impl Storage for RedisStorage { .iter() .map(|i| i.as_str().unwrap().to_string()) { - if url != key { + if url != key && url.starts_with(user) { conn.hset::<&str, &str, String, ()>( &"posts", &url, -- cgit 1.4.1