Merge remote-tracking branch 'origin/main' into fix_post_aggregates_indexes

Cargo.lock

@@ -2588,7 +2588,7 @@ dependencies = [
  "actix-web",
  "actix-web-httpauth",
  "anyhow",
- "base64 0.21.7",
+ "base64 0.22.0",
  "bcrypt",
  "captcha",
  "chrono",

crates/api/src/community/add_mod.rs

@@ -36,8 +36,20 @@ pub async fn add_mod_to_community(
   let community = Community::read(&mut context.pool(), community_id)
     .await?
     .ok_or(LemmyErrorType::CouldntFindCommunity)?;
+
+  // If user is admin and community is remote, explicitly check that he is a
+  // moderator. This is necessary because otherwise the action would be rejected
+  // by the community's home instance.
   if local_user_view.local_user.admin && !community.local {
-    Err(LemmyErrorType::NotAModerator)?
+    let is_mod = CommunityModeratorView::is_community_moderator(
+      &mut context.pool(),
+      community.id,
+      local_user_view.person.id,
+    )
+    .await?;
+    if !is_mod {
+      Err(LemmyErrorType::NotAModerator)?
+    }
   }
 
   // Update in local database

crates/api_common/src/request.rs

@@ -105,7 +105,11 @@ pub fn generate_post_link_metadata(
     }
     // Generate local thumbnail if allowed
     else if allow_generate_thumbnail {
-      match post.url.or(metadata.opengraph_data.image) {
+      match post
+        .url
+        .filter(|_| is_image_post)
+        .or(metadata.opengraph_data.image)
+      {
         Some(url) => generate_pictrs_thumbnail(&url, &context).await.ok(),
         None => None,
       }

crates/api_common/src/utils.rs

@@ -536,25 +536,8 @@ pub async fn get_url_blocklist(context: &LemmyContext) -> LemmyResult<RegexSet>
       .try_get_with::<_, LemmyError>((), async {
         let urls = LocalSiteUrlBlocklist::get_all(&mut context.pool()).await?;
 
-        let regexes = urls.iter().map(|url| {
+        // The urls are already validated on saving, so just escape them.
-          let url = &url.url;
+        let regexes = urls.iter().map(|url| escape(&url.url));
-          let parsed = Url::parse(url).expect("Coundln't parse URL.");
-          if url.ends_with('/') {
-            format!(
-              "({}://)?{}{}?",
-              parsed.scheme(),
-              escape(parsed.domain().expect("No domain.")),
-              escape(parsed.path())
-            )
-          } else {
-            format!(
-              "({}://)?{}{}",
-              parsed.scheme(),
-              escape(parsed.domain().expect("No domain.")),
-              escape(parsed.path())
-            )
-          }
-        });
 
         let set = RegexSet::new(regexes)?;
         Ok(set)

crates/db_views_moderator/src/admin_purge_comment_view.rs

@@ -40,6 +40,11 @@ impl AdminPurgeCommentView {
       query = query.filter(admin_purge_comment::admin_person_id.eq(admin_person_id));
     };
 
+    // If a post or comment ID is given, then don't find any results
+    if params.post_id.is_some() || params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/admin_purge_community_view.rs

@@ -38,6 +38,11 @@ impl AdminPurgeCommunityView {
       query = query.filter(admin_purge_community::admin_person_id.eq(admin_person_id));
     };
 
+    // If a post or comment ID is given, then don't find any results
+    if params.post_id.is_some() || params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/admin_purge_person_view.rs

@@ -38,6 +38,11 @@ impl AdminPurgePersonView {
       query = query.filter(admin_purge_person::admin_person_id.eq(admin_person_id));
     };
 
+    // If a post or comment ID is given, then don't find any results
+    if params.post_id.is_some() || params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/admin_purge_post_view.rs

@@ -40,6 +40,11 @@ impl AdminPurgePostView {
       query = query.filter(admin_purge_post::admin_person_id.eq(admin_person_id));
     };
 
+    // If a post or comment ID is given, then don't find any results
+    if params.post_id.is_some() || params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/mod_add_community_view.rs

@@ -52,6 +52,11 @@ impl ModAddCommunityView {
       query = query.filter(person_alias_1.field(person::id).eq(other_person_id));
     };
 
+    // If a post or comment ID is given, then don't find any results
+    if params.post_id.is_some() || params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/mod_add_view.rs

@@ -44,6 +44,11 @@ impl ModAddView {
       query = query.filter(person_alias_1.field(person::id).eq(other_person_id));
     };
 
+    // If a post or comment ID is given, then don't find any results
+    if params.post_id.is_some() || params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/mod_ban_from_community_view.rs

@@ -54,6 +54,11 @@ impl ModBanFromCommunityView {
       query = query.filter(mod_ban_from_community::other_person_id.eq(other_person_id));
     };
 
+    // If a post or comment ID is given, then don't find any results
+    if params.post_id.is_some() || params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/mod_ban_view.rs

@@ -44,6 +44,11 @@ impl ModBanView {
       query = query.filter(person_alias_1.field(person::id).eq(other_person_id));
     };
 
+    // If a post or comment ID is given, then don't find any results
+    if params.post_id.is_some() || params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/mod_feature_post_view.rs

@@ -55,6 +55,11 @@ impl ModFeaturePostView {
       query = query.filter(post::id.eq(post_id));
     }
 
+    // If a comment ID is given, then don't find any results
+    if params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/mod_hide_community_view.rs

@@ -45,6 +45,11 @@ impl ModHideCommunityView {
       query = query.filter(mod_hide_community::mod_person_id.eq(admin_id));
     };
 
+    // If a post or comment ID is given, then don't find any results
+    if params.post_id.is_some() || params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/mod_lock_post_view.rs

@@ -56,6 +56,11 @@ impl ModLockPostView {
       query = query.filter(post::id.eq(post_id));
     }
 
+    // If a comment ID is given, then don't find any results
+    if params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/mod_remove_comment_view.rs

@@ -58,6 +58,11 @@ impl ModRemoveCommentView {
       query = query.filter(comment::id.eq(comment_id));
     }
 
+    // If a post ID is given, then don't find any results
+    if params.post_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/mod_remove_community_view.rs

@@ -39,6 +39,11 @@ impl ModRemoveCommunityView {
       query = query.filter(mod_remove_community::mod_person_id.eq(mod_person_id));
     };
 
+    // If a post or comment ID is given, then don't find any results
+    if params.post_id.is_some() || params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/mod_remove_post_view.rs

@@ -56,6 +56,11 @@ impl ModRemovePostView {
       query = query.filter(post::id.eq(post_id));
     }
 
+    // If a comment ID is given, then don't find any results
+    if params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/db_views_moderator/src/mod_transfer_community_view.rs

@@ -54,6 +54,11 @@ impl ModTransferCommunityView {
       query = query.filter(person_alias_1.field(person::id).eq(other_person_id));
     };
 
+    // If a post or comment ID is given, then don't find any results
+    if params.post_id.is_some() || params.comment_id.is_some() {
+      return Ok(vec![]);
+    }
+
     let (limit, offset) = limit_and_offset(params.page, params.limit)?;
 
     query

crates/utils/src/utils/validation.rs

@@ -309,21 +309,44 @@ pub fn is_url_blocked(url: &Option<Url>, blocklist: &RegexSet) -> LemmyResult<()
   Ok(())
 }
 
+/// Check that urls are valid, and also remove the scheme, and uniques
 pub fn check_urls_are_valid(urls: &Vec<String>) -> LemmyResult<Vec<String>> {
   let mut parsed_urls = vec![];
   for url in urls {
-    let url = Url::parse(url).or_else(|e| {
+    parsed_urls.push(build_url_str_without_scheme(url)?);
-      if e == ParseError::RelativeUrlWithoutBase {
-        Url::parse(&format!("https://{url}"))
-      } else {
-        Err(e)
-      }
-    })?;
-
-    parsed_urls.push(url.to_string());
   }
 
-  Ok(parsed_urls)
+  let unique_urls = parsed_urls.into_iter().unique().collect();
+  Ok(unique_urls)
+}
+
+pub fn build_url_str_without_scheme(url_str: &str) -> LemmyResult<String> {
+  // Parse and check for errors
+  let mut url = Url::parse(url_str).or_else(|e| {
+    if e == ParseError::RelativeUrlWithoutBase {
+      Url::parse(&format!("http://{url_str}"))
+    } else {
+      Err(e)
+    }
+  })?;
+
+  // Set the scheme to http, then remove the http:// part
+  url
+    .set_scheme("http")
+    .map_err(|_| LemmyErrorType::InvalidUrl)?;
+
+  let mut out = url
+    .to_string()
+    .get(7..)
+    .ok_or(LemmyErrorType::InvalidUrl)?
+    .to_string();
+
+  // Remove trailing / if necessary
+  if out.ends_with('/') {
+    out.pop();
+  }
+
+  Ok(out)
 }
 
 #[cfg(test)]
@@ -600,17 +623,21 @@ mod tests {
 
   #[test]
   fn test_url_parsed() {
+    // Make sure the scheme is removed, and uniques also
     assert_eq!(
-      vec![String::from("https://example.com/")],
+      &check_urls_are_valid(&vec![
-      check_urls_are_valid(&vec![String::from("example.com")]).unwrap()
+        "example.com".to_string(),
+        "http://example.com".to_string(),
+        "https://example.com".to_string(),
+        "https://example.com/test?q=test2&q2=test3#test4".to_string(),
+      ])
+      .unwrap(),
+      &vec![
+        "example.com".to_string(),
+        "example.com/test?q=test2&q2=test3#test4".to_string()
+      ],
     );
 
-    assert!(check_urls_are_valid(&vec![
+    assert!(check_urls_are_valid(&vec!["https://example .com".to_string()]).is_err());
-      String::from("example.com"),
-      String::from("https://example.blog")
-    ])
-    .is_ok());
-
-    assert!(check_urls_are_valid(&vec![String::from("https://example .com"),]).is_err());
   }
 }