[bugfix] Return 501 (not implemented) if user tries to schedule post (#3395)

This commit is contained in:
tobi 2024-10-05 19:14:53 +02:00 committed by GitHub
parent f0376635ad
commit 18e2f69e85
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
4 changed files with 113 additions and 47 deletions

View file

@ -8947,7 +8947,7 @@ paths:
Providing this parameter will cause ScheduledStatus to be returned instead of Status. Providing this parameter will cause ScheduledStatus to be returned instead of Status.
Must be at least 5 minutes in the future. Must be at least 5 minutes in the future.
This feature isn't implemented yet. This feature isn't implemented yet; attemping to set it will return 501 Not Implemented.
in: formData in: formData
name: scheduled_at name: scheduled_at
type: string type: string
@ -9008,6 +9008,8 @@ paths:
description: not acceptable description: not acceptable
"500": "500":
description: internal server error description: internal server error
"501":
description: scheduled_at was set, but this feature is not yet implemented
security: security:
- OAuth2 Bearer: - OAuth2 Bearer:
- write:statuses - write:statuses

View file

@ -181,7 +181,7 @@
// Providing this parameter will cause ScheduledStatus to be returned instead of Status. // Providing this parameter will cause ScheduledStatus to be returned instead of Status.
// Must be at least 5 minutes in the future. // Must be at least 5 minutes in the future.
// //
// This feature isn't implemented yet. // This feature isn't implemented yet; attemping to set it will return 501 Not Implemented.
// type: string // type: string
// in: formData // in: formData
// - // -
@ -254,6 +254,8 @@
// description: not acceptable // description: not acceptable
// '500': // '500':
// description: internal server error // description: internal server error
// '501':
// description: scheduled_at was set, but this feature is not yet implemented
func (m *Module) StatusCreatePOSTHandler(c *gin.Context) { func (m *Module) StatusCreatePOSTHandler(c *gin.Context) {
authed, err := oauth.Authed(c, true, true, true, true) authed, err := oauth.Authed(c, true, true, true, true)
if err != nil { if err != nil {
@ -286,8 +288,8 @@ func (m *Module) StatusCreatePOSTHandler(c *gin.Context) {
// } // }
// form.Status += "\n\nsent from " + user + "'s iphone\n" // form.Status += "\n\nsent from " + user + "'s iphone\n"
if err := validateNormalizeCreateStatus(form); err != nil { if errWithCode := validateStatusCreateForm(form); errWithCode != nil {
apiutil.ErrorHandler(c, gtserror.NewErrorBadRequest(err, err.Error()), m.processor.InstanceGetV1) apiutil.ErrorHandler(c, errWithCode, m.processor.InstanceGetV1)
return return
} }
@ -374,46 +376,61 @@ func parseStatusCreateForm(c *gin.Context) (*apimodel.StatusCreateRequest, error
return form, nil return form, nil
} }
// validateNormalizeCreateStatus checks the form // validateStatusCreateForm checks the form for disallowed
// for disallowed combinations of attachments and // combinations of attachments, overlength inputs, etc.
// overlength inputs.
// //
// Side effect: normalizes the post's language tag. // Side effect: normalizes the post's language tag.
func validateNormalizeCreateStatus(form *apimodel.StatusCreateRequest) error { func validateStatusCreateForm(form *apimodel.StatusCreateRequest) gtserror.WithCode {
hasStatus := form.Status != "" var (
hasMedia := len(form.MediaIDs) != 0 chars = len([]rune(form.Status)) + len([]rune(form.SpoilerText))
hasPoll := form.Poll != nil maxChars = config.GetStatusesMaxChars()
mediaFiles = len(form.MediaIDs)
maxMediaFiles = config.GetStatusesMediaMaxFiles()
hasMedia = mediaFiles != 0
hasPoll = form.Poll != nil
)
if !hasStatus && !hasMedia && !hasPoll { if chars == 0 && !hasMedia && !hasPoll {
return errors.New("no status, media, or poll provided") // Status must contain *some* kind of content.
const text = "no status content, content warning, media, or poll provided"
return gtserror.NewErrorBadRequest(errors.New(text), text)
} }
if hasMedia && hasPoll { if chars > maxChars {
return errors.New("can't post media + poll in same status") text := fmt.Sprintf(
"status too long, %d characters provided (including content warning) but limit is %d",
chars, maxChars,
)
return gtserror.NewErrorBadRequest(errors.New(text), text)
} }
maxChars := config.GetStatusesMaxChars() if mediaFiles > maxMediaFiles {
if length := len([]rune(form.Status)) + len([]rune(form.SpoilerText)); length > maxChars { text := fmt.Sprintf(
return fmt.Errorf("status too long, %d characters provided (including spoiler/content warning) but limit is %d", length, maxChars) "too many media files attached to status, %d attached but limit is %d",
} mediaFiles, maxMediaFiles,
)
maxMediaFiles := config.GetStatusesMediaMaxFiles() return gtserror.NewErrorBadRequest(errors.New(text), text)
if len(form.MediaIDs) > maxMediaFiles {
return fmt.Errorf("too many media files attached to status, %d attached but limit is %d", len(form.MediaIDs), maxMediaFiles)
} }
if form.Poll != nil { if form.Poll != nil {
if err := validateNormalizeCreatePoll(form); err != nil { if errWithCode := validateStatusPoll(form); errWithCode != nil {
return err return errWithCode
} }
} }
if form.Language != "" { if form.ScheduledAt != "" {
language, err := validate.Language(form.Language) const text = "scheduled_at is not yet implemented"
if err != nil { return gtserror.NewErrorNotImplemented(errors.New(text), text)
return err
} }
form.Language = language
// Validate + normalize
// language tag if provided.
if form.Language != "" {
lang, err := validate.Language(form.Language)
if err != nil {
return gtserror.NewErrorBadRequest(err, err.Error())
}
form.Language = lang
} }
// Check if the deprecated "federated" field was // Check if the deprecated "federated" field was
@ -425,9 +442,36 @@ func validateNormalizeCreateStatus(form *apimodel.StatusCreateRequest) error {
return nil return nil
} }
func validateNormalizeCreatePoll(form *apimodel.StatusCreateRequest) error { func validateStatusPoll(form *apimodel.StatusCreateRequest) gtserror.WithCode {
maxPollOptions := config.GetStatusesPollMaxOptions() var (
maxPollChars := config.GetStatusesPollOptionMaxChars() maxPollOptions = config.GetStatusesPollMaxOptions()
pollOptions = len(form.Poll.Options)
maxPollOptionChars = config.GetStatusesPollOptionMaxChars()
)
if pollOptions == 0 {
const text = "poll with no options"
return gtserror.NewErrorBadRequest(errors.New(text), text)
}
if pollOptions > maxPollOptions {
text := fmt.Sprintf(
"too many poll options provided, %d provided but limit is %d",
pollOptions, maxPollOptions,
)
return gtserror.NewErrorBadRequest(errors.New(text), text)
}
for _, option := range form.Poll.Options {
optionChars := len([]rune(option))
if optionChars > maxPollOptionChars {
text := fmt.Sprintf(
"poll option too long, %d characters provided but limit is %d",
optionChars, maxPollOptionChars,
)
return gtserror.NewErrorBadRequest(errors.New(text), text)
}
}
// Normalize poll expiry if necessary. // Normalize poll expiry if necessary.
// If we parsed this as JSON, expires_in // If we parsed this as JSON, expires_in
@ -440,27 +484,15 @@ func validateNormalizeCreatePoll(form *apimodel.StatusCreateRequest) error {
case string: case string:
expiresIn, err := strconv.Atoi(e) expiresIn, err := strconv.Atoi(e)
if err != nil { if err != nil {
return fmt.Errorf("could not parse expires_in value %s as integer: %w", e, err) text := fmt.Sprintf("could not parse expires_in value %s as integer: %v", e, err)
return gtserror.NewErrorBadRequest(errors.New(text), text)
} }
form.Poll.ExpiresIn = expiresIn form.Poll.ExpiresIn = expiresIn
default: default:
return fmt.Errorf("could not parse expires_in type %T as integer", ei) text := fmt.Sprintf("could not parse expires_in type %T as integer", ei)
} return gtserror.NewErrorBadRequest(errors.New(text), text)
}
if len(form.Poll.Options) == 0 {
return errors.New("poll with no options")
}
if len(form.Poll.Options) > maxPollOptions {
return fmt.Errorf("too many poll options provided, %d provided but limit is %d", len(form.Poll.Options), maxPollOptions)
}
for _, p := range form.Poll.Options {
if length := len([]rune(p)); length > maxPollChars {
return fmt.Errorf("poll option too long, %d characters provided but limit is %d", length, maxPollChars)
} }
} }

View file

@ -365,6 +365,25 @@ func (suite *StatusCreateTestSuite) TestPostNewStatusMessedUpIntPolicy() {
}`, out) }`, out)
} }
func (suite *StatusCreateTestSuite) TestPostNewScheduledStatus() {
out, recorder := suite.postStatus(map[string][]string{
"status": {"this is a brand new status! #helloworld"},
"spoiler_text": {"hello hello"},
"sensitive": {"true"},
"visibility": {string(apimodel.VisibilityMutualsOnly)},
"scheduled_at": {"2080-10-04T15:32:02.018Z"},
}, "")
// We should have 501 from
// our call to the function.
suite.Equal(http.StatusNotImplemented, recorder.Code)
// We should have a helpful error message.
suite.Equal(`{
"error": "Not Implemented: scheduled_at is not yet implemented"
}`, out)
}
func (suite *StatusCreateTestSuite) TestPostNewStatusMarkdown() { func (suite *StatusCreateTestSuite) TestPostNewStatusMarkdown() {
out, recorder := suite.postStatus(map[string][]string{ out, recorder := suite.postStatus(map[string][]string{
"status": {statusMarkdown}, "status": {statusMarkdown},

View file

@ -191,6 +191,19 @@ func NewErrorGone(original error, helpText ...string) WithCode {
} }
} }
// NewErrorNotImplemented returns an ErrorWithCode 501 with the given original error and optional help text.
func NewErrorNotImplemented(original error, helpText ...string) WithCode {
safe := http.StatusText(http.StatusNotImplemented)
if helpText != nil {
safe = safe + ": " + strings.Join(helpText, ": ")
}
return withCode{
original: original,
safe: errors.New(safe),
code: http.StatusNotImplemented,
}
}
// NewErrorClientClosedRequest returns an ErrorWithCode 499 with the given original error. // NewErrorClientClosedRequest returns an ErrorWithCode 499 with the given original error.
// This error type should only be used when an http caller has already hung up their request. // This error type should only be used when an http caller has already hung up their request.
// See: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#nginx // See: https://en.wikipedia.org/wiki/List_of_HTTP_status_codes#nginx