// GoToSocial // Copyright (C) GoToSocial Authors admin@gotosocial.org // SPDX-License-Identifier: AGPL-3.0-or-later // // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see . package account import ( "context" "errors" "fmt" "io" "mime/multipart" "codeberg.org/gruf/go-iotools" "github.com/superseriousbusiness/gotosocial/internal/ap" apimodel "github.com/superseriousbusiness/gotosocial/internal/api/model" "github.com/superseriousbusiness/gotosocial/internal/config" "github.com/superseriousbusiness/gotosocial/internal/gtserror" "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/log" "github.com/superseriousbusiness/gotosocial/internal/media" "github.com/superseriousbusiness/gotosocial/internal/messages" "github.com/superseriousbusiness/gotosocial/internal/text" "github.com/superseriousbusiness/gotosocial/internal/typeutils" "github.com/superseriousbusiness/gotosocial/internal/util" "github.com/superseriousbusiness/gotosocial/internal/validate" ) func (p *Processor) selectNoteFormatter(contentType string) text.FormatFunc { if contentType == "text/markdown" { return p.formatter.FromMarkdown } return p.formatter.FromPlain } // Update processes the update of an account with the given form. func (p *Processor) Update(ctx context.Context, account *gtsmodel.Account, form *apimodel.UpdateCredentialsRequest) (*apimodel.Account, gtserror.WithCode) { // Ensure account populated; we'll need settings. if err := p.state.DB.PopulateAccount(ctx, account); err != nil { log.Errorf(ctx, "error(s) populating account, will continue: %s", err) } if form.Discoverable != nil { account.Discoverable = form.Discoverable } if form.Bot != nil { account.Bot = form.Bot } // Via the process of updating the account, // it is possible that the emojis used by // that account in note/display name/fields // may change; we need to keep track of this. var emojisChanged bool if form.DisplayName != nil { displayName := *form.DisplayName if err := validate.DisplayName(displayName); err != nil { return nil, gtserror.NewErrorBadRequest(err, err.Error()) } // Parse new display name (always from plaintext). account.DisplayName = text.SanitizeToPlaintext(displayName) // If display name has changed, account emojis may have also changed. emojisChanged = true } if form.Note != nil { note := *form.Note if err := validate.Note(note); err != nil { return nil, gtserror.NewErrorBadRequest(err, err.Error()) } // Store raw version of the note for now, // we'll process the proper version later. account.NoteRaw = note // If note has changed, account emojis may have also changed. emojisChanged = true } if form.FieldsAttributes != nil { var ( fieldsAttributes = *form.FieldsAttributes fieldsLen = len(fieldsAttributes) fieldsRaw = make([]*gtsmodel.Field, 0, fieldsLen) ) for _, updateField := range fieldsAttributes { if updateField.Name == nil || updateField.Value == nil { continue } var ( name string = *updateField.Name value string = *updateField.Value ) if name == "" || value == "" { continue } // Sanitize raw field values. fieldRaw := >smodel.Field{ Name: text.SanitizeToPlaintext(name), Value: text.SanitizeToPlaintext(value), } fieldsRaw = append(fieldsRaw, fieldRaw) } // Check length of parsed raw fields. if err := validate.ProfileFields(fieldsRaw); err != nil { return nil, gtserror.NewErrorBadRequest(err, err.Error()) } // OK, new raw fields are valid. account.FieldsRaw = fieldsRaw account.Fields = make([]*gtsmodel.Field, 0, fieldsLen) // process these in a sec // If fields have changed, account emojis may also have changed. emojisChanged = true } if emojisChanged { // Use map to deduplicate emojis by their ID. emojis := make(map[string]*gtsmodel.Emoji) // Retrieve display name emojis. for _, emoji := range p.formatter.FromPlainEmojiOnly( ctx, p.parseMention, account.ID, "", account.DisplayName, ).Emojis { emojis[emoji.ID] = emoji } // Format + set note according to user prefs. f := p.selectNoteFormatter(account.Settings.StatusContentType) formatNoteResult := f(ctx, p.parseMention, account.ID, "", account.NoteRaw) account.Note = formatNoteResult.HTML // Retrieve note emojis. for _, emoji := range formatNoteResult.Emojis { emojis[emoji.ID] = emoji } // Process the raw fields we stored earlier. account.Fields = make([]*gtsmodel.Field, 0, len(account.FieldsRaw)) for _, fieldRaw := range account.FieldsRaw { field := >smodel.Field{} // Name stays plain, but we still need to // see if there are any emojis set in it. field.Name = fieldRaw.Name for _, emoji := range p.formatter.FromPlainEmojiOnly( ctx, p.parseMention, account.ID, "", fieldRaw.Name, ).Emojis { emojis[emoji.ID] = emoji } // Value can be HTML, but we don't want // to wrap the result in

tags. fieldFormatValueResult := p.formatter.FromPlainNoParagraph(ctx, p.parseMention, account.ID, "", fieldRaw.Value) field.Value = fieldFormatValueResult.HTML // Retrieve field emojis. for _, emoji := range fieldFormatValueResult.Emojis { emojis[emoji.ID] = emoji } // We're done, append the shiny new field. account.Fields = append(account.Fields, field) } emojisCount := len(emojis) account.Emojis = make([]*gtsmodel.Emoji, 0, emojisCount) account.EmojiIDs = make([]string, 0, emojisCount) for id, emoji := range emojis { account.Emojis = append(account.Emojis, emoji) account.EmojiIDs = append(account.EmojiIDs, id) } } if form.AvatarDescription != nil { desc := text.SanitizeToPlaintext(*form.AvatarDescription) form.AvatarDescription = util.Ptr(desc) } if form.Avatar != nil && form.Avatar.Size != 0 { avatarInfo, errWithCode := p.UpdateAvatar(ctx, account, form.Avatar, form.AvatarDescription, ) if errWithCode != nil { return nil, errWithCode } account.AvatarMediaAttachmentID = avatarInfo.ID account.AvatarMediaAttachment = avatarInfo log.Tracef(ctx, "new avatar info for account %s is %+v", account.ID, avatarInfo) } else if form.AvatarDescription != nil && account.AvatarMediaAttachment != nil { // Update just existing description if possible. account.AvatarMediaAttachment.Description = *form.AvatarDescription if err := p.state.DB.UpdateAttachment( ctx, account.AvatarMediaAttachment, "description", ); err != nil { err := gtserror.Newf("db error updating account avatar description: %w", err) return nil, gtserror.NewErrorInternalError(err) } } if form.HeaderDescription != nil { desc := text.SanitizeToPlaintext(*form.HeaderDescription) form.HeaderDescription = util.Ptr(desc) } if form.Header != nil && form.Header.Size != 0 { headerInfo, errWithCode := p.UpdateHeader(ctx, account, form.Header, form.HeaderDescription, ) if errWithCode != nil { return nil, errWithCode } account.HeaderMediaAttachmentID = headerInfo.ID account.HeaderMediaAttachment = headerInfo log.Tracef(ctx, "new header info for account %s is %+v", account.ID, headerInfo) } else if form.HeaderDescription != nil && account.HeaderMediaAttachment != nil { // Update just existing description if possible. account.HeaderMediaAttachment.Description = *form.HeaderDescription if err := p.state.DB.UpdateAttachment( ctx, account.HeaderMediaAttachment, "description", ); err != nil { err := gtserror.Newf("db error updating account avatar description: %w", err) return nil, gtserror.NewErrorInternalError(err) } } if form.Locked != nil { account.Locked = form.Locked } if form.Source != nil { if form.Source.Language != nil { language, err := validate.Language(*form.Source.Language) if err != nil { return nil, gtserror.NewErrorBadRequest(err) } account.Settings.Language = language } if form.Source.Sensitive != nil { account.Settings.Sensitive = form.Source.Sensitive } if form.Source.Privacy != nil { if err := validate.Privacy(*form.Source.Privacy); err != nil { return nil, gtserror.NewErrorBadRequest(err) } privacy := typeutils.APIVisToVis(apimodel.Visibility(*form.Source.Privacy)) account.Settings.Privacy = privacy } if form.Source.StatusContentType != nil { if err := validate.StatusContentType(*form.Source.StatusContentType); err != nil { return nil, gtserror.NewErrorBadRequest(err, err.Error()) } account.Settings.StatusContentType = *form.Source.StatusContentType } } if form.Theme != nil { theme := *form.Theme if theme == "" { // Empty is easy, just clear this. account.Settings.Theme = "" } else { // Theme was provided, check // against known available themes. if _, ok := p.themes.ByFileName[theme]; !ok { err := fmt.Errorf("theme %s not available on this instance, see /api/v1/accounts/themes for available themes", theme) return nil, gtserror.NewErrorBadRequest(err, err.Error()) } account.Settings.Theme = theme } } if form.CustomCSS != nil { customCSS := *form.CustomCSS if err := validate.CustomCSS(customCSS); err != nil { return nil, gtserror.NewErrorBadRequest(err, err.Error()) } account.Settings.CustomCSS = text.SanitizeToPlaintext(customCSS) } if form.EnableRSS != nil { account.Settings.EnableRSS = form.EnableRSS } if form.HideCollections != nil { account.Settings.HideCollections = form.HideCollections } if err := p.state.DB.UpdateAccount(ctx, account); err != nil { return nil, gtserror.NewErrorInternalError(fmt.Errorf("could not update account %s: %s", account.ID, err)) } if err := p.state.DB.UpdateAccountSettings(ctx, account.Settings); err != nil { return nil, gtserror.NewErrorInternalError(fmt.Errorf("could not update account settings %s: %s", account.ID, err)) } p.state.Workers.Client.Queue.Push(&messages.FromClientAPI{ APObjectType: ap.ActorPerson, APActivityType: ap.ActivityUpdate, GTSModel: account, Origin: account, }) acctSensitive, err := p.converter.AccountToAPIAccountSensitive(ctx, account) if err != nil { return nil, gtserror.NewErrorInternalError(fmt.Errorf("could not convert account into apisensitive account: %s", err)) } return acctSensitive, nil } // UpdateAvatar does the dirty work of checking the avatar // part of an account update form, parsing and checking the // media, and doing the necessary updates in the database // for this to become the account's new avatar. func (p *Processor) UpdateAvatar( ctx context.Context, account *gtsmodel.Account, avatar *multipart.FileHeader, description *string, ) ( *gtsmodel.MediaAttachment, gtserror.WithCode, ) { // Get maximum supported local media size. maxsz := int64(config.GetMediaLocalMaxSize()) // #nosec G115 -- Already validated. // Ensure media within size bounds. if avatar.Size > maxsz { text := fmt.Sprintf("media exceeds configured max size: %d", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } // Open multipart file reader. mpfile, err := avatar.Open() if err != nil { err := gtserror.Newf("error opening multipart file: %w", err) return nil, gtserror.NewErrorInternalError(err) } // Wrap the multipart file reader to ensure is limited to max. rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxsz) // Write to instance storage. return p.c.StoreLocalMedia(ctx, account.ID, func(ctx context.Context) (reader io.ReadCloser, err error) { return rc, nil }, media.AdditionalMediaInfo{ Avatar: util.Ptr(true), Description: description, }, ) } // UpdateHeader does the dirty work of checking the header // part of an account update form, parsing and checking the // media, and doing the necessary updates in the database // for this to become the account's new header. func (p *Processor) UpdateHeader( ctx context.Context, account *gtsmodel.Account, header *multipart.FileHeader, description *string, ) ( *gtsmodel.MediaAttachment, gtserror.WithCode, ) { // Get maximum supported local media size. maxsz := int64(config.GetMediaLocalMaxSize()) // #nosec G115 -- Already validated. // Ensure media within size bounds. if header.Size > maxsz { text := fmt.Sprintf("media exceeds configured max size: %d", maxsz) return nil, gtserror.NewErrorBadRequest(errors.New(text), text) } // Open multipart file reader. mpfile, err := header.Open() if err != nil { err := gtserror.Newf("error opening multipart file: %w", err) return nil, gtserror.NewErrorInternalError(err) } // Wrap the multipart file reader to ensure is limited to max. rc, _, _ := iotools.UpdateReadCloserLimit(mpfile, maxsz) // Write to instance storage. return p.c.StoreLocalMedia(ctx, account.ID, func(ctx context.Context) (reader io.ReadCloser, err error) { return rc, nil }, media.AdditionalMediaInfo{ Header: util.Ptr(true), Description: description, }, ) }