From 013bc0b45f735eb347714ef75283de9725e51f2d Mon Sep 17 00:00:00 2001
From: trisua <me@trisua.com>
Date: Wed, 28 May 2025 13:06:48 -0400
Subject: [PATCH] fix: mark all notifications as read/unread fix: check profile
 status, warning, and biography length fix: check post warning and tags length

---
 crates/app/src/routes/api/v1/auth/profile.rs  | 12 ++++++
 .../src/routes/api/v1/communities/posts.rs    | 10 +++++
 crates/core/src/database/auth.rs              |  1 +
 crates/core/src/database/notifications.rs     | 39 +++++++++++++++----
 4 files changed, 54 insertions(+), 8 deletions(-)

diff --git a/crates/app/src/routes/api/v1/auth/profile.rs b/crates/app/src/routes/api/v1/auth/profile.rs
index 5c6c093..95c1430 100644
--- a/crates/app/src/routes/api/v1/auth/profile.rs
+++ b/crates/app/src/routes/api/v1/auth/profile.rs
@@ -105,6 +105,18 @@ pub async fn update_user_settings_request(
         return Json(Error::DataTooLong("display name".to_string()).into());
     }
 
+    if req.warning.len() > 2048 {
+        return Json(Error::DataTooLong("warning".to_string()).into());
+    }
+
+    if req.status.len() > 256 {
+        return Json(Error::DataTooLong("status".to_string()).into());
+    }
+
+    if req.biography.len() > 4096 {
+        return Json(Error::DataTooLong("warning".to_string()).into());
+    }
+
     // check percentage themes
     if !req.theme_sat.is_empty() && !req.theme_sat.ends_with("%") {
         req.theme_sat = format!("{}%", req.theme_sat)
diff --git a/crates/app/src/routes/api/v1/communities/posts.rs b/crates/app/src/routes/api/v1/communities/posts.rs
index dd9d19d..447a633 100644
--- a/crates/app/src/routes/api/v1/communities/posts.rs
+++ b/crates/app/src/routes/api/v1/communities/posts.rs
@@ -289,6 +289,16 @@ pub async fn update_context_request(
         None => return Json(Error::NotAllowed.into()),
     };
 
+    // check lengths
+    if req.context.tags.len() > 512 {
+        return Json(Error::DataTooLong("tags".to_string()).into());
+    }
+
+    if req.context.content_warning.len() > 512 {
+        return Json(Error::DataTooLong("warning".to_string()).into());
+    }
+
+    // ...
     match data.update_post_context(id, user, req.context).await {
         Ok(_) => Json(ApiReturn {
             ok: true,
diff --git a/crates/core/src/database/auth.rs b/crates/core/src/database/auth.rs
index 530a57b..924e32d 100644
--- a/crates/core/src/database/auth.rs
+++ b/crates/core/src/database/auth.rs
@@ -706,6 +706,7 @@ impl DataManager {
     auto_method!(update_user_notification_count(i32)@get_user_by_id -> "UPDATE users SET notification_count = $1 WHERE id = $2" --cache-key-tmpl=cache_clear_user);
     auto_method!(incr_user_notifications()@get_user_by_id -> "UPDATE users SET notification_count = notification_count + 1 WHERE id = $1" --cache-key-tmpl=cache_clear_user --incr);
     auto_method!(decr_user_notifications()@get_user_by_id -> "UPDATE users SET notification_count = notification_count - 1 WHERE id = $1" --cache-key-tmpl=cache_clear_user --decr=notification_count);
+    auto_method!(set_user_notifications(i32)@get_user_by_id -> "UPDATE users SET notification_count = $1 WHERE id = $2" --cache-key-tmpl=cache_clear_user);
 
     auto_method!(incr_user_follower_count()@get_user_by_id -> "UPDATE users SET follower_count = follower_count + 1 WHERE id = $1" --cache-key-tmpl=cache_clear_user --incr);
     auto_method!(decr_user_follower_count()@get_user_by_id -> "UPDATE users SET follower_count = follower_count - 1 WHERE id = $1" --cache-key-tmpl=cache_clear_user --decr=follower_count);
diff --git a/crates/core/src/database/notifications.rs b/crates/core/src/database/notifications.rs
index c501caf..3643276 100644
--- a/crates/core/src/database/notifications.rs
+++ b/crates/core/src/database/notifications.rs
@@ -250,22 +250,45 @@ impl DataManager {
     pub async fn update_all_notifications_read(&self, user: &User, read: bool) -> Result<()> {
         let notifications = self.get_notifications_by_owner(user.id).await?;
 
-        if notifications.len() > 1000 {
-            return Err(Error::MiscError(
-                "Too many notifications to do this".to_string(),
-            ));
-        }
-
+        let mut changed_count: i32 = 0;
         for notification in notifications {
             if notification.read == read {
                 // no need to update this
                 continue;
             }
 
-            self.update_notification_read(notification.id, read, user)
-                .await?
+            changed_count += 1;
+
+            self.2
+                .remove(format!("atto.notification:{}", notification.id))
+                .await;
         }
 
+        // execute
+        let conn = match self.connect().await {
+            Ok(c) => c,
+            Err(e) => return Err(Error::DatabaseConnection(e.to_string())),
+        };
+
+        let res = execute!(
+            &conn,
+            "UPDATE notifications SET read = $1 WHERE owner = $2",
+            params![&{ if read { 1 } else { 0 } }, &(user.id as i64)]
+        );
+
+        if let Err(e) = res {
+            return Err(Error::DatabaseError(e.to_string()));
+        }
+
+        // use changed_count to update user counts
+        if read == false {
+            // we don't need to update when marking things as read since that should just be 0
+            self.set_user_notifications(user.id, changed_count).await?;
+        } else {
+            self.set_user_notifications(user.id, 0).await?;
+        }
+
+        // ...
         Ok(())
     }
 }