t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions

fix: journal privacy

Browse source
This commit is contained in:
trisua 2025-06-19 16:19:57 -04:00
parent 57a69eea50
commit 97b7e873ed
6 changed files with 95 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

33
crates/app/src/public/html/journals/app.lisp
View file

@ -272,7 +272,34 @@
("class" "flex flex-col gap-2 card") ("class" "flex flex-col gap-2 card")
(text "{{ note.content|markdown|safe }}")) (text "{{ note.content|markdown|safe }}"))
(span (text "Last updated: ") (span ("class" "date") (text "{{ note.edited }}"))) (div
("class" "flex w-full justify-between gap-2")
(span (text "Last updated: ") (span ("class" "date") (text "{{ note.edited }}")))
(text "{% if user and user.id == owner.id -%}")
(button
("class" "small")
("onclick" "{% if journal.privacy == \"Public\" -%}
trigger('atto::copy_text', ['{{ config.host }}/@{{ owner.username }}/{{ journal.title }}/{{ note.title }}'])
{%- else -%}
prompt_make_public();
trigger('atto::copy_text', ['{{ config.host }}/@{{ owner.username }}/{{ journal.title }}/{{ note.title }}'])
{%- endif %}")
(icon (text "share"))
(str (text "general:label.share")))
(script
(text "globalThis.prompt_make_public = async () => {
if (
!(await trigger(\"atto::confirm\", [
\"Would you like to make this journal public? This is required for others to view this note.\",
]))
) {
return;
}
change_journal_privacy({ target: { selectedOptions: [{ value: \"Public\" }] }, preventDefault: () => {} });
}"))
(text "{%- endif %}"))
(text "{%- endif %}") (text "{%- endif %}")
(text "{%- endif %}"))) (text "{%- endif %}")))
(style (style
@ -431,8 +458,8 @@
globalThis.change_journal_privacy = async (e) => { globalThis.change_journal_privacy = async (e) => {
e.preventDefault(); e.preventDefault();
const selected = event.target.selectedOptions[0]; const selected = e.target.selectedOptions[0];
fetch(\"/api/v1/journals/{{ selected_journal }}/privacy\", { fetch(\"/api/v1/journals/{% if journal -%} {{ journal.id }} {%- else -%} {{ selected_journal }} {%- endif %}/privacy\", {
method: \"POST\", method: \"POST\",
headers: { headers: {
\"Content-Type\": \"application/json\", \"Content-Type\": \"application/json\",

23
crates/app/src/routes/api/v1/journals.rs
View file

@ -9,11 +9,14 @@ use crate::{
routes::api::v1::{UpdateJournalPrivacy, CreateJournal, UpdateJournalTitle}, routes::api::v1::{UpdateJournalPrivacy, CreateJournal, UpdateJournalTitle},
State, State,
}; };
use tetratto_core::model::{ use tetratto_core::{
journals::{Journal, JournalPrivacyPermission}, database::NAME_REGEX,
oauth, model::{
permissions::FinePermission, journals::{Journal, JournalPrivacyPermission},
ApiReturn, Error, oauth,
permissions::FinePermission,
ApiReturn, Error,
},
}; };
pub async fn get_request( pub async fn get_request(
@ -101,6 +104,16 @@ pub async fn update_title_request(
props.title = props.title.replace(" ", "_"); props.title = props.title.replace(" ", "_");
// check name
let regex = regex::RegexBuilder::new(NAME_REGEX)
.multi_line(true)
.build()
.unwrap();
if regex.captures(&props.title).is_some() {
return Json(Error::MiscError("This title contains invalid characters".to_string()).into());
}
// make sure this title isn't already in use // make sure this title isn't already in use
if data if data
.get_journal_by_owner_title(user.id, &props.title) .get_journal_by_owner_title(user.id, &props.title)

25
crates/app/src/routes/api/v1/notes.rs
View file

@ -10,12 +10,15 @@ use crate::{
routes::api::v1::{CreateNote, RenderMarkdown, UpdateNoteContent, UpdateNoteTitle}, routes::api::v1::{CreateNote, RenderMarkdown, UpdateNoteContent, UpdateNoteTitle},
State, State,
}; };
use tetratto_core::model::{ use tetratto_core::{
journals::{JournalPrivacyPermission, Note}, database::NAME_REGEX,
oauth, model::{
permissions::FinePermission, journals::{JournalPrivacyPermission, Note},
uploads::CustomEmoji, oauth,
ApiReturn, Error, permissions::FinePermission,
uploads::CustomEmoji,
ApiReturn, Error,
},
}; };
pub async fn get_request( pub async fn get_request(
@ -137,6 +140,16 @@ pub async fn update_title_request(
props.title = props.title.replace(" ", "_"); props.title = props.title.replace(" ", "_");
// check name
let regex = regex::RegexBuilder::new(NAME_REGEX)
.multi_line(true)
.build()
.unwrap();
if regex.captures(&props.title).is_some() {
return Json(Error::MiscError("This title contains invalid characters".to_string()).into());
}
// make sure this title isn't already in use // make sure this title isn't already in use
if data if data
.get_note_by_journal_title(note.journal, &props.title) .get_note_by_journal_title(note.journal, &props.title)

15
crates/core/src/database/journals.rs
View file

@ -1,9 +1,10 @@
use oiseau::{cache::Cache, query_row}; use oiseau::{cache::Cache, query_row};
use crate::{ use crate::{
database::common::NAME_REGEX,
model::{ model::{
auth::User, auth::User,
permissions::FinePermission,
journals::{Journal, JournalPrivacyPermission}, journals::{Journal, JournalPrivacyPermission},
permissions::FinePermission,
Error, Result, Error, Result,
}, },
}; };
@ -85,6 +86,18 @@ impl DataManager {
data.title = data.title.replace(" ", "_"); data.title = data.title.replace(" ", "_");
// check name
let regex = regex::RegexBuilder::new(NAME_REGEX)
.multi_line(true)
.build()
.unwrap();
if regex.captures(&data.title).is_some() {
return Err(Error::MiscError(
"This title contains invalid characters".to_string(),
));
}
// make sure this title isn't already in use // make sure this title isn't already in use
if self if self
.get_journal_by_owner_title(data.owner, &data.title) .get_journal_by_owner_title(data.owner, &data.title)

1
crates/core/src/database/mod.rs
View file

@ -30,3 +30,4 @@ mod userblocks;
mod userfollows; mod userfollows;
pub use drivers::DataManager; pub use drivers::DataManager;
pub use common::NAME_REGEX;

13
crates/core/src/database/notes.rs
View file

@ -1,4 +1,5 @@
use oiseau::cache::Cache; use oiseau::cache::Cache;
use crate::database::common::NAME_REGEX;
use crate::model::{auth::User, journals::Note, permissions::FinePermission, Error, Result}; use crate::model::{auth::User, journals::Note, permissions::FinePermission, Error, Result};
use crate::{auto_method, DataManager}; use crate::{auto_method, DataManager};
use oiseau::{execute, get, params, query_row, query_rows, PostgresRow}; use oiseau::{execute, get, params, query_row, query_rows, PostgresRow};
@ -84,6 +85,18 @@ impl DataManager {
data.title = data.title.replace(" ", "_"); data.title = data.title.replace(" ", "_");
// check name
let regex = regex::RegexBuilder::new(NAME_REGEX)
.multi_line(true)
.build()
.unwrap();
if regex.captures(&data.title).is_some() {
return Err(Error::MiscError(
"This title contains invalid characters".to_string(),
));
}
// make sure this title isn't already in use // make sure this title isn't already in use
if self if self
.get_note_by_journal_title(data.journal, &data.title) .get_note_by_journal_title(data.journal, &data.title)