t/tetratto
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: don't allow user display name to be over 32 chars

Browse source
This commit is contained in:
trisua 2025-05-20 23:30:40 -04:00
parent 946f78a90b
commit fb2a9285d2
4 changed files with 145 additions and 139 deletions
Download patch file Download diff file Expand all files Collapse all files

135
crates/app/src/public/html/communities/create_post.html
View file

@ -112,21 +112,7 @@
<div id="files_list" class="flex gap-2 flex-wrap"></div> <div id="files_list" class="flex gap-2 flex-wrap"></div>
<div class="flex justify-between gap-2"> <div class="flex justify-between gap-2">
<div class="flex gap-2"> {{ components::create_post_options() }}
{{ components::emoji_picker(element_id="content",
render_dialog=true) }} {% if is_supporter -%} {{
components::file_picker(files_list_id="files_list")
}} {%- endif %}
<button
class="small square quaternary"
title="More options"
onclick="document.getElementById('post_options_dialog').showModal()"
type="button"
>
{{ icon "ellipsis" }}
</button>
</div>
<div class="flex gap-2"> <div class="flex gap-2">
{% if draft -%} {% if draft -%}
@ -199,26 +185,7 @@
if (res.ok) { if (res.ok) {
// update settings // update settings
if ( await update_settings_maybe(res.payload);
JSON.stringify(
window.POST_INITIAL_SETTINGS,
) !== window.BLANK_INITIAL_SETTINGS
) {
await fetch(
`/api/v1/posts/${res.payload}/context`,
{
method: "POST",
headers: {
"Content-Type":
"application/json",
},
body: JSON.stringify({
context:
window.POST_INITIAL_SETTINGS,
}),
},
);
}
// remove draft // remove draft
// {% if draft -%} // {% if draft -%}
@ -423,102 +390,4 @@
window.history.back(); window.history.back();
} }
</script> </script>
<dialog id="post_options_dialog">
<div class="inner flex flex-col gap-2">
<div id="post_options" class="flex flex-col gap-2"></div>
<hr />
<div class="flex justify-between">
<div></div>
<div class="flex gap-2">
<button
class="bold red quaternary"
onclick="document.getElementById('post_options_dialog').close()"
type="button"
>
{{ icon "x" }} {{ text "dialog:action.close" }}
</button>
</div>
</div>
<script>
setTimeout(() => {
window.POST_INITIAL_SETTINGS = {
comments_enabled: true,
reposts_enabled: true,
reactions_enabled: true,
is_nsfw: false,
content_warning: "",
tags: [],
};
window.BLANK_INITIAL_SETTINGS = JSON.stringify(
window.POST_INITIAL_SETTINGS,
);
const settings_fields = [
[
[
"comments_enabled",
"Allow people to comment on your post",
],
window.POST_INITIAL_SETTINGS.comments_enabled.toString(),
"checkbox",
],
[
[
"reposts_enabled",
"Allow people to repost/quote your post",
],
window.POST_INITIAL_SETTINGS.reposts_enabled.toString(),
"checkbox",
],
[
[
"reactions_enabled",
"Allow people to like/dislike your post",
],
window.POST_INITIAL_SETTINGS.reactions_enabled.toString(),
"checkbox",
],
[
["is_nsfw", "Hide from public timelines"],
window.POST_INITIAL_SETTINGS.is_nsfw.toString(),
"checkbox",
],
[
["content_warning", "Content warning"],
window.POST_INITIAL_SETTINGS.content_warning,
"textarea",
],
[
["tags", "Tags"],
window.POST_INITIAL_SETTINGS.tags,
"input",
{
embed_html:
'<span class="fade">Tags should be separated by a comma.</span>',
},
],
];
trigger("ui::generate_settings_ui", [
document.getElementById("post_options"),
settings_fields,
window.POST_INITIAL_SETTINGS,
{
tags: (new_tags) => {
window.POST_INITIAL_SETTINGS.tags = new_tags
.split(",")
.map((t) => t.trim());
},
},
]);
}, 250);
</script>
</div>
</dialog>
{% endblock %} {% endblock %}

133
crates/app/src/public/html/components.html
View file

@ -1397,4 +1397,135 @@ is_supporter %}
</a> </a>
</div> </div>
</div> </div>
{%- endif %} {%- endmacro %} {%- endif %} {%- endmacro %} {% macro create_post_options() -%}
<div class="flex gap-2">
{{ components::emoji_picker(element_id="content", render_dialog=true) }} {%
if is_supporter -%} {{ components::file_picker(files_list_id="files_list")
}} {%- endif %}
<button
class="small square quaternary"
title="More options"
onclick="document.getElementById('post_options_dialog').showModal()"
type="button"
>
{{ icon "ellipsis" }}
</button>
</div>
<dialog id="post_options_dialog">
<div class="inner flex flex-col gap-2">
<div id="post_options" class="flex flex-col gap-2"></div>
<hr />
<div class="flex justify-between">
<div></div>
<div class="flex gap-2">
<button
class="bold red quaternary"
onclick="document.getElementById('post_options_dialog').close()"
type="button"
>
{{ icon "x" }} {{ text "dialog:action.close" }}
</button>
</div>
</div>
<script>
setTimeout(() => {
window.POST_INITIAL_SETTINGS = {
comments_enabled: true,
reposts_enabled: true,
reactions_enabled: true,
is_nsfw: false,
content_warning: "",
tags: [],
};
window.BLANK_INITIAL_SETTINGS = JSON.stringify(
window.POST_INITIAL_SETTINGS,
);
const settings_fields = [
[
[
"comments_enabled",
"Allow people to comment on your post",
],
window.POST_INITIAL_SETTINGS.comments_enabled.toString(),
"checkbox",
],
[
[
"reposts_enabled",
"Allow people to repost/quote your post",
],
window.POST_INITIAL_SETTINGS.reposts_enabled.toString(),
"checkbox",
],
[
[
"reactions_enabled",
"Allow people to like/dislike your post",
],
window.POST_INITIAL_SETTINGS.reactions_enabled.toString(),
"checkbox",
],
[
["is_nsfw", "Hide from public timelines"],
window.POST_INITIAL_SETTINGS.is_nsfw.toString(),
"checkbox",
],
[
["content_warning", "Content warning"],
window.POST_INITIAL_SETTINGS.content_warning,
"textarea",
],
[
["tags", "Tags"],
window.POST_INITIAL_SETTINGS.tags,
"input",
{
embed_html:
'<span class="fade">Tags should be separated by a comma.</span>',
},
],
];
document.getElementById("post_options").innerHTML = "";
trigger("ui::generate_settings_ui", [
document.getElementById("post_options"),
settings_fields,
window.POST_INITIAL_SETTINGS,
{
tags: (new_tags) => {
window.POST_INITIAL_SETTINGS.tags = new_tags
.split(",")
.map((t) => t.trim());
},
},
]);
}, 250);
globalThis.update_settings_maybe = async (id) => {
if (
JSON.stringify(window.POST_INITIAL_SETTINGS) !==
window.BLANK_INITIAL_SETTINGS
) {
await fetch(`/api/v1/posts/${id}/context`, {
method: "POST",
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify({
context: window.POST_INITIAL_SETTINGS,
}),
});
}
};
</script>
</div>
</dialog>
{%- endmacro %}

11
crates/app/src/public/html/misc/requests.html
View file

@ -111,10 +111,7 @@
<div id="files_list" class="flex gap-2 flex-wrap"></div> <div id="files_list" class="flex gap-2 flex-wrap"></div>
<div class="flex flex-wrap w-full gap-2"> <div class="flex flex-wrap w-full gap-2">
{{ components::emoji_picker(element_id="content", {{ components::create_post_options() }}
render_dialog=true) }} {% if is_supporter -%} {{
components::file_picker(files_list_id="files_list") }}
{%- endif %}
<button class="primary">{{ text "requests:label.answer" }}</button> <button class="primary">{{ text "requests:label.answer" }}</button>
<button type="button" class="red quaternary" onclick="trigger('me::remove_question', ['{{ question[0].id }}'])">{{ text "general:action.delete" }}</button> <button type="button" class="red quaternary" onclick="trigger('me::remove_question', ['{{ question[0].id }}'])">{{ text "general:action.delete" }}</button>
@ -199,13 +196,17 @@
body, body,
}) })
.then((res) => res.json()) .then((res) => res.json())
.then((res) => { .then(async (res) => {
trigger("atto::toast", [ trigger("atto::toast", [
res.ok ? "success" : "error", res.ok ? "success" : "error",
res.message, res.message,
]); ]);
if (res.ok) { if (res.ok) {
// update settings
await update_settings_maybe(res.payload);
// ...
e.target.parentElement.remove(); e.target.parentElement.remove();
} }
}); });

5
crates/app/src/routes/api/v1/auth/profile.rs
View file

@ -100,6 +100,11 @@ pub async fn update_user_settings_request(
return Json(Error::NotAllowed.into()); return Json(Error::NotAllowed.into());
} }
// check lengths
if req.display_name.len() > 32 {
return Json(Error::DataTooLong("display name".to_string()).into());
}
// check percentage themes // check percentage themes
if !req.theme_sat.is_empty() && !req.theme_sat.ends_with("%") { if !req.theme_sat.is_empty() && !req.theme_sat.ends_with("%") {
req.theme_sat = format!("{}%", req.theme_sat) req.theme_sat = format!("{}%", req.theme_sat)