use axum::{extract::Path, response::IntoResponse, Extension, Json}; use axum_extra::extract::CookieJar; use tetratto_core::model::{ communities::Post, permissions::FinePermission, uploads::{MediaType, MediaUpload}, ApiReturn, Error, }; use crate::{ get_user_from_token, image::{save_webp_buffer, JsonMultipart}, routes::api::v1::{CreatePost, CreateRepost, UpdatePostContent, UpdatePostContext}, State, }; // maximum file dimensions: 2048x2048px (4 MiB) pub const MAXIMUM_FILE_SIZE: usize = 4194304; pub async fn create_request( jar: CookieJar, Extension(data): Extension, JsonMultipart(images, req): JsonMultipart, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; if !user.permissions.check(FinePermission::SUPPORTER) { if images.len() > 0 { // this is currently supporter only until it's been tested better... // after it's fully release, file limit will be raised to 8 MiB for supporters, // and left at 4 for non-supporters return Json(Error::RequiresSupporter.into()); } } if images.len() > 4 { return Json( Error::MiscError("Too many uploads. Please use a maximum of 4".to_string()).into(), ); } let mut props = Post::new( req.content, match req.community.parse::() { Ok(x) => x, Err(e) => return Json(Error::MiscError(e.to_string()).into()), }, if let Some(rt) = req.replying_to { match rt.parse::() { Ok(x) => Some(x), Err(e) => return Json(Error::MiscError(e.to_string()).into()), } } else { None }, user.id, ); if !req.answering.is_empty() { // we're answering a question! props.context.answering = match req.answering.parse::() { Ok(x) => x, Err(e) => return Json(Error::MiscError(e.to_string()).into()), }; } // check sizes for img in &images { if img.len() > MAXIMUM_FILE_SIZE { return Json(Error::DataTooLong("image".to_string()).into()); } } // create uploads for _ in 0..images.len() { props.uploads.push( match data .create_upload(MediaUpload::new(MediaType::Webp, props.owner)) .await { Ok(u) => u.id, Err(e) => return Json(e.into()), }, ); } // ... match data.create_post(props.clone()).await { Ok(id) => { // write to uploads for (i, upload_id) in props.uploads.iter().enumerate() { let image = match images.get(i) { Some(img) => img, None => { if let Err(e) = data.delete_upload(*upload_id).await { return Json(e.into()); } continue; } }; let upload = match data.get_upload_by_id(*upload_id).await { Ok(u) => u, Err(e) => return Json(e.into()), }; if let Err(e) = save_webp_buffer(&upload.path(&data.0).to_string(), image.to_vec()) { return Json(Error::MiscError(e.to_string()).into()); } } // return Json(ApiReturn { ok: true, message: "Post created".to_string(), payload: Some(id.to_string()), }) } Err(e) => Json(e.into()), } } pub async fn create_repost_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, Json(req): Json, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; match data .create_post(Post::repost( req.content, match req.community.parse::() { Ok(x) => x, Err(e) => return Json(Error::MiscError(e.to_string()).into()), }, user.id, id, )) .await { Ok(id) => Json(ApiReturn { ok: true, message: "Post reposted".to_string(), payload: Some(id.to_string()), }), Err(e) => Json(e.into()), } } pub async fn delete_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; match data.fake_delete_post(id, user, true).await { Ok(_) => Json(ApiReturn { ok: true, message: "Post deleted".to_string(), payload: (), }), Err(e) => Json(e.into()), } } pub async fn purge_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; if !user.permissions.check(FinePermission::MANAGE_POSTS) { return Json(Error::NotAllowed.into()); } match data.delete_post(id, user).await { Ok(_) => Json(ApiReturn { ok: true, message: "Post deleted".to_string(), payload: (), }), Err(e) => Json(e.into()), } } pub async fn restore_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; if !user.permissions.check(FinePermission::MANAGE_POSTS) { return Json(Error::NotAllowed.into()); } match data.fake_delete_post(id, user, false).await { Ok(_) => Json(ApiReturn { ok: true, message: "Post restored".to_string(), payload: (), }), Err(e) => Json(e.into()), } } pub async fn update_content_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, Json(req): Json, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; match data.update_post_content(id, user, req.content).await { Ok(_) => Json(ApiReturn { ok: true, message: "Post updated".to_string(), payload: (), }), Err(e) => Json(e.into()), } } pub async fn update_context_request( jar: CookieJar, Extension(data): Extension, Path(id): Path, Json(req): Json, ) -> impl IntoResponse { let data = &(data.read().await).0; let user = match get_user_from_token!(jar, data) { Some(ua) => ua, None => return Json(Error::NotAllowed.into()), }; match data.update_post_context(id, user, req.context).await { Ok(_) => Json(ApiReturn { ok: true, message: "Post updated".to_string(), payload: (), }), Err(e) => Json(e.into()), } }