From 66c2eb670b273d808f0a9c1ae087df064718ca3d Mon Sep 17 00:00:00 2001 From: lain Date: Tue, 21 Apr 2020 18:23:00 +0200 Subject: [PATCH] ChatController: Validate parameters. --- .../web/api_spec/operations/chat_operation.ex | 4 ++++ .../controllers/chat_controller.ex | 22 ++++++++++++------- .../controllers/chat_controller_test.exs | 5 +++-- 3 files changed, 21 insertions(+), 10 deletions(-) diff --git a/lib/pleroma/web/api_spec/operations/chat_operation.ex b/lib/pleroma/web/api_spec/operations/chat_operation.ex index 5bd41ec4f..dc99bd773 100644 --- a/lib/pleroma/web/api_spec/operations/chat_operation.ex +++ b/lib/pleroma/web/api_spec/operations/chat_operation.ex @@ -21,6 +21,7 @@ def create_operation do %Operation{ tags: ["chat"], summary: "Create a chat", + operationId: "ChatController.create", parameters: [ Operation.parameter( :ap_id, @@ -47,6 +48,7 @@ def index_operation do %Operation{ tags: ["chat"], summary: "Get a list of chats that you participated in", + operationId: "ChatController.index", parameters: [ Operation.parameter(:limit, :query, :integer, "How many results to return", example: 20), Operation.parameter(:min_id, :query, :string, "Return only chats after this id"), @@ -67,6 +69,7 @@ def messages_operation do %Operation{ tags: ["chat"], summary: "Get the most recent messages of the chat", + operationId: "ChatController.messages", parameters: [ Operation.parameter(:id, :path, :string, "The ID of the Chat"), Operation.parameter(:limit, :query, :integer, "How many results to return", example: 20), @@ -89,6 +92,7 @@ def post_chat_message_operation do %Operation{ tags: ["chat"], summary: "Post a message to the chat", + operationId: "ChatController.post_chat_message", parameters: [ Operation.parameter(:id, :path, :string, "The ID of the Chat") ], diff --git a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex index 9d8b9b3cf..771ad6217 100644 --- a/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex +++ b/lib/pleroma/web/pleroma_api/controllers/chat_controller.ex @@ -14,6 +14,8 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do alias Pleroma.Web.PleromaAPI.ChatMessageView alias Pleroma.Web.PleromaAPI.ChatView + import Pleroma.Web.ActivityPub.ObjectValidator, only: [stringify_keys: 1] + import Ecto.Query # TODO @@ -29,12 +31,16 @@ defmodule Pleroma.Web.PleromaAPI.ChatController do %{scopes: ["read:statuses"]} when action in [:messages, :index] ) + plug(OpenApiSpex.Plug.CastAndValidate) + defdelegate open_api_operation(action), to: Pleroma.Web.ApiSpec.ChatOperation - def post_chat_message(%{assigns: %{user: %{id: user_id} = user}} = conn, %{ - "id" => id, - "content" => content - }) do + def post_chat_message( + %{body_params: %{content: content}, assigns: %{user: %{id: user_id} = user}} = conn, + %{ + id: id + } + ) do with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id), %User{} = recipient <- User.get_cached_by_ap_id(chat.recipient), {:ok, activity} <- CommonAPI.post_chat_message(user, recipient, content), @@ -45,7 +51,7 @@ def post_chat_message(%{assigns: %{user: %{id: user_id} = user}} = conn, %{ end end - def messages(%{assigns: %{user: %{id: user_id} = user}} = conn, %{"id" => id} = params) do + def messages(%{assigns: %{user: %{id: user_id} = user}} = conn, %{id: id} = params) do with %Chat{} = chat <- Repo.get_by(Chat, id: id, user_id: user_id) do messages = from(o in Object, @@ -66,7 +72,7 @@ def messages(%{assigns: %{user: %{id: user_id} = user}} = conn, %{"id" => id} = ^[user.ap_id] ) ) - |> Pagination.fetch_paginated(params) + |> Pagination.fetch_paginated(params |> stringify_keys()) conn |> put_view(ChatMessageView) @@ -85,7 +91,7 @@ def index(%{assigns: %{user: %{id: user_id}}} = conn, params) do where: c.user_id == ^user_id, order_by: [desc: c.updated_at] ) - |> Pagination.fetch_paginated(params) + |> Pagination.fetch_paginated(params |> stringify_keys) conn |> put_view(ChatView) @@ -93,7 +99,7 @@ def index(%{assigns: %{user: %{id: user_id}}} = conn, params) do end def create(%{assigns: %{user: user}} = conn, params) do - recipient = params["ap_id"] |> URI.decode_www_form() + recipient = params[:ap_id] with {:ok, %Chat{} = chat} <- Chat.get_or_create(user.id, recipient) do conn diff --git a/test/web/pleroma_api/controllers/chat_controller_test.exs b/test/web/pleroma_api/controllers/chat_controller_test.exs index 52a34d23f..84610e511 100644 --- a/test/web/pleroma_api/controllers/chat_controller_test.exs +++ b/test/web/pleroma_api/controllers/chat_controller_test.exs @@ -25,6 +25,7 @@ test "it posts a message to the chat", %{conn: conn, user: user} do result = conn + |> put_req_header("content-type", "application/json") |> post("/api/v1/pleroma/chats/#{chat.id}/messages", %{"content" => "Hallo!!"}) |> json_response(200) @@ -56,7 +57,7 @@ test "it paginates", %{conn: conn, user: user} do result = conn - |> get("/api/v1/pleroma/chats/#{chat.id}/messages", %{"max_id" => List.last(result)["id"]}) + |> get("/api/v1/pleroma/chats/#{chat.id}/messages?max_id=#{List.last(result)["id"]}") |> json_response(200) assert length(result) == 10 @@ -132,7 +133,7 @@ test "it paginates", %{conn: conn, user: user} do result = conn - |> get("/api/v1/pleroma/chats", %{max_id: List.last(result)["id"]}) + |> get("/api/v1/pleroma/chats?max_id=#{List.last(result)["id"]}") |> json_response(200) assert length(result) == 10