From 7099f504f1cf7893fb0f26fcbb7cee23969217c7 Mon Sep 17 00:00:00 2001 From: nekobit Date: Fri, 24 Jun 2022 04:24:12 +0000 Subject: [PATCH] Refactor for mastodont + fix status xss bug FossilOrigin-Name: d5c3f7b33120a5b137e09026be17b252b62bf73371d55c920e376d0941f34d3d --- src/account.c | 63 ++++++++++++++++++++++++------------- src/attachments.c | 4 +++ src/base_page.c | 9 +++++- src/global_cache.c | 10 ++++-- src/helpers.c | 28 +++++++++++++++++ src/helpers.h | 26 +++++++++++++++ src/lists.c | 10 ++++-- src/login.c | 47 +++++++++++++++++---------- src/main.c | 11 +------ src/notifications.c | 14 +++++++-- src/search.c | 15 +++++++-- src/session.c | 31 ++++++++++++++++++ src/session.h | 3 ++ src/status.c | 77 +++++++++++++++++++++++++++++++++------------ src/status.h | 5 ++- src/timeline.c | 20 +++++++++--- 16 files changed, 291 insertions(+), 82 deletions(-) create mode 100644 src/helpers.c create mode 100644 src/helpers.h create mode 100644 src/session.c diff --git a/src/account.c b/src/account.c index 84f74fd..1847725 100644 --- a/src/account.c +++ b/src/account.c @@ -18,6 +18,7 @@ #include #include +#include "helpers.h" #include "base_page.h" #include "error.h" #include "../config.h" @@ -98,6 +99,8 @@ static char* account_followers_cb(struct session* ssn, .limit = 20, .with_relationships = 0, }; + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* accounts_html = NULL, *navigation_box = NULL; char* output; struct mstdnt_storage storage = { 0 }; @@ -105,7 +108,7 @@ static char* account_followers_cb(struct session* ssn, size_t accts_len = 0; char* start_id; - if (mastodont_get_followers(api, acct->id, &args, &storage, &accounts, &accts_len)) + if (mastodont_get_followers(api, &m_args, acct->id, &args, &storage, &accounts, &accts_len)) { accounts_html = construct_error(storage.error, E_ERROR, 1, NULL); } @@ -148,6 +151,8 @@ static char* account_following_cb(struct session* ssn, .limit = 20, .with_relationships = 0, }; + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* accounts_html = NULL, *navigation_box = NULL; char* output; struct mstdnt_storage storage = { 0 }; @@ -155,7 +160,7 @@ static char* account_following_cb(struct session* ssn, size_t accts_len = 0; char* start_id; - if (mastodont_get_following(api, acct->id, &args, &storage, &accounts, &accts_len)) + if (mastodont_get_following(api, &m_args, acct->id, &args, &storage, &accounts, &accts_len)) { accounts_html = construct_error(storage.error, E_ERROR, 1, NULL); } @@ -191,7 +196,8 @@ static char* account_statuses_cb(struct session* ssn, void* _args) { - (void)ssn; + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); struct mstdnt_account_statuses_args* args = _args; char* statuses_html = NULL, *navigation_box = NULL; char* output; @@ -200,7 +206,7 @@ static char* account_statuses_cb(struct session* ssn, size_t statuses_len = 0; char* start_id; - if (mastodont_get_account_statuses(api, acct->id, args, &storage, &statuses, &statuses_len)) + if (mastodont_get_account_statuses(api, &m_args, acct->id, args, &storage, &statuses, &statuses_len)) { statuses_html = construct_error(storage.error, E_ERROR, 1, NULL); } @@ -233,7 +239,6 @@ static char* account_statuses_cb(struct session* ssn, static char* account_scrobbles_cb(struct session* ssn, mastodont_t* api, struct mstdnt_account* acct, void* _args) { - (void)ssn; (void)_args; char* scrobbles_html = NULL; struct mstdnt_storage storage = { 0 }; @@ -246,8 +251,10 @@ static char* account_scrobbles_cb(struct session* ssn, mastodont_t* api, struct .offset = 0, .limit = 20 }; + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); - if (mastodont_get_scrobbles(api, acct->id, &args, &storage, &scrobbles, &scrobbles_len)) + if (mastodont_get_scrobbles(api, &m_args, acct->id, &args, &storage, &scrobbles, &scrobbles_len)) { scrobbles_html = construct_error(storage.error, E_ERROR, 1, NULL); } @@ -264,7 +271,9 @@ static char* account_scrobbles_cb(struct session* ssn, mastodont_t* api, struct void get_account_info(mastodont_t* api, struct session* ssn) { - if (mastodont_verify_credentials(api, &(ssn->acct), &(ssn->acct_storage)) == 0) + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); + if (mastodont_verify_credentials(api, &m_args, &(ssn->acct), &(ssn->acct_storage)) == 0) { ssn->logged_in = 1; } @@ -284,16 +293,18 @@ static void fetch_account_page(struct session* ssn, struct mstdnt_account acct = { 0 }; struct mstdnt_relationship* relationships = NULL; size_t relationships_len = 0; + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); int lookup_type = config_experimental_lookup ? MSTDNT_LOOKUP_ACCT : MSTDNT_LOOKUP_ID; - if (mastodont_get_account(api, lookup_type, id, &acct, &storage)) + if (mastodont_get_account(api, &m_args, lookup_type, id, &acct, &storage)) { account_page = construct_error(storage.error, E_ERROR, 1, NULL); } else { // Relationships may fail - mastodont_get_relationships(api, &(acct.id), 1, &relations_storage, &relationships, &relationships_len); + mastodont_get_relationships(api, &m_args, &(acct.id), 1, &relations_storage, &relationships, &relationships_len); data = callback(ssn, api, &acct, args); @@ -603,24 +614,26 @@ void content_account_action(struct session* ssn, mastodont_t* api, char** data) { char* referer = getenv("HTTP_REFERER"); struct mstdnt_storage storage = { 0 }; + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); struct mstdnt_relationship acct = { 0 }; if (strcmp(data[1], "follow") == 0) - mastodont_follow_account(api, data[0], &storage, &acct); + mastodont_follow_account(api, &m_args, data[0], &storage, &acct); else if (strcmp(data[1], "unfollow") == 0) - mastodont_unfollow_account(api, data[0], &storage, &acct); + mastodont_unfollow_account(api, &m_args, data[0], &storage, &acct); else if (strcmp(data[1], "mute") == 0) - mastodont_mute_account(api, data[0], &storage, &acct); + mastodont_mute_account(api, &m_args, data[0], &storage, &acct); else if (strcmp(data[1], "unmute") == 0) - mastodont_unmute_account(api, data[0], &storage, &acct); + mastodont_unmute_account(api, &m_args, data[0], &storage, &acct); else if (strcmp(data[1], "block") == 0) - mastodont_block_account(api, data[0], &storage, &acct); + mastodont_block_account(api, &m_args, data[0], &storage, &acct); else if (strcmp(data[1], "unblock") == 0) - mastodont_unblock_account(api, data[0], &storage, &acct); + mastodont_unblock_account(api, &m_args, data[0], &storage, &acct); else if (strcmp(data[1], "subscribe") == 0) - mastodont_subscribe_account(api, data[0], &storage, &acct); + mastodont_subscribe_account(api, &m_args, data[0], &storage, &acct); else if (strcmp(data[1], "unsubscribe") == 0) - mastodont_unsubscribe_account(api, data[0], &storage, &acct); + mastodont_unsubscribe_account(api, &m_args, data[0], &storage, &acct); mastodont_storage_cleanup(&storage); @@ -643,8 +656,10 @@ void content_account_bookmarks(struct session* ssn, mastodont_t* api, char** dat .min_id = keystr(ssn->post.min_id), .limit = 20, }; + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); - if (mastodont_get_bookmarks(api, &args, &storage, &statuses, &status_count)) + if (mastodont_get_bookmarks(api, &m_args, &args, &storage, &statuses, &status_count)) { status_format = construct_error(storage.error, E_ERROR, 1, NULL); } @@ -736,8 +751,10 @@ void content_account_blocked(struct session* ssn, mastodont_t* api, char** data) struct mstdnt_storage storage = { 0 }; struct mstdnt_account* accts = NULL; size_t accts_len = 0; + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); - mastodont_get_blocks(api, &args, &storage, &accts, &accts_len); + mastodont_get_blocks(api, &m_args, &args, &storage, &accts, &accts_len); accounts_page(api, ssn, &storage, "Blocked users", accts, accts_len); } @@ -755,8 +772,10 @@ void content_account_muted(struct session* ssn, mastodont_t* api, char** data) struct mstdnt_storage storage = { 0 }; struct mstdnt_account* accts = NULL; size_t accts_len = 0; + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); - mastodont_get_mutes(api, &args, &storage, &accts, &accts_len); + mastodont_get_mutes(api, &m_args, &args, &storage, &accts, &accts_len); accounts_page(api, ssn, &storage, "Muted users", accts, accts_len); } @@ -777,8 +796,10 @@ void content_account_favourites(struct session* ssn, mastodont_t* api, char** da .min_id = keystr(ssn->post.min_id), .limit = 20, }; + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); - if (mastodont_get_favourites(api, &args, &storage, &statuses, &status_count)) + if (mastodont_get_favourites(api, &m_args, &args, &storage, &statuses, &status_count)) { status_format = construct_error(storage.error, E_ERROR, 1, NULL); } diff --git a/src/attachments.c b/src/attachments.c index 633177a..d1fcb21 100644 --- a/src/attachments.c +++ b/src/attachments.c @@ -18,6 +18,7 @@ #include #include +#include "helpers.h" #include "easprintf.h" #include "attachments.h" #include "string_helpers.h" @@ -43,6 +44,8 @@ int try_upload_media(struct mstdnt_storage** storage, struct mstdnt_attachment** attachments, char*** media_ids) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); size_t size = keyfile(ssn->post.files).array_size; if (!FILES_READY(ssn)) return 1; @@ -68,6 +71,7 @@ int try_upload_media(struct mstdnt_storage** storage, }; if (mastodont_upload_media(api, + &m_args, &args, *storage + i, *attachments + i)) diff --git a/src/base_page.c b/src/base_page.c index 7d8664a..733c53f 100644 --- a/src/base_page.c +++ b/src/base_page.c @@ -37,6 +37,8 @@ void render_base_page(struct base_page* page, struct session* ssn, mastodont_t* api) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* cookie = getenv("HTTP_COOKIE"); enum l10n_locale locale = l10n_normalize(ssn->config.lang); const char* login_string = "Login / Register"; @@ -84,7 +86,12 @@ void render_base_page(struct base_page* page, struct session* ssn, mastodont_t* .limit = 8, }; - if (mastodont_get_notifications(api, &args, &storage, ¬ifs, ¬ifs_len) == 0) + if (mastodont_get_notifications(api, + &m_args, + &args, + &storage, + ¬ifs, + ¬ifs_len) == 0) { main_sidebar_str = construct_notifications_compact(ssn, api, notifs, notifs_len, NULL); } diff --git a/src/global_cache.c b/src/global_cache.c index e6d3662..db96dcd 100644 --- a/src/global_cache.c +++ b/src/global_cache.c @@ -16,14 +16,20 @@ * along with this program. If not, see . */ +#include "../config.h" #include "global_cache.h" struct global_cache g_cache = { 0 }; void load_instance_info_cache(mastodont_t* api) { - mastodont_instance_panel(api, &(g_cache.panel_html)); - mastodont_terms_of_service(api, &(g_cache.tos_html)); + struct mstdnt_args m_args = { + .url = config_instance_url, + .token = 0, + .flags = config_library_flags, + }; + mastodont_instance_panel(api, &m_args, &(g_cache.panel_html)); + mastodont_terms_of_service(api, &m_args, &(g_cache.tos_html)); } void free_instance_info_cache() diff --git a/src/helpers.c b/src/helpers.c new file mode 100644 index 0000000..2455d15 --- /dev/null +++ b/src/helpers.c @@ -0,0 +1,28 @@ +/* + * Treebird - Lightweight frontend for Pleroma + * Copyright (C) 2022 Nekobit + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +#include "../config.h" +#include "helpers.h" + +void set_mstdnt_args(struct mstdnt_args* args, struct session* ssn) +{ + args->url = get_instance(ssn); + args->token = get_token(ssn); + args->flags = MSTDNT_FLAG_NO_URI_SANITIZE | config_library_flags; +} + diff --git a/src/helpers.h b/src/helpers.h new file mode 100644 index 0000000..3fbdb30 --- /dev/null +++ b/src/helpers.h @@ -0,0 +1,26 @@ +/* + * Treebird - Lightweight frontend for Pleroma + * Copyright (C) 2022 Nekobit + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +#ifndef HELPERS_H +#define HELPERS_H +#include +#include "session.h" + +void set_mstdnt_args(struct mstdnt_args* args, struct session* ssn); + +#endif /* HELPERS_H */ diff --git a/src/lists.c b/src/lists.c index 715e5d7..2563085 100644 --- a/src/lists.c +++ b/src/lists.c @@ -17,6 +17,7 @@ */ #include +#include "helpers.h" #include "base_page.h" #include "../config.h" #include "account.h" @@ -62,6 +63,8 @@ char* construct_lists_view(char* lists_string, size_t* size) void content_lists(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); struct mstdnt_list* lists = NULL; size_t size_list = 0; struct mstdnt_storage storage = { 0 }; @@ -75,11 +78,11 @@ void content_lists(struct session* ssn, mastodont_t* api, char** data) .title = keystr(ssn->post.title), .replies_policy = MSTDNT_LIST_REPLIES_POLICY_LIST, }; - mastodont_create_list(api, &args, &create_storage, NULL); + mastodont_create_list(api, &m_args, &args, &create_storage, NULL); mastodont_storage_cleanup(&create_storage); } - if (mastodont_get_lists(api, &storage, &lists, &size_list)) + if (mastodont_get_lists(api, &m_args, &storage, &lists, &size_list)) { lists_page = construct_error(storage.error, E_ERROR, 1, NULL); } @@ -108,6 +111,8 @@ void content_lists(struct session* ssn, mastodont_t* api, char** data) void list_edit(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); struct mstdnt_storage storage = { 0 }; char* referer = getenv("HTTP_REFERER"); char* id = data[0]; @@ -118,6 +123,7 @@ void list_edit(struct session* ssn, mastodont_t* api, char** data) }; mastodont_update_list(api, + &m_args, id, &args, &storage, diff --git a/src/login.c b/src/login.c index 4c982f1..a860c4d 100644 --- a/src/login.c +++ b/src/login.c @@ -20,6 +20,7 @@ #include #include #include +#include "helpers.h" #include "query.h" #include "base_page.h" #include "login.h" @@ -44,10 +45,12 @@ void apply_access_token(char* token) void content_login_oauth(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); struct mstdnt_storage storage = { 0 }, oauth_storage = { 0 }; struct mstdnt_app app; struct mstdnt_oauth_token token; - char* orig_url = api->url; + const char* orig_url = m_args.url; char* redirect_url = getenv("SERVER_NAME"); char* decode_url = NULL; char* urlify_redirect_url = NULL; @@ -57,7 +60,7 @@ void content_login_oauth(struct session* ssn, mastodont_t* api, char** data) if (keystr(ssn->query.code)) { - struct mstdnt_args args_token = { + struct mstdnt_application_args args_token = { .grant_type = "authorization_code", .client_id = keystr(ssn->cookies.client_id), .client_secret = keystr(ssn->cookies.client_secret), @@ -66,7 +69,10 @@ void content_login_oauth(struct session* ssn, mastodont_t* api, char** data) .code = keystr(ssn->query.code), }; - if (mastodont_obtain_oauth_token(api, &args_token, &oauth_storage, + if (mastodont_obtain_oauth_token(api, + &m_args, + &args_token, + &oauth_storage, &token) == 0) { apply_access_token(token.access_token); @@ -75,16 +81,20 @@ void content_login_oauth(struct session* ssn, mastodont_t* api, char** data) else if (keystr(ssn->post.instance)) { decode_url = curl_easy_unescape(api->curl, keystr(ssn->post.instance), 0, NULL); - api->url = decode_url; + m_args.url = decode_url; - struct mstdnt_args args_app = { + struct mstdnt_application_args args_app = { .client_name = "Treebird", .redirect_uris = urlify_redirect_url, .scopes = "read+write+follow+push", .website = keystr(ssn->post.instance) }; - if (mastodont_register_app(api, &args_app, &storage, &app) == 0) + if (mastodont_register_app(api, + &m_args, + &args_app, + &storage, + &app) == 0) { char* url; char* encode_id = curl_easy_escape(api->curl, app.client_id, 0); @@ -102,7 +112,7 @@ void content_login_oauth(struct session* ssn, mastodont_t* api, char** data) } } - api->url = orig_url; + m_args.url = orig_url; redirect(REDIRECT_303, config_url_prefix && config_url_prefix[0] != '\0' ? config_url_prefix : "/"); @@ -115,6 +125,8 @@ void content_login_oauth(struct session* ssn, mastodont_t* api, char** data) void content_login(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); struct mstdnt_storage storage = { 0 }, oauth_store = { 0 }; struct mstdnt_app app; struct mstdnt_oauth_token token; @@ -124,7 +136,7 @@ void content_login(struct session* ssn, mastodont_t* api, char** data) if (keystr(ssn->post.username) && keystr(ssn->post.password)) { // Getting the client id/secret - struct mstdnt_args args_app = { + struct mstdnt_application_args args_app = { .client_name = "Treebird", .redirect_uris = "http://localhost/", .scopes = LOGIN_SCOPE, @@ -134,7 +146,7 @@ void content_login(struct session* ssn, mastodont_t* api, char** data) // Check if the username contains an @ symbol char* address = strstr(keystr(ssn->post.username), "%40"); // If it fails, we need to restore - char* orig_url = api->url; + const char* orig_url = m_args.url; char* url_link = NULL; if (address) { @@ -142,19 +154,19 @@ void content_login(struct session* ssn, mastodont_t* api, char** data) *address = '\0'; address += sizeof("%40")-1; easprintf(&url_link, "https://%s/", address); - api->url = url_link; + m_args.url = url_link; } else { // Reset to instance url - api->url = config_instance_url; + m_args.url = config_instance_url; } - if (mastodont_register_app(api, &args_app, &storage, &app) != 0) + if (mastodont_register_app(api, &m_args, &args_app, &storage, &app) != 0) { error = construct_error(oauth_store.error, E_ERROR, 1, NULL); } else { - struct mstdnt_args args_token = { + struct mstdnt_application_args args_token = { .grant_type = "password", .client_id = app.client_id, .client_secret = app.client_secret, @@ -165,7 +177,10 @@ void content_login(struct session* ssn, mastodont_t* api, char** data) .password = keystr(ssn->post.password) }; - if (mastodont_obtain_oauth_token(api, &args_token, &oauth_store, + if (mastodont_obtain_oauth_token(api, + &m_args, + &args_token, + &oauth_store, &token) != 0 && oauth_store.error) { error = construct_error(oauth_store.error, E_ERROR, 1, NULL); @@ -178,7 +193,7 @@ void content_login(struct session* ssn, mastodont_t* api, char** data) printf("Set-Cookie: instance_url=; Path=/; Max-Age=-1\r\n"); apply_access_token(token.access_token); - if (url_link) free(url_link); + free(url_link); return; } } @@ -186,7 +201,7 @@ void content_login(struct session* ssn, mastodont_t* api, char** data) if (url_link) { // Restore and cleanup, an error occured - api->url = orig_url; + m_args.url = orig_url; free(url_link); } } diff --git a/src/main.c b/src/main.c index 1f083b6..d59d94b 100644 --- a/src/main.c +++ b/src/main.c @@ -49,8 +49,7 @@ int main(void) // Initiate mastodont library mastodont_t api; - mastodont_init(&api, MSTDNT_FLAG_NO_URI_SANITIZE | config_library_flags); - api.url = config_instance_url; + mastodont_init(&api); // Fetch information about the current instance load_instance_info_cache(&api); @@ -143,14 +142,6 @@ int main(void) char* post_str = read_post_data(&(ssn.post)); char* get_str = read_get_data(&(ssn.query)); - // Instance info temp stuff - if (keystr(ssn.cookies.instance_url)) - api.url = keystr(ssn.cookies.instance_url); - else - api.url = config_instance_url; - - api.token = keystr(ssn.cookies.access_token); // Load token now - // Read config options load_config(&ssn, &api); diff --git a/src/notifications.c b/src/notifications.c index 1507859..872e0bf 100644 --- a/src/notifications.c +++ b/src/notifications.c @@ -19,6 +19,7 @@ #include #include #include +#include "helpers.h" #include "notifications.h" #include "base_page.h" #include "string_helpers.h" @@ -179,6 +180,8 @@ char* construct_notifications_compact(struct session* ssn, void content_notifications(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* page, *notif_html = NULL; struct mstdnt_storage storage; struct mstdnt_notification* notifs; @@ -201,7 +204,7 @@ void content_notifications(struct session* ssn, mastodont_t* api, char** data) .limit = 20, }; - if (mastodont_get_notifications(api, &args, &storage, ¬ifs, ¬ifs_len) == 0) + if (mastodont_get_notifications(api, &m_args, &args, &storage, ¬ifs, ¬ifs_len) == 0) { if (notifs && notifs_len) { @@ -244,6 +247,8 @@ void content_notifications(struct session* ssn, mastodont_t* api, char** data) void content_notifications_compact(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* page, *notif_html = NULL; struct mstdnt_storage storage = { 0 }; struct mstdnt_notification* notifs = NULL; @@ -266,7 +271,12 @@ void content_notifications_compact(struct session* ssn, mastodont_t* api, char** .limit = 20, }; - if (mastodont_get_notifications(api, &args, &storage, ¬ifs, ¬ifs_len) == 0) + if (mastodont_get_notifications(api, + &m_args, + &args, + &storage, + ¬ifs, + ¬ifs_len) == 0) { if (notifs && notifs_len) { diff --git a/src/search.c b/src/search.c index 2204ed5..7b8483e 100644 --- a/src/search.c +++ b/src/search.c @@ -61,6 +61,8 @@ void search_page(struct session* ssn, mastodont_t* api, enum search_tab tab, cha void content_search_all(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* out_data = NULL; char* statuses_html = NULL; char* accounts_html = NULL; @@ -84,6 +86,7 @@ void content_search_all(struct session* ssn, mastodont_t* api, char** data) struct mstdnt_search_results results = { 0 }; if (mastodont_search(api, + &m_args, keystr(ssn->query.query), &storage, &args, @@ -139,8 +142,7 @@ void content_search_all(struct session* ssn, mastodont_t* api, char** data) // Output render_base_page(&b, ssn, api); - free(out_data); - + free(out_data); free(statuses_html); free(accounts_html); free(tags_html); @@ -152,6 +154,8 @@ void content_search_all(struct session* ssn, mastodont_t* api, char** data) void content_search_statuses(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* statuses_html; struct mstdnt_storage storage = { 0 }; struct mstdnt_search_args args = { @@ -169,6 +173,7 @@ void content_search_statuses(struct session* ssn, mastodont_t* api, char** data) struct mstdnt_search_results results = { 0 }; if (mastodont_search(api, + &m_args, keystr(ssn->query.query), &storage, &args, @@ -193,6 +198,8 @@ void content_search_statuses(struct session* ssn, mastodont_t* api, char** data) void content_search_accounts(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* accounts_html; struct mstdnt_storage storage = { 0 }; struct mstdnt_search_args args = { @@ -210,6 +217,7 @@ void content_search_accounts(struct session* ssn, mastodont_t* api, char** data) struct mstdnt_search_results results = { 0 }; if (mastodont_search(api, + &m_args, keystr(ssn->query.query), &storage, &args, @@ -231,6 +239,8 @@ void content_search_accounts(struct session* ssn, mastodont_t* api, char** data) void content_search_hashtags(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* tags_html; char* tags_graph = NULL; char* tags_bars = NULL; @@ -251,6 +261,7 @@ void content_search_hashtags(struct session* ssn, mastodont_t* api, char** data) struct mstdnt_search_results results = { 0 }; if (mastodont_search(api, + &m_args, keystr(ssn->query.query), &storage, &args, diff --git a/src/session.c b/src/session.c new file mode 100644 index 0000000..ac4e546 --- /dev/null +++ b/src/session.c @@ -0,0 +1,31 @@ +/* + * Treebird - Lightweight frontend for Pleroma + * Copyright (C) 2022 Nekobit + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +#include "session.h" +#include "../config.h" + +const char* const get_instance(struct session* ssn) +{ + return keystr(ssn->cookies.instance_url) ? + keystr(ssn->cookies.instance_url) : config_instance_url; +} + +const char* const get_token(struct session* ssn) +{ + return keystr(ssn->cookies.access_token); +} diff --git a/src/session.h b/src/session.h index 47604bd..6d9a23a 100644 --- a/src/session.h +++ b/src/session.h @@ -34,4 +34,7 @@ struct session struct mstdnt_storage acct_storage; }; +const char* const get_instance(struct session* ssn); +const char* const get_token(struct session* ssn); + #endif // SESSION_H diff --git a/src/status.c b/src/status.c index 49ff226..0ed50a3 100644 --- a/src/status.c +++ b/src/status.c @@ -20,6 +20,7 @@ #include #define PCRE2_CODE_UNIT_WIDTH 8 #include +#include "helpers.h" #include "http.h" #include "base_page.h" #include "status.h" @@ -64,6 +65,13 @@ struct status_args int try_post_status(struct session* ssn, mastodont_t* api) { if (!(keystr(ssn->post.content))) return 1; + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); + + // Flip m_args to NOT (which is set by set_mstdnt_args) + // This is because we want to upload files too, so it's just + // a MIME post request + m_args.flags ^= MSTDNT_FLAG_NO_URI_SANITIZE; struct mstdnt_storage storage = { 0 }, *att_storage = NULL; @@ -76,7 +84,7 @@ int try_post_status(struct session* ssn, mastodont_t* api) try_upload_media(&att_storage, ssn, api, &attachments, &media_ids); // Cookie copy and read - struct mstdnt_args args = { + struct mstdnt_status_args args = { .content_type = "text/plain", .expires_in = 0, .in_reply_to_conversation_id = NULL, @@ -93,7 +101,8 @@ int try_post_status(struct session* ssn, mastodont_t* api) .visibility = keystr(ssn->post.visibility), }; - mastodont_create_status(api, &args, &storage); + + mastodont_create_status(api, &m_args, &args, &storage); mastodont_storage_cleanup(&storage); if (att_storage) @@ -106,10 +115,12 @@ int try_post_status(struct session* ssn, mastodont_t* api) int try_react_status(struct session* ssn, mastodont_t* api, char* id, char* emoji) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); struct mstdnt_storage storage = { 0 }; struct mstdnt_status status = { 0 }; - mastodont_status_emoji_react(api, id, emoji, &storage, &status); + mastodont_status_emoji_react(api, &m_args, id, emoji, &storage, &status); mstdnt_cleanup_status(&status); mastodont_storage_cleanup(&storage); @@ -157,6 +168,8 @@ const char* status_visibility_str(enum l10n_locale loc, int try_interact_status(struct session* ssn, mastodont_t* api, char* id) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); int res = 0; struct mstdnt_storage storage = { 0 }; if (!(keystr(ssn->post.itype) && id)) return 1; @@ -164,29 +177,29 @@ int try_interact_status(struct session* ssn, mastodont_t* api, char* id) // Pretty up the type if (strcmp(keystr(ssn->post.itype), "like") == 0 || strcmp(keystr(ssn->post.itype), "likeboost") == 0) - res = mastodont_favourite_status(api, id, &storage, NULL); + res = mastodont_favourite_status(api, &m_args, id, &storage, NULL); // Not else if because possibly a like-boost if (strcmp(keystr(ssn->post.itype), "repeat") == 0 || strcmp(keystr(ssn->post.itype), "likeboost") == 0) - res = mastodont_reblog_status(api, id, &storage, NULL); + res = mastodont_reblog_status(api, &m_args, id, &storage, NULL); else if (strcmp(keystr(ssn->post.itype), "bookmark") == 0) - res = mastodont_bookmark_status(api, id, &storage, NULL); + res = mastodont_bookmark_status(api, &m_args, id, &storage, NULL); else if (strcmp(keystr(ssn->post.itype), "pin") == 0) - res = mastodont_pin_status(api, id, &storage, NULL); + res = mastodont_pin_status(api, &m_args, id, &storage, NULL); else if (strcmp(keystr(ssn->post.itype), "mute") == 0) - res = mastodont_mute_conversation(api, id, &storage, NULL); + res = mastodont_mute_conversation(api, &m_args, id, &storage, NULL); else if (strcmp(keystr(ssn->post.itype), "delete") == 0) - res = mastodont_delete_status(api, id, &storage, NULL); + res = mastodont_delete_status(api, &m_args, id, &storage, NULL); else if (strcmp(keystr(ssn->post.itype), "unlike") == 0) - res = mastodont_unfavourite_status(api, id, &storage, NULL); + res = mastodont_unfavourite_status(api, &m_args, id, &storage, NULL); else if (strcmp(keystr(ssn->post.itype), "unrepeat") == 0) - res = mastodont_unreblog_status(api, id, &storage, NULL); + res = mastodont_unreblog_status(api, &m_args, id, &storage, NULL); else if (strcmp(keystr(ssn->post.itype), "unbookmark") == 0) - res = mastodont_unbookmark_status(api, id, &storage, NULL); + res = mastodont_unbookmark_status(api, &m_args, id, &storage, NULL); else if (strcmp(keystr(ssn->post.itype), "unpin") == 0) - res = mastodont_unpin_status(api, id, &storage, NULL); + res = mastodont_unpin_status(api, &m_args, id, &storage, NULL); else if (strcmp(keystr(ssn->post.itype), "unmute") == 0) - res = mastodont_unmute_conversation(api, id, &storage, NULL); + res = mastodont_unmute_conversation(api, &m_args, id, &storage, NULL); mastodont_storage_cleanup(&storage); return res; @@ -385,12 +398,18 @@ char* construct_status_interaction_profiles(struct mstdnt_account* reblogs, return construct_func_strings(construct_status_interaction_profiles_voidwrap, &args, arr_size, ret_size); } -char* get_in_reply_to(mastodont_t* api, struct mstdnt_status* status, size_t* size) +char* get_in_reply_to(mastodont_t* api, + struct session* ssn, + struct mstdnt_status* status, + size_t* size) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); struct mstdnt_storage storage = { 0 }; struct mstdnt_account acct = { 0 }; int res = mastodont_get_account(api, + &m_args, 0, status->in_reply_to_account_id, &acct, @@ -579,6 +598,8 @@ char* construct_status(struct session* ssn, struct construct_statuses_args* args, uint8_t flags) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* stat_html; // Counts @@ -611,12 +632,16 @@ char* construct_status(struct session* ssn, (status->reblogs_count || status->favourites_count)) { if (status->favourites_count) - mastodont_status_favourited_by(api, status->id, + mastodont_status_favourited_by(api, + &m_args, + status->id, &favourites_storage, &favourites, &favourites_len); if (status->reblogs_count) - mastodont_status_reblogged_by(api, status->id, + mastodont_status_reblogged_by(api, + &m_args, + status->id, &reblogs_storage, &reblogs, &reblogs_len); @@ -707,7 +732,7 @@ char* construct_status(struct session* ssn, } if (status->in_reply_to_id && status->in_reply_to_account_id) - in_reply_to_str = get_in_reply_to(api, status, NULL); + in_reply_to_str = get_in_reply_to(api, ssn, status, NULL); struct status_template tmpl = { .status_id = status->id, @@ -816,12 +841,15 @@ void status_reply(struct session* ssn, mastodont_t* api, char** data) void status_view_reblogs(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); struct mstdnt_account* favourites = NULL; struct mstdnt_storage storage = { 0 }; size_t favourites_len = 0; char* status_id = data[0]; mastodont_status_reblogged_by(api, + &m_args, status_id, &storage, &favourites, @@ -839,12 +867,15 @@ void status_view_reblogs(struct session* ssn, mastodont_t* api, char** data) void status_view_favourites(struct session* ssn, mastodont_t* api, char** data) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); struct mstdnt_account* favourites = NULL; struct mstdnt_storage storage = { 0 }; size_t favourites_len = 0; char* status_id = data[0]; mastodont_status_favourited_by(api, + &m_args, status_id, &storage, &favourites, @@ -892,6 +923,8 @@ void content_status_interactions(struct session* ssn, void content_status(struct session* ssn, mastodont_t* api, char** data, uint8_t flags) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* output; // Status context struct mstdnt_storage storage = {0}, status_storage = {0}; @@ -902,11 +935,15 @@ void content_status(struct session* ssn, mastodont_t* api, char** data, uint8_t char* before_html = NULL, *stat_html = NULL, *after_html = NULL, *stat_reply = NULL; try_post_status(ssn, api); - mastodont_get_status_context(api, data[0], &storage, &statuses_before, &statuses_after, + mastodont_get_status_context(api, + &m_args, + data[0], + &storage, + &statuses_before, &statuses_after, &stat_before_len, &stat_after_len); // Get information - if (mastodont_get_status(api, data[0], &status_storage, &status)) + if (mastodont_get_status(api, &m_args, data[0], &status_storage, &status)) { stat_html = construct_error("Status not found", E_ERROR, 1, NULL); } diff --git a/src/status.h b/src/status.h index d9a4923..408fd7b 100644 --- a/src/status.h +++ b/src/status.h @@ -68,7 +68,10 @@ char* construct_interaction_buttons(struct session* ssn, size_t* size, uint8_t flags); // Reply to -char* get_in_reply_to(mastodont_t* api, struct mstdnt_status* status, size_t* size); +char* get_in_reply_to(mastodont_t* api, + struct session* ssn, + struct mstdnt_status* status, + size_t* size); char* construct_in_reply_to(struct mstdnt_status* status, struct mstdnt_account* account, size_t* size); diff --git a/src/timeline.c b/src/timeline.c index 6591a57..c74da39 100644 --- a/src/timeline.c +++ b/src/timeline.c @@ -117,6 +117,8 @@ void content_timeline(struct session* ssn, void tl_home(struct session* ssn, mastodont_t* api, int local) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); size_t statuses_len = 0; struct mstdnt_status* statuses = NULL; struct mstdnt_storage storage = { 0 }; @@ -137,13 +139,15 @@ void tl_home(struct session* ssn, mastodont_t* api, int local) try_post_status(ssn, api); - mastodont_timeline_home(api, &args, &storage, &statuses, &statuses_len); + mastodont_timeline_home(api, &m_args, &args, &storage, &statuses, &statuses_len); content_timeline(ssn, api, &storage, statuses, statuses_len, BASE_CAT_HOME, NULL, 1); } void tl_direct(struct session* ssn, mastodont_t* api) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); size_t statuses_len = 0; struct mstdnt_status* statuses = NULL; struct mstdnt_storage storage = { 0 }; @@ -163,13 +167,15 @@ void tl_direct(struct session* ssn, mastodont_t* api) try_post_status(ssn, api); - mastodont_timeline_direct(api, &args, &storage, &statuses, &statuses_len); + mastodont_timeline_direct(api, &m_args, &args, &storage, &statuses, &statuses_len); content_timeline(ssn, api, &storage, statuses, statuses_len, BASE_CAT_DIRECT, "Direct", 0); } void tl_public(struct session* ssn, mastodont_t* api, int local, enum base_category cat) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); size_t statuses_len = 0; struct mstdnt_status* statuses = NULL; struct mstdnt_storage storage = { 0 }; @@ -191,13 +197,15 @@ void tl_public(struct session* ssn, mastodont_t* api, int local, enum base_categ try_post_status(ssn, api); - mastodont_timeline_public(api, &args, &storage, &statuses, &statuses_len); + mastodont_timeline_public(api, &m_args, &args, &storage, &statuses, &statuses_len); content_timeline(ssn, api, &storage, statuses, statuses_len, cat, NULL, 1); } void tl_list(struct session* ssn, mastodont_t* api, char* list_id) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); size_t statuses_len = 0; struct mstdnt_status* statuses = NULL; struct mstdnt_storage storage = { 0 }; @@ -216,7 +224,7 @@ void tl_list(struct session* ssn, mastodont_t* api, char* list_id) try_post_status(ssn, api); - mastodont_timeline_list(api, list_id, &args, &storage, &statuses, &statuses_len); + mastodont_timeline_list(api, &m_args, list_id, &args, &storage, &statuses, &statuses_len); content_timeline(ssn, api, &storage, statuses, statuses_len, BASE_CAT_LISTS, NULL, 0); } @@ -224,6 +232,8 @@ void tl_list(struct session* ssn, mastodont_t* api, char* list_id) void tl_tag(struct session* ssn, mastodont_t* api, char* tag_id) { + struct mstdnt_args m_args; + set_mstdnt_args(&m_args, ssn); char* header; size_t statuses_len = 0; struct mstdnt_status* statuses = NULL; @@ -241,7 +251,7 @@ void tl_tag(struct session* ssn, mastodont_t* api, char* tag_id) .limit = 20, }; - mastodont_timeline_tag(api, tag_id, &args, &storage, &statuses, &statuses_len); + mastodont_timeline_tag(api, &m_args, tag_id, &args, &storage, &statuses, &statuses_len); easprintf(&header, "Hashtag - #%s", tag_id);