From 869c3ed1fad7d4145bfd791e5119cf2539932196 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 29 Jan 2023 00:27:23 -0700 Subject: [PATCH 1/4] Update ApiV1Controller, allow description (alt text) updates after status is published --- app/Http/Controllers/Api/ApiV1Controller.php | 33 ++++++++++++++++---- 1 file changed, 27 insertions(+), 6 deletions(-) diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php index b35ce35ff..0c44fd47f 100644 --- a/app/Http/Controllers/Api/ApiV1Controller.php +++ b/app/Http/Controllers/Api/ApiV1Controller.php @@ -68,6 +68,7 @@ use App\Services\{ LikeService, NetworkTimelineService, NotificationService, + MediaService, MediaPathService, ProfileStatusService, PublicTimelineService, @@ -90,6 +91,8 @@ use App\Services\MarkerService; use App\Models\Conversation; use App\Jobs\FollowPipeline\FollowAcceptPipeline; use App\Jobs\FollowPipeline\FollowRejectPipeline; +use Illuminate\Support\Facades\RateLimiter; +use Purify; class ApiV1Controller extends Controller { @@ -1582,15 +1585,33 @@ class ApiV1Controller extends Controller $user = $request->user(); $media = Media::whereUserId($user->id) - ->whereNull('status_id') + ->whereProfileId($user->profile_id) ->findOrFail($id); - $media->caption = $request->input('description'); - $media->save(); + $executed = RateLimiter::attempt( + 'media:update:'.$user->id, + 10, + function() use($media, $request) { + $caption = Purify::clean($request->input('description')); - $resource = new Fractal\Resource\Item($media, new MediaTransformer()); - $res = $this->fractal->createData($resource)->toArray(); - return $this->json($res); + if($caption != $media->caption) { + $media->caption = $caption; + $media->save(); + + if($media->status_id) { + MediaService::del($media->status_id); + StatusService::del($media->status_id); + } + } + }); + + if(!$executed) { + return response()->json([ + 'error' => 'Too many attempts. Try again in a few minutes.' + ], 429); + }; + + return $this->json(MediaService::get($media->status_id)); } /** From 55dc9b0aaa4623491387d06fcb83fc9e937e5e16 Mon Sep 17 00:00:00 2001 From: idanoo Date: Thu, 26 Jan 2023 22:29:54 +1300 Subject: [PATCH 2/4] Resolve issue with raw sql backticks for postgresql migrations --- app/Console/Commands/FixDuplicateProfiles.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Console/Commands/FixDuplicateProfiles.php b/app/Console/Commands/FixDuplicateProfiles.php index de70b925b..6abd9d9aa 100644 --- a/app/Console/Commands/FixDuplicateProfiles.php +++ b/app/Console/Commands/FixDuplicateProfiles.php @@ -71,7 +71,7 @@ class FixDuplicateProfiles extends Command { $duplicates = DB::table('profiles') ->whereNull('domain') - ->select('username', DB::raw('COUNT(*) as `count`')) + ->select('username', DB::raw('COUNT(*) as "count"')) ->groupBy('username') ->havingRaw('COUNT(*) > 1') ->pluck('username'); From 84fb59d00a9ae17a34651d24d3215d0874f117a1 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 29 Jan 2023 02:19:16 -0700 Subject: [PATCH 3/4] Update AdminApiController, fix postgres support --- .../Controllers/Api/AdminApiController.php | 32 ++++++++++--------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/app/Http/Controllers/Api/AdminApiController.php b/app/Http/Controllers/Api/AdminApiController.php index 94707ca8d..52ab197ca 100644 --- a/app/Http/Controllers/Api/AdminApiController.php +++ b/app/Http/Controllers/Api/AdminApiController.php @@ -33,7 +33,7 @@ class AdminApiController extends Controller public function supported(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); return response()->json(['supported' => true]); } @@ -41,7 +41,8 @@ class AdminApiController extends Controller public function getStats(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); + $res = AdminStatsService::summary(); $res['autospam_count'] = AccountInterstitial::whereType('post.autospam') ->whereNull('appeal_handled_at') @@ -52,7 +53,7 @@ class AdminApiController extends Controller public function autospam(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); $appeals = AccountInterstitial::whereType('post.autospam') ->whereNull('appeal_handled_at') @@ -87,7 +88,7 @@ class AdminApiController extends Controller public function autospamHandle(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); $this->validate($request, [ 'action' => 'required|in:dismiss,approve,dismiss-all,approve-all', @@ -176,7 +177,7 @@ class AdminApiController extends Controller public function modReports(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); $reports = Report::whereNull('admin_seen') ->orderBy('created_at','desc') @@ -222,7 +223,7 @@ class AdminApiController extends Controller public function modReportHandle(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); $this->validate($request, [ 'action' => 'required|string', @@ -280,7 +281,7 @@ class AdminApiController extends Controller public function getConfiguration(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); abort_unless(config('instance.enable_cc'), 400); return collect([ @@ -323,7 +324,7 @@ class AdminApiController extends Controller public function updateConfiguration(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); abort_unless(config('instance.enable_cc'), 400); $this->validate($request, [ @@ -385,7 +386,7 @@ class AdminApiController extends Controller public function getUsers(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); $q = $request->input('q'); $sort = $request->input('sort', 'desc') === 'asc' ? 'asc' : 'desc'; $res = User::whereNull('status') @@ -400,7 +401,7 @@ class AdminApiController extends Controller public function getUser(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); $id = $request->input('user_id'); $user = User::findOrFail($id); @@ -419,7 +420,7 @@ class AdminApiController extends Controller public function userAdminAction(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); $this->validate($request, [ 'id' => 'required', @@ -494,7 +495,8 @@ class AdminApiController extends Controller public function instances(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); + $this->validate($request, [ 'q' => 'sometimes', 'sort' => 'sometimes|in:asc,desc', @@ -531,7 +533,7 @@ class AdminApiController extends Controller public function getInstance(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); $id = $request->input('id'); $res = Instance::findOrFail($id); @@ -542,7 +544,7 @@ class AdminApiController extends Controller public function moderateInstance(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); $this->validate($request, [ 'id' => 'required', @@ -566,7 +568,7 @@ class AdminApiController extends Controller public function refreshInstanceStats(Request $request) { abort_if(!$request->user(), 404); - abort_unless($request->user()->is_admin === 1, 404); + abort_unless($request->user()->is_admin == 1, 404); $this->validate($request, [ 'id' => 'required', From b6846f70198245044ba82235778615d380bc87cc Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Sun, 29 Jan 2023 02:19:43 -0700 Subject: [PATCH 4/4] Update changelog --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index bebaa9797..a8b3323a1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -80,6 +80,8 @@ - Update SearchApiV2Service, improve query performance ([4d1f2811](https://github.com/pixelfed/pixelfed/commit/4d1f2811)) - Update InstanceService, improve unlisted/banned network post filtering ([a0da6ec3](https://github.com/pixelfed/pixelfed/commit/a0da6ec3)) - Update ApiV1DotController, fix inAppRegistrationConfirm logic ([6cfbedd9](https://github.com/pixelfed/pixelfed/commit/6cfbedd9)) +- Update ApiV1Controller, allow description (alt text) updates after status is published ([869c3ed1](https://github.com/pixelfed/pixelfed/commit/869c3ed1)) +- Update AdminApiController, fix postgres support ([84fb59d0](https://github.com/pixelfed/pixelfed/commit/84fb59d0)) - ([](https://github.com/pixelfed/pixelfed/commit/)) ## [v0.11.4 (2022-10-04)](https://github.com/pixelfed/pixelfed/compare/v0.11.3...v0.11.4)