From 72f681607a1487045e9461d8ecb2163718fa689f Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Mon, 8 Jul 2024 02:47:00 -0600 Subject: [PATCH 1/4] Update ApiV1Controller, fix /api/v1/favourites pagination --- app/Http/Controllers/Api/ApiV1Controller.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/app/Http/Controllers/Api/ApiV1Controller.php b/app/Http/Controllers/Api/ApiV1Controller.php index 627a6d3e8..3e45ec9e1 100644 --- a/app/Http/Controllers/Api/ApiV1Controller.php +++ b/app/Http/Controllers/Api/ApiV1Controller.php @@ -1334,12 +1334,17 @@ class ApiV1Controller extends Controller if ($res->count()) { $ids = $res->map(function ($status) { return $status['like_id']; - }); - $max = $ids->max(); - $min = $ids->min(); + })->filter(); + + $max = $ids->min() - 1; + $min = $ids->max(); $baseUrl = config('app.url').'/api/v1/favourites?limit='.$limit.'&'; - $link = '<'.$baseUrl.'max_id='.$max.'>; rel="next",<'.$baseUrl.'min_id='.$min.'>; rel="prev"'; + if ($maxId) { + $link = '<'.$baseUrl.'max_id='.$max.'>; rel="next",<'.$baseUrl.'min_id='.$min.'>; rel="prev"'; + } else { + $link = '<'.$baseUrl.'max_id='.$max.'>; rel="next"'; + } return $this->json($res, 200, ['Link' => $link]); } else { From d3ef35fa22e0521bd6c6baea630e1c691793ad4f Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Mon, 8 Jul 2024 02:47:28 -0600 Subject: [PATCH 2/4] Update changelog --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 96ec84051..5b739cd4f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,6 +5,7 @@ ### Updates - Update ApiV1Controller, add support for notification filter types ([f61159a1](https://github.com/pixelfed/pixelfed/commit/f61159a1)) - Update ApiV1Dot1Controller, fix mutual api ([a8bb97b2](https://github.com/pixelfed/pixelfed/commit/a8bb97b2)) +- Update ApiV1Controller, fix /api/v1/favourits pagination ([72f68160](https://github.com/pixelfed/pixelfed/commit/72f68160)) - ([](https://github.com/pixelfed/pixelfed/commit/)) ## [v0.12.3 (2024-07-01)](https://github.com/pixelfed/pixelfed/compare/v0.12.2...v0.12.3) From dd6e3cc290477ff43d85e4c610647b4c22888688 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Mon, 8 Jul 2024 03:26:29 -0600 Subject: [PATCH 3/4] Update RegisterController, update username constraints, require atleast one alpha char --- .../Controllers/Auth/RegisterController.php | 391 +++++++++--------- 1 file changed, 198 insertions(+), 193 deletions(-) diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php index 7568fca09..230daea85 100644 --- a/app/Http/Controllers/Auth/RegisterController.php +++ b/app/Http/Controllers/Auth/RegisterController.php @@ -3,234 +3,239 @@ namespace App\Http\Controllers\Auth; use App\Http\Controllers\Controller; +use App\Services\BouncerService; +use App\Services\EmailService; use App\User; -use Purify; use App\Util\Lexer\RestrictedNames; +use Illuminate\Auth\Events\Registered; use Illuminate\Foundation\Auth\RegistersUsers; +use Illuminate\Http\Request; use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Validator; -use Illuminate\Auth\Events\Registered; -use Illuminate\Http\Request; -use App\Services\EmailService; -use App\Services\BouncerService; +use Purify; class RegisterController extends Controller { - /* - |-------------------------------------------------------------------------- - | Register Controller - |-------------------------------------------------------------------------- - | - | This controller handles the registration of new users as well as their - | validation and creation. By default this controller uses a trait to - | provide this functionality without requiring any additional code. - | - */ + /* + |-------------------------------------------------------------------------- + | Register Controller + |-------------------------------------------------------------------------- + | + | This controller handles the registration of new users as well as their + | validation and creation. By default this controller uses a trait to + | provide this functionality without requiring any additional code. + | + */ - use RegistersUsers; + use RegistersUsers; - /** - * Where to redirect users after registration. - * - * @var string - */ - protected $redirectTo = '/i/web'; + /** + * Where to redirect users after registration. + * + * @var string + */ + protected $redirectTo = '/i/web'; - /** - * Create a new controller instance. - * - * @return void - */ - public function __construct() - { - $this->middleware('guest'); - } + /** + * Create a new controller instance. + * + * @return void + */ + public function __construct() + { + $this->middleware('guest'); + } - public function getRegisterToken() - { - return \Cache::remember('pf:register:rt', 900, function() { - return str_random(40); - }); - } + public function getRegisterToken() + { + return \Cache::remember('pf:register:rt', 900, function () { + return str_random(40); + }); + } - /** - * Get a validator for an incoming registration request. - * - * @param array $data - * - * @return \Illuminate\Contracts\Validation\Validator - */ - public function validator(array $data) - { - if(config('database.default') == 'pgsql') { - $data['username'] = strtolower($data['username']); - $data['email'] = strtolower($data['email']); - } + /** + * Get a validator for an incoming registration request. + * + * + * @return \Illuminate\Contracts\Validation\Validator + */ + public function validator(array $data) + { + if (config('database.default') == 'pgsql') { + $data['username'] = strtolower($data['username']); + $data['email'] = strtolower($data['email']); + } - $usernameRules = [ - 'required', - 'min:2', - 'max:15', - 'unique:users', - function ($attribute, $value, $fail) { - $dash = substr_count($value, '-'); - $underscore = substr_count($value, '_'); - $period = substr_count($value, '.'); + $usernameRules = [ + 'required', + 'min:2', + 'max:15', + 'unique:users', + function ($attribute, $value, $fail) { + $dash = substr_count($value, '-'); + $underscore = substr_count($value, '_'); + $period = substr_count($value, '.'); - if(ends_with($value, ['.php', '.js', '.css'])) { - return $fail('Username is invalid.'); - } + if (ends_with($value, ['.php', '.js', '.css'])) { + return $fail('Username is invalid.'); + } - if(($dash + $underscore + $period) > 1) { - return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).'); - } + if (($dash + $underscore + $period) > 1) { + return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).'); + } - if (!ctype_alnum($value[0])) { - return $fail('Username is invalid. Must start with a letter or number.'); - } + if (! ctype_alnum($value[0])) { + return $fail('Username is invalid. Must start with a letter or number.'); + } - if (!ctype_alnum($value[strlen($value) - 1])) { - return $fail('Username is invalid. Must end with a letter or number.'); - } + if (! ctype_alnum($value[strlen($value) - 1])) { + return $fail('Username is invalid. Must end with a letter or number.'); + } - $val = str_replace(['_', '.', '-'], '', $value); - if(!ctype_alnum($val)) { - return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).'); - } + $val = str_replace(['_', '.', '-'], '', $value); + if (! ctype_alnum($val)) { + return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).'); + } - $restricted = RestrictedNames::get(); - if (in_array(strtolower($value), array_map('strtolower', $restricted))) { - return $fail('Username cannot be used.'); - } - }, - ]; + if (! preg_match('/[a-zA-Z]/', $value)) { + return $fail('Username is invalid. Must contain at least one alphabetical character.'); + } - $emailRules = [ - 'required', - 'string', - 'email', - 'max:255', - 'unique:users', - function ($attribute, $value, $fail) { - $banned = EmailService::isBanned($value); - if($banned) { - return $fail('Email is invalid.'); - } - }, - ]; + $restricted = RestrictedNames::get(); + if (in_array(strtolower($value), array_map('strtolower', $restricted))) { + return $fail('Username cannot be used.'); + } + }, + ]; - $rt = [ - 'required', - function ($attribute, $value, $fail) { - if($value !== $this->getRegisterToken()) { - return $fail('Something went wrong'); - } - } - ]; + $emailRules = [ + 'required', + 'string', + 'email', + 'max:255', + 'unique:users', + function ($attribute, $value, $fail) { + $banned = EmailService::isBanned($value); + if ($banned) { + return $fail('Email is invalid.'); + } + }, + ]; - $rules = [ - 'agecheck' => 'required|accepted', - 'rt' => $rt, - 'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'), - 'username' => $usernameRules, - 'email' => $emailRules, - 'password' => 'required|string|min:'.config('pixelfed.min_password_length').'|confirmed', - ]; + $rt = [ + 'required', + function ($attribute, $value, $fail) { + if ($value !== $this->getRegisterToken()) { + return $fail('Something went wrong'); + } + }, + ]; - if((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) { - $rules['h-captcha-response'] = 'required|captcha'; - } + $rules = [ + 'agecheck' => 'required|accepted', + 'rt' => $rt, + 'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'), + 'username' => $usernameRules, + 'email' => $emailRules, + 'password' => 'required|string|min:'.config('pixelfed.min_password_length').'|confirmed', + ]; - return Validator::make($data, $rules); - } + if ((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) { + $rules['h-captcha-response'] = 'required|captcha'; + } - /** - * Create a new user instance after a valid registration. - * - * @param array $data - * - * @return \App\User - */ - public function create(array $data) - { - if(config('database.default') == 'pgsql') { - $data['username'] = strtolower($data['username']); - $data['email'] = strtolower($data['email']); - } + return Validator::make($data, $rules); + } - return User::create([ - 'name' => Purify::clean($data['name']), - 'username' => $data['username'], - 'email' => $data['email'], - 'password' => Hash::make($data['password']), - 'app_register_ip' => request()->ip() - ]); - } + /** + * Create a new user instance after a valid registration. + * + * + * @return \App\User + */ + public function create(array $data) + { + if (config('database.default') == 'pgsql') { + $data['username'] = strtolower($data['username']); + $data['email'] = strtolower($data['email']); + } - /** - * Show the application registration form. - * - * @return \Illuminate\Http\Response - */ - public function showRegistrationForm() - { - if((bool) config_cache('pixelfed.open_registration')) { - if(config('pixelfed.bouncer.cloud_ips.ban_signups')) { - abort_if(BouncerService::checkIp(request()->ip()), 404); - } - $hasLimit = config('pixelfed.enforce_max_users'); - if($hasLimit) { - $limit = config('pixelfed.max_users'); - $count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count(); - if($limit <= $count) { - return redirect(route('help.instance-max-users-limit')); - } - abort_if($limit <= $count, 404); - return view('auth.register'); - } else { - return view('auth.register'); - } - } else { - if((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) { - return redirect('/auth/sign_up'); - } else { - abort(404); - } - } - } + return User::create([ + 'name' => Purify::clean($data['name']), + 'username' => $data['username'], + 'email' => $data['email'], + 'password' => Hash::make($data['password']), + 'app_register_ip' => request()->ip(), + ]); + } - /** - * Handle a registration request for the application. - * - * @param \Illuminate\Http\Request $request - * @return \Illuminate\Http\Response - */ - public function register(Request $request) - { - abort_if(config_cache('pixelfed.open_registration') == false, 400); + /** + * Show the application registration form. + * + * @return \Illuminate\Http\Response + */ + public function showRegistrationForm() + { + if ((bool) config_cache('pixelfed.open_registration')) { + if (config('pixelfed.bouncer.cloud_ips.ban_signups')) { + abort_if(BouncerService::checkIp(request()->ip()), 404); + } + $hasLimit = config('pixelfed.enforce_max_users'); + if ($hasLimit) { + $limit = config('pixelfed.max_users'); + $count = User::where(function ($q) { + return $q->whereNull('status')->orWhereNotIn('status', ['deleted', 'delete']); + })->count(); + if ($limit <= $count) { + return redirect(route('help.instance-max-users-limit')); + } + abort_if($limit <= $count, 404); - if(config('pixelfed.bouncer.cloud_ips.ban_signups')) { - abort_if(BouncerService::checkIp($request->ip()), 404); - } + return view('auth.register'); + } else { + return view('auth.register'); + } + } else { + if ((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) { + return redirect('/auth/sign_up'); + } else { + abort(404); + } + } + } - $hasLimit = config('pixelfed.enforce_max_users'); - if($hasLimit) { - $count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count(); - $limit = config('pixelfed.max_users'); + /** + * Handle a registration request for the application. + * + * @return \Illuminate\Http\Response + */ + public function register(Request $request) + { + abort_if(config_cache('pixelfed.open_registration') == false, 400); - if($limit && $limit <= $count) { - return redirect(route('help.instance-max-users-limit')); - } - } + if (config('pixelfed.bouncer.cloud_ips.ban_signups')) { + abort_if(BouncerService::checkIp($request->ip()), 404); + } + $hasLimit = config('pixelfed.enforce_max_users'); + if ($hasLimit) { + $count = User::where(function ($q) { + return $q->whereNull('status')->orWhereNotIn('status', ['deleted', 'delete']); + })->count(); + $limit = config('pixelfed.max_users'); - $this->validator($request->all())->validate(); + if ($limit && $limit <= $count) { + return redirect(route('help.instance-max-users-limit')); + } + } - event(new Registered($user = $this->create($request->all()))); + $this->validator($request->all())->validate(); - $this->guard()->login($user); + event(new Registered($user = $this->create($request->all()))); - return $this->registered($request, $user) - ?: redirect($this->redirectPath()); - } + $this->guard()->login($user); + + return $this->registered($request, $user) + ?: redirect($this->redirectPath()); + } } From 28e2985f773d71163cf31ac9c2032063a80d3291 Mon Sep 17 00:00:00 2001 From: Daniel Supernault Date: Wed, 10 Jul 2024 00:14:26 -0600 Subject: [PATCH 4/4] Update hls.js dep --- package-lock.json | 8 ++++---- package.json | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index dd68799b3..27289344f 100644 --- a/package-lock.json +++ b/package-lock.json @@ -20,7 +20,7 @@ "caniuse-lite": "^1.0.30001418", "chart.js": "^2.7.2", "filesize": "^3.6.1", - "hls.js": "^1.1.5", + "hls.js": "^1.5.13", "howler": "^2.2.0", "infinite-scroll": "^3.0.6", "jquery-scroll-lock": "^3.1.3", @@ -5355,9 +5355,9 @@ } }, "node_modules/hls.js": { - "version": "1.5.7", - "resolved": "https://registry.npmjs.org/hls.js/-/hls.js-1.5.7.tgz", - "integrity": "sha512-Hnyf7ojTBtXHeOW1/t6wCBJSiK1WpoKF9yg7juxldDx8u3iswrkPt2wbOA/1NiwU4j27DSIVoIEJRAhcdMef/A==" + "version": "1.5.13", + "resolved": "https://registry.npmjs.org/hls.js/-/hls.js-1.5.13.tgz", + "integrity": "sha512-xRgKo84nsC7clEvSfIdgn/Tc0NOT+d7vdiL/wvkLO+0k0juc26NRBPPG1SfB8pd5bHXIjMW/F5VM8VYYkOYYdw==" }, "node_modules/hmac-drbg": { "version": "1.0.1", diff --git a/package.json b/package.json index 8ecb08ae7..0fced8c08 100644 --- a/package.json +++ b/package.json @@ -47,7 +47,7 @@ "caniuse-lite": "^1.0.30001418", "chart.js": "^2.7.2", "filesize": "^3.6.1", - "hls.js": "^1.1.5", + "hls.js": "^1.5.13", "howler": "^2.2.0", "infinite-scroll": "^3.0.6", "jquery-scroll-lock": "^3.1.3",