Merge pull request #4206 from pixelfed/staging

Update v1.1 api, add post moderation endpoint
This commit is contained in:
daniel 2023-02-23 21:53:52 -07:00 committed by GitHub
commit e1f7ae655f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 933 additions and 779 deletions

View file

@ -6,6 +6,7 @@ use Illuminate\Http\Request;
use App\Models\AdminInvite; use App\Models\AdminInvite;
use App\Profile; use App\Profile;
use App\User; use App\User;
use Purify;
use App\Util\Lexer\RestrictedNames; use App\Util\Lexer\RestrictedNames;
use Illuminate\Foundation\Auth\RegistersUsers; use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Support\Facades\Auth; use Illuminate\Support\Facades\Auth;
@ -17,178 +18,226 @@ use App\Http\Controllers\Auth\RegisterController;
class AdminInviteController extends Controller class AdminInviteController extends Controller
{ {
public function __construct() public function __construct()
{ {
abort_if(!config('instance.admin_invites.enabled'), 404); abort_if(!config('instance.admin_invites.enabled'), 404);
} }
public function index(Request $request, $code) public function index(Request $request, $code)
{ {
if($request->user()) { if($request->user()) {
return redirect('/'); return redirect('/');
} }
return view('invite.admin_invite', compact('code')); return view('invite.admin_invite', compact('code'));
} }
public function apiVerifyCheck(Request $request) public function apiVerifyCheck(Request $request)
{ {
$this->validate($request, [ $this->validate($request, [
'token' => 'required', 'token' => 'required',
]); ]);
$invite = AdminInvite::whereInviteCode($request->input('token'))->first(); $invite = AdminInvite::whereInviteCode($request->input('token'))->first();
abort_if(!$invite, 404); abort_if(!$invite, 404);
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.'); abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.');
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.'); abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
$res = [ $res = [
'message' => $invite->message, 'message' => $invite->message,
'max_uses' => $invite->max_uses, 'max_uses' => $invite->max_uses,
'sev' => $invite->skip_email_verification 'sev' => $invite->skip_email_verification
]; ];
return response()->json($res); return response()->json($res);
} }
public function apiUsernameCheck(Request $request) public function apiUsernameCheck(Request $request)
{ {
$this->validate($request, [ $this->validate($request, [
'token' => 'required', 'token' => 'required',
'username' => 'required' 'username' => 'required'
]); ]);
$invite = AdminInvite::whereInviteCode($request->input('token'))->first(); $invite = AdminInvite::whereInviteCode($request->input('token'))->first();
abort_if(!$invite, 404); abort_if(!$invite, 404);
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.'); abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.');
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.'); abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
$usernameRules = [ $usernameRules = [
'required', 'required',
'min:2', 'min:2',
'max:15', 'max:15',
'unique:users', 'unique:users',
function ($attribute, $value, $fail) { function ($attribute, $value, $fail) {
$dash = substr_count($value, '-'); $dash = substr_count($value, '-');
$underscore = substr_count($value, '_'); $underscore = substr_count($value, '_');
$period = substr_count($value, '.'); $period = substr_count($value, '.');
if(ends_with($value, ['.php', '.js', '.css'])) { if(ends_with($value, ['.php', '.js', '.css'])) {
return $fail('Username is invalid.'); return $fail('Username is invalid.');
} }
if(($dash + $underscore + $period) > 1) { if(($dash + $underscore + $period) > 1) {
return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).'); return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
} }
if (!ctype_alnum($value[0])) { if (!ctype_alnum($value[0])) {
return $fail('Username is invalid. Must start with a letter or number.'); return $fail('Username is invalid. Must start with a letter or number.');
} }
if (!ctype_alnum($value[strlen($value) - 1])) { if (!ctype_alnum($value[strlen($value) - 1])) {
return $fail('Username is invalid. Must end with a letter or number.'); return $fail('Username is invalid. Must end with a letter or number.');
} }
$val = str_replace(['_', '.', '-'], '', $value); $val = str_replace(['_', '.', '-'], '', $value);
if(!ctype_alnum($val)) { if(!ctype_alnum($val)) {
return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).'); return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
} }
$restricted = RestrictedNames::get(); $restricted = RestrictedNames::get();
if (in_array(strtolower($value), array_map('strtolower', $restricted))) { if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
return $fail('Username cannot be used.'); return $fail('Username cannot be used.');
} }
}, },
]; ];
$rules = ['username' => $usernameRules]; $rules = ['username' => $usernameRules];
$validator = Validator::make($request->all(), $rules); $validator = Validator::make($request->all(), $rules);
if($validator->fails()) { if($validator->fails()) {
return response()->json($validator->errors(), 400); return response()->json($validator->errors(), 400);
} }
return response()->json([]); return response()->json([]);
} }
public function apiEmailCheck(Request $request) public function apiEmailCheck(Request $request)
{ {
$this->validate($request, [ $this->validate($request, [
'token' => 'required', 'token' => 'required',
'email' => 'required' 'email' => 'required'
]); ]);
$invite = AdminInvite::whereInviteCode($request->input('token'))->first(); $invite = AdminInvite::whereInviteCode($request->input('token'))->first();
abort_if(!$invite, 404); abort_if(!$invite, 404);
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.'); abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.');
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.'); abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
$emailRules = [ $emailRules = [
'required', 'required',
'string', 'string',
'email', 'email',
'max:255', 'max:255',
'unique:users', 'unique:users',
function ($attribute, $value, $fail) { function ($attribute, $value, $fail) {
$banned = EmailService::isBanned($value); $banned = EmailService::isBanned($value);
if($banned) { if($banned) {
return $fail('Email is invalid.'); return $fail('Email is invalid.');
} }
}, },
]; ];
$rules = ['email' => $emailRules]; $rules = ['email' => $emailRules];
$validator = Validator::make($request->all(), $rules); $validator = Validator::make($request->all(), $rules);
if($validator->fails()) { if($validator->fails()) {
return response()->json($validator->errors(), 400); return response()->json($validator->errors(), 400);
} }
return response()->json([]); return response()->json([]);
} }
public function apiRegister(Request $request) public function apiRegister(Request $request)
{ {
$this->validate($request, [ $this->validate($request, [
'token' => 'required', 'token' => 'required',
'username' => 'required', 'username' => [
'name' => 'nullable', 'required',
'email' => 'required|email', 'min:2',
'password' => 'required', 'max:15',
'password_confirm' => 'required' 'unique:users',
]); function ($attribute, $value, $fail) {
$dash = substr_count($value, '-');
$underscore = substr_count($value, '_');
$period = substr_count($value, '.');
$invite = AdminInvite::whereInviteCode($request->input('token'))->firstOrFail(); if(ends_with($value, ['.php', '.js', '.css'])) {
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite expired'); return $fail('Username is invalid.');
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.'); }
$invite->uses = $invite->uses + 1; if(($dash + $underscore + $period) > 1) {
return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
}
event(new Registered($user = User::create([ if (!ctype_alnum($value[0])) {
'name' => $request->input('name') ?? $request->input('username'), return $fail('Username is invalid. Must start with a letter or number.');
'username' => $request->input('username'), }
'email' => $request->input('email'),
'password' => Hash::make($request->input('password')),
])));
sleep(5); if (!ctype_alnum($value[strlen($value) - 1])) {
return $fail('Username is invalid. Must end with a letter or number.');
}
$invite->used_by = array_merge($invite->used_by ?? [], [[ $val = str_replace(['_', '.', '-'], '', $value);
'user_id' => $user->id, if(!ctype_alnum($val)) {
'username' => $user->username return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
]]); }
$invite->save();
if($invite->skip_email_verification) { $restricted = RestrictedNames::get();
$user->email_verified_at = now(); if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
$user->save(); return $fail('Username cannot be used.');
} }
},
],
'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'),
'email' => [
'required',
'string',
'email',
'max:255',
'unique:users',
function ($attribute, $value, $fail) {
$banned = EmailService::isBanned($value);
if($banned) {
return $fail('Email is invalid.');
}
},
],
'password' => 'required',
'password_confirm' => 'required'
]);
if(Auth::attempt([ $invite = AdminInvite::whereInviteCode($request->input('token'))->firstOrFail();
'email' => $request->input('email'), abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite expired');
'password' => $request->input('password') abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
])) {
$request->session()->regenerate(); $invite->uses = $invite->uses + 1;
return redirect()->intended('/');
} else { event(new Registered($user = User::create([
return response()->json([], 400); 'name' => Purify::clean($request->input('name')) ?? $request->input('username'),
} 'username' => $request->input('username'),
} 'email' => $request->input('email'),
'password' => Hash::make($request->input('password')),
])));
sleep(5);
$invite->used_by = array_merge($invite->used_by ?? [], [[
'user_id' => $user->id,
'username' => $user->username
]]);
$invite->save();
if($invite->skip_email_verification) {
$user->email_verified_at = now();
$user->save();
}
if(Auth::attempt([
'email' => $request->input('email'),
'password' => $request->input('password')
])) {
$request->session()->regenerate();
return redirect()->intended('/');
} else {
return response()->json([], 400);
}
}
} }

File diff suppressed because it is too large Load diff

View file

@ -4,6 +4,7 @@ namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\User; use App\User;
use Purify;
use App\Util\Lexer\RestrictedNames; use App\Util\Lexer\RestrictedNames;
use Illuminate\Foundation\Auth\RegistersUsers; use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Hash;
@ -157,7 +158,7 @@ class RegisterController extends Controller
} }
return User::create([ return User::create([
'name' => $data['name'], 'name' => Purify::clean($data['name']),
'username' => $data['username'], 'username' => $data['username'],
'email' => $data['email'], 'email' => $data['email'],
'password' => Hash::make($data['password']), 'password' => Hash::make($data['password']),

View file

@ -191,6 +191,7 @@ Route::group(['prefix' => 'api'], function() use($middleware) {
}); });
Route::group(['prefix' => 'admin'], function() use($middleware) { Route::group(['prefix' => 'admin'], function() use($middleware) {
Route::post('moderate/post/{id}', 'Api\ApiV1Dot1Controller@moderatePost')->middleware($middleware);
Route::get('supported', 'Api\AdminApiController@supported')->middleware($middleware); Route::get('supported', 'Api\AdminApiController@supported')->middleware($middleware);
Route::get('stats', 'Api\AdminApiController@getStats')->middleware($middleware); Route::get('stats', 'Api\AdminApiController@getStats')->middleware($middleware);