mirror of
https://github.com/pixelfed/pixelfed.git
synced 2024-12-23 05:23:17 +00:00
Merge pull request #4206 from pixelfed/staging
Update v1.1 api, add post moderation endpoint
This commit is contained in:
commit
e1f7ae655f
4 changed files with 933 additions and 779 deletions
|
@ -6,6 +6,7 @@ use Illuminate\Http\Request;
|
||||||
use App\Models\AdminInvite;
|
use App\Models\AdminInvite;
|
||||||
use App\Profile;
|
use App\Profile;
|
||||||
use App\User;
|
use App\User;
|
||||||
|
use Purify;
|
||||||
use App\Util\Lexer\RestrictedNames;
|
use App\Util\Lexer\RestrictedNames;
|
||||||
use Illuminate\Foundation\Auth\RegistersUsers;
|
use Illuminate\Foundation\Auth\RegistersUsers;
|
||||||
use Illuminate\Support\Facades\Auth;
|
use Illuminate\Support\Facades\Auth;
|
||||||
|
@ -17,178 +18,226 @@ use App\Http\Controllers\Auth\RegisterController;
|
||||||
|
|
||||||
class AdminInviteController extends Controller
|
class AdminInviteController extends Controller
|
||||||
{
|
{
|
||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
abort_if(!config('instance.admin_invites.enabled'), 404);
|
abort_if(!config('instance.admin_invites.enabled'), 404);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function index(Request $request, $code)
|
public function index(Request $request, $code)
|
||||||
{
|
{
|
||||||
if($request->user()) {
|
if($request->user()) {
|
||||||
return redirect('/');
|
return redirect('/');
|
||||||
}
|
}
|
||||||
return view('invite.admin_invite', compact('code'));
|
return view('invite.admin_invite', compact('code'));
|
||||||
}
|
}
|
||||||
|
|
||||||
public function apiVerifyCheck(Request $request)
|
public function apiVerifyCheck(Request $request)
|
||||||
{
|
{
|
||||||
$this->validate($request, [
|
$this->validate($request, [
|
||||||
'token' => 'required',
|
'token' => 'required',
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$invite = AdminInvite::whereInviteCode($request->input('token'))->first();
|
$invite = AdminInvite::whereInviteCode($request->input('token'))->first();
|
||||||
abort_if(!$invite, 404);
|
abort_if(!$invite, 404);
|
||||||
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.');
|
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.');
|
||||||
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
|
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
|
||||||
$res = [
|
$res = [
|
||||||
'message' => $invite->message,
|
'message' => $invite->message,
|
||||||
'max_uses' => $invite->max_uses,
|
'max_uses' => $invite->max_uses,
|
||||||
'sev' => $invite->skip_email_verification
|
'sev' => $invite->skip_email_verification
|
||||||
];
|
];
|
||||||
return response()->json($res);
|
return response()->json($res);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function apiUsernameCheck(Request $request)
|
public function apiUsernameCheck(Request $request)
|
||||||
{
|
{
|
||||||
$this->validate($request, [
|
$this->validate($request, [
|
||||||
'token' => 'required',
|
'token' => 'required',
|
||||||
'username' => 'required'
|
'username' => 'required'
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$invite = AdminInvite::whereInviteCode($request->input('token'))->first();
|
$invite = AdminInvite::whereInviteCode($request->input('token'))->first();
|
||||||
abort_if(!$invite, 404);
|
abort_if(!$invite, 404);
|
||||||
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.');
|
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.');
|
||||||
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
|
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
|
||||||
|
|
||||||
$usernameRules = [
|
$usernameRules = [
|
||||||
'required',
|
'required',
|
||||||
'min:2',
|
'min:2',
|
||||||
'max:15',
|
'max:15',
|
||||||
'unique:users',
|
'unique:users',
|
||||||
function ($attribute, $value, $fail) {
|
function ($attribute, $value, $fail) {
|
||||||
$dash = substr_count($value, '-');
|
$dash = substr_count($value, '-');
|
||||||
$underscore = substr_count($value, '_');
|
$underscore = substr_count($value, '_');
|
||||||
$period = substr_count($value, '.');
|
$period = substr_count($value, '.');
|
||||||
|
|
||||||
if(ends_with($value, ['.php', '.js', '.css'])) {
|
if(ends_with($value, ['.php', '.js', '.css'])) {
|
||||||
return $fail('Username is invalid.');
|
return $fail('Username is invalid.');
|
||||||
}
|
}
|
||||||
|
|
||||||
if(($dash + $underscore + $period) > 1) {
|
if(($dash + $underscore + $period) > 1) {
|
||||||
return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
|
return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ctype_alnum($value[0])) {
|
if (!ctype_alnum($value[0])) {
|
||||||
return $fail('Username is invalid. Must start with a letter or number.');
|
return $fail('Username is invalid. Must start with a letter or number.');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!ctype_alnum($value[strlen($value) - 1])) {
|
if (!ctype_alnum($value[strlen($value) - 1])) {
|
||||||
return $fail('Username is invalid. Must end with a letter or number.');
|
return $fail('Username is invalid. Must end with a letter or number.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$val = str_replace(['_', '.', '-'], '', $value);
|
$val = str_replace(['_', '.', '-'], '', $value);
|
||||||
if(!ctype_alnum($val)) {
|
if(!ctype_alnum($val)) {
|
||||||
return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
|
return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
|
||||||
}
|
}
|
||||||
|
|
||||||
$restricted = RestrictedNames::get();
|
$restricted = RestrictedNames::get();
|
||||||
if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
|
if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
|
||||||
return $fail('Username cannot be used.');
|
return $fail('Username cannot be used.');
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
];
|
];
|
||||||
|
|
||||||
$rules = ['username' => $usernameRules];
|
$rules = ['username' => $usernameRules];
|
||||||
$validator = Validator::make($request->all(), $rules);
|
$validator = Validator::make($request->all(), $rules);
|
||||||
|
|
||||||
if($validator->fails()) {
|
if($validator->fails()) {
|
||||||
return response()->json($validator->errors(), 400);
|
return response()->json($validator->errors(), 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
return response()->json([]);
|
return response()->json([]);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function apiEmailCheck(Request $request)
|
public function apiEmailCheck(Request $request)
|
||||||
{
|
{
|
||||||
$this->validate($request, [
|
$this->validate($request, [
|
||||||
'token' => 'required',
|
'token' => 'required',
|
||||||
'email' => 'required'
|
'email' => 'required'
|
||||||
]);
|
]);
|
||||||
|
|
||||||
$invite = AdminInvite::whereInviteCode($request->input('token'))->first();
|
$invite = AdminInvite::whereInviteCode($request->input('token'))->first();
|
||||||
abort_if(!$invite, 404);
|
abort_if(!$invite, 404);
|
||||||
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.');
|
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite has expired.');
|
||||||
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
|
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
|
||||||
|
|
||||||
$emailRules = [
|
$emailRules = [
|
||||||
'required',
|
'required',
|
||||||
'string',
|
'string',
|
||||||
'email',
|
'email',
|
||||||
'max:255',
|
'max:255',
|
||||||
'unique:users',
|
'unique:users',
|
||||||
function ($attribute, $value, $fail) {
|
function ($attribute, $value, $fail) {
|
||||||
$banned = EmailService::isBanned($value);
|
$banned = EmailService::isBanned($value);
|
||||||
if($banned) {
|
if($banned) {
|
||||||
return $fail('Email is invalid.');
|
return $fail('Email is invalid.');
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
];
|
];
|
||||||
|
|
||||||
$rules = ['email' => $emailRules];
|
$rules = ['email' => $emailRules];
|
||||||
$validator = Validator::make($request->all(), $rules);
|
$validator = Validator::make($request->all(), $rules);
|
||||||
|
|
||||||
if($validator->fails()) {
|
if($validator->fails()) {
|
||||||
return response()->json($validator->errors(), 400);
|
return response()->json($validator->errors(), 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
return response()->json([]);
|
return response()->json([]);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function apiRegister(Request $request)
|
public function apiRegister(Request $request)
|
||||||
{
|
{
|
||||||
$this->validate($request, [
|
$this->validate($request, [
|
||||||
'token' => 'required',
|
'token' => 'required',
|
||||||
'username' => 'required',
|
'username' => [
|
||||||
'name' => 'nullable',
|
'required',
|
||||||
'email' => 'required|email',
|
'min:2',
|
||||||
'password' => 'required',
|
'max:15',
|
||||||
'password_confirm' => 'required'
|
'unique:users',
|
||||||
]);
|
function ($attribute, $value, $fail) {
|
||||||
|
$dash = substr_count($value, '-');
|
||||||
|
$underscore = substr_count($value, '_');
|
||||||
|
$period = substr_count($value, '.');
|
||||||
|
|
||||||
$invite = AdminInvite::whereInviteCode($request->input('token'))->firstOrFail();
|
if(ends_with($value, ['.php', '.js', '.css'])) {
|
||||||
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite expired');
|
return $fail('Username is invalid.');
|
||||||
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
|
}
|
||||||
|
|
||||||
$invite->uses = $invite->uses + 1;
|
if(($dash + $underscore + $period) > 1) {
|
||||||
|
return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
|
||||||
|
}
|
||||||
|
|
||||||
event(new Registered($user = User::create([
|
if (!ctype_alnum($value[0])) {
|
||||||
'name' => $request->input('name') ?? $request->input('username'),
|
return $fail('Username is invalid. Must start with a letter or number.');
|
||||||
'username' => $request->input('username'),
|
}
|
||||||
'email' => $request->input('email'),
|
|
||||||
'password' => Hash::make($request->input('password')),
|
|
||||||
])));
|
|
||||||
|
|
||||||
sleep(5);
|
if (!ctype_alnum($value[strlen($value) - 1])) {
|
||||||
|
return $fail('Username is invalid. Must end with a letter or number.');
|
||||||
|
}
|
||||||
|
|
||||||
$invite->used_by = array_merge($invite->used_by ?? [], [[
|
$val = str_replace(['_', '.', '-'], '', $value);
|
||||||
'user_id' => $user->id,
|
if(!ctype_alnum($val)) {
|
||||||
'username' => $user->username
|
return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
|
||||||
]]);
|
}
|
||||||
$invite->save();
|
|
||||||
|
|
||||||
if($invite->skip_email_verification) {
|
$restricted = RestrictedNames::get();
|
||||||
$user->email_verified_at = now();
|
if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
|
||||||
$user->save();
|
return $fail('Username cannot be used.');
|
||||||
}
|
}
|
||||||
|
},
|
||||||
|
],
|
||||||
|
'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'),
|
||||||
|
'email' => [
|
||||||
|
'required',
|
||||||
|
'string',
|
||||||
|
'email',
|
||||||
|
'max:255',
|
||||||
|
'unique:users',
|
||||||
|
function ($attribute, $value, $fail) {
|
||||||
|
$banned = EmailService::isBanned($value);
|
||||||
|
if($banned) {
|
||||||
|
return $fail('Email is invalid.');
|
||||||
|
}
|
||||||
|
},
|
||||||
|
],
|
||||||
|
'password' => 'required',
|
||||||
|
'password_confirm' => 'required'
|
||||||
|
]);
|
||||||
|
|
||||||
if(Auth::attempt([
|
$invite = AdminInvite::whereInviteCode($request->input('token'))->firstOrFail();
|
||||||
'email' => $request->input('email'),
|
abort_if($invite->expires_at && $invite->expires_at->lt(now()), 400, 'Invite expired');
|
||||||
'password' => $request->input('password')
|
abort_if($invite->max_uses && $invite->uses >= $invite->max_uses, 400, 'Maximum invites reached.');
|
||||||
])) {
|
|
||||||
$request->session()->regenerate();
|
$invite->uses = $invite->uses + 1;
|
||||||
return redirect()->intended('/');
|
|
||||||
} else {
|
event(new Registered($user = User::create([
|
||||||
return response()->json([], 400);
|
'name' => Purify::clean($request->input('name')) ?? $request->input('username'),
|
||||||
}
|
'username' => $request->input('username'),
|
||||||
}
|
'email' => $request->input('email'),
|
||||||
|
'password' => Hash::make($request->input('password')),
|
||||||
|
])));
|
||||||
|
|
||||||
|
sleep(5);
|
||||||
|
|
||||||
|
$invite->used_by = array_merge($invite->used_by ?? [], [[
|
||||||
|
'user_id' => $user->id,
|
||||||
|
'username' => $user->username
|
||||||
|
]]);
|
||||||
|
$invite->save();
|
||||||
|
|
||||||
|
if($invite->skip_email_verification) {
|
||||||
|
$user->email_verified_at = now();
|
||||||
|
$user->save();
|
||||||
|
}
|
||||||
|
|
||||||
|
if(Auth::attempt([
|
||||||
|
'email' => $request->input('email'),
|
||||||
|
'password' => $request->input('password')
|
||||||
|
])) {
|
||||||
|
$request->session()->regenerate();
|
||||||
|
return redirect()->intended('/');
|
||||||
|
} else {
|
||||||
|
return response()->json([], 400);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -4,6 +4,7 @@ namespace App\Http\Controllers\Auth;
|
||||||
|
|
||||||
use App\Http\Controllers\Controller;
|
use App\Http\Controllers\Controller;
|
||||||
use App\User;
|
use App\User;
|
||||||
|
use Purify;
|
||||||
use App\Util\Lexer\RestrictedNames;
|
use App\Util\Lexer\RestrictedNames;
|
||||||
use Illuminate\Foundation\Auth\RegistersUsers;
|
use Illuminate\Foundation\Auth\RegistersUsers;
|
||||||
use Illuminate\Support\Facades\Hash;
|
use Illuminate\Support\Facades\Hash;
|
||||||
|
@ -157,7 +158,7 @@ class RegisterController extends Controller
|
||||||
}
|
}
|
||||||
|
|
||||||
return User::create([
|
return User::create([
|
||||||
'name' => $data['name'],
|
'name' => Purify::clean($data['name']),
|
||||||
'username' => $data['username'],
|
'username' => $data['username'],
|
||||||
'email' => $data['email'],
|
'email' => $data['email'],
|
||||||
'password' => Hash::make($data['password']),
|
'password' => Hash::make($data['password']),
|
||||||
|
|
|
@ -191,6 +191,7 @@ Route::group(['prefix' => 'api'], function() use($middleware) {
|
||||||
});
|
});
|
||||||
|
|
||||||
Route::group(['prefix' => 'admin'], function() use($middleware) {
|
Route::group(['prefix' => 'admin'], function() use($middleware) {
|
||||||
|
Route::post('moderate/post/{id}', 'Api\ApiV1Dot1Controller@moderatePost')->middleware($middleware);
|
||||||
Route::get('supported', 'Api\AdminApiController@supported')->middleware($middleware);
|
Route::get('supported', 'Api\AdminApiController@supported')->middleware($middleware);
|
||||||
Route::get('stats', 'Api\AdminApiController@getStats')->middleware($middleware);
|
Route::get('stats', 'Api\AdminApiController@getStats')->middleware($middleware);
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue