feat: make mastodon login a optional feature

feat: tmp user only write, no read
2022-03-30 01:51:16 +08:00 · 2022-03-27 23:52:59 +08:00
10 changed files with 50 additions and 11 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -6,6 +6,9 @@ license = "AGPL-3.0"
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 [features]
 mastlogin = ["url", "reqwest"]
 [dependencies]
 rocket = { version = "0.5.0-rc.1", features = ["json"] }
 rocket_sync_db_pools = { version = "0.1.0-cr.1", features = ["diesel_postgres_pool"] }
@@ -20,5 +23,5 @@ sha2 = "0.10.2"
 log = "0.4.16"
 env_logger = "0.9.0"
-url = "2.2.2"
+url = { version="2.2.2",optional = true }
-reqwest = { version = "0.11.10", features = ["json"] }
+reqwest = { version = "0.11.10", features = ["json"], optional = true }
--- a/README.md
+++ b/README.md
@@ -1,4 +1,4 @@
-# hole-backend-rust v1.0.0
+# hole-backend-rust v1.1.0
 ## 部署
@@ -67,4 +67,4 @@ cargo run --release
 + 如果你希望使用自己的登录系统，将 `/_login/` 路径交由另外的后端处理，只需最终将用户名和token写入users表，并跳转到 `/?token=<token>`。
-+ 如果你希望也使用闭社提供的授权来维护账号系统，使用 `https://thu.closed.social/api/v1/apps` 接口创建应用，并在.env或环境变量中填入client与secret。此操作不需要闭社账号。详情见[文档](https://docs.joinmastodon.org/client/token/#app)。
+ 如果你希望也使用闭社提供的授权来维护账号系统，使用 `https://thu.closed.social/api/v1/apps` 接口创建应用，并在.env或环境变量中填入client与secret。此操作不需要闭社账号。详情见[文档](https://docs.joinmastodon.org/client/token/#app)。编译运行时，增加`--features mastlogin`: `cargo run  --release --features mastlogin`
--- a/src/api/attention.rs
+++ b/src/api/attention.rs
@@ -25,7 +25,7 @@ pub async fn attention_post(
    rconn: RdsConn,
 ) -> JsonAPI {
    // 临时用户不允许手动关注
-    user.id.ok_or_else(|| NotAllowed)?;
+    user.id.ok_or_else(|| YouAreTmp)?;
    let mut p = Post::get(&db, &rconn, ai.pid).await?;
    p.check_permission(&user, "r")?;
--- a/src/api/comment.rs
+++ b/src/api/comment.rs
@@ -61,9 +61,14 @@ pub async fn c2output<'r>(
                BlockedUsers::check_blocked(rconn, user.id, &user.namehash, &c.author_hash)
                    .await
                    .unwrap_or_default();
            let can_view = !is_blocked && user.id.is_some() || user.namehash.eq(&c.author_hash);
            Some(CommentOutput {
                cid: c.id,
-                text: format!("{}{}", if c.is_tmp { "[tmp]\n" } else { "" }, c.content),
+                text: format!(
                    "{}{}",
                    if c.is_tmp { "[tmp]\n" } else { "" },
                    if can_view { &c.content } else { "" }
                ),
                author_title: c.author_title.to_string(),
                can_del: c.check_permission(user, "wd").is_ok(),
                name_id: name_id,
--- a/src/api/mod.rs
+++ b/src/api/mod.rs
@@ -92,6 +92,7 @@ pub enum PolicyError {
    IsDeleted,
    NotAllowed,
    TitleUsed,
    YouAreTmp,
 }
 #[derive(Debug)]
@@ -121,6 +122,7 @@ impl<'r> Responder<'r, 'static> for APIError {
                    PolicyError::IsDeleted => "内容被删除",
                    PolicyError::NotAllowed => "不允许的操作",
                    PolicyError::TitleUsed => "头衔已被使用",
                    PolicyError::YouAreTmp => "临时用户只可发布内容和进入单个洞"
                }
            })
            .respond_to(req),
--- a/src/api/operation.rs
+++ b/src/api/operation.rs
@@ -124,6 +124,8 @@ pub struct BlockInput {
 #[post("/block", data = "<bi>")]
 pub async fn block(bi: Form<BlockInput>, user: CurrentUser, db: Db, rconn: RdsConn) -> JsonAPI {
    user.id.ok_or_else(|| NotAllowed)?;
    let mut blk = BlockedUsers::init(user.id.ok_or_else(|| NotAllowed)?, &rconn);
    let nh_to_block = match bi.content_type.as_str() {
--- a/src/api/post.rs
+++ b/src/api/post.rs
@@ -1,6 +1,6 @@
 use crate::api::comment::{c2output, CommentOutput};
 use crate::api::vote::get_poll_dict;
-use crate::api::{CurrentUser, JsonAPI, UGC};
+use crate::api::{CurrentUser, JsonAPI, UGC, PolicyError::*};
 use crate::db_conn::Db;
 use crate::libs::diesel_logger::LoggingConnection;
 use crate::models::*;
@@ -67,9 +67,14 @@ async fn p2output(p: &Post, user: &CurrentUser, db: &Db, rconn: &RdsConn) -> Pos
    let is_blocked = BlockedUsers::check_blocked(rconn, user.id, &user.namehash, &p.author_hash)
        .await
        .unwrap_or_default();
    let can_view = !is_blocked && user.id.is_some() || user.namehash.eq(&p.author_hash);
    PostOutput {
        pid: p.id,
-        text: format!("{}{}", if p.is_tmp { "[tmp]\n" } else { "" }, p.content),
+        text: format!(
            "{}{}",
            if p.is_tmp { "[tmp]\n" } else { "" },
            if can_view { &p.content } else { "" }
        ),
        cw: (!p.cw.is_empty()).then(|| p.cw.to_string()),
        n_attentions: p.n_attentions,
        n_comments: p.n_comments,
@@ -105,7 +110,11 @@ async fn p2output(p: &Post, user: &CurrentUser, db: &Db, rconn: &RdsConn) -> Pos
        } else {
            None
        },
-        poll: get_poll_dict(p.id, rconn, &user.namehash).await,
+        poll: if can_view {
            get_poll_dict(p.id, rconn, &user.namehash).await
        } else {
            None
        },
        // for old version frontend
        timestamp: p.create_time.timestamp(),
        likenum: p.n_attentions,
@@ -145,6 +154,7 @@ pub async fn get_list(
    db: Db,
    rconn: RdsConn,
 ) -> JsonAPI {
    user.id.ok_or_else(|| YouAreTmp)?;
    let page = p.unwrap_or(1);
    let page_size = 25;
    let start = (page - 1) * page_size;
@@ -205,6 +215,7 @@ pub async fn edit_cw(cwi: Form<CwInput>, user: CurrentUser, db: Db, rconn: RdsCo
 #[get("/getmulti?<pids>")]
 pub async fn get_multi(pids: Vec<i32>, user: CurrentUser, db: Db, rconn: RdsConn) -> JsonAPI {
    user.id.ok_or_else(|| YouAreTmp)?;
    let ps = Post::get_multi(&db, &rconn, &pids).await?;
    let ps_data = ps2outputs(&ps, &user, &db, &rconn).await;
--- a/src/api/search.rs
+++ b/src/api/search.rs
@@ -1,5 +1,5 @@
 use crate::api::post::ps2outputs;
-use crate::api::{CurrentUser, JsonAPI};
+use crate::api::{CurrentUser, JsonAPI, PolicyError::*};
 use crate::db_conn::Db;
 use crate::models::*;
 use crate::rds_conn::RdsConn;
@@ -14,6 +14,8 @@ pub async fn search(
    db: Db,
    rconn: RdsConn,
 ) -> JsonAPI {
    user.id.ok_or_else(|| YouAreTmp)?;
    let page_size = 25;
    let start = (page - 1) * page_size;
--- a/src/api/vote.rs
+++ b/src/api/vote.rs
@@ -47,6 +47,8 @@ pub struct VoteInput {
 #[post("/vote", data = "<vi>")]
 pub async fn vote(vi: Form<VoteInput>, user: CurrentUser, rconn: RdsConn) -> JsonAPI {
    user.id.ok_or_else(|| NotAllowed)?;
    let pid = vi.pid;
    let opts = PollOption::init(pid, &rconn).get_list().await?;
    if opts.is_empty() {
--- a/src/main.rs
+++ b/src/main.rs
@@ -16,6 +16,7 @@ mod api;
 mod cache;
 mod db_conn;
 mod libs;
 #[cfg(feature = "mastlogin")]
 mod login;
 mod models;
 mod random_hasher;
@@ -49,6 +50,7 @@ async fn main() -> Result<(), rocket::Error> {
            models::Post::annealing(establish_connection(), &rconn).await;
        }
    });
    rocket::build()
        .mount(
            "/_api/v1",
@@ -71,7 +73,17 @@ async fn main() -> Result<(), rocket::Error> {
                api::vote::vote,
            ],
        )
-        .mount("/_login", routes![login::cs_login, login::cs_auth])
+        .mount(
            "/_login",
            #[cfg(feature = "mastlogin")]
            {
                routes![login::cs_login, login::cs_auth]
            },
            #[cfg(not(feature = "mastlogin"))]
            {
                []
            },
        )
        .register(
            "/_api",
            catchers![api::catch_401_error, api::catch_403_error,],
Author	SHA1	Message	Date
hole-thu	7c024bfd6b	feat: make mastodon login a optional feature	2022-03-30 01:51:16 +08:00
hole-thu	dd3c208fe1	feat: tmp user only write, no read	2022-03-27 23:52:59 +08:00