Differences From
Artifact [666eb021ed]:
3 3 local method = lib.http.method
4 4 local pstring = lib.mem.ptr(int8)
5 5 local rstring = lib.mem.ref(int8)
6 6 local hpath = lib.mem.ptr(rstring)
7 7 local http = {}
8 8
9 9 terra meth_get(meth: method.t) return (meth == method.get) or (meth == method.head) end
10 +
11 +terra http.actor_profile(co: &lib.srv.convo, actor: &lib.store.actor, meth: method.t)
12 + var rel: lib.store.relationship
13 + if co.aid ~= 0 then
14 + rel = co.srv:actor_rel_calc(co.who.id, actor.id)
15 + if meth == method.post then
16 + var act = co:ppostv('act')
17 + if act:cmp(lib.str.plit 'follow') and not rel.rel.follow() then
18 + if rel.recip.block() then
19 + co:complain(403,'blocked','you cannot follow a user you are blocked by') return
20 + end
21 + (rel.rel.follow << true)
22 + co.srv:actor_rel_create([lib.store.relation.idvmap.follow], co.who.id, actor.id)
23 + elseif act:cmp(lib.str.plit 'unfollow') and rel.rel.follow() then
24 + (rel.rel.follow << false)
25 + co.srv:actor_rel_destroy([lib.store.relation.idvmap.follow], co.who.id, actor.id)
26 + end
27 + end
28 + else
29 + rel.rel:clear()
30 + rel.recip:clear()
31 + end
32 +
33 + lib.render.user_page(co, actor, &rel)
34 +end
35 +
10 36 terra http.actor_profile_xid(co: &lib.srv.convo, uri: lib.mem.ptr(int8), meth: method.t)
11 37 var handle = [lib.mem.ptr(int8)] { ptr = &uri.ptr[2], ct = 0 }
12 38 for i=2,uri.ct do
13 39 if uri.ptr[i] == @'/' or uri.ptr[i] == 0 then handle.ct = i - 2 break end
14 40 end
15 41 if handle.ct == 0 then
16 42 handle.ct = uri.ct - 2
................................................................................
27 53 var actor = co.srv:actor_fetch_xid(handle)
28 54 if actor.ptr == nil then
29 55 co:complain(404,'no such user','no such user known to this server')
30 56 return
31 57 end
32 58 defer actor:free()
33 59
34 - lib.render.user_page(co, actor.ptr)
60 + http.actor_profile(co,actor.ptr,meth)
35 61 end
36 62
37 63 terra http.actor_profile_uid (
38 64 co: &lib.srv.convo,
39 65 path: lib.mem.ptr(lib.mem.ref(int8)),
40 66 meth: method.t
41 67 )
................................................................................
53 79 var actor = co.srv:actor_fetch_uid(uid)
54 80 if actor.ptr == nil then
55 81 co:complain(404, 'no such user', 'no user by that ID is known to this instance')
56 82 return
57 83 end
58 84 defer actor:free()
59 85
60 - lib.render.user_page(co, actor.ptr)
86 + http.actor_profile(co,actor.ptr,meth)
61 87 end
62 88
63 89 terra http.login_form(co: &lib.srv.convo, meth: method.t)
64 90 if meth_get(meth) then
65 91 -- request a username
66 92 lib.render.login(co, nil, nil, lib.str.plit(nil))
67 93 elseif meth == method.post then
................................................................................
222 248 return
223 249 else goto badop end
224 250 end
225 251 else goto badurl end
226 252 end
227 253
228 254 if meth == method.post then
255 + if co.aid == 0 then goto noauth end
229 256 var act = co:ppostv('act')
230 257 if act:cmp(lib.str.plit 'like') and not co.srv:post_liked_uid(co.who.id,pid) then
231 258 co.srv:post_like(co.who.id, pid, false)
232 259 post.ptr.likes = post.ptr.likes + 1
233 260 elseif act:cmp(lib.str.plit 'dislike') and co.srv:post_liked_uid(co.who.id,pid) then
234 261 co.srv:post_like(co.who.id, pid, true)
235 262 post.ptr.likes = post.ptr.likes - 1
................................................................................
253 280 end
254 281
255 282 lib.render.tweet_page(co, path, post.ptr)
256 283 do return end
257 284
258 285 ::badurl:: do co:complain(404, 'invalid URL', 'this URL does not reference extant content or functionality') return end
259 286 ::badop :: do co:complain(405, 'invalid operation', 'the operation you have attempted on this post is not meaningful') return end
287 + ::noauth:: do co:complain(401, 'unauthorized', 'you have not supplied the necessary credentials to perform this operation') return end
260 288 end
261 289
262 290 terra http.configure(co: &lib.srv.convo, path: hpath, meth: method.t)
263 291 var msg = pstring.null()
264 292 -- first things first, do priv checks
265 293 if path.ct >= 1 then
266 294 if not co.who.rights.powers.config() and (
................................................................................
323 351 if act:cmp(lib.str.plit 'invalidate') then
324 352 lib.dbg('setting user\'s cookie validation time to now')
325 353 co.who.source:auth_sigtime_user_alter(co.who.id, lib.osclock.time(nil))
326 354 -- the current session has been invalidated as well, so we need to immediately install a new authentication cookie with the same aid so the user doesn't need to log back in all over again
327 355 co:installkey('/conf/sec',co.aid)
328 356 return
329 357 end
330 - elseif path(1):cmp(lib.str.lit 'users') and path.ct >= 2 then
331 - var userid, ok = lib.math.shorthand.parse(path(2).ptr, path(2).ct)
332 - if ok then
333 - var usr = co.srv:actor_fetch_uid(userid) defer usr:free()
334 - if not co.who:overpowers(usr.ptr) then goto nopriv end
358 + elseif path(1):cmp(lib.str.lit 'users') then
359 + if path.ct >= 3 then
360 + var userid, ok = lib.math.shorthand.parse(path(2).ptr, path(2).ct)
361 + if ok then
362 + var usr = co.srv:actor_fetch_uid(userid)
363 + if usr:ref() then defer usr:free()
364 + if not co.who:overpowers(usr.ptr) then goto nopriv end
365 + end
366 + end
367 + elseif path.ct == 2 then
335 368 end
336 369 end
337 370
338 371 if user_refresh then -- refresh the user info for the renderer
339 372 var usr = co.srv:actor_fetch_uid(co.who.id)
340 373 lib.mem.heapf(co.who)
341 374 co.who = usr.ptr