saving up

2021-12-10 08:33:45 +01:00 · 2021-12-10 08:33:45 +01:00 · 1c6d2a04c3
commit 1c6d2a04c3
parent ae71abda0b
6 changed files with 24 additions and 14 deletions
--- a/web/handler/form/settings.go
+++ b/web/handler/form/settings.go
@ -1,7 +1,9 @@
 package form

 import (
+	"errors"
 	"net/http"
+	"strings"
 )

 type SettingsForm struct {
@ -11,6 +13,13 @@ type SettingsForm struct {
 	Email    string
 }

+func (f *SettingsForm) Validate() error {
+	if strings.Contains(f.About, "<script") {
+		return errors.New("script tag is forbidden")
+	}
+	return nil
+}
+
 func NewSettingsForm(r *http.Request) *SettingsForm {
 	return &SettingsForm{
 		Homepage: r.FormValue("homepage"),
--- a/web/handler/handler.go
+++ b/web/handler/handler.go
@ -1,16 +1,13 @@
 package handler

 import (
-	"errors"
 	"fmt"
 	"github.com/gorilla/mux"
 	"log"
 	"net/http"
-	"net/url"
 	"status/config"
 	"status/storage"
 	"status/web/session"
-	"strings"
 )

 func serverError(w http.ResponseWriter, err error) {
@ -43,13 +40,6 @@ func (h *Handler) getUser(r *http.Request) (string, error) {
 	if err != nil {
 		return "", err
 	}
-	u, err := url.Parse(r.Referer())
-	if err != nil {
-		return "", err
-	}
-	if strings.HasPrefix(u.Path, "/users") {
-		err = errors.New("forbidden access")
-	}
 	return user, err
 }

--- a/web/handler/html.go
+++ b/web/handler/html.go
@ -335,7 +335,7 @@ var TplMap = map[string]string{
 </section>
 {{ end }}`,
 	"user": `{{ define "head" }}
-<style>{{ .style }}</style>
+<link rel="alternate" type="application/atom+xml" title="Atom feed" href="/users/{{ .user }}.atom" />
 {{ end }}

 {{ define "content" }}
--- a/web/handler/html/user.html
+++ b/web/handler/html/user.html
@ -1,5 +1,5 @@
 {{ define "head" }}
-<style>{{ .style }}</style>
+<link rel="alternate" type="application/atom+xml" title="Atom feed" href="/users/{{ .user }}.atom" />
 {{ end }}

 {{ define "content" }}
--- a/web/handler/settings_update.go
+++ b/web/handler/settings_update.go
@ -13,6 +13,10 @@ func (h *Handler) updateSettings(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 	f := form.NewSettingsForm(r)
+	if err := f.Validate(); err != nil {
+		serverError(w, err)
+		return
+	}
 	if err := h.storage.UpdateSettings(user, f.Homepage, f.About, f.Picture, f.Email); err != nil {
 		serverError(w, err)
 		return
@ -22,7 +26,7 @@ func (h *Handler) updateSettings(w http.ResponseWriter, r *http.Request) {
 		http.Error(w, err.Error(), http.StatusInternalServerError)
 		return
 	}
-	session.AddFlash("Status edited!")
+	session.AddFlash("Settings updated!")
 	err = session.Save(r, w)
 	http.Redirect(w, r, fmt.Sprintf("/settings"), http.StatusFound)
 }
--- a/web/handler/user_show.go
+++ b/web/handler/user_show.go
@ -269,6 +269,13 @@ func (h *Handler) showUserStatusImageView(w http.ResponseWriter, r *http.Request
 	//png.Encode(w, avatar)
 }

+func truncate(s string, max int) string {
+	if len(s) > max {
+		return s[:max] + "..."
+	}
+	return s
+}
+
 func (h *Handler) showAtomView(w http.ResponseWriter, r *http.Request) {
 	username := mux.Vars(r)["user"]
 	user, err := h.storage.UserByName(username)
@ -297,7 +304,7 @@ func (h *Handler) showAtomView(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 		feed.Items = append(feed.Items, &feeds.Item{
-			Title:   status.Content,
+			Title:   fmt.Sprintf("%s - %s", status.User, truncate(status.Content, 50)),
 			Link:    &feeds.Link{Href: fmt.Sprintf("https://status.cafe/users/%s/%d", username, status.Id)},
 			Author:  &feeds.Author{Name: user.Name},
 			Content: status.Content,