saving up
This commit is contained in:
m15o
parent
ae71abda0b
commit
1c6d2a04c3
6 changed files with 24 additions and 14 deletions
|
|
@ -1,7 +1,9 @@
|
||||||
package form
|
package form
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"errors"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"strings"
|
||||||
)
|
)
|
||||||
|
|
||||||
type SettingsForm struct {
|
type SettingsForm struct {
|
||||||
|
|
@ -11,6 +13,13 @@ type SettingsForm struct {
|
||||||
Email string
|
Email string
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func (f *SettingsForm) Validate() error {
|
||||||
|
if strings.Contains(f.About, "<script") {
|
||||||
|
return errors.New("script tag is forbidden")
|
||||||
|
}
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
func NewSettingsForm(r *http.Request) *SettingsForm {
|
func NewSettingsForm(r *http.Request) *SettingsForm {
|
||||||
return &SettingsForm{
|
return &SettingsForm{
|
||||||
Homepage: r.FormValue("homepage"),
|
Homepage: r.FormValue("homepage"),
|
||||||
|
|
|
||||||
|
|
@ -1,16 +1,13 @@
|
||||||
package handler
|
package handler
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"errors"
|
|
||||||
"fmt"
|
"fmt"
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
"log"
|
"log"
|
||||||
"net/http"
|
"net/http"
|
||||||
"net/url"
|
|
||||||
"status/config"
|
"status/config"
|
||||||
"status/storage"
|
"status/storage"
|
||||||
"status/web/session"
|
"status/web/session"
|
||||||
"strings"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
func serverError(w http.ResponseWriter, err error) {
|
func serverError(w http.ResponseWriter, err error) {
|
||||||
|
|
@ -43,13 +40,6 @@ func (h *Handler) getUser(r *http.Request) (string, error) {
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
u, err := url.Parse(r.Referer())
|
|
||||||
if err != nil {
|
|
||||||
return "", err
|
|
||||||
}
|
|
||||||
if strings.HasPrefix(u.Path, "/users") {
|
|
||||||
err = errors.New("forbidden access")
|
|
||||||
}
|
|
||||||
return user, err
|
return user, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -335,7 +335,7 @@ var TplMap = map[string]string{
|
||||||
</section>
|
</section>
|
||||||
{{ end }}`,
|
{{ end }}`,
|
||||||
"user": `{{ define "head" }}
|
"user": `{{ define "head" }}
|
||||||
<style>{{ .style }}</style>
|
<link rel="alternate" type="application/atom+xml" title="Atom feed" href="/users/{{ .user }}.atom" />
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
{{ define "content" }}
|
{{ define "content" }}
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
{{ define "head" }}
|
{{ define "head" }}
|
||||||
<style>{{ .style }}</style>
|
<link rel="alternate" type="application/atom+xml" title="Atom feed" href="/users/{{ .user }}.atom" />
|
||||||
{{ end }}
|
{{ end }}
|
||||||
|
|
||||||
{{ define "content" }}
|
{{ define "content" }}
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,10 @@ func (h *Handler) updateSettings(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
f := form.NewSettingsForm(r)
|
f := form.NewSettingsForm(r)
|
||||||
|
if err := f.Validate(); err != nil {
|
||||||
|
serverError(w, err)
|
||||||
|
return
|
||||||
|
}
|
||||||
if err := h.storage.UpdateSettings(user, f.Homepage, f.About, f.Picture, f.Email); err != nil {
|
if err := h.storage.UpdateSettings(user, f.Homepage, f.About, f.Picture, f.Email); err != nil {
|
||||||
serverError(w, err)
|
serverError(w, err)
|
||||||
return
|
return
|
||||||
|
|
@ -22,7 +26,7 @@ func (h *Handler) updateSettings(w http.ResponseWriter, r *http.Request) {
|
||||||
http.Error(w, err.Error(), http.StatusInternalServerError)
|
http.Error(w, err.Error(), http.StatusInternalServerError)
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
session.AddFlash("Status edited!")
|
session.AddFlash("Settings updated!")
|
||||||
err = session.Save(r, w)
|
err = session.Save(r, w)
|
||||||
http.Redirect(w, r, fmt.Sprintf("/settings"), http.StatusFound)
|
http.Redirect(w, r, fmt.Sprintf("/settings"), http.StatusFound)
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -269,6 +269,13 @@ func (h *Handler) showUserStatusImageView(w http.ResponseWriter, r *http.Request
|
||||||
//png.Encode(w, avatar)
|
//png.Encode(w, avatar)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func truncate(s string, max int) string {
|
||||||
|
if len(s) > max {
|
||||||
|
return s[:max] + "..."
|
||||||
|
}
|
||||||
|
return s
|
||||||
|
}
|
||||||
|
|
||||||
func (h *Handler) showAtomView(w http.ResponseWriter, r *http.Request) {
|
func (h *Handler) showAtomView(w http.ResponseWriter, r *http.Request) {
|
||||||
username := mux.Vars(r)["user"]
|
username := mux.Vars(r)["user"]
|
||||||
user, err := h.storage.UserByName(username)
|
user, err := h.storage.UserByName(username)
|
||||||
|
|
@ -297,7 +304,7 @@ func (h *Handler) showAtomView(w http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
feed.Items = append(feed.Items, &feeds.Item{
|
feed.Items = append(feed.Items, &feeds.Item{
|
||||||
Title: status.Content,
|
Title: fmt.Sprintf("%s - %s", status.User, truncate(status.Content, 50)),
|
||||||
Link: &feeds.Link{Href: fmt.Sprintf("https://status.cafe/users/%s/%d", username, status.Id)},
|
Link: &feeds.Link{Href: fmt.Sprintf("https://status.cafe/users/%s/%d", username, status.Id)},
|
||||||
Author: &feeds.Author{Name: user.Name},
|
Author: &feeds.Author{Name: user.Name},
|
||||||
Content: status.Content,
|
Content: status.Content,
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue