From b4f7d00ad9d13f96323366ded2eb7702e37f6e52 Mon Sep 17 00:00:00 2001 From: FChannel <> Date: Sat, 19 Jun 2021 19:04:43 -0700 Subject: admin can mark objects as senstive --- database.go | 12 +++++++++++ main.go | 57 ++++++++++++++++++++++++++++++++++++++++++++++++++++ static/bottom.html | 2 +- static/js/posts.js | 2 +- static/ncatalog.html | 20 ++++++++++++++++-- static/posts.html | 2 ++ 6 files changed, 91 insertions(+), 4 deletions(-) diff --git a/database.go b/database.go index 7fdbb5e..5e6e960 100644 --- a/database.go +++ b/database.go @@ -1476,3 +1476,15 @@ func GetActorPemFromDB(db *sql.DB, pemID string) PublicKeyPem { return pem } + +func MarkObjectSensitive(db *sql.DB, id string, sensitive bool) { + var query = `update activitystream set sensitive=$1 where id=$2` + _, err := db.Exec(query, sensitive, id) + + CheckError(err, "error updating sensitive object in activitystream") + + query = `update cacheactivitystream set sensitive=$1 where id=$2` + _, err = db.Exec(query, sensitive, id) + + CheckError(err, "error updating sensitive object in cacheactivitystream") +} diff --git a/main.go b/main.go index 6803053..8886266 100644 --- a/main.go +++ b/main.go @@ -801,6 +801,63 @@ func main() { w.Write([]byte("")) }) + http.HandleFunc("/marksensitive", func(w http.ResponseWriter, r *http.Request){ + + id := r.URL.Query().Get("id") + board := r.URL.Query().Get("board") + + _, auth := GetPasswordFromSession(r) + + if id == "" || auth == "" { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("")) + return + } + + col := GetCollectionFromID(id) + + if len(col.OrderedItems) < 1 { + if !HasAuth(db, auth, GetActorByNameFromDB(db, board).Id) { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("")) + return + } + + MarkObjectSensitive(db, id, true) + + http.Redirect(w, r, "/" + board, http.StatusSeeOther) + return + } + + actor := col.OrderedItems[0].Actor + + var OP string + if (len(col.OrderedItems[0].InReplyTo) > 0 && col.OrderedItems[0].InReplyTo[0].Id != "") { + OP = col.OrderedItems[0].InReplyTo[0].Id + } else { + OP = id + } + + if !HasAuth(db, auth, actor.Id) { + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("")) + return + } + + MarkObjectSensitive(db, id, true) + + if !IsIDLocal(db, OP) { + http.Redirect(w, r, "/" + board + "/" + remoteShort(OP), http.StatusSeeOther) + return + } else { + http.Redirect(w, r, OP, http.StatusSeeOther) + return + } + + w.WriteHeader(http.StatusBadRequest) + w.Write([]byte("")) + }) + http.HandleFunc("/remove", func(w http.ResponseWriter, r *http.Request){ id := r.URL.Query().Get("id") manage := r.URL.Query().Get("manage") diff --git a/static/bottom.html b/static/bottom.html index 19c82c6..28750c8 100644 --- a/static/bottom.html +++ b/static/bottom.html @@ -1,5 +1,5 @@ {{ define "bottom" }} -