Compare commits
2 commits
2d643b48c6
...
7d17a92793
Author | SHA1 | Date | |
---|---|---|---|
7d17a92793 | |||
1d4be082cf |
4 changed files with 52 additions and 24 deletions
35
entries/from_url.py
Normal file
35
entries/from_url.py
Normal file
|
@ -0,0 +1,35 @@
|
|||
from urllib.parse import urlparse
|
||||
|
||||
from django.contrib.sites.models import Site
|
||||
from django.http import HttpResponse
|
||||
from django.urls import resolve, Resolver404
|
||||
from micropub.views import error
|
||||
from lemoncurry.middleware import ResponseException
|
||||
|
||||
from .models import Entry
|
||||
|
||||
|
||||
def from_url(url: str) -> Entry:
|
||||
domain = Site.objects.get_current().domain
|
||||
if not url:
|
||||
raise ResponseException(error.bad_req('url parameter required'))
|
||||
if '//' not in url:
|
||||
url = '//' + url
|
||||
parts = urlparse(url, scheme='https')
|
||||
if parts.scheme not in ('http', 'https') or parts.netloc != domain:
|
||||
raise ResponseException(error.bad_req('url does not point to this site'))
|
||||
|
||||
try:
|
||||
match = resolve(parts.path)
|
||||
except Resolver404:
|
||||
raise ResponseException(error.bad_req('url does not point to a valid page on this site'))
|
||||
|
||||
if match.view_name != 'entries:entry':
|
||||
raise ResponseException(error.bad_req('url does not point to an entry on this site'))
|
||||
|
||||
try:
|
||||
entry = Entry.objects.get(pk=match.kwargs['id'])
|
||||
except Entry.DoesNotExist:
|
||||
raise ResponseException(error.bad_req('url does not point to an existing entry'))
|
||||
|
||||
return entry
|
14
lemoncurry/middleware.py
Normal file
14
lemoncurry/middleware.py
Normal file
|
@ -0,0 +1,14 @@
|
|||
from django.http import HttpRequest, HttpResponse
|
||||
from django.utils.deprecation import MiddlewareMixin
|
||||
|
||||
|
||||
class ResponseException(Exception):
|
||||
def __init__(self, response: HttpResponse) -> None:
|
||||
self.response = response
|
||||
|
||||
|
||||
class ResponseExceptionMiddleware(MiddlewareMixin):
|
||||
def process_exception(self, request: HttpRequest, exception: Exception) -> HttpResponse:
|
||||
if isinstance(exception, ResponseException):
|
||||
return exception.response
|
||||
raise exception
|
|
@ -118,6 +118,7 @@ MIDDLEWARE = [
|
|||
'django.contrib.messages.middleware.MessageMiddleware',
|
||||
'django.contrib.sites.middleware.CurrentSiteMiddleware',
|
||||
'django.middleware.clickjacking.XFrameOptionsMiddleware',
|
||||
'lemoncurry.middleware.ResponseExceptionMiddleware',
|
||||
]
|
||||
|
||||
ROOT_URLCONF = 'lemoncurry.urls'
|
||||
|
|
|
@ -1,10 +1,8 @@
|
|||
from django.http import HttpResponse
|
||||
from django.urls import resolve, Resolver404
|
||||
from urllib.parse import urlparse
|
||||
from ronkyuu import webmention
|
||||
|
||||
from entries.from_url import from_url
|
||||
from entries.jobs import ping_hub, send_mentions
|
||||
from entries.models import Entry
|
||||
|
||||
from . import error
|
||||
|
||||
|
@ -18,27 +16,7 @@ def delete(request):
|
|||
if request.content_type not in normalise:
|
||||
return error.unsupported_type(request.content_type)
|
||||
url = normalise[request.content_type](request)
|
||||
if not url:
|
||||
return error.bad_req('url parameter required')
|
||||
|
||||
if '//' not in url:
|
||||
url = '//' + url
|
||||
url = urlparse(url, scheme='https')
|
||||
|
||||
if url.scheme not in ('http', 'https') or url.netloc != request.site.domain:
|
||||
return error.bad_req('url does not point to this site')
|
||||
try:
|
||||
match = resolve(url.path)
|
||||
except Resolver404:
|
||||
return error.bad_req('url does not point to a valid page on this site')
|
||||
|
||||
if match.view_name != 'entries:entry':
|
||||
return error.bad_req('url does not point to an entry on this site')
|
||||
|
||||
try:
|
||||
entry = Entry.objects.get(pk=match.kwargs['id'])
|
||||
except Entry.DoesNotExist:
|
||||
return error.bad_req('url does not point to an existing entry')
|
||||
entry = from_url(url)
|
||||
|
||||
if entry.author != request.token.user:
|
||||
return error.forbid('entry belongs to another user')
|
||||
|
|
Loading…
Reference in a new issue