diff --git a/entries/from_url.py b/entries/from_url.py deleted file mode 100644 index b19475f..0000000 --- a/entries/from_url.py +++ /dev/null @@ -1,35 +0,0 @@ -from urllib.parse import urlparse - -from django.contrib.sites.models import Site -from django.http import HttpResponse -from django.urls import resolve, Resolver404 -from micropub.views import error -from lemoncurry.middleware import ResponseException - -from .models import Entry - - -def from_url(url: str) -> Entry: - domain = Site.objects.get_current().domain - if not url: - raise ResponseException(error.bad_req('url parameter required')) - if '//' not in url: - url = '//' + url - parts = urlparse(url, scheme='https') - if parts.scheme not in ('http', 'https') or parts.netloc != domain: - raise ResponseException(error.bad_req('url does not point to this site')) - - try: - match = resolve(parts.path) - except Resolver404: - raise ResponseException(error.bad_req('url does not point to a valid page on this site')) - - if match.view_name != 'entries:entry': - raise ResponseException(error.bad_req('url does not point to an entry on this site')) - - try: - entry = Entry.objects.get(pk=match.kwargs['id']) - except Entry.DoesNotExist: - raise ResponseException(error.bad_req('url does not point to an existing entry')) - - return entry diff --git a/lemoncurry/middleware.py b/lemoncurry/middleware.py deleted file mode 100644 index 02221bc..0000000 --- a/lemoncurry/middleware.py +++ /dev/null @@ -1,14 +0,0 @@ -from django.http import HttpRequest, HttpResponse -from django.utils.deprecation import MiddlewareMixin - - -class ResponseException(Exception): - def __init__(self, response: HttpResponse) -> None: - self.response = response - - -class ResponseExceptionMiddleware(MiddlewareMixin): - def process_exception(self, request: HttpRequest, exception: Exception) -> HttpResponse: - if isinstance(exception, ResponseException): - return exception.response - raise exception diff --git a/lemoncurry/settings/base.py b/lemoncurry/settings/base.py index efc25ae..38ccee7 100644 --- a/lemoncurry/settings/base.py +++ b/lemoncurry/settings/base.py @@ -118,7 +118,6 @@ MIDDLEWARE = [ 'django.contrib.messages.middleware.MessageMiddleware', 'django.contrib.sites.middleware.CurrentSiteMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', - 'lemoncurry.middleware.ResponseExceptionMiddleware', ] ROOT_URLCONF = 'lemoncurry.urls' diff --git a/micropub/views/delete.py b/micropub/views/delete.py index 4fc1f3e..5daa696 100644 --- a/micropub/views/delete.py +++ b/micropub/views/delete.py @@ -1,8 +1,10 @@ from django.http import HttpResponse +from django.urls import resolve, Resolver404 +from urllib.parse import urlparse from ronkyuu import webmention -from entries.from_url import from_url from entries.jobs import ping_hub, send_mentions +from entries.models import Entry from . import error @@ -16,7 +18,27 @@ def delete(request): if request.content_type not in normalise: return error.unsupported_type(request.content_type) url = normalise[request.content_type](request) - entry = from_url(url) + if not url: + return error.bad_req('url parameter required') + + if '//' not in url: + url = '//' + url + url = urlparse(url, scheme='https') + + if url.scheme not in ('http', 'https') or url.netloc != request.site.domain: + return error.bad_req('url does not point to this site') + try: + match = resolve(url.path) + except Resolver404: + return error.bad_req('url does not point to a valid page on this site') + + if match.view_name != 'entries:entry': + return error.bad_req('url does not point to an entry on this site') + + try: + entry = Entry.objects.get(pk=match.kwargs['id']) + except Entry.DoesNotExist: + return error.bad_req('url does not point to an existing entry') if entry.author != request.token.user: return error.forbid('entry belongs to another user')