aboutsummaryrefslogtreecommitdiff
path: root/src/api/core/sends.rs
diff options
context:
space:
mode:
Diffstat (limited to 'src/api/core/sends.rs')
-rw-r--r--src/api/core/sends.rs69
1 files changed, 21 insertions, 48 deletions
diff --git a/src/api/core/sends.rs b/src/api/core/sends.rs
index a7e5bcf0..b98ecf70 100644
--- a/src/api/core/sends.rs
+++ b/src/api/core/sends.rs
@@ -159,16 +159,10 @@ async fn get_sends(headers: Headers, mut conn: DbConn) -> Json<Value> {
#[get("/sends/<uuid>")]
async fn get_send(uuid: &str, headers: Headers, mut conn: DbConn) -> JsonResult {
- let send = match Send::find_by_uuid(uuid, &mut conn).await {
- Some(send) => send,
- None => err!("Send not found"),
- };
-
- if send.user_uuid.as_ref() != Some(&headers.user.uuid) {
- err!("Send is not owned by user")
+ match Send::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await {
+ Some(send) => Ok(Json(send.to_json())),
+ None => err!("Send not found", "Invalid uuid or does not belong to user"),
}
-
- Ok(Json(send.to_json()))
}
#[post("/sends", data = "<data>")]
@@ -371,22 +365,14 @@ async fn post_send_file_v2_data(
let mut data = data.into_inner();
- let Some(send) = Send::find_by_uuid(send_uuid, &mut conn).await else {
- err!("Send not found. Unable to save the file.")
+ let Some(send) = Send::find_by_uuid_and_user(send_uuid, &headers.user.uuid, &mut conn).await else {
+ err!("Send not found. Unable to save the file.", "Invalid uuid or does not belong to user.")
};
if send.atype != SendType::File as i32 {
err!("Send is not a file type send.");
}
- let Some(send_user_id) = &send.user_uuid else {
- err!("Sends are only supported for users at the moment.")
- };
-
- if send_user_id != &headers.user.uuid {
- err!("Send doesn't belong to user.");
- }
-
let Ok(send_data) = serde_json::from_str::<SendFileData>(&send.data) else {
err!("Unable to decode send data as json.")
};
@@ -456,9 +442,8 @@ async fn post_access(
ip: ClientIp,
nt: Notify<'_>,
) -> JsonResult {
- let mut send = match Send::find_by_access_id(access_id, &mut conn).await {
- Some(s) => s,
- None => err_code!(SEND_INACCESSIBLE_MSG, 404),
+ let Some(mut send) = Send::find_by_access_id(access_id, &mut conn).await else {
+ err_code!(SEND_INACCESSIBLE_MSG, 404)
};
if let Some(max_access_count) = send.max_access_count {
@@ -517,9 +502,8 @@ async fn post_access_file(
mut conn: DbConn,
nt: Notify<'_>,
) -> JsonResult {
- let mut send = match Send::find_by_uuid(send_id, &mut conn).await {
- Some(s) => s,
- None => err_code!(SEND_INACCESSIBLE_MSG, 404),
+ let Some(mut send) = Send::find_by_uuid(send_id, &mut conn).await else {
+ err_code!(SEND_INACCESSIBLE_MSG, 404)
};
if let Some(max_access_count) = send.max_access_count {
@@ -582,16 +566,15 @@ async fn download_send(send_id: SafeString, file_id: SafeString, t: &str) -> Opt
None
}
-#[put("/sends/<id>", data = "<data>")]
-async fn put_send(id: &str, data: Json<SendData>, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> JsonResult {
+#[put("/sends/<uuid>", data = "<data>")]
+async fn put_send(uuid: &str, data: Json<SendData>, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> JsonResult {
enforce_disable_send_policy(&headers, &mut conn).await?;
let data: SendData = data.into_inner();
enforce_disable_hide_email_policy(&data, &headers, &mut conn).await?;
- let mut send = match Send::find_by_uuid(id, &mut conn).await {
- Some(s) => s,
- None => err!("Send not found"),
+ let Some(mut send) = Send::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else {
+ err!("Send not found", "Send uuid is invalid or does not belong to user")
};
update_send_from_data(&mut send, data, &headers, &mut conn, &nt, UpdateType::SyncSendUpdate).await?;
@@ -657,17 +640,12 @@ pub async fn update_send_from_data(
Ok(())
}
-#[delete("/sends/<id>")]
-async fn delete_send(id: &str, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult {
- let send = match Send::find_by_uuid(id, &mut conn).await {
- Some(s) => s,
- None => err!("Send not found"),
+#[delete("/sends/<uuid>")]
+async fn delete_send(uuid: &str, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> EmptyResult {
+ let Some(send) = Send::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else {
+ err!("Send not found", "Invalid send uuid, or does not belong to user")
};
- if send.user_uuid.as_ref() != Some(&headers.user.uuid) {
- err!("Send is not owned by user")
- }
-
send.delete(&mut conn).await?;
nt.send_send_update(
UpdateType::SyncSendDelete,
@@ -681,19 +659,14 @@ async fn delete_send(id: &str, headers: Headers, mut conn: DbConn, nt: Notify<'_
Ok(())
}
-#[put("/sends/<id>/remove-password")]
-async fn put_remove_password(id: &str, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> JsonResult {
+#[put("/sends/<uuid>/remove-password")]
+async fn put_remove_password(uuid: &str, headers: Headers, mut conn: DbConn, nt: Notify<'_>) -> JsonResult {
enforce_disable_send_policy(&headers, &mut conn).await?;
- let mut send = match Send::find_by_uuid(id, &mut conn).await {
- Some(s) => s,
- None => err!("Send not found"),
+ let Some(mut send) = Send::find_by_uuid_and_user(uuid, &headers.user.uuid, &mut conn).await else {
+ err!("Send not found", "Invalid send uuid, or does not belong to user")
};
- if send.user_uuid.as_ref() != Some(&headers.user.uuid) {
- err!("Send is not owned by user")
- }
-
send.set_password(None);
send.save(&mut conn).await?;
nt.send_send_update(