public async Task <TaskResult> PostMessage(PlanetMessage msg, string token) { AuthToken authToken = await Context.AuthTokens.FindAsync(token); // Return the same if the token is for the wrong user to prevent someone // from knowing if they cracked another user's token. This is basically // impossible to happen by chance but better safe than sorry in the case that // the literal impossible odds occur, more likely someone gets a stolen token // but is not aware of the owner but I'll shut up now - Spike if (authToken == null || authToken.User_Id != msg.Author_Id) { return(new TaskResult(false, "Failed to authorize user.")); } //ClientMessage msg = JsonConvert.DeserializeObject<ClientMessage>(json); if (msg == null) { return(new TaskResult(false, "Malformed message.")); } // Stop people from sending insanely large messages if (msg.Content.Length > 2048) { return(new TaskResult(false, "Message is longer than 2048 chars.")); } // Media proxy layer msg.Content = await MSPManager.HandleUrls(msg.Content); PlanetMessageWorker.AddToQueue(msg); return(new TaskResult(true, "Added message to post queue.")); }
private static async Task PostMessage(HttpContext ctx, ValourDB db, [FromHeader] string authorization) { AuthToken auth = await ServerAuthToken.TryAuthorize(authorization, db); if (auth == null) { ctx.Response.StatusCode = 401; await ctx.Response.WriteAsync($"Token is invalid [token: {authorization}]"); return; } string body = await ctx.Request.ReadBodyStringAsync(); var message = JsonSerializer.Deserialize <PlanetMessage>(body); if (message == null || message.Content == null || message.Fingerprint == null) { ctx.Response.StatusCode = 400; await ctx.Response.WriteAsync($"Include message data"); return; } ServerPlanetChatChannel channel = await db.PlanetChatChannels.Include(x => x.Planet) .ThenInclude(x => x.Members.Where(x => x.User_Id == auth.User_Id)) .FirstOrDefaultAsync(x => x.Id == message.Channel_Id); if (channel == null) { ctx.Response.StatusCode = 400; await ctx.Response.WriteAsync($"Channel not found [id: {message.Channel_Id}]"); return; } var member = channel.Planet.Members.FirstOrDefault(); if (member == null) { ctx.Response.StatusCode = 401; await ctx.Response.WriteAsync("Could not find member using token"); return; } if (!await channel.HasPermission(member, ChatChannelPermissions.ViewMessages, db)) { ctx.Response.StatusCode = 401; await ctx.Response.WriteAsync("Member lacks ChatChannelPermissions.ViewMessages node"); return; } if (!await channel.HasPermission(member, ChatChannelPermissions.PostMessages, db)) { ctx.Response.StatusCode = 401; await ctx.Response.WriteAsync("Member lacks ChatChannelPermissions.PostMessages node"); return; } // Ensure author id is accurate message.Author_Id = auth.User_Id; if (message.Content != null && message.Content.Length > 2048) { ctx.Response.StatusCode = 400; await ctx.Response.WriteAsync("Content is over 2048 chars"); return; } if (message.Embed_Data != null && message.Content.Length > 65535) { ctx.Response.StatusCode = 400; await ctx.Response.WriteAsync("Embed is over 65535 chars"); return; } // Handle urls message.Content = await MPSManager.HandleUrls(message.Content); PlanetMessageWorker.AddToQueue(message); StatWorker.IncreaseMessageCount(); ctx.Response.StatusCode = 200; await ctx.Response.WriteAsync("Success"); }