public async Task <TaskResult> PostMessage(PlanetMessage msg, string token)
{
AuthToken authToken = await Context.AuthTokens.FindAsync(token);
// Return the same if the token is for the wrong user to prevent someone
// from knowing if they cracked another user's token. This is basically
// impossible to happen by chance but better safe than sorry in the case that
// the literal impossible odds occur, more likely someone gets a stolen token
// but is not aware of the owner but I'll shut up now - Spike
if (authToken == null || authToken.User_Id != msg.Author_Id)
{
return(new TaskResult(false, "Failed to authorize user."));
}
//ClientMessage msg = JsonConvert.DeserializeObject<ClientMessage>(json);
if (msg == null)
{
return(new TaskResult(false, "Malformed message."));
}
// Stop people from sending insanely large messages
if (msg.Content.Length > 2048)
{
return(new TaskResult(false, "Message is longer than 2048 chars."));
}
// Media proxy layer
msg.Content = await MSPManager.HandleUrls(msg.Content);
PlanetMessageWorker.AddToQueue(msg);
StatWorker.IncreaseMessageCount();
return(new TaskResult(true, "Added message to post queue."));
}
private static async Task PostMessage(HttpContext ctx, ValourDB db,
[FromHeader] string authorization)
{
AuthToken auth = await ServerAuthToken.TryAuthorize(authorization, db);
if (auth == null)
{
ctx.Response.StatusCode = 401;
await ctx.Response.WriteAsync($"Token is invalid [token: {authorization}]");
return;
}
string body = await ctx.Request.ReadBodyStringAsync();
var message = JsonSerializer.Deserialize <PlanetMessage>(body);
if (message == null || message.Content == null || message.Fingerprint == null)
{
ctx.Response.StatusCode = 400;
await ctx.Response.WriteAsync($"Include message data");
return;
}
ServerPlanetChatChannel channel = await db.PlanetChatChannels.Include(x => x.Planet)
.ThenInclude(x => x.Members.Where(x => x.User_Id == auth.User_Id))
.FirstOrDefaultAsync(x => x.Id == message.Channel_Id);
if (channel == null)
{
ctx.Response.StatusCode = 400;
await ctx.Response.WriteAsync($"Channel not found [id: {message.Channel_Id}]");
return;
}
var member = channel.Planet.Members.FirstOrDefault();
if (member == null)
{
ctx.Response.StatusCode = 401;
await ctx.Response.WriteAsync("Could not find member using token");
return;
}
if (!await channel.HasPermission(member, ChatChannelPermissions.ViewMessages, db))
{
ctx.Response.StatusCode = 401;
await ctx.Response.WriteAsync("Member lacks ChatChannelPermissions.ViewMessages node");
return;
}
if (!await channel.HasPermission(member, ChatChannelPermissions.PostMessages, db))
{
ctx.Response.StatusCode = 401;
await ctx.Response.WriteAsync("Member lacks ChatChannelPermissions.PostMessages node");
return;
}
// Ensure author id is accurate
message.Author_Id = auth.User_Id;
if (message.Content != null && message.Content.Length > 2048)
{
ctx.Response.StatusCode = 400;
await ctx.Response.WriteAsync("Content is over 2048 chars");
return;
}
if (message.Embed_Data != null && message.Content.Length > 65535)
{
ctx.Response.StatusCode = 400;
await ctx.Response.WriteAsync("Embed is over 65535 chars");
return;
}
// Handle urls
message.Content = await MPSManager.HandleUrls(message.Content);
PlanetMessageWorker.AddToQueue(message);
StatWorker.IncreaseMessageCount();
ctx.Response.StatusCode = 200;
await ctx.Response.WriteAsync("Success");
}