Fix being able to retrieve unusable hashtags through the API

This commit is contained in:
Eugen Rochko 2024-06-17 16:54:34 +02:00
parent 3939352e92
commit 8733975f13
5 changed files with 30 additions and 3 deletions

View file

@ -29,5 +29,7 @@ class Api::V1::TagsController < Api::BaseController
return not_found unless Tag::HASHTAG_NAME_RE.match?(params[:id]) return not_found unless Tag::HASHTAG_NAME_RE.match?(params[:id])
@tag = Tag.find_normalized(params[:id]) || Tag.new(name: Tag.normalize(params[:id]), display_name: params[:id]) @tag = Tag.find_normalized(params[:id]) || Tag.new(name: Tag.normalize(params[:id]), display_name: params[:id])
not_found unless @tag.usable?
end end
end end

View file

@ -19,7 +19,7 @@ class Api::V1::Timelines::TagController < Api::V1::Timelines::BaseController
end end
def load_tag def load_tag
@tag = Tag.find_normalized(params[:id]) @tag = Tag.usable.find_normalized(params[:id])
end end
def load_statuses def load_statuses

View file

@ -13,6 +13,8 @@ class SearchQueryTransformer < Parslet::Transform
).freeze ).freeze
class Query class Query
attr_reader :keywords
def initialize(clauses, options = {}) def initialize(clauses, options = {})
raise ArgumentError if options[:current_account].nil? raise ArgumentError if options[:current_account].nil?
@ -20,6 +22,7 @@ class SearchQueryTransformer < Parslet::Transform
@options = options @options = options
flags_from_clauses! flags_from_clauses!
keywords_from_clauses!
end end
def request def request
@ -42,6 +45,10 @@ class SearchQueryTransformer < Parslet::Transform
@flags = clauses_by_operator.fetch(:flag, []).to_h { |clause| [clause.prefix, clause.term] } @flags = clauses_by_operator.fetch(:flag, []).to_h { |clause| [clause.prefix, clause.term] }
end end
def keywords_from_clauses!
@keywords = must_clauses.flat_map(&:keywords).uniq
end
def must_clauses def must_clauses
clauses_by_operator.fetch(:must, []) clauses_by_operator.fetch(:must, [])
end end
@ -128,6 +135,10 @@ class SearchQueryTransformer < Parslet::Transform
{ multi_match: { type: 'most_fields', query: @term, fields: ['text', 'text.stemmed'], operator: 'and' } } { multi_match: { type: 'most_fields', query: @term, fields: ['text', 'text.stemmed'], operator: 'and' } }
end end
end end
def keywords
@term.split
end
end end
class PhraseClause class PhraseClause
@ -141,6 +152,10 @@ class SearchQueryTransformer < Parslet::Transform
def to_query def to_query
{ match_phrase: { text: { query: @phrase } } } { match_phrase: { text: { query: @phrase } } }
end end
def keywords
@phrase.split
end
end end
class PrefixClause class PrefixClause
@ -193,6 +208,10 @@ class SearchQueryTransformer < Parslet::Transform
end end
end end
def keywords
[]
end
private private
def account_id_from_term(term) def account_id_from_term(term)

View file

@ -25,6 +25,8 @@ class StatusesSearchService < BaseService
private private
def status_search_results def status_search_results
return [] if contains_forbidden_terms?
request = parsed_query.request request = parsed_query.request
results = request.collapse(field: :id).order(id: { order: :desc }).limit(@limit).offset(@offset).objects.compact results = request.collapse(field: :id).order(id: { order: :desc }).limit(@limit).offset(@offset).objects.compact
account_ids = results.map(&:account_id) account_ids = results.map(&:account_id)
@ -37,7 +39,7 @@ class StatusesSearchService < BaseService
end end
def parsed_query def parsed_query
SearchQueryTransformer.new.apply(SearchQueryParser.new.parse(@query), current_account: @account) @parsed_query ||= SearchQueryTransformer.new.apply(SearchQueryParser.new.parse(@query), current_account: @account)
end end
def convert_deprecated_options! def convert_deprecated_options!
@ -60,4 +62,8 @@ class StatusesSearchService < BaseService
@query = "#{@query} #{syntax_options.join(' ')}".strip if syntax_options.any? @query = "#{@query} #{syntax_options.join(' ')}".strip if syntax_options.any?
end end
def contains_forbidden_terms?
Tag.where(usable: false).matching_name(parsed_query.keywords).exists?
end
end end

View file

@ -41,7 +41,7 @@ class TagSearchService < BaseService
normalized_query = Tag.normalize(@query) normalized_query = Tag.normalize(@query)
exact_match = results.find { |tag| tag.name.downcase == normalized_query } exact_match = results.find { |tag| tag.name.downcase == normalized_query }
exact_match ||= Tag.find_normalized(normalized_query) exact_match ||= Tag.listable.find_normalized(normalized_query)
unless exact_match.nil? unless exact_match.nil?
results.delete(exact_match) results.delete(exact_match)
results = [exact_match] + results results = [exact_match] + results