james/yarr
4
0
Fork 0
mirror of https://github.com/nkanaev/yarr.git synced 2025-05-25 05:29:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

server-side item sanitization

Browse Source
This commit is contained in:
Nazar Kanaev 2021-03-29 21:58:02 +01:00
parent 493a4262b1
commit 3ae17171e2
6 changed files with 77 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/assets/index.html
View File

@ -117,7 +117,7 @@
<label class="selectgroup mt-1" <label class="selectgroup mt-1"
:class="{'d-none': filterSelected :class="{'d-none': filterSelected
&& !filteredFolderStats[folder.id] && !filteredFolderStats[folder.id]
&& (!itemSelected || feedsById[itemSelectedDetails.feed_id].folder_id != folder.id)}"> && (!itemSelectedDetails || feedsById[itemSelectedDetails.feed_id].folder_id != folder.id)}">
<input type="radio" name="feed" :value="'folder:'+folder.id" v-model="feedSelected"> <input type="radio" name="feed" :value="'folder:'+folder.id" v-model="feedSelected">
<div class="selectgroup-label d-flex align-items-center w-100" v-if="folder.id"> <div class="selectgroup-label d-flex align-items-center w-100" v-if="folder.id">
<span class="icon mr-2" <span class="icon mr-2"
@ -133,7 +133,7 @@
<label class="selectgroup" <label class="selectgroup"
:class="{'d-none': filterSelected :class="{'d-none': filterSelected
&& !filteredFeedStats[feed.id] && !filteredFeedStats[feed.id]
&& (!itemSelected || itemSelectedDetails.feed_id != feed.id)}" && (!itemSelectedDetails || itemSelectedDetails.feed_id != feed.id)}"
v-for="feed in folder.feeds"> v-for="feed in folder.feeds">
<input type="radio" name="feed" :value="'feed:'+feed.id" v-model="feedSelected"> <input type="radio" name="feed" :value="'feed:'+feed.id" v-model="feedSelected">
<div class="selectgroup-label d-flex align-items-center w-100"> <div class="selectgroup-label d-flex align-items-center w-100">
@ -195,7 +195,7 @@
</div> </div>
<!-- item show --> <!-- item show -->
<div id="col-item" class="vh-100 d-flex flex-column w-100" style="min-width: 0;"> <div id="col-item" class="vh-100 d-flex flex-column w-100" style="min-width: 0;">
<div class="toolbar px-2 d-flex align-items-center" v-if="itemSelected"> <div class="toolbar px-2 d-flex align-items-center" v-if="itemSelectedDetails">
<button class="toolbar-item" <button class="toolbar-item"
@click="toggleItemStarred(itemSelectedDetails)" @click="toggleItemStarred(itemSelectedDetails)"
title="Mark Starred"> title="Mark Starred">
@ -245,7 +245,7 @@
<span class="icon">{% inline "x.svg" %}</span> <span class="icon">{% inline "x.svg" %}</span>
</button> </button>
</div> </div>
<div v-if="itemSelected" <div v-if="itemSelectedDetails"
ref="content" ref="content"
class="content px-4 pt-3 pb-5 border-top overflow-auto" class="content px-4 pt-3 pb-5 border-top overflow-auto"
:style="{'font-family': theme.font, 'font-size': theme.size + 'rem'}"> :style="{'font-family': theme.font, 'font-size': theme.size + 'rem'}">

3
src/assets/javascripts/api.js
View File

@ -71,6 +71,9 @@
} }
}, },
items: { items: {
get: function(id) {
return api('get', './api/items/' + id).then(json)
},
list: function(query) { list: function(query) {
return api('get', './api/items' + param(query)).then(json) return api('get', './api/items' + param(query)).then(json)
}, },

21
src/assets/javascripts/app.js
View File

@ -233,7 +233,7 @@ var vm = new Vue({
'num': 1, 'num': 1,
}, },
'itemSelected': null, 'itemSelected': null,
'itemSelectedDetails': {}, 'itemSelectedDetails': null,
'itemSelectedReadability': '', 'itemSelectedReadability': '',
'itemSearch': '', 'itemSearch': '',
'itemSortNewestFirst': undefined, 'itemSortNewestFirst': undefined,
@ -281,9 +281,6 @@ var vm = new Vue({
feedsById: function() { feedsById: function() {
return this.feeds.reduce(function(acc, feed) { acc[feed.id] = feed; return acc }, {}) return this.feeds.reduce(function(acc, feed) { acc[feed.id] = feed; return acc }, {})
}, },
itemsById: function() {
return this.items.reduce(function(acc, item) { acc[item.id] = item; return acc }, {})
},
itemSelectedContent: function() { itemSelectedContent: function() {
if (!this.itemSelected) return '' if (!this.itemSelected) return ''
@ -296,7 +293,7 @@ var vm = new Vue({
else if (this.itemSelectedDetails.description) else if (this.itemSelectedDetails.description)
content = this.itemSelectedDetails.description content = this.itemSelectedDetails.description
return sanitize(content, this.itemSelectedDetails.link) return content
}, },
}, },
watch: { watch: {
@ -345,12 +342,14 @@ var vm = new Vue({
} }
if (this.$refs.content) this.$refs.content.scrollTop = 0 if (this.$refs.content) this.$refs.content.scrollTop = 0
this.itemSelectedDetails = this.itemsById[newVal] api.items.get(newVal).then(function(item) {
if (this.itemSelectedDetails.status == 'unread') { this.itemSelectedDetails = item
this.itemSelectedDetails.status = 'read' if (this.itemSelectedDetails.status == 'unread') {
this.feedStats[this.itemSelectedDetails.feed_id].unread -= 1 this.itemSelectedDetails.status = 'read'
api.items.update(this.itemSelectedDetails.id, {status: this.itemSelectedDetails.status}) this.feedStats[this.itemSelectedDetails.feed_id].unread -= 1
} api.items.update(this.itemSelectedDetails.id, {status: this.itemSelectedDetails.status})
}
}.bind(this))
}, },
'itemSearch': debounce(function(newVal) { 'itemSearch': debounce(function(newVal) {
this.refreshItems() this.refreshItems()

16
src/server/routes.go
View File

@ -227,12 +227,22 @@ func (s *Server) handleFeed(c *router.Context) {
} }
func (s *Server) handleItem(c *router.Context) { func (s *Server) handleItem(c *router.Context) {
if c.Req.Method == "PUT" { id, err := c.VarInt64("id")
id, err := c.VarInt64("id") if err != nil {
if err != nil { c.Out.WriteHeader(http.StatusBadRequest)
return
}
if c.Req.Method == "GET" {
item := s.db.GetItem(id)
if item == nil {
c.Out.WriteHeader(http.StatusBadRequest) c.Out.WriteHeader(http.StatusBadRequest)
return return
} }
item.Content = scraper.Sanitize(item.Link, item.Content)
item.Description = scraper.Sanitize(item.Link, item.Description)
c.JSON(http.StatusOK, item)
} else if c.Req.Method == "PUT" {
var body ItemUpdateForm var body ItemUpdateForm
if err := json.NewDecoder(c.Req.Body).Decode(&body); err != nil { if err := json.NewDecoder(c.Req.Body).Decode(&body); err != nil {
log.Print(err) log.Print(err)

48
src/storage/item.go
View File

@ -3,7 +3,6 @@ package storage
import ( import (
"encoding/json" "encoding/json"
"fmt" "fmt"
xhtml "golang.org/x/net/html"
"html" "html"
"log" "log"
"strings" "strings"
@ -49,8 +48,8 @@ type Item struct {
FeedId int64 `json:"feed_id"` FeedId int64 `json:"feed_id"`
Title string `json:"title"` Title string `json:"title"`
Link string `json:"link"` Link string `json:"link"`
Description string `json:"description"` Description string `json:"description,omitempty"`
Content string `json:"content"` Content string `json:"content,omitempty"`
Author string `json:"author"` Author string `json:"author"`
Date *time.Time `json:"date"` Date *time.Time `json:"date"`
DateUpdated *time.Time `json:"date_updated"` DateUpdated *time.Time `json:"date_updated"`
@ -166,8 +165,8 @@ func (s *Storage) ListItems(filter ItemFilter, offset, limit int, newestFirst bo
query := fmt.Sprintf(` query := fmt.Sprintf(`
select select
i.id, i.guid, i.feed_id, i.title, i.link, i.description, i.id, i.guid, i.feed_id, i.title, i.link,
i.content, i.author, i.date, i.date_updated, i.status, i.image, i.podcast_url i.author, i.date, i.date_updated, i.status, i.image, i.podcast_url
from items i from items i
join feeds f on f.id = i.feed_id join feeds f on f.id = i.feed_id
where %s where %s
@ -187,8 +186,6 @@ func (s *Storage) ListItems(filter ItemFilter, offset, limit int, newestFirst bo
&x.FeedId, &x.FeedId,
&x.Title, &x.Title,
&x.Link, &x.Link,
&x.Description,
&x.Content,
&x.Author, &x.Author,
&x.Date, &x.Date,
&x.DateUpdated, &x.DateUpdated,
@ -205,6 +202,25 @@ func (s *Storage) ListItems(filter ItemFilter, offset, limit int, newestFirst bo
return result return result
} }
func (s *Storage) GetItem(id int64) *Item {
i := &Item{}
err := s.db.QueryRow(`
select
i.id, i.guid, i.feed_id, i.title, i.link, i.content, i.description,
i.author, i.date, i.date_updated, i.status, i.image, i.podcast_url
from items i
where i.id = ?
`, id).Scan(
&i.Id, &i.GUID, &i.FeedId, &i.Title, &i.Link, &i.Content, &i.Description,
&i.Author, &i.Date, &i.DateUpdated, &i.Status, &i.Image, &i.PodcastURL,
)
if err != nil {
log.Print(err)
return nil
}
return i
}
func (s *Storage) CountItems(filter ItemFilter) int64 { func (s *Storage) CountItems(filter ItemFilter) int64 {
predicate, args := listQueryPredicate(filter) predicate, args := listQueryPredicate(filter)
query := fmt.Sprintf(` query := fmt.Sprintf(`
@ -285,24 +301,6 @@ func (s *Storage) FeedStats() []FeedStat {
return result return result
} }
func HTMLText(s string) string {
tokenizer := xhtml.NewTokenizer(strings.NewReader(s))
contents := make([]string, 0)
for {
token := tokenizer.Next()
if token == xhtml.ErrorToken {
break
}
if token == xhtml.TextToken {
content := strings.TrimSpace(xhtml.UnescapeString(string(tokenizer.Text())))
if len(content) > 0 {
contents = append(contents, content)
}
}
}
return strings.Join(contents, " ")
}
func (s *Storage) SyncSearch() { func (s *Storage) SyncSearch() {
// TODO: cleaning up once feeds/items are deleted? // TODO: cleaning up once feeds/items are deleted?
rows, err := s.db.Query(` rows, err := s.db.Query(`

24
src/storage/utils.go Normal file
View File

@ -0,0 +1,24 @@
package storage
import (
"strings"
"golang.org/x/net/html"
)
func HTMLText(s string) string {
tokenizer := html.NewTokenizer(strings.NewReader(s))
contents := make([]string, 0)
for {
token := tokenizer.Next()
if token == html.ErrorToken {
break
}
if token == html.TextToken {
content := strings.TrimSpace(html.UnescapeString(string(tokenizer.Text())))
if len(content) > 0 {
contents = append(contents, content)
}
}
}
return strings.Join(contents, " ")
}