1
0
mirror of https://github.com/mastodon/mastodon synced 2024-11-27 06:18:17 +09:00

Fix being able to retrieve unusable hashtags through the API

This commit is contained in:
Eugen Rochko 2024-06-17 16:54:34 +02:00
parent 3939352e92
commit 8733975f13
5 changed files with 30 additions and 3 deletions

View File

@ -29,5 +29,7 @@ class Api::V1::TagsController < Api::BaseController
return not_found unless Tag::HASHTAG_NAME_RE.match?(params[:id])
@tag = Tag.find_normalized(params[:id]) || Tag.new(name: Tag.normalize(params[:id]), display_name: params[:id])
not_found unless @tag.usable?
end
end

View File

@ -19,7 +19,7 @@ class Api::V1::Timelines::TagController < Api::V1::Timelines::BaseController
end
def load_tag
@tag = Tag.find_normalized(params[:id])
@tag = Tag.usable.find_normalized(params[:id])
end
def load_statuses

View File

@ -13,6 +13,8 @@ class SearchQueryTransformer < Parslet::Transform
).freeze
class Query
attr_reader :keywords
def initialize(clauses, options = {})
raise ArgumentError if options[:current_account].nil?
@ -20,6 +22,7 @@ class SearchQueryTransformer < Parslet::Transform
@options = options
flags_from_clauses!
keywords_from_clauses!
end
def request
@ -42,6 +45,10 @@ class SearchQueryTransformer < Parslet::Transform
@flags = clauses_by_operator.fetch(:flag, []).to_h { |clause| [clause.prefix, clause.term] }
end
def keywords_from_clauses!
@keywords = must_clauses.flat_map(&:keywords).uniq
end
def must_clauses
clauses_by_operator.fetch(:must, [])
end
@ -128,6 +135,10 @@ class SearchQueryTransformer < Parslet::Transform
{ multi_match: { type: 'most_fields', query: @term, fields: ['text', 'text.stemmed'], operator: 'and' } }
end
end
def keywords
@term.split
end
end
class PhraseClause
@ -141,6 +152,10 @@ class SearchQueryTransformer < Parslet::Transform
def to_query
{ match_phrase: { text: { query: @phrase } } }
end
def keywords
@phrase.split
end
end
class PrefixClause
@ -193,6 +208,10 @@ class SearchQueryTransformer < Parslet::Transform
end
end
def keywords
[]
end
private
def account_id_from_term(term)

View File

@ -25,6 +25,8 @@ class StatusesSearchService < BaseService
private
def status_search_results
return [] if contains_forbidden_terms?
request = parsed_query.request
results = request.collapse(field: :id).order(id: { order: :desc }).limit(@limit).offset(@offset).objects.compact
account_ids = results.map(&:account_id)
@ -37,7 +39,7 @@ class StatusesSearchService < BaseService
end
def parsed_query
SearchQueryTransformer.new.apply(SearchQueryParser.new.parse(@query), current_account: @account)
@parsed_query ||= SearchQueryTransformer.new.apply(SearchQueryParser.new.parse(@query), current_account: @account)
end
def convert_deprecated_options!
@ -60,4 +62,8 @@ class StatusesSearchService < BaseService
@query = "#{@query} #{syntax_options.join(' ')}".strip if syntax_options.any?
end
def contains_forbidden_terms?
Tag.where(usable: false).matching_name(parsed_query.keywords).exists?
end
end

View File

@ -41,7 +41,7 @@ class TagSearchService < BaseService
normalized_query = Tag.normalize(@query)
exact_match = results.find { |tag| tag.name.downcase == normalized_query }
exact_match ||= Tag.find_normalized(normalized_query)
exact_match ||= Tag.listable.find_normalized(normalized_query)
unless exact_match.nil?
results.delete(exact_match)
results = [exact_match] + results