summaryrefslogtreecommitdiffstats
path: root/api
diff options
context:
space:
mode:
Diffstat (limited to 'api')
-rw-r--r--api/file.go22
-rw-r--r--api/post.go42
-rw-r--r--api/post_test.go40
-rw-r--r--api/user.go12
4 files changed, 78 insertions, 38 deletions
diff --git a/api/file.go b/api/file.go
index 94eea516a..f65be145d 100644
--- a/api/file.go
+++ b/api/file.go
@@ -52,6 +52,8 @@ const (
RotatedCCW = 6
RotatedCCWMirrored = 7
RotatedCW = 8
+
+ MaxImageSize = 4096 * 2160 // 4k resolution
)
var fileInfoCache *utils.Cache = utils.NewLru(1000)
@@ -125,6 +127,21 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
uid := model.NewId()
+ if model.IsFileExtImage(filepath.Ext(files[i].Filename)) {
+ imageNameList = append(imageNameList, uid+"/"+filename)
+ imageDataList = append(imageDataList, buf.Bytes())
+
+ // Decode image config first to check dimensions before loading the whole thing into memory later on
+ config, _, err := image.DecodeConfig(bytes.NewReader(buf.Bytes()))
+ if err != nil {
+ c.Err = model.NewAppError("uploadFile", "Unable to upload image file.", err.Error())
+ return
+ } else if config.Width*config.Height > MaxImageSize {
+ c.Err = model.NewAppError("uploadFile", "Unable to upload image file. File is too large.", err.Error())
+ return
+ }
+ }
+
path := "teams/" + c.Session.TeamId + "/channels/" + channelId + "/users/" + c.Session.UserId + "/" + uid + "/" + filename
if err := writeFile(buf.Bytes(), path); err != nil {
@@ -132,11 +149,6 @@ func uploadFile(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- if model.IsFileExtImage(filepath.Ext(files[i].Filename)) {
- imageNameList = append(imageNameList, uid+"/"+filename)
- imageDataList = append(imageDataList, buf.Bytes())
- }
-
encName := utils.UrlEncode(filename)
fileUrl := "/" + channelId + "/" + c.Session.UserId + "/" + uid + "/" + encName
diff --git a/api/post.go b/api/post.go
index 79f84e04d..b8588fe6a 100644
--- a/api/post.go
+++ b/api/post.go
@@ -820,45 +820,23 @@ func searchPosts(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
- plainSearchParams, hashtagSearchParams := model.ParseSearchParams(terms)
+ paramsList := model.ParseSearchParams(terms)
+ channels := []store.StoreChannel{}
- var hchan store.StoreChannel
- if hashtagSearchParams != nil {
- hchan = Srv.Store.Post().Search(c.Session.TeamId, c.Session.UserId, hashtagSearchParams)
+ for _, params := range paramsList {
+ channels = append(channels, Srv.Store.Post().Search(c.Session.TeamId, c.Session.UserId, params))
}
- var pchan store.StoreChannel
- if plainSearchParams != nil {
- pchan = Srv.Store.Post().Search(c.Session.TeamId, c.Session.UserId, plainSearchParams)
- }
-
- mainList := &model.PostList{}
- if hchan != nil {
- if result := <-hchan; result.Err != nil {
+ posts := &model.PostList{}
+ for _, channel := range channels {
+ if result := <-channel; result.Err != nil {
c.Err = result.Err
return
} else {
- mainList = result.Data.(*model.PostList)
+ data := result.Data.(*model.PostList)
+ posts.Extend(data)
}
}
- plainList := &model.PostList{}
- if pchan != nil {
- if result := <-pchan; result.Err != nil {
- c.Err = result.Err
- return
- } else {
- plainList = result.Data.(*model.PostList)
- }
- }
-
- for _, postId := range plainList.Order {
- if _, ok := mainList.Posts[postId]; !ok {
- mainList.AddPost(plainList.Posts[postId])
- mainList.AddOrder(postId)
- }
-
- }
-
- w.Write([]byte(mainList.ToJson()))
+ w.Write([]byte(posts.ToJson()))
}
diff --git a/api/post_test.go b/api/post_test.go
index ac9d5668b..e54e9ef0c 100644
--- a/api/post_test.go
+++ b/api/post_test.go
@@ -427,12 +427,18 @@ func TestSearchPostsInChannel(t *testing.T) {
channel2 := &model.Channel{DisplayName: "TestGetPosts", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
channel2 = Client.Must(Client.CreateChannel(channel2)).Data.(*model.Channel)
+ channel3 := &model.Channel{DisplayName: "TestGetPosts", Name: "a" + model.NewId() + "a", Type: model.CHANNEL_OPEN, TeamId: team.Id}
+ channel3 = Client.Must(Client.CreateChannel(channel3)).Data.(*model.Channel)
+
post2 := &model.Post{ChannelId: channel2.Id, Message: "sgtitlereview\n with return"}
post2 = Client.Must(Client.CreatePost(post2)).Data.(*model.Post)
post3 := &model.Post{ChannelId: channel2.Id, Message: "other message with no return"}
post3 = Client.Must(Client.CreatePost(post3)).Data.(*model.Post)
+ post4 := &model.Post{ChannelId: channel3.Id, Message: "other message with no return"}
+ post4 = Client.Must(Client.CreatePost(post4)).Data.(*model.Post)
+
if result := Client.Must(Client.SearchPosts("channel:")).Data.(*model.PostList); len(result.Order) != 0 {
t.Fatalf("wrong number of posts returned %v", len(result.Order))
}
@@ -476,6 +482,10 @@ func TestSearchPostsInChannel(t *testing.T) {
if result := Client.Must(Client.SearchPosts("sgtitlereview channel: " + channel2.Name)).Data.(*model.PostList); len(result.Order) != 1 {
t.Fatalf("wrong number of posts returned %v", len(result.Order))
}
+
+ if result := Client.Must(Client.SearchPosts("channel: " + channel2.Name + " channel: " + channel3.Name)).Data.(*model.PostList); len(result.Order) != 3 {
+ t.Fatalf("wrong number of posts returned :) %v :) %v", result.Posts, result.Order)
+ }
}
func TestSearchPostsFromUser(t *testing.T) {
@@ -510,11 +520,12 @@ func TestSearchPostsFromUser(t *testing.T) {
post2 := &model.Post{ChannelId: channel2.Id, Message: "sgtitlereview\n with return"}
post2 = Client.Must(Client.CreatePost(post2)).Data.(*model.Post)
+ // includes "X has joined the channel" messages for both user2 and user3
+
if result := Client.Must(Client.SearchPosts("from: " + user1.Username)).Data.(*model.PostList); len(result.Order) != 1 {
t.Fatalf("wrong number of posts returned %v", len(result.Order))
}
- // note that this includes the "User2 has joined the channel" system messages
if result := Client.Must(Client.SearchPosts("from: " + user2.Username)).Data.(*model.PostList); len(result.Order) != 3 {
t.Fatalf("wrong number of posts returned %v", len(result.Order))
}
@@ -526,6 +537,33 @@ func TestSearchPostsFromUser(t *testing.T) {
if result := Client.Must(Client.SearchPosts("from: " + user2.Username + " in:" + channel1.Name)).Data.(*model.PostList); len(result.Order) != 1 {
t.Fatalf("wrong number of posts returned %v", len(result.Order))
}
+
+ user3 := &model.User{TeamId: team.Id, Email: model.NewId() + "corey@test.com", Nickname: "Corey Hulen", Password: "pwd"}
+ user3 = Client.Must(Client.CreateUser(user3, "")).Data.(*model.User)
+ store.Must(Srv.Store.User().VerifyEmail(user3.Id))
+
+ Client.LoginByEmail(team.Name, user3.Email, "pwd")
+ Client.Must(Client.JoinChannel(channel1.Id))
+ Client.Must(Client.JoinChannel(channel2.Id))
+
+ // wait for the join/leave messages to be created for user3 since they're done asynchronously
+ time.Sleep(100 * time.Millisecond)
+
+ if result := Client.Must(Client.SearchPosts("from: " + user2.Username)).Data.(*model.PostList); len(result.Order) != 3 {
+ t.Fatalf("wrong number of posts returned %v", len(result.Order))
+ }
+
+ if result := Client.Must(Client.SearchPosts("from: " + user2.Username + " from: " + user3.Username)).Data.(*model.PostList); len(result.Order) != 5 {
+ t.Fatalf("wrong number of posts returned %v", len(result.Order))
+ }
+
+ if result := Client.Must(Client.SearchPosts("from: " + user2.Username + " from: " + user3.Username + " in:" + channel2.Name)).Data.(*model.PostList); len(result.Order) != 3 {
+ t.Fatalf("wrong number of posts returned %v", len(result.Order))
+ }
+
+ if result := Client.Must(Client.SearchPosts("from: " + user2.Username + " from: " + user3.Username + " in:" + channel2.Name + " joined")).Data.(*model.PostList); len(result.Order) != 2 {
+ t.Fatalf("wrong number of posts returned %v", len(result.Order))
+ }
}
func TestGetPostsCache(t *testing.T) {
diff --git a/api/user.go b/api/user.go
index 06e5336f1..3796a50ee 100644
--- a/api/user.go
+++ b/api/user.go
@@ -855,6 +855,18 @@ func uploadProfileImage(c *Context, w http.ResponseWriter, r *http.Request) {
return
}
+ // Decode image config first to check dimensions before loading the whole thing into memory later on
+ config, _, err := image.DecodeConfig(file)
+ if err != nil {
+ c.Err = model.NewAppError("uploadProfileFile", "Could not decode profile image config.", err.Error())
+ return
+ } else if config.Width*config.Height > MaxImageSize {
+ c.Err = model.NewAppError("uploadProfileFile", "Unable to upload profile image. File is too large.", err.Error())
+ return
+ }
+
+ file.Seek(0, 0)
+
// Decode image into Image object
img, _, err := image.Decode(file)
if err != nil {
generated by cgit v1.2.3-1-g7c22 (git 2.25.1) at 2024-10-16 18:14:16 +0000