package api import ( "fmt" "net/http" "code.nonshy.com/nonshy/website/pkg/config" "code.nonshy.com/nonshy/website/pkg/log" "code.nonshy.com/nonshy/website/pkg/models" "code.nonshy.com/nonshy/website/pkg/ratelimit" "code.nonshy.com/nonshy/website/pkg/session" "code.nonshy.com/nonshy/website/pkg/templates" ) // User endpoint to flag other photos as explicit on their behalf. func MarkPhotoExplicit() http.HandlerFunc { // Request JSON schema. type Request struct { PhotoID uint64 `json:"photoID"` Reason string `json:"reason"` Other string `json:"other"` } // Response JSON schema. type Response struct { OK bool `json:"OK"` Error string `json:"error,omitempty"` } return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // Get current user. currentUser, err := session.CurrentUser(r) if err != nil { session.FlashError(w, r, "Failed to get current user: %s", err) templates.Redirect(w, "/") return } // Parse request payload. var req Request if err := ParseJSON(r, &req); err != nil { SendJSON(w, http.StatusBadRequest, Response{ Error: fmt.Sprintf("Error with request payload: %s", err), }) return } // Form validation. if req.Reason == "" { SendJSON(w, http.StatusBadRequest, Response{ Error: "Please select one of the reasons why this photo should've been marked Explicit.", }) return } // Get this photo. photo, err := models.GetPhoto(req.PhotoID) if err != nil { SendJSON(w, http.StatusBadRequest, Response{ Error: "That photo was not found!", }) return } if !photo.Explicit { // Rate limit how frequently they are tagging photos, in case a user is just going around // and tagging EVERYTHING. if !currentUser.IsAdmin { limiter := &ratelimit.Limiter{ Namespace: "mark_explicit", ID: currentUser.ID, Limit: config.MarkExplicitRateLimit, Window: config.MarkExplicitRateLimitWindow, CooldownAt: config.MarkExplicitRateLimitCooldownAt, Cooldown: config.MarkExplicitRateLimitCooldown, } if err := limiter.Ping(); err != nil { SendJSON(w, http.StatusTooManyRequests, Response{ Error: "We appreciate the enthusiasm, but you seem to be marking an unusually high number of photos!\n\n" + err.Error(), }) return } } photo.Explicit = true if err := photo.Save(); err != nil { SendJSON(w, http.StatusBadRequest, Response{ Error: fmt.Sprintf("Couldn't save the photo: %s", err), }) return } // If a non-admin user has hit this API, log an admin report for visibility and // to keep a pulse on things (e.g. in case of abuse). if !currentUser.IsAdmin { fb := &models.Feedback{ Intent: "report", Subject: "User flagged an explicit photo", UserID: currentUser.ID, TableName: "photos", TableID: photo.ID, Message: fmt.Sprintf( "A user has flagged that a photo should have been marked as Explicit.\n\n"+ "* Reported by: %s (ID %d)\n"+ "* Reason given: %s\n"+ "* Elaboration (if other): %s\n\n"+ "The photo had been immediately marked as Explicit.", currentUser.Username, currentUser.ID, req.Reason, req.Other, ), } // Save the feedback. if err := models.CreateFeedback(fb); err != nil { log.Error("Couldn't save feedback from user updating their DOB: %s", err) } } } // Log the change. models.LogUpdated(&models.User{ID: photo.UserID}, currentUser, "photos", photo.ID, "Marked explicit by admin action.", []models.FieldDiff{ models.NewFieldDiff("Explicit", false, true), }) SendJSON(w, http.StatusOK, Response{ OK: true, }) }) }