Merge pull request #3680 from pixelfed/staging

Staging

CHANGELOG.md

@@ -1,6 +1,8 @@
 # Release Notes
 
-## [Unreleased](https://github.com/pixelfed/pixelfed/compare/v0.11.3...dev)
+## [Unreleased](https://github.com/pixelfed/pixelfed/compare/v0.11.4...dev)
+
+## [v0.11.4 (2022-10-04)](https://github.com/pixelfed/pixelfed/compare/v0.11.3...v0.11.4)
 
 ### New Features
 - Custom content warnings/spoiler text ([d4864213](https://github.com/pixelfed/pixelfed/commit/d4864213))
@@ -91,6 +93,7 @@
 - Update ap helpers to handle disabled comments ([92f56c9b](https://github.com/pixelfed/pixelfed/commit/92f56c9b))
 - Update CollectionController, limit max title and description length ([6e76cf4b](https://github.com/pixelfed/pixelfed/commit/6e76cf4b))
 - Update collection components, fix title/description padding/overflow bug and add title/description limit and input counter ([6e4272a8](https://github.com/pixelfed/pixelfed/commit/6e4272a8))
+- Update Media model, fix thumbnail cdn paths ([9888af12](https://github.com/pixelfed/pixelfed/commit/9888af12))
 -  ([](https://github.com/pixelfed/pixelfed/commit/))
 
 ## [v0.11.3 (2022-05-09)](https://github.com/pixelfed/pixelfed/compare/v0.11.2...v0.11.3)

app/Http/Controllers/CollectionController.php

@@ -63,26 +63,27 @@ class CollectionController extends Controller
 
     public function store(Request $request, $id)
     {
-        abort_if(!Auth::check(), 403);
+        abort_if(!$request->user(), 403);
         $this->validate($request, [
             'title'         => 'nullable|max:50',
             'description'   => 'nullable|max:500',
             'visibility'    => 'nullable|string|in:public,private,draft'
         ]);
 
-        $profile = Auth::user()->profile;   
-        $collection = Collection::whereProfileId($profile->id)->findOrFail($id);
-        $collection->title = e($request->input('title'));
-        $collection->description = e($request->input('description'));
-        $collection->visibility = e($request->input('visibility'));
+        $pid = $request->user()->profile_id;
+        $collection = Collection::whereProfileId($pid)->findOrFail($id);
+        $collection->title = strip_tags($request->input('title'));
+        $collection->description = strip_tags($request->input('description'));
+        $collection->visibility = $request->input('visibility');
         $collection->save();
 
+        CollectionService::deleteCollection($id);
         return CollectionService::setCollection($collection->id, $collection);
     }
 
     public function publish(Request $request, int $id)
     {
-        abort_if(!Auth::check(), 403);
+        abort_if(!$request->user(), 403);
         $this->validate($request, [
             'title'         => 'nullable|max:50',
             'description'   => 'nullable|max:500',
@@ -93,9 +94,9 @@ class CollectionController extends Controller
         if($collection->items()->count() == 0) {
             abort(404);
         }
-        $collection->title = e($request->input('title'));
-        $collection->description = e($request->input('description'));
-        $collection->visibility = e($request->input('visibility'));
+        $collection->title = strip_tags($request->input('title'));
+        $collection->description = strip_tags($request->input('description'));
+        $collection->visibility = $request->input('visibility');
         $collection->published_at = now();
         $collection->save();
         return CollectionService::setCollection($collection->id, $collection);
@@ -103,35 +104,38 @@ class CollectionController extends Controller
 
     public function delete(Request $request, int $id)
     {
-        abort_if(!Auth::check(), 403);
-        $user = Auth::user();
+        abort_if(!$request->user(), 403);
+        $user = $request->user();
 
         $collection = Collection::whereProfileId($user->profile_id)->findOrFail($id);
         $collection->items()->delete();
         $collection->delete();
 
+        CollectionService::deleteCollection($id);
+
         if($request->wantsJson()) {
             return 200;
         }
 
-        CollectionService::deleteCollection($id);
-
         return redirect('/');
     }
 
     public function storeId(Request $request)
     {
+        abort_if(!$request->user(), 403);
+
         $this->validate($request, [
             'collection_id' => 'required|int|min:1|exists:collections,id',
-            'post_id'       => 'required|int|min:1|exists:statuses,id'
+            'post_id'       => 'required|int|min:1'
         ]);
         
-        $profileId = Auth::user()->profile_id;
+        $profileId = $request->user()->profile_id;
         $collectionId = $request->input('collection_id');
         $postId = $request->input('post_id');
 
         $collection = Collection::whereProfileId($profileId)->findOrFail($collectionId);
         $count = $collection->items()->count();
+        CollectionService::deleteCollection($collection->id);
 
         if($count) {
             CollectionItem::whereCollectionId($collection->id)
@@ -151,6 +155,7 @@ class CollectionController extends Controller
         }
 
         $status = Status::whereScope('public')
+            ->whereProfileId($profileId)
             ->whereIn('type', ['photo', 'photo:album', 'video'])
             ->findOrFail($postId);
 
@@ -277,12 +282,13 @@ class CollectionController extends Controller
 
     public function deleteId(Request $request)
     {
+        abort_if(!$request->user(), 403);
         $this->validate($request, [
             'collection_id' => 'required|int|min:1|exists:collections,id',
-            'post_id'       => 'required|int|min:1|exists:statuses,id'
+            'post_id'       => 'required|int|min:1'
         ]);
         
-        $profileId = Auth::user()->profile_id;
+        $profileId = $request->user()->profile_id;
         $collectionId = $request->input('collection_id');
         $postId = $request->input('post_id');
 
@@ -297,11 +303,6 @@ class CollectionController extends Controller
             ->whereIn('type', ['photo', 'photo:album', 'video'])
             ->findOrFail($postId);
 
-        CollectionService::removeItem(
-        	$collection->id,
-        	$status->id
-        );
-
         $item = CollectionItem::whereCollectionId($collection->id)
             ->whereObjectType('App\Status')
             ->whereObjectId($status->id)
@@ -309,9 +310,17 @@ class CollectionController extends Controller
 
         $item->delete();
 
+        CollectionItem::whereCollectionId($collection->id)
+            ->orderBy('created_at')
+            ->get()
+            ->each(function($item, $index) {
+                $item->order = $index;
+                $item->save();
+            });
+
         $collection->updated_at = now();
         $collection->save();
-        CollectionService::setCollection($collection->id, $collection);
+        CollectionService::deleteCollection($collection->id);
 
         return 200;
     }

app/Media.php

@@ -56,6 +56,10 @@ class Media extends Model
             return url(Storage::url($this->thumbnail_path));
         }
 
+        if($this->remote_media && !$this->thumbnail_path && $this->cdn_url) {
+            return $this->cdn_url;
+        }
+
         if($this->media_path && $this->mime && in_array($this->mime, ['image/jpeg', 'image/png'])) {
         	return $this->remote_media || Str::startsWith($this->media_path, 'http') ?
                 $this->media_path :

app/Services/CollectionService.php

@@ -22,37 +22,32 @@ class CollectionService
 
 	public static function addItem($id, $sid, $score)
 	{
-		Redis::zadd(self::CACHE_KEY . 'items:' . $id, $score, $sid);
+		return Redis::zadd(self::CACHE_KEY . 'items:' . $id, $score, $sid);
 	}
 
 	public static function removeItem($id, $sid)
 	{
-		Redis::zrem(self::CACHE_KEY . 'items:' . $id, $sid);
+		return Redis::zrem(self::CACHE_KEY . 'items:' . $id, $sid);
 	}
 
 	public static function clearItems($id)
 	{
-		Redis::del(self::CACHE_KEY . 'items:' . $id);
+		return Redis::del(self::CACHE_KEY . 'items:' . $id);
 	}
 
 	public static function coldBootItems($id)
 	{
-		return Cache::remember(self::CACHE_KEY . 'items:' . $id, 86400, function() use($id) {
-			return CollectionItem::whereCollectionId($id)
-				->orderBy('order')
-				->get()
-				->filter(function($item) use($id) {
-					return StatusService::get($item->object_id) != null;
-				})
-				->each(function($item) use ($id) {
-					self::addItem($id, $item->object_id, $item->order);
-				})
-				->map(function($item) {
-					return (string) $item->object_id;
-				})
-				->values()
-				->toArray();
-		});
+		return CollectionItem::whereCollectionId($id)
+			->orderBy('order')
+			->get()
+			->each(function($item) use ($id) {
+				return self::addItem($id, $item->object_id, $item->order);
+			})
+			->map(function($item) {
+				return (string) $item->object_id;
+			})
+			->values()
+			->toArray();
 	}
 
 	public static function count($id)
@@ -121,6 +116,8 @@ class CollectionService
 			'published_at' => $collection->published_at,
 		];
 		Cache::put(self::CACHE_KEY . 'get:' . $id, $res, 86400);
+		$res['avatar'] = $account['avatar'];
+		$res['username'] = $account['username'];
 		$res['post_count'] = self::count($id);
 		return $res;
 	}

config/pixelfed.php

@@ -23,7 +23,7 @@ return [
 	| This value is the version of your Pixelfed instance.
 	|
 	*/
-	'version' => '0.11.3',
+	'version' => '0.11.4',
 
 	/*
 	|--------------------------------------------------------------------------

routes/api.php

@@ -114,6 +114,10 @@ Route::group(['prefix' => 'api'], function() use($middleware) {
 			Route::get('accounts/{id}', 'CollectionController@getUserCollections')->middleware($middleware);
 			Route::get('items/{id}', 'CollectionController@getItems')->middleware($middleware);
 			Route::get('view/{id}', 'CollectionController@getCollection')->middleware($middleware);
+			Route::post('add', 'CollectionController@storeId')->middleware($middleware);
+			Route::post('update/{id}', 'CollectionController@store')->middleware($middleware);
+			Route::delete('delete/{id}', 'CollectionController@delete')->middleware($middleware);
+			Route::post('remove', 'CollectionController@deleteId')->middleware($middleware);
 		});
 
 		Route::group(['prefix' => 'direct'], function () use($middleware) {