diff --git a/api/resolvers/item.js b/api/resolvers/item.js index 964d7bbb..249f4931 100644 --- a/api/resolvers/item.js +++ b/api/resolvers/item.js @@ -8,14 +8,14 @@ import { ITEM_SPAM_INTERVAL, ITEM_FILTER_THRESHOLD, DONT_LIKE_THIS_COST, COMMENT_DEPTH_LIMIT, COMMENT_TYPE_QUERY, ANON_COMMENT_FEE, ANON_USER_ID, ANON_POST_FEE, ANON_ITEM_SPAM_INTERVAL, POLL_COST, - GLOBAL_SEED + ITEM_ALLOW_EDITS, GLOBAL_SEED } from '../../lib/constants' import { msatsToSats } from '../../lib/format' import { parse } from 'tldts' import uu from 'url-unshort' import { advSchema, amountSchema, bountySchema, commentSchema, discussionSchema, jobSchema, linkSchema, pollSchema, ssValidate } from '../../lib/validate' import { sendUserNotification } from '../webPush' -import { defaultCommentSort } from '../../lib/item' +import { defaultCommentSort, isJob } from '../../lib/item' import { notifyItemParents, notifyUserSubscribers, notifyZapped } from '../../lib/push-notifications' export async function commentFilterClause (me, models) { @@ -1070,14 +1070,14 @@ export const updateItem = async (parent, { sub: subName, forward, options, ...it // in case they lied about their existing boost await ssValidate(advSchema, { boost: item.boost }, { models, me, existingBoost: old.boost }) - // if it's not the FAQ, not their bio, and older than 10 minutes + // prevent update if it's not explicitly allowed, not their bio, not their job and older than 10 minutes const user = await models.user.findUnique({ where: { id: me.id } }) - if (![349, 76894, 78763, 81862].includes(old.id) && user.bioId !== old.id && - typeof item.maxBid === 'undefined' && Date.now() > new Date(old.createdAt).getTime() + 10 * 60000) { + if (!ITEM_ALLOW_EDITS.includes(old.id) && user.bioId !== old.id && + !isJob(item) && Date.now() > new Date(old.createdAt).getTime() + 10 * 60000) { throw new GraphQLError('item can no longer be editted', { extensions: { code: 'BAD_INPUT' } }) } - if (item.url && typeof item.maxBid === 'undefined') { + if (item.url && !isJob(item)) { item.url = ensureProtocol(item.url) item.url = removeTracking(item.url) } @@ -1117,7 +1117,7 @@ export const createItem = async (parent, { forward, options, ...item }, { me, mo item.userId = me ? Number(me.id) : ANON_USER_ID const fwdUsers = await getForwardUsers(models, forward) - if (item.url && typeof item.maxBid === 'undefined') { + if (item.url && !isJob(item)) { item.url = ensureProtocol(item.url) item.url = removeTracking(item.url) } diff --git a/lib/constants.js b/lib/constants.js index 19a04830..f2458f20 100644 --- a/lib/constants.js +++ b/lib/constants.js @@ -70,3 +70,8 @@ export const LOST_BLURBS = [ "your hat was stolen by a mischievous prairie dog. You won't catch the dog, but you can always find another hat.", 'you lost your hat while crossing the river on your journey west. Maybe you can find a replacement hat in the next town.' ] + +export const ITEM_ALLOW_EDITS = [ + // FAQ, privacy policy, changelog, content guidelines + 349, 76894, 78763, 81862 +] diff --git a/lib/item.js b/lib/item.js index 2fe868e8..1a5075b4 100644 --- a/lib/item.js +++ b/lib/item.js @@ -9,3 +9,5 @@ export const defaultCommentSort = (pinned, bio, createdAt) => { // everything else sorts by hot return 'hot' } + +export const isJob = item => typeof item.maxBid !== 'undefined' diff --git a/worker/imgproxy.js b/worker/imgproxy.js index 20d88604..67f25449 100644 --- a/worker/imgproxy.js +++ b/worker/imgproxy.js @@ -1,5 +1,6 @@ import { createHmac } from 'node:crypto' import { extractUrls } from '../lib/md.js' +import { isJob } from '../lib/item.js' const imgProxyEnabled = process.env.NODE_ENV === 'production' || (process.env.NEXT_PUBLIC_IMGPROXY_URL && process.env.IMGPROXY_SALT && process.env.IMGPROXY_KEY) @@ -60,14 +61,12 @@ export function imgproxy ({ models }) { const item = await models.item.findUnique({ where: { id } }) - const isJob = typeof item.maxBid !== 'undefined' - let imgproxyUrls = {} try { if (item.text) { imgproxyUrls = await createImgproxyUrls(id, item.text, { forceFetch }) } - if (item.url && !isJob) { + if (item.url && !isJob(item)) { imgproxyUrls = { ...imgproxyUrls, ...(await createImgproxyUrls(id, item.url, { forceFetch })) } } } catch (err) {