Merge pull request #562 from ekzyis/fix-magic-numbers-in-update-item

Fix magic numbers during item update and refactor job check

api/resolvers/item.js

@@ -8,14 +8,14 @@ import {
   ITEM_SPAM_INTERVAL, ITEM_FILTER_THRESHOLD,
   DONT_LIKE_THIS_COST, COMMENT_DEPTH_LIMIT, COMMENT_TYPE_QUERY,
   ANON_COMMENT_FEE, ANON_USER_ID, ANON_POST_FEE, ANON_ITEM_SPAM_INTERVAL, POLL_COST,
-  GLOBAL_SEED
+  ITEM_ALLOW_EDITS, GLOBAL_SEED
 } from '../../lib/constants'
 import { msatsToSats } from '../../lib/format'
 import { parse } from 'tldts'
 import uu from 'url-unshort'
 import { advSchema, amountSchema, bountySchema, commentSchema, discussionSchema, jobSchema, linkSchema, pollSchema, ssValidate } from '../../lib/validate'
 import { sendUserNotification } from '../webPush'
-import { defaultCommentSort } from '../../lib/item'
+import { defaultCommentSort, isJob } from '../../lib/item'
 import { notifyItemParents, notifyUserSubscribers, notifyZapped } from '../../lib/push-notifications'
 
 export async function commentFilterClause (me, models) {
@@ -1070,14 +1070,14 @@ export const updateItem = async (parent, { sub: subName, forward, options, ...it
   // in case they lied about their existing boost
   await ssValidate(advSchema, { boost: item.boost }, { models, me, existingBoost: old.boost })
 
-  // if it's not the FAQ, not their bio, and older than 10 minutes
+  // prevent update if it's not explicitly allowed, not their bio, not their job and older than 10 minutes
   const user = await models.user.findUnique({ where: { id: me.id } })
-  if (![349, 76894, 78763, 81862].includes(old.id) && user.bioId !== old.id &&
+  if (!ITEM_ALLOW_EDITS.includes(old.id) && user.bioId !== old.id &&
-    typeof item.maxBid === 'undefined' && Date.now() > new Date(old.createdAt).getTime() + 10 * 60000) {
+    !isJob(item) && Date.now() > new Date(old.createdAt).getTime() + 10 * 60000) {
     throw new GraphQLError('item can no longer be editted', { extensions: { code: 'BAD_INPUT' } })
   }
 
-  if (item.url && typeof item.maxBid === 'undefined') {
+  if (item.url && !isJob(item)) {
     item.url = ensureProtocol(item.url)
     item.url = removeTracking(item.url)
   }
@@ -1117,7 +1117,7 @@ export const createItem = async (parent, { forward, options, ...item }, { me, mo
   item.userId = me ? Number(me.id) : ANON_USER_ID
 
   const fwdUsers = await getForwardUsers(models, forward)
-  if (item.url && typeof item.maxBid === 'undefined') {
+  if (item.url && !isJob(item)) {
     item.url = ensureProtocol(item.url)
     item.url = removeTracking(item.url)
   }

lib/constants.js

@@ -70,3 +70,8 @@ export const LOST_BLURBS = [
   "your hat was stolen by a mischievous prairie dog. You won't catch the dog, but you can always find another hat.",
   'you lost your hat while crossing the river on your journey west. Maybe you can find a replacement hat in the next town.'
 ]
+
+export const ITEM_ALLOW_EDITS = [
+  // FAQ, privacy policy, changelog, content guidelines
+  349, 76894, 78763, 81862
+]

lib/item.js

@@ -9,3 +9,5 @@ export const defaultCommentSort = (pinned, bio, createdAt) => {
   // everything else sorts by hot
   return 'hot'
 }
+
+export const isJob = item => typeof item.maxBid !== 'undefined'

worker/imgproxy.js

@@ -1,5 +1,6 @@
 import { createHmac } from 'node:crypto'
 import { extractUrls } from '../lib/md.js'
+import { isJob } from '../lib/item.js'
 
 const imgProxyEnabled = process.env.NODE_ENV === 'production' ||
   (process.env.NEXT_PUBLIC_IMGPROXY_URL && process.env.IMGPROXY_SALT && process.env.IMGPROXY_KEY)
@@ -60,14 +61,12 @@ export function imgproxy ({ models }) {
 
     const item = await models.item.findUnique({ where: { id } })
 
-    const isJob = typeof item.maxBid !== 'undefined'
-
     let imgproxyUrls = {}
     try {
       if (item.text) {
         imgproxyUrls = await createImgproxyUrls(id, item.text, { forceFetch })
       }
-      if (item.url && !isJob) {
+      if (item.url && !isJob(item)) {
         imgproxyUrls = { ...imgproxyUrls, ...(await createImgproxyUrls(id, item.url, { forceFetch })) }
       }
     } catch (err) {