From 590aba0848e07fe1db4c162a01e8c16b5ba05159 Mon Sep 17 00:00:00 2001
From: Pierre HUBERT <pierre.git@communiquons.org>
Date: Fri, 5 Mar 2021 12:30:40 +0100
Subject: [PATCH] Enforce messages text len policy

---
 src/api_data/server_config.rs               |  8 ++++++-
 src/constants.rs                            |  3 ++-
 src/controllers/conversations_controller.rs | 25 +++++++++++++++++----
 3 files changed, 30 insertions(+), 6 deletions(-)

diff --git a/src/api_data/server_config.rs b/src/api_data/server_config.rs
index 3655603..b24aab8 100644
--- a/src/api_data/server_config.rs
+++ b/src/api_data/server_config.rs
@@ -3,7 +3,7 @@
 //! @author Pierre Hubert
 use serde::Serialize;
 
-use crate::constants::{conservation_policy, MIN_SUPPORTED_MOBILE_VERSION, password_policy};
+use crate::constants::{conservation_policy, MIN_SUPPORTED_MOBILE_VERSION, password_policy, MIN_CONVERSATION_MESSAGE_LENGTH, MAX_CONVERSATION_MESSAGE_LENGTH};
 use crate::data::config::conf;
 
 #[derive(Serialize)]
@@ -37,6 +37,8 @@ pub struct ServerConfig {
     android_direct_download_url: String,
     password_policy: PasswordPolicy,
     data_conservation_policy: DataConservationPolicy,
+    min_conversation_message_len: usize,
+    max_conversation_message_len: usize,
 }
 
 impl ServerConfig {
@@ -47,6 +49,10 @@ impl ServerConfig {
             privacy_policy_url: &conf().privacy_policy_url,
             play_store_url: &conf().play_store_url,
             android_direct_download_url: conf().android_direct_download_url.clone(),
+
+            min_conversation_message_len: MIN_CONVERSATION_MESSAGE_LENGTH,
+            max_conversation_message_len: MAX_CONVERSATION_MESSAGE_LENGTH,
+
             password_policy: PasswordPolicy {
                 allow_email_in_password: password_policy::ALLOW_EMAIL_IN_PASSWORD,
                 allow_name_in_password: password_policy::ALLOW_NAME_IN_PASSWORD,
diff --git a/src/constants.rs b/src/constants.rs
index 1f115d3..39a9e68 100644
--- a/src/constants.rs
+++ b/src/constants.rs
@@ -165,4 +165,5 @@ pub const CLEAN_UP_INTERVAL: Duration = Duration::from_secs(60 * 60);
 pub const MIN_SUPPORTED_MOBILE_VERSION: &str = "1.1.1";
 
 /// Minimum message length
-pub const MIN_CONVERSATION_MESSAGE_LENGTH: usize = 1;
\ No newline at end of file
+pub const MIN_CONVERSATION_MESSAGE_LENGTH: usize = 1;
+pub const MAX_CONVERSATION_MESSAGE_LENGTH: usize = 16000;
\ No newline at end of file
diff --git a/src/controllers/conversations_controller.rs b/src/controllers/conversations_controller.rs
index a6f454e..75582bd 100644
--- a/src/controllers/conversations_controller.rs
+++ b/src/controllers/conversations_controller.rs
@@ -9,7 +9,7 @@ use crate::api_data::list_unread_conversations_api::UnreadConversationAPI;
 use crate::api_data::res_count_unread_conversations::ResultCountUnreadConversations;
 use crate::api_data::res_create_conversation::ResCreateConversation;
 use crate::api_data::res_find_private_conversations::ResFindPrivateConversations;
-use crate::constants::MIN_CONVERSATION_MESSAGE_LENGTH;
+use crate::constants::{MAX_CONVERSATION_MESSAGE_LENGTH, MIN_CONVERSATION_MESSAGE_LENGTH};
 use crate::controllers::user_ws_controller;
 use crate::data::base_request_handler::BaseRequestHandler;
 use crate::data::conversation::{ConversationMemberSetting, NewConversationSettings};
@@ -264,8 +264,15 @@ pub fn send_message(r: &mut HttpRequestHandler) -> RequestResult {
         }
     };
 
+    // Get message, if there is no image
     let message = if let None = file {
-        Some(r.post_string_without_html("message", MIN_CONVERSATION_MESSAGE_LENGTH, true)?)
+        let msg = r.post_string_without_html("message", MIN_CONVERSATION_MESSAGE_LENGTH, true)?;
+
+        if msg.len() > MAX_CONVERSATION_MESSAGE_LENGTH {
+            r.bad_request("Message is too long!".to_string())?;
+        }
+
+        Some(msg)
     } else {
         None
     };
@@ -312,12 +319,22 @@ pub fn delete_conversation(r: &mut HttpRequestHandler) -> RequestResult {
 /// Update a single conversation message
 pub fn update_message(r: &mut HttpRequestHandler) -> RequestResult {
     let msg_id = r.post_u64("messageID")?;
-    let new_content = r.post_string_opt("content", 3, true)?;
+    let new_content = r.post_string_opt("content", MIN_CONVERSATION_MESSAGE_LENGTH, true)?;
 
-    if !conversations_helper::is_message_owner(&r.user_id()?, msg_id)? {
+    let msg = conversations_helper::get_single_message(msg_id)?;
+
+    if msg.user_id != r.user_id_opt() {
         r.forbidden("You are not the owner of this message!".to_string())?;
     }
 
+    if msg.file.is_some() {
+        r.bad_request("Can not have both text and file in the same message!".to_string())?;
+    }
+
+    if new_content.len() > MAX_CONVERSATION_MESSAGE_LENGTH {
+        r.bad_request("New message is too long!".to_string())?;
+    }
+
     conversations_helper::update_message_content(msg_id, &new_content)?;
 
     r.success("Conversation message content successfully updated")