don't allow links with URL unchanged, e.g. [text](url)

(url) is a text inserted by default and never an intended URL. That additional validation will ensure that users won't post wrong links because they are confused.
umputun · Jan 9, 2023 · b294257 · b294257
1 parent 596861a
commit b294257
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 0 deletions.
diff --git a/backend/app/rest/api/rest_private_test.go b/backend/app/rest/api/rest_private_test.go
@@ -166,6 +166,26 @@ func TestRest_CreateWithRestrictedWord(t *testing.T) {
 	assert.Equal(t, "invalid comment", c["details"])
 }
 
+func TestRest_CreateURLWithoutChange(t *testing.T) {
+	ts, _, teardown := startupT(t)
+	defer teardown()
+
+	// check that it's not possible to click insert URL button and not alter the URL in it (which is `url` by default)
+	textWithoutChangedURL := `{"text": "here is a link without URL: [google.com](url)", "locator":{"url": "https://radio-t.com/blah1", "site": "remark42"}}`
+
+	resp, err := post(t, ts.URL+"/api/v1/comment", textWithoutChangedURL)
+	assert.NoError(t, err)
+	assert.Equal(t, http.StatusBadRequest, resp.StatusCode)
+	b, err := io.ReadAll(resp.Body)
+	assert.NoError(t, err)
+	assert.NoError(t, resp.Body.Close())
+	c := R.JSON{}
+	err = json.Unmarshal(b, &c)
+	assert.NoError(t, err)
+	assert.Equal(t, "please define link URL in the parentesis", c["error"])
+	assert.Equal(t, "invalid comment", c["details"])
+}
+
 func TestRest_CreateRejected(t *testing.T) {
 	ts, _, teardown := startupT(t)
 	defer teardown()

diff --git a/backend/app/store/service/service.go b/backend/app/store/service/service.go
@@ -642,6 +642,9 @@ func (s *DataStore) ValidateComment(c *store.Comment) error {
 	if c.User.ID == "" || c.User.Name == "" {
 		return fmt.Errorf("empty user info")
 	}
+	if strings.Contains(c.Orig, "](url)") {
+		return fmt.Errorf("please define link URL in the parentesis")
+	}
 	return nil
 }
 

diff --git a/backend/app/store/service/service_test.go b/backend/app/store/service/service_test.go
@@ -786,6 +786,7 @@ func TestService_ValidateComment(t *testing.T) {
 		{inp: store.Comment{Orig: "something blah", User: store.User{ID: "myid", Name: "name"}}, err: nil},
 		{inp: store.Comment{Orig: "something blah", User: store.User{ID: "myid"}}, err: fmt.Errorf("empty user info")},
 		{inp: store.Comment{Orig: longText, User: store.User{ID: "myid", Name: "name"}}, err: fmt.Errorf("comment text exceeded max allowed size 2000 (4000)")},
+		{inp: store.Comment{Orig: "here is a link without URL: [google.com](url)", User: store.User{ID: "myid", Name: "name"}}, err: fmt.Errorf("please define link URL in the parentesis")},
 	}
 
 	for n, tt := range tbl {