Web::Controller::API::Submission: fix warnings

[newslash/newslash.git] / src / newslash_web / lib / Newslash / Web / Controller / API / Submission.pm

package Newslash::Web::Controller::API::Submission;
use Mojo::Base 'Newslash::Web::Controller';
#use Mojo::Base 'Mojolicious::Controller';
use Data::Dumper;
use Mojo::JSON qw(decode_json encode_json);
use Mojo::URL;
use Email::Valid;

sub get {
    my $c = shift;
    my $subid = $c->param('subid');
    my $user = $c->stash('user');

    if (!$subid) {
        $c->render(json => { err => 1, message => "not_found" });
        $c->rendered(404);
        return;
    }
    my $submissions = $c->model('submissions');
    my $submission = $submissions->select(submission_id => $subid);
    $c->apply_seclev_filter("submissions", $submission);

    if (!$submission) {
        $c->render(json => { err => 1, message => "not_found" });
        $c->rendered(404);
        return;
    }
    $c->render(json => { item => $submission });
    return;
}

sub list {
    my $c = shift;
    my $submissions = $c->app->model('submissions');
    my $items = [];
    my $message = "";
    my $user = $c->stash('user');

    my $show_deleted = 0;
    if ($c->param('show_deleted') && $user->{is_admin}) {
        $show_deleted = 1;
    }

    my $limit = 50;
    my $skip = 0;
    if ($c->param('limit')
        && $c->param('limit') =~ m/\A[0-9]+\z/
        && $c->param('limit') < 50) {
        $limit = $c->param('limit');
    }
    if ($c->param('skip')
        && $c->param('skip') =~ m/\A[0-9]+\z/) {
        $skip = $c->param('skip');
    }

    $items = $submissions->select(del => $show_deleted,
                                  order_by => {create_time => "DESC"},
                                  limit => $limit,
                                  skip => $skip);
    $c->apply_seclev_filter("submissions", $items);

    if (!$items) {
        $message = $submissions->last_error;
        $c->render(json => {message => $message, error => 1});
    }
    else {
        $c->render(json => {message => $message, items => $items});
    }
    return;
}

sub post {
    my $c = shift;
    my $params = {};
    my $user = $c->stash('user');

    # check permission
    if (!$user->{permissions}->{submission}) {
        $c->render(json => { err => 1, reason => "not_allowed", message => "not_allowed" });
        $c->rendered(403);
        return;
    }

    my $submissions = $c->model('submissions');
    my $util = $c->model('util');

    my $allowed = $c->app->config->{Editor}->{allowed_tags};
    my $data = $c->req->json;
    my $item = $data->{item};
    my $message = "";

    # check body
    if ($item->{introtext} || $item->{intro_text}) {
        my $text = $item->{introtext} || $item->{intro_text};
        $text =~ s/\s+\z//m;
        $params->{introtext} = $util->clean_html($allowed, $text);
        $params->{introtext} =~ s/\s+\z//m;
    }
    $message = "no_content" if (!$params->{introtext} && !$item->{url});

    # check title
    $params->{title} = $util->escape_html({}, $item->{title});
    $message = "no_title" if !$params->{title};

    # check URL
    if ($item->{url}) {
        my $url = Mojo::URL->new($item->{url});
        if ($url->is_abs) {
            $params->{url} = $item->{url};
        }
        else {
            $message = "invalid_url";
        }
    }

    # check Email
    if ($item->{email}) {
        if (Email::Valid->address($item->{email})) {
            $params->{email} = $item->{email};
        }
        else {
            my $url = Mojo::URL->new($item->{email});
            if ($url->is_abs) {
                $params->{email} = $item->{email};
            }
            else {
                $message = "invalid_email";
            }
        }
    }

    $params->{action} = $data->{action} || 'preview';
    $params->{extra_params} = { createheaders => $c->req->headers->to_string };

    # parse tags
    #$params->{tid} = 49; #mainpage
    my $tags_string = $item->{tags_string} || "";
    my @tags = split(/\s+/, $tags_string);
    my $topic = $c->model('topics')->get_primary_topic_from_tags(\@tags) || {};
    $params->{tid} = $topic->{tid} || 49;
    $params->{tags_string} = $tags_string;


    if ($message) {
        $c->render(json => { err => 1, message => $message });
        $c->rendered(400);
        return;
    }

    if ($params->{action} eq 'preview') {
        my $result = {
                      title => $params->{title},
                      introtext => $params->{introtext},
                      email => $params->{email},
                      topic => $topic,
                      url => $params->{url},
                      tid => $params->{tid},
                     };
        $c->render(json => {item => $result});
    }
    elsif ($params->{action} eq 'post') {
        my $sub_id = $submissions->create(user => $user, %$params);
        if ($sub_id) {
            $c->render(json => {type => "submission", id => $sub_id});
            $c->event_que->emit("submission", "post", $user->{uid}, $sub_id);
        }
        else {
            #if ($submissions->last_errorno && $submissions->last_errorno == 1062) { #ER_DUP_ENTRY
            if (defined $sub_id) {
                $c->render(json => { err => 1, reason => "duplicated_post", message => "duplicated_post" });
                $c->rendered(409);
                return;
            }
            $c->render(json => { err => 1, reason => "server_error", message => $submissions->last_error });
            $c->rendered(500);
        }
    }
}

1;