4
0

entry_handlers.go 17 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614
  1. // SPDX-FileCopyrightText: Copyright The Miniflux Authors. All rights reserved.
  2. // SPDX-License-Identifier: Apache-2.0
  3. package api // import "miniflux.app/v2/internal/api"
  4. import (
  5. json_parser "encoding/json"
  6. "errors"
  7. "net/http"
  8. "strconv"
  9. "time"
  10. "miniflux.app/v2/internal/config"
  11. "miniflux.app/v2/internal/crypto"
  12. "miniflux.app/v2/internal/http/request"
  13. "miniflux.app/v2/internal/http/response"
  14. "miniflux.app/v2/internal/integration"
  15. "miniflux.app/v2/internal/mediaproxy"
  16. "miniflux.app/v2/internal/model"
  17. "miniflux.app/v2/internal/reader/processor"
  18. "miniflux.app/v2/internal/reader/readingtime"
  19. "miniflux.app/v2/internal/reader/sanitizer"
  20. "miniflux.app/v2/internal/storage"
  21. "miniflux.app/v2/internal/validator"
  22. )
  23. func (h *handler) getEntryFromBuilder(w http.ResponseWriter, r *http.Request, b *storage.EntryQueryBuilder) {
  24. entry, err := b.GetEntry()
  25. if err != nil {
  26. response.JSONServerError(w, r, err)
  27. return
  28. }
  29. if entry == nil {
  30. response.JSONNotFound(w, r)
  31. return
  32. }
  33. entry.Content = mediaproxy.RewriteDocumentWithAbsoluteProxyURL(entry.Content)
  34. entry.Enclosures.ProxifyEnclosureURL(config.Opts.MediaProxyMode(), config.Opts.MediaProxyResourceTypes())
  35. response.JSON(w, r, entry)
  36. }
  37. func (h *handler) getFeedEntryHandler(w http.ResponseWriter, r *http.Request) {
  38. feedID := request.RouteInt64Param(r, "feedID")
  39. if feedID == 0 {
  40. response.JSONBadRequest(w, r, errors.New("invalid feed ID"))
  41. return
  42. }
  43. entryID := request.RouteInt64Param(r, "entryID")
  44. if entryID == 0 {
  45. response.JSONBadRequest(w, r, errors.New("invalid entry ID"))
  46. return
  47. }
  48. builder := h.store.NewEntryQueryBuilder(request.UserID(r)).
  49. WithFeedID(feedID).
  50. WithEntryIDs(entryID)
  51. h.getEntryFromBuilder(w, r, builder)
  52. }
  53. func (h *handler) getCategoryEntryHandler(w http.ResponseWriter, r *http.Request) {
  54. categoryID := request.RouteInt64Param(r, "categoryID")
  55. if categoryID == 0 {
  56. response.JSONBadRequest(w, r, errors.New("invalid category ID"))
  57. return
  58. }
  59. entryID := request.RouteInt64Param(r, "entryID")
  60. if entryID == 0 {
  61. response.JSONBadRequest(w, r, errors.New("invalid entry ID"))
  62. return
  63. }
  64. builder := h.store.NewEntryQueryBuilder(request.UserID(r)).
  65. WithCategoryID(categoryID).
  66. WithEntryIDs(entryID)
  67. h.getEntryFromBuilder(w, r, builder)
  68. }
  69. func (h *handler) getEntryHandler(w http.ResponseWriter, r *http.Request) {
  70. entryID := request.RouteInt64Param(r, "entryID")
  71. if entryID == 0 {
  72. response.JSONBadRequest(w, r, errors.New("invalid entry ID"))
  73. return
  74. }
  75. builder := h.store.NewEntryQueryBuilder(request.UserID(r)).
  76. WithEntryIDs(entryID)
  77. h.getEntryFromBuilder(w, r, builder)
  78. }
  79. func (h *handler) getFeedEntriesHandler(w http.ResponseWriter, r *http.Request) {
  80. feedID := request.RouteInt64Param(r, "feedID")
  81. if feedID == 0 {
  82. response.JSONBadRequest(w, r, errors.New("invalid feed ID"))
  83. return
  84. }
  85. h.findEntries(w, r, feedID, 0)
  86. }
  87. func (h *handler) getCategoryEntriesHandler(w http.ResponseWriter, r *http.Request) {
  88. categoryID := request.RouteInt64Param(r, "categoryID")
  89. if categoryID == 0 {
  90. response.JSONBadRequest(w, r, errors.New("invalid category ID"))
  91. return
  92. }
  93. h.findEntries(w, r, 0, categoryID)
  94. }
  95. func (h *handler) getEntriesHandler(w http.ResponseWriter, r *http.Request) {
  96. h.findEntries(w, r, 0, 0)
  97. }
  98. func (h *handler) findEntries(w http.ResponseWriter, r *http.Request, feedID int64, categoryID int64) {
  99. statuses := request.QueryStringParamList(r, "status")
  100. for _, status := range statuses {
  101. if err := validator.ValidateEntryStatus(status); err != nil {
  102. response.JSONBadRequest(w, r, err)
  103. return
  104. }
  105. }
  106. order := request.QueryStringParam(r, "order", model.DefaultSortingOrder)
  107. if err := validator.ValidateEntryOrder(order); err != nil {
  108. response.JSONBadRequest(w, r, err)
  109. return
  110. }
  111. direction := request.QueryStringParam(r, "direction", model.DefaultSortingDirection)
  112. if err := validator.ValidateDirection(direction); err != nil {
  113. response.JSONBadRequest(w, r, err)
  114. return
  115. }
  116. limit := request.QueryIntParam(r, "limit", 100)
  117. offset := request.QueryIntParam(r, "offset", 0)
  118. if err := validator.ValidateRange(offset, limit); err != nil {
  119. response.JSONBadRequest(w, r, err)
  120. return
  121. }
  122. userID := request.UserID(r)
  123. categoryID = request.QueryInt64Param(r, "category_id", categoryID)
  124. if categoryID > 0 && !h.store.CategoryIDExists(userID, categoryID) {
  125. response.JSONBadRequest(w, r, errors.New("invalid category ID"))
  126. return
  127. }
  128. feedID = request.QueryInt64Param(r, "feed_id", feedID)
  129. if feedID > 0 && !h.store.FeedExists(userID, feedID) {
  130. response.JSONBadRequest(w, r, errors.New("invalid feed ID"))
  131. return
  132. }
  133. tags := request.QueryStringParamList(r, "tags")
  134. builder := h.store.NewEntryQueryBuilder(userID).
  135. WithFeedID(feedID).
  136. WithCategoryID(categoryID).
  137. WithStatuses(statuses...).
  138. WithSorting(order, direction).
  139. WithOffset(offset).
  140. WithLimit(limit).
  141. WithTags(tags...).
  142. WithEnclosures()
  143. if request.HasQueryParam(r, "globally_visible") {
  144. globallyVisible := request.QueryBoolParam(r, "globally_visible", true)
  145. if globallyVisible {
  146. builder = builder.WithGloballyVisible()
  147. }
  148. }
  149. builder = configureFilters(builder, r)
  150. entries, count, err := builder.GetEntriesWithCount()
  151. if err != nil {
  152. response.JSONServerError(w, r, err)
  153. return
  154. }
  155. for i := range entries {
  156. entries[i].Content = mediaproxy.RewriteDocumentWithAbsoluteProxyURL(entries[i].Content)
  157. entries[i].Enclosures.ProxifyEnclosureURL(config.Opts.MediaProxyMode(), config.Opts.MediaProxyResourceTypes())
  158. }
  159. response.JSON(w, r, &entriesResponse{Total: count, Entries: entries})
  160. }
  161. func (h *handler) setEntryStatusAndStarredHandler(w http.ResponseWriter, r *http.Request) {
  162. var entriesStatusUpdateRequest model.EntriesStatusUpdateRequest
  163. if err := json_parser.NewDecoder(r.Body).Decode(&entriesStatusUpdateRequest); err != nil {
  164. response.JSONBadRequest(w, r, err)
  165. return
  166. }
  167. if err := validator.ValidateEntriesStatusAndStarredUpdateRequest(&entriesStatusUpdateRequest); err != nil {
  168. response.JSONBadRequest(w, r, err)
  169. return
  170. }
  171. if entriesStatusUpdateRequest.Status != "" {
  172. if err := h.store.SetEntriesStatus(request.UserID(r), entriesStatusUpdateRequest.EntryIDs, entriesStatusUpdateRequest.Status); err != nil {
  173. response.JSONServerError(w, r, err)
  174. return
  175. }
  176. }
  177. if entriesStatusUpdateRequest.Starred != nil {
  178. if err := h.store.SetEntriesStarredState(request.UserID(r), entriesStatusUpdateRequest.EntryIDs, *entriesStatusUpdateRequest.Starred); err != nil {
  179. response.JSONServerError(w, r, err)
  180. return
  181. }
  182. }
  183. response.NoContent(w, r)
  184. }
  185. func (h *handler) toggleStarredHandler(w http.ResponseWriter, r *http.Request) {
  186. entryID := request.RouteInt64Param(r, "entryID")
  187. if entryID == 0 {
  188. response.JSONBadRequest(w, r, errors.New("invalid entry ID"))
  189. return
  190. }
  191. if err := h.store.ToggleStarred(request.UserID(r), entryID); err != nil {
  192. response.JSONServerError(w, r, err)
  193. return
  194. }
  195. response.NoContent(w, r)
  196. }
  197. func (h *handler) saveEntryHandler(w http.ResponseWriter, r *http.Request) {
  198. entryID := request.RouteInt64Param(r, "entryID")
  199. if entryID == 0 {
  200. response.JSONBadRequest(w, r, errors.New("invalid entry ID"))
  201. return
  202. }
  203. if !h.store.HasSaveEntry(request.UserID(r)) {
  204. response.JSONBadRequest(w, r, errors.New("no third-party integration enabled"))
  205. return
  206. }
  207. entry, err := h.store.NewEntryQueryBuilder(request.UserID(r)).
  208. WithEntryIDs(entryID).
  209. GetEntry()
  210. if err != nil {
  211. response.JSONServerError(w, r, err)
  212. return
  213. }
  214. if entry == nil {
  215. response.JSONNotFound(w, r)
  216. return
  217. }
  218. settings, err := h.store.Integration(request.UserID(r))
  219. if err != nil {
  220. response.JSONServerError(w, r, err)
  221. return
  222. }
  223. go integration.SendEntry(entry, settings)
  224. response.JSONAccepted(w, r)
  225. }
  226. func (h *handler) updateEntryHandler(w http.ResponseWriter, r *http.Request) {
  227. var entryUpdateRequest model.EntryUpdateRequest
  228. if err := json_parser.NewDecoder(r.Body).Decode(&entryUpdateRequest); err != nil {
  229. response.JSONBadRequest(w, r, err)
  230. return
  231. }
  232. if err := validator.ValidateEntryModification(&entryUpdateRequest); err != nil {
  233. response.JSONBadRequest(w, r, err)
  234. return
  235. }
  236. entryID := request.RouteInt64Param(r, "entryID")
  237. if entryID == 0 {
  238. response.JSONBadRequest(w, r, errors.New("invalid entry ID"))
  239. return
  240. }
  241. loggedUserID := request.UserID(r)
  242. entry, err := h.store.NewEntryQueryBuilder(loggedUserID).
  243. WithEntryIDs(entryID).
  244. GetEntry()
  245. if err != nil {
  246. response.JSONServerError(w, r, err)
  247. return
  248. }
  249. if entry == nil {
  250. response.JSONNotFound(w, r)
  251. return
  252. }
  253. user, err := h.store.UserByID(loggedUserID)
  254. if err != nil {
  255. response.JSONServerError(w, r, err)
  256. return
  257. }
  258. if user == nil {
  259. response.JSONNotFound(w, r)
  260. return
  261. }
  262. if entryUpdateRequest.Content != nil {
  263. sanitizedContent := sanitizer.SanitizeHTML(entry.URL, *entryUpdateRequest.Content, &sanitizer.SanitizerOptions{OpenLinksInNewTab: user.OpenExternalLinksInNewTab})
  264. entryUpdateRequest.Content = &sanitizedContent
  265. }
  266. entryUpdateRequest.Patch(entry)
  267. if user.ShowReadingTime {
  268. entry.ReadingTime = readingtime.EstimateReadingTime(entry.Content, user.DefaultReadingSpeed, user.CJKReadingSpeed)
  269. }
  270. if err := h.store.UpdateEntryTitleAndContent(entry); err != nil {
  271. response.JSONServerError(w, r, err)
  272. return
  273. }
  274. response.JSONCreated(w, r, entry)
  275. }
  276. func (h *handler) importFeedEntryHandler(w http.ResponseWriter, r *http.Request) {
  277. userID := request.UserID(r)
  278. feedID := request.RouteInt64Param(r, "feedID")
  279. if feedID <= 0 {
  280. response.JSONBadRequest(w, r, errors.New("invalid feed ID"))
  281. return
  282. }
  283. if !h.store.FeedExists(userID, feedID) {
  284. response.JSONBadRequest(w, r, errors.New("feed does not exist"))
  285. return
  286. }
  287. var importRequest entryImportRequest
  288. if err := json_parser.NewDecoder(r.Body).Decode(&importRequest); err != nil {
  289. response.JSONBadRequest(w, r, err)
  290. return
  291. }
  292. if importRequest.URL == "" {
  293. response.JSONBadRequest(w, r, errors.New("url is required"))
  294. return
  295. }
  296. if importRequest.Status == "" {
  297. importRequest.Status = model.EntryStatusRead
  298. }
  299. if err := validator.ValidateEntryStatus(importRequest.Status); err != nil {
  300. response.JSONBadRequest(w, r, err)
  301. return
  302. }
  303. entry := model.NewEntry()
  304. entry.URL = importRequest.URL
  305. entry.CommentsURL = importRequest.CommentsURL
  306. entry.Author = importRequest.Author
  307. entry.Tags = importRequest.Tags
  308. if importRequest.PublishedAt > 0 {
  309. entry.Date = time.Unix(importRequest.PublishedAt, 0).UTC()
  310. } else {
  311. entry.Date = time.Now().UTC()
  312. }
  313. if importRequest.Title == "" {
  314. entry.Title = entry.URL
  315. } else {
  316. entry.Title = importRequest.Title
  317. }
  318. hashInput := importRequest.ExternalID
  319. if hashInput == "" {
  320. hashInput = importRequest.URL
  321. }
  322. entry.Hash = crypto.HashFromBytes([]byte(hashInput))
  323. user, err := h.store.UserByID(userID)
  324. if err != nil {
  325. response.JSONServerError(w, r, err)
  326. return
  327. }
  328. if user == nil {
  329. response.JSONNotFound(w, r)
  330. return
  331. }
  332. if importRequest.Content != "" {
  333. entry.Content = sanitizer.SanitizeHTML(entry.URL, importRequest.Content, &sanitizer.SanitizerOptions{OpenLinksInNewTab: user.OpenExternalLinksInNewTab})
  334. }
  335. if user.ShowReadingTime {
  336. entry.ReadingTime = readingtime.EstimateReadingTime(entry.Content, user.DefaultReadingSpeed, user.CJKReadingSpeed)
  337. }
  338. created, err := h.store.InsertEntryForFeed(userID, feedID, entry)
  339. if errors.Is(err, storage.ErrEntryTombstoned) {
  340. response.JSONBadRequest(w, r, err)
  341. return
  342. }
  343. if err != nil {
  344. response.JSONServerError(w, r, err)
  345. return
  346. }
  347. if err := h.store.SetEntriesStatus(userID, []int64{entry.ID}, importRequest.Status); err != nil {
  348. response.JSONServerError(w, r, err)
  349. return
  350. }
  351. entry.Status = importRequest.Status
  352. if importRequest.Starred {
  353. if err := h.store.SetEntriesStarredState(userID, []int64{entry.ID}, true); err != nil {
  354. response.JSONServerError(w, r, err)
  355. return
  356. }
  357. entry.Starred = true
  358. }
  359. if created {
  360. response.JSONCreated(w, r, entryIDResponse{ID: entry.ID})
  361. } else {
  362. response.JSON(w, r, entryIDResponse{ID: entry.ID})
  363. }
  364. }
  365. func (h *handler) fetchContentHandler(w http.ResponseWriter, r *http.Request) {
  366. loggedUserID := request.UserID(r)
  367. entryID := request.RouteInt64Param(r, "entryID")
  368. if entryID == 0 {
  369. response.JSONBadRequest(w, r, errors.New("invalid entry ID"))
  370. return
  371. }
  372. entry, err := h.store.NewEntryQueryBuilder(loggedUserID).
  373. WithEntryIDs(entryID).
  374. GetEntry()
  375. if err != nil {
  376. response.JSONServerError(w, r, err)
  377. return
  378. }
  379. if entry == nil {
  380. response.JSONNotFound(w, r)
  381. return
  382. }
  383. user, err := h.store.UserByID(loggedUserID)
  384. if err != nil {
  385. response.JSONServerError(w, r, err)
  386. return
  387. }
  388. if user == nil {
  389. response.JSONNotFound(w, r)
  390. return
  391. }
  392. feed, err := h.store.NewFeedQueryBuilder(loggedUserID).
  393. WithFeedID(entry.FeedID).
  394. GetFeed()
  395. if err != nil {
  396. response.JSONServerError(w, r, err)
  397. return
  398. }
  399. if feed == nil {
  400. response.JSONNotFound(w, r)
  401. return
  402. }
  403. if err := processor.ProcessEntryWebPage(feed, entry, user); err != nil {
  404. response.JSONServerError(w, r, err)
  405. return
  406. }
  407. shouldUpdateContent := request.QueryBoolParam(r, "update_content", false)
  408. if shouldUpdateContent {
  409. if err := h.store.UpdateEntryTitleAndContent(entry); err != nil {
  410. response.JSONServerError(w, r, err)
  411. return
  412. }
  413. }
  414. response.JSON(w, r, entryContentResponse{Content: mediaproxy.RewriteDocumentWithAbsoluteProxyURL(entry.Content), ReadingTime: entry.ReadingTime})
  415. }
  416. func (h *handler) getEntryIDsHandler(w http.ResponseWriter, r *http.Request) {
  417. if request.HasQueryParam(r, "starred") {
  418. starredValue := request.QueryStringParam(r, "starred", "")
  419. if starredValue != "true" && starredValue != "false" {
  420. response.JSONBadRequest(w, r, errors.New(`invalid starred parameter, must be "true" or "false"`))
  421. return
  422. }
  423. }
  424. if request.HasQueryParam(r, "status") {
  425. statusValue := request.QueryStringParam(r, "status", "")
  426. if statusValue != model.EntryStatusRead && statusValue != model.EntryStatusUnread {
  427. response.JSONBadRequest(w, r, errors.New(`invalid status parameter, must be "read" or "unread"`))
  428. return
  429. }
  430. }
  431. limit, offset := parseEntryIDsParams(r)
  432. builder := h.store.NewEntryQueryBuilder(request.UserID(r)).
  433. WithSorting("id", "DESC").
  434. WithLimitAndMaximum(limit, model.MaxEntryIDsLimit).
  435. WithOffset(offset)
  436. if request.HasQueryParam(r, "starred") {
  437. builder.WithStarred(request.QueryBoolParam(r, "starred", false))
  438. }
  439. if request.HasQueryParam(r, "status") {
  440. builder.WithStatuses(request.QueryStringParam(r, "status", ""))
  441. }
  442. entryIDs, total, err := builder.GetEntryIDsWithCount()
  443. if err != nil {
  444. response.JSONServerError(w, r, err)
  445. return
  446. }
  447. if entryIDs == nil {
  448. entryIDs = []int64{}
  449. }
  450. response.JSON(w, r, entryIDsResponse{Total: total, EntryIDs: entryIDs})
  451. }
  452. func (h *handler) flushHistoryHandler(w http.ResponseWriter, r *http.Request) {
  453. loggedUserID := request.UserID(r)
  454. go h.store.FlushHistory(loggedUserID)
  455. response.JSONAccepted(w, r)
  456. }
  457. func configureFilters(builder *storage.EntryQueryBuilder, r *http.Request) *storage.EntryQueryBuilder {
  458. if beforeEntryID := request.QueryInt64Param(r, "before_entry_id", 0); beforeEntryID > 0 {
  459. builder = builder.BeforeEntryID(beforeEntryID)
  460. }
  461. if afterEntryID := request.QueryInt64Param(r, "after_entry_id", 0); afterEntryID > 0 {
  462. builder = builder.AfterEntryID(afterEntryID)
  463. }
  464. if beforePublishedTimestamp := request.QueryInt64Param(r, "before", 0); beforePublishedTimestamp > 0 {
  465. builder = builder.BeforePublishedDate(time.Unix(beforePublishedTimestamp, 0))
  466. }
  467. if afterPublishedTimestamp := request.QueryInt64Param(r, "after", 0); afterPublishedTimestamp > 0 {
  468. builder = builder.AfterPublishedDate(time.Unix(afterPublishedTimestamp, 0))
  469. }
  470. if beforePublishedTimestamp := request.QueryInt64Param(r, "published_before", 0); beforePublishedTimestamp > 0 {
  471. builder = builder.BeforePublishedDate(time.Unix(beforePublishedTimestamp, 0))
  472. }
  473. if afterPublishedTimestamp := request.QueryInt64Param(r, "published_after", 0); afterPublishedTimestamp > 0 {
  474. builder = builder.AfterPublishedDate(time.Unix(afterPublishedTimestamp, 0))
  475. }
  476. if beforeChangedTimestamp := request.QueryInt64Param(r, "changed_before", 0); beforeChangedTimestamp > 0 {
  477. builder = builder.BeforeChangedDate(time.Unix(beforeChangedTimestamp, 0))
  478. }
  479. if afterChangedTimestamp := request.QueryInt64Param(r, "changed_after", 0); afterChangedTimestamp > 0 {
  480. builder = builder.AfterChangedDate(time.Unix(afterChangedTimestamp, 0))
  481. }
  482. if request.HasQueryParam(r, "starred") {
  483. starred, err := strconv.ParseBool(r.URL.Query().Get("starred"))
  484. if err == nil {
  485. builder = builder.WithStarred(starred)
  486. }
  487. }
  488. if searchQuery := request.QueryStringParam(r, "search", ""); searchQuery != "" {
  489. builder = builder.WithSearchQuery(searchQuery)
  490. }
  491. return builder
  492. }
  493. func parseEntryIDsParams(r *http.Request) (limit, offset int) {
  494. limit = request.QueryIntParam(r, "limit", model.MaxEntryIDsLimit)
  495. if limit <= 0 || limit > model.MaxEntryIDsLimit {
  496. limit = model.MaxEntryIDsLimit
  497. }
  498. offset = request.QueryIntParam(r, "offset", 0)
  499. return limit, offset
  500. }