From e7a54a5affd40f92f788f46ab64033d14860959a Mon Sep 17 00:00:00 2001 From: Vincent Ambo Date: Thu, 12 Apr 2018 01:07:25 +0200 Subject: feat(handler): Perform basic input validation on new thread view --- src/handlers.rs | 19 +++++++++++++++++-- 1 file changed, 17 insertions(+), 2 deletions(-) (limited to 'src/handlers.rs') diff --git a/src/handlers.rs b/src/handlers.rs index 43e45d925463..0848740bc10b 100644 --- a/src/handlers.rs +++ b/src/handlers.rs @@ -59,7 +59,7 @@ pub fn forum_thread(state: State, thread_id: Path) -> ConverseRes /// This handler presents the user with the "New Thread" form. pub fn new_thread(state: State) -> ConverseResponse { - state.renderer.send(NewThreadPage).flatten() + state.renderer.send(NewThreadPage::default()).flatten() .map(|res| HttpResponse::Ok().content_type(HTML).body(res)) .responder() } @@ -70,11 +70,26 @@ pub struct NewThreadForm { pub body: String, } +const NEW_THREAD_LENGTH_ERR: &'static str = "Title and body can not be empty!"; + /// This handler receives a "New thread"-form and redirects the user /// to the new thread after creation. pub fn submit_thread(state: State, input: Form, mut req: HttpRequest) -> ConverseResponse { + // Perform simple validation and abort here if it fails: + if input.0.title.is_empty() || input.0.body.is_empty() { + return state.renderer + .send(NewThreadPage { + alerts: vec![NEW_THREAD_LENGTH_ERR], + title: Some(input.0.title), + body: Some(input.0.body), + }) + .flatten() + .map(|res| HttpResponse::Ok().content_type(HTML).body(res)) + .responder(); + } + // Author is "unwrapped" because the RequireLogin middleware // guarantees it to be present. let author: Author = req.session().get(AUTHOR).unwrap().unwrap(); @@ -158,7 +173,7 @@ pub fn callback(state: State, } -/// Middleware used to enforce logins unceremonially. +/// Middleware used to enforce logins unceremoniously. pub struct RequireLogin; impl Middleware for RequireLogin { -- cgit 1.4.1