Query string parameter 'type' is now enforced by the api

+ Flag is literally called 'type'

json-api/src/messages.rs

@@ -66,6 +66,8 @@ pub async fn send_message(pool: &Pool, response: &mut Response<Body>, body: Body
 
     // NOTE: auth module guarantees this will be there in the correct form
     let uid = qs_param!(params, "id", u64).unwrap();
+    let ctype = params.get("type");
+
     let permissions = match Member::get(pool, uid).await {
         Row(user) => user.permissions,
         _ => 0
@@ -82,17 +84,24 @@ pub async fn send_message(pool: &Pool, response: &mut Response<Body>, body: Body
     let content = String::from_utf8_lossy(body_bytes);
 
     // 400 on empty bodies or missing channel id's
-    if content.len() == 0 || channel_id.is_none() {
+    if content.len() == 0 || channel_id.is_none() || ctype.is_none() {
         *response.status_mut() = StatusCode::BAD_REQUEST;
     } else {
-        match db::Message::send(pool, &content, channel_id.unwrap(), uid).await {
-            Ok(Empty) => {}, // nothing to do hyper defaults to 200
-            Ok(RestrictedInput(_msg)) => *response.status_mut() = StatusCode::BAD_REQUEST,
-            Ok(Other(msg)) => {
-                eprintln!("{}", msg);
-                *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
-            },
-            _ => *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR
+        // block away wrong content types
+        const CONTENT_TYPES: [&'static str;7] = ["text", "png", "jpeg", "jpg", "webm", "mp3", "mp4"];
+        if CONTENT_TYPES.contains(&ctype.unwrap().as_str()) == false {
+            *response.status_mut() = StatusCode::BAD_REQUEST;
+        } 
+        else {
+            match db::Message::send(pool, &content, ctype.unwrap(), channel_id.unwrap(), uid).await {
+                Ok(Empty) => {/* TODO: put something here to notify the rtc server if its there*/},
+                Ok(RestrictedInput(_msg)) => *response.status_mut() = StatusCode::BAD_REQUEST,
+                Ok(Other(msg)) => {
+                    eprintln!("{}", msg);
+                    *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR;
+                },
+                _ => *response.status_mut() = StatusCode::INTERNAL_SERVER_ERROR
+            }
         }
     }
 }
@@ -117,14 +126,11 @@ pub async fn from_id(pool: &Pool, response: &mut Response<Body>, params: HashMap
             Ok(db_response) => {
                 match db_response {
                     db::Response::Set(messages) => {
-                        // NOTE this check is here because the db's check doesn't
-                        // correctly with async and caching and magic idfk its here
-                        // it works its correct and the cost is the same as putting
-                        // it in the db layer so whatever
+                        // *any* kind of empty response, even those from weird
+                        // parameters get 404's
                         if messages.len() == 0 {
                             *response.status_mut() = StatusCode::NOT_FOUND;
-                        }
-                        else {
+                        } else {
                             set_json_body(response, json!({"messages": messages}));
                         }
                     },