Add character limit and check validation of messages in Chat

2024-01-16 00:46:18 -06:00 · 2024-01-16 00:46:18 -06:00 · 89f396ff23
commit 89f396ff23
parent 995ff88c87
7 changed files with 43 additions and 10 deletions
--- a/chat_box/views.py
+++ b/chat_box/views.py
@ -174,9 +174,37 @@ def mute_message(request):
    return JsonResponse(ret)


+def check_valid_message(request, room):
+    if not room and len(request.POST["body"]) > 200:
+        return False
+
+    if not can_access_room(request, room) or request.profile.mute:
+        return False
+
+    try:
+        last_msg_all = Message.objects.filter(room=room).latest("time")
+    except Message.DoesNotExist:
+        last_msg_all = None
+
+    if last_msg_all and last_msg_all.body == request.POST["body"].strip():
+        return False
+
+    if not room:
+        four_last_msg = Message.objects.filter(
+            author=request.profile, room=room
+        ).order_by("-time")[:4]
+        if len(four_last_msg) >= 4:
+            time_diff = timezone.now() - four_last_msg[3].time
+            if time_diff.total_seconds() < 15:
+                return False
+
+    return True
+
+
@login_required
 def post_message(request):
    ret = {"msg": "posted"}
+
    if request.method != "POST":
        return HttpResponseBadRequest()
    if len(request.POST["body"]) > 5000:
@ -186,7 +214,7 @@ def post_message(request):
    if request.POST["room"]:
        room = Room.objects.get(id=request.POST["room"])

-    if not can_access_room(request, room) or request.profile.mute:
+    if not check_valid_message(request, room):
        return HttpResponseBadRequest()

    new_message = Message(author=request.profile, body=request.POST["body"], room=room)
@ -229,9 +257,7 @@ def post_message(request):


 def can_access_room(request, room):
-    return (
-        not room or room.user_one == request.profile or room.user_two == request.profile
-    )
+    return not room or room.contain(request.profile)


@login_required
@ -247,7 +273,7 @@ def chat_message_ajax(request):
    try:
        message = Message.objects.filter(hidden=False).get(id=message_id)
        room = message.room
-        if room and not room.contain(request.profile):
+        if not can_access_room(request, room):
            return HttpResponse("Unauthorized", status=401)
    except Message.DoesNotExist:
        return HttpResponseBadRequest()
@ -278,7 +304,7 @@ def update_last_seen(request, **kwargs):
    except Room.DoesNotExist:
        return HttpResponseBadRequest()

-    if room and not room.contain(profile):
+    if not can_access_room(request, room):
        return HttpResponseBadRequest()

    user_room, _ = UserRoom.objects.get_or_create(user=profile, room=room)