//! Write handlers — footnotes and endorsements. use axum::{ extract::Path, http::StatusCode, response::{IntoResponse, Redirect, Response}, Form, }; use crate::auth::MaybeUser; use crate::AppState; use super::super::{ check_community_access, check_user_post_rate, check_write_access, get_community, parse_uuid, validate_body, FootnoteForm, }; use super::posts::{resolve_and_render_mentions, MAX_FOOTNOTES_PER_POST}; // ============================================================================ // Footnote handler // ============================================================================ #[tracing::instrument(skip_all)] pub(in crate::routes) async fn add_footnote_handler( axum::extract::State(state): axum::extract::State, Path((slug, category_slug, thread_id_str, post_id_str)): Path<(String, String, String, String)>, MaybeUser(session_user): MaybeUser, Form(form): Form, ) -> Result { let user = session_user .ok_or_else(|| Redirect::to("/auth/login").into_response())?; let post_id = parse_uuid(&post_id_str)?; let post_data = mt_db::queries::get_post_for_edit(&state.db, post_id) .await .map_err(|e| { tracing::error!(error = ?e, "db error fetching post for footnote"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })? .ok_or_else(|| StatusCode::NOT_FOUND.into_response())?; // Only the post author can add footnotes if user.user_id != post_data.author_id { return Err(StatusCode::FORBIDDEN.into_response()); } // Cannot add footnotes to removed posts let removed: bool = sqlx::query_scalar("SELECT removed_at IS NOT NULL FROM posts WHERE id = $1") .bind(post_id) .fetch_one(&state.db) .await .map_err(|e| { tracing::error!(error = ?e, "db error checking removal status"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; if removed { return Err(StatusCode::FORBIDDEN.into_response()); } // Cap footnotes per post let footnote_count = mt_db::queries::count_footnotes_for_post(&state.db, post_id) .await .map_err(|e| { tracing::error!(error = ?e, "db error counting footnotes"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; if footnote_count >= MAX_FOOTNOTES_PER_POST as i64 { return Err(( StatusCode::UNPROCESSABLE_ENTITY, "Maximum footnotes reached for this post.", ) .into_response()); } // Check write access (suspension + ban + mute) let community = get_community(&state.db, &slug).await?; check_write_access(&state.db, community.id, user.user_id, community.suspended_at.is_some()).await?; mt_db::mutations::ensure_membership(&state.db, user.user_id, community.id) .await .map_err(|e| { tracing::error!(error = ?e, "db error ensuring membership"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; check_user_post_rate(&state.db, user.user_id).await?; let body = validate_body(&form.body, 65536, "Footnote")?; let (body_html, _mention_ids) = resolve_and_render_mentions( &state.db, body, community.id, &slug, user.user_id, ).await?; mt_db::mutations::insert_footnote(&state.db, post_id, user.user_id, body, &body_html) .await .map_err(|e| { tracing::error!(error = ?e, "db error inserting footnote"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; Ok(Redirect::to(&format!( "/p/{slug}/{category_slug}/{thread_id_str}?toast=Footnote+added" ))) } // ============================================================================ // Endorsement handler // ============================================================================ #[tracing::instrument(skip_all)] pub(in crate::routes) async fn toggle_endorsement_handler( axum::extract::State(state): axum::extract::State, Path((slug, category_slug, thread_id_str, post_id_str)): Path<(String, String, String, String)>, MaybeUser(session_user): MaybeUser, ) -> Result { let user = session_user .ok_or_else(|| Redirect::to("/auth/login").into_response())?; let post_id = parse_uuid(&post_id_str)?; let post_data = mt_db::queries::get_post_for_edit(&state.db, post_id) .await .map_err(|e| { tracing::error!(error = ?e, "db error fetching post for endorsement"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })? .ok_or_else(|| StatusCode::NOT_FOUND.into_response())?; // Cannot endorse own post if user.user_id == post_data.author_id { return Err(StatusCode::FORBIDDEN.into_response()); } // Cannot endorse a removed post let removed: bool = sqlx::query_scalar("SELECT removed_at IS NOT NULL FROM posts WHERE id = $1") .bind(post_id) .fetch_one(&state.db) .await .map_err(|e| { tracing::error!(error = ?e, "db error checking removal status"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; if removed { return Err(StatusCode::FORBIDDEN.into_response()); } // Check community access (suspension + ban) — no mute check since endorsing is not content let community = get_community(&state.db, &slug).await?; check_community_access(&state.db, &community, Some(user.user_id)).await?; // Check platform suspension let suspended = mt_db::queries::is_user_suspended(&state.db, user.user_id) .await .map_err(|e| { tracing::error!(error = ?e, "db error checking user suspension"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; if suspended { return Err((StatusCode::FORBIDDEN, "Your account has been suspended.").into_response()); } mt_db::mutations::toggle_endorsement(&state.db, post_id, user.user_id) .await .map_err(|e| { tracing::error!(error = ?e, "db error toggling endorsement"); StatusCode::INTERNAL_SERVER_ERROR.into_response() })?; Ok(Redirect::to(&format!( "/p/{slug}/{category_slug}/{thread_id_str}#post-{post_id_str}" ))) }